Sep 21 07:33:26.513238: FIPS Product: YES Sep 21 07:33:26.513274: FIPS Kernel: NO Sep 21 07:33:26.513277: FIPS Mode: NO Sep 21 07:33:26.513279: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:33:26.513427: Initializing NSS Sep 21 07:33:26.513432: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:33:26.556150: NSS initialized Sep 21 07:33:26.556159: NSS crypto library initialized Sep 21 07:33:26.556161: FIPS HMAC integrity support [enabled] Sep 21 07:33:26.556163: FIPS mode disabled for pluto daemon Sep 21 07:33:26.618608: FIPS HMAC integrity verification self-test FAILED Sep 21 07:33:26.618716: libcap-ng support [enabled] Sep 21 07:33:26.618727: Linux audit support [enabled] Sep 21 07:33:26.618748: Linux audit activated Sep 21 07:33:26.618754: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19913 Sep 21 07:33:26.618756: core dump dir: /tmp Sep 21 07:33:26.618757: secrets file: /etc/ipsec.secrets Sep 21 07:33:26.618759: leak-detective disabled Sep 21 07:33:26.618760: NSS crypto [enabled] Sep 21 07:33:26.618761: XAUTH PAM support [enabled] Sep 21 07:33:26.618826: | libevent is using pluto's memory allocator Sep 21 07:33:26.618833: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:33:26.618844: | libevent_malloc: new ptr-libevent@0x557db45725d0 size 40 Sep 21 07:33:26.618846: | libevent_malloc: new ptr-libevent@0x557db4572600 size 40 Sep 21 07:33:26.618848: | libevent_malloc: new ptr-libevent@0x557db4573df0 size 40 Sep 21 07:33:26.618850: | creating event base Sep 21 07:33:26.618851: | libevent_malloc: new ptr-libevent@0x557db4573db0 size 56 Sep 21 07:33:26.618854: | libevent_malloc: new ptr-libevent@0x557db4573e20 size 664 Sep 21 07:33:26.618864: | libevent_malloc: new ptr-libevent@0x557db45740c0 size 24 Sep 21 07:33:26.618869: | libevent_malloc: new ptr-libevent@0x557db452d670 size 384 Sep 21 07:33:26.618876: | libevent_malloc: new ptr-libevent@0x557db45740e0 size 16 Sep 21 07:33:26.618878: | libevent_malloc: new ptr-libevent@0x557db4574100 size 40 Sep 21 07:33:26.618879: | libevent_malloc: new ptr-libevent@0x557db4574130 size 48 Sep 21 07:33:26.618883: | libevent_realloc: new ptr-libevent@0x557db4574170 size 256 Sep 21 07:33:26.618885: | libevent_malloc: new ptr-libevent@0x557db4574280 size 16 Sep 21 07:33:26.618890: | libevent_free: release ptr-libevent@0x557db4573db0 Sep 21 07:33:26.618892: | libevent initialized Sep 21 07:33:26.618895: | libevent_realloc: new ptr-libevent@0x557db45742a0 size 64 Sep 21 07:33:26.618897: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:33:26.618908: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:33:26.618910: NAT-Traversal support [enabled] Sep 21 07:33:26.618912: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:33:26.618920: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:33:26.618925: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:33:26.618960: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:33:26.618964: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:33:26.618967: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:33:26.619020: Encryption algorithms: Sep 21 07:33:26.619030: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:33:26.619035: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:33:26.619038: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:33:26.619041: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:33:26.619045: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:33:26.619052: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:33:26.619056: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:33:26.619060: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:33:26.619064: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:33:26.619067: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:33:26.619070: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:33:26.619074: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:33:26.619078: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:33:26.619082: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:33:26.619086: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:33:26.619088: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:33:26.619092: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:33:26.619099: Hash algorithms: Sep 21 07:33:26.619102: MD5 IKEv1: IKE IKEv2: Sep 21 07:33:26.619105: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:33:26.619108: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:33:26.619111: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:33:26.619114: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:33:26.619128: PRF algorithms: Sep 21 07:33:26.619131: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:33:26.619134: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:33:26.619137: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:33:26.619141: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:33:26.619144: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:33:26.619147: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:33:26.619173: Integrity algorithms: Sep 21 07:33:26.619177: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:33:26.619181: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:33:26.619185: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:33:26.619189: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:33:26.619194: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:33:26.619196: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:33:26.619200: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:33:26.619203: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:33:26.619206: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:33:26.619218: DH algorithms: Sep 21 07:33:26.619222: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:33:26.619225: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:33:26.619228: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:33:26.619234: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:33:26.619237: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:33:26.619240: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:33:26.619243: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:33:26.619246: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:33:26.619249: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:33:26.619253: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:33:26.619255: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:33:26.619258: testing CAMELLIA_CBC: Sep 21 07:33:26.619261: Camellia: 16 bytes with 128-bit key Sep 21 07:33:26.619391: Camellia: 16 bytes with 128-bit key Sep 21 07:33:26.619422: Camellia: 16 bytes with 256-bit key Sep 21 07:33:26.619452: Camellia: 16 bytes with 256-bit key Sep 21 07:33:26.619482: testing AES_GCM_16: Sep 21 07:33:26.619486: empty string Sep 21 07:33:26.619515: one block Sep 21 07:33:26.619542: two blocks Sep 21 07:33:26.619570: two blocks with associated data Sep 21 07:33:26.619600: testing AES_CTR: Sep 21 07:33:26.619604: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:33:26.619632: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:33:26.619662: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:33:26.619690: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:33:26.619716: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:33:26.619743: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:33:26.619762: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:33:26.619778: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:33:26.619801: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:33:26.619821: testing AES_CBC: Sep 21 07:33:26.619823: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:33:26.619842: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.619860: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.619878: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.619899: testing AES_XCBC: Sep 21 07:33:26.619900: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:33:26.619975: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:33:26.620053: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:33:26.620129: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:33:26.620205: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:33:26.620280: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:33:26.620359: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:33:26.620526: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:33:26.620603: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:33:26.620685: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:33:26.620835: testing HMAC_MD5: Sep 21 07:33:26.620839: RFC 2104: MD5_HMAC test 1 Sep 21 07:33:26.620946: RFC 2104: MD5_HMAC test 2 Sep 21 07:33:26.621039: RFC 2104: MD5_HMAC test 3 Sep 21 07:33:26.621152: 8 CPU cores online Sep 21 07:33:26.621154: starting up 7 crypto helpers Sep 21 07:33:26.621181: started thread for crypto helper 0 Sep 21 07:33:26.621187: | starting up helper thread 0 Sep 21 07:33:26.621198: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:33:26.621200: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.621203: started thread for crypto helper 1 Sep 21 07:33:26.621207: | starting up helper thread 1 Sep 21 07:33:26.621217: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:33:26.621218: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:26.621227: started thread for crypto helper 2 Sep 21 07:33:26.621232: | starting up helper thread 2 Sep 21 07:33:26.621255: started thread for crypto helper 3 Sep 21 07:33:26.621256: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:33:26.621275: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:26.621282: | starting up helper thread 3 Sep 21 07:33:26.621297: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:33:26.621299: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:26.621285: started thread for crypto helper 4 Sep 21 07:33:26.621288: | starting up helper thread 4 Sep 21 07:33:26.621359: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:33:26.621362: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:26.621379: started thread for crypto helper 5 Sep 21 07:33:26.621397: started thread for crypto helper 6 Sep 21 07:33:26.621400: | checking IKEv1 state table Sep 21 07:33:26.621418: | starting up helper thread 6 Sep 21 07:33:26.621423: | starting up helper thread 5 Sep 21 07:33:26.621419: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621426: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:33:26.621432: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:33:26.621435: | crypto helper 6 waiting (nothing to do) Sep 21 07:33:26.621436: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621431: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:33:26.621440: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:33:26.621444: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:26.621449: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:33:26.621455: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:33:26.621456: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.621458: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.621472: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:33:26.621474: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:33:26.621475: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.621476: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.621478: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:33:26.621479: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.621480: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.621482: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:26.621483: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:33:26.621485: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.621486: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.621487: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:26.621489: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:33:26.621490: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621492: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:33:26.621493: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621495: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621496: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:33:26.621498: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621499: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:26.621500: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:26.621502: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:33:26.621503: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:26.621504: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:26.621506: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:33:26.621507: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621509: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.621510: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621512: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:33:26.621516: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:33:26.621518: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:33:26.621519: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:33:26.621521: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:33:26.621522: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:33:26.621524: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:33:26.621525: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621527: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:33:26.621528: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621530: | INFO: category: informational flags: 0: Sep 21 07:33:26.621531: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621532: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:33:26.621534: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621535: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:33:26.621537: | -> XAUTH_R1 EVENT_NULL Sep 21 07:33:26.621538: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:33:26.621540: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.621541: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:33:26.621543: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:33:26.621544: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:33:26.621546: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:33:26.621547: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.621548: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.621550: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:33:26.621551: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.621553: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.621554: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:33:26.621556: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:33:26.621557: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:33:26.621562: | checking IKEv2 state table Sep 21 07:33:26.621566: | PARENT_I0: category: ignore flags: 0: Sep 21 07:33:26.621568: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:33:26.621570: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621572: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:33:26.621573: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:33:26.621575: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:33:26.621577: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:33:26.621578: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:33:26.621580: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:33:26.621581: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:33:26.621583: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:33:26.621585: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:33:26.621586: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:33:26.621588: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:33:26.621589: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:33:26.621591: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:33:26.621592: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621594: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:33:26.621595: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.621597: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:33:26.621598: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:33:26.621600: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.621603: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:33:26.621605: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:33:26.621606: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:33:26.621607: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:33:26.621609: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.621611: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:33:26.621612: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:33:26.621614: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:33:26.621615: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.621617: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:26.621619: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:33:26.621620: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:33:26.621622: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.621623: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:33:26.621625: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:33:26.621627: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:33:26.621628: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:33:26.621630: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:33:26.621631: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:26.621633: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:33:26.621635: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:33:26.621636: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:33:26.621638: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:33:26.621639: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:33:26.621641: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:33:26.621685: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:33:26.621732: | Hard-wiring algorithms Sep 21 07:33:26.621735: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:33:26.621737: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:33:26.621739: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:33:26.621740: | adding 3DES_CBC to kernel algorithm db Sep 21 07:33:26.621741: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:33:26.621743: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:33:26.621744: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:33:26.621746: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:33:26.621747: | adding AES_CTR to kernel algorithm db Sep 21 07:33:26.621748: | adding AES_CBC to kernel algorithm db Sep 21 07:33:26.621750: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:33:26.621751: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:33:26.621753: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:33:26.621754: | adding NULL to kernel algorithm db Sep 21 07:33:26.621755: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:33:26.621757: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:33:26.621758: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:33:26.621760: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:33:26.621761: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:33:26.621763: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:33:26.621764: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:33:26.621766: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:33:26.621767: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:33:26.621769: | adding NONE to kernel algorithm db Sep 21 07:33:26.621803: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:33:26.621810: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:33:26.621812: | setup kernel fd callback Sep 21 07:33:26.621814: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x557db457ea60 Sep 21 07:33:26.621816: | libevent_malloc: new ptr-libevent@0x557db4585a30 size 128 Sep 21 07:33:26.621818: | libevent_malloc: new ptr-libevent@0x557db457e9c0 size 16 Sep 21 07:33:26.621823: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x557db4578f10 Sep 21 07:33:26.621824: | libevent_malloc: new ptr-libevent@0x557db4585ac0 size 128 Sep 21 07:33:26.621826: | libevent_malloc: new ptr-libevent@0x557db457e9a0 size 16 Sep 21 07:33:26.621974: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:33:26.621981: selinux support is enabled. Sep 21 07:33:26.622044: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:33:26.622167: | unbound context created - setting debug level to 5 Sep 21 07:33:26.622188: | /etc/hosts lookups activated Sep 21 07:33:26.622201: | /etc/resolv.conf usage activated Sep 21 07:33:26.622233: | outgoing-port-avoid set 0-65535 Sep 21 07:33:26.622247: | outgoing-port-permit set 32768-60999 Sep 21 07:33:26.622249: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:33:26.622251: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:33:26.622253: | Setting up events, loop start Sep 21 07:33:26.622255: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x557db4578cd0 Sep 21 07:33:26.622257: | libevent_malloc: new ptr-libevent@0x557db4590040 size 128 Sep 21 07:33:26.622259: | libevent_malloc: new ptr-libevent@0x557db45900d0 size 16 Sep 21 07:33:26.622263: | libevent_realloc: new ptr-libevent@0x557db45900f0 size 256 Sep 21 07:33:26.622264: | libevent_malloc: new ptr-libevent@0x557db4590200 size 8 Sep 21 07:33:26.622266: | libevent_realloc: new ptr-libevent@0x557db4584e30 size 144 Sep 21 07:33:26.622268: | libevent_malloc: new ptr-libevent@0x557db4590220 size 152 Sep 21 07:33:26.622270: | libevent_malloc: new ptr-libevent@0x557db45902c0 size 16 Sep 21 07:33:26.622273: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:33:26.622274: | libevent_malloc: new ptr-libevent@0x557db45902e0 size 8 Sep 21 07:33:26.622276: | libevent_malloc: new ptr-libevent@0x557db4590300 size 152 Sep 21 07:33:26.622278: | signal event handler PLUTO_SIGTERM installed Sep 21 07:33:26.622279: | libevent_malloc: new ptr-libevent@0x557db45903a0 size 8 Sep 21 07:33:26.622281: | libevent_malloc: new ptr-libevent@0x557db45903c0 size 152 Sep 21 07:33:26.622282: | signal event handler PLUTO_SIGHUP installed Sep 21 07:33:26.622284: | libevent_malloc: new ptr-libevent@0x557db4590460 size 8 Sep 21 07:33:26.622285: | libevent_realloc: release ptr-libevent@0x557db4584e30 Sep 21 07:33:26.622287: | libevent_realloc: new ptr-libevent@0x557db4590480 size 256 Sep 21 07:33:26.622289: | libevent_malloc: new ptr-libevent@0x557db4584e30 size 152 Sep 21 07:33:26.622290: | signal event handler PLUTO_SIGSYS installed Sep 21 07:33:26.622581: | created addconn helper (pid:19986) using fork+execve Sep 21 07:33:26.622594: | forked child 19986 Sep 21 07:33:26.622636: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.622675: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:26.622684: listening for IKE messages Sep 21 07:33:26.622715: | Inspecting interface lo Sep 21 07:33:26.622720: | found lo with address 127.0.0.1 Sep 21 07:33:26.622722: | Inspecting interface eth0 Sep 21 07:33:26.622725: | found eth0 with address 192.0.3.254 Sep 21 07:33:26.622728: | Inspecting interface eth1 Sep 21 07:33:26.622731: | found eth1 with address 192.1.3.33 Sep 21 07:33:26.622768: Kernel supports NIC esp-hw-offload Sep 21 07:33:26.622776: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:33:26.622802: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.622810: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.622825: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:33:26.622848: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:33:26.622868: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.622870: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.622873: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:33:26.622893: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:33:26.622911: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.622914: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.622916: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:33:26.622956: | no interfaces to sort Sep 21 07:33:26.622959: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:33:26.622965: | add_fd_read_event_handler: new ethX-pe@0x557db4579dd0 Sep 21 07:33:26.622967: | libevent_malloc: new ptr-libevent@0x557db4590860 size 128 Sep 21 07:33:26.622969: | libevent_malloc: new ptr-libevent@0x557db45908f0 size 16 Sep 21 07:33:26.622973: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:26.622974: | add_fd_read_event_handler: new ethX-pe@0x557db4590910 Sep 21 07:33:26.622976: | libevent_malloc: new ptr-libevent@0x557db4590950 size 128 Sep 21 07:33:26.622977: | libevent_malloc: new ptr-libevent@0x557db45909e0 size 16 Sep 21 07:33:26.622980: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:26.622981: | add_fd_read_event_handler: new ethX-pe@0x557db4590a00 Sep 21 07:33:26.622983: | libevent_malloc: new ptr-libevent@0x557db4590a40 size 128 Sep 21 07:33:26.622984: | libevent_malloc: new ptr-libevent@0x557db4590ad0 size 16 Sep 21 07:33:26.622987: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:33:26.622989: | add_fd_read_event_handler: new ethX-pe@0x557db4590af0 Sep 21 07:33:26.622990: | libevent_malloc: new ptr-libevent@0x557db4590b30 size 128 Sep 21 07:33:26.622992: | libevent_malloc: new ptr-libevent@0x557db4590bc0 size 16 Sep 21 07:33:26.622994: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:33:26.622996: | add_fd_read_event_handler: new ethX-pe@0x557db4590be0 Sep 21 07:33:26.622997: | libevent_malloc: new ptr-libevent@0x557db4590c20 size 128 Sep 21 07:33:26.622999: | libevent_malloc: new ptr-libevent@0x557db4590cb0 size 16 Sep 21 07:33:26.623001: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:33:26.623003: | add_fd_read_event_handler: new ethX-pe@0x557db4590cd0 Sep 21 07:33:26.623004: | libevent_malloc: new ptr-libevent@0x557db4590d10 size 128 Sep 21 07:33:26.623006: | libevent_malloc: new ptr-libevent@0x557db4590da0 size 16 Sep 21 07:33:26.623008: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:33:26.623012: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:26.623014: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:26.623028: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:26.623042: | saving Modulus Sep 21 07:33:26.623045: | saving PublicExponent Sep 21 07:33:26.623047: | ignoring PrivateExponent Sep 21 07:33:26.623049: | ignoring Prime1 Sep 21 07:33:26.623051: | ignoring Prime2 Sep 21 07:33:26.623053: | ignoring Exponent1 Sep 21 07:33:26.623054: | ignoring Exponent2 Sep 21 07:33:26.623056: | ignoring Coefficient Sep 21 07:33:26.623058: | ignoring CKAIDNSS Sep 21 07:33:26.623107: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:33:26.623109: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:33:26.623112: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:33:26.623117: | certs and keys locked by 'process_secret' Sep 21 07:33:26.623122: | certs and keys unlocked by 'process_secret' Sep 21 07:33:26.623126: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:26.623132: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.623154: | spent 0.514 milliseconds in whack Sep 21 07:33:26.670837: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.670857: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:26.670862: listening for IKE messages Sep 21 07:33:26.670897: | Inspecting interface lo Sep 21 07:33:26.670903: | found lo with address 127.0.0.1 Sep 21 07:33:26.670906: | Inspecting interface eth0 Sep 21 07:33:26.670910: | found eth0 with address 192.0.3.254 Sep 21 07:33:26.670913: | Inspecting interface eth1 Sep 21 07:33:26.670917: | found eth1 with address 192.1.3.33 Sep 21 07:33:26.670971: | no interfaces to sort Sep 21 07:33:26.670981: | libevent_free: release ptr-libevent@0x557db4590860 Sep 21 07:33:26.670984: | free_event_entry: release EVENT_NULL-pe@0x557db4579dd0 Sep 21 07:33:26.670987: | add_fd_read_event_handler: new ethX-pe@0x557db4579dd0 Sep 21 07:33:26.670990: | libevent_malloc: new ptr-libevent@0x557db4590860 size 128 Sep 21 07:33:26.670998: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:26.671002: | libevent_free: release ptr-libevent@0x557db4590950 Sep 21 07:33:26.671004: | free_event_entry: release EVENT_NULL-pe@0x557db4590910 Sep 21 07:33:26.671007: | add_fd_read_event_handler: new ethX-pe@0x557db4590910 Sep 21 07:33:26.671010: | libevent_malloc: new ptr-libevent@0x557db4590950 size 128 Sep 21 07:33:26.671015: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:26.671018: | libevent_free: release ptr-libevent@0x557db4590a40 Sep 21 07:33:26.671021: | free_event_entry: release EVENT_NULL-pe@0x557db4590a00 Sep 21 07:33:26.671024: | add_fd_read_event_handler: new ethX-pe@0x557db4590a00 Sep 21 07:33:26.671026: | libevent_malloc: new ptr-libevent@0x557db4590a40 size 128 Sep 21 07:33:26.671031: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:33:26.671036: | libevent_free: release ptr-libevent@0x557db4590b30 Sep 21 07:33:26.671038: | free_event_entry: release EVENT_NULL-pe@0x557db4590af0 Sep 21 07:33:26.671041: | add_fd_read_event_handler: new ethX-pe@0x557db4590af0 Sep 21 07:33:26.671043: | libevent_malloc: new ptr-libevent@0x557db4590b30 size 128 Sep 21 07:33:26.671048: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:33:26.671052: | libevent_free: release ptr-libevent@0x557db4590c20 Sep 21 07:33:26.671055: | free_event_entry: release EVENT_NULL-pe@0x557db4590be0 Sep 21 07:33:26.671057: | add_fd_read_event_handler: new ethX-pe@0x557db4590be0 Sep 21 07:33:26.671060: | libevent_malloc: new ptr-libevent@0x557db4590c20 size 128 Sep 21 07:33:26.671064: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:33:26.671068: | libevent_free: release ptr-libevent@0x557db4590d10 Sep 21 07:33:26.671071: | free_event_entry: release EVENT_NULL-pe@0x557db4590cd0 Sep 21 07:33:26.671073: | add_fd_read_event_handler: new ethX-pe@0x557db4590cd0 Sep 21 07:33:26.671076: | libevent_malloc: new ptr-libevent@0x557db4590d10 size 128 Sep 21 07:33:26.671081: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:33:26.671084: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:26.671086: forgetting secrets Sep 21 07:33:26.671096: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:26.671110: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:26.671126: | saving Modulus Sep 21 07:33:26.671129: | saving PublicExponent Sep 21 07:33:26.671132: | ignoring PrivateExponent Sep 21 07:33:26.671135: | ignoring Prime1 Sep 21 07:33:26.671138: | ignoring Prime2 Sep 21 07:33:26.671142: | ignoring Exponent1 Sep 21 07:33:26.671145: | ignoring Exponent2 Sep 21 07:33:26.671148: | ignoring Coefficient Sep 21 07:33:26.671151: | ignoring CKAIDNSS Sep 21 07:33:26.671175: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:33:26.671178: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:33:26.671181: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:33:26.671188: | certs and keys locked by 'process_secret' Sep 21 07:33:26.671196: | certs and keys unlocked by 'process_secret' Sep 21 07:33:26.671202: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:26.671210: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.671218: | spent 0.388 milliseconds in whack Sep 21 07:33:26.671756: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.671766: | waitpid returned pid 19986 (exited with status 0) Sep 21 07:33:26.671770: | reaped addconn helper child (status 0) Sep 21 07:33:26.671773: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.671777: | spent 0.0128 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.729027: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.729046: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.729049: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.729052: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.729054: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.729058: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.729065: | Added new connection north-dpd/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.729068: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:26.729609: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.729622: | loading left certificate 'north' pubkey Sep 21 07:33:26.729734: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4595450 Sep 21 07:33:26.729739: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4595420 Sep 21 07:33:26.729741: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ab0 Sep 21 07:33:26.729877: | unreference key: 0x557db4591b60 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.730043: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:33:26.730048: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:33:26.730057: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:26.730635: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.730641: | loading right certificate 'east' pubkey Sep 21 07:33:26.730732: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db45974f0 Sep 21 07:33:26.730736: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4596390 Sep 21 07:33:26.730739: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ab0 Sep 21 07:33:26.730741: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ae0 Sep 21 07:33:26.730743: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591d70 Sep 21 07:33:26.730954: | unreference key: 0x557db45959c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731057: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:33:26.731068: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:26.731078: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:33:26.731080: | new hp@0x557db4595e00 Sep 21 07:33:26.731084: added connection description "north-dpd/0x1" Sep 21 07:33:26.731096: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.731133: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Sep 21 07:33:26.731148: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.731168: | spent 2.12 milliseconds in whack Sep 21 07:33:26.731244: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.731253: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.731256: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.731271: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.731273: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.731276: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.731295: | Added new connection north-dpd/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.731298: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:26.731396: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.731401: | loading left certificate 'north' pubkey Sep 21 07:33:26.731450: | unreference key: 0x557db4596b40 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731461: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db459b520 Sep 21 07:33:26.731464: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db45974f0 Sep 21 07:33:26.731466: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4596390 Sep 21 07:33:26.731509: | unreference key: 0x557db45960f0 @north.testing.libreswan.org cnt 1-- Sep 21 07:33:26.731552: | unreference key: 0x557db4596550 user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731599: | unreference key: 0x557db459c210 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731641: | secrets entry for north already exists Sep 21 07:33:26.731651: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:26.731727: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.731732: | loading right certificate 'east' pubkey Sep 21 07:33:26.731779: | unreference key: 0x557db459c150 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731808: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db459b520 Sep 21 07:33:26.731814: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db45974f0 Sep 21 07:33:26.731816: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4596390 Sep 21 07:33:26.731819: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ab0 Sep 21 07:33:26.731821: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ae0 Sep 21 07:33:26.731878: | unreference key: 0x557db459b340 192.1.2.23 cnt 1-- Sep 21 07:33:26.731921: | unreference key: 0x557db459b700 east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.731963: | unreference key: 0x557db459ba30 @east.testing.libreswan.org cnt 1-- Sep 21 07:33:26.732004: | unreference key: 0x557db459bd90 user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.732051: | unreference key: 0x557db459c4c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.732149: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:33:26.732163: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:26.732170: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:33:26.732174: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x557db4595e00: north-dpd/0x1 Sep 21 07:33:26.732177: added connection description "north-dpd/0x2" Sep 21 07:33:26.732186: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.732221: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Sep 21 07:33:26.732228: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.732233: | spent 0.992 milliseconds in whack Sep 21 07:33:26.847156: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.847181: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:33:26.847184: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.847188: initiating all conns with alias='north-dpd' Sep 21 07:33:26.847194: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.847200: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:26.847204: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:26.847208: | connection 'north-dpd/0x2' +POLICY_UP Sep 21 07:33:26.847212: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:26.847214: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:26.847246: | creating state object #1 at 0x557db459cf40 Sep 21 07:33:26.847249: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:33:26.847270: | pstats #1 ikev1.isakmp started Sep 21 07:33:26.847277: | suspend processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:26.847282: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:26.847286: | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Sep 21 07:33:26.847289: | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) Sep 21 07:33:26.847294: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #1 "north-dpd/0x2" Sep 21 07:33:26.847297: "north-dpd/0x2" #1: initiating Main Mode Sep 21 07:33:26.847345: | **emit ISAKMP Message: Sep 21 07:33:26.847348: | initiator cookie: Sep 21 07:33:26.847363: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.847365: | responder cookie: Sep 21 07:33:26.847367: | 00 00 00 00 00 00 00 00 Sep 21 07:33:26.847370: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.847373: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.847375: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.847378: | flags: none (0x0) Sep 21 07:33:26.847380: | Message ID: 0 (0x0) Sep 21 07:33:26.847383: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.847385: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:33:26.847389: | no specific IKE algorithms specified - using defaults Sep 21 07:33:26.847409: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847414: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847418: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847422: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847432: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847436: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847441: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847445: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847450: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.847454: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847458: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847463: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.847467: | oakley_alg_makedb() returning 0x557db459e140 Sep 21 07:33:26.847471: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.847474: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.847476: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.847479: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.847482: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.847485: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.847487: | ****emit IPsec DOI SIT: Sep 21 07:33:26.847490: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.847493: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:26.847495: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Sep 21 07:33:26.847498: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.847500: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.847503: | proposal number: 0 (0x0) Sep 21 07:33:26.847505: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.847507: | SPI size: 0 (0x0) Sep 21 07:33:26.847510: | number of transforms: 18 (0x12) Sep 21 07:33:26.847513: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.847515: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847518: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847520: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.847522: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847525: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847528: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847531: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847533: | length/value: 1 (0x1) Sep 21 07:33:26.847536: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847538: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847541: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847543: | length/value: 3600 (0xe10) Sep 21 07:33:26.847545: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847548: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847550: | length/value: 7 (0x7) Sep 21 07:33:26.847553: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847555: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847557: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847559: | length/value: 4 (0x4) Sep 21 07:33:26.847562: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.847564: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847566: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847569: | length/value: 3 (0x3) Sep 21 07:33:26.847571: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847573: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847577: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847579: | length/value: 14 (0xe) Sep 21 07:33:26.847582: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.847584: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847587: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.847589: | length/value: 256 (0x100) Sep 21 07:33:26.847591: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.847594: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847596: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847598: | ISAKMP transform number: 1 (0x1) Sep 21 07:33:26.847601: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847604: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847606: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847609: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847611: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847613: | length/value: 1 (0x1) Sep 21 07:33:26.847615: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847618: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847620: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847622: | length/value: 3600 (0xe10) Sep 21 07:33:26.847624: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847627: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847629: | length/value: 7 (0x7) Sep 21 07:33:26.847631: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847633: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847636: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847638: | length/value: 4 (0x4) Sep 21 07:33:26.847640: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.847642: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847645: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847647: | length/value: 3 (0x3) Sep 21 07:33:26.847649: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847651: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847654: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847656: | length/value: 14 (0xe) Sep 21 07:33:26.847658: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.847660: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847663: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.847665: | length/value: 128 (0x80) Sep 21 07:33:26.847667: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.847670: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847672: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847674: | ISAKMP transform number: 2 (0x2) Sep 21 07:33:26.847676: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847679: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847682: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847684: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847687: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847689: | length/value: 1 (0x1) Sep 21 07:33:26.847691: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847693: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847696: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847698: | length/value: 3600 (0xe10) Sep 21 07:33:26.847700: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847702: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847705: | length/value: 7 (0x7) Sep 21 07:33:26.847707: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847709: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847711: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847715: | length/value: 6 (0x6) Sep 21 07:33:26.847718: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.847720: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847722: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847724: | length/value: 3 (0x3) Sep 21 07:33:26.847727: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847729: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847731: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847733: | length/value: 14 (0xe) Sep 21 07:33:26.847736: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.847738: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847740: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.847742: | length/value: 256 (0x100) Sep 21 07:33:26.847745: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.847747: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847749: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847751: | ISAKMP transform number: 3 (0x3) Sep 21 07:33:26.847754: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847756: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847759: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847761: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847764: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847766: | length/value: 1 (0x1) Sep 21 07:33:26.847768: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847770: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847773: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847775: | length/value: 3600 (0xe10) Sep 21 07:33:26.847777: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847780: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847782: | length/value: 7 (0x7) Sep 21 07:33:26.847805: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847808: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847810: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847812: | length/value: 6 (0x6) Sep 21 07:33:26.847815: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.847817: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847819: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847822: | length/value: 3 (0x3) Sep 21 07:33:26.847824: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847826: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847829: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847843: | length/value: 14 (0xe) Sep 21 07:33:26.847846: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.847848: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847850: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.847852: | length/value: 128 (0x80) Sep 21 07:33:26.847855: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.847857: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847859: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847861: | ISAKMP transform number: 4 (0x4) Sep 21 07:33:26.847864: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847866: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847869: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847871: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847874: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847876: | length/value: 1 (0x1) Sep 21 07:33:26.847879: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847881: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847883: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847885: | length/value: 3600 (0xe10) Sep 21 07:33:26.847889: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847892: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847894: | length/value: 7 (0x7) Sep 21 07:33:26.847896: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847898: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847900: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847903: | length/value: 2 (0x2) Sep 21 07:33:26.847905: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.847907: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847909: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847912: | length/value: 3 (0x3) Sep 21 07:33:26.847914: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847916: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847918: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847921: | length/value: 14 (0xe) Sep 21 07:33:26.847923: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.847925: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847927: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.847930: | length/value: 256 (0x100) Sep 21 07:33:26.847932: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.847934: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.847937: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847939: | ISAKMP transform number: 5 (0x5) Sep 21 07:33:26.847941: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.847944: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.847947: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.847949: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847951: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.847953: | length/value: 1 (0x1) Sep 21 07:33:26.847956: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.847958: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847960: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.847962: | length/value: 3600 (0xe10) Sep 21 07:33:26.847965: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847967: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.847969: | length/value: 7 (0x7) Sep 21 07:33:26.847971: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.847974: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847976: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.847978: | length/value: 2 (0x2) Sep 21 07:33:26.847980: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.847983: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847985: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.847987: | length/value: 3 (0x3) Sep 21 07:33:26.847989: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.847992: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.847994: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.847996: | length/value: 14 (0xe) Sep 21 07:33:26.847998: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.848000: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848003: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848005: | length/value: 128 (0x80) Sep 21 07:33:26.848008: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848010: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848012: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848014: | ISAKMP transform number: 6 (0x6) Sep 21 07:33:26.848017: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848019: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848022: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848024: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848030: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848032: | length/value: 1 (0x1) Sep 21 07:33:26.848034: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848036: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848039: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848041: | length/value: 3600 (0xe10) Sep 21 07:33:26.848043: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848046: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848048: | length/value: 7 (0x7) Sep 21 07:33:26.848050: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848052: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848054: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848057: | length/value: 4 (0x4) Sep 21 07:33:26.848059: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.848061: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848063: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848065: | length/value: 3 (0x3) Sep 21 07:33:26.848068: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848070: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848072: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848074: | length/value: 5 (0x5) Sep 21 07:33:26.848077: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848079: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848081: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848084: | length/value: 256 (0x100) Sep 21 07:33:26.848086: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848088: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848090: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848093: | ISAKMP transform number: 7 (0x7) Sep 21 07:33:26.848095: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848098: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848100: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848103: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848105: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848107: | length/value: 1 (0x1) Sep 21 07:33:26.848109: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848112: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848114: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848116: | length/value: 3600 (0xe10) Sep 21 07:33:26.848119: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848121: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848123: | length/value: 7 (0x7) Sep 21 07:33:26.848125: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848127: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848130: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848132: | length/value: 4 (0x4) Sep 21 07:33:26.848134: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.848136: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848139: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848141: | length/value: 3 (0x3) Sep 21 07:33:26.848143: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848145: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848148: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848150: | length/value: 5 (0x5) Sep 21 07:33:26.848152: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848154: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848157: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848159: | length/value: 128 (0x80) Sep 21 07:33:26.848161: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848164: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848166: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848168: | ISAKMP transform number: 8 (0x8) Sep 21 07:33:26.848172: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848174: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848177: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848179: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848182: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848184: | length/value: 1 (0x1) Sep 21 07:33:26.848186: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848188: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848191: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848193: | length/value: 3600 (0xe10) Sep 21 07:33:26.848195: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848198: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848200: | length/value: 7 (0x7) Sep 21 07:33:26.848202: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848204: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848207: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848209: | length/value: 6 (0x6) Sep 21 07:33:26.848211: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.848213: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848216: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848218: | length/value: 3 (0x3) Sep 21 07:33:26.848220: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848222: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848225: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848227: | length/value: 5 (0x5) Sep 21 07:33:26.848229: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848231: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848233: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848236: | length/value: 256 (0x100) Sep 21 07:33:26.848238: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848240: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848243: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848245: | ISAKMP transform number: 9 (0x9) Sep 21 07:33:26.848247: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848250: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848252: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848255: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848257: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848260: | length/value: 1 (0x1) Sep 21 07:33:26.848262: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848264: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848266: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848269: | length/value: 3600 (0xe10) Sep 21 07:33:26.848271: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848273: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848276: | length/value: 7 (0x7) Sep 21 07:33:26.848278: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848280: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848282: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848285: | length/value: 6 (0x6) Sep 21 07:33:26.848287: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.848289: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848291: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848294: | length/value: 3 (0x3) Sep 21 07:33:26.848296: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848298: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848300: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848303: | length/value: 5 (0x5) Sep 21 07:33:26.848305: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848307: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848310: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848313: | length/value: 128 (0x80) Sep 21 07:33:26.848315: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848317: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848319: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848322: | ISAKMP transform number: 10 (0xa) Sep 21 07:33:26.848324: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848327: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848329: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848332: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848334: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848336: | length/value: 1 (0x1) Sep 21 07:33:26.848339: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848341: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848343: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848346: | length/value: 3600 (0xe10) Sep 21 07:33:26.848348: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848350: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848352: | length/value: 7 (0x7) Sep 21 07:33:26.848355: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848357: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848359: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848361: | length/value: 2 (0x2) Sep 21 07:33:26.848363: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.848366: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848368: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848370: | length/value: 3 (0x3) Sep 21 07:33:26.848372: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848374: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848377: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848379: | length/value: 5 (0x5) Sep 21 07:33:26.848381: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848383: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848386: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848388: | length/value: 256 (0x100) Sep 21 07:33:26.848390: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848393: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848395: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848397: | ISAKMP transform number: 11 (0xb) Sep 21 07:33:26.848400: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848402: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848405: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848407: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848409: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848412: | length/value: 1 (0x1) Sep 21 07:33:26.848414: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848416: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848419: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848421: | length/value: 3600 (0xe10) Sep 21 07:33:26.848423: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848425: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848428: | length/value: 7 (0x7) Sep 21 07:33:26.848430: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.848432: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848434: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848436: | length/value: 2 (0x2) Sep 21 07:33:26.848439: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.848441: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848443: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848447: | length/value: 3 (0x3) Sep 21 07:33:26.848449: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848451: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848453: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848456: | length/value: 5 (0x5) Sep 21 07:33:26.848458: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848460: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848463: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.848465: | length/value: 128 (0x80) Sep 21 07:33:26.848467: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.848469: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848472: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848474: | ISAKMP transform number: 12 (0xc) Sep 21 07:33:26.848476: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848479: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848481: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848484: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848486: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848488: | length/value: 1 (0x1) Sep 21 07:33:26.848490: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848493: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848495: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848497: | length/value: 3600 (0xe10) Sep 21 07:33:26.848500: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848502: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848504: | length/value: 5 (0x5) Sep 21 07:33:26.848506: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848509: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848511: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848513: | length/value: 4 (0x4) Sep 21 07:33:26.848515: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.848518: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848520: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848522: | length/value: 3 (0x3) Sep 21 07:33:26.848525: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848527: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848529: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848531: | length/value: 14 (0xe) Sep 21 07:33:26.848534: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.848536: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848538: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848540: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848543: | ISAKMP transform number: 13 (0xd) Sep 21 07:33:26.848545: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848548: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848550: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848553: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848555: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848557: | length/value: 1 (0x1) Sep 21 07:33:26.848559: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848562: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848564: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848566: | length/value: 3600 (0xe10) Sep 21 07:33:26.848569: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848571: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848573: | length/value: 5 (0x5) Sep 21 07:33:26.848575: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848578: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848580: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848583: | length/value: 6 (0x6) Sep 21 07:33:26.848586: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.848588: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848590: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848592: | length/value: 3 (0x3) Sep 21 07:33:26.848595: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848597: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848599: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848601: | length/value: 14 (0xe) Sep 21 07:33:26.848604: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.848606: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848608: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848610: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848613: | ISAKMP transform number: 14 (0xe) Sep 21 07:33:26.848615: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848618: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848620: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848623: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848625: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848627: | length/value: 1 (0x1) Sep 21 07:33:26.848629: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848632: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848634: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848636: | length/value: 3600 (0xe10) Sep 21 07:33:26.848638: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848641: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848643: | length/value: 5 (0x5) Sep 21 07:33:26.848645: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848647: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848650: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848652: | length/value: 2 (0x2) Sep 21 07:33:26.848654: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.848656: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848659: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848661: | length/value: 3 (0x3) Sep 21 07:33:26.848663: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848665: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848668: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848670: | length/value: 14 (0xe) Sep 21 07:33:26.848672: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.848674: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848677: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848679: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848681: | ISAKMP transform number: 15 (0xf) Sep 21 07:33:26.848683: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848686: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848689: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848691: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848693: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848696: | length/value: 1 (0x1) Sep 21 07:33:26.848698: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848700: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848702: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848705: | length/value: 3600 (0xe10) Sep 21 07:33:26.848707: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848709: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848712: | length/value: 5 (0x5) Sep 21 07:33:26.848714: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848717: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848719: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848722: | length/value: 4 (0x4) Sep 21 07:33:26.848724: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.848726: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848729: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848731: | length/value: 3 (0x3) Sep 21 07:33:26.848733: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848735: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848738: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848740: | length/value: 5 (0x5) Sep 21 07:33:26.848742: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848744: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848747: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848749: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848751: | ISAKMP transform number: 16 (0x10) Sep 21 07:33:26.848754: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848756: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848759: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848761: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848763: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848766: | length/value: 1 (0x1) Sep 21 07:33:26.848768: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848770: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848772: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848775: | length/value: 3600 (0xe10) Sep 21 07:33:26.848777: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848779: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848782: | length/value: 5 (0x5) Sep 21 07:33:26.848803: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848805: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848808: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848810: | length/value: 6 (0x6) Sep 21 07:33:26.848812: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.848814: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848829: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848831: | length/value: 3 (0x3) Sep 21 07:33:26.848834: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848836: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848838: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848840: | length/value: 5 (0x5) Sep 21 07:33:26.848843: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848845: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848847: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.848849: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.848852: | ISAKMP transform number: 17 (0x11) Sep 21 07:33:26.848854: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.848857: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.848859: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.848862: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848864: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.848866: | length/value: 1 (0x1) Sep 21 07:33:26.848868: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.848870: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848873: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.848875: | length/value: 3600 (0xe10) Sep 21 07:33:26.848878: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848880: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.848882: | length/value: 5 (0x5) Sep 21 07:33:26.848884: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.848887: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848890: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.848892: | length/value: 2 (0x2) Sep 21 07:33:26.848895: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.848897: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848899: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.848901: | length/value: 3 (0x3) Sep 21 07:33:26.848904: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.848906: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.848908: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.848910: | length/value: 5 (0x5) Sep 21 07:33:26.848913: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.848915: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.848917: | emitting length of ISAKMP Proposal Payload: 632 Sep 21 07:33:26.848920: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:33:26.848922: | emitting length of ISAKMP Security Association Payload: 644 Sep 21 07:33:26.848925: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.848929: | out_vid(): sending [FRAGMENTATION] Sep 21 07:33:26.848931: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.848933: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.848936: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.848939: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.848942: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.848945: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.848947: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:33:26.848950: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.848952: | out_vid(): sending [Dead Peer Detection] Sep 21 07:33:26.848954: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.848957: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.848959: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.848962: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.848964: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.848967: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:33:26.848969: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.848971: | nat add vid Sep 21 07:33:26.848973: | sending draft and RFC NATT VIDs Sep 21 07:33:26.848976: | out_vid(): sending [RFC 3947] Sep 21 07:33:26.848978: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.848980: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.848983: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.848986: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.848988: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.848991: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.848993: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.848995: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.848997: | skipping VID_NATT_RFC Sep 21 07:33:26.849000: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.849002: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849004: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849007: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.849011: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849013: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849016: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849018: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.849021: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849023: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.849025: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849028: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849030: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.849033: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849035: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849038: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849040: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 21 07:33:26.849042: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849045: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.849047: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849049: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849052: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849055: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849057: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849059: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.849062: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849064: | no IKEv1 message padding required Sep 21 07:33:26.849066: | emitting length of ISAKMP Message: 792 Sep 21 07:33:26.849081: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.849083: | 18 31 dd 30 0d 3e 37 d5 00 00 00 00 00 00 00 00 Sep 21 07:33:26.849085: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:26.849088: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:26.849090: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849092: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849094: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:26.849096: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:26.849098: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:26.849101: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:26.849103: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849105: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849107: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:26.849109: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849112: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849114: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:26.849116: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:26.849118: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:26.849120: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.849122: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849125: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849127: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.849130: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849133: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849135: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:26.849137: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:26.849139: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:26.849141: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:26.849143: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849146: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849148: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.849150: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849152: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849154: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849156: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849158: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849161: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849163: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849165: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849167: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849169: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849172: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849174: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849176: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:26.849178: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:26.849180: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:26.849182: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:26.849185: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.849187: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:26.849189: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:26.849191: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.849284: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596720 Sep 21 07:33:26.849290: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.849293: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.849299: | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.217548 Sep 21 07:33:26.849329: | #1 spent 2.04 milliseconds in main_outI1() Sep 21 07:33:26.849334: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:26.849338: | resume processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:26.849341: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:26.849345: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:26.849348: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:26.849351: | connection 'north-dpd/0x1' +POLICY_UP Sep 21 07:33:26.849354: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:26.849357: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:26.849362: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #1 "north-dpd/0x2" Sep 21 07:33:26.849366: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:26.849369: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:33:26.849372: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.849376: | spent 2.16 milliseconds in whack Sep 21 07:33:26.849917: | spent 0.00192 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.849938: | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.849941: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.849943: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:33:26.849945: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:33:26.849947: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849949: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849952: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:33:26.849954: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:33:26.849956: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:33:26.849958: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.849962: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.849965: | **parse ISAKMP Message: Sep 21 07:33:26.849967: | initiator cookie: Sep 21 07:33:26.849970: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.849972: | responder cookie: Sep 21 07:33:26.849974: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.849977: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.849979: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.849982: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.849984: | flags: none (0x0) Sep 21 07:33:26.849986: | Message ID: 0 (0x0) Sep 21 07:33:26.849988: | length: 144 (0x90) Sep 21 07:33:26.849991: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.849994: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:33:26.849997: | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) Sep 21 07:33:26.850001: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.850004: | #1 is idle Sep 21 07:33:26.850006: | #1 idle Sep 21 07:33:26.850009: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:33:26.850012: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.850014: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.850016: | length: 56 (0x38) Sep 21 07:33:26.850019: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.850021: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.850023: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.850026: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.850028: | length: 20 (0x14) Sep 21 07:33:26.850030: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.850033: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.850035: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.850037: | length: 20 (0x14) Sep 21 07:33:26.850040: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.850042: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.850044: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.850046: | length: 20 (0x14) Sep 21 07:33:26.850049: | message 'main_inR1_outI2' HASH payload not checked early Sep 21 07:33:26.850053: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:33:26.850056: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:33:26.850059: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:33:26.850061: | received Vendor ID payload [RFC 3947] Sep 21 07:33:26.850065: | ****parse IPsec DOI SIT: Sep 21 07:33:26.850067: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.850070: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.850072: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.850074: | length: 44 (0x2c) Sep 21 07:33:26.850076: | proposal number: 0 (0x0) Sep 21 07:33:26.850079: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.850081: | SPI size: 0 (0x0) Sep 21 07:33:26.850083: | number of transforms: 1 (0x1) Sep 21 07:33:26.850086: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.850089: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.850091: | length: 36 (0x24) Sep 21 07:33:26.850094: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.850096: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.850098: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850101: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.850103: | length/value: 1 (0x1) Sep 21 07:33:26.850106: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.850108: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850110: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.850113: | length/value: 3600 (0xe10) Sep 21 07:33:26.850115: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850118: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.850120: | length/value: 7 (0x7) Sep 21 07:33:26.850122: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.850125: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850127: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.850129: | length/value: 4 (0x4) Sep 21 07:33:26.850131: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.850134: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850136: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.850138: | length/value: 3 (0x3) Sep 21 07:33:26.850140: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.850143: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850145: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.850147: | length/value: 14 (0xe) Sep 21 07:33:26.850149: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.850152: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.850154: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.850156: | length/value: 256 (0x100) Sep 21 07:33:26.850159: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:33:26.850161: | Oakley Transform 0 accepted Sep 21 07:33:26.850164: | sender checking NAT-T: enabled; VID 117 Sep 21 07:33:26.850166: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:33:26.850169: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:33:26.850172: | adding outI2 KE work-order 1 for state #1 Sep 21 07:33:26.850175: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.850177: | #1 STATE_MAIN_I1: retransmits: cleared Sep 21 07:33:26.850180: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:33:26.850183: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596720 Sep 21 07:33:26.850186: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4596720 Sep 21 07:33:26.850189: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.850192: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.850199: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.850204: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.850206: | suspending state #1 and saving MD Sep 21 07:33:26.850209: | #1 is busy; has a suspended MD Sep 21 07:33:26.850213: | #1 spent 0.147 milliseconds in process_packet_tail() Sep 21 07:33:26.850217: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.850221: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.850224: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.850227: | spent 0.302 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.850236: | crypto helper 0 resuming Sep 21 07:33:26.850244: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:33:26.850248: | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 Sep 21 07:33:26.850856: | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000608 seconds Sep 21 07:33:26.850868: | (#1) spent 0.615 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) Sep 21 07:33:26.850870: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:33:26.850872: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.850874: | libevent_malloc: new ptr-libevent@0x7f0dc8006900 size 128 Sep 21 07:33:26.850880: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.850889: | processing resume sending helper answer for #1 Sep 21 07:33:26.850898: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.850902: | crypto helper 0 replies to request ID 1 Sep 21 07:33:26.850904: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.850907: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 Sep 21 07:33:26.850911: | **emit ISAKMP Message: Sep 21 07:33:26.850914: | initiator cookie: Sep 21 07:33:26.850916: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.850918: | responder cookie: Sep 21 07:33:26.850920: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.850923: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.850926: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.850928: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.850931: | flags: none (0x0) Sep 21 07:33:26.850933: | Message ID: 0 (0x0) Sep 21 07:33:26.850936: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.850939: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.850941: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.850944: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.850947: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.850950: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.850953: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.850955: | keyex value 62 c7 76 58 93 78 a3 90 b7 78 55 d6 12 dc ef 15 Sep 21 07:33:26.850958: | keyex value 19 ff f3 f0 00 48 40 c5 a5 a7 d8 cf 53 e9 ea ee Sep 21 07:33:26.850960: | keyex value b5 19 2e cd 6f 37 82 20 0b 26 92 5a 71 9d 74 4e Sep 21 07:33:26.850962: | keyex value e9 b2 92 a6 3c 99 a2 c5 b8 fe f6 5a 34 57 4c 31 Sep 21 07:33:26.850965: | keyex value 3f 0a 51 a2 72 57 a8 36 1e 59 04 b0 38 4f 5f 00 Sep 21 07:33:26.850967: | keyex value 29 a5 0a 16 a5 eb 50 8c 8a 03 50 17 a2 92 47 ce Sep 21 07:33:26.850969: | keyex value 8d b5 28 04 1f 6c b0 7d b7 da 5e 51 17 b7 c5 dd Sep 21 07:33:26.850972: | keyex value 93 88 76 a7 9f 4c d1 93 d9 d9 89 47 4a eb 1d 6c Sep 21 07:33:26.850974: | keyex value 00 ea 34 0d d7 82 5e 37 d1 a2 26 fa d3 48 7a 97 Sep 21 07:33:26.850976: | keyex value ce 94 9e 56 dd ef dc 3f 2b e4 d5 68 54 88 77 e5 Sep 21 07:33:26.850978: | keyex value 16 d0 8c 06 9f ec c7 f4 18 df 7a 2b f1 64 15 89 Sep 21 07:33:26.850981: | keyex value 1d 98 21 95 11 54 ab bc 48 cb bd f4 56 6a 7e 7d Sep 21 07:33:26.850983: | keyex value 4e 22 83 cd ac ac e0 f3 b9 b4 32 7f 8c a1 8c 80 Sep 21 07:33:26.850986: | keyex value 11 07 c9 cc ba a5 7d 81 52 fe fc df 3d 85 48 20 Sep 21 07:33:26.850988: | keyex value 63 a0 fc 56 f6 33 c9 47 ed d8 b4 0a 09 7e 1e cf Sep 21 07:33:26.850990: | keyex value 35 6c 71 21 ca a6 28 c3 02 1e 1f 41 9c 80 26 12 Sep 21 07:33:26.850993: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.850995: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.850998: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.851001: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.851003: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.851009: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:26.851011: | Ni 36 b6 ca 66 05 22 db 05 10 a1 24 7b 24 b8 4f 0e Sep 21 07:33:26.851013: | Ni 66 17 90 08 18 ff 99 6e 94 fb 32 a4 ae bc 77 f0 Sep 21 07:33:26.851016: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.851018: | NAT-T checking st_nat_traversal Sep 21 07:33:26.851020: | NAT-T found (implies NAT_T_WITH_NATD) Sep 21 07:33:26.851022: | sending NAT-D payloads Sep 21 07:33:26.851032: | natd_hash: hasher=0x557db2fcbc40(32) Sep 21 07:33:26.851035: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.851037: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851040: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.851042: | natd_hash: port= 01 f4 Sep 21 07:33:26.851044: | natd_hash: hash= 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.851047: | natd_hash: hash= be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.851050: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.851052: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.851055: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:33:26.851058: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.851060: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.851063: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.851065: | NAT-D 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.851068: | NAT-D be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.851070: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.851076: | natd_hash: hasher=0x557db2fcbc40(32) Sep 21 07:33:26.851079: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.851081: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851083: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.851085: | natd_hash: port= 01 f4 Sep 21 07:33:26.851088: | natd_hash: hash= b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.851090: | natd_hash: hash= c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851093: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.851095: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.851098: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.851100: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.851103: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.851105: | NAT-D b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.851108: | NAT-D c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851110: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.851113: | no IKEv1 message padding required Sep 21 07:33:26.851115: | emitting length of ISAKMP Message: 396 Sep 21 07:33:26.851118: | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] Sep 21 07:33:26.851121: | complete v1 state transition with STF_OK Sep 21 07:33:26.851126: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.851128: | #1 is idle Sep 21 07:33:26.851130: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.851133: | peer supports fragmentation Sep 21 07:33:26.851135: | peer supports DPD Sep 21 07:33:26.851137: | DPD is configured locally Sep 21 07:33:26.851140: | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Sep 21 07:33:26.851143: | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) Sep 21 07:33:26.851145: | event_already_set, deleting event Sep 21 07:33:26.851149: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.851152: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:33:26.851155: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4596720 Sep 21 07:33:26.851160: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.851166: | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.851169: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851172: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:33:26.851174: | 62 c7 76 58 93 78 a3 90 b7 78 55 d6 12 dc ef 15 Sep 21 07:33:26.851176: | 19 ff f3 f0 00 48 40 c5 a5 a7 d8 cf 53 e9 ea ee Sep 21 07:33:26.851178: | b5 19 2e cd 6f 37 82 20 0b 26 92 5a 71 9d 74 4e Sep 21 07:33:26.851181: | e9 b2 92 a6 3c 99 a2 c5 b8 fe f6 5a 34 57 4c 31 Sep 21 07:33:26.851183: | 3f 0a 51 a2 72 57 a8 36 1e 59 04 b0 38 4f 5f 00 Sep 21 07:33:26.851185: | 29 a5 0a 16 a5 eb 50 8c 8a 03 50 17 a2 92 47 ce Sep 21 07:33:26.851188: | 8d b5 28 04 1f 6c b0 7d b7 da 5e 51 17 b7 c5 dd Sep 21 07:33:26.851190: | 93 88 76 a7 9f 4c d1 93 d9 d9 89 47 4a eb 1d 6c Sep 21 07:33:26.851192: | 00 ea 34 0d d7 82 5e 37 d1 a2 26 fa d3 48 7a 97 Sep 21 07:33:26.851194: | ce 94 9e 56 dd ef dc 3f 2b e4 d5 68 54 88 77 e5 Sep 21 07:33:26.851197: | 16 d0 8c 06 9f ec c7 f4 18 df 7a 2b f1 64 15 89 Sep 21 07:33:26.851199: | 1d 98 21 95 11 54 ab bc 48 cb bd f4 56 6a 7e 7d Sep 21 07:33:26.851201: | 4e 22 83 cd ac ac e0 f3 b9 b4 32 7f 8c a1 8c 80 Sep 21 07:33:26.851203: | 11 07 c9 cc ba a5 7d 81 52 fe fc df 3d 85 48 20 Sep 21 07:33:26.851206: | 63 a0 fc 56 f6 33 c9 47 ed d8 b4 0a 09 7e 1e cf Sep 21 07:33:26.851208: | 35 6c 71 21 ca a6 28 c3 02 1e 1f 41 9c 80 26 12 Sep 21 07:33:26.851210: | 14 00 00 24 36 b6 ca 66 05 22 db 05 10 a1 24 7b Sep 21 07:33:26.851212: | 24 b8 4f 0e 66 17 90 08 18 ff 99 6e 94 fb 32 a4 Sep 21 07:33:26.851215: | ae bc 77 f0 14 00 00 24 27 18 9e 1c a1 21 d9 42 Sep 21 07:33:26.851217: | 22 d5 49 da 07 43 df 78 be c2 8e 57 d8 1b e7 89 Sep 21 07:33:26.851219: | 16 36 fb 3c a1 85 4e 28 00 00 00 24 b5 57 f4 6d Sep 21 07:33:26.851221: | 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 c3 4b 28 58 Sep 21 07:33:26.851224: | ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851246: | !event_already_set at reschedule Sep 21 07:33:26.851250: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596720 Sep 21 07:33:26.851254: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.851256: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.851261: | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.219514 Sep 21 07:33:26.851264: "north-dpd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Sep 21 07:33:26.851271: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.851273: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.851294: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.851299: | #1 spent 0.386 milliseconds in resume sending helper answer Sep 21 07:33:26.851304: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.851307: | libevent_free: release ptr-libevent@0x7f0dc8006900 Sep 21 07:33:26.853162: | spent 0.00212 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.853179: | *received 576 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.853182: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.853185: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:33:26.853187: | a5 f2 3a 12 d3 48 4e e9 ed 67 3c 1e c5 bf d7 0a Sep 21 07:33:26.853189: | 58 f0 06 51 29 a7 69 48 82 82 f1 74 09 14 f0 38 Sep 21 07:33:26.853192: | 8a 6c 99 e2 5c 4e 74 0e c5 91 c8 f1 83 22 b1 7f Sep 21 07:33:26.853197: | 3f 76 51 e4 66 59 a2 d2 ac 9d ca 35 73 45 64 3f Sep 21 07:33:26.853199: | 44 41 d8 e0 c8 6d 97 a3 90 5f 9a d8 27 53 92 31 Sep 21 07:33:26.853201: | 6d a6 6b f8 b5 ca 74 98 17 60 9f 20 f2 03 60 ad Sep 21 07:33:26.853204: | 0b dc d9 91 e9 0e 8c 0b 15 5b 97 0d 9b ac 14 32 Sep 21 07:33:26.853206: | 7b 35 92 a0 f4 d8 fd 66 9d f1 d8 40 fa 9b 44 47 Sep 21 07:33:26.853208: | a1 cf 62 1a 94 b3 50 b6 50 05 09 02 d9 a2 1a ec Sep 21 07:33:26.853211: | eb 5d e3 80 33 c8 96 b8 28 7b 3b 46 29 ed 77 9f Sep 21 07:33:26.853213: | 4b 28 93 13 ae 11 52 e7 f7 4f 00 40 a2 02 d9 99 Sep 21 07:33:26.853216: | 12 b7 25 ad ba b7 83 20 54 28 14 a3 78 c2 d5 db Sep 21 07:33:26.853218: | 57 cc 56 ea dc 25 c5 9f d8 73 14 54 dd 8a fa e4 Sep 21 07:33:26.853220: | a1 bf c3 12 a7 51 57 93 53 11 d7 2a 52 56 10 bf Sep 21 07:33:26.853222: | 14 78 e8 bc c9 8d 26 0c 63 84 91 01 f0 b4 2c f8 Sep 21 07:33:26.853225: | ac d0 cd cf 38 42 3f 02 02 01 d4 63 c8 90 9c 76 Sep 21 07:33:26.853227: | 07 00 00 24 48 12 cc f7 31 6f 90 37 45 08 4c 6f Sep 21 07:33:26.853229: | 45 df b5 21 ff 5a 3d c8 e4 48 be 14 2f ac 26 c8 Sep 21 07:33:26.853232: | c2 ab 05 82 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:33:26.853234: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:33:26.853237: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:33:26.853239: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:33:26.853242: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:33:26.853244: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:33:26.853246: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:33:26.853249: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:33:26.853251: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:33:26.853253: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:33:26.853256: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:33:26.853258: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 b5 57 f4 6d Sep 21 07:33:26.853260: | 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 c3 4b 28 58 Sep 21 07:33:26.853263: | ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 00 00 00 24 Sep 21 07:33:26.853265: | 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.853267: | be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.853272: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.853275: | **parse ISAKMP Message: Sep 21 07:33:26.853278: | initiator cookie: Sep 21 07:33:26.853280: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.853282: | responder cookie: Sep 21 07:33:26.853285: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.853287: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.853290: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.853292: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.853295: | flags: none (0x0) Sep 21 07:33:26.853297: | Message ID: 0 (0x0) Sep 21 07:33:26.853300: | length: 576 (0x240) Sep 21 07:33:26.853303: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.853306: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) Sep 21 07:33:26.853311: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.853314: | #1 is idle Sep 21 07:33:26.853316: | #1 idle Sep 21 07:33:26.853319: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:33:26.853321: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.853324: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.853326: | length: 260 (0x104) Sep 21 07:33:26.853329: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:33:26.853332: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.853334: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.853338: | length: 36 (0x24) Sep 21 07:33:26.853341: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.853343: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:33:26.853346: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.853348: | length: 180 (0xb4) Sep 21 07:33:26.853351: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.853353: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.853356: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.853358: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.853361: | length: 36 (0x24) Sep 21 07:33:26.853363: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.853366: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.853369: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.853371: | length: 36 (0x24) Sep 21 07:33:26.853373: | message 'main_inR2_outI3' HASH payload not checked early Sep 21 07:33:26.853390: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.853400: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.853409: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.853418: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.853421: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.853423: | no PreShared Key Found Sep 21 07:33:26.853427: | adding aggr outR1 DH work-order 2 for state #1 Sep 21 07:33:26.853429: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.853432: | #1 STATE_MAIN_I2: retransmits: cleared Sep 21 07:33:26.853435: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:33:26.853438: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596720 Sep 21 07:33:26.853441: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc8002b20 Sep 21 07:33:26.853444: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.853447: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.853454: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.853459: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.853461: | suspending state #1 and saving MD Sep 21 07:33:26.853462: | crypto helper 1 resuming Sep 21 07:33:26.853475: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:33:26.853464: | #1 is busy; has a suspended MD Sep 21 07:33:26.853482: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 Sep 21 07:33:26.853493: | #1 spent 0.106 milliseconds in process_packet_tail() Sep 21 07:33:26.853500: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.853504: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.853507: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.853511: | spent 0.332 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.854478: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.000996 seconds Sep 21 07:33:26.854490: | (#1) spent 0.994 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) Sep 21 07:33:26.854494: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:33:26.854496: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.854499: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:26.854505: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:26.854513: | processing resume sending helper answer for #1 Sep 21 07:33:26.854520: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.854523: | crypto helper 1 replies to request ID 2 Sep 21 07:33:26.854525: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.854527: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 Sep 21 07:33:26.854531: | **emit ISAKMP Message: Sep 21 07:33:26.854533: | initiator cookie: Sep 21 07:33:26.854534: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.854536: | responder cookie: Sep 21 07:33:26.854537: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.854539: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.854540: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.854542: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.854544: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.854545: | Message ID: 0 (0x0) Sep 21 07:33:26.854547: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.854549: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.854551: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.854553: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.854554: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.854556: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.854557: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.854559: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.854560: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.854561: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.854563: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.854564: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.854565: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.854572: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.854573: | thinking about whether to send my certificate: Sep 21 07:33:26.854575: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:33:26.854577: | sendcert: CERT_ALWAYSSEND and I did get a certificate request Sep 21 07:33:26.854578: | so send cert. Sep 21 07:33:26.854581: | I am sending a certificate request Sep 21 07:33:26.854582: | I will NOT send an initial contact payload Sep 21 07:33:26.854584: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:33:26.854592: | natd_hash: hasher=0x557db2fcbc40(32) Sep 21 07:33:26.854594: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.854595: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.854597: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.854598: | natd_hash: port= 01 f4 Sep 21 07:33:26.854600: | natd_hash: hash= b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.854601: | natd_hash: hash= c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.854605: | natd_hash: hasher=0x557db2fcbc40(32) Sep 21 07:33:26.854606: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.854608: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.854609: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.854610: | natd_hash: port= 01 f4 Sep 21 07:33:26.854612: | natd_hash: hash= 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.854616: | natd_hash: hash= be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.854617: | expected NAT-D(me): b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.854619: | expected NAT-D(me): c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.854620: | expected NAT-D(him): Sep 21 07:33:26.854622: | 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.854623: | be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.854625: | received NAT-D: b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.854626: | received NAT-D: c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.854628: | received NAT-D: 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.854629: | received NAT-D: be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.854631: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:33:26.854632: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:33:26.854633: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:33:26.854635: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:33:26.854637: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:33:26.854639: | NAT_T_WITH_KA detected Sep 21 07:33:26.854641: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:26.854643: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.854645: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.854647: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.854648: | Protocol ID: 0 (0x0) Sep 21 07:33:26.854650: | port: 0 (0x0) Sep 21 07:33:26.854652: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:33:26.854654: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.854655: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.854658: | emitting 185 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.854659: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.854661: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.854663: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.854665: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.854670: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.854674: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.854677: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.854679: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.854682: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.854684: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.854686: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.854688: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.854691: | emitting length of ISAKMP Identification Payload (IPsec DOI): 193 Sep 21 07:33:26.854694: "north-dpd/0x2" #1: I am sending my cert Sep 21 07:33:26.854703: | ***emit ISAKMP Certificate Payload: Sep 21 07:33:26.854706: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.854707: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.854709: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:33:26.854711: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:33:26.854713: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.854718: | emitting 1227 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:33:26.854721: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:33:26.854722: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:33:26.854724: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:33:26.854725: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:33:26.854726: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:33:26.854728: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:33:26.854729: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:33:26.854731: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:33:26.854732: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:33:26.854733: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:33:26.854735: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:33:26.854736: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:33:26.854738: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:33:26.854739: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:33:26.854740: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:33:26.854742: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:33:26.854743: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:33:26.854745: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:33:26.854746: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:33:26.854747: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:33:26.854749: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:33:26.854750: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:33:26.854752: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:33:26.854753: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:33:26.854754: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:33:26.854756: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:33:26.854757: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:33:26.854759: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:33:26.854760: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:33:26.854761: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:33:26.854763: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:33:26.854764: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:33:26.854765: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:33:26.854767: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:33:26.854768: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:33:26.854770: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:33:26.854771: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:33:26.854772: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:33:26.854774: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:33:26.854775: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:33:26.854777: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:33:26.854778: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:33:26.854779: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:33:26.854781: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:33:26.854782: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:33:26.854792: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:33:26.854793: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:33:26.854795: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:33:26.854797: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:33:26.854799: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:33:26.854800: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:33:26.854802: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:33:26.854803: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:33:26.854804: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:33:26.854806: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:33:26.854807: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:33:26.854809: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:33:26.854810: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:33:26.854811: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:33:26.854813: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:33:26.854814: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:33:26.854815: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:33:26.854817: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:33:26.854818: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:33:26.854820: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:33:26.854821: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:33:26.854822: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:33:26.854824: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:33:26.854825: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:33:26.854827: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:33:26.854828: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:33:26.854829: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:33:26.854831: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:33:26.854832: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:33:26.854833: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:33:26.854835: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:33:26.854836: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:33:26.854838: | emitting length of ISAKMP Certificate Payload: 1232 Sep 21 07:33:26.854840: "north-dpd/0x2" #1: I am sending a certificate request Sep 21 07:33:26.854845: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:33:26.854847: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.854848: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.854850: | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:33:26.854852: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:33:26.854854: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:33:26.854857: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:33:26.854859: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.854860: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.854862: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.854863: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.854864: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.854866: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.854867: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.854869: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.854870: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.854872: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.854874: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.854875: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:33:26.854907: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:33:26.854992: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:33:26.860631: | ***emit ISAKMP Signature Payload: Sep 21 07:33:26.860642: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.860644: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:33:26.860646: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.860648: | emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload Sep 21 07:33:26.860650: | SIG_I 65 d6 bc dd 79 f6 c2 ea b2 86 ad ee 2c d2 af 9e Sep 21 07:33:26.860652: | SIG_I 72 54 07 bd 7b 1c 89 ff b4 89 70 25 54 88 fb 64 Sep 21 07:33:26.860653: | SIG_I 71 3f 06 84 2a 2f d3 50 12 fe 95 1b a4 25 6d dc Sep 21 07:33:26.860654: | SIG_I 74 9c d8 44 b7 73 53 0d b0 f8 c0 c3 fc e8 8e f6 Sep 21 07:33:26.860656: | SIG_I 8d 56 75 72 07 45 01 1a fe af a1 90 29 40 8e 80 Sep 21 07:33:26.860657: | SIG_I 64 fd c3 2e 79 3f f1 71 3a 1c a0 6c a0 06 c0 8a Sep 21 07:33:26.860658: | SIG_I a3 2f 7f 39 c9 ae 71 b3 08 48 ca c8 d8 41 36 66 Sep 21 07:33:26.860660: | SIG_I 34 f5 72 4f 75 04 15 b4 5c ec 7b af ed 40 f8 e0 Sep 21 07:33:26.860661: | SIG_I c4 2a 73 5c 35 2c bc 51 79 f5 83 f7 f4 10 6b 79 Sep 21 07:33:26.860662: | SIG_I 09 04 04 52 5a 77 39 5a f7 0c 1d 8c ed ad fc dc Sep 21 07:33:26.860664: | SIG_I a6 84 3f 19 aa c1 2c 28 b8 a4 84 1a cc 1a a3 4e Sep 21 07:33:26.860665: | SIG_I 94 27 cb 1d c1 de 22 ac 1d af 88 06 fa 4d 21 9a Sep 21 07:33:26.860666: | SIG_I 85 44 ee a4 a1 c2 38 82 10 60 b1 0d c8 7c a9 b3 Sep 21 07:33:26.860668: | SIG_I 17 c3 ab b3 d5 64 5f 4b ef ae 3e b7 f1 ee d4 7e Sep 21 07:33:26.860669: | SIG_I 93 ae 92 4d 9f b8 38 50 9c 17 e0 9b 4a 4e 02 94 Sep 21 07:33:26.860670: | SIG_I 65 25 bf a6 1f f6 ed e6 66 f1 95 a4 d0 7b cd 29 Sep 21 07:33:26.860672: | SIG_I fb 5c c1 92 87 d2 e3 9c 4e b2 08 67 ee af b2 19 Sep 21 07:33:26.860673: | SIG_I a4 01 20 bc 2b 31 7e 42 09 dc 4e 1a 80 1e 67 4e Sep 21 07:33:26.860674: | SIG_I f0 88 2a 21 2d 80 33 14 e8 db 5f 23 5e 8b 4e 6a Sep 21 07:33:26.860676: | SIG_I a5 f1 e7 5b 9d c8 c6 21 fd ba de 86 b2 53 18 90 Sep 21 07:33:26.860677: | SIG_I 1e 5e 31 c5 61 24 58 58 ef d3 9e 86 8c 2f 2d ad Sep 21 07:33:26.860679: | SIG_I 07 60 4c 20 cb 2c 37 61 36 43 fb 36 54 10 a4 59 Sep 21 07:33:26.860680: | SIG_I 5e 0d 66 2d 75 89 d1 65 ed e2 aa 54 2f a4 cf b1 Sep 21 07:33:26.860681: | SIG_I 0e 80 26 67 b5 f4 f6 32 cb 35 fc 19 02 d9 d8 c5 Sep 21 07:33:26.860683: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:33:26.860684: | Not sending INITIAL_CONTACT Sep 21 07:33:26.860686: | emitting 7 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.860688: | no IKEv1 message padding required Sep 21 07:33:26.860689: | emitting length of ISAKMP Message: 2028 Sep 21 07:33:26.860701: | complete v1 state transition with STF_OK Sep 21 07:33:26.860706: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.860708: | #1 is idle Sep 21 07:33:26.860710: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.860711: | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Sep 21 07:33:26.860714: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) Sep 21 07:33:26.860716: | event_already_set, deleting event Sep 21 07:33:26.860720: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.860724: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:33:26.860726: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc8002b20 Sep 21 07:33:26.860730: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.860735: | sending 2028 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.860737: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.860738: | 05 10 02 01 00 00 00 00 00 00 07 ec d9 2f 98 ba Sep 21 07:33:26.860740: | ed 5f 27 3d c2 c9 65 6d b7 37 0b 68 2d 19 a4 4b Sep 21 07:33:26.860741: | 51 b4 01 55 d1 27 9a fb 87 c4 b0 00 59 e4 ef 90 Sep 21 07:33:26.860742: | a1 cc 2c 58 cf 0b 0e a9 32 df 76 4d d1 6a 59 a6 Sep 21 07:33:26.860744: | 2e 2b f4 53 e1 c8 3c 83 8d cb 56 84 61 d0 2a 23 Sep 21 07:33:26.860745: | 3f e2 b5 d1 b5 8f d1 9d 90 85 d1 18 6c 4f 53 a8 Sep 21 07:33:26.860746: | e8 b0 d2 47 df 29 b4 1e 9f c1 36 18 fa c2 db ff Sep 21 07:33:26.860748: | f9 ca 8d 9b 79 5d 17 c4 fe 31 75 ba a9 f2 6f 12 Sep 21 07:33:26.860749: | 98 3f 21 da 60 cb 01 3e 8f 00 2b 2c 72 31 fa 1a Sep 21 07:33:26.860750: | ca 96 53 c0 91 35 88 a3 43 77 d5 9d 1f 2d 07 67 Sep 21 07:33:26.860752: | ca 4f 2f 2a 28 4b 57 ae e5 0f df 5c 2e 2d 7e 1d Sep 21 07:33:26.860753: | 39 7c ed bd 8d ae c9 ef 2f 29 76 52 2d eb 4c d0 Sep 21 07:33:26.860754: | 91 d3 a6 a1 f8 42 5e 0a 3e e7 bf 40 26 8c ff b6 Sep 21 07:33:26.860756: | 4d 2e c7 19 19 01 7b 98 f2 ff 1c f5 e8 dc 2d b2 Sep 21 07:33:26.860757: | 15 d5 da e1 f3 b9 67 0a 05 07 f9 b2 7f 20 e8 0e Sep 21 07:33:26.860758: | d2 32 24 ad 91 50 2c 37 94 b5 b6 1d 9e ef 29 8d Sep 21 07:33:26.860760: | 37 54 b5 cb 63 14 f2 c5 89 7e fb 99 83 c9 be 98 Sep 21 07:33:26.860761: | 7a 2a ca 1d 26 8b 33 22 23 0f 92 12 4e ab e4 d4 Sep 21 07:33:26.860762: | 2a b0 4b fd 46 cb b4 54 4c 9a 9a b2 2e 33 31 df Sep 21 07:33:26.860764: | 86 a4 67 93 4e b4 7f da 91 73 f7 e1 f2 0f 22 31 Sep 21 07:33:26.860765: | 37 28 3a 4f 24 70 a1 f4 e8 6a 69 9e 9b 13 6e 8e Sep 21 07:33:26.860766: | 9e 35 54 b7 98 46 1d 12 c3 65 05 9a 66 0a c1 4b Sep 21 07:33:26.860768: | ea 0f c1 bd 86 43 3f 58 7c a0 40 12 a4 72 66 32 Sep 21 07:33:26.860769: | 7e af af 6c 67 e1 67 95 2d d1 36 85 66 9a 9f 56 Sep 21 07:33:26.860770: | df 3f 9d 4b 1e ae 48 17 da d1 21 47 c2 9c 18 11 Sep 21 07:33:26.860772: | d0 e9 3c 4b f7 a3 2b 8a c4 ee 7a 10 3c 2e 8c 28 Sep 21 07:33:26.860773: | ac f7 d9 34 b6 51 08 f8 66 98 22 2a c3 97 5e 19 Sep 21 07:33:26.860774: | 0f 53 ca e6 16 51 87 92 6e d8 dd bd 61 2a 97 ba Sep 21 07:33:26.860776: | 43 3b 9a 02 b9 86 d5 7d b2 12 f5 10 77 48 4d 42 Sep 21 07:33:26.860777: | 4c d8 ef 6d 78 5e 1d 7d 54 1c 33 4b 3c b5 60 a7 Sep 21 07:33:26.860778: | 19 1e 1a 25 00 75 63 f2 82 6d 99 fa a5 22 f4 cf Sep 21 07:33:26.860780: | e2 29 00 8c 4d 5f 05 76 5a d7 ac d9 6c 69 4d b6 Sep 21 07:33:26.860781: | a5 83 72 99 03 83 52 38 88 70 98 3f a1 a9 c0 66 Sep 21 07:33:26.860785: | 4b 7a a0 c4 f5 97 9a fc 87 a9 75 55 3f c9 23 7a Sep 21 07:33:26.860802: | aa 47 93 38 6d ac 63 19 f6 7f 79 b5 2c d2 a4 36 Sep 21 07:33:26.860803: | 5d ad 15 22 46 c2 e9 9e 57 a9 ec 31 d2 c4 62 b4 Sep 21 07:33:26.860805: | ff e4 b8 63 77 32 c4 e6 fc a9 8a a6 61 9d 0d 44 Sep 21 07:33:26.860807: | f3 e8 34 53 c8 37 4f 6e 2f 3b 39 98 4e bb c6 7f Sep 21 07:33:26.860809: | c2 6b 52 df ac d6 14 88 22 53 69 2b b4 2f e2 eb Sep 21 07:33:26.860810: | 68 7f 00 3b 22 b3 e7 15 ce 36 dd f6 45 a2 37 dd Sep 21 07:33:26.860811: | bd 38 86 6f 55 e1 46 51 2c 41 d3 c0 4a 57 25 0e Sep 21 07:33:26.860813: | be 57 ba 59 46 8e 70 a3 17 b1 05 f1 33 b3 fb c8 Sep 21 07:33:26.860814: | c4 ee c9 83 4c 02 44 ee a4 5c 38 b8 49 1a 73 01 Sep 21 07:33:26.860816: | 5d ca f5 03 25 ca c6 ff 8c 1a d2 dd ff 49 0c 96 Sep 21 07:33:26.860817: | d9 4d 35 1a 56 15 8c 80 ca d6 4e 03 3f 05 7f 55 Sep 21 07:33:26.860820: | b0 fb 99 7b 10 2a e2 1e 96 b5 eb 80 24 9b ea 00 Sep 21 07:33:26.860821: | 87 c2 6e 37 c5 d5 cd 13 99 a5 87 ab 04 63 af 4e Sep 21 07:33:26.860822: | 10 22 30 fe 01 e3 37 04 c2 7b be 1f 2d aa 5c 4c Sep 21 07:33:26.860824: | 97 92 a4 b7 f5 ac e8 3a d6 e8 ce 19 50 fd 28 dc Sep 21 07:33:26.860825: | 45 ab 0d 5a 2e 24 5b f4 4b 54 b2 b1 83 c8 e7 42 Sep 21 07:33:26.860827: | 69 de 49 b1 ed 8a da 18 8c e7 3a 75 1a 0a 27 65 Sep 21 07:33:26.860828: | 72 e0 e5 ff 2e e8 f6 51 51 89 36 bc 15 84 d4 cc Sep 21 07:33:26.860829: | 53 e6 f1 c6 d4 a7 8c 09 79 3d 9b 47 83 a3 4d ff Sep 21 07:33:26.860831: | ee 5a 55 c2 e3 ad 68 7c de 3a 6c 54 b8 b3 90 ab Sep 21 07:33:26.860832: | 22 97 d7 35 3f ae 1e a6 45 bb a6 b6 a7 b5 2c f4 Sep 21 07:33:26.860833: | e3 d9 be 57 cc 19 e1 35 58 73 f0 d9 b5 ec 3c a4 Sep 21 07:33:26.860835: | da 68 69 bd c2 01 20 57 90 60 9d 7d 83 dc 88 0c Sep 21 07:33:26.860849: | f0 f9 fc e5 11 2c fd a1 58 bc 44 a9 d7 38 c6 35 Sep 21 07:33:26.860850: | 8f ef 5f 98 db 47 31 3e 3f 24 46 05 24 cc 31 7a Sep 21 07:33:26.860852: | be 83 25 12 cc b4 f6 80 75 46 7e b5 ec 88 d5 59 Sep 21 07:33:26.860853: | 11 11 be a5 03 84 e7 1e 8d cd e9 52 42 ae 4a 6c Sep 21 07:33:26.860854: | 93 2e 5c 57 cd 8f f2 e9 b4 95 44 80 ce 3a d0 60 Sep 21 07:33:26.860856: | a5 36 8b fc 55 e3 9e 5f fa f1 cb 8f 7e 2b 4c 5b Sep 21 07:33:26.860857: | 5c 10 3a 35 6b 15 85 dc a6 78 63 d9 b4 8f c8 14 Sep 21 07:33:26.860858: | 23 52 fc 4f 58 2d ec d6 93 f1 e4 c7 2a c3 ef d4 Sep 21 07:33:26.860860: | df 63 9d c6 d1 f5 79 f6 ba 7b 07 c6 4c ec d6 21 Sep 21 07:33:26.860861: | 4f e5 2b aa 5f 0a 54 c9 af 1c ad 9c 3a d2 a8 c8 Sep 21 07:33:26.860862: | a8 e8 02 25 fe 64 76 a9 35 0c 97 e3 94 3f b5 38 Sep 21 07:33:26.860864: | a1 37 d1 bb 90 fa 12 ea 33 ec bf 2d 71 39 db 4c Sep 21 07:33:26.860865: | cb 8e b6 3f ab d8 a4 c2 f1 8d 98 af 6f ec 24 de Sep 21 07:33:26.860866: | 50 7e d0 20 0e 01 bd de 3a 87 77 3b fb 3e 2f 39 Sep 21 07:33:26.860868: | 3f cc c2 fb 88 98 8c ea 25 b6 62 29 67 cb 19 be Sep 21 07:33:26.860869: | 8e a9 1c 8a 87 55 60 c4 ef ea 1f 28 c1 4a d9 9b Sep 21 07:33:26.860870: | 14 e1 ff b6 c3 62 72 83 d5 88 5e 5a c3 c2 a1 e8 Sep 21 07:33:26.860872: | 7e 92 51 21 ad 06 6f 25 35 f1 72 ec f1 32 ae 8c Sep 21 07:33:26.860873: | c2 07 3b ff 96 67 3b 38 fe 82 4d d8 36 27 26 49 Sep 21 07:33:26.860874: | a6 46 9b 5b e7 9f 20 99 c6 fe 50 39 ac 9a 42 57 Sep 21 07:33:26.860876: | 8b 13 5b 21 f7 f1 f7 60 e2 c7 6a b2 8f 80 7b e0 Sep 21 07:33:26.860877: | f0 cd eb 3b 4f 88 e4 c6 c0 c9 d6 ea 66 ff 39 83 Sep 21 07:33:26.860878: | de 66 72 27 f2 57 45 25 99 d8 5c 18 13 4b 04 3d Sep 21 07:33:26.860880: | 58 5b 7a 9b 99 39 09 9a 94 90 60 ba ea ae 70 9d Sep 21 07:33:26.860881: | 92 31 83 c4 b0 6c 81 0a c0 4c f7 cc 58 f3 1f ec Sep 21 07:33:26.860882: | fa e6 56 47 72 eb ee 84 e1 03 6d 57 d9 63 fc 13 Sep 21 07:33:26.860884: | 01 e8 7d 5d c8 a8 cc 3f 70 41 41 97 fb c3 4a c8 Sep 21 07:33:26.860885: | 1e 00 a1 e1 19 1c 7c 19 5e 14 55 e8 44 03 a4 29 Sep 21 07:33:26.860886: | 21 82 42 de 18 46 dd 85 d4 31 f9 c9 3c 0d 9a 4e Sep 21 07:33:26.860888: | 9b 2a ed 22 9b 6a 47 e9 92 5b ff 18 14 d9 0e 7a Sep 21 07:33:26.860889: | e0 bf 5a 2b 05 f3 bb d3 01 06 86 6e c9 26 34 be Sep 21 07:33:26.860890: | a7 56 76 ab 14 9b 09 73 9f 96 21 70 52 95 5d 0d Sep 21 07:33:26.860892: | 0b b5 05 f5 da 38 38 0c a8 a0 3f 3b fe 38 37 0f Sep 21 07:33:26.860893: | 98 e2 e8 52 75 63 a5 f5 0f c0 66 16 e8 1a cc 88 Sep 21 07:33:26.860894: | a4 13 ce aa 16 6a 5e 8f 91 95 c2 a5 5a e3 6c 8e Sep 21 07:33:26.860896: | 4c a4 b2 2c c1 6e 91 c8 91 f4 6a d8 a0 b2 cf 02 Sep 21 07:33:26.860897: | e5 01 25 4a 87 96 8e 77 9d 80 53 57 d5 55 35 ff Sep 21 07:33:26.860898: | 1d cd a9 d9 29 6b f3 e1 9d a3 00 d0 a1 8c 6c c0 Sep 21 07:33:26.860900: | 74 04 46 1b 23 47 a1 7b 7b 57 bd 23 09 01 a2 ac Sep 21 07:33:26.860901: | 20 38 e8 dd 76 78 5e 9c fa 99 74 b1 cb 3e 7a 03 Sep 21 07:33:26.860903: | 2a 3d da 0a 84 2b ef 65 8e b8 bd 60 09 82 91 5c Sep 21 07:33:26.860905: | 5f 23 a5 ef 8f 35 28 31 f7 16 69 52 4b 73 86 43 Sep 21 07:33:26.860906: | 02 b1 7f 04 37 5e f0 d3 66 e5 03 f9 72 74 a6 d0 Sep 21 07:33:26.860907: | f2 58 87 76 39 21 35 b1 27 43 4c d0 bd 67 cd e8 Sep 21 07:33:26.860909: | f6 61 f2 91 2d 0b 00 ec 3f 0d 2a 84 d6 30 8e 00 Sep 21 07:33:26.860910: | be 94 2d 07 11 91 c0 78 0a 78 99 31 c9 38 fc 6d Sep 21 07:33:26.860911: | 54 31 dc 12 97 85 49 48 b0 16 51 3f 6d f9 ce b5 Sep 21 07:33:26.860912: | 3d 53 1a e6 42 c8 f6 fe 74 cd 97 d9 83 3e 76 32 Sep 21 07:33:26.860914: | 6e 76 21 b4 32 9f dd 47 4a e6 04 d6 af 94 75 15 Sep 21 07:33:26.860915: | 55 8b e8 16 8a 8e 57 2d 07 b5 b2 28 49 ac 80 30 Sep 21 07:33:26.860916: | 24 81 5a b0 bf e0 eb 03 b2 63 2e 95 23 a2 a8 46 Sep 21 07:33:26.860918: | 77 d8 81 c4 54 3d d9 97 e0 df cb 5f ba 86 81 df Sep 21 07:33:26.860919: | d5 89 1b e6 f0 db 9f 7e 47 f4 2e 6d bf 41 6a 90 Sep 21 07:33:26.860920: | c6 d7 95 a4 a6 fb 05 01 1b 1a d3 97 dd ec b6 38 Sep 21 07:33:26.860922: | 6d ce 4e 98 52 0c 5b ce 8c 5e f5 a5 26 1d 4c 04 Sep 21 07:33:26.860923: | 8b 36 0c 7d 31 11 dd 18 c5 51 0a 11 aa 2e 45 29 Sep 21 07:33:26.860924: | f9 0f c6 74 f8 27 04 63 3a 38 7f 50 92 32 9d 4c Sep 21 07:33:26.860926: | d1 7c fa eb 22 ea 83 82 37 68 46 ab 1b 96 20 be Sep 21 07:33:26.860927: | f3 e0 df 58 18 85 1b 63 ad 86 1a 0b 94 ff a9 54 Sep 21 07:33:26.860928: | 0a d3 63 dc 15 d9 c9 3e c5 f4 fd 44 f6 db fb f6 Sep 21 07:33:26.860930: | 15 94 ce 7e 70 23 13 3c a5 6c 1d c2 92 db 52 56 Sep 21 07:33:26.860931: | 66 d6 ee 21 e7 0b 70 80 39 0d d1 a2 9d fc aa 37 Sep 21 07:33:26.860932: | f9 7b 86 ce 0d 6c 65 b3 84 cb 54 47 77 f0 9d b5 Sep 21 07:33:26.860934: | f5 32 5d 74 a5 11 2d ca 05 47 14 eb 4b 21 31 d5 Sep 21 07:33:26.860935: | f2 b1 7f 07 5b 1e 75 35 b6 b7 c7 c9 a5 29 1d db Sep 21 07:33:26.860936: | 7d 71 40 51 69 c6 63 f5 f9 50 c2 66 f9 76 85 7e Sep 21 07:33:26.860938: | b4 bd 98 76 c9 e7 8d c1 21 4a eb 19 31 17 b2 70 Sep 21 07:33:26.860939: | d3 21 3e 39 82 17 4f d2 e4 77 9f 0c 86 cd ad 74 Sep 21 07:33:26.860940: | 26 ab 4e 6f 3f 68 c8 73 c0 df 82 1c Sep 21 07:33:26.860995: | !event_already_set at reschedule Sep 21 07:33:26.861000: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db459e020 Sep 21 07:33:26.861003: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.861005: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.861009: | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.229264 Sep 21 07:33:26.861011: "north-dpd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Sep 21 07:33:26.861017: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.861019: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.861036: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.861041: | #1 spent 6.47 milliseconds in resume sending helper answer Sep 21 07:33:26.861044: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.861046: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:26.873647: | spent 0.00304 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.873675: | *received 1884 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.873680: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.873682: | 05 10 02 01 00 00 00 00 00 00 07 5c 46 4e 29 47 Sep 21 07:33:26.873684: | 6e a0 2d c1 90 6b 96 21 80 e3 3d bb 67 35 fa e7 Sep 21 07:33:26.873686: | dc 66 b7 a5 0c ab 4d aa 2a 82 ca ed de 33 13 d9 Sep 21 07:33:26.873689: | a6 bd f9 d7 51 db 1a 16 22 1e 79 e2 45 6b c6 35 Sep 21 07:33:26.873691: | ed b0 d0 0e 86 13 c9 17 f6 61 88 e7 6a 93 1a d7 Sep 21 07:33:26.873696: | d7 4a 94 07 b1 f3 3c 7a fb 6a 48 35 df 96 6a 97 Sep 21 07:33:26.873698: | b3 21 56 8f 29 f6 13 f1 4e b0 8e f7 7e 35 21 f5 Sep 21 07:33:26.873700: | 4f e2 2d 5f 27 6b ac df eb a2 55 bb 57 e5 7e b3 Sep 21 07:33:26.873702: | 11 36 99 3e 24 78 a3 ab f4 f2 13 c6 8e aa d9 69 Sep 21 07:33:26.873704: | aa 44 0d 9d c1 f2 7a b9 33 7c 79 a6 78 8d db 51 Sep 21 07:33:26.873706: | 30 eb 1d c5 64 a4 07 6a 55 88 b2 56 e6 cd 1b a9 Sep 21 07:33:26.873709: | 2f ea 15 2e 3c 86 e3 1f 80 82 96 9e 86 f2 23 4d Sep 21 07:33:26.873711: | b6 6f 5c 1b bb e8 bd 46 dc 99 7d 8f 51 21 6e 9c Sep 21 07:33:26.873713: | 7e f3 ab 0e 08 b2 e5 02 65 11 be 6f 0f 15 32 cc Sep 21 07:33:26.873715: | 9b a9 1d 91 a0 68 3b 2a 71 9e 53 a3 b5 fd 0c c0 Sep 21 07:33:26.873718: | 18 43 d7 f5 a8 b2 13 be 8f 94 9e c6 ab 27 de 08 Sep 21 07:33:26.873720: | 11 85 e9 94 2b db 97 39 44 0b f4 1d 8a 30 28 f6 Sep 21 07:33:26.873722: | 6a ed 36 9c 55 99 ed 72 d2 43 dc ad 1b 25 da 45 Sep 21 07:33:26.873725: | be 65 dd 86 d3 8b c9 4a e0 f9 43 ae 8a 58 dd 48 Sep 21 07:33:26.873727: | 31 98 44 f4 c1 f6 42 86 de 29 c4 72 8f a1 44 45 Sep 21 07:33:26.873729: | 60 ac 9b 51 22 7c 78 5c 83 cc 65 b4 a3 dd 59 f1 Sep 21 07:33:26.873731: | 98 0f 0c b9 f7 0d c4 81 d4 db 6d be cf 91 19 ef Sep 21 07:33:26.873734: | d3 c1 11 9e e7 d3 69 cf e2 aa ea 44 21 95 01 2f Sep 21 07:33:26.873736: | ca fc fd 88 f3 01 86 17 05 68 87 7a 26 b2 18 9f Sep 21 07:33:26.873739: | d9 df ee 64 10 f6 31 a4 3e cd 89 c3 d7 64 47 ff Sep 21 07:33:26.873741: | 18 89 33 79 bb 1e 8b eb a4 65 07 e6 1b 8b 9b a9 Sep 21 07:33:26.873743: | 2b 21 e2 fa ae 9a 9d b5 8b ac 64 3d 20 cc 7e 8e Sep 21 07:33:26.873745: | be 73 f1 f4 df 41 f8 6c 53 7b 52 c5 da a2 15 f2 Sep 21 07:33:26.873747: | 91 13 e9 20 bb 3a 66 b6 62 7c e4 ec fb 4b 84 dd Sep 21 07:33:26.873749: | 4e 60 dc 6a c5 ce 26 e0 11 a1 5c 18 41 12 a7 68 Sep 21 07:33:26.873752: | fe 69 98 32 3f 27 f8 6e 73 5e 43 5c 73 d1 cd da Sep 21 07:33:26.873754: | 3d 4c 02 b0 48 9b de 68 2d 81 5e 9b bd ad 5a c6 Sep 21 07:33:26.873756: | 1e 41 11 da 0d 77 9b b6 1e 49 66 1b 4f f3 b5 e4 Sep 21 07:33:26.873758: | af 73 3d fa 0a 57 9b 5e 0c 65 25 27 fd b0 55 ac Sep 21 07:33:26.873761: | e0 87 9b 9f 21 17 49 e7 b3 fe bb ee 2b f6 3e 30 Sep 21 07:33:26.873763: | 83 fd ec 83 9c 55 2f 55 b7 a9 c3 44 2f e3 e1 e1 Sep 21 07:33:26.873765: | e9 18 65 5b 22 d3 04 f0 98 3b 5a 23 9e bb b3 e2 Sep 21 07:33:26.873768: | 2d 2d 16 d0 04 85 73 df d9 d3 1f 37 cb 39 aa 9c Sep 21 07:33:26.873770: | 09 b2 7f 99 e8 80 65 7e 30 3e 03 78 81 52 eb ae Sep 21 07:33:26.873772: | 56 0f 8a df 86 aa d0 16 51 e2 15 c6 5f 3d 0a a9 Sep 21 07:33:26.873775: | 73 f8 0c d3 76 81 58 63 2d 6d 3f 4b 09 b0 0a 67 Sep 21 07:33:26.873777: | 34 93 dd a3 10 29 55 70 85 55 b4 50 51 a8 95 15 Sep 21 07:33:26.873779: | b6 42 ce 99 c0 d0 5d d6 6c 98 73 29 d7 cd 65 80 Sep 21 07:33:26.873781: | 40 58 6c 1b bd c4 2d 42 9b fc 28 e2 0f 31 56 cc Sep 21 07:33:26.873789: | 3c b4 ff d1 6a 26 32 95 39 06 f0 47 a9 30 23 0b Sep 21 07:33:26.873792: | 03 5e 87 39 cb 66 c6 c8 e4 04 aa 99 4a 40 81 ad Sep 21 07:33:26.873794: | 1f 70 75 ce 27 a5 d3 62 27 2d a6 bc 72 dc 25 e1 Sep 21 07:33:26.873797: | 4b a6 ba f1 f3 72 6c 62 d9 0a 90 78 3d a7 1c 3c Sep 21 07:33:26.873799: | 5b f0 2e 94 55 3b cf 68 9a 19 cf 92 8c 15 b3 7f Sep 21 07:33:26.873801: | 88 63 e9 28 c8 fb 87 5e 2d 28 78 1e 4a 92 14 bf Sep 21 07:33:26.873804: | 9f 29 e6 8b 63 80 4b 00 91 da e8 77 6f 36 3c b4 Sep 21 07:33:26.873806: | ac b0 9a eb 18 3c d4 e4 86 79 da ee 08 62 20 3c Sep 21 07:33:26.873808: | 22 1f 1a 0e fa fa 3a f7 e1 cb 8f cb 73 46 20 dd Sep 21 07:33:26.873810: | c9 71 4e 36 af 41 ee 4f 14 3b ae d4 f5 db 4f 97 Sep 21 07:33:26.873812: | 49 2b f0 a9 5b e8 94 2c 98 a4 3a 8a 2b be 7c f4 Sep 21 07:33:26.873814: | 03 2b 73 db 9a 2a 2a f1 ea c6 21 d6 68 04 bf 43 Sep 21 07:33:26.873817: | de 23 49 39 97 28 5e 25 ac 9e 79 39 10 b6 7a 58 Sep 21 07:33:26.873820: | 77 d1 74 f8 ce 6c 22 f2 80 79 88 3d 1a f3 e1 5b Sep 21 07:33:26.873823: | 13 67 28 7c 83 62 51 d9 1c fa ba dd 51 f3 9c 65 Sep 21 07:33:26.873825: | e8 52 bb d4 d1 2a 4c a5 68 fe 59 14 ef d4 e3 48 Sep 21 07:33:26.873827: | 67 a6 f8 b7 b7 d0 b3 41 77 d0 15 a1 23 90 8f 5a Sep 21 07:33:26.873830: | 82 3e 41 69 83 80 a5 ae 21 c6 15 ce 3b 86 c7 c6 Sep 21 07:33:26.873832: | 99 63 aa d2 c5 8f 66 e8 75 fb b4 f3 f2 a1 d6 b8 Sep 21 07:33:26.873835: | 1f 04 de 15 62 32 fc 16 a3 7f e4 9d bc 2b d0 a1 Sep 21 07:33:26.873837: | 1e 51 01 13 bf 10 f8 1e 64 99 de 0c fa 8d 5d 29 Sep 21 07:33:26.873839: | 97 2e e9 c0 4a 69 97 83 1d d8 a7 59 16 31 71 a4 Sep 21 07:33:26.873841: | d1 ad 3a d7 41 b7 3e 7f 5f 3f ad be 4a 55 98 7a Sep 21 07:33:26.873843: | 23 72 09 40 e6 9e f4 7f d3 a7 e0 c7 fc e2 16 5f Sep 21 07:33:26.873846: | 2e 87 09 df 94 7b 8a 9b 1f 7c a3 5b 68 28 bf e9 Sep 21 07:33:26.873848: | 23 87 69 39 b1 df c9 72 d4 39 26 7b 5d bf 73 c3 Sep 21 07:33:26.873849: | 2d 32 95 44 a7 4e 77 d7 e9 64 63 76 5d cb a2 02 Sep 21 07:33:26.873852: | 54 b7 19 6d a4 f7 31 66 2f 30 68 e5 e3 c6 c9 28 Sep 21 07:33:26.873854: | 64 b5 da ed 10 e1 f8 67 32 24 15 10 b9 f8 5a 4b Sep 21 07:33:26.873857: | 19 ac 60 c7 13 52 5d 80 91 e8 e0 af a6 28 a1 bb Sep 21 07:33:26.873859: | 3a f1 06 81 ba 80 6e 09 48 ef 27 c0 2c a2 fa 43 Sep 21 07:33:26.873861: | 21 cb 88 ce 72 a3 df 13 5a d0 ef 13 6b a2 f6 57 Sep 21 07:33:26.873864: | fd 38 08 db be 1c 59 ff b0 17 41 93 d5 63 1c 58 Sep 21 07:33:26.873866: | 8a db b2 49 db 9c 0f 45 f6 fd c7 b5 01 b7 e7 0c Sep 21 07:33:26.873868: | ee d7 be 25 6c eb ab f2 ee 0a 8e ea 9d 39 50 72 Sep 21 07:33:26.873870: | c0 91 14 b2 c7 d4 a4 32 75 d5 6a a1 fc 81 58 f3 Sep 21 07:33:26.873872: | 20 1c f4 f4 4a e9 24 d9 da f3 67 ac e0 15 b0 a3 Sep 21 07:33:26.873875: | 59 05 12 2b 6d f4 dc a0 ff 03 51 11 9c 88 ff 36 Sep 21 07:33:26.873877: | 1c 05 d1 c0 5a 9e a9 ba 47 af 37 df 7e 63 2d bf Sep 21 07:33:26.873879: | e3 b8 bd 9d f5 50 9e 92 cc 37 b9 e2 1f 9d 33 f2 Sep 21 07:33:26.873881: | b0 65 50 04 9f 4b 0e c8 44 a2 e1 fd 45 16 e1 9c Sep 21 07:33:26.873883: | 30 56 95 2c ee a6 a7 ad cc d1 ca bc 6a dc 4b a5 Sep 21 07:33:26.873886: | af 53 81 82 85 9a 13 cd b0 d1 aa 93 aa bb 5b 6d Sep 21 07:33:26.873888: | 2d f9 94 54 0c d7 8e 3a 15 52 b8 e8 46 bc d3 29 Sep 21 07:33:26.873891: | d9 4f a8 82 73 4f 82 55 0d d6 3a 34 2e dd d1 a0 Sep 21 07:33:26.873893: | 57 97 bc 09 d0 73 44 d5 40 09 ef aa fa ec d2 a5 Sep 21 07:33:26.873895: | 32 1f 15 d6 f8 27 8a 2f ce 81 8b b7 53 9d 4c 64 Sep 21 07:33:26.873897: | 35 b9 aa 40 5e fb 1b 69 7b 55 81 66 a0 01 ef 3e Sep 21 07:33:26.873900: | 7a b3 66 ff 8f 99 fd 70 f7 ca 3c 22 94 e2 b5 0a Sep 21 07:33:26.873902: | 49 ce 34 58 93 6d 22 e1 57 6d ee c4 69 22 0b 78 Sep 21 07:33:26.873904: | e2 a3 c8 75 b6 61 2d b6 a9 f2 da 3c 8e d3 7d 4e Sep 21 07:33:26.873907: | c1 4d 42 26 f5 e5 c4 a7 ea 69 ac 37 8b 5b 6d ac Sep 21 07:33:26.873909: | fe 03 a0 5e 95 e7 77 f5 9a 62 e1 e8 6b 94 78 b8 Sep 21 07:33:26.873911: | 3f 64 74 d8 c5 64 62 06 a0 40 10 aa dc d3 30 da Sep 21 07:33:26.873914: | b6 27 1c e3 7b 09 dd 7f 7b 94 c1 81 4e e0 f2 8b Sep 21 07:33:26.873916: | bc 06 58 7c 66 78 e0 88 76 8e 46 31 c3 67 98 7a Sep 21 07:33:26.873918: | da b2 15 e4 2f 1c 90 8f 03 2a 4c e2 e0 a7 68 5c Sep 21 07:33:26.873920: | 9c 4b fa 74 d1 dd b5 fb 5a 71 24 16 25 95 30 78 Sep 21 07:33:26.873923: | 0b aa 9d fa 2c 88 29 cb 6f f1 9d 1d d1 0e 60 db Sep 21 07:33:26.873925: | 6f fd 21 3f a6 c7 73 06 d9 55 2b 5b a5 ff a0 77 Sep 21 07:33:26.873927: | 31 11 34 4d 05 38 ac b1 01 af db 29 de 72 75 49 Sep 21 07:33:26.873929: | d8 b2 c6 ac 9b 97 3c 4b 68 3a 54 4c f8 d9 72 49 Sep 21 07:33:26.873932: | 88 8f f4 e0 85 6e c4 51 fe bd 3e 81 3e d2 28 47 Sep 21 07:33:26.873934: | b9 54 88 ee da 5d 66 d0 8b 07 00 32 7b 95 25 f5 Sep 21 07:33:26.873936: | 99 23 5f 08 69 5a 8c 0c a4 8a 03 1b 7e f5 bd f3 Sep 21 07:33:26.873940: | bc 2f 9c 04 97 a1 2b 42 04 8c 9d c5 0e ba fd 69 Sep 21 07:33:26.873943: | 57 f1 3b cf 4b 4b 43 ff d7 2c d6 bd 55 96 95 f4 Sep 21 07:33:26.873945: | 88 1a 8d 35 99 89 60 c4 f0 14 2d 4f f7 03 a4 a4 Sep 21 07:33:26.873947: | 74 79 13 3c e1 cb 71 5b f9 10 6c 52 e7 2a 5b 3f Sep 21 07:33:26.873950: | 7b 74 77 f2 ff 3b 37 56 5d 8e 28 0b c2 58 24 c3 Sep 21 07:33:26.873952: | 94 a2 ea 86 50 18 54 8b 94 40 d4 ba 0a 79 da d4 Sep 21 07:33:26.873954: | 1b 48 61 ee 9b 9f 68 50 fb 7c 94 c9 a1 6e 8d fa Sep 21 07:33:26.873957: | c0 99 80 cd 0c 84 83 5b 02 71 b2 b8 Sep 21 07:33:26.873962: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.873966: | **parse ISAKMP Message: Sep 21 07:33:26.873969: | initiator cookie: Sep 21 07:33:26.873971: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.873973: | responder cookie: Sep 21 07:33:26.873976: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.873978: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.873981: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.873983: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.873986: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.873988: | Message ID: 0 (0x0) Sep 21 07:33:26.873991: | length: 1884 (0x75c) Sep 21 07:33:26.873993: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.873998: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) Sep 21 07:33:26.874004: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.874007: | #1 is idle Sep 21 07:33:26.874009: | #1 idle Sep 21 07:33:26.874013: | received encrypted packet from 192.1.2.23:500 Sep 21 07:33:26.874032: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:33:26.874036: | ***parse ISAKMP Identification Payload: Sep 21 07:33:26.874039: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.874041: | length: 191 (0xbf) Sep 21 07:33:26.874043: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.874046: | DOI specific A: 0 (0x0) Sep 21 07:33:26.874048: | DOI specific B: 0 (0x0) Sep 21 07:33:26.874050: | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.874053: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.874055: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.874057: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.874060: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.874062: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.874064: | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.874067: | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.874069: | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.874071: | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.874073: | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.874075: | obj: 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.874078: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.874081: | ***parse ISAKMP Certificate Payload: Sep 21 07:33:26.874083: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.874086: | length: 1265 (0x4f1) Sep 21 07:33:26.874088: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.874091: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.874093: | ***parse ISAKMP Signature Payload: Sep 21 07:33:26.874096: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.874098: | length: 388 (0x184) Sep 21 07:33:26.874100: | removing 12 bytes of padding Sep 21 07:33:26.874103: | message 'main_inR3' HASH payload not checked early Sep 21 07:33:26.874108: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.874112: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.874115: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.874117: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.874119: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.874122: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.874124: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.874127: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.874129: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.874131: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.874134: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.874136: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.874147: "north-dpd/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:26.874160: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:33:26.874164: loading root certificate cache Sep 21 07:33:26.877918: | spent 3.71 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:33:26.877950: | spent 0.0216 milliseconds in get_root_certs() filtering CAs Sep 21 07:33:26.877956: | #1 spent 3.77 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:33:26.877960: | checking for known CERT payloads Sep 21 07:33:26.877962: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:33:26.878003: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.878009: | #1 spent 0.0477 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:33:26.878013: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.878054: | #1 spent 0.0403 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:33:26.878058: | missing or expired CRL Sep 21 07:33:26.878062: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:33:26.878064: | verify_end_cert trying profile IPsec Sep 21 07:33:26.878188: | certificate is valid (profile IPsec) Sep 21 07:33:26.878195: | #1 spent 0.132 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:33:26.878199: "north-dpd/0x2" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.878267: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db459e210 Sep 21 07:33:26.878271: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db459e240 Sep 21 07:33:26.878274: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db459e1e0 Sep 21 07:33:26.878276: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db45974f0 Sep 21 07:33:26.878279: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x557db4591ae0 Sep 21 07:33:26.878476: | unreference key: 0x557db45b5600 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.878485: | #1 spent 0.274 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:33:26.878489: | #1 spent 4.3 milliseconds in decode_certs() Sep 21 07:33:26.878504: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:26.878512: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:26.878514: | SAN ID matched, updating that.cert Sep 21 07:33:26.878517: | X509: CERT and ID matches current connection Sep 21 07:33:26.878556: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.878571: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:26.878580: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.878588: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.878596: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.878759: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:33:26.878764: | #1 spent 0.164 milliseconds in try_all_keys() trying a pubkey Sep 21 07:33:26.878767: "north-dpd/0x2" #1: Authenticated using RSA Sep 21 07:33:26.878775: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:33:26.878877: | complete v1 state transition with STF_OK Sep 21 07:33:26.878886: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.878888: | #1 is idle Sep 21 07:33:26.878891: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.878893: | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Sep 21 07:33:26.878896: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) Sep 21 07:33:26.878899: | event_already_set, deleting event Sep 21 07:33:26.878902: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.878905: | #1 STATE_MAIN_I4: retransmits: cleared Sep 21 07:33:26.878910: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:33:26.878912: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db459e020 Sep 21 07:33:26.878915: | !event_already_set at reschedule Sep 21 07:33:26.878919: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db4596720 Sep 21 07:33:26.878922: | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 Sep 21 07:33:26.878925: | libevent_malloc: new ptr-libevent@0x557db4595480 size 128 Sep 21 07:33:26.878929: | pstats #1 ikev1.isakmp established Sep 21 07:33:26.878933: "north-dpd/0x2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:33:26.878941: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:33:26.878943: | DPD: Peer supports Dead Peer Detection Sep 21 07:33:26.878946: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.878948: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.878951: | unpending state #1 Sep 21 07:33:26.878956: | creating state object #2 at 0x557db45b57c0 Sep 21 07:33:26.878959: | State DB: adding IKEv1 state #2 in UNDEFINED Sep 21 07:33:26.878962: | pstats #2 ikev1.ipsec started Sep 21 07:33:26.878965: | duplicating state object #1 "north-dpd/0x2" as #2 for IPSEC SA Sep 21 07:33:26.878970: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:26.878976: | in connection_discard for connection north-dpd/0x2 Sep 21 07:33:26.878981: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:26.878988: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:26.878993: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:33:26.878999: "north-dpd/0x1" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:ea1e6cf8 proposal=defaults pfsgroup=MODP2048} Sep 21 07:33:26.879006: | adding quick_outI1 KE work-order 3 for state #2 Sep 21 07:33:26.879009: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:26.879012: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:26.879015: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:26.879017: | libevent_realloc: release ptr-libevent@0x557db45742a0 Sep 21 07:33:26.879020: | libevent_realloc: new ptr-libevent@0x557db459e1e0 size 128 Sep 21 07:33:26.879028: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:26.879032: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:26.879034: | crypto helper 2 resuming Sep 21 07:33:26.879036: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x1" Sep 21 07:33:26.879053: | removing pending policy for no connection {0x557db4539770} Sep 21 07:33:26.879047: | crypto helper 2 starting work-order 3 for state #2 Sep 21 07:33:26.879059: | creating state object #3 at 0x557db45aa170 Sep 21 07:33:26.879067: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 Sep 21 07:33:26.879069: | State DB: adding IKEv1 state #3 in UNDEFINED Sep 21 07:33:26.879082: | pstats #3 ikev1.ipsec started Sep 21 07:33:26.879086: | duplicating state object #1 "north-dpd/0x2" as #3 for IPSEC SA Sep 21 07:33:26.879090: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:26.879095: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:26.879099: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:26.879106: | child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:33:26.879111: "north-dpd/0x2" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:f77eec5e proposal=defaults pfsgroup=MODP2048} Sep 21 07:33:26.879119: | adding quick_outI1 KE work-order 4 for state #3 Sep 21 07:33:26.879122: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:26.879125: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:33:26.879128: | libevent_malloc: new ptr-libevent@0x557db45a80d0 size 128 Sep 21 07:33:26.879135: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:26.879139: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:26.879141: | crypto helper 3 resuming Sep 21 07:33:26.879143: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x2" Sep 21 07:33:26.879151: | crypto helper 3 starting work-order 4 for state #3 Sep 21 07:33:26.879157: | removing pending policy for no connection {0x557db45397f0} Sep 21 07:33:26.879163: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 Sep 21 07:33:26.879169: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:33:26.879175: | #1 spent 5.01 milliseconds in process_packet_tail() Sep 21 07:33:26.879180: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.879185: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.879188: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.879194: | spent 5.48 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.879976: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000909 seconds Sep 21 07:33:26.879989: | (#2) spent 0.913 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Sep 21 07:33:26.879992: | crypto helper 2 sending results from work-order 3 for state #2 to event queue Sep 21 07:33:26.879995: | scheduling resume sending helper answer for #2 Sep 21 07:33:26.879999: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:26.880006: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:26.880014: | processing resume sending helper answer for #2 Sep 21 07:33:26.880021: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.880025: | crypto helper 2 replies to request ID 3 Sep 21 07:33:26.880027: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.880030: | quick_outI1_continue for #2: calculated ke+nonce, sending I1 Sep 21 07:33:26.880036: | **emit ISAKMP Message: Sep 21 07:33:26.880038: | initiator cookie: Sep 21 07:33:26.880040: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.880043: | responder cookie: Sep 21 07:33:26.880045: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.880048: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880050: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.880053: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.880055: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.880058: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.880061: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.880063: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.880066: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880069: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.880072: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880075: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.880077: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.880080: | emitting quick defaults using policy none Sep 21 07:33:26.880083: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:26.880087: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.880089: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.880091: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.880094: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.880097: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.880100: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880102: | ****emit IPsec DOI SIT: Sep 21 07:33:26.880105: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.880107: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:26.880110: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:33:26.880112: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.880115: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880117: | proposal number: 0 (0x0) Sep 21 07:33:26.880119: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.880122: | SPI size: 4 (0x4) Sep 21 07:33:26.880124: | number of transforms: 2 (0x2) Sep 21 07:33:26.880127: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.880143: | netlink_get_spi: allocated 0x6c96bd25 for esp.0@192.1.3.33 Sep 21 07:33:26.880147: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:26.880151: | SPI 6c 96 bd 25 Sep 21 07:33:26.880154: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.880156: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.880158: | ESP transform number: 0 (0x0) Sep 21 07:33:26.880161: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.880163: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.880166: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880169: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.880171: | length/value: 14 (0xe) Sep 21 07:33:26.880174: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.880176: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880179: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.880181: | length/value: 1 (0x1) Sep 21 07:33:26.880183: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.880185: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880188: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.880190: | length/value: 1 (0x1) Sep 21 07:33:26.880192: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.880195: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880197: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.880199: | length/value: 28800 (0x7080) Sep 21 07:33:26.880202: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880204: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.880206: | length/value: 2 (0x2) Sep 21 07:33:26.880209: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.880211: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880213: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.880216: | length/value: 128 (0x80) Sep 21 07:33:26.880218: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:26.880220: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.880223: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880225: | ESP transform number: 1 (0x1) Sep 21 07:33:26.880227: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:33:26.880230: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.880233: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.880235: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880238: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.880240: | length/value: 14 (0xe) Sep 21 07:33:26.880242: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.880244: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880247: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.880249: | length/value: 1 (0x1) Sep 21 07:33:26.880251: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.880253: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880256: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.880258: | length/value: 1 (0x1) Sep 21 07:33:26.880260: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.880262: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880265: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.880267: | length/value: 28800 (0x7080) Sep 21 07:33:26.880269: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880272: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.880274: | length/value: 2 (0x2) Sep 21 07:33:26.880276: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.880279: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:33:26.880281: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:33:26.880284: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:26.880286: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:33:26.880289: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.880295: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.880297: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.880300: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:26.880303: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.880305: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880308: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:26.880311: | Ni 0a ab f1 c4 b1 22 a3 51 ef 8c 6d d4 66 3e ce 5f Sep 21 07:33:26.880313: | Ni ea 9a a7 3f 99 56 55 f9 29 bc 72 d0 b3 c9 bd 9f Sep 21 07:33:26.880315: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.880318: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.880320: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.880323: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.880326: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.880329: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880332: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.880334: | keyex value 69 61 2b fd 88 4c f6 34 00 d3 da 69 ff 8d 26 6f Sep 21 07:33:26.880336: | keyex value 09 3b 85 d6 21 34 71 9a 49 17 f7 ec b1 d2 68 d4 Sep 21 07:33:26.880339: | keyex value 5b 06 aa 68 2e c1 d0 e0 53 20 c4 2a c5 d4 0d 5c Sep 21 07:33:26.880341: | keyex value 1b 8b 9b 69 0e be 35 a4 f9 e0 8a 4f 04 85 55 2e Sep 21 07:33:26.880343: | keyex value 98 b3 62 ac a4 6f d2 99 28 93 6a d3 7f f2 a7 eb Sep 21 07:33:26.880345: | keyex value 99 b5 15 00 54 96 88 34 12 f1 eb 2a 72 2e ba ba Sep 21 07:33:26.880347: | keyex value 63 7a 13 1d 08 eb 62 c7 10 34 c9 e2 7f 2f df 72 Sep 21 07:33:26.880350: | keyex value 10 d6 20 3d 39 1e a2 86 bc 31 dd 98 d8 c9 fe b1 Sep 21 07:33:26.880352: | keyex value 0b 18 0b 5d c0 57 d9 df cf 0f 40 18 49 76 d2 b4 Sep 21 07:33:26.880354: | keyex value 93 c0 2f e8 dd 0c 05 b6 fb d1 86 49 06 bc 28 ce Sep 21 07:33:26.880356: | keyex value e9 29 4b 31 03 c1 1c e8 87 79 f8 12 a6 5a dc 45 Sep 21 07:33:26.880358: | keyex value d8 5e bb c9 74 b6 49 b4 25 78 3e 29 64 7b 17 f4 Sep 21 07:33:26.880361: | keyex value d3 b0 2b 27 d0 7f 9d fc f8 1f b9 2f 4c d1 68 07 Sep 21 07:33:26.880363: | keyex value 9d 96 19 47 4e ed f8 a6 be 55 56 5c 95 68 9d bf Sep 21 07:33:26.880365: | keyex value ee 0a 5d ed 99 fd 74 ec 49 d7 44 84 5e a5 57 69 Sep 21 07:33:26.880367: | keyex value 36 c3 c2 8a 0b 7b 95 05 d7 a1 7c 9d 28 77 4e ae Sep 21 07:33:26.880370: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.880373: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.880375: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.880378: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.880380: | Protocol ID: 0 (0x0) Sep 21 07:33:26.880382: | port: 0 (0x0) Sep 21 07:33:26.880385: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.880388: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.880391: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.880394: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.880396: | client network c0 00 03 00 Sep 21 07:33:26.880401: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.880403: | client mask ff ff ff 00 Sep 21 07:33:26.880406: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.880408: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.880411: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880413: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.880415: | Protocol ID: 0 (0x0) Sep 21 07:33:26.880418: | port: 0 (0x0) Sep 21 07:33:26.880420: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.880423: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.880426: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.880428: | client network c0 00 02 00 Sep 21 07:33:26.880431: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.880433: | client mask ff ff ff 00 Sep 21 07:33:26.880436: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.880460: | outI1 HASH(1): Sep 21 07:33:26.880463: | c4 f7 83 37 0a c3 c6 e8 78 2d 8c 44 4e 3f f2 79 Sep 21 07:33:26.880465: | e3 c1 6f ce c0 a3 ec 38 9f 88 12 57 24 58 19 41 Sep 21 07:33:26.880473: | no IKEv1 message padding required Sep 21 07:33:26.880475: | emitting length of ISAKMP Message: 476 Sep 21 07:33:26.880490: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Sep 21 07:33:26.880492: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.880495: | 08 10 20 01 ea 1e 6c f8 00 00 01 dc b0 b9 fa f6 Sep 21 07:33:26.880497: | e3 c2 f4 9d 8e 87 78 d9 51 92 29 49 b2 ca 7c a3 Sep 21 07:33:26.880499: | ed 2a a5 bc 7c fd 9d 46 05 d1 2f 4c 56 97 b8 37 Sep 21 07:33:26.880502: | 8f a9 40 50 ce 83 32 b5 7a 12 ac 56 b0 d9 1d b1 Sep 21 07:33:26.880504: | 97 e2 4a 31 79 62 97 ee d9 33 e9 50 6e ac da 96 Sep 21 07:33:26.880506: | af 14 9f be 2f ea 49 04 85 58 91 d8 52 cd 8a b8 Sep 21 07:33:26.880508: | fb fc 3d 91 c6 ba a0 7c 77 d0 80 48 20 1e a1 f7 Sep 21 07:33:26.880510: | 35 e6 42 e3 43 0c b3 92 e7 92 18 6c 07 f4 27 1b Sep 21 07:33:26.880513: | ad c2 10 0c c0 be d9 9a bb 4f 4d 26 71 42 0f c4 Sep 21 07:33:26.880515: | 85 28 07 45 82 46 e8 eb 7b d8 9a 09 bf a9 ff ed Sep 21 07:33:26.880517: | 9c 29 ef 7d d9 1e 76 5b eb b1 3f b3 7a 3d e7 ee Sep 21 07:33:26.880519: | 5f b1 f4 fd d7 36 fc 58 87 2b 8d 13 27 c6 79 aa Sep 21 07:33:26.880521: | 0b 4f 74 76 3f 5f 75 e4 e8 98 0f 60 69 a5 44 c0 Sep 21 07:33:26.880524: | c1 21 62 22 8e ef 6e fb c9 66 30 c5 d5 14 53 ab Sep 21 07:33:26.880526: | 1e c7 34 94 7c 9a b1 78 2e d3 1c ef cd 41 70 0a Sep 21 07:33:26.880528: | f1 f2 20 f1 d1 2b f3 9e e5 11 16 92 e5 3d fc 4f Sep 21 07:33:26.880530: | 0e bd 95 f6 67 08 a1 30 8b 40 d7 d6 07 d4 6b a5 Sep 21 07:33:26.880533: | e4 41 a6 8a 92 f7 03 9a 06 f2 dc 23 85 71 da 81 Sep 21 07:33:26.880535: | 19 c4 a6 fd d4 20 46 5e d9 47 0e fa 04 39 ec 8e Sep 21 07:33:26.880537: | 46 13 1a ba 56 c3 34 c5 9d 9a dc b5 79 aa 00 2a Sep 21 07:33:26.880539: | 57 7d 6e e4 9c d6 ed a8 18 86 3e 77 b2 2d 26 32 Sep 21 07:33:26.880542: | fe ca 31 ee 3e a6 6d 42 1a fe aa 6c 6d 43 7d 64 Sep 21 07:33:26.880544: | 1d 60 a9 39 5f fa 8c ae 69 4a 04 53 eb 54 52 4a Sep 21 07:33:26.880546: | e9 75 8e 2a 20 8c 6c ae 5e b8 ab 60 2c dd 93 82 Sep 21 07:33:26.880548: | 30 3d 4e 53 bd e0 f2 a3 77 7e d1 98 6a b1 fe ce Sep 21 07:33:26.880551: | 97 29 8e 45 16 1a 0c 85 cf 58 da 52 02 62 da ba Sep 21 07:33:26.880553: | be 07 39 5b 3d cf fe b6 40 9a 75 ae 41 bd a2 7f Sep 21 07:33:26.880555: | 27 2d 33 ba af e5 5f b4 41 7a 88 4d f7 dd 0e bd Sep 21 07:33:26.880557: | 6e 11 b4 64 d6 d2 1e ed 47 69 34 02 Sep 21 07:33:26.880609: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.001445 seconds Sep 21 07:33:26.880609: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.880622: | (#3) spent 0.693 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Sep 21 07:33:26.880629: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:26.880634: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Sep 21 07:33:26.880639: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:26.880643: | scheduling resume sending helper answer for #3 Sep 21 07:33:26.880648: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:26.880651: | libevent_malloc: new ptr-libevent@0x7f0db8009640 size 128 Sep 21 07:33:26.880653: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:33:26.880656: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:26.880656: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:26.880663: | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.248912 Sep 21 07:33:26.880672: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:26.880677: | #2 spent 0.612 milliseconds in resume sending helper answer Sep 21 07:33:26.880682: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.880685: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:26.880691: | processing resume sending helper answer for #3 Sep 21 07:33:26.880696: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.880699: | crypto helper 3 replies to request ID 4 Sep 21 07:33:26.880701: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.880703: | quick_outI1_continue for #3: calculated ke+nonce, sending I1 Sep 21 07:33:26.880707: | **emit ISAKMP Message: Sep 21 07:33:26.880710: | initiator cookie: Sep 21 07:33:26.880712: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.880714: | responder cookie: Sep 21 07:33:26.880716: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.880719: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880721: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.880724: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.880726: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.880729: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.880731: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.880734: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.880736: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880739: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.880741: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880744: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.880747: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.880749: | emitting quick defaults using policy none Sep 21 07:33:26.880751: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:26.880754: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.880757: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.880759: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.880762: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.880765: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.880768: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880774: | ****emit IPsec DOI SIT: Sep 21 07:33:26.880777: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.880780: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:26.880799: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:33:26.880802: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.880804: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880807: | proposal number: 0 (0x0) Sep 21 07:33:26.880809: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.880812: | SPI size: 4 (0x4) Sep 21 07:33:26.880814: | number of transforms: 2 (0x2) Sep 21 07:33:26.880817: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.880829: | netlink_get_spi: allocated 0x3ca7fee2 for esp.0@192.1.3.33 Sep 21 07:33:26.880832: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:26.880834: | SPI 3c a7 fe e2 Sep 21 07:33:26.880836: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.880839: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.880841: | ESP transform number: 0 (0x0) Sep 21 07:33:26.880844: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.880847: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.880849: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880852: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.880854: | length/value: 14 (0xe) Sep 21 07:33:26.880857: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.880859: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880862: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.880864: | length/value: 1 (0x1) Sep 21 07:33:26.880866: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.880869: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880871: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.880873: | length/value: 1 (0x1) Sep 21 07:33:26.880876: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.880878: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880880: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.880883: | length/value: 28800 (0x7080) Sep 21 07:33:26.880885: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880887: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.880890: | length/value: 2 (0x2) Sep 21 07:33:26.880892: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.880894: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880897: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.880899: | length/value: 128 (0x80) Sep 21 07:33:26.880902: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:26.880904: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.880906: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880909: | ESP transform number: 1 (0x1) Sep 21 07:33:26.880911: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:33:26.880914: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.880917: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.880919: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880922: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.880924: | length/value: 14 (0xe) Sep 21 07:33:26.880926: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.880928: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880931: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.880933: | length/value: 1 (0x1) Sep 21 07:33:26.880935: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.880938: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880940: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.880944: | length/value: 1 (0x1) Sep 21 07:33:26.880946: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.880949: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880951: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.880953: | length/value: 28800 (0x7080) Sep 21 07:33:26.880956: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:26.880958: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.880960: | length/value: 2 (0x2) Sep 21 07:33:26.880963: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.880965: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:33:26.880967: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:33:26.880970: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:26.880972: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:33:26.880975: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.880978: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.880980: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.880983: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:26.880986: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.880989: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.880991: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:26.880994: | Ni 0a 09 80 df 06 4b 45 1a 57 b8 73 9e 8c 11 a4 fe Sep 21 07:33:26.880996: | Ni ae f2 3a 4e 5b 10 51 5a 79 20 a1 d1 f9 a6 18 a4 Sep 21 07:33:26.880998: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.881001: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.881003: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.881006: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.881009: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.881011: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.881014: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.881017: | keyex value 54 d9 0f 70 ce f5 83 0d 04 a7 bb 36 8a 54 3f 48 Sep 21 07:33:26.881019: | keyex value d3 5d cf 1b cb cc 00 ae 3c 27 bf 84 b2 6b b6 1d Sep 21 07:33:26.881021: | keyex value b4 0d 80 c4 23 19 cb 23 c1 c4 75 d3 9a 6d 0b ea Sep 21 07:33:26.881024: | keyex value 01 bb dc 1a 26 50 bc fd e8 a4 01 97 6b 12 4e 25 Sep 21 07:33:26.881026: | keyex value 80 16 38 88 b1 4f 9a e3 65 db d7 23 09 bf 2c d5 Sep 21 07:33:26.881028: | keyex value 1e 2e 4c ae 6d cc ec ad 97 b3 c7 b7 a4 f4 19 d1 Sep 21 07:33:26.881031: | keyex value fe 0f 9e f3 47 66 3c 70 b3 71 b8 56 a6 f9 67 47 Sep 21 07:33:26.881033: | keyex value ee a3 ee fc a3 7b e7 b8 3b aa 6a b6 f5 d6 04 a5 Sep 21 07:33:26.881035: | keyex value bc da 33 10 6b 64 32 40 7e c1 57 6b 90 cf 8c 34 Sep 21 07:33:26.881038: | keyex value 85 cc 8e fd 42 07 46 03 27 ff be a4 62 1d a5 07 Sep 21 07:33:26.881040: | keyex value f2 55 e8 a3 d2 4f 80 26 aa d6 93 55 0a f0 c6 e6 Sep 21 07:33:26.881042: | keyex value cd f7 c5 a4 e7 7b 8c 08 17 53 68 c1 8b c2 a7 aa Sep 21 07:33:26.881044: | keyex value 2f af 53 62 d1 14 b7 29 3a a3 16 b6 b1 f3 2c 17 Sep 21 07:33:26.881047: | keyex value ad c8 d3 31 e5 e8 16 6c 2c be 4b 67 0d 1f 93 54 Sep 21 07:33:26.881049: | keyex value fe 54 5e cd 13 96 c5 62 c5 fd d8 73 98 66 ea ce Sep 21 07:33:26.881051: | keyex value bb 34 e2 ac 4b cc e7 d4 04 77 96 2b 11 1e f8 67 Sep 21 07:33:26.881054: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.881058: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.881060: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.881063: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.881065: | Protocol ID: 0 (0x0) Sep 21 07:33:26.881067: | port: 0 (0x0) Sep 21 07:33:26.881070: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.881073: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.881076: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.881079: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.881081: | client network c0 00 03 00 Sep 21 07:33:26.881084: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.881086: | client mask ff ff ff 00 Sep 21 07:33:26.881088: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.881091: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.881093: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.881095: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.881098: | Protocol ID: 0 (0x0) Sep 21 07:33:26.881100: | port: 0 (0x0) Sep 21 07:33:26.881103: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.881105: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.881108: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.881111: | client network c0 00 16 00 Sep 21 07:33:26.881113: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.881115: | client mask ff ff ff 00 Sep 21 07:33:26.881118: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.881139: | outI1 HASH(1): Sep 21 07:33:26.881142: | 81 dc 5e f1 06 39 84 23 62 ef 70 3f fc 7c 6f 82 Sep 21 07:33:26.881144: | f2 14 93 6d f2 01 bf 0d 46 d5 dc 92 7d 52 ca 5b Sep 21 07:33:26.881150: | no IKEv1 message padding required Sep 21 07:33:26.881153: | emitting length of ISAKMP Message: 476 Sep 21 07:33:26.881164: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:26.881167: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.881169: | 08 10 20 01 f7 7e ec 5e 00 00 01 dc 07 6a 1a 13 Sep 21 07:33:26.881171: | 64 f3 4c f7 49 1a 18 8c 3f 7b 15 59 7e 2e b4 d7 Sep 21 07:33:26.881174: | 47 3e 84 81 96 4f ec d6 50 1f 8b 20 5b fd ac ea Sep 21 07:33:26.881176: | 02 65 6c 67 bf 45 56 a2 ba 2c 4a 58 d5 72 4e 5d Sep 21 07:33:26.881178: | 2b f3 53 b3 2d 45 fb 52 7e 87 b5 f8 cc bd 0f aa Sep 21 07:33:26.881180: | 5c b4 dd da b1 fa 31 bb 41 28 ea c5 ae 41 91 6e Sep 21 07:33:26.881182: | 05 51 66 d5 b6 95 e1 ea a6 9c 10 32 9d cc 52 fc Sep 21 07:33:26.881185: | 2d 2d 78 81 09 00 94 bc 8a fb 37 bc 38 fd 58 60 Sep 21 07:33:26.881187: | 4e 17 b5 ac c2 77 12 32 4c 7f 15 5f b4 76 c8 15 Sep 21 07:33:26.881189: | a2 2e d3 d9 dd 1e f4 b4 cf 3f 52 1e 3d 0c a9 dc Sep 21 07:33:26.881191: | bd dc 2b df ca e9 28 ed a3 80 b9 06 33 d7 31 3c Sep 21 07:33:26.881194: | 3f db bd b1 a4 aa 6f 87 a3 3a 40 3d 45 55 f7 e8 Sep 21 07:33:26.881196: | 8b c8 1f 75 5b ee e7 a9 82 4c 04 59 19 b9 8a a6 Sep 21 07:33:26.881198: | 2a 34 db 72 04 9f c4 d3 38 5c 11 68 1b 7f 64 ed Sep 21 07:33:26.881200: | b1 2a 4f 60 f7 cc 00 02 cb 62 c6 67 d7 e6 e4 42 Sep 21 07:33:26.881202: | 4b f6 68 3d be 1c d1 00 de de 76 b0 79 81 98 ca Sep 21 07:33:26.881206: | 32 59 5e ec ca 27 ec bc ef b0 42 ad 28 d6 64 1f Sep 21 07:33:26.881208: | d6 4e d4 a2 bb 11 96 d5 69 81 ee 2e 07 dc 0f 89 Sep 21 07:33:26.881211: | 33 dd c9 f9 9f 33 b2 4b e7 0a ab 10 c5 a6 75 98 Sep 21 07:33:26.881213: | d3 db 17 01 eb 4b b2 d5 05 cf 41 c5 5d 05 c6 ba Sep 21 07:33:26.881215: | c2 a9 d0 ad b8 12 a9 e5 21 06 f1 93 cb f4 57 a5 Sep 21 07:33:26.881217: | 17 04 7c 2d 73 ec 90 cc 68 de 8d 42 ad 19 57 ef Sep 21 07:33:26.881219: | 00 7a 40 d8 f9 4f cb ba a0 ad f4 42 8a 6f 44 d1 Sep 21 07:33:26.881222: | 82 e7 6c 16 2f e8 2a 16 7a f7 a3 c9 36 7b 16 5d Sep 21 07:33:26.881224: | 7b 8c 4e ff 21 92 9f 15 6e a1 1d a7 b0 bb d6 2f Sep 21 07:33:26.881226: | 3b ad 76 83 f6 2d c5 28 f6 15 01 72 3c 40 67 ca Sep 21 07:33:26.881228: | b6 13 f6 40 c8 95 bb b5 a4 ef b9 17 6e 66 95 00 Sep 21 07:33:26.881230: | fd e2 98 35 14 67 58 f6 bb f9 a8 34 d4 0f 2d f5 Sep 21 07:33:26.881233: | 6f aa fe df 00 0b 06 7d c9 81 cc b2 Sep 21 07:33:26.881262: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.881266: | libevent_free: release ptr-libevent@0x557db45a80d0 Sep 21 07:33:26.881268: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:26.881272: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db45958c0 Sep 21 07:33:26.881275: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:33:26.881278: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:26.881283: | #3 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.249536 Sep 21 07:33:26.881292: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:33:26.881297: | #3 spent 0.564 milliseconds in resume sending helper answer Sep 21 07:33:26.881302: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.881305: | libevent_free: release ptr-libevent@0x7f0db8009640 Sep 21 07:33:26.884156: | spent 0.00248 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.884176: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.884179: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884182: | 08 10 20 01 ea 1e 6c f8 00 00 01 cc aa 81 f5 d8 Sep 21 07:33:26.884184: | 5c aa c1 65 aa 30 4c 43 b9 52 41 70 14 dd 4b 64 Sep 21 07:33:26.884186: | 4f 0a db c8 9f 6e 58 c9 44 ab 1e 16 f6 b2 cf 7b Sep 21 07:33:26.884189: | 75 27 87 be 12 bc e2 0f 75 71 ef 8d 89 3e 70 d4 Sep 21 07:33:26.884191: | b9 d8 58 b7 ae 5d 31 d2 83 02 6d 9f 80 fd 73 dd Sep 21 07:33:26.884194: | 80 47 9b 1c 95 92 58 14 5b 79 d9 09 42 36 94 d9 Sep 21 07:33:26.884196: | 5a 99 a1 c5 34 f5 89 c5 10 ce d4 8f 02 3f 1d 89 Sep 21 07:33:26.884198: | 22 9b 43 d9 95 94 7a a4 bf a5 a1 0b 6c 87 21 27 Sep 21 07:33:26.884201: | d0 58 7f d6 4c ec 9c dd d3 95 6c e0 dc ce bb c5 Sep 21 07:33:26.884203: | 3c 77 38 4a 66 d9 1b 79 18 67 1a bd 5a ad 20 f3 Sep 21 07:33:26.884205: | 8c ab 93 75 4f f7 89 29 69 6e bd 13 1e 21 d4 2c Sep 21 07:33:26.884208: | 28 8e ce 9e ce cf c0 b0 0e 12 4c fa 3b a4 65 0a Sep 21 07:33:26.884210: | 5c 98 d7 3a 20 5a c6 c7 7d 09 a5 9c 0b 20 92 f5 Sep 21 07:33:26.884212: | 41 d2 4f 98 38 6a 78 5c 86 9d 6a 6c 3e d1 12 ac Sep 21 07:33:26.884215: | e1 d9 bf 92 aa 36 e4 a9 29 18 64 43 14 8b 86 f4 Sep 21 07:33:26.884217: | 66 fe 7f 02 89 3d af 8c 94 ea 4b 7e a1 d7 29 ee Sep 21 07:33:26.884219: | 69 9d 8c 75 b7 39 51 33 75 85 dc 69 1f 2b 3f 5f Sep 21 07:33:26.884222: | 42 94 b1 e5 bd b0 73 f5 99 fc 00 bc fc a1 7a d2 Sep 21 07:33:26.884224: | e7 7d 83 45 cc a3 21 8f 71 9e a2 5c 13 9b 37 93 Sep 21 07:33:26.884227: | 20 b9 91 1a 7b ae 57 0d c4 26 4a 89 f4 45 7c 26 Sep 21 07:33:26.884229: | 13 1a 75 71 dc f5 1d 3c 1f dc d6 d9 e2 16 0b 0d Sep 21 07:33:26.884231: | f8 7a 8f 6d 20 0b 48 4e d9 61 5f 3a 00 bb 57 49 Sep 21 07:33:26.884236: | 26 15 cb db 68 4a 99 07 9e 76 4e ad 1e d8 1f d8 Sep 21 07:33:26.884238: | 03 ec 71 69 84 02 e9 c7 e8 9c ca 13 53 6a 85 23 Sep 21 07:33:26.884241: | ab 28 51 2a aa c4 17 18 af 74 59 97 da f9 83 fe Sep 21 07:33:26.884243: | 97 40 3f e9 20 74 4a cf f4 66 27 9b b3 62 34 f5 Sep 21 07:33:26.884245: | 95 04 47 f7 c0 1d 69 56 d3 0c 75 19 77 42 8b 50 Sep 21 07:33:26.884248: | 5c d2 8e 31 51 62 a1 ce 94 c1 23 4d Sep 21 07:33:26.884253: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.884256: | **parse ISAKMP Message: Sep 21 07:33:26.884258: | initiator cookie: Sep 21 07:33:26.884260: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.884263: | responder cookie: Sep 21 07:33:26.884265: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884268: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.884270: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.884273: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.884275: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.884278: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.884280: | length: 460 (0x1cc) Sep 21 07:33:26.884283: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.884287: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) Sep 21 07:33:26.884293: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:26.884295: | #2 is idle Sep 21 07:33:26.884298: | #2 idle Sep 21 07:33:26.884301: | received encrypted packet from 192.1.2.23:500 Sep 21 07:33:26.884313: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:26.884316: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.884319: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.884321: | length: 36 (0x24) Sep 21 07:33:26.884324: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:26.884327: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.884329: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.884332: | length: 56 (0x38) Sep 21 07:33:26.884334: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.884337: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:26.884339: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.884342: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.884344: | length: 36 (0x24) Sep 21 07:33:26.884347: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.884349: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.884351: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.884354: | length: 260 (0x104) Sep 21 07:33:26.884357: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.884359: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.884362: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.884364: | length: 16 (0x10) Sep 21 07:33:26.884366: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.884369: | Protocol ID: 0 (0x0) Sep 21 07:33:26.884371: | port: 0 (0x0) Sep 21 07:33:26.884373: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.884376: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.884379: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.884381: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884383: | length: 16 (0x10) Sep 21 07:33:26.884386: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.884388: | Protocol ID: 0 (0x0) Sep 21 07:33:26.884390: | port: 0 (0x0) Sep 21 07:33:26.884393: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:33:26.884395: | removing 12 bytes of padding Sep 21 07:33:26.884416: | quick_inR1_outI2 HASH(2): Sep 21 07:33:26.884419: | 91 de 71 5b 1a 86 22 4e ea 6b 38 05 e4 8f eb 8c Sep 21 07:33:26.884421: | c9 0d 20 54 79 e7 6b 09 82 41 de 7a 05 45 56 b7 Sep 21 07:33:26.884425: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:33:26.884429: | ****parse IPsec DOI SIT: Sep 21 07:33:26.884432: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.884435: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.884437: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884439: | length: 44 (0x2c) Sep 21 07:33:26.884442: | proposal number: 0 (0x0) Sep 21 07:33:26.884444: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.884447: | SPI size: 4 (0x4) Sep 21 07:33:26.884449: | number of transforms: 1 (0x1) Sep 21 07:33:26.884452: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.884454: | SPI 9b 1d 50 1b Sep 21 07:33:26.884457: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.884459: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884462: | length: 32 (0x20) Sep 21 07:33:26.884464: | ESP transform number: 0 (0x0) Sep 21 07:33:26.884466: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.884470: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884472: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.884475: | length/value: 14 (0xe) Sep 21 07:33:26.884478: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.884481: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884483: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.884486: | length/value: 1 (0x1) Sep 21 07:33:26.884488: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.884491: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.884493: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884496: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.884498: | length/value: 1 (0x1) Sep 21 07:33:26.884501: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.884503: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884506: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.884508: | length/value: 28800 (0x7080) Sep 21 07:33:26.884511: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884513: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.884516: | length/value: 2 (0x2) Sep 21 07:33:26.884518: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.884521: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884523: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.884525: | length/value: 128 (0x80) Sep 21 07:33:26.884528: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.884546: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.884555: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.884565: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.884574: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.884577: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.884579: | no PreShared Key Found Sep 21 07:33:26.884583: | adding quick outI2 DH work-order 5 for state #2 Sep 21 07:33:26.884585: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.884588: | #2 STATE_QUICK_I1: retransmits: cleared Sep 21 07:33:26.884591: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:26.884596: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:26.884599: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:26.884602: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:26.884605: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:26.884612: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.884617: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.884620: | suspending state #2 and saving MD Sep 21 07:33:26.884621: | crypto helper 4 resuming Sep 21 07:33:26.884622: | #2 is busy; has a suspended MD Sep 21 07:33:26.884633: | crypto helper 4 starting work-order 5 for state #2 Sep 21 07:33:26.884637: | #2 spent 0.202 milliseconds in process_packet_tail() Sep 21 07:33:26.884639: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 Sep 21 07:33:26.884642: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.884646: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.884649: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.884653: | spent 0.48 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.884895: | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.884909: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.884912: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884914: | 08 10 20 01 f7 7e ec 5e 00 00 01 cc f5 c9 93 dd Sep 21 07:33:26.884916: | 28 9b 94 c8 b1 35 c6 d1 b6 7e 5a 09 24 bc a2 66 Sep 21 07:33:26.884919: | 13 2d 16 66 86 ad bb e9 fa 84 12 6e 89 ec 01 41 Sep 21 07:33:26.884921: | 4a 26 cb 97 b2 a2 01 43 8b 25 f0 f3 50 e6 4b 84 Sep 21 07:33:26.884923: | 29 fa 9f 72 09 ee f6 1a 26 f4 76 a5 9e 1f fa 43 Sep 21 07:33:26.884925: | ea a9 01 c5 43 a7 90 31 18 34 6d 4d 84 ee 15 1e Sep 21 07:33:26.884928: | 63 6f 82 d0 76 b6 f8 f8 62 a2 50 8d 77 60 a6 85 Sep 21 07:33:26.884930: | dc 74 0e 96 b9 be 55 5f 78 6b 09 84 c0 f2 41 2b Sep 21 07:33:26.884932: | 46 79 30 6e 95 af 6e 5d 8e d3 2f 27 a7 61 d6 60 Sep 21 07:33:26.884934: | b2 0e fd 4d 52 99 21 aa 65 22 19 a7 d5 e9 7c 17 Sep 21 07:33:26.884937: | 98 09 02 0b f4 8c 33 e5 c5 74 d6 2b ea 69 87 8a Sep 21 07:33:26.884939: | cd 7e 6d 5b 62 53 93 4d c6 5d c3 da d2 2f f7 50 Sep 21 07:33:26.884941: | 85 b7 ac d8 63 31 78 07 d0 52 2c d8 77 8e c2 d2 Sep 21 07:33:26.884943: | 18 a6 5b c4 6e 3f 9b 95 25 84 d7 75 a0 4c dd f4 Sep 21 07:33:26.884945: | 70 59 39 12 20 ad e7 65 df 2c 38 ff 98 28 31 a8 Sep 21 07:33:26.884948: | f9 f7 48 52 f3 ea 3d 8c 17 ca 8c c1 b8 90 e3 02 Sep 21 07:33:26.884950: | d9 0e c3 ab a7 bd 04 8d fa 88 d6 67 25 29 21 e2 Sep 21 07:33:26.884952: | c7 f0 2f f9 c8 5f b3 85 bd 98 ca 65 02 95 2d e5 Sep 21 07:33:26.884954: | de 80 1b 37 de 27 07 ce c0 67 9a c5 09 83 6b 25 Sep 21 07:33:26.884957: | f6 44 9e 22 82 41 72 b1 5c e9 a8 0f 3e 86 fd dd Sep 21 07:33:26.884959: | 53 29 85 91 39 ed 5c 1c 1f 0b c8 a4 9c 9e f2 d2 Sep 21 07:33:26.884961: | c2 73 78 cd e3 32 10 fd fd 75 8d 4b 47 20 6a be Sep 21 07:33:26.884963: | 98 6a 44 ac 41 b8 1e 89 2a 27 f5 60 57 a4 f4 0e Sep 21 07:33:26.884966: | 35 12 89 ff 3e 68 33 d1 9f 47 6c d5 81 0d 2c 75 Sep 21 07:33:26.884968: | 4e e2 24 a8 23 d9 97 cf 72 84 9e 0f d3 e8 d0 66 Sep 21 07:33:26.884970: | 21 28 2d 39 1f 61 dc 30 82 6c f8 9f 51 db 80 45 Sep 21 07:33:26.884973: | ea f0 60 e5 a6 55 3e 26 7e a7 41 3d 66 ea 90 65 Sep 21 07:33:26.884975: | be ad 23 77 97 d9 ce 24 72 e2 60 80 Sep 21 07:33:26.884979: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.884982: | **parse ISAKMP Message: Sep 21 07:33:26.884984: | initiator cookie: Sep 21 07:33:26.884988: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.884990: | responder cookie: Sep 21 07:33:26.884993: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884995: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.884998: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.885000: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.885003: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.885005: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.885008: | length: 460 (0x1cc) Sep 21 07:33:26.885010: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.885014: | State DB: found IKEv1 state #3 in QUICK_I1 (find_state_ikev1) Sep 21 07:33:26.885018: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:26.885021: | #3 is idle Sep 21 07:33:26.885023: | #3 idle Sep 21 07:33:26.885026: | received encrypted packet from 192.1.2.23:500 Sep 21 07:33:26.885036: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:26.885039: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.885041: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.885043: | length: 36 (0x24) Sep 21 07:33:26.885046: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:26.885049: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.885051: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.885053: | length: 56 (0x38) Sep 21 07:33:26.885055: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.885058: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:26.885060: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.885063: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.885065: | length: 36 (0x24) Sep 21 07:33:26.885068: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.885070: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.885072: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.885074: | length: 260 (0x104) Sep 21 07:33:26.885077: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.885080: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.885082: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.885084: | length: 16 (0x10) Sep 21 07:33:26.885087: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.885089: | Protocol ID: 0 (0x0) Sep 21 07:33:26.885091: | port: 0 (0x0) Sep 21 07:33:26.885093: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.885096: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.885098: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.885101: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.885103: | length: 16 (0x10) Sep 21 07:33:26.885106: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.885108: | Protocol ID: 0 (0x0) Sep 21 07:33:26.885110: | port: 0 (0x0) Sep 21 07:33:26.885112: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:33:26.885114: | removing 12 bytes of padding Sep 21 07:33:26.885134: | quick_inR1_outI2 HASH(2): Sep 21 07:33:26.885137: | 8a 6a 93 7f 58 99 26 04 1f f2 22 ab fb 7a f2 6b Sep 21 07:33:26.885139: | ab d5 4f 84 84 9f e8 ff 5a eb 4a 90 8c 9e 35 27 Sep 21 07:33:26.885142: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:33:26.885145: | ****parse IPsec DOI SIT: Sep 21 07:33:26.885147: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.885150: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.885152: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.885154: | length: 44 (0x2c) Sep 21 07:33:26.885157: | proposal number: 0 (0x0) Sep 21 07:33:26.885159: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.885162: | SPI size: 4 (0x4) Sep 21 07:33:26.885164: | number of transforms: 1 (0x1) Sep 21 07:33:26.885167: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.885170: | SPI 24 fe 65 a2 Sep 21 07:33:26.885173: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.885176: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.885178: | length: 32 (0x20) Sep 21 07:33:26.885180: | ESP transform number: 0 (0x0) Sep 21 07:33:26.885182: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.885185: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885188: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.885190: | length/value: 14 (0xe) Sep 21 07:33:26.885192: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.885195: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885197: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.885199: | length/value: 1 (0x1) Sep 21 07:33:26.885202: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.885204: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.885207: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885209: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.885212: | length/value: 1 (0x1) Sep 21 07:33:26.885214: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.885216: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885219: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.885221: | length/value: 28800 (0x7080) Sep 21 07:33:26.885223: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885226: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.885228: | length/value: 2 (0x2) Sep 21 07:33:26.885230: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.885233: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.885235: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.885238: | length/value: 128 (0x80) Sep 21 07:33:26.885240: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.885256: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.885265: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.885274: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.885283: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.885286: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.885288: | no PreShared Key Found Sep 21 07:33:26.885292: | adding quick outI2 DH work-order 6 for state #3 Sep 21 07:33:26.885294: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.885297: | #3 STATE_QUICK_I1: retransmits: cleared Sep 21 07:33:26.885300: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:26.885302: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db45958c0 Sep 21 07:33:26.885305: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:26.885308: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:33:26.885311: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:26.885317: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.885322: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.885323: | crypto helper 6 resuming Sep 21 07:33:26.885325: | suspending state #3 and saving MD Sep 21 07:33:26.885333: | crypto helper 6 starting work-order 6 for state #3 Sep 21 07:33:26.885340: | #3 is busy; has a suspended MD Sep 21 07:33:26.885345: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 Sep 21 07:33:26.885350: | #3 spent 0.198 milliseconds in process_packet_tail() Sep 21 07:33:26.885355: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.885359: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.885362: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.885365: | spent 0.457 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.885581: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 time elapsed 0.000942 seconds Sep 21 07:33:26.885588: | (#2) spent 0.943 milliseconds in crypto helper computing work-order 5: quick outI2 DH (pcr) Sep 21 07:33:26.885591: | crypto helper 4 sending results from work-order 5 for state #2 to event queue Sep 21 07:33:26.885594: | scheduling resume sending helper answer for #2 Sep 21 07:33:26.885597: | libevent_malloc: new ptr-libevent@0x7f0dbc001ef0 size 128 Sep 21 07:33:26.885604: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:26.885609: | processing resume sending helper answer for #2 Sep 21 07:33:26.885615: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.885619: | crypto helper 4 replies to request ID 5 Sep 21 07:33:26.885621: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.885624: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH Sep 21 07:33:26.885628: | **emit ISAKMP Message: Sep 21 07:33:26.885631: | initiator cookie: Sep 21 07:33:26.885633: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.885635: | responder cookie: Sep 21 07:33:26.885637: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.885640: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.885642: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.885644: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.885647: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.885649: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.885652: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.885655: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.885658: | ID address c0 00 03 00 Sep 21 07:33:26.885660: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.885662: | ID mask ff ff ff 00 Sep 21 07:33:26.885666: | our client is subnet 192.0.3.0/24 Sep 21 07:33:26.885669: | our client protocol/port is 0/0 Sep 21 07:33:26.885672: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.885674: | ID address c0 00 02 00 Sep 21 07:33:26.885676: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.885679: | ID mask ff ff ff 00 Sep 21 07:33:26.885682: | peer client is subnet 192.0.2.0/24 Sep 21 07:33:26.885684: | peer client protocol/port is 0/0 Sep 21 07:33:26.885687: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.885689: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.885692: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.885695: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.885698: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.885700: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.885719: | quick_inR1_outI2 HASH(3): Sep 21 07:33:26.885722: | de c2 0e dd f3 3b 64 53 15 06 5c ef cc c0 f4 63 Sep 21 07:33:26.885724: | 40 57 43 6d 61 38 17 0a 64 8b b0 67 63 a1 22 16 Sep 21 07:33:26.885728: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:26.885731: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:26.885835: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:33:26.885841: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Sep 21 07:33:26.885844: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.885847: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.885850: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.885853: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.885855: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.885860: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.885863: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.885866: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.885869: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.885873: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.885876: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:33:26.885879: | netlink: enabling tunnel mode Sep 21 07:33:26.885881: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.885882: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 time elapsed 0.000538 seconds Sep 21 07:33:26.885884: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.885891: | (#3) spent 0.541 milliseconds in crypto helper computing work-order 6: quick outI2 DH (pcr) Sep 21 07:33:26.885898: | crypto helper 6 sending results from work-order 6 for state #3 to event queue Sep 21 07:33:26.885900: | scheduling resume sending helper answer for #3 Sep 21 07:33:26.885902: | libevent_malloc: new ptr-libevent@0x7f0db0001ef0 size 128 Sep 21 07:33:26.885906: | crypto helper 6 waiting (nothing to do) Sep 21 07:33:26.885946: | netlink response for Add SA esp.9b1d501b@192.1.2.23 included non-error error Sep 21 07:33:26.885951: | set up outgoing SA, ref=0/0 Sep 21 07:33:26.885953: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.885956: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.885959: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.885962: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.885965: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:33:26.885967: | netlink: enabling tunnel mode Sep 21 07:33:26.885970: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.885972: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.886024: | netlink response for Add SA esp.6c96bd25@192.1.3.33 included non-error error Sep 21 07:33:26.886027: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:33:26.886049: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:26.886052: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.886092: | raw_eroute result=success Sep 21 07:33:26.886095: | set up incoming SA, ref=0/0 Sep 21 07:33:26.886097: | sr for #2: unrouted Sep 21 07:33:26.886100: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:26.886102: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.886105: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.886107: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.886110: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.886113: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.886116: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.886119: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:33:26.886137: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:33:26.886143: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:33:26.886146: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.886167: | raw_eroute result=success Sep 21 07:33:26.886170: | running updown command "ipsec _updown" for verb up Sep 21 07:33:26.886185: | command executing up-client Sep 21 07:33:26.886219: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.886227: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.886246: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Sep 21 07:33:26.886250: | popen cmd is 1398 chars long Sep 21 07:33:26.886253: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Sep 21 07:33:26.886255: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:33:26.886258: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:33:26.886260: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:33:26.886263: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:33:26.886265: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:33:26.886268: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:33:26.886270: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:33:26.886273: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Sep 21 07:33:26.886275: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:33:26.886278: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Sep 21 07:33:26.886280: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Sep 21 07:33:26.886283: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Sep 21 07:33:26.886285: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Sep 21 07:33:26.886288: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Sep 21 07:33:26.886290: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Sep 21 07:33:26.886293: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9b1d501b: Sep 21 07:33:26.886295: | cmd(1360): SPI_OUT=0x6c96bd25 ipsec _updown 2>&1: Sep 21 07:33:26.896022: | route_and_eroute: firewall_notified: true Sep 21 07:33:26.896036: | running updown command "ipsec _updown" for verb prepare Sep 21 07:33:26.896039: | command executing prepare-client Sep 21 07:33:26.896074: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.896082: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.896102: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:33:26.896105: | popen cmd is 1403 chars long Sep 21 07:33:26.896108: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Sep 21 07:33:26.896111: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:33:26.896114: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Sep 21 07:33:26.896116: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:33:26.896119: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:33:26.896121: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP': Sep 21 07:33:26.896123: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Sep 21 07:33:26.896126: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Sep 21 07:33:26.896128: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:33:26.896131: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:33:26.896133: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Sep 21 07:33:26.896136: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Sep 21 07:33:26.896138: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Sep 21 07:33:26.896140: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:33:26.896143: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:33:26.896145: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:33:26.896148: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9b1: Sep 21 07:33:26.896150: | cmd(1360):d501b SPI_OUT=0x6c96bd25 ipsec _updown 2>&1: Sep 21 07:33:26.902848: | running updown command "ipsec _updown" for verb route Sep 21 07:33:26.902860: | command executing route-client Sep 21 07:33:26.902882: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.902887: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.902905: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS Sep 21 07:33:26.902907: | popen cmd is 1401 chars long Sep 21 07:33:26.902909: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' P: Sep 21 07:33:26.902911: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Sep 21 07:33:26.902912: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Sep 21 07:33:26.902914: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Sep 21 07:33:26.902916: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Sep 21 07:33:26.902917: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' P: Sep 21 07:33:26.902919: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Sep 21 07:33:26.902920: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Sep 21 07:33:26.902922: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:33:26.902923: | cmd( 720):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:33:26.902925: | cmd( 800):O_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libr: Sep 21 07:33:26.902926: | cmd( 880):eswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_AD: Sep 21 07:33:26.902928: | cmd( 960):DTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRAC: Sep 21 07:33:26.902930: | cmd(1040):K+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='i: Sep 21 07:33:26.902931: | cmd(1120):pv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: Sep 21 07:33:26.902933: | cmd(1200):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUT: Sep 21 07:33:26.902934: | cmd(1280):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9b1d5: Sep 21 07:33:26.902936: | cmd(1360):01b SPI_OUT=0x6c96bd25 ipsec _updown 2>&1: Sep 21 07:33:26.914309: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x557db4591650,sr=0x557db4591650} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:26.914389: | #1 spent 1.02 milliseconds in install_ipsec_sa() Sep 21 07:33:26.914395: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.914396: | no IKEv1 message padding required Sep 21 07:33:26.914398: | emitting length of ISAKMP Message: 76 Sep 21 07:33:26.914434: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:33:26.914440: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:26.914444: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:33:26.914448: | event_schedule: new EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:26.914453: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:26.914460: | libevent_malloc: new ptr-libevent@0x557db45bcb80 size 128 Sep 21 07:33:26.914466: | complete v1 state transition with STF_OK Sep 21 07:33:26.914473: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.914476: | #2 is idle Sep 21 07:33:26.914480: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.914483: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:33:26.914488: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:33:26.914491: | event_already_set, deleting event Sep 21 07:33:26.914494: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.914499: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:26.914502: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:26.914506: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.914511: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Sep 21 07:33:26.914513: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.914515: | 08 10 20 01 ea 1e 6c f8 00 00 00 4c 4e c2 5d f8 Sep 21 07:33:26.914516: | 28 60 ce e3 31 e2 53 95 66 be d3 f1 fe 44 79 bf Sep 21 07:33:26.914517: | 23 35 3b 0e 61 2e 7e a2 0f ae 53 38 9f 7f 10 1e Sep 21 07:33:26.914519: | 9a a8 73 a0 5d f7 15 f9 f3 7b 91 b1 Sep 21 07:33:26.914573: | !event_already_set at reschedule Sep 21 07:33:26.914589: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db4595380 Sep 21 07:33:26.914592: | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #2 Sep 21 07:33:26.914594: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:26.914596: | pstats #2 ikev1.ipsec established Sep 21 07:33:26.914599: | NAT-T: encaps is 'auto' Sep 21 07:33:26.914606: "north-dpd/0x1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x9b1d501b <0x6c96bd25 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:33:26.914618: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.914621: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.914625: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:33:26.914629: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:26.914635: | #2 spent 1.44 milliseconds in resume sending helper answer Sep 21 07:33:26.914640: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.914644: | libevent_free: release ptr-libevent@0x7f0dbc001ef0 Sep 21 07:33:26.914655: | processing resume sending helper answer for #3 Sep 21 07:33:26.914660: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.914664: | crypto helper 6 replies to request ID 6 Sep 21 07:33:26.914667: | calling continuation function 0x557db2ef5630 Sep 21 07:33:26.914670: | quick_inR1_outI2_continue for #3: calculated ke+nonce, calculating DH Sep 21 07:33:26.914675: | **emit ISAKMP Message: Sep 21 07:33:26.914677: | initiator cookie: Sep 21 07:33:26.914679: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.914682: | responder cookie: Sep 21 07:33:26.914684: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.914687: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.914689: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.914692: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.914695: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.914698: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.914700: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.914705: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.914707: | ID address c0 00 03 00 Sep 21 07:33:26.914712: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.914715: | ID mask ff ff ff 00 Sep 21 07:33:26.914719: | our client is subnet 192.0.3.0/24 Sep 21 07:33:26.914722: | our client protocol/port is 0/0 Sep 21 07:33:26.914725: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.914727: | ID address c0 00 16 00 Sep 21 07:33:26.914730: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.914732: | ID mask ff ff ff 00 Sep 21 07:33:26.914735: | peer client is subnet 192.0.22.0/24 Sep 21 07:33:26.914738: | peer client protocol/port is 0/0 Sep 21 07:33:26.914741: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.914743: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.914746: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.914749: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.914753: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.914755: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.914778: | quick_inR1_outI2 HASH(3): Sep 21 07:33:26.914782: | c8 b5 c9 f1 1a ec 43 ce 85 29 80 1e 96 f5 68 c4 Sep 21 07:33:26.914794: | 8d ae 3e 17 66 36 73 fa 8f f7 b6 65 8a c7 2b f8 Sep 21 07:33:26.914797: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:26.914799: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:26.914934: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:33:26.914939: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Sep 21 07:33:26.914942: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.914945: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914948: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914951: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914953: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914957: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.914961: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.914964: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.914967: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.914971: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.914974: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:33:26.914977: | netlink: enabling tunnel mode Sep 21 07:33:26.914980: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.914983: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.915079: | netlink response for Add SA esp.24fe65a2@192.1.2.23 included non-error error Sep 21 07:33:26.915084: | set up outgoing SA, ref=0/0 Sep 21 07:33:26.915087: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.915090: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.915092: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.915096: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.915098: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:33:26.915101: | netlink: enabling tunnel mode Sep 21 07:33:26.915103: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.915106: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.915172: | netlink response for Add SA esp.3ca7fee2@192.1.3.33 included non-error error Sep 21 07:33:26.915191: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:33:26.915198: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:26.915204: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.915252: | raw_eroute result=success Sep 21 07:33:26.915256: | set up incoming SA, ref=0/0 Sep 21 07:33:26.915259: | sr for #3: unrouted Sep 21 07:33:26.915261: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:26.915264: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.915267: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.915269: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.915272: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.915278: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.915282: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.915286: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:33:26.915289: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:33:26.915296: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:33:26.915299: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.915368: | raw_eroute result=success Sep 21 07:33:26.915374: | running updown command "ipsec _updown" for verb up Sep 21 07:33:26.915376: | command executing up-client Sep 21 07:33:26.915408: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.915418: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.915439: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Sep 21 07:33:26.915443: | popen cmd is 1400 chars long Sep 21 07:33:26.915446: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Sep 21 07:33:26.915449: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:33:26.915451: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:33:26.915453: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:33:26.915455: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:33:26.915456: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:33:26.915458: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:33:26.915460: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:33:26.915461: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Sep 21 07:33:26.915463: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:33:26.915464: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:33:26.915468: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:33:26.915469: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Sep 21 07:33:26.915471: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Sep 21 07:33:26.915473: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Sep 21 07:33:26.915474: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Sep 21 07:33:26.915476: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x24fe65: Sep 21 07:33:26.915477: | cmd(1360):a2 SPI_OUT=0x3ca7fee2 ipsec _updown 2>&1: Sep 21 07:33:26.925395: | route_and_eroute: firewall_notified: true Sep 21 07:33:26.925420: | running updown command "ipsec _updown" for verb prepare Sep 21 07:33:26.925423: | command executing prepare-client Sep 21 07:33:26.925458: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.925467: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.925487: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY Sep 21 07:33:26.925490: | popen cmd is 1405 chars long Sep 21 07:33:26.925493: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Sep 21 07:33:26.925496: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:33:26.925498: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Sep 21 07:33:26.925501: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:33:26.925503: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:33:26.925520: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP': Sep 21 07:33:26.925523: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Sep 21 07:33:26.925525: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Sep 21 07:33:26.925528: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLU: Sep 21 07:33:26.925530: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:33:26.925533: | cmd( 800):PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Sep 21 07:33:26.925535: | cmd( 880):Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUT: Sep 21 07:33:26.925538: | cmd( 960):O_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_: Sep 21 07:33:26.925540: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Sep 21 07:33:26.925546: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Sep 21 07:33:26.925548: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Sep 21 07:33:26.925551: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2: Sep 21 07:33:26.925553: | cmd(1360):4fe65a2 SPI_OUT=0x3ca7fee2 ipsec _updown 2>&1: Sep 21 07:33:26.933634: | running updown command "ipsec _updown" for verb route Sep 21 07:33:26.933648: | command executing route-client Sep 21 07:33:26.933687: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.933696: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.933718: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:33:26.933721: | popen cmd is 1403 chars long Sep 21 07:33:26.933724: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' P: Sep 21 07:33:26.933727: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Sep 21 07:33:26.933729: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Sep 21 07:33:26.933732: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Sep 21 07:33:26.933734: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Sep 21 07:33:26.933736: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' P: Sep 21 07:33:26.933739: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Sep 21 07:33:26.933741: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Sep 21 07:33:26.933744: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO: Sep 21 07:33:26.933747: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:33:26.933750: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Sep 21 07:33:26.933752: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Sep 21 07:33:26.933755: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Sep 21 07:33:26.933757: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:33:26.933760: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:33:26.933762: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:33:26.933764: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x24f: Sep 21 07:33:26.933767: | cmd(1360):e65a2 SPI_OUT=0x3ca7fee2 ipsec _updown 2>&1: Sep 21 07:33:26.945994: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x557db459ac80,sr=0x557db459ac80} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:26.946067: | #1 spent 1.06 milliseconds in install_ipsec_sa() Sep 21 07:33:26.946073: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.946077: | no IKEv1 message padding required Sep 21 07:33:26.946079: | emitting length of ISAKMP Message: 76 Sep 21 07:33:26.946119: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:33:26.946123: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:26.946141: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:33:26.946144: | event_schedule: new EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:26.946148: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Sep 21 07:33:26.946152: | libevent_malloc: new ptr-libevent@0x7f0dbc001ef0 size 128 Sep 21 07:33:26.946157: | complete v1 state transition with STF_OK Sep 21 07:33:26.946163: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.946166: | #3 is idle Sep 21 07:33:26.946168: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.946171: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:33:26.946175: | child state #3: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:33:26.946178: | event_already_set, deleting event Sep 21 07:33:26.946181: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.946184: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:26.946187: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:26.946193: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.946200: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:26.946203: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.946205: | 08 10 20 01 f7 7e ec 5e 00 00 00 4c 47 27 24 92 Sep 21 07:33:26.946207: | 27 9b f3 65 81 e4 04 d8 da 8c 7f 85 c4 4f e0 ee Sep 21 07:33:26.946210: | 4f 3b b8 da bc 29 bc 8e 9d bb 9e 95 3c c9 89 7d Sep 21 07:33:26.946212: | fb 91 a9 64 63 5a 65 39 8c bd 4f 6a Sep 21 07:33:26.946273: | !event_already_set at reschedule Sep 21 07:33:26.946279: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db45958c0 Sep 21 07:33:26.946282: | inserting event EVENT_SA_REPLACE, timeout in 27838 seconds for #3 Sep 21 07:33:26.946285: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:26.946288: | pstats #3 ikev1.ipsec established Sep 21 07:33:26.946292: | NAT-T: encaps is 'auto' Sep 21 07:33:26.946297: "north-dpd/0x2" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x24fe65a2 <0x3ca7fee2 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:33:26.946308: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.946311: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.946317: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:33:26.946321: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:33:26.946326: | #3 spent 1.54 milliseconds in resume sending helper answer Sep 21 07:33:26.946332: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.946335: | libevent_free: release ptr-libevent@0x7f0db0001ef0 Sep 21 07:33:26.946338: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946343: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946347: | spent 0.00462 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946349: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946352: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946356: | spent 0.00332 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946361: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946364: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946367: | spent 0.00331 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946377: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946381: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946384: | spent 0.00343 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946386: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946389: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946392: | spent 0.00324 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946394: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.946398: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.946402: | spent 0.00371 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:27.009626: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:27.009827: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:33:27.009833: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:33:27.009944: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:33:27.009947: | FOR_EACH_STATE_... in sort_states Sep 21 07:33:27.009953: | get_sa_info esp.6c96bd25@192.1.3.33 Sep 21 07:33:27.009968: | get_sa_info esp.9b1d501b@192.1.2.23 Sep 21 07:33:27.009981: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:27.009987: | get_sa_info esp.24fe65a2@192.1.2.23 Sep 21 07:33:27.010001: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:27.010006: | spent 0.384 milliseconds in whack Sep 21 07:33:29.257601: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:29.257623: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:33:29.257628: | FOR_EACH_STATE_... in sort_states Sep 21 07:33:29.257637: | get_sa_info esp.6c96bd25@192.1.3.33 Sep 21 07:33:29.257656: | get_sa_info esp.9b1d501b@192.1.2.23 Sep 21 07:33:29.257679: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:29.257688: | get_sa_info esp.24fe65a2@192.1.2.23 Sep 21 07:33:29.257706: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:29.257714: | spent 0.124 milliseconds in whack Sep 21 07:33:29.361982: | kernel_process_msg_cb process netlink message Sep 21 07:33:29.361999: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:33:29.362005: | spent 0.00741 milliseconds in kernel message Sep 21 07:33:29.885575: | timer_event_cb: processing event@0x7f0db8005860 Sep 21 07:33:29.885592: | handling event EVENT_DPD for child state #2 Sep 21 07:33:29.885598: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:29.885602: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:29.885604: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:29.885608: | DPD: no need to send or schedule DPD for replaced IPsec SA Sep 21 07:33:29.885611: | libevent_free: release ptr-libevent@0x557db45bcb80 Sep 21 07:33:29.885613: | free_event_entry: release EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:29.885618: | #2 spent 0.0456 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:29.885621: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:29.914696: | timer_event_cb: processing event@0x7f0dc40041c0 Sep 21 07:33:29.914708: | handling event EVENT_DPD for child state #3 Sep 21 07:33:29.914714: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:29.914718: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:29.914720: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:29.914724: | DPD: processing for state #3 ("north-dpd/0x2") Sep 21 07:33:29.914730: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:29.914742: | event_schedule: new EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:29.914745: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Sep 21 07:33:29.914747: | libevent_malloc: new ptr-libevent@0x557db45bcb80 size 128 Sep 21 07:33:29.914757: | DPD: scheduling timeout to 10 Sep 21 07:33:29.914758: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x557db4596910 Sep 21 07:33:29.914761: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:33:29.914763: | libevent_malloc: new ptr-libevent@0x7f0db0001ef0 size 128 Sep 21 07:33:29.914765: | DPD: sending R_U_THERE 11117 to 192.1.2.23:500 (state #1) Sep 21 07:33:29.914773: | **emit ISAKMP Message: Sep 21 07:33:29.914775: | initiator cookie: Sep 21 07:33:29.914776: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:29.914778: | responder cookie: Sep 21 07:33:29.914779: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:29.914781: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:29.914789: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:29.914797: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:29.914800: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:29.914803: | Message ID: 3518559147 (0xd1b8f3ab) Sep 21 07:33:29.914805: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:29.914808: | ***emit ISAKMP Hash Payload: Sep 21 07:33:29.914811: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:29.914813: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:29.914816: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:29.914819: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:29.914821: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:29.914838: | ***emit ISAKMP Notification Payload: Sep 21 07:33:29.914847: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:29.914850: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:29.914853: | protocol ID: 1 (0x1) Sep 21 07:33:29.914855: | SPI size: 16 (0x10) Sep 21 07:33:29.914858: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:29.914861: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:29.914863: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:29.914866: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:29.914867: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:29.914869: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:29.914871: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:33:29.914872: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:29.914874: | notify data 00 00 2b 6d Sep 21 07:33:29.914875: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:29.914901: | notification HASH(1): Sep 21 07:33:29.914902: | 87 17 e0 00 43 4a 9b 82 2a 64 a3 0d 18 ab f2 18 Sep 21 07:33:29.914904: | 75 e8 78 58 25 ee 23 d6 a4 89 62 8c c2 c3 59 cb Sep 21 07:33:29.914911: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:29.914912: | no IKEv1 message padding required Sep 21 07:33:29.914914: | emitting length of ISAKMP Message: 108 Sep 21 07:33:29.914925: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:29.914926: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:29.914928: | 08 10 05 01 d1 b8 f3 ab 00 00 00 6c 0b a5 7b 4f Sep 21 07:33:29.914929: | ba 06 2a 1d d0 d3 2d 83 c9 c7 fe de ed 62 a3 28 Sep 21 07:33:29.914931: | 55 76 22 b0 92 29 04 5a 4c df 6a 66 84 b3 d9 21 Sep 21 07:33:29.914932: | 8d 6b fc ad 72 3f cc d4 6a 74 30 42 e4 cc c1 a7 Sep 21 07:33:29.914936: | 90 36 fa 5f 43 c2 49 47 c7 71 75 90 0e 64 68 ff Sep 21 07:33:29.914937: | a3 93 09 38 fa e3 7a 9d 75 bf 39 87 Sep 21 07:33:29.914947: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:29.914950: | libevent_free: release ptr-libevent@0x7f0dbc001ef0 Sep 21 07:33:29.914952: | free_event_entry: release EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:29.914958: | #3 spent 0.246 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:29.914961: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:32.917841: | timer_event_cb: processing event@0x7f0db8005860 Sep 21 07:33:32.917866: | handling event EVENT_DPD for child state #3 Sep 21 07:33:32.917872: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:32.917876: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:32.917877: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:32.917881: | DPD: processing for state #3 ("north-dpd/0x2") Sep 21 07:33:32.917885: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:32.917898: | event_schedule: new EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:32.917901: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Sep 21 07:33:32.917903: | libevent_malloc: new ptr-libevent@0x7f0dbc001ef0 size 128 Sep 21 07:33:32.917907: | DPD: sending R_U_THERE 11118 to 192.1.2.23:500 (state #1) Sep 21 07:33:32.917916: | **emit ISAKMP Message: Sep 21 07:33:32.917918: | initiator cookie: Sep 21 07:33:32.917920: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:32.917921: | responder cookie: Sep 21 07:33:32.917923: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:32.917925: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:32.917926: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:32.917928: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:32.917931: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:32.917932: | Message ID: 3566308745 (0xd4918d89) Sep 21 07:33:32.917934: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:32.917936: | ***emit ISAKMP Hash Payload: Sep 21 07:33:32.917938: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:32.917940: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:32.917941: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:32.917943: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:32.917945: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:32.917946: | ***emit ISAKMP Notification Payload: Sep 21 07:33:32.917948: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:32.917950: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:32.917951: | protocol ID: 1 (0x1) Sep 21 07:33:32.917953: | SPI size: 16 (0x10) Sep 21 07:33:32.917954: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:32.917956: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:32.917958: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:32.917960: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:32.917961: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:32.917963: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:32.917964: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:33:32.917966: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:32.917967: | notify data 00 00 2b 6e Sep 21 07:33:32.917969: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:32.917993: | notification HASH(1): Sep 21 07:33:32.917995: | 19 b2 d8 db 3d 43 27 bf 3d f6 d0 6a 9c 66 91 07 Sep 21 07:33:32.917997: | 80 9e 55 b1 77 1b c1 70 f3 3d a4 e7 ae ec 42 61 Sep 21 07:33:32.918002: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:32.918004: | no IKEv1 message padding required Sep 21 07:33:32.918006: | emitting length of ISAKMP Message: 108 Sep 21 07:33:32.918014: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:32.918016: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:32.918018: | 08 10 05 01 d4 91 8d 89 00 00 00 6c 61 fd 96 73 Sep 21 07:33:32.918019: | 02 c3 75 10 b5 40 df e3 d6 74 55 ca 27 0c 41 8b Sep 21 07:33:32.918020: | 0d 46 1c 2b 22 4f 9d 3f 0f 87 36 1c 9c 92 76 59 Sep 21 07:33:32.918022: | d8 b1 f1 67 9e f6 c9 5f a0 d9 89 87 32 71 3f 8b Sep 21 07:33:32.918023: | e2 8d d2 5c 1a 2c a6 b6 e1 a6 f6 1a 30 64 fe 2e Sep 21 07:33:32.918024: | 14 92 0b 60 a4 5c 0c 5a a5 c5 2e 3b Sep 21 07:33:32.918294: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:32.918298: | libevent_free: release ptr-libevent@0x557db45bcb80 Sep 21 07:33:32.918300: | free_event_entry: release EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:32.918306: | #3 spent 0.466 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:32.918309: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:35.920806: | timer_event_cb: processing event@0x7f0dc40041c0 Sep 21 07:33:35.920824: | handling event EVENT_DPD for child state #3 Sep 21 07:33:35.920833: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:35.920840: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:35.920843: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:35.920847: | DPD: processing for state #3 ("north-dpd/0x2") Sep 21 07:33:35.920853: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:35.920872: | event_schedule: new EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:35.920876: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Sep 21 07:33:35.920879: | libevent_malloc: new ptr-libevent@0x557db45bcb80 size 128 Sep 21 07:33:35.920885: | DPD: sending R_U_THERE 11119 to 192.1.2.23:500 (state #1) Sep 21 07:33:35.920899: | **emit ISAKMP Message: Sep 21 07:33:35.920902: | initiator cookie: Sep 21 07:33:35.920904: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:35.920907: | responder cookie: Sep 21 07:33:35.920909: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:35.920912: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:35.920915: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:35.920918: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:35.920922: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:35.920925: | Message ID: 1887777680 (0x70853390) Sep 21 07:33:35.920928: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:35.920932: | ***emit ISAKMP Hash Payload: Sep 21 07:33:35.920935: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:35.920938: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:35.920941: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:35.920944: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:35.920947: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:35.920950: | ***emit ISAKMP Notification Payload: Sep 21 07:33:35.920952: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:35.920955: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:35.920957: | protocol ID: 1 (0x1) Sep 21 07:33:35.920960: | SPI size: 16 (0x10) Sep 21 07:33:35.920967: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:35.920970: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:35.920973: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:35.920977: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:35.920979: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:35.920982: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:35.920985: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:33:35.920988: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:35.920990: | notify data 00 00 2b 6f Sep 21 07:33:35.920993: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:35.921025: | notification HASH(1): Sep 21 07:33:35.921028: | 63 a8 d9 db 35 58 b1 66 da f6 d6 68 b6 87 47 29 Sep 21 07:33:35.921031: | 81 8d 25 32 96 cc 24 c8 44 70 8b 0f 28 cc 2b ca Sep 21 07:33:35.921040: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:35.921043: | no IKEv1 message padding required Sep 21 07:33:35.921046: | emitting length of ISAKMP Message: 108 Sep 21 07:33:35.921061: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:35.921064: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:35.921067: | 08 10 05 01 70 85 33 90 00 00 00 6c 36 7c d3 43 Sep 21 07:33:35.921069: | c8 c1 0c 93 28 63 12 fe 0a 66 d5 4f 34 2b 23 3d Sep 21 07:33:35.921072: | 21 d3 21 7b 33 95 d8 8a fd 34 f7 cd d1 8e 01 89 Sep 21 07:33:35.921074: | 01 ae 4a a2 03 67 91 61 23 ea 81 20 80 7f 60 1c Sep 21 07:33:35.921076: | 46 03 ba 58 8a 29 01 42 b3 28 07 90 d0 fe 22 84 Sep 21 07:33:35.921079: | 8f 36 42 b5 2f c5 05 d6 7b a9 6e 66 Sep 21 07:33:35.921093: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:35.921098: | libevent_free: release ptr-libevent@0x7f0dbc001ef0 Sep 21 07:33:35.921101: | free_event_entry: release EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:35.921109: | #3 spent 0.304 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:35.921114: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:38.923820: | timer_event_cb: processing event@0x7f0db8005860 Sep 21 07:33:38.923835: | handling event EVENT_DPD for child state #3 Sep 21 07:33:38.923856: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:38.923863: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:38.923866: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:38.923870: | DPD: processing for state #3 ("north-dpd/0x2") Sep 21 07:33:38.923877: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:38.923893: | event_schedule: new EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:38.923897: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Sep 21 07:33:38.923901: | libevent_malloc: new ptr-libevent@0x7f0dbc001ef0 size 128 Sep 21 07:33:38.923906: | DPD: sending R_U_THERE 11120 to 192.1.2.23:500 (state #1) Sep 21 07:33:38.923917: | **emit ISAKMP Message: Sep 21 07:33:38.923920: | initiator cookie: Sep 21 07:33:38.923923: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:38.923925: | responder cookie: Sep 21 07:33:38.923927: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:38.923930: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:38.923933: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:38.923935: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:38.923938: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:38.923941: | Message ID: 1725336460 (0x66d68b8c) Sep 21 07:33:38.923943: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:38.923949: | ***emit ISAKMP Hash Payload: Sep 21 07:33:38.923951: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:38.923954: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:38.923957: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:38.923961: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:38.923963: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:38.923966: | ***emit ISAKMP Notification Payload: Sep 21 07:33:38.923968: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:38.923971: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:38.923973: | protocol ID: 1 (0x1) Sep 21 07:33:38.923975: | SPI size: 16 (0x10) Sep 21 07:33:38.923978: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:38.923981: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:38.923983: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:38.923987: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:38.923989: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:38.923991: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:38.923994: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:33:38.923996: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:38.923998: | notify data 00 00 2b 70 Sep 21 07:33:38.924000: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:38.924027: | notification HASH(1): Sep 21 07:33:38.924030: | 6a 19 55 06 48 40 5e 6a 3f db 31 1d 35 5a 1f 00 Sep 21 07:33:38.924032: | 62 af 56 80 a4 38 a2 da 90 18 2b 8b e5 09 f4 6d Sep 21 07:33:38.924040: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:38.924042: | no IKEv1 message padding required Sep 21 07:33:38.924044: | emitting length of ISAKMP Message: 108 Sep 21 07:33:38.924057: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:38.924059: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:38.924060: | 08 10 05 01 66 d6 8b 8c 00 00 00 6c 5b ed 00 a9 Sep 21 07:33:38.924061: | ed c6 8a fe d3 8b fd d5 d9 29 b5 64 b7 4f fb 65 Sep 21 07:33:38.924063: | 30 57 d0 a1 11 4c 69 9b b3 ce a2 c6 6c 5b 4e 68 Sep 21 07:33:38.924064: | 3a e6 c0 7e fe b0 c7 bd db 60 66 a1 23 d1 cb 65 Sep 21 07:33:38.924065: | e8 08 88 66 7c 1f 5f 12 29 c4 ec cc 60 0d 85 e0 Sep 21 07:33:38.924067: | 1d 17 4b 57 20 3d 87 c5 18 0f a2 9e Sep 21 07:33:38.924077: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:38.924080: | libevent_free: release ptr-libevent@0x557db45bcb80 Sep 21 07:33:38.924082: | free_event_entry: release EVENT_DPD-pe@0x7f0db8005860 Sep 21 07:33:38.924088: | #3 spent 0.287 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:38.924091: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:39.916136: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:33:39.916155: | handling event EVENT_DPD_TIMEOUT for parent state #1 Sep 21 07:33:39.916161: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:39.916165: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_timeout() at ikev1_dpd.c:566) Sep 21 07:33:39.916168: "north-dpd/0x2" #1: IKEv1 DPD action - restarting all connections that share this peer Sep 21 07:33:39.916171: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:39.916174: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in terminate_a_connection() at terminate.c:69) Sep 21 07:33:39.916179: "north-dpd/0x2" #1: terminating SAs using this connection Sep 21 07:33:39.916181: | connection 'north-dpd/0x2' -POLICY_UP Sep 21 07:33:39.916183: | FOR_EACH_STATE_... in shared_phase1_connection Sep 21 07:33:39.916185: "north-dpd/0x2" #1: IKE SA is shared - only terminating IPsec SA Sep 21 07:33:39.916188: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in terminate_a_connection() at terminate.c:79) Sep 21 07:33:39.916191: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in terminate_a_connection() at terminate.c:79) Sep 21 07:33:39.916193: | pstats #3 ikev1.ipsec deleted completed Sep 21 07:33:39.916196: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:33:39.916199: "north-dpd/0x2" #3: deleting state (STATE_QUICK_I2) aged 13.037s and sending notification Sep 21 07:33:39.916201: | child state #3: QUICK_I2(established CHILD SA) => delete Sep 21 07:33:39.916204: | get_sa_info esp.24fe65a2@192.1.2.23 Sep 21 07:33:39.916221: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:33:39.916227: "north-dpd/0x2" #3: ESP traffic information: in=0B out=168B Sep 21 07:33:39.916229: | state #3 requesting EVENT_DPD-pe@0x7f0dc40041c0 be deleted Sep 21 07:33:39.916232: | libevent_free: release ptr-libevent@0x7f0dbc001ef0 Sep 21 07:33:39.916234: | free_event_entry: release EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:33:39.916237: | #3 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:33:39.916239: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:39.916249: | **emit ISAKMP Message: Sep 21 07:33:39.916251: | initiator cookie: Sep 21 07:33:39.916253: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:39.916254: | responder cookie: Sep 21 07:33:39.916256: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.916258: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.916260: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:39.916262: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:39.916264: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:39.916266: | Message ID: 143678646 (0x8905cb6) Sep 21 07:33:39.916268: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:39.916270: | ***emit ISAKMP Hash Payload: Sep 21 07:33:39.916271: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.916274: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:39.916276: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:33:39.916278: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:39.916280: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:39.916281: | ***emit ISAKMP Delete Payload: Sep 21 07:33:39.916283: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.916284: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:39.916286: | protocol ID: 3 (0x3) Sep 21 07:33:39.916288: | SPI size: 4 (0x4) Sep 21 07:33:39.916289: | number of SPIs: 1 (0x1) Sep 21 07:33:39.916291: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:33:39.916293: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:33:39.916295: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:33:39.916297: | delete payload 3c a7 fe e2 Sep 21 07:33:39.916298: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:33:39.916324: | send delete HASH(1): Sep 21 07:33:39.916326: | e2 9b 54 c5 d7 f5 4f 8b fc b7 a8 67 16 93 43 b4 Sep 21 07:33:39.916327: | dc 3e 9c 39 cd 24 5c 2a 23 8e 02 15 32 1e 80 39 Sep 21 07:33:39.916334: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:39.916338: | no IKEv1 message padding required Sep 21 07:33:39.916339: | emitting length of ISAKMP Message: 92 Sep 21 07:33:39.916352: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:39.916354: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.916356: | 08 10 05 01 08 90 5c b6 00 00 00 5c e5 b9 8f 17 Sep 21 07:33:39.916357: | 42 24 24 26 5c b7 49 64 dc 98 57 ca ba d4 9b 39 Sep 21 07:33:39.916359: | 33 7d 29 75 34 d6 94 84 5c 3d e9 fd 7c b0 fc 1a Sep 21 07:33:39.916360: | c1 02 8d d4 c5 fa 3f 3c ff c0 27 62 4f e2 21 fe Sep 21 07:33:39.916361: | ac cf e6 83 37 e9 16 68 ed 5a 90 17 Sep 21 07:33:39.916372: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Sep 21 07:33:39.916374: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:33:39.916376: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:39.916378: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db45958c0 Sep 21 07:33:39.916437: | running updown command "ipsec _updown" for verb down Sep 21 07:33:39.916440: | command executing down-client Sep 21 07:33:39.916462: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:39.916467: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:39.916481: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051206' PLUTO_CONN_POL Sep 21 07:33:39.916483: | popen cmd is 1408 chars long Sep 21 07:33:39.916485: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Sep 21 07:33:39.916487: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:33:39.916489: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Sep 21 07:33:39.916490: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Sep 21 07:33:39.916492: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Sep 21 07:33:39.916494: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Sep 21 07:33:39.916495: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Sep 21 07:33:39.916497: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Sep 21 07:33:39.916499: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Sep 21 07:33:39.916500: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Sep 21 07:33:39.916502: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Sep 21 07:33:39.916503: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Sep 21 07:33:39.916505: | cmd( 960):DDTIME='1569051206' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Sep 21 07:33:39.916508: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:33:39.916510: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:33:39.916512: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:33:39.916513: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:33:39.916515: | cmd(1360):0x24fe65a2 SPI_OUT=0x3ca7fee2 ipsec _updown 2>&1: Sep 21 07:33:39.923595: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:33:39.923611: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:33:39.923614: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:33:39.923616: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:39.923660: | delete esp.24fe65a2@192.1.2.23 Sep 21 07:33:39.923689: | netlink response for Del SA esp.24fe65a2@192.1.2.23 included non-error error Sep 21 07:33:39.923691: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:33:39.923696: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:39.923733: | raw_eroute result=success Sep 21 07:33:39.923736: | delete esp.3ca7fee2@192.1.3.33 Sep 21 07:33:39.923758: | netlink response for Del SA esp.3ca7fee2@192.1.3.33 included non-error error Sep 21 07:33:39.923764: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:33:39.923766: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:33:39.923767: | in connection_discard for connection north-dpd/0x2 Sep 21 07:33:39.923769: | State DB: deleting IKEv1 state #3 in QUICK_I2 Sep 21 07:33:39.923773: | child state #3: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:33:39.923802: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:33:39.923812: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Sep 21 07:33:39.923814: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:39.923817: | start processing: connection "north-dpd/0x1" (in terminate_a_connection() at terminate.c:69) Sep 21 07:33:39.923819: "north-dpd/0x1": terminating SAs using this connection Sep 21 07:33:39.923820: | connection 'north-dpd/0x1' -POLICY_UP Sep 21 07:33:39.923822: | connection not shared - terminating IKE and IPsec SA Sep 21 07:33:39.923824: | Deleting states for connection - not including other IPsec SA's Sep 21 07:33:39.923825: | pass 0 Sep 21 07:33:39.923827: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:39.923829: | state #2 Sep 21 07:33:39.923831: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:33:39.923834: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:33:39.923836: | pstats #2 ikev1.ipsec deleted completed Sep 21 07:33:39.923839: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:33:39.923841: "north-dpd/0x1" #2: deleting state (STATE_QUICK_I2) aged 13.044s and sending notification Sep 21 07:33:39.923843: | child state #2: QUICK_I2(established CHILD SA) => delete Sep 21 07:33:39.923846: | get_sa_info esp.9b1d501b@192.1.2.23 Sep 21 07:33:39.923853: | get_sa_info esp.6c96bd25@192.1.3.33 Sep 21 07:33:39.923858: "north-dpd/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:33:39.923861: | #2 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:33:39.923862: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:39.923871: | **emit ISAKMP Message: Sep 21 07:33:39.923873: | initiator cookie: Sep 21 07:33:39.923875: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:39.923877: | responder cookie: Sep 21 07:33:39.923878: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.923880: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.923882: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:39.923884: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:39.923886: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:39.923887: | Message ID: 1306278366 (0x4ddc39de) Sep 21 07:33:39.923889: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:39.923891: | ***emit ISAKMP Hash Payload: Sep 21 07:33:39.923893: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.923895: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:39.923897: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:33:39.923899: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:39.923901: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:39.923903: | ***emit ISAKMP Delete Payload: Sep 21 07:33:39.923904: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.923906: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:39.923908: | protocol ID: 3 (0x3) Sep 21 07:33:39.923909: | SPI size: 4 (0x4) Sep 21 07:33:39.923911: | number of SPIs: 1 (0x1) Sep 21 07:33:39.923913: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:33:39.923914: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:33:39.923916: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:33:39.923918: | delete payload 6c 96 bd 25 Sep 21 07:33:39.923920: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:33:39.923940: | send delete HASH(1): Sep 21 07:33:39.923942: | 5c 8f aa a3 15 26 5f f3 a2 ab 4b ce 6c 32 97 77 Sep 21 07:33:39.923943: | f5 f6 e2 8c 69 3d 63 09 40 a1 32 ab c6 bb 76 d5 Sep 21 07:33:39.923949: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:39.923951: | no IKEv1 message padding required Sep 21 07:33:39.923952: | emitting length of ISAKMP Message: 92 Sep 21 07:33:39.923962: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:39.923964: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.923965: | 08 10 05 01 4d dc 39 de 00 00 00 5c 6f 13 9c 01 Sep 21 07:33:39.923967: | dd 00 fe fb 9e 6b b3 63 bf 1f 1e 46 0e 97 e7 48 Sep 21 07:33:39.923968: | 22 c0 ed 65 64 63 05 c1 20 41 97 c0 97 db 6c 5a Sep 21 07:33:39.923970: | 5c bb 06 e7 78 52 a4 fe 88 ab 53 7c 20 2a b2 48 Sep 21 07:33:39.923971: | 5b 64 f2 f9 3c 09 90 4d 09 3a 8e e3 Sep 21 07:33:39.923981: ERROR: "north-dpd/0x1" #2: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Sep 21 07:33:39.923984: | state #2 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:33:39.923987: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:39.923989: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db4595380 Sep 21 07:33:39.924039: | running updown command "ipsec _updown" for verb down Sep 21 07:33:39.924041: | command executing down-client Sep 21 07:33:39.924063: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:39.924068: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:39.924082: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051206' PLUTO_CONN_POLIC Sep 21 07:33:39.924086: | popen cmd is 1406 chars long Sep 21 07:33:39.924088: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Sep 21 07:33:39.924090: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:33:39.924091: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Sep 21 07:33:39.924093: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Sep 21 07:33:39.924094: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Sep 21 07:33:39.924096: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Sep 21 07:33:39.924098: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Sep 21 07:33:39.924099: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Sep 21 07:33:39.924101: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Sep 21 07:33:39.924103: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:33:39.924104: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:33:39.924106: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:33:39.924107: | cmd( 960):TIME='1569051206' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Sep 21 07:33:39.924109: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:33:39.924111: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:33:39.924112: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:33:39.924114: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:33:39.924115: | cmd(1360):9b1d501b SPI_OUT=0x6c96bd25 ipsec _updown 2>&1: Sep 21 07:33:39.931081: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:33:39.931097: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:33:39.931101: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:33:39.931105: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:39.931155: | delete esp.9b1d501b@192.1.2.23 Sep 21 07:33:39.931181: | netlink response for Del SA esp.9b1d501b@192.1.2.23 included non-error error Sep 21 07:33:39.931185: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:33:39.931192: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:39.931236: | raw_eroute result=success Sep 21 07:33:39.931240: | delete esp.6c96bd25@192.1.3.33 Sep 21 07:33:39.931262: | netlink response for Del SA esp.6c96bd25@192.1.3.33 included non-error error Sep 21 07:33:39.931273: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:33:39.931276: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:33:39.931279: | in connection_discard for connection north-dpd/0x1 Sep 21 07:33:39.931282: | State DB: deleting IKEv1 state #2 in QUICK_I2 Sep 21 07:33:39.931286: | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:33:39.931308: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:33:39.931317: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:33:39.931320: | state #1 Sep 21 07:33:39.931322: | pass 1 Sep 21 07:33:39.931325: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:39.931327: | state #1 Sep 21 07:33:39.931330: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Sep 21 07:33:39.931334: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:39.931339: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:39.931343: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:39.931347: | connection 'north-dpd/0x2' +POLICY_UP Sep 21 07:33:39.931350: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:39.931353: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:39.931359: | creating state object #4 at 0x557db45aa170 Sep 21 07:33:39.931362: | State DB: adding IKEv1 state #4 in UNDEFINED Sep 21 07:33:39.931365: | pstats #4 ikev1.ipsec started Sep 21 07:33:39.931368: | duplicating state object #1 "north-dpd/0x2" as #4 for IPSEC SA Sep 21 07:33:39.931373: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:39.931378: | suspend processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:39.931382: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:39.931390: | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:33:39.931397: "north-dpd/0x2" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e63858db proposal=defaults pfsgroup=MODP2048} Sep 21 07:33:39.931401: | adding quick_outI1 KE work-order 7 for state #4 Sep 21 07:33:39.931404: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:39.931408: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:33:39.931412: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:39.931423: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:39.931427: | resume processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:39.931430: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:39.931433: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:39.931434: | crypto helper 5 resuming Sep 21 07:33:39.931437: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:39.931449: | crypto helper 5 starting work-order 7 for state #4 Sep 21 07:33:39.931455: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:39.931463: | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 7 Sep 21 07:33:39.931468: | connection 'north-dpd/0x1' +POLICY_UP Sep 21 07:33:39.931478: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:39.931481: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:39.931486: | creating state object #5 at 0x557db45b1350 Sep 21 07:33:39.931488: | State DB: adding IKEv1 state #5 in UNDEFINED Sep 21 07:33:39.931492: | pstats #5 ikev1.ipsec started Sep 21 07:33:39.931497: | duplicating state object #1 "north-dpd/0x2" as #5 for IPSEC SA Sep 21 07:33:39.931501: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:39.931505: | in connection_discard for connection north-dpd/0x2 Sep 21 07:33:39.931508: | suspend processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:39.931512: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:39.931516: | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:33:39.931521: "north-dpd/0x1" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:8b8f1195 proposal=defaults pfsgroup=MODP2048} Sep 21 07:33:39.931525: | adding quick_outI1 KE work-order 8 for state #5 Sep 21 07:33:39.931528: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:39.931531: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:33:39.931534: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:39.931543: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:39.931546: | resume processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:39.931549: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:39.931554: | libevent_free: release ptr-libevent@0x7f0db0001ef0 Sep 21 07:33:39.931557: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x557db4596910 Sep 21 07:33:39.931564: | #1 spent 1.6 milliseconds in timer_event_cb() EVENT_DPD_TIMEOUT Sep 21 07:33:39.931567: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:33:39.931574: | crypto helper 0 resuming Sep 21 07:33:39.931579: | processing signal PLUTO_SIGCHLD Sep 21 07:33:39.931581: | crypto helper 0 starting work-order 8 for state #5 Sep 21 07:33:39.931584: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:39.931585: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 8 Sep 21 07:33:39.931591: | spent 0.00707 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:39.931594: | processing signal PLUTO_SIGCHLD Sep 21 07:33:39.931598: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:39.931601: | spent 0.00355 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:39.932062: | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000599 seconds Sep 21 07:33:39.932072: | (#4) spent 0.603 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Sep 21 07:33:39.932075: | crypto helper 5 sending results from work-order 7 for state #4 to event queue Sep 21 07:33:39.932077: | scheduling resume sending helper answer for #4 Sep 21 07:33:39.932079: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:33:39.932085: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:39.932092: | processing resume sending helper answer for #4 Sep 21 07:33:39.932098: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:39.932102: | crypto helper 5 replies to request ID 7 Sep 21 07:33:39.932105: | calling continuation function 0x557db2ef5630 Sep 21 07:33:39.932108: | quick_outI1_continue for #4: calculated ke+nonce, sending I1 Sep 21 07:33:39.932113: | **emit ISAKMP Message: Sep 21 07:33:39.932116: | initiator cookie: Sep 21 07:33:39.932118: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:39.932121: | responder cookie: Sep 21 07:33:39.932123: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.932126: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932129: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:39.932132: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:39.932135: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:39.932140: | Message ID: 3862452443 (0xe63858db) Sep 21 07:33:39.932143: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:39.932146: | ***emit ISAKMP Hash Payload: Sep 21 07:33:39.932149: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932152: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:39.932155: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932159: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:39.932161: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:39.932164: | emitting quick defaults using policy none Sep 21 07:33:39.932166: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:39.932170: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:39.932172: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:39.932175: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:39.932178: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:39.932181: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:39.932184: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932186: | ****emit IPsec DOI SIT: Sep 21 07:33:39.932189: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:39.932192: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:39.932195: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:33:39.932197: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:39.932200: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932202: | proposal number: 0 (0x0) Sep 21 07:33:39.932205: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:39.932207: | SPI size: 4 (0x4) Sep 21 07:33:39.932210: | number of transforms: 2 (0x2) Sep 21 07:33:39.932213: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:39.932226: | netlink_get_spi: allocated 0x6c70d87f for esp.0@192.1.3.33 Sep 21 07:33:39.932230: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:39.932232: | SPI 6c 70 d8 7f Sep 21 07:33:39.932235: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:39.932237: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:39.932240: | ESP transform number: 0 (0x0) Sep 21 07:33:39.932242: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:39.932245: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:39.932248: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932251: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:39.932253: | length/value: 14 (0xe) Sep 21 07:33:39.932256: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:39.932258: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932261: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:39.932263: | length/value: 1 (0x1) Sep 21 07:33:39.932266: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:39.932268: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932271: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:39.932273: | length/value: 1 (0x1) Sep 21 07:33:39.932276: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:39.932278: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932281: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:39.932283: | length/value: 28800 (0x7080) Sep 21 07:33:39.932286: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932288: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:39.932291: | length/value: 2 (0x2) Sep 21 07:33:39.932293: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:39.932297: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932300: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:39.932302: | length/value: 128 (0x80) Sep 21 07:33:39.932305: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:39.932307: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:39.932310: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932312: | ESP transform number: 1 (0x1) Sep 21 07:33:39.932315: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:33:39.932318: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:39.932321: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:39.932323: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932326: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:39.932328: | length/value: 14 (0xe) Sep 21 07:33:39.932331: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:39.932333: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932336: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:39.932338: | length/value: 1 (0x1) Sep 21 07:33:39.932341: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:39.932343: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932346: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:39.932348: | length/value: 1 (0x1) Sep 21 07:33:39.932350: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:39.932353: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932355: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:39.932358: | length/value: 28800 (0x7080) Sep 21 07:33:39.932360: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932363: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:39.932365: | length/value: 2 (0x2) Sep 21 07:33:39.932367: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:39.932370: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:33:39.932372: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:33:39.932375: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:39.932378: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:33:39.932380: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:39.932384: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:39.932386: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:39.932389: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:39.932392: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:39.932395: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932398: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:39.932400: | Ni 77 f8 8e 14 a5 e6 34 5b 74 75 33 e7 a3 60 bb 1b Sep 21 07:33:39.932403: | Ni 83 09 d5 d1 07 30 8d 4e 3f d8 3b f3 9f dd 82 1d Sep 21 07:33:39.932406: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:39.932408: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:39.932411: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:39.932414: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:39.932417: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:39.932420: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932423: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:39.932425: | keyex value 7e 78 d1 23 3e b9 14 72 3b c4 64 96 79 f1 28 90 Sep 21 07:33:39.932429: | keyex value fa da e7 ee 20 d6 fc e0 d8 31 db e1 c8 f6 72 43 Sep 21 07:33:39.932431: | keyex value 28 c7 24 25 a9 f0 8f e3 5a d8 9e 65 c0 f8 6c c2 Sep 21 07:33:39.932434: | keyex value fa 30 9b 22 bb 81 10 1f 24 ae f1 4c 2f 7e c8 f2 Sep 21 07:33:39.932436: | keyex value cd 22 08 8a 9d 5e de 84 69 c8 75 8b 70 f8 50 2f Sep 21 07:33:39.932439: | keyex value 69 1b 88 b1 5c ad a2 c2 67 34 2a cd f5 4c fb 5d Sep 21 07:33:39.932441: | keyex value 19 a5 cd 9c 70 f9 d2 05 fe 2c 10 70 99 99 27 97 Sep 21 07:33:39.932443: | keyex value 17 6d 77 59 6e 97 b0 40 f4 67 bd 5c ea ce 24 bf Sep 21 07:33:39.932446: | keyex value 9d f4 3a 8a 2f 6c c9 8c 4e 67 49 28 8a c4 f1 eb Sep 21 07:33:39.932448: | keyex value ee 04 0f 38 40 df 4a 8c 28 52 60 09 b8 55 b2 d6 Sep 21 07:33:39.932451: | keyex value 9e 8c 18 39 93 c3 14 75 aa 29 08 5f 3f 2b ca 03 Sep 21 07:33:39.932453: | keyex value 8c e5 a9 d2 20 82 8d 68 9a d1 4d 17 7d 3b 31 35 Sep 21 07:33:39.932456: | keyex value 5a f5 d7 bf e3 eb d1 74 04 2e 5a 55 87 e0 95 36 Sep 21 07:33:39.932458: | keyex value 9b 31 9f c8 1b 21 82 81 7b 15 3b 41 ad 1f 3e 1f Sep 21 07:33:39.932460: | keyex value be 31 0f 5d 5a 1a d1 de a9 5e e9 d2 69 ef 9a 6b Sep 21 07:33:39.932463: | keyex value ac 42 b2 d6 b7 51 65 76 47 01 65 4a 48 f7 0c 59 Sep 21 07:33:39.932465: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:39.932468: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:39.932470: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:39.932473: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:39.932476: | Protocol ID: 0 (0x0) Sep 21 07:33:39.932478: | port: 0 (0x0) Sep 21 07:33:39.932481: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:39.932484: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:39.932487: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:39.932490: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.932493: | client network c0 00 03 00 Sep 21 07:33:39.932495: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.932498: | client mask ff ff ff 00 Sep 21 07:33:39.932500: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:39.932503: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:39.932505: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932508: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:39.932510: | Protocol ID: 0 (0x0) Sep 21 07:33:39.932512: | port: 0 (0x0) Sep 21 07:33:39.932515: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:39.932518: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:39.932521: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.932523: | client network c0 00 16 00 Sep 21 07:33:39.932526: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.932529: | client mask ff ff ff 00 Sep 21 07:33:39.932531: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:39.932559: | outI1 HASH(1): Sep 21 07:33:39.932562: | 9d 2f 0d 1a 2d f1 f0 8b 7d 00 f1 d7 05 18 4b dc Sep 21 07:33:39.932565: | 8c 95 26 eb ba 9f 40 96 18 64 24 25 fa 74 01 6e Sep 21 07:33:39.932573: | no IKEv1 message padding required Sep 21 07:33:39.932576: | emitting length of ISAKMP Message: 476 Sep 21 07:33:39.932591: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:39.932598: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.932600: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:39.932603: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:39.932605: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:39.932608: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:39.932610: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:39.932612: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:39.932615: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:39.932617: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:39.932619: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:39.932622: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:39.932624: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:39.932626: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:39.932629: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:39.932635: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:39.932639: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:39.932643: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:39.932647: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:39.932651: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:39.932654: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:39.932628: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 8 time elapsed 0.001043 seconds Sep 21 07:33:39.932658: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:39.932668: | (#5) spent 0.624 milliseconds in crypto helper computing work-order 8: quick_outI1 KE (pcr) Sep 21 07:33:39.932673: | crypto helper 0 sending results from work-order 8 for state #5 to event queue Sep 21 07:33:39.932670: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:39.932677: | scheduling resume sending helper answer for #5 Sep 21 07:33:39.932681: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:39.932685: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:33:39.932688: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:39.932694: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:39.932694: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:39.932700: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:39.932703: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:39.932705: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:39.932707: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:39.932710: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:39.932723: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Sep 21 07:33:39.932726: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:39.932729: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:39.932732: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:33:39.932736: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:39.932740: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:33:39.932743: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:39.932748: | #4 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49866.301 Sep 21 07:33:39.932751: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:33:39.932756: | #4 spent 0.642 milliseconds in resume sending helper answer Sep 21 07:33:39.932761: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:39.932765: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:33:39.932771: | processing resume sending helper answer for #5 Sep 21 07:33:39.932776: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:39.932779: | crypto helper 0 replies to request ID 8 Sep 21 07:33:39.932781: | calling continuation function 0x557db2ef5630 Sep 21 07:33:39.932787: | quick_outI1_continue for #5: calculated ke+nonce, sending I1 Sep 21 07:33:39.932791: | **emit ISAKMP Message: Sep 21 07:33:39.932794: | initiator cookie: Sep 21 07:33:39.932796: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:39.932799: | responder cookie: Sep 21 07:33:39.932801: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.932804: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932806: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:39.932809: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:39.932812: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:39.932814: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:33:39.932819: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:39.932822: | ***emit ISAKMP Hash Payload: Sep 21 07:33:39.932825: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932828: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:39.932831: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932834: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:39.932836: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:39.932839: | emitting quick defaults using policy none Sep 21 07:33:39.932841: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:39.932844: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:39.932847: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:39.932849: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:39.932852: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:39.932855: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:39.932858: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.932861: | ****emit IPsec DOI SIT: Sep 21 07:33:39.932863: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:39.932866: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:39.932869: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:33:39.932871: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:39.932874: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932876: | proposal number: 0 (0x0) Sep 21 07:33:39.932879: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:39.932881: | SPI size: 4 (0x4) Sep 21 07:33:39.932884: | number of transforms: 2 (0x2) Sep 21 07:33:39.932886: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:39.932897: | netlink_get_spi: allocated 0x458a72ab for esp.0@192.1.3.33 Sep 21 07:33:39.932900: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:39.932902: | SPI 45 8a 72 ab Sep 21 07:33:39.932905: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:39.932907: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:39.932910: | ESP transform number: 0 (0x0) Sep 21 07:33:39.932912: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:39.932915: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:39.932918: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932922: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:39.932925: | length/value: 14 (0xe) Sep 21 07:33:39.932928: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:39.932930: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932933: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:39.932935: | length/value: 1 (0x1) Sep 21 07:33:39.932938: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:39.932940: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932942: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:39.932945: | length/value: 1 (0x1) Sep 21 07:33:39.932947: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:39.932950: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932952: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:39.932955: | length/value: 28800 (0x7080) Sep 21 07:33:39.932957: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932960: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:39.932962: | length/value: 2 (0x2) Sep 21 07:33:39.932965: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:39.932967: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932970: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:39.932972: | length/value: 128 (0x80) Sep 21 07:33:39.932975: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:39.932977: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:39.932980: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.932982: | ESP transform number: 1 (0x1) Sep 21 07:33:39.932985: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:33:39.932988: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:39.932991: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:39.932993: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.932996: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:39.932998: | length/value: 14 (0xe) Sep 21 07:33:39.933001: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:39.933003: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.933006: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:39.933008: | length/value: 1 (0x1) Sep 21 07:33:39.933010: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:39.933013: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.933015: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:39.933018: | length/value: 1 (0x1) Sep 21 07:33:39.933020: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:39.933022: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.933025: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:39.933028: | length/value: 28800 (0x7080) Sep 21 07:33:39.933030: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:39.933032: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:39.933035: | length/value: 2 (0x2) Sep 21 07:33:39.933037: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:39.933040: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:33:39.933042: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:33:39.933045: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:39.933048: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:33:39.933050: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:39.933053: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:39.933056: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:39.933059: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:39.933062: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:39.933065: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.933069: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:39.933072: | Ni fd cc 1c ad 0f 0a 1f 5e fb 96 cd 31 59 f2 40 8d Sep 21 07:33:39.933074: | Ni 0f 2a 1e e6 ed 90 a0 98 1a d7 6d 33 8a 61 b6 ca Sep 21 07:33:39.933076: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:39.933079: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:39.933081: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:39.933084: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:39.933087: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:39.933090: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:39.933093: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:39.933095: | keyex value 0b e1 5f 6a 7c d9 5f b6 2a a7 c7 83 0d c0 ff 98 Sep 21 07:33:39.933098: | keyex value d2 84 60 3f 21 36 b2 f8 45 df cd 95 28 15 71 b0 Sep 21 07:33:39.933100: | keyex value 29 70 9d 57 cb f1 ec 79 86 72 41 c9 01 ae 58 99 Sep 21 07:33:39.933103: | keyex value cb 61 e5 a1 dd a2 2f a9 91 bd 1c db 8b a3 8a a5 Sep 21 07:33:39.933105: | keyex value b1 61 55 87 f2 c0 b2 51 b6 e7 15 c5 0d 92 eb f2 Sep 21 07:33:39.933108: | keyex value 14 46 14 40 6b 7a 9c 47 da 5d 8f 72 69 ed 35 23 Sep 21 07:33:39.933110: | keyex value b9 4c 66 26 6b 3c df 49 6a fb ff 99 3a 56 06 9a Sep 21 07:33:39.933113: | keyex value c6 37 bf 2f 74 25 34 66 0e 05 bf ff 60 6e d5 dc Sep 21 07:33:39.933115: | keyex value 01 79 0f fa 29 74 fc b0 18 59 ab 34 7f 97 58 e2 Sep 21 07:33:39.933117: | keyex value 31 a4 cc ea 7e 94 f6 fd 8f ee 4f 61 4b ed e7 8b Sep 21 07:33:39.933120: | keyex value c5 d6 f7 6a 43 f3 3d 52 d8 a9 55 a4 43 1d f1 10 Sep 21 07:33:39.933122: | keyex value 3b 70 91 7c c5 1a 7a e7 c5 5b da 04 b2 c7 df 8e Sep 21 07:33:39.933125: | keyex value 40 33 4f 5b 98 0c ae 33 e7 69 6c b6 2c ee 3a ce Sep 21 07:33:39.933127: | keyex value 62 4b 6c 64 81 21 f5 69 e7 94 b8 05 ad e6 a6 73 Sep 21 07:33:39.933130: | keyex value a3 79 4a 04 26 4a 0c 2e d5 2c c1 ae 3f 3d 1e c2 Sep 21 07:33:39.933132: | keyex value e1 e9 a7 e8 6e 0c 09 dc 86 7b d1 d6 2d 42 d8 99 Sep 21 07:33:39.933135: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:39.933137: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:39.933140: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:39.933142: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:39.933145: | Protocol ID: 0 (0x0) Sep 21 07:33:39.933147: | port: 0 (0x0) Sep 21 07:33:39.933150: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:39.933153: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:39.933156: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:39.933159: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.933161: | client network c0 00 03 00 Sep 21 07:33:39.933164: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.933167: | client mask ff ff ff 00 Sep 21 07:33:39.933169: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:39.933172: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:39.933174: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.933177: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:39.933179: | Protocol ID: 0 (0x0) Sep 21 07:33:39.933181: | port: 0 (0x0) Sep 21 07:33:39.933185: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:39.933189: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:39.933192: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.933194: | client network c0 00 02 00 Sep 21 07:33:39.933197: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:39.933199: | client mask ff ff ff 00 Sep 21 07:33:39.933202: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:39.933222: | outI1 HASH(1): Sep 21 07:33:39.933225: | a4 3d 42 bd 66 72 5b 32 46 e7 3e a3 1a 4c 95 95 Sep 21 07:33:39.933227: | 97 3a 49 7d e2 cf ed 23 31 cc 6e 26 57 eb ab dd Sep 21 07:33:39.933233: | no IKEv1 message padding required Sep 21 07:33:39.933236: | emitting length of ISAKMP Message: 476 Sep 21 07:33:39.933247: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:39.933249: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:39.933252: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:39.933254: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:39.933256: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:39.933259: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:39.933261: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:39.933263: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:39.933266: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:39.933268: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:39.933271: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:39.933273: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:39.933275: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:39.933278: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:39.933280: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:39.933282: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:39.933285: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:39.933287: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:39.933289: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:39.933292: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:39.933294: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:39.933297: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:39.933299: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:39.933301: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:39.933304: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:39.933306: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:39.933308: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:39.933311: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:39.933313: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:39.933315: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:39.933318: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:39.933325: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Sep 21 07:33:39.933328: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:39.933332: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:39.933335: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db45958c0 Sep 21 07:33:39.933338: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:39.933342: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:33:39.933346: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:39.933351: | #5 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49866.301602 Sep 21 07:33:39.933354: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:33:39.933359: | #5 spent 0.576 milliseconds in resume sending helper answer Sep 21 07:33:39.933364: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:39.933367: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:33:40.433854: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:33:40.433867: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:40.433873: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.433875: | IKEv1 retransmit event Sep 21 07:33:40.433879: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:40.433882: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 1 Sep 21 07:33:40.433886: | retransmits: current time 49866.802148; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.501148 exceeds limit? NO Sep 21 07:33:40.433888: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:40.433891: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:33:40.433894: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:33:40.433897: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:33:40.433901: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:40.433903: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:40.433905: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:40.433906: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:40.433907: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:40.433909: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:40.433910: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:40.433911: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:40.433913: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:40.433914: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:40.433915: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:40.433917: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:40.433918: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:40.433919: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:40.433921: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:40.433922: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:40.433923: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:40.433925: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:40.433926: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:40.433927: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:40.433929: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:40.433930: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:40.433931: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:40.433932: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:40.433934: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:40.433935: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:40.433936: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:40.433938: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:40.433942: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:40.433944: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:40.433945: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:40.433957: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:40.433960: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:40.433962: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:40.433967: | #4 spent 0.127 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:40.433970: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:40.433973: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:33:40.433974: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:40.433977: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.433979: | IKEv1 retransmit event Sep 21 07:33:40.433982: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:40.433984: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 1 Sep 21 07:33:40.433987: | retransmits: current time 49866.802251; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500649 exceeds limit? NO Sep 21 07:33:40.433989: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:40.433991: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:33:40.433993: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:40.433994: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:33:40.433997: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:40.433999: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:40.434000: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:40.434001: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:40.434003: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:40.434004: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:40.434005: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:40.434007: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:40.434008: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:40.434009: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:40.434011: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:40.434012: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:40.434013: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:40.434015: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:40.434016: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:40.434017: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:40.434019: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:40.434020: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:40.434021: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:40.434023: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:40.434024: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:40.434025: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:40.434027: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:40.434028: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:40.434029: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:40.434031: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:40.434032: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:40.434033: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:40.434036: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:40.434037: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:40.434038: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:40.434042: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:40.434044: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:40.434046: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:40.434049: | #5 spent 0.0753 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:40.434051: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:40.935657: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:33:40.935671: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:40.935677: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.935679: | IKEv1 retransmit event Sep 21 07:33:40.935683: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:40.935686: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 2 Sep 21 07:33:40.935691: | retransmits: current time 49867.303953; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002953 exceeds limit? NO Sep 21 07:33:40.935694: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:40.935696: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Sep 21 07:33:40.935699: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:40.935702: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Sep 21 07:33:40.935707: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:40.935709: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:40.935710: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:40.935712: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:40.935713: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:40.935715: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:40.935716: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:40.935718: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:40.935719: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:40.935721: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:40.935722: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:40.935724: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:40.935725: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:40.935727: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:40.935728: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:40.935730: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:40.935731: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:40.935733: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:40.935734: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:40.935736: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:40.935737: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:40.935739: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:40.935740: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:40.935742: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:40.935743: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:40.935745: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:40.935746: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:40.935752: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:40.935754: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:40.935755: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:40.935757: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:40.935768: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:40.935771: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:33:40.935773: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:40.935778: | #4 spent 0.123 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:40.935782: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:40.935790: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:33:40.935792: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:40.935795: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.935798: | IKEv1 retransmit event Sep 21 07:33:40.935800: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:40.935803: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 2 Sep 21 07:33:40.935806: | retransmits: current time 49867.30407; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002468 exceeds limit? NO Sep 21 07:33:40.935808: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:40.935811: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Sep 21 07:33:40.935812: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:33:40.935814: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Sep 21 07:33:40.935818: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:40.935819: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:40.935821: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:40.935822: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:40.935823: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:40.935825: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:40.935826: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:40.935828: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:40.935829: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:40.935830: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:40.935832: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:40.935833: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:40.935835: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:40.935836: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:40.935837: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:40.935839: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:40.935840: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:40.935841: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:40.935843: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:40.935844: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:40.935846: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:40.935847: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:40.935848: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:40.935850: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:40.935851: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:40.935853: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:40.935855: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:40.935857: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:40.935858: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:40.935860: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:40.935861: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:40.935866: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:40.935868: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:40.935869: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:40.935873: | #5 spent 0.0822 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:40.935876: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:41.937203: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:33:41.937260: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:41.937283: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:41.937295: | IKEv1 retransmit event Sep 21 07:33:41.937309: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:41.937323: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 3 Sep 21 07:33:41.937342: | retransmits: current time 49868.305596; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.004596 exceeds limit? NO Sep 21 07:33:41.937353: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:41.937364: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #4 Sep 21 07:33:41.937374: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:41.937387: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Sep 21 07:33:41.937406: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:41.937414: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:41.937421: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:41.937428: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:41.937435: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:41.937442: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:41.937448: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:41.937455: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:41.937462: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:41.937469: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:41.937475: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:41.937482: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:41.937489: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:41.937496: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:41.937502: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:41.937509: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:41.937516: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:41.937523: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:41.937529: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:41.937536: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:41.937543: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:41.937549: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:41.937556: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:41.937563: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:41.937570: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:41.937590: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:41.937597: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:41.937604: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:41.937611: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:41.937618: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:41.937624: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:41.937666: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:41.937679: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:41.937689: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:41.937709: | #4 spent 0.512 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:41.937724: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:41.937736: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:33:41.937744: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:41.937757: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:41.937766: | IKEv1 retransmit event Sep 21 07:33:41.937779: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:41.937826: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 3 Sep 21 07:33:41.937843: | retransmits: current time 49868.306099; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.004497 exceeds limit? NO Sep 21 07:33:41.937852: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:41.937862: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Sep 21 07:33:41.937871: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:41.937880: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Sep 21 07:33:41.937895: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:41.937903: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:41.937910: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:41.937917: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:41.937923: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:41.937930: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:41.937937: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:41.937943: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:41.937950: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:41.937957: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:41.937964: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:41.937970: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:41.937977: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:41.937984: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:41.937990: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:41.937997: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:41.938004: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:41.938011: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:41.938017: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:41.938024: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:41.938031: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:41.938038: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:41.938044: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:41.938051: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:41.938064: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:41.938071: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:41.938078: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:41.938084: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:41.938091: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:41.938098: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:41.938104: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:41.938126: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:41.938135: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:33:41.938144: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:41.938158: | #5 spent 0.394 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:41.938171: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:43.939841: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:33:43.939859: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:43.939865: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:43.939868: | IKEv1 retransmit event Sep 21 07:33:43.939871: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:43.939874: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 4 Sep 21 07:33:43.939879: | retransmits: current time 49870.308141; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.007141 exceeds limit? NO Sep 21 07:33:43.939882: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:43.939884: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #4 Sep 21 07:33:43.939887: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:33:43.939890: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Sep 21 07:33:43.939895: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:43.939897: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:43.939898: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:43.939900: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:43.939901: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:43.939903: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:43.939904: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:43.939906: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:43.939907: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:43.939909: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:43.939910: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:43.939912: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:43.939913: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:43.939915: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:43.939916: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:43.939918: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:43.939919: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:43.939921: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:43.939922: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:43.939924: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:43.939925: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:43.939927: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:43.939928: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:43.939930: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:43.939935: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:43.939937: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:43.939938: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:43.939939: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:43.939941: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:43.939942: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:43.939944: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:43.940216: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:43.940220: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:43.940223: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:43.940229: | #4 spent 0.39 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:43.940232: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:43.940234: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:33:43.940236: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:43.940240: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:43.940242: | IKEv1 retransmit event Sep 21 07:33:43.940245: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:43.940248: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 4 Sep 21 07:33:43.940251: | retransmits: current time 49870.308514; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006912 exceeds limit? NO Sep 21 07:33:43.940253: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:43.940255: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Sep 21 07:33:43.940257: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:43.940259: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Sep 21 07:33:43.940263: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:43.940265: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:43.940266: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:43.940268: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:43.940269: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:43.940271: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:43.940272: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:43.940274: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:43.940275: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:43.940276: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:43.940278: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:43.940279: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:43.940281: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:43.940282: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:43.940284: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:43.940285: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:43.940287: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:43.940288: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:43.940290: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:43.940291: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:43.940293: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:43.940294: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:43.940296: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:43.940299: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:43.940300: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:43.940302: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:43.940303: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:43.940305: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:43.940306: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:43.940307: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:43.940309: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:43.940314: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:43.940316: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:43.940318: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:43.940321: | #5 spent 0.0857 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:43.940324: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:46.624820: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.624832: | expiring aged bare shunts from shunt table Sep 21 07:33:46.624836: | spent 0.00362 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.853223: | spent 0.0121 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:46.853303: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:33:46.853326: | spent 0.0479 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:46.853362: | spent 0.0061 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:46.853393: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:33:46.853410: | spent 0.0304 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:46.854514: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:46.854563: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:33:46.854596: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.854612: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x1 Sep 21 07:33:46.854634: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.854653: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.854661: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Sep 21 07:33:46.854673: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.854685: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.854692: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Sep 21 07:33:46.854704: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.854719: | spent 0.157 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:47.942855: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:33:47.942879: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:47.942890: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:47.942895: | IKEv1 retransmit event Sep 21 07:33:47.942901: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:47.942907: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 5 Sep 21 07:33:47.942915: | retransmits: current time 49874.311175; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.010175 exceeds limit? NO Sep 21 07:33:47.942925: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:47.942930: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #4 Sep 21 07:33:47.942935: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:47.942941: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Sep 21 07:33:47.942949: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:47.942953: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:47.942956: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:47.942959: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:47.942961: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:47.942964: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:47.942967: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:47.942970: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:47.942973: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:47.942975: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:47.942978: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:47.942981: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:47.942984: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:47.942986: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:47.942989: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:47.942992: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:47.942995: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:47.942998: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:47.943000: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:47.943003: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:47.943006: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:47.943009: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:47.943012: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:47.943014: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:47.943017: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:47.943020: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:47.943023: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:47.943026: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:47.943028: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:47.943031: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:47.943034: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:47.943067: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:47.943074: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:33:47.943079: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:47.943090: | #4 spent 0.236 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:47.943097: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:47.943104: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:33:47.943108: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:47.943115: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:47.943120: | IKEv1 retransmit event Sep 21 07:33:47.943126: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:47.943132: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 5 Sep 21 07:33:47.943140: | retransmits: current time 49874.3114; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.009798 exceeds limit? NO Sep 21 07:33:47.943147: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:47.943152: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Sep 21 07:33:47.943156: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:33:47.943161: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Sep 21 07:33:47.943168: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:47.943172: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:47.943175: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:47.943179: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:47.943182: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:47.943185: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:47.943189: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:47.943192: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:47.943195: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:47.943199: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:47.943202: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:47.943205: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:47.943209: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:47.943212: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:47.943215: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:47.943219: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:47.943222: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:47.943225: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:47.943229: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:47.943232: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:47.943235: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:47.943239: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:47.943242: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:47.943245: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:47.943249: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:47.943252: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:47.943255: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:47.943259: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:47.943262: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:47.943265: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:47.943269: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:47.943279: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:47.943284: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:33:47.943288: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:47.943294: | #5 spent 0.189 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:47.943301: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:55.950817: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:33:55.950843: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:33:55.950849: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:55.950851: | IKEv1 retransmit event Sep 21 07:33:55.950854: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:55.950857: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 6 Sep 21 07:33:55.950865: | retransmits: current time 49882.319128; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.018128 exceeds limit? NO Sep 21 07:33:55.950868: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:33:55.950871: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #4 Sep 21 07:33:55.950873: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:33:55.950876: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Sep 21 07:33:55.950881: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:33:55.950882: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:55.950884: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:33:55.950885: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:33:55.950886: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:33:55.950888: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:33:55.950889: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:33:55.950890: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:33:55.950892: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:33:55.950893: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:33:55.950894: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:33:55.950896: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:33:55.950897: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:33:55.950898: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:33:55.950900: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:33:55.950901: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:33:55.950902: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:33:55.950904: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:33:55.950905: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:33:55.950906: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:33:55.950908: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:33:55.950909: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:33:55.950910: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:33:55.950912: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:33:55.950913: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:33:55.950914: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:33:55.950916: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:33:55.950917: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:33:55.950918: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:33:55.950920: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:33:55.950921: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:33:55.950931: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:55.950934: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:33:55.950936: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:55.950942: | #4 spent 0.127 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:55.950944: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:55.950947: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:33:55.950949: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:33:55.950951: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:55.950953: | IKEv1 retransmit event Sep 21 07:33:55.950956: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:55.950958: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 6 Sep 21 07:33:55.950962: | retransmits: current time 49882.319226; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.017624 exceeds limit? NO Sep 21 07:33:55.950964: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:33:55.950966: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Sep 21 07:33:55.950968: | libevent_malloc: new ptr-libevent@0x7f0dc4007fa0 size 128 Sep 21 07:33:55.950970: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Sep 21 07:33:55.950972: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:33:55.950974: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:55.950975: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:33:55.950977: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:33:55.950978: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:33:55.950979: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:33:55.950981: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:33:55.950982: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:33:55.950983: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:33:55.950985: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:33:55.950986: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:33:55.950987: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:33:55.950989: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:33:55.950990: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:33:55.950991: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:33:55.950993: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:33:55.950994: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:33:55.950995: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:33:55.950997: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:33:55.950998: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:33:55.950999: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:33:55.951001: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:33:55.951002: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:33:55.951003: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:33:55.951005: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:33:55.951006: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:33:55.951007: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:33:55.951009: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:33:55.951010: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:33:55.951011: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:33:55.951013: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:33:55.951017: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:55.951018: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:33:55.951020: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:33:55.951023: | #5 spent 0.0752 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:55.951025: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:06.631905: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.631926: | expiring aged bare shunts from shunt table Sep 21 07:34:06.631933: | spent 0.00617 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.854931: | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:06.854949: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:34:06.854958: | spent 0.0144 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:06.854966: | spent 0.00141 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:06.854973: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:34:06.854977: | spent 0.00697 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:09.583316: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:09.583515: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:09.583521: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:09.583680: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:09.583684: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:09.583706: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:09.583714: | spent 0.405 milliseconds in whack Sep 21 07:34:09.635832: | kernel_process_msg_cb process netlink message Sep 21 07:34:09.635862: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:34:09.635869: | spent 0.00825 milliseconds in kernel message Sep 21 07:34:09.708632: | kernel_process_msg_cb process netlink message Sep 21 07:34:09.708648: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:34:09.708650: | xfrm netlink msg len 376 Sep 21 07:34:09.708652: | xfrm acquire rtattribute type 5 Sep 21 07:34:09.708653: | xfrm acquire rtattribute type 16 Sep 21 07:34:09.708665: | add bare shunt 0x557db459e6f0 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:09.708670: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:34:09.708674: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Sep 21 07:34:09.708676: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:34:09.708679: | find_connection: conn "north-dpd/0x1" has compatible peers: 192.0.3.0/24:0 -> 192.0.2.0/24:0 [pri: 25214986] Sep 21 07:34:09.708681: | find_connection: first OK "north-dpd/0x1" [pri:25214986]{0x557db4591500} (child none) Sep 21 07:34:09.708684: | find_connection: concluding with "north-dpd/0x1" [pri:25214986]{0x557db4591500} kind=CK_PERMANENT Sep 21 07:34:09.708686: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:34:09.708687: | assign_holdpass() need broad(er) shunt Sep 21 07:34:09.708689: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:09.708693: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:34:09.708695: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:34:09.708697: | raw_eroute result=success Sep 21 07:34:09.708698: | assign_holdpass() eroute_connection() done Sep 21 07:34:09.708700: | fiddle_bare_shunt called Sep 21 07:34:09.708701: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:34:09.708703: | removing specific host-to-host bare shunt Sep 21 07:34:09.708706: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:34:09.708707: | netlink_raw_eroute: SPI_PASS Sep 21 07:34:09.708721: | raw_eroute result=success Sep 21 07:34:09.708723: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:34:09.708727: | delete bare shunt 0x557db459e6f0 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:09.708729: assign_holdpass() delete_bare_shunt() failed Sep 21 07:34:09.708730: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:34:09.708732: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:09.708737: | creating state object #6 at 0x557db45af260 Sep 21 07:34:09.708739: | State DB: adding IKEv1 state #6 in UNDEFINED Sep 21 07:34:09.708742: | pstats #6 ikev1.ipsec started Sep 21 07:34:09.708744: | duplicating state object #1 "north-dpd/0x2" as #6 for IPSEC SA Sep 21 07:34:09.708749: | #6 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:09.708752: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:09.708755: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:09.708764: | child state #6: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:09.708769: "north-dpd/0x1" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:7cb3d8d7 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:09.708771: | adding quick_outI1 KE work-order 9 for state #6 Sep 21 07:34:09.708773: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4596910 Sep 21 07:34:09.708776: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:34:09.708779: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:34:09.708789: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:09.708795: | crypto helper 1 resuming Sep 21 07:34:09.708804: | crypto helper 1 starting work-order 9 for state #6 Sep 21 07:34:09.708796: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Sep 21 07:34:09.708808: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 9 Sep 21 07:34:09.708817: | spent 0.164 milliseconds in kernel message Sep 21 07:34:09.709680: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.000871 seconds Sep 21 07:34:09.709690: | (#6) spent 0.878 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Sep 21 07:34:09.709693: | crypto helper 1 sending results from work-order 9 for state #6 to event queue Sep 21 07:34:09.709696: | scheduling resume sending helper answer for #6 Sep 21 07:34:09.709699: | libevent_malloc: new ptr-libevent@0x7f0dc000ad90 size 128 Sep 21 07:34:09.709707: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:09.709742: | processing resume sending helper answer for #6 Sep 21 07:34:09.709751: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:09.709754: | crypto helper 1 replies to request ID 9 Sep 21 07:34:09.709756: | calling continuation function 0x557db2ef5630 Sep 21 07:34:09.709758: | quick_outI1_continue for #6: calculated ke+nonce, sending I1 Sep 21 07:34:09.709762: | **emit ISAKMP Message: Sep 21 07:34:09.709764: | initiator cookie: Sep 21 07:34:09.709766: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.709767: | responder cookie: Sep 21 07:34:09.709768: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.709771: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.709773: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.709774: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.709776: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.709778: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.709780: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:09.709782: | ***emit ISAKMP Hash Payload: Sep 21 07:34:09.709810: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.709812: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:09.709814: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.709816: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:09.709818: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:09.709820: | emitting quick defaults using policy none Sep 21 07:34:09.709821: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:09.709824: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:09.709826: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:09.709827: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:09.709831: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:09.709846: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:09.709848: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.709849: | ****emit IPsec DOI SIT: Sep 21 07:34:09.709851: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:09.709853: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:09.709855: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:09.709856: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:09.709858: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.709859: | proposal number: 0 (0x0) Sep 21 07:34:09.709861: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:09.709862: | SPI size: 4 (0x4) Sep 21 07:34:09.709863: | number of transforms: 2 (0x2) Sep 21 07:34:09.709865: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:09.709876: | netlink_get_spi: allocated 0x62fa2058 for esp.0@192.1.3.33 Sep 21 07:34:09.709878: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:09.709880: | SPI 62 fa 20 58 Sep 21 07:34:09.709881: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:09.709883: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:09.709885: | ESP transform number: 0 (0x0) Sep 21 07:34:09.709886: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:09.709888: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:09.709889: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709891: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:09.709893: | length/value: 14 (0xe) Sep 21 07:34:09.709895: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:09.709897: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709900: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:09.709902: | length/value: 1 (0x1) Sep 21 07:34:09.709904: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:09.709906: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709908: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:09.709909: | length/value: 1 (0x1) Sep 21 07:34:09.709911: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:09.709913: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709916: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:09.709918: | length/value: 28800 (0x7080) Sep 21 07:34:09.709920: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709922: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:09.709923: | length/value: 2 (0x2) Sep 21 07:34:09.709925: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:09.709926: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709927: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:09.709929: | length/value: 128 (0x80) Sep 21 07:34:09.709930: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:09.709932: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:09.709933: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.709935: | ESP transform number: 1 (0x1) Sep 21 07:34:09.709936: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:09.709938: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:09.709940: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:09.709941: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709943: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:09.709944: | length/value: 14 (0xe) Sep 21 07:34:09.709962: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:09.709967: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709968: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:09.709983: | length/value: 1 (0x1) Sep 21 07:34:09.709984: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:09.709985: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709987: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:09.709988: | length/value: 1 (0x1) Sep 21 07:34:09.709990: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:09.709991: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709992: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:09.709994: | length/value: 28800 (0x7080) Sep 21 07:34:09.709995: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:09.709997: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:09.709998: | length/value: 2 (0x2) Sep 21 07:34:09.709999: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:09.710001: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:09.710002: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:09.710004: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:09.710006: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:09.710007: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:09.710009: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:09.710011: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:09.710028: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:09.710030: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:09.710032: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.710033: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:09.710035: | Ni 0f 87 71 2d a1 c6 ee 09 2d 56 32 40 d4 4d 0c 06 Sep 21 07:34:09.710036: | Ni 01 09 30 1b 4c 98 ed 5b a2 8e cf 27 b2 23 28 de Sep 21 07:34:09.710038: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:09.710040: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:09.710041: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.710043: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:09.710045: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:09.710046: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.710048: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:09.710050: | keyex value 1f f4 0e f3 06 a9 bb 7c 16 b5 39 60 db 68 87 e5 Sep 21 07:34:09.710051: | keyex value f8 76 c9 1a a0 8b cc 47 19 69 e8 b6 7e 79 2f f3 Sep 21 07:34:09.710053: | keyex value 1b b8 96 02 1b 5d 06 48 0a f8 58 6e bd b3 f3 ff Sep 21 07:34:09.710054: | keyex value 91 4b 1b b8 20 52 54 e0 4b e1 37 aa 64 c9 bd e3 Sep 21 07:34:09.710055: | keyex value 25 dd 97 64 38 88 0b 7e be 33 35 7b e2 9b 79 be Sep 21 07:34:09.710057: | keyex value 10 c7 7d 48 1b f3 ac e3 d1 84 8e e2 54 d6 5a e8 Sep 21 07:34:09.710071: | keyex value 77 45 a2 5e 9f fb 23 3f 3f 36 0e 14 31 c6 43 9d Sep 21 07:34:09.710073: | keyex value d3 9c bc 69 80 e7 7a 1f 2c 72 28 c4 89 0a f7 88 Sep 21 07:34:09.710074: | keyex value 9b 11 c6 5c 99 a0 8c 59 76 85 47 0e 60 06 02 b1 Sep 21 07:34:09.710075: | keyex value a2 f0 1e 52 ff db 13 bb 13 25 37 92 dc 88 73 f9 Sep 21 07:34:09.710077: | keyex value c7 02 1d f3 c8 7a 6d 73 9c 2a 1b 0f 5c 3a 0d 6a Sep 21 07:34:09.710078: | keyex value 65 84 a7 32 9f 73 c4 15 2f 2f a5 7b 91 de 56 cc Sep 21 07:34:09.710079: | keyex value c7 8a 35 10 ab d7 39 d9 6b bf f4 6a 17 ee 94 71 Sep 21 07:34:09.710082: | keyex value 2a 80 84 da be cd 20 09 1a c8 75 9b 9c b2 79 2d Sep 21 07:34:09.710083: | keyex value 84 ab cb 04 ed 3b 69 a1 5b 6a d0 75 ee 87 b3 d6 Sep 21 07:34:09.710084: | keyex value 5e 2f ab 63 eb ff f6 86 15 48 bd 37 f8 c8 b2 32 Sep 21 07:34:09.710086: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:09.710088: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.710089: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.710091: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.710092: | Protocol ID: 0 (0x0) Sep 21 07:34:09.710093: | port: 0 (0x0) Sep 21 07:34:09.710095: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:09.710097: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:09.710099: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:09.710101: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.710102: | client network c0 00 03 00 Sep 21 07:34:09.710104: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.710105: | client mask ff ff ff 00 Sep 21 07:34:09.710106: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:09.710108: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.710109: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.710111: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.710112: | Protocol ID: 0 (0x0) Sep 21 07:34:09.710113: | port: 0 (0x0) Sep 21 07:34:09.710115: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:09.710117: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:09.710119: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.710120: | client network c0 00 02 00 Sep 21 07:34:09.710121: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.710123: | client mask ff ff ff 00 Sep 21 07:34:09.710124: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:09.710144: | outI1 HASH(1): Sep 21 07:34:09.710146: | de 4f d9 56 a8 0c 0c 63 e9 97 b8 5e c9 29 8c b0 Sep 21 07:34:09.710147: | 93 fa 66 d4 b8 e4 c7 3e 73 30 82 49 4c 16 4f a2 Sep 21 07:34:09.710153: | no IKEv1 message padding required Sep 21 07:34:09.710154: | emitting length of ISAKMP Message: 476 Sep 21 07:34:09.710165: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:34:09.710166: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.710168: | 08 10 20 01 7c b3 d8 d7 00 00 01 dc b4 4c a0 e5 Sep 21 07:34:09.710169: | 50 5c 31 de 37 fb 96 00 f0 f8 ca 38 dc fd 12 01 Sep 21 07:34:09.710170: | 6b 4a 4d 16 8b 9a 23 56 a6 68 e8 57 3c af c5 15 Sep 21 07:34:09.710172: | 0f a0 35 21 59 d7 0a 9c 52 54 e6 11 55 c5 d8 44 Sep 21 07:34:09.710173: | 18 da 04 23 dc 90 47 8a 8d ef 7d 39 bf a1 f7 e2 Sep 21 07:34:09.710174: | 2f f1 d3 ef 5d 5c 67 36 05 c3 7a 59 28 77 0e 9e Sep 21 07:34:09.710176: | 0b 2c 65 61 63 29 7e a0 d1 83 47 71 6a 7d bc 7e Sep 21 07:34:09.710177: | dc 98 1d 79 7b 6e bf 88 b4 b9 e2 88 03 0f 7b 0a Sep 21 07:34:09.710178: | b0 13 63 fc 71 02 a7 2e 54 1e 37 a8 ad 1f 0d 0d Sep 21 07:34:09.710180: | 2b 9a 73 ed 5c 26 d9 f3 c4 7c cf 60 1b 89 db 52 Sep 21 07:34:09.710181: | 5b 79 a3 28 e3 86 82 60 1c 1e 13 a5 27 f8 70 74 Sep 21 07:34:09.710184: | 0b a5 2b 8d 71 3b 9c 2f 2e 95 57 c2 07 b2 1a 34 Sep 21 07:34:09.710185: | 88 c5 be f8 dd d6 7c 72 df ad ab 9c b6 b7 dc 58 Sep 21 07:34:09.710187: | 3d 46 91 0c 46 3a bf e2 7f 60 60 00 94 6a b9 a2 Sep 21 07:34:09.710188: | 71 c1 fb c1 fc 5b 01 bc 87 e9 24 17 0a c9 7c 06 Sep 21 07:34:09.710189: | eb 23 08 6b 56 da 2c 78 b8 d7 55 32 6a 2d 8e cb Sep 21 07:34:09.710191: | e7 91 df ed 6a 81 b8 79 f3 98 cd e7 e0 e6 4c 76 Sep 21 07:34:09.710192: | e5 e6 de 4f bb c9 be 55 ac 68 41 6e 22 5f d5 e7 Sep 21 07:34:09.710193: | ac d2 52 c2 2c dd 6d d5 52 ce a2 b3 f5 7d 4f a6 Sep 21 07:34:09.710195: | 9d 78 7c f2 60 66 5f eb b3 94 99 73 a6 5b c2 52 Sep 21 07:34:09.710196: | 84 70 9c 92 f4 cb e5 e2 23 43 d1 07 cb 3c 72 61 Sep 21 07:34:09.710197: | cb 9c 3c 12 4a 4f 05 58 76 9a 1f 2a 6a 7f 9e 8d Sep 21 07:34:09.710199: | 31 33 be 65 6d b5 b5 70 e3 34 9f e3 d6 ab 5e ec Sep 21 07:34:09.710200: | e7 3d 94 f6 25 32 19 c2 61 79 9a bd 6e a2 e1 2d Sep 21 07:34:09.710201: | 41 ec ce 57 72 b7 3d 66 42 f6 60 d6 fd 83 c9 f6 Sep 21 07:34:09.710203: | bd d0 a4 5e e0 fd 43 65 dd b0 72 8c 88 cd a9 46 Sep 21 07:34:09.710204: | 7b eb 18 da 8b 67 21 11 91 39 41 e5 33 74 de d9 Sep 21 07:34:09.710205: | c3 7f 7c 9c 88 36 c2 f7 a5 62 c5 83 77 1d 0a 39 Sep 21 07:34:09.710207: | 61 6f f3 cd 35 d5 e9 7c 95 81 9e ee Sep 21 07:34:09.710248: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:09.710267: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:34:09.710269: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4596910 Sep 21 07:34:09.710271: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:34:09.710274: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:34:09.710276: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:34:09.710279: | #6 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49896.078536 Sep 21 07:34:09.710282: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Sep 21 07:34:09.710286: | #6 spent 0.483 milliseconds in resume sending helper answer Sep 21 07:34:09.710289: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:09.710291: | libevent_free: release ptr-libevent@0x7f0dc000ad90 Sep 21 07:34:09.713274: | spent 0.00206 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:09.713289: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:09.713292: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.713294: | 08 10 20 01 7c b3 d8 d7 00 00 01 cc b2 77 07 79 Sep 21 07:34:09.713295: | f0 ff ee f4 4c 6e 7c ff 6d 0a 58 32 64 f9 54 f9 Sep 21 07:34:09.713297: | da e7 96 42 bd 58 cb ff 2f d9 84 69 c4 c5 b9 8f Sep 21 07:34:09.713298: | 98 90 f9 13 f3 4a f0 a0 ed d4 2d 6b 64 c9 dc af Sep 21 07:34:09.713300: | 30 8c 0e ca 2e 40 d3 7e 0e 2a db 62 7b 1d a3 95 Sep 21 07:34:09.713301: | d3 7a a3 a2 9d 6c b0 5e 82 f4 0c b2 29 a0 8b c2 Sep 21 07:34:09.713303: | 7a 47 de 56 ee f3 a3 c7 87 d2 fe e6 c1 c8 ed 24 Sep 21 07:34:09.713304: | 4c 9d b2 f6 cf ac 2a ad e4 06 4e da 07 46 fb 21 Sep 21 07:34:09.713306: | 7a 47 73 e9 36 0b e0 dc fd f4 6d 99 58 74 8e fe Sep 21 07:34:09.713307: | d5 93 63 60 29 c4 5d d9 27 b4 00 bb 92 c3 cb dc Sep 21 07:34:09.713309: | 29 f2 53 f1 df 1d a4 31 15 18 fa 25 e6 f9 2e 48 Sep 21 07:34:09.713310: | 82 a4 35 f1 c1 ef 39 e0 18 1c 8e 96 d0 3b fd ad Sep 21 07:34:09.713312: | e6 67 15 98 dd 08 7c 5e 57 24 22 0a 9a 5a 6f 06 Sep 21 07:34:09.713313: | ed 2e c2 53 3c 07 56 c3 11 12 57 ae 95 4e 69 fd Sep 21 07:34:09.713315: | 16 ba c8 56 5b c2 68 e1 9c 82 0c 8f dc d1 48 5f Sep 21 07:34:09.713316: | e6 2c 4a bb c9 ee e8 ef 52 46 42 a2 21 7b 8a 97 Sep 21 07:34:09.713318: | 74 5d 8f a7 8f 91 7e 6f f7 47 26 28 a0 69 d7 a1 Sep 21 07:34:09.713322: | 21 f5 9e be 9f d3 9d 7c c4 2a 6c 16 2d 78 fd 67 Sep 21 07:34:09.713323: | e5 5e 90 40 a2 09 88 cf f1 80 e5 9e cd 53 2a e4 Sep 21 07:34:09.713325: | 56 0f 13 38 6c ae 28 72 5d f0 47 ff e0 98 b0 4a Sep 21 07:34:09.713326: | b2 8c 27 d6 61 e2 e4 95 c1 26 e1 2a bd d5 74 b8 Sep 21 07:34:09.713327: | 88 f5 76 8d f2 da 4c 41 e6 1b 38 dd ed 85 12 e0 Sep 21 07:34:09.713329: | 5e 35 04 8a 0a 7d b5 e2 a2 15 77 e3 f3 39 f2 2e Sep 21 07:34:09.713330: | aa 42 db 5c b0 d4 f8 3e b4 83 2c 68 8b a0 ba 6c Sep 21 07:34:09.713332: | 8c 55 f3 d6 d8 e5 66 51 d4 a4 a1 15 f7 41 60 bc Sep 21 07:34:09.713333: | e2 b5 33 d3 2d 96 ba 06 09 95 c9 47 9e 7c c8 72 Sep 21 07:34:09.713335: | 47 d5 cb bc 24 ef fa 50 5f 4e 0e 89 42 7b 68 3a Sep 21 07:34:09.713336: | 8a b3 86 d8 77 6d 21 3f 63 f6 a3 a2 Sep 21 07:34:09.713339: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:09.713341: | **parse ISAKMP Message: Sep 21 07:34:09.713343: | initiator cookie: Sep 21 07:34:09.713344: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.713346: | responder cookie: Sep 21 07:34:09.713347: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.713349: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:09.713351: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.713353: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.713354: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.713356: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.713358: | length: 460 (0x1cc) Sep 21 07:34:09.713360: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:09.713362: | State DB: found IKEv1 state #6 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:09.713365: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:09.713367: | #6 is idle Sep 21 07:34:09.713369: | #6 idle Sep 21 07:34:09.713371: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:09.713380: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:09.713382: | ***parse ISAKMP Hash Payload: Sep 21 07:34:09.713384: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:09.713385: | length: 36 (0x24) Sep 21 07:34:09.713387: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:09.713389: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:09.713391: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:09.713392: | length: 56 (0x38) Sep 21 07:34:09.713394: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:09.713396: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:09.713397: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:09.713399: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:09.713400: | length: 36 (0x24) Sep 21 07:34:09.713402: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.713404: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:09.713405: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.713407: | length: 260 (0x104) Sep 21 07:34:09.713408: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.713410: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.713412: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.713413: | length: 16 (0x10) Sep 21 07:34:09.713415: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.713416: | Protocol ID: 0 (0x0) Sep 21 07:34:09.713418: | port: 0 (0x0) Sep 21 07:34:09.713420: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:09.713421: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.713423: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.713425: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.713426: | length: 16 (0x10) Sep 21 07:34:09.713428: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.713429: | Protocol ID: 0 (0x0) Sep 21 07:34:09.713434: | port: 0 (0x0) Sep 21 07:34:09.713436: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:09.713437: | removing 12 bytes of padding Sep 21 07:34:09.713452: | quick_inR1_outI2 HASH(2): Sep 21 07:34:09.713454: | 28 e3 41 78 4d e0 70 39 5b e7 ff 2c c4 f1 a8 15 Sep 21 07:34:09.713456: | b2 bc 8e 6d 22 9b 00 a1 99 0a 84 48 1f 0f 92 cb Sep 21 07:34:09.713458: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:09.713460: | ****parse IPsec DOI SIT: Sep 21 07:34:09.713462: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:09.713464: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:09.713465: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.713467: | length: 44 (0x2c) Sep 21 07:34:09.713468: | proposal number: 0 (0x0) Sep 21 07:34:09.713470: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:09.713472: | SPI size: 4 (0x4) Sep 21 07:34:09.713473: | number of transforms: 1 (0x1) Sep 21 07:34:09.713475: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:09.713476: | SPI 46 4c 04 b5 Sep 21 07:34:09.713478: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:09.713480: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.713481: | length: 32 (0x20) Sep 21 07:34:09.713483: | ESP transform number: 0 (0x0) Sep 21 07:34:09.713485: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:09.713487: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713489: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:09.713490: | length/value: 14 (0xe) Sep 21 07:34:09.713492: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:09.713494: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713495: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:09.713497: | length/value: 1 (0x1) Sep 21 07:34:09.713499: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:09.713500: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:09.713502: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713504: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:09.713505: | length/value: 1 (0x1) Sep 21 07:34:09.713507: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:09.713508: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713510: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:09.713512: | length/value: 28800 (0x7080) Sep 21 07:34:09.713513: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713515: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:09.713516: | length/value: 2 (0x2) Sep 21 07:34:09.713518: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:09.713520: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.713521: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:09.713523: | length/value: 128 (0x80) Sep 21 07:34:09.713525: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:09.713536: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:09.713541: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:09.713547: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:09.713552: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:09.713554: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:09.713557: | no PreShared Key Found Sep 21 07:34:09.713560: | adding quick outI2 DH work-order 10 for state #6 Sep 21 07:34:09.713561: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:09.713563: | #6 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:09.713565: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:34:09.713567: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4596910 Sep 21 07:34:09.713569: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4596910 Sep 21 07:34:09.713572: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:34:09.713573: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:34:09.713579: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:09.713583: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:09.713585: | suspending state #6 and saving MD Sep 21 07:34:09.713586: | #6 is busy; has a suspended MD Sep 21 07:34:09.713587: | crypto helper 2 resuming Sep 21 07:34:09.713590: | #6 spent 0.129 milliseconds in process_packet_tail() Sep 21 07:34:09.713598: | crypto helper 2 starting work-order 10 for state #6 Sep 21 07:34:09.713604: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:09.713610: | crypto helper 2 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 Sep 21 07:34:09.713612: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:09.713615: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:09.713618: | spent 0.329 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:09.714552: | crypto helper 2 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 time elapsed 0.000942 seconds Sep 21 07:34:09.714563: | (#6) spent 0.947 milliseconds in crypto helper computing work-order 10: quick outI2 DH (pcr) Sep 21 07:34:09.714567: | crypto helper 2 sending results from work-order 10 for state #6 to event queue Sep 21 07:34:09.714569: | scheduling resume sending helper answer for #6 Sep 21 07:34:09.714573: | libevent_malloc: new ptr-libevent@0x7f0dc40036d0 size 128 Sep 21 07:34:09.714580: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:09.714615: | processing resume sending helper answer for #6 Sep 21 07:34:09.714623: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:09.714626: | crypto helper 2 replies to request ID 10 Sep 21 07:34:09.714628: | calling continuation function 0x557db2ef5630 Sep 21 07:34:09.714630: | quick_inR1_outI2_continue for #6: calculated ke+nonce, calculating DH Sep 21 07:34:09.714633: | **emit ISAKMP Message: Sep 21 07:34:09.714635: | initiator cookie: Sep 21 07:34:09.714637: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.714638: | responder cookie: Sep 21 07:34:09.714640: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.714641: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.714643: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.714644: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.714646: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.714648: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.714650: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:09.714652: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:09.714653: | ID address c0 00 03 00 Sep 21 07:34:09.714655: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:09.714656: | ID mask ff ff ff 00 Sep 21 07:34:09.714659: | our client is subnet 192.0.3.0/24 Sep 21 07:34:09.714661: | our client protocol/port is 0/0 Sep 21 07:34:09.714662: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:09.714666: | ID address c0 00 02 00 Sep 21 07:34:09.714668: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:09.714669: | ID mask ff ff ff 00 Sep 21 07:34:09.714671: | peer client is subnet 192.0.2.0/24 Sep 21 07:34:09.714673: | peer client protocol/port is 0/0 Sep 21 07:34:09.714674: | ***emit ISAKMP Hash Payload: Sep 21 07:34:09.714676: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.714678: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:09.714680: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.714682: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:09.714683: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:09.714703: | quick_inR1_outI2 HASH(3): Sep 21 07:34:09.714706: | ef 53 7a f1 52 2c 6e dc 23 40 e0 05 03 3a d8 ff Sep 21 07:34:09.714707: | 87 fa ed 74 2d b4 85 ce 55 d7 cc a3 d1 b4 2b be Sep 21 07:34:09.714709: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:09.714710: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:09.714777: | install_ipsec_sa() for #6: inbound and outbound Sep 21 07:34:09.714780: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Sep 21 07:34:09.714781: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.714788: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.714792: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.714794: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.714796: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.714798: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Sep 21 07:34:09.714800: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:09.714802: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:09.714804: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:09.714807: | setting IPsec SA replay-window to 32 Sep 21 07:34:09.714808: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:34:09.714810: | netlink: enabling tunnel mode Sep 21 07:34:09.714812: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:09.714814: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:09.714862: | netlink response for Add SA esp.464c04b5@192.1.2.23 included non-error error Sep 21 07:34:09.714866: | set up outgoing SA, ref=0/0 Sep 21 07:34:09.714869: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:09.714871: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:09.714873: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:09.714875: | setting IPsec SA replay-window to 32 Sep 21 07:34:09.714877: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:34:09.714878: | netlink: enabling tunnel mode Sep 21 07:34:09.714880: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:09.714882: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:09.714917: | netlink response for Add SA esp.62fa2058@192.1.3.33 included non-error error Sep 21 07:34:09.714922: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:09.714928: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:09.714930: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:09.714972: | raw_eroute result=success Sep 21 07:34:09.714976: | set up incoming SA, ref=0/0 Sep 21 07:34:09.714978: | sr for #6: prospective erouted Sep 21 07:34:09.714981: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:09.714983: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.714988: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.714991: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.714994: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.714996: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.715000: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Sep 21 07:34:09.715003: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:north-dpd/0x1 esr:{(nil)} ro:north-dpd/0x1 rosr:{(nil)} and state: #6 Sep 21 07:34:09.715006: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:09.715014: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:09.715017: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:09.715044: | raw_eroute result=success Sep 21 07:34:09.715048: | running updown command "ipsec _updown" for verb up Sep 21 07:34:09.715050: | command executing up-client Sep 21 07:34:09.715082: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.715090: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.715109: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Sep 21 07:34:09.715113: | popen cmd is 1398 chars long Sep 21 07:34:09.715115: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Sep 21 07:34:09.715117: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:34:09.715120: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:34:09.715122: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:34:09.715124: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:34:09.715126: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:34:09.715128: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:34:09.715131: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:34:09.715133: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Sep 21 07:34:09.715136: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:34:09.715139: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Sep 21 07:34:09.715141: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Sep 21 07:34:09.715144: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Sep 21 07:34:09.715147: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Sep 21 07:34:09.715152: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Sep 21 07:34:09.715155: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Sep 21 07:34:09.715158: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x464c04b5: Sep 21 07:34:09.715161: | cmd(1360): SPI_OUT=0x62fa2058 ipsec _updown 2>&1: Sep 21 07:34:09.722432: | route_and_eroute: firewall_notified: true Sep 21 07:34:09.722443: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x557db4591650,sr=0x557db4591650} to #6 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:09.722505: | #1 spent 0.566 milliseconds in install_ipsec_sa() Sep 21 07:34:09.722510: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:09.722512: | no IKEv1 message padding required Sep 21 07:34:09.722513: | emitting length of ISAKMP Message: 76 Sep 21 07:34:09.722530: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #6 (was #0) (spd.eroute=#6) cloned from #1 Sep 21 07:34:09.722532: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:09.722535: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:34:09.722537: | event_schedule: new EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:34:09.722540: | inserting event EVENT_DPD, timeout in 3 seconds for #6 Sep 21 07:34:09.722543: | libevent_malloc: new ptr-libevent@0x7f0dc000ad90 size 128 Sep 21 07:34:09.722546: | complete v1 state transition with STF_OK Sep 21 07:34:09.722551: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:09.722552: | #6 is idle Sep 21 07:34:09.722554: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:09.722556: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:34:09.722559: | child state #6: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:34:09.722561: | event_already_set, deleting event Sep 21 07:34:09.722563: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:09.722566: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:34:09.722568: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4596910 Sep 21 07:34:09.722572: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:09.722576: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:34:09.722578: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.722580: | 08 10 20 01 7c b3 d8 d7 00 00 00 4c 4a 43 e4 20 Sep 21 07:34:09.722581: | 9e 1c 4f 1e fa 0b 1c 35 a6 46 c8 04 a4 65 52 14 Sep 21 07:34:09.722583: | 9b fd 0f ba 36 18 e0 6b 22 c4 b2 dd 16 cb f3 a3 Sep 21 07:34:09.722584: | ae 9d d8 05 76 fb 4e cb 9e 17 be 60 Sep 21 07:34:09.722624: | !event_already_set at reschedule Sep 21 07:34:09.722628: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db4596910 Sep 21 07:34:09.722631: | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #6 Sep 21 07:34:09.722633: | libevent_malloc: new ptr-libevent@0x7f0dc8007500 size 128 Sep 21 07:34:09.722635: | pstats #6 ikev1.ipsec established Sep 21 07:34:09.722638: | NAT-T: encaps is 'auto' Sep 21 07:34:09.722641: "north-dpd/0x1" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x464c04b5 <0x62fa2058 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:34:09.722644: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:09.722645: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:09.722648: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Sep 21 07:34:09.722652: | #6 spent 0.838 milliseconds in resume sending helper answer Sep 21 07:34:09.722656: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:09.722658: | libevent_free: release ptr-libevent@0x7f0dc40036d0 Sep 21 07:34:09.722668: | processing signal PLUTO_SIGCHLD Sep 21 07:34:09.722673: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:09.722675: | spent 0.00391 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:09.932269: | kernel_process_msg_cb process netlink message Sep 21 07:34:09.932288: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:34:09.932296: | spent 0.00898 milliseconds in kernel message Sep 21 07:34:09.932933: | kernel_process_msg_cb process netlink message Sep 21 07:34:09.932945: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:34:09.932950: | spent 0.00641 milliseconds in kernel message Sep 21 07:34:11.953861: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:34:11.953881: | handling event EVENT_RETRANSMIT for child state #4 Sep 21 07:34:11.953892: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:11.953897: | IKEv1 retransmit event Sep 21 07:34:11.953904: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:11.953909: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 7 Sep 21 07:34:11.953918: | retransmits: current time 49898.322178; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.021178 exceeds limit? NO Sep 21 07:34:11.953923: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0db8005860 Sep 21 07:34:11.953928: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #4 Sep 21 07:34:11.953932: | libevent_malloc: new ptr-libevent@0x7f0dc40036d0 size 128 Sep 21 07:34:11.953938: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Sep 21 07:34:11.953946: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:34:11.953950: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.953953: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:34:11.953956: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:34:11.953959: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:34:11.953962: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:34:11.953964: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:34:11.953967: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:34:11.953970: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:34:11.953973: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:34:11.953976: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:34:11.953979: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:34:11.953982: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:34:11.953985: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:34:11.953988: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:34:11.953991: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:34:11.953993: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:34:11.953996: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:34:11.953999: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:34:11.954002: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:34:11.954005: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:34:11.954008: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:34:11.954011: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:34:11.954014: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:34:11.954017: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:34:11.954020: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:34:11.954023: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:34:11.954026: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:34:11.954028: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:34:11.954036: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:34:11.954039: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:34:11.954102: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:34:11.954109: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:34:11.954119: | #4 spent 0.226 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:11.954125: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:11.954130: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:34:11.954134: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:11.954140: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:11.954144: | IKEv1 retransmit event Sep 21 07:34:11.954150: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:11.954155: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 7 Sep 21 07:34:11.954162: | retransmits: current time 49898.322423; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.020821 exceeds limit? NO Sep 21 07:34:11.954166: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:34:11.954170: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #5 Sep 21 07:34:11.954174: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:34:11.954178: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Sep 21 07:34:11.954185: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:34:11.954188: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.954191: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:34:11.954194: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:34:11.954197: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:34:11.954199: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:34:11.954202: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:34:11.954205: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:34:11.954208: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:34:11.954211: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:34:11.954214: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:34:11.954217: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:34:11.954219: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:34:11.954222: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:34:11.954225: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:34:11.954228: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:34:11.954231: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:34:11.954234: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:34:11.954237: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:34:11.954240: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:34:11.954242: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:34:11.954245: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:34:11.954248: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:34:11.954251: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:34:11.954254: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:34:11.954257: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:34:11.954260: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:34:11.954262: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:34:11.954265: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:34:11.954268: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:34:11.954274: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:34:11.954295: | libevent_free: release ptr-libevent@0x7f0dc4007fa0 Sep 21 07:34:11.954299: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db4002b20 Sep 21 07:34:11.954306: | #5 spent 0.165 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:11.954312: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:11.959788: | spent 0.0035 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:11.959815: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:11.959819: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.959823: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:11.959826: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:11.959829: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:11.959832: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:11.959835: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:11.959838: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:11.959841: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:11.959844: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:11.959847: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:11.959851: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:11.959854: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:11.959857: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:11.959860: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:11.959863: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:11.959866: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:11.959870: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:11.959873: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:11.959876: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:11.959879: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:11.959882: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:11.959885: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:11.959888: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:11.959891: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:11.959894: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:11.959897: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:11.959900: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:11.959904: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:11.959907: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:11.959913: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:11.959917: | **parse ISAKMP Message: Sep 21 07:34:11.959921: | initiator cookie: Sep 21 07:34:11.959924: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.959927: | responder cookie: Sep 21 07:34:11.959930: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.959934: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:11.959938: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.959942: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.959945: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.959949: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:11.959952: | length: 460 (0x1cc) Sep 21 07:34:11.959956: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:11.959961: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:11.959968: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:11.959972: | #5 is idle Sep 21 07:34:11.959979: | #5 idle Sep 21 07:34:11.959984: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:11.960004: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:11.960009: | ***parse ISAKMP Hash Payload: Sep 21 07:34:11.960012: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:11.960016: | length: 36 (0x24) Sep 21 07:34:11.960019: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:11.960023: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:11.960027: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.960030: | length: 56 (0x38) Sep 21 07:34:11.960033: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.960037: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:11.960040: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:11.960044: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.960047: | length: 36 (0x24) Sep 21 07:34:11.960050: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.960054: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:11.960057: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.960060: | length: 260 (0x104) Sep 21 07:34:11.960064: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.960067: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.960070: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.960074: | length: 16 (0x10) Sep 21 07:34:11.960077: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.960080: | Protocol ID: 0 (0x0) Sep 21 07:34:11.960083: | port: 0 (0x0) Sep 21 07:34:11.960087: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.960090: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.960094: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.960097: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960100: | length: 16 (0x10) Sep 21 07:34:11.960104: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.960107: | Protocol ID: 0 (0x0) Sep 21 07:34:11.960110: | port: 0 (0x0) Sep 21 07:34:11.960113: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:11.960116: | removing 12 bytes of padding Sep 21 07:34:11.960148: | quick_inR1_outI2 HASH(2): Sep 21 07:34:11.960151: | ec 51 7c f9 83 7f 3e 11 7f 9b 42 e0 87 c7 30 fa Sep 21 07:34:11.960155: | 06 d6 90 75 02 cf de a9 1a 19 9b e4 5b 08 42 bc Sep 21 07:34:11.960158: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:11.960163: | ****parse IPsec DOI SIT: Sep 21 07:34:11.960167: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.960171: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.960174: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960177: | length: 44 (0x2c) Sep 21 07:34:11.960180: | proposal number: 0 (0x0) Sep 21 07:34:11.960184: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.960187: | SPI size: 4 (0x4) Sep 21 07:34:11.960190: | number of transforms: 1 (0x1) Sep 21 07:34:11.960194: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.960197: | SPI 3c 06 be f5 Sep 21 07:34:11.960201: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.960205: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960208: | length: 32 (0x20) Sep 21 07:34:11.960211: | ESP transform number: 0 (0x0) Sep 21 07:34:11.960214: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.960218: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960222: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.960225: | length/value: 14 (0xe) Sep 21 07:34:11.960229: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.960232: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960236: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.960239: | length/value: 1 (0x1) Sep 21 07:34:11.960242: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.960246: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.960252: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960255: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.960258: | length/value: 1 (0x1) Sep 21 07:34:11.960261: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.960265: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960268: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.960271: | length/value: 28800 (0x7080) Sep 21 07:34:11.960275: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960278: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.960281: | length/value: 2 (0x2) Sep 21 07:34:11.960285: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.960288: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.960292: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.960295: | length/value: 128 (0x80) Sep 21 07:34:11.960299: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.960323: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.960336: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.960348: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.960360: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.960364: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:11.960367: | no PreShared Key Found Sep 21 07:34:11.960373: | adding quick outI2 DH work-order 11 for state #5 Sep 21 07:34:11.960377: | state #5 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:11.960381: | #5 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:11.960385: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:34:11.960389: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db4595380 Sep 21 07:34:11.960393: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:34:11.960397: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:11.960401: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:34:11.960411: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:11.960419: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:11.960422: | suspending state #5 and saving MD Sep 21 07:34:11.960430: | #5 is busy; has a suspended MD Sep 21 07:34:11.960420: | crypto helper 3 resuming Sep 21 07:34:11.960439: | #5 spent 0.275 milliseconds in process_packet_tail() Sep 21 07:34:11.960455: | crypto helper 3 starting work-order 11 for state #5 Sep 21 07:34:11.960466: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:11.960479: | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 Sep 21 07:34:11.960488: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:11.960493: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:11.960498: | spent 0.681 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:11.960864: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:11.960883: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:11.960890: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.960894: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:11.960897: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:11.960900: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:11.960903: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:11.960906: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:11.960910: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:11.960913: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:11.960916: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:11.960919: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:11.960922: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:11.960925: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:11.960929: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:11.960932: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:11.960935: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:11.960938: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:11.960941: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:11.960944: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:11.960947: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:11.960950: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:11.960954: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:11.960957: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:11.960960: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:11.960963: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:11.960966: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:11.960970: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:11.960973: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:11.960976: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:11.960979: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:11.960985: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:11.960989: | **parse ISAKMP Message: Sep 21 07:34:11.960992: | initiator cookie: Sep 21 07:34:11.960995: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.960999: | responder cookie: Sep 21 07:34:11.961002: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.961005: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:11.961009: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.961012: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.961015: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.961019: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:11.961022: | length: 460 (0x1cc) Sep 21 07:34:11.961026: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:11.961030: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:11.961037: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:11.961041: | #4 is idle Sep 21 07:34:11.961044: | #4 idle Sep 21 07:34:11.961049: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:11.961062: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:11.961066: | ***parse ISAKMP Hash Payload: Sep 21 07:34:11.961070: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:11.961073: | length: 36 (0x24) Sep 21 07:34:11.961077: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:11.961080: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:11.961083: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.961087: | length: 56 (0x38) Sep 21 07:34:11.961092: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.961095: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:11.961099: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:11.961102: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.961105: | length: 36 (0x24) Sep 21 07:34:11.961109: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.961112: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:11.961115: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.961118: | length: 260 (0x104) Sep 21 07:34:11.961122: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.961125: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.961129: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.961132: | length: 16 (0x10) Sep 21 07:34:11.961136: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.961139: | Protocol ID: 0 (0x0) Sep 21 07:34:11.961142: | port: 0 (0x0) Sep 21 07:34:11.961145: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.961149: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.961152: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.961156: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.961159: | length: 16 (0x10) Sep 21 07:34:11.961162: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.961165: | Protocol ID: 0 (0x0) Sep 21 07:34:11.961168: | port: 0 (0x0) Sep 21 07:34:11.961171: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:11.961174: | removing 12 bytes of padding Sep 21 07:34:11.961202: | quick_inR1_outI2 HASH(2): Sep 21 07:34:11.961206: | 6d 02 cd dd 32 95 6f 3b 37 b9 f8 a7 7d ad d6 3d Sep 21 07:34:11.961209: | 7e ae d3 8f b1 1f e8 ca 86 a3 ed d1 06 0c 90 44 Sep 21 07:34:11.961212: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:11.961217: | ****parse IPsec DOI SIT: Sep 21 07:34:11.961221: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.961225: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.961228: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.961231: | length: 44 (0x2c) Sep 21 07:34:11.961234: | proposal number: 0 (0x0) Sep 21 07:34:11.961238: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.961241: | SPI size: 4 (0x4) Sep 21 07:34:11.961243: | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 time elapsed 0.000765 seconds Sep 21 07:34:11.961244: | number of transforms: 1 (0x1) Sep 21 07:34:11.961263: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.961266: | SPI de 04 92 97 Sep 21 07:34:11.961273: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.961255: | (#5) spent 0.762 milliseconds in crypto helper computing work-order 11: quick outI2 DH (pcr) Sep 21 07:34:11.961279: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.961289: | crypto helper 3 sending results from work-order 11 for state #5 to event queue Sep 21 07:34:11.961296: | length: 32 (0x20) Sep 21 07:34:11.961302: | scheduling resume sending helper answer for #5 Sep 21 07:34:11.961309: | ESP transform number: 0 (0x0) Sep 21 07:34:11.961316: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:11.961322: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.961332: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:11.961332: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961343: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.961346: | length/value: 14 (0xe) Sep 21 07:34:11.961350: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.961353: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961357: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.961360: | length/value: 1 (0x1) Sep 21 07:34:11.961363: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.961367: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.961373: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961376: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.961380: | length/value: 1 (0x1) Sep 21 07:34:11.961383: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.961386: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961390: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.961393: | length/value: 28800 (0x7080) Sep 21 07:34:11.961396: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961400: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.961403: | length/value: 2 (0x2) Sep 21 07:34:11.961406: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.961410: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.961413: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.961416: | length/value: 128 (0x80) Sep 21 07:34:11.961420: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.961443: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.961455: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.961467: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.961479: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.961483: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:11.961486: | no PreShared Key Found Sep 21 07:34:11.961491: | adding quick outI2 DH work-order 12 for state #4 Sep 21 07:34:11.961495: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:11.961498: | #4 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:11.961503: | libevent_free: release ptr-libevent@0x7f0dc40036d0 Sep 21 07:34:11.961507: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0db8005860 Sep 21 07:34:11.961510: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0db8005860 Sep 21 07:34:11.961515: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:11.961519: | libevent_malloc: new ptr-libevent@0x7f0dc40036d0 size 128 Sep 21 07:34:11.961527: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:11.961534: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:11.961537: | suspending state #4 and saving MD Sep 21 07:34:11.961541: | #4 is busy; has a suspended MD Sep 21 07:34:11.961547: | #4 spent 0.312 milliseconds in process_packet_tail() Sep 21 07:34:11.961553: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:11.961559: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:11.961563: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:11.961562: | crypto helper 4 resuming Sep 21 07:34:11.961573: | spent 0.682 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:11.961583: | crypto helper 4 starting work-order 12 for state #4 Sep 21 07:34:11.961593: | processing resume sending helper answer for #5 Sep 21 07:34:11.961595: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 Sep 21 07:34:11.961600: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.961607: | crypto helper 3 replies to request ID 11 Sep 21 07:34:11.961610: | calling continuation function 0x557db2ef5630 Sep 21 07:34:11.961614: | quick_inR1_outI2_continue for #5: calculated ke+nonce, calculating DH Sep 21 07:34:11.961620: | **emit ISAKMP Message: Sep 21 07:34:11.961624: | initiator cookie: Sep 21 07:34:11.961627: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.961630: | responder cookie: Sep 21 07:34:11.961633: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.961637: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.961640: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.961643: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.961647: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.961650: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:11.961654: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:11.961659: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.961662: | ID address c0 00 03 00 Sep 21 07:34:11.961666: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.961669: | ID mask ff ff ff 00 Sep 21 07:34:11.961674: | our client is subnet 192.0.3.0/24 Sep 21 07:34:11.961678: | our client protocol/port is 0/0 Sep 21 07:34:11.961682: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.961685: | ID address c0 00 02 00 Sep 21 07:34:11.961688: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.961691: | ID mask ff ff ff 00 Sep 21 07:34:11.961696: | peer client is subnet 192.0.2.0/24 Sep 21 07:34:11.961699: | peer client protocol/port is 0/0 Sep 21 07:34:11.961703: | ***emit ISAKMP Hash Payload: Sep 21 07:34:11.961706: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.961710: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:11.961714: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.961718: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:11.961722: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:11.961746: | quick_inR1_outI2 HASH(3): Sep 21 07:34:11.961750: | 91 54 59 c4 f8 a6 00 b3 36 2a d7 ac 66 d0 9c 1d Sep 21 07:34:11.961753: | 77 02 e9 be f6 59 08 f8 7c d5 17 bb 2f b7 4f 12 Sep 21 07:34:11.961757: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:11.961760: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:11.961908: | install_ipsec_sa() for #5: inbound and outbound Sep 21 07:34:11.961917: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Sep 21 07:34:11.961920: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.961924: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.961928: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.961932: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.961935: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.961941: | route owner of "north-dpd/0x1" erouted: self; eroute owner: self Sep 21 07:34:11.961945: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.961949: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.961953: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.961958: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.961962: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:34:11.961966: | netlink: enabling tunnel mode Sep 21 07:34:11.961970: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.961973: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.962052: | netlink response for Add SA esp.3c06bef5@192.1.2.23 included non-error error Sep 21 07:34:11.962061: | set up outgoing SA, ref=0/0 Sep 21 07:34:11.962065: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.962069: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.962073: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.962077: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.962081: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Sep 21 07:34:11.962084: | netlink: enabling tunnel mode Sep 21 07:34:11.962088: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.962091: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.962147: "north-dpd/0x1" #5: ERROR: netlink response for Add SA esp.458a72ab@192.1.3.33 included errno 3: No such process Sep 21 07:34:11.962152: "north-dpd/0x1" #5: setup_half_ipsec_sa() hit fail: Sep 21 07:34:11.962156: | complete v1 state transition with STF_INTERNAL_ERROR Sep 21 07:34:11.962163: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:11.962166: | #5 is idle Sep 21 07:34:11.962241: | state transition function for STATE_QUICK_I1 had internal error Sep 21 07:34:11.962247: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:34:11.962254: | #5 spent 0.638 milliseconds in resume sending helper answer Sep 21 07:34:11.962261: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.962265: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:11.962489: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 time elapsed 0.000892 seconds Sep 21 07:34:11.962501: | (#4) spent 0.897 milliseconds in crypto helper computing work-order 12: quick outI2 DH (pcr) Sep 21 07:34:11.962506: | crypto helper 4 sending results from work-order 12 for state #4 to event queue Sep 21 07:34:11.962510: | scheduling resume sending helper answer for #4 Sep 21 07:34:11.962514: | libevent_malloc: new ptr-libevent@0x7f0dbc000b50 size 128 Sep 21 07:34:11.962524: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:11.962530: | processing resume sending helper answer for #4 Sep 21 07:34:11.962537: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.962542: | crypto helper 4 replies to request ID 12 Sep 21 07:34:11.962545: | calling continuation function 0x557db2ef5630 Sep 21 07:34:11.962548: | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH Sep 21 07:34:11.962554: | **emit ISAKMP Message: Sep 21 07:34:11.962557: | initiator cookie: Sep 21 07:34:11.962560: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.962563: | responder cookie: Sep 21 07:34:11.962566: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.962570: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.962573: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.962577: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.962580: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.962584: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:11.962587: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:11.962592: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.962595: | ID address c0 00 03 00 Sep 21 07:34:11.962598: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.962601: | ID mask ff ff ff 00 Sep 21 07:34:11.962607: | our client is subnet 192.0.3.0/24 Sep 21 07:34:11.962610: | our client protocol/port is 0/0 Sep 21 07:34:11.962614: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.962617: | ID address c0 00 16 00 Sep 21 07:34:11.962624: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.962627: | ID mask ff ff ff 00 Sep 21 07:34:11.962631: | peer client is subnet 192.0.22.0/24 Sep 21 07:34:11.962635: | peer client protocol/port is 0/0 Sep 21 07:34:11.962638: | ***emit ISAKMP Hash Payload: Sep 21 07:34:11.962642: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.962646: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:11.962650: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.962654: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:11.962657: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:11.962682: | quick_inR1_outI2 HASH(3): Sep 21 07:34:11.962686: | e6 47 3b 80 c4 b8 14 a9 61 2b df b2 a5 a6 3e 65 Sep 21 07:34:11.962697: | f9 1c 37 4b 6d 20 c1 7f 3f 09 2a fb 46 a4 68 91 Sep 21 07:34:11.962703: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:11.962706: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:11.962836: | install_ipsec_sa() for #4: inbound and outbound Sep 21 07:34:11.962844: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Sep 21 07:34:11.962847: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.962851: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.962855: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.962859: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.962862: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.962867: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Sep 21 07:34:11.962871: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.962875: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.962879: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.962884: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.962888: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:34:11.962891: | netlink: enabling tunnel mode Sep 21 07:34:11.962895: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.962898: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.962959: | netlink response for Add SA esp.de049297@192.1.2.23 included non-error error Sep 21 07:34:11.962964: | set up outgoing SA, ref=0/0 Sep 21 07:34:11.962968: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.962971: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.962975: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.962980: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.962983: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:34:11.962986: | netlink: enabling tunnel mode Sep 21 07:34:11.962990: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.962993: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.963047: "north-dpd/0x2" #4: ERROR: netlink response for Add SA esp.6c70d87f@192.1.3.33 included errno 3: No such process Sep 21 07:34:11.963051: "north-dpd/0x2" #4: setup_half_ipsec_sa() hit fail: Sep 21 07:34:11.963055: | complete v1 state transition with STF_INTERNAL_ERROR Sep 21 07:34:11.963062: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:11.963065: | #4 is idle Sep 21 07:34:11.963126: | state transition function for STATE_QUICK_I1 had internal error Sep 21 07:34:11.963132: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:34:11.963138: | #4 spent 0.584 milliseconds in resume sending helper answer Sep 21 07:34:11.963149: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.963154: | libevent_free: release ptr-libevent@0x7f0dbc000b50 Sep 21 07:34:12.459794: | spent 0.00454 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.459822: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.459827: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.459831: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:12.459834: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:12.459836: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:12.459839: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:12.459841: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:12.459844: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:12.459846: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:12.459849: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:12.459851: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:12.459854: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:12.459856: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:12.459858: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:12.459861: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:12.459863: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:12.459866: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:12.459868: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:12.459871: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:12.459873: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:12.459876: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:12.459878: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:12.459881: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:12.459883: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:12.459886: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:12.459888: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:12.459890: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:12.459893: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:12.459895: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:12.459898: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:12.459903: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.459907: | **parse ISAKMP Message: Sep 21 07:34:12.459910: | initiator cookie: Sep 21 07:34:12.459913: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:12.459915: | responder cookie: Sep 21 07:34:12.459918: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.459921: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.459924: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.459927: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.459930: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.459933: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:12.459935: | length: 460 (0x1cc) Sep 21 07:34:12.459939: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.459944: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.459950: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.459953: | #5 is idle Sep 21 07:34:12.459955: | #5 idle Sep 21 07:34:12.459960: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:12.459965: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.459975: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.459978: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.459983: | spent 0.171 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.462105: | spent 0.00348 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.462130: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.462134: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.462137: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:12.462139: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:12.462142: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:12.462144: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:12.462147: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:12.462149: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:12.462152: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:12.462154: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:12.462157: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:12.462159: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:12.462161: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:12.462164: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:12.462166: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:12.462169: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:12.462171: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:12.462174: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:12.462176: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:12.462179: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:12.462181: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:12.462184: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:12.462186: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:12.462189: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:12.462191: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:12.462194: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:12.462196: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:12.462199: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:12.462201: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:12.462203: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:12.462209: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.462212: | **parse ISAKMP Message: Sep 21 07:34:12.462215: | initiator cookie: Sep 21 07:34:12.462218: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:12.462220: | responder cookie: Sep 21 07:34:12.462223: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.462226: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.462229: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.462231: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.462234: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.462237: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:12.462240: | length: 460 (0x1cc) Sep 21 07:34:12.462243: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.462248: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.462254: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.462257: | #4 is idle Sep 21 07:34:12.462259: | #4 idle Sep 21 07:34:12.462263: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:12.462272: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.462277: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.462280: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.462285: | spent 0.165 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.715587: | timer_event_cb: processing event@0x7f0dc40041c0 Sep 21 07:34:12.715600: | handling event EVENT_DPD for child state #6 Sep 21 07:34:12.715606: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.715610: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:12.715612: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:12.715615: | DPD: no need to send or schedule DPD for replaced IPsec SA Sep 21 07:34:12.715617: | libevent_free: release ptr-libevent@0x7f0dc000ad90 Sep 21 07:34:12.715619: | free_event_entry: release EVENT_DPD-pe@0x7f0dc40041c0 Sep 21 07:34:12.715625: | #6 spent 0.0401 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:12.715628: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:12.960492: | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.960528: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.960531: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.960534: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:12.960536: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:12.960538: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:12.960540: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:12.960542: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:12.960544: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:12.960547: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:12.960549: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:12.960551: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:12.960553: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:12.960556: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:12.960558: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:12.960560: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:12.960562: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:12.960564: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:12.960567: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:12.960569: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:12.960571: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:12.960574: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:12.960576: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:12.960578: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:12.960580: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:12.960582: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:12.960584: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:12.960586: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:12.960588: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:12.960590: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:12.960592: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:12.960597: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.960601: | **parse ISAKMP Message: Sep 21 07:34:12.960604: | initiator cookie: Sep 21 07:34:12.960606: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:12.960610: | responder cookie: Sep 21 07:34:12.960613: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.960615: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.960618: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.960621: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.960623: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.960625: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:12.960628: | length: 460 (0x1cc) Sep 21 07:34:12.960631: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.960635: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.960641: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.960643: | #5 is idle Sep 21 07:34:12.960646: | #5 idle Sep 21 07:34:12.960650: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:12.960654: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.960659: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.960662: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.960666: | spent 0.16 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.963761: | spent 0.00259 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.963778: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.963780: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.963782: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:12.963789: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:12.963792: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:12.963794: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:12.963796: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:12.963797: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:12.963799: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:12.963800: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:12.963801: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:12.963803: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:12.963804: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:12.963806: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:12.963807: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:12.963808: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:12.963810: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:12.963811: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:12.963812: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:12.963814: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:12.963815: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:12.963817: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:12.963818: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:12.963819: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:12.963821: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:12.963822: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:12.963823: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:12.963825: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:12.963826: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:12.963827: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:12.963831: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.963833: | **parse ISAKMP Message: Sep 21 07:34:12.963837: | initiator cookie: Sep 21 07:34:12.963838: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:12.963840: | responder cookie: Sep 21 07:34:12.963841: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.963843: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.963845: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.963846: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.963848: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.963850: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:12.963851: | length: 460 (0x1cc) Sep 21 07:34:12.963853: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.963856: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.963860: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.963861: | #4 is idle Sep 21 07:34:12.963863: | #4 idle Sep 21 07:34:12.963865: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:12.963868: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.963871: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.963873: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.963876: | spent 0.101 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:13.961008: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:13.961029: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:13.961033: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.961035: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:13.961037: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:13.961039: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:13.961041: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:13.961043: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:13.961046: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:13.961048: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:13.961050: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:13.961053: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:13.961055: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:13.961057: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:13.961059: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:13.961061: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:13.961063: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:13.961065: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:13.961067: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:13.961069: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:13.961071: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:13.961073: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:13.961075: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:13.961077: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:13.961079: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:13.961081: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:13.961083: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:13.961085: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:13.961088: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:13.961090: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:13.961092: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:13.961097: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:13.961103: | **parse ISAKMP Message: Sep 21 07:34:13.961106: | initiator cookie: Sep 21 07:34:13.961108: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:13.961110: | responder cookie: Sep 21 07:34:13.961111: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.961114: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:13.961116: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:13.961119: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:13.961121: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:13.961123: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:13.961125: | length: 460 (0x1cc) Sep 21 07:34:13.961128: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:13.961133: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:13.961138: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:13.961141: | #5 is idle Sep 21 07:34:13.961144: | #5 idle Sep 21 07:34:13.961148: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:13.961152: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:13.961156: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:13.961159: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:13.961163: | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:13.964332: | spent 0.00258 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:13.964349: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:13.964352: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.964353: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:13.964355: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:13.964356: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:13.964358: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:13.964359: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:13.964360: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:13.964362: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:13.964364: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:13.964367: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:13.964369: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:13.964371: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:13.964373: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:13.964375: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:13.964376: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:13.964378: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:13.964379: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:13.964380: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:13.964382: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:13.964383: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:13.964385: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:13.964386: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:13.964387: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:13.964389: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:13.964390: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:13.964391: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:13.964393: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:13.964394: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:13.964398: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:13.964401: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:13.964403: | **parse ISAKMP Message: Sep 21 07:34:13.964405: | initiator cookie: Sep 21 07:34:13.964407: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:13.964408: | responder cookie: Sep 21 07:34:13.964409: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.964411: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:13.964413: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:13.964415: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:13.964416: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:13.964418: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:13.964419: | length: 460 (0x1cc) Sep 21 07:34:13.964421: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:13.964424: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:13.964428: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:13.964432: | #4 is idle Sep 21 07:34:13.964434: | #4 idle Sep 21 07:34:13.964437: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:13.964441: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:13.964444: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:13.964446: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:13.964450: | spent 0.107 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:15.962971: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:15.963007: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:15.963010: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.963013: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:15.963015: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:15.963017: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:15.963019: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:15.963021: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:15.963024: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:15.963026: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:15.963028: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:15.963030: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:15.963032: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:15.963034: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:15.963036: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:15.963038: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:15.963040: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:15.963043: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:15.963045: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:15.963047: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:15.963049: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:15.963051: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:15.963053: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:15.963056: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:15.963058: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:15.963060: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:15.963062: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:15.963064: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:15.963066: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:15.963072: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:15.963074: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:15.963078: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:15.963083: | **parse ISAKMP Message: Sep 21 07:34:15.963085: | initiator cookie: Sep 21 07:34:15.963087: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:15.963089: | responder cookie: Sep 21 07:34:15.963091: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.963094: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:15.963097: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:15.963114: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:15.963116: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:15.963119: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:15.963121: | length: 460 (0x1cc) Sep 21 07:34:15.963124: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:15.963129: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:15.963134: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:15.963137: | #5 is idle Sep 21 07:34:15.963139: | #5 idle Sep 21 07:34:15.963143: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:15.963147: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:15.963152: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:15.963155: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:15.963159: | spent 0.174 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:15.965167: | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:15.965186: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:15.965189: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.965192: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:15.965207: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:15.965209: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:15.965211: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:15.965213: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:15.965215: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:15.965218: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:15.965220: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:15.965222: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:15.965224: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:15.965226: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:15.965229: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:15.965231: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:15.965233: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:15.965235: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:15.965237: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:15.965239: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:15.965241: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:15.965244: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:15.965246: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:15.965248: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:15.965250: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:15.965252: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:15.965254: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:15.965257: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:15.965261: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:15.965263: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:15.965265: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:15.965270: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:15.965273: | **parse ISAKMP Message: Sep 21 07:34:15.965275: | initiator cookie: Sep 21 07:34:15.965277: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:15.965280: | responder cookie: Sep 21 07:34:15.965282: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.965284: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:15.965287: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:15.965289: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:15.965292: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:15.965294: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:15.965296: | length: 460 (0x1cc) Sep 21 07:34:15.965299: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:15.965303: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:15.965308: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:15.965311: | #4 is idle Sep 21 07:34:15.965313: | #4 idle Sep 21 07:34:15.965317: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:15.965321: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:15.965326: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:15.965328: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:15.965332: | spent 0.153 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:19.966986: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:19.967005: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:19.967007: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.967009: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:19.967010: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:19.967011: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:19.967013: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:19.967014: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:19.967016: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:19.967017: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:19.967018: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:19.967020: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:19.967021: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:19.967023: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:19.967024: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:19.967025: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:19.967027: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:19.967028: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:19.967029: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:19.967031: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:19.967032: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:19.967034: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:19.967035: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:19.967036: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:19.967038: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:19.967039: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:19.967043: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:19.967044: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:19.967045: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:19.967047: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:19.967048: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:19.967051: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:19.967054: | **parse ISAKMP Message: Sep 21 07:34:19.967056: | initiator cookie: Sep 21 07:34:19.967057: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:19.967059: | responder cookie: Sep 21 07:34:19.967060: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.967062: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:19.967064: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:19.967066: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:19.967068: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:19.967069: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:19.967071: | length: 460 (0x1cc) Sep 21 07:34:19.967073: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:19.967076: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:19.967080: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:19.967081: | #5 is idle Sep 21 07:34:19.967083: | #5 idle Sep 21 07:34:19.967085: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:19.967088: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:19.967091: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:19.967093: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:19.967096: | spent 0.0982 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:19.967101: | spent 0.00103 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:19.967106: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:19.967108: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.967109: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:19.967111: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:19.967112: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:19.967113: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:19.967115: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:19.967116: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:19.967117: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:19.967119: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:19.967120: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:19.967122: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:19.967123: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:19.967124: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:19.967126: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:19.967127: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:19.967128: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:19.967130: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:19.967131: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:19.967132: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:19.967134: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:19.967135: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:19.967137: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:19.967138: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:19.967140: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:19.967142: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:19.967143: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:19.967144: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:19.967146: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:19.967147: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:19.967149: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:19.967151: | **parse ISAKMP Message: Sep 21 07:34:19.967153: | initiator cookie: Sep 21 07:34:19.967154: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:19.967155: | responder cookie: Sep 21 07:34:19.967157: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.967158: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:19.967160: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:19.967161: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:19.967163: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:19.967164: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:19.967166: | length: 460 (0x1cc) Sep 21 07:34:19.967168: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:19.967170: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:19.967172: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:19.967174: | #4 is idle Sep 21 07:34:19.967175: | #4 idle Sep 21 07:34:19.967177: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:19.967180: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:19.967182: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:19.967184: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:19.967186: | spent 0.0826 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:20.794459: | kernel_process_msg_cb process netlink message Sep 21 07:34:20.794484: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:34:20.794488: | xfrm netlink msg len 376 Sep 21 07:34:20.794490: | xfrm acquire rtattribute type 5 Sep 21 07:34:20.794492: | xfrm acquire rtattribute type 16 Sep 21 07:34:20.794504: | add bare shunt 0x557db459e6f0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:20.794510: initiate on demand from 192.0.3.254:8 to 192.0.22.254:0 proto=1 because: acquire Sep 21 07:34:20.794515: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.254:1/0 Sep 21 07:34:20.794518: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:34:20.794524: | find_connection: conn "north-dpd/0x2" has compatible peers: 192.0.3.0/24:0 -> 192.0.22.0/24:0 [pri: 25214986] Sep 21 07:34:20.794527: | find_connection: first OK "north-dpd/0x2" [pri:25214986]{0x557db459ab30} (child none) Sep 21 07:34:20.794530: | find_connection: concluding with "north-dpd/0x2" [pri:25214986]{0x557db459ab30} kind=CK_PERMANENT Sep 21 07:34:20.794533: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:34:20.794535: | assign_holdpass() need broad(er) shunt Sep 21 07:34:20.794538: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:20.794544: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:34:20.794547: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:34:20.794550: | raw_eroute result=success Sep 21 07:34:20.794552: | assign_holdpass() eroute_connection() done Sep 21 07:34:20.794554: | fiddle_bare_shunt called Sep 21 07:34:20.794556: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:34:20.794558: | removing specific host-to-host bare shunt Sep 21 07:34:20.794572: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.254/32:0 => %hold (raw_eroute) Sep 21 07:34:20.794575: | netlink_raw_eroute: SPI_PASS Sep 21 07:34:20.794587: | raw_eroute result=success Sep 21 07:34:20.794591: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:34:20.794596: | delete bare shunt 0x557db459e6f0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:20.794599: assign_holdpass() delete_bare_shunt() failed Sep 21 07:34:20.794601: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:34:20.794604: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:20.794610: | creating state object #7 at 0x557db45c0c80 Sep 21 07:34:20.794612: | State DB: adding IKEv1 state #7 in UNDEFINED Sep 21 07:34:20.794615: | pstats #7 ikev1.ipsec started Sep 21 07:34:20.794617: | duplicating state object #1 "north-dpd/0x2" as #7 for IPSEC SA Sep 21 07:34:20.794620: | #7 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:20.794625: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:20.794635: | child state #7: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:20.794639: "north-dpd/0x2" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:fc42ec12 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:20.794642: | adding quick_outI1 KE work-order 13 for state #7 Sep 21 07:34:20.794644: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc40041c0 Sep 21 07:34:20.794647: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:34:20.794649: | libevent_malloc: new ptr-libevent@0x7f0dc000ad90 size 128 Sep 21 07:34:20.794658: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:20.794660: | crypto helper 6 resuming Sep 21 07:34:20.794662: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.254 Sep 21 07:34:20.794668: | crypto helper 6 starting work-order 13 for state #7 Sep 21 07:34:20.794673: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 13 Sep 21 07:34:20.794675: | spent 0.191 milliseconds in kernel message Sep 21 07:34:20.795326: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000653 seconds Sep 21 07:34:20.795336: | (#7) spent 0.623 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Sep 21 07:34:20.795338: | crypto helper 6 sending results from work-order 13 for state #7 to event queue Sep 21 07:34:20.795340: | scheduling resume sending helper answer for #7 Sep 21 07:34:20.795342: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:20.795348: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:20.795357: | processing resume sending helper answer for #7 Sep 21 07:34:20.795364: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:20.795367: | crypto helper 6 replies to request ID 13 Sep 21 07:34:20.795368: | calling continuation function 0x557db2ef5630 Sep 21 07:34:20.795370: | quick_outI1_continue for #7: calculated ke+nonce, sending I1 Sep 21 07:34:20.795374: | **emit ISAKMP Message: Sep 21 07:34:20.795376: | initiator cookie: Sep 21 07:34:20.795378: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.795379: | responder cookie: Sep 21 07:34:20.795380: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.795382: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.795384: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.795386: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.795388: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.795389: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.795391: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:20.795395: | ***emit ISAKMP Hash Payload: Sep 21 07:34:20.795397: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.795399: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:20.795401: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.795403: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:20.795405: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:20.795406: | emitting quick defaults using policy none Sep 21 07:34:20.795408: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:20.795411: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:20.795412: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:20.795414: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:20.795416: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:20.795417: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:20.795419: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.795421: | ****emit IPsec DOI SIT: Sep 21 07:34:20.795422: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:20.795424: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:20.795426: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:20.795427: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:20.795429: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.795431: | proposal number: 0 (0x0) Sep 21 07:34:20.795432: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:20.795434: | SPI size: 4 (0x4) Sep 21 07:34:20.795435: | number of transforms: 2 (0x2) Sep 21 07:34:20.795437: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:20.795448: | netlink_get_spi: allocated 0x5f2e4cf3 for esp.0@192.1.3.33 Sep 21 07:34:20.795451: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:20.795452: | SPI 5f 2e 4c f3 Sep 21 07:34:20.795454: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:20.795455: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:20.795457: | ESP transform number: 0 (0x0) Sep 21 07:34:20.795458: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:20.795460: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:20.795462: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795464: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:20.795465: | length/value: 14 (0xe) Sep 21 07:34:20.795467: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:20.795468: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795470: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:20.795471: | length/value: 1 (0x1) Sep 21 07:34:20.795473: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:20.795474: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795476: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:20.795477: | length/value: 1 (0x1) Sep 21 07:34:20.795479: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:20.795480: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795482: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:20.795483: | length/value: 28800 (0x7080) Sep 21 07:34:20.795485: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795486: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:20.795487: | length/value: 2 (0x2) Sep 21 07:34:20.795489: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:20.795490: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795492: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:20.795495: | length/value: 128 (0x80) Sep 21 07:34:20.795496: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:20.795498: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:20.795499: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.795501: | ESP transform number: 1 (0x1) Sep 21 07:34:20.795502: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:20.795504: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:20.795506: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:20.795507: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795509: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:20.795510: | length/value: 14 (0xe) Sep 21 07:34:20.795511: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:20.795513: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795514: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:20.795516: | length/value: 1 (0x1) Sep 21 07:34:20.795517: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:20.795518: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795520: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:20.795521: | length/value: 1 (0x1) Sep 21 07:34:20.795523: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:20.795524: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795525: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:20.795527: | length/value: 28800 (0x7080) Sep 21 07:34:20.795528: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:20.795530: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:20.795531: | length/value: 2 (0x2) Sep 21 07:34:20.795532: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:20.795534: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:20.795535: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:20.795537: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:20.795538: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:20.795540: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:20.795542: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:20.795544: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:20.795546: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:20.795547: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:20.795549: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.795551: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:20.795552: | Ni f9 fd 45 ec 85 06 39 c0 63 f4 a7 e8 af 95 e7 f8 Sep 21 07:34:20.795554: | Ni ef f4 3b 90 74 58 ad e9 5e 7a b1 a8 53 ef a4 07 Sep 21 07:34:20.795555: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:20.795557: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:20.795559: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.795560: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:20.795562: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:20.795564: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.795566: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:20.795567: | keyex value 6e f7 b3 65 10 ba c5 80 a2 d0 d6 a1 5e 61 77 53 Sep 21 07:34:20.795568: | keyex value e4 7e 57 f8 69 16 15 ad 3d 7e 5c 11 e2 d1 a6 42 Sep 21 07:34:20.795571: | keyex value 9e 24 dc 92 01 14 5b 0f af ce 70 cb 9f bf 66 49 Sep 21 07:34:20.795572: | keyex value d6 5c cc 35 46 e4 7b e5 00 58 95 10 b7 88 f8 95 Sep 21 07:34:20.795573: | keyex value f1 5f 22 dc 08 95 35 91 a3 70 19 e9 ca 8e 5d 1c Sep 21 07:34:20.795575: | keyex value d5 e4 a6 37 9a 0c 56 e9 f3 8c 5a 8f 0f 4c 96 ec Sep 21 07:34:20.795576: | keyex value f7 a7 92 25 86 d5 30 64 c6 85 e0 72 20 03 a2 dc Sep 21 07:34:20.795578: | keyex value 54 68 ae db 95 ce af ff 67 cf 1e e2 47 38 90 58 Sep 21 07:34:20.795579: | keyex value 9b a5 6a a4 39 81 54 aa fb dc 19 26 23 f7 b9 85 Sep 21 07:34:20.795580: | keyex value 07 bd 69 b3 e6 d1 15 b8 09 ba b0 bd 01 96 52 d3 Sep 21 07:34:20.795582: | keyex value 07 8e de 58 60 98 d3 4b de c8 73 61 b7 a4 73 1b Sep 21 07:34:20.795583: | keyex value f0 50 a2 fd 0b 7f 88 93 ee 06 47 db 89 bf 96 55 Sep 21 07:34:20.795584: | keyex value fa 38 08 4c d0 b6 c7 ef 85 4e dc 79 c6 a5 48 4b Sep 21 07:34:20.795586: | keyex value c7 a8 00 be 4d 64 3a 63 d4 2f 1f 9c 21 e3 e8 17 Sep 21 07:34:20.795587: | keyex value 5d d3 43 20 44 d7 c1 03 c7 08 92 34 b2 3a 5f 19 Sep 21 07:34:20.795589: | keyex value 9a 34 eb dc 90 f3 09 96 ae 4f 18 36 a4 6c 7c d0 Sep 21 07:34:20.795590: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:20.795592: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.795593: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.795595: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.795596: | Protocol ID: 0 (0x0) Sep 21 07:34:20.795598: | port: 0 (0x0) Sep 21 07:34:20.795599: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:20.795601: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:20.795603: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:20.795605: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.795606: | client network c0 00 03 00 Sep 21 07:34:20.795608: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.795609: | client mask ff ff ff 00 Sep 21 07:34:20.795611: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:20.795612: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.795614: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.795615: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.795616: | Protocol ID: 0 (0x0) Sep 21 07:34:20.795618: | port: 0 (0x0) Sep 21 07:34:20.795620: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:20.795621: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:20.795623: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.795624: | client network c0 00 16 00 Sep 21 07:34:20.795626: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.795627: | client mask ff ff ff 00 Sep 21 07:34:20.795629: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:20.795649: | outI1 HASH(1): Sep 21 07:34:20.795651: | 7c 4c 3c 11 6c f6 e9 de dc f6 bc 16 b6 08 44 25 Sep 21 07:34:20.795652: | 26 ea a7 cd b7 19 a7 1c 8a a3 be 4f 76 fc 9e e1 Sep 21 07:34:20.795658: | no IKEv1 message padding required Sep 21 07:34:20.795659: | emitting length of ISAKMP Message: 476 Sep 21 07:34:20.795670: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Sep 21 07:34:20.795672: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.795675: | 08 10 20 01 fc 42 ec 12 00 00 01 dc 40 88 2d 9c Sep 21 07:34:20.795676: | e4 fd ad 67 5a 96 d1 ec 2b 14 b3 0e e6 3a d9 16 Sep 21 07:34:20.795678: | c0 ba c4 99 3e c2 b8 ab b1 df d8 3f eb 56 98 43 Sep 21 07:34:20.795679: | 5c 41 98 98 b2 1d 3d 55 3f c8 ae f5 6b de 71 b9 Sep 21 07:34:20.795680: | ac 4d 1f 98 98 95 b1 0c 5f 3c 30 4d 13 0c 44 11 Sep 21 07:34:20.795682: | 28 60 71 e4 52 b4 c0 50 54 3f fe 10 1f b2 1e 3d Sep 21 07:34:20.795683: | c6 7b ab be 88 9b 3d b4 cb af 71 28 a5 fa d4 38 Sep 21 07:34:20.795684: | b6 a7 37 27 09 57 1e 30 a4 52 5b f6 72 95 89 2d Sep 21 07:34:20.795686: | 17 c4 09 fb f4 76 51 25 5c c6 6d ca 8e 7d 3f 0d Sep 21 07:34:20.795687: | db 9f c6 49 3b 7b c7 d1 93 bf 02 b3 d0 ea f7 25 Sep 21 07:34:20.795688: | cb b2 72 d0 f6 c6 d5 29 97 a5 46 86 d5 3f 60 84 Sep 21 07:34:20.795690: | 6f 4e 4c 2a e2 c7 6b 24 6e e9 10 2d 09 9d 9b 2d Sep 21 07:34:20.795691: | 8f 55 69 b0 35 86 01 b7 2b 31 2f e2 e9 66 ce e9 Sep 21 07:34:20.795692: | f6 c9 6e 14 3a f7 03 7e 7a 0f 96 dd bf 3f 2a 7f Sep 21 07:34:20.795694: | 0a 57 69 62 99 ca 65 1b af fc 62 df f9 e2 bf 1b Sep 21 07:34:20.795695: | 38 a1 75 f3 a1 dd 5a 8e 26 1a df 8e 8a 49 1e 34 Sep 21 07:34:20.795696: | 0e 9e 03 cc e5 66 07 97 27 9e ca f6 e8 0f 6e 0c Sep 21 07:34:20.795698: | d9 b9 2d a9 c9 80 37 e0 34 dc a6 c8 98 07 a1 84 Sep 21 07:34:20.795699: | 8e d9 e7 ec b5 34 a9 9b e4 9e f0 63 d8 06 c4 a0 Sep 21 07:34:20.795700: | 77 ef be 0e 27 62 6b 76 02 46 0f 66 c2 17 e2 a6 Sep 21 07:34:20.795702: | d1 0f 0a 35 3d bd e3 ad 09 d9 1e 45 bd a0 9c 4c Sep 21 07:34:20.795703: | cd cc e5 50 60 59 3d a8 77 36 79 ff 44 66 18 25 Sep 21 07:34:20.795704: | 68 d7 0a 49 18 ca 92 e4 1d 84 01 d9 a1 fe f8 41 Sep 21 07:34:20.795706: | a6 10 dd 9c 0c 0d dd 7b 7a 30 ab 87 03 41 72 79 Sep 21 07:34:20.795707: | f9 80 7e b5 6c 24 36 8d 56 b3 be bc 2c c9 56 14 Sep 21 07:34:20.795708: | fa 30 31 82 2c 3c 11 3c 57 1a ba 21 0a db 77 ba Sep 21 07:34:20.795710: | 1d f9 c4 ce 15 e1 da 85 56 66 d1 5d ec 62 37 c9 Sep 21 07:34:20.795711: | 3b 49 59 7a 94 ad a9 a9 84 de 05 89 82 e1 fa 0a Sep 21 07:34:20.795712: | 06 0d ea 28 3a 4e 8b 70 c5 66 fe 2e Sep 21 07:34:20.795749: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:20.795752: | libevent_free: release ptr-libevent@0x7f0dc000ad90 Sep 21 07:34:20.795754: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc40041c0 Sep 21 07:34:20.795756: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0dc40041c0 Sep 21 07:34:20.795759: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Sep 21 07:34:20.795760: | libevent_malloc: new ptr-libevent@0x7f0dc000ad90 size 128 Sep 21 07:34:20.795763: | #7 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49907.164021 Sep 21 07:34:20.795766: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Sep 21 07:34:20.795769: | #7 spent 0.38 milliseconds in resume sending helper answer Sep 21 07:34:20.795773: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:20.795774: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:20.798781: | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:20.798804: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:20.798807: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.798809: | 08 10 20 01 fc 42 ec 12 00 00 01 cc 64 31 f0 30 Sep 21 07:34:20.798810: | 5c f4 8d 40 8d 24 23 42 cd 3d 64 31 9a 75 0a b3 Sep 21 07:34:20.798811: | 42 d0 16 e7 c2 61 9e c4 68 93 54 22 cd 80 6b ff Sep 21 07:34:20.798813: | 17 d8 55 64 f4 2e 89 cf 8d f6 16 6b 68 b2 02 aa Sep 21 07:34:20.798814: | 85 45 85 e8 7b 00 28 21 1e 4b a5 1f ee bc 15 5e Sep 21 07:34:20.798816: | 8b 00 dd 18 c1 b4 54 49 c1 a3 63 2c 8f 71 da dc Sep 21 07:34:20.798819: | 9b 2d 4a ed f7 de d6 ed e2 0f 5c ef 0f 58 27 51 Sep 21 07:34:20.798821: | 68 12 f6 4b 32 81 16 ce 22 fd 4f 99 69 df 0b ea Sep 21 07:34:20.798822: | c6 ee 1b cf 5f 6f a8 58 98 17 27 48 a9 7a 60 a2 Sep 21 07:34:20.798824: | b3 a8 74 0c 02 26 e1 4c 5c eb 41 68 28 0a c8 57 Sep 21 07:34:20.798825: | 7a 08 b0 95 d4 10 bd e0 80 11 10 d0 29 73 cb d9 Sep 21 07:34:20.798826: | 83 ce 6d ab 55 79 a9 d4 0b fb 83 16 ca 7d 94 dc Sep 21 07:34:20.798828: | c6 c3 e8 ea 11 58 5e 2c 5b 09 22 ab 3f 4c b4 e1 Sep 21 07:34:20.798829: | 4f 98 c0 87 a6 49 e0 b2 ab 62 3e dd 7b ff 99 05 Sep 21 07:34:20.798830: | d3 2c 45 a3 aa f8 eb 96 16 98 7b 16 48 a1 57 4c Sep 21 07:34:20.798832: | 09 43 15 57 25 c4 6a ce 9e b6 9c 24 67 bf 63 0e Sep 21 07:34:20.798833: | 38 1b 03 d0 f4 b8 a8 07 d0 79 11 07 13 fa 93 76 Sep 21 07:34:20.798835: | 3a f8 5d a5 21 02 8e db e7 3d 98 43 78 f4 d7 28 Sep 21 07:34:20.798836: | d4 df 2d 66 95 71 ec e2 d9 00 a4 bd e4 3c 5b 66 Sep 21 07:34:20.798837: | 22 0a bc 42 53 39 e5 a4 20 c5 65 2a c9 9c 4a 13 Sep 21 07:34:20.798839: | 71 22 6a fd f0 a9 06 1d bd 71 67 c8 b6 eb 47 4d Sep 21 07:34:20.798840: | 15 2f b8 1d ca b1 ef fd 3c 6d 80 0e 41 78 ef ca Sep 21 07:34:20.798841: | 9a a2 20 f9 2a 49 32 24 4a c6 18 d5 a2 c7 eb 3a Sep 21 07:34:20.798843: | eb 06 d6 b4 29 c9 03 cd 7e b7 56 cc 11 08 59 4f Sep 21 07:34:20.798844: | 8e 31 38 e5 8d ec 11 4e 34 5a e6 89 1c e1 1f 59 Sep 21 07:34:20.798846: | da 85 ec 06 3b 8e eb bf 69 89 bb bc 43 1c b6 d8 Sep 21 07:34:20.798849: | f7 c5 09 4d 33 ba 20 41 05 90 5c 04 9c 4c 8f fc Sep 21 07:34:20.798850: | 26 08 22 45 5e 8d 65 42 30 f1 a4 d1 Sep 21 07:34:20.798853: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:20.798855: | **parse ISAKMP Message: Sep 21 07:34:20.798857: | initiator cookie: Sep 21 07:34:20.798858: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.798860: | responder cookie: Sep 21 07:34:20.798861: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.798863: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:20.798865: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.798866: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.798868: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.798869: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.798871: | length: 460 (0x1cc) Sep 21 07:34:20.798873: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:20.798876: | State DB: found IKEv1 state #7 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:20.798892: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:20.798894: | #7 is idle Sep 21 07:34:20.798895: | #7 idle Sep 21 07:34:20.798897: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:20.798909: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:20.798911: | ***parse ISAKMP Hash Payload: Sep 21 07:34:20.798912: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:20.798914: | length: 36 (0x24) Sep 21 07:34:20.798916: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:20.798932: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:20.798934: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:20.798939: | length: 56 (0x38) Sep 21 07:34:20.798943: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:20.798946: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:20.798948: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:20.798951: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:20.798953: | length: 36 (0x24) Sep 21 07:34:20.798956: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.798959: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:20.798962: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.798965: | length: 260 (0x104) Sep 21 07:34:20.798970: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.798974: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.798976: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.798979: | length: 16 (0x10) Sep 21 07:34:20.798981: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.798984: | Protocol ID: 0 (0x0) Sep 21 07:34:20.798986: | port: 0 (0x0) Sep 21 07:34:20.798989: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:20.798992: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.798995: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.798998: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.799000: | length: 16 (0x10) Sep 21 07:34:20.799001: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.799003: | Protocol ID: 0 (0x0) Sep 21 07:34:20.799004: | port: 0 (0x0) Sep 21 07:34:20.799006: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:20.799007: | removing 12 bytes of padding Sep 21 07:34:20.799025: | quick_inR1_outI2 HASH(2): Sep 21 07:34:20.799027: | 69 dd de 47 a7 e6 1d 0a 05 0c f5 28 15 75 9c 53 Sep 21 07:34:20.799028: | d8 e9 bf db f5 97 5a 14 77 f1 e6 bc ea a5 10 d6 Sep 21 07:34:20.799030: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:20.799033: | ****parse IPsec DOI SIT: Sep 21 07:34:20.799035: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:20.799036: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:20.799038: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.799039: | length: 44 (0x2c) Sep 21 07:34:20.799041: | proposal number: 0 (0x0) Sep 21 07:34:20.799042: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:20.799044: | SPI size: 4 (0x4) Sep 21 07:34:20.799045: | number of transforms: 1 (0x1) Sep 21 07:34:20.799047: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:20.799048: | SPI 44 62 18 c0 Sep 21 07:34:20.799050: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:20.799052: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.799053: | length: 32 (0x20) Sep 21 07:34:20.799055: | ESP transform number: 0 (0x0) Sep 21 07:34:20.799056: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:20.799059: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799060: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:20.799062: | length/value: 14 (0xe) Sep 21 07:34:20.799064: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:20.799065: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799067: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:20.799068: | length/value: 1 (0x1) Sep 21 07:34:20.799070: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:20.799072: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:20.799073: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799075: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:20.799076: | length/value: 1 (0x1) Sep 21 07:34:20.799078: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:20.799079: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799081: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:20.799084: | length/value: 28800 (0x7080) Sep 21 07:34:20.799087: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799090: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:20.799092: | length/value: 2 (0x2) Sep 21 07:34:20.799095: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:20.799098: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.799102: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:20.799104: | length/value: 128 (0x80) Sep 21 07:34:20.799108: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:20.799119: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:20.799127: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:20.799132: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:20.799137: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:20.799139: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:20.799140: | no PreShared Key Found Sep 21 07:34:20.799143: | adding quick outI2 DH work-order 14 for state #7 Sep 21 07:34:20.799145: | state #7 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:20.799147: | #7 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:20.799149: | libevent_free: release ptr-libevent@0x7f0dc000ad90 Sep 21 07:34:20.799151: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0dc40041c0 Sep 21 07:34:20.799153: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc40041c0 Sep 21 07:34:20.799156: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:34:20.799158: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:20.799166: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:20.799169: | crypto helper 5 resuming Sep 21 07:34:20.799174: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:20.799175: | crypto helper 5 starting work-order 14 for state #7 Sep 21 07:34:20.799177: | suspending state #7 and saving MD Sep 21 07:34:20.799181: | #7 is busy; has a suspended MD Sep 21 07:34:20.799181: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 Sep 21 07:34:20.799188: | #7 spent 0.154 milliseconds in process_packet_tail() Sep 21 07:34:20.799193: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:20.799198: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:20.799201: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:20.799205: | spent 0.407 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:20.799955: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 time elapsed 0.000775 seconds Sep 21 07:34:20.799966: | (#7) spent 0.711 milliseconds in crypto helper computing work-order 14: quick outI2 DH (pcr) Sep 21 07:34:20.799969: | crypto helper 5 sending results from work-order 14 for state #7 to event queue Sep 21 07:34:20.799971: | scheduling resume sending helper answer for #7 Sep 21 07:34:20.799973: | libevent_malloc: new ptr-libevent@0x7f0db4006ad0 size 128 Sep 21 07:34:20.799979: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:20.799986: | processing resume sending helper answer for #7 Sep 21 07:34:20.799992: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:20.799995: | crypto helper 5 replies to request ID 14 Sep 21 07:34:20.799997: | calling continuation function 0x557db2ef5630 Sep 21 07:34:20.799999: | quick_inR1_outI2_continue for #7: calculated ke+nonce, calculating DH Sep 21 07:34:20.800003: | **emit ISAKMP Message: Sep 21 07:34:20.800004: | initiator cookie: Sep 21 07:34:20.800006: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.800007: | responder cookie: Sep 21 07:34:20.800009: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.800011: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.800016: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.800018: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.800020: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.800021: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.800023: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:20.800026: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:20.800027: | ID address c0 00 03 00 Sep 21 07:34:20.800029: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:20.800030: | ID mask ff ff ff 00 Sep 21 07:34:20.800036: | our client is subnet 192.0.3.0/24 Sep 21 07:34:20.800041: | our client protocol/port is 0/0 Sep 21 07:34:20.800044: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:20.800047: | ID address c0 00 16 00 Sep 21 07:34:20.800050: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:20.800052: | ID mask ff ff ff 00 Sep 21 07:34:20.800057: | peer client is subnet 192.0.22.0/24 Sep 21 07:34:20.800060: | peer client protocol/port is 0/0 Sep 21 07:34:20.800063: | ***emit ISAKMP Hash Payload: Sep 21 07:34:20.800066: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.800069: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:20.800073: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.800077: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:20.800080: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:20.800133: | quick_inR1_outI2 HASH(3): Sep 21 07:34:20.800138: | 24 ec 0f 13 f3 c6 07 ff a9 e6 7e f4 80 01 e0 9a Sep 21 07:34:20.800141: | 32 4a a9 87 64 ab 0a 03 6b 33 54 a1 04 f8 d5 87 Sep 21 07:34:20.800145: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:20.800148: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:20.800251: | #1 spent 3.65 milliseconds Sep 21 07:34:20.800255: | install_ipsec_sa() for #7: inbound and outbound Sep 21 07:34:20.800257: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Sep 21 07:34:20.800259: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.800261: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.800263: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.800264: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.800266: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.800269: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Sep 21 07:34:20.800271: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:20.800274: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:20.800275: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:20.800278: | setting IPsec SA replay-window to 32 Sep 21 07:34:20.800280: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:34:20.800282: | netlink: enabling tunnel mode Sep 21 07:34:20.800284: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:20.800286: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:20.800367: | netlink response for Add SA esp.446218c0@192.1.2.23 included non-error error Sep 21 07:34:20.800373: | set up outgoing SA, ref=0/0 Sep 21 07:34:20.800377: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:20.800381: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:20.800384: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:20.800388: | setting IPsec SA replay-window to 32 Sep 21 07:34:20.800391: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Sep 21 07:34:20.800396: | netlink: enabling tunnel mode Sep 21 07:34:20.800400: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:20.800403: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:20.800451: | netlink response for Add SA esp.5f2e4cf3@192.1.3.33 included non-error error Sep 21 07:34:20.800457: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:20.800465: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:20.800470: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:20.800517: | raw_eroute result=success Sep 21 07:34:20.800522: | set up incoming SA, ref=0/0 Sep 21 07:34:20.800524: | sr for #7: prospective erouted Sep 21 07:34:20.800528: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:20.800531: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.800534: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.800537: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.800541: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.800544: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.800548: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Sep 21 07:34:20.800553: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:north-dpd/0x2 esr:{(nil)} ro:north-dpd/0x2 rosr:{(nil)} and state: #7 Sep 21 07:34:20.800556: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:20.800566: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:20.800569: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:20.800595: | raw_eroute result=success Sep 21 07:34:20.800599: | running updown command "ipsec _updown" for verb up Sep 21 07:34:20.800602: | command executing up-client Sep 21 07:34:20.800623: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:20.800628: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:20.800641: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Sep 21 07:34:20.800643: | popen cmd is 1400 chars long Sep 21 07:34:20.800645: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Sep 21 07:34:20.800647: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:34:20.800648: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:34:20.800650: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:34:20.800651: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:34:20.800653: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:34:20.800656: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:34:20.800658: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:34:20.800659: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Sep 21 07:34:20.800661: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:34:20.800662: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:34:20.800664: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:34:20.800665: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Sep 21 07:34:20.800667: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Sep 21 07:34:20.800668: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Sep 21 07:34:20.800670: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Sep 21 07:34:20.800672: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x446218: Sep 21 07:34:20.800673: | cmd(1360):c0 SPI_OUT=0x5f2e4cf3 ipsec _updown 2>&1: Sep 21 07:34:20.811174: | route_and_eroute: firewall_notified: true Sep 21 07:34:20.811191: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x557db459ac80,sr=0x557db459ac80} to #7 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:20.811287: | #1 spent 0.601 milliseconds in install_ipsec_sa() Sep 21 07:34:20.811297: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:20.811300: | no IKEv1 message padding required Sep 21 07:34:20.811303: | emitting length of ISAKMP Message: 76 Sep 21 07:34:20.811329: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #0) (spd.eroute=#7) cloned from #1 Sep 21 07:34:20.811332: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:20.811336: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:34:20.811340: | event_schedule: new EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:20.811344: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Sep 21 07:34:20.811348: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:20.811353: | complete v1 state transition with STF_OK Sep 21 07:34:20.811360: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:20.811363: | #7 is idle Sep 21 07:34:20.811366: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:20.811369: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:34:20.811373: | child state #7: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:34:20.811376: | event_already_set, deleting event Sep 21 07:34:20.811378: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:20.811382: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:20.811386: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc40041c0 Sep 21 07:34:20.811391: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:20.811398: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Sep 21 07:34:20.811401: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.811403: | 08 10 20 01 fc 42 ec 12 00 00 00 4c ea 1e ec 85 Sep 21 07:34:20.811405: | 21 1d b9 95 34 9e 6f 00 74 52 b5 07 9b d3 ab a1 Sep 21 07:34:20.811408: | a0 b1 2a c4 fd 52 a5 21 55 82 25 b0 b2 98 b8 e7 Sep 21 07:34:20.811410: | f7 b1 6c a2 b0 40 91 2b 1b 80 b8 15 Sep 21 07:34:20.811465: | !event_already_set at reschedule Sep 21 07:34:20.811471: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0dc40041c0 Sep 21 07:34:20.811474: | inserting event EVENT_SA_REPLACE, timeout in 27768 seconds for #7 Sep 21 07:34:20.811481: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:20.811485: | pstats #7 ikev1.ipsec established Sep 21 07:34:20.811489: | NAT-T: encaps is 'auto' Sep 21 07:34:20.811494: "north-dpd/0x2" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x446218c0 <0x5f2e4cf3 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:34:20.811497: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:20.811500: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:20.811504: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Sep 21 07:34:20.811509: | #7 spent 1.05 milliseconds in resume sending helper answer Sep 21 07:34:20.811514: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:20.811518: | libevent_free: release ptr-libevent@0x7f0db4006ad0 Sep 21 07:34:20.811528: | processing signal PLUTO_SIGCHLD Sep 21 07:34:20.811533: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:20.811537: | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:23.803848: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:34:23.803859: | handling event EVENT_DPD for child state #7 Sep 21 07:34:23.803865: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.803869: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:23.803871: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.803874: | DPD: processing for state #7 ("north-dpd/0x2") Sep 21 07:34:23.803879: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:23.803891: | event_schedule: new EVENT_DPD-pe@0x557db459b300 Sep 21 07:34:23.803894: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Sep 21 07:34:23.803896: | libevent_malloc: new ptr-libevent@0x7f0db4006ad0 size 128 Sep 21 07:34:23.803899: | DPD: scheduling timeout to 10 Sep 21 07:34:23.803900: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:23.803902: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:34:23.803904: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:23.803906: | DPD: sending R_U_THERE 11121 to 192.1.2.23:500 (state #1) Sep 21 07:34:23.803917: | **emit ISAKMP Message: Sep 21 07:34:23.803919: | initiator cookie: Sep 21 07:34:23.803921: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.803922: | responder cookie: Sep 21 07:34:23.803924: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.803926: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.803927: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.803929: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.803931: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.803933: | Message ID: 1170805975 (0x45c914d7) Sep 21 07:34:23.803935: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.803937: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.803938: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.803940: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.803942: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:23.803944: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.803946: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.803947: | ***emit ISAKMP Notification Payload: Sep 21 07:34:23.803949: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.803951: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.803952: | protocol ID: 1 (0x1) Sep 21 07:34:23.803953: | SPI size: 16 (0x10) Sep 21 07:34:23.803955: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:23.803960: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:23.803962: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:23.803964: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:23.803966: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.803967: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:23.803969: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.803970: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:23.803971: | notify data 00 00 2b 71 Sep 21 07:34:23.803973: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:23.803997: | notification HASH(1): Sep 21 07:34:23.803999: | 5f 0c 6c 3f 49 20 a9 a0 50 d8 f9 57 e5 26 15 08 Sep 21 07:34:23.804000: | 00 3b 57 14 bf 11 e3 d1 26 4f 64 9e b3 ee 47 6e Sep 21 07:34:23.804006: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.804008: | no IKEv1 message padding required Sep 21 07:34:23.804010: | emitting length of ISAKMP Message: 108 Sep 21 07:34:23.804020: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:23.804021: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804023: | 08 10 05 01 45 c9 14 d7 00 00 00 6c de be 71 ca Sep 21 07:34:23.804024: | c4 d5 97 a7 f0 56 f4 ee c3 21 1f d4 fe 64 f8 ff Sep 21 07:34:23.804025: | 90 9e 0e 98 8b 13 3f 83 a3 2d 2e f5 7a 2d 8f 56 Sep 21 07:34:23.804027: | 98 7a 3f f8 15 2e 94 2d 90 ef 40 79 8b 72 4a 2a Sep 21 07:34:23.804028: | 54 62 ad 3e ef 7a da ed 93 ae 73 b6 5d a6 ba 17 Sep 21 07:34:23.804029: | 71 1d 04 de b3 d2 b8 2b 54 31 aa 55 Sep 21 07:34:23.804072: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:23.804090: | free_event_entry: release EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:23.804096: | #7 spent 0.238 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:23.804100: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.804417: | spent 0.00227 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.804430: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:23.804432: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804434: | 08 10 05 01 ec 43 52 ff 00 00 00 6c b4 70 c3 2d Sep 21 07:34:23.804435: | 8c e3 0a bf af 4b 44 a1 66 52 b0 28 5a 2e 2e 11 Sep 21 07:34:23.804437: | c8 e3 0f 6d c3 19 f3 66 1f 74 bf 0e 4d 3f a6 a6 Sep 21 07:34:23.804438: | 6e 69 04 0d ee 57 69 60 21 bd 5c 7d d8 48 9f 36 Sep 21 07:34:23.804439: | d5 7b b4 9c 75 1d 39 d1 77 21 fb ad 65 b8 2a 3f Sep 21 07:34:23.804453: | 17 58 c8 28 19 9d 1e 4f f4 53 54 59 Sep 21 07:34:23.804456: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:23.804458: | **parse ISAKMP Message: Sep 21 07:34:23.804460: | initiator cookie: Sep 21 07:34:23.804461: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.804463: | responder cookie: Sep 21 07:34:23.804464: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804466: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.804467: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.804469: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.804471: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.804472: | Message ID: 3963835135 (0xec4352ff) Sep 21 07:34:23.804474: | length: 108 (0x6c) Sep 21 07:34:23.804475: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.804478: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:23.804480: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:23.804484: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:23.804486: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:23.804487: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:23.804489: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:23.804491: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:23.804494: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:23.804501: | #1 is idle Sep 21 07:34:23.804503: | #1 idle Sep 21 07:34:23.804505: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:23.804511: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:23.804512: | ***parse ISAKMP Hash Payload: Sep 21 07:34:23.804514: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:23.804516: | length: 36 (0x24) Sep 21 07:34:23.804517: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:23.804519: | ***parse ISAKMP Notification Payload: Sep 21 07:34:23.804521: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.804522: | length: 32 (0x20) Sep 21 07:34:23.804524: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.804525: | protocol ID: 1 (0x1) Sep 21 07:34:23.804526: | SPI size: 16 (0x10) Sep 21 07:34:23.804528: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:23.804529: | removing 12 bytes of padding Sep 21 07:34:23.804541: | informational HASH(1): Sep 21 07:34:23.804543: | b7 07 64 59 51 42 a9 e9 a4 44 0a f2 5a 51 5b f6 Sep 21 07:34:23.804544: | 96 eb ec 4e a2 43 31 d3 59 dd 7e 40 29 d3 47 25 Sep 21 07:34:23.804546: | received 'informational' message HASH(1) data ok Sep 21 07:34:23.804547: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804549: | info: 00 00 2b 71 Sep 21 07:34:23.804551: | processing informational R_U_THERE_ACK (36137) Sep 21 07:34:23.804552: | pstats ikev1_recv_notifies_e 36137 Sep 21 07:34:23.804554: | DPD: R_U_THERE_ACK, seqno received: 11121 expected: 11121 (state=#1) Sep 21 07:34:23.804557: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 be deleted Sep 21 07:34:23.804559: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:23.804561: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:23.804562: | complete v1 state transition with STF_IGNORE Sep 21 07:34:23.804566: | #1 spent 0.0139 milliseconds in process_packet_tail() Sep 21 07:34:23.804568: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:23.804571: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:23.804573: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.804576: | spent 0.152 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:26.621804: | processing global timer EVENT_PENDING_DDNS Sep 21 07:34:26.621820: | FOR_EACH_CONNECTION_... in connection_check_ddns Sep 21 07:34:26.621824: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:26.621829: | elapsed time in connection_check_ddns for hostname lookup 0.000008 Sep 21 07:34:26.621835: | spent 0.0128 milliseconds in global timer EVENT_PENDING_DDNS Sep 21 07:34:26.621839: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:26.621842: | expiring aged bare shunts from shunt table Sep 21 07:34:26.621846: | spent 0.00358 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:26.805051: | timer_event_cb: processing event@0x557db459b300 Sep 21 07:34:26.805069: | handling event EVENT_DPD for child state #7 Sep 21 07:34:26.805076: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:26.805080: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:26.805086: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:26.805090: | DPD: processing for state #7 ("north-dpd/0x2") Sep 21 07:34:26.805095: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:26.805109: | event_schedule: new EVENT_DPD-pe@0x557db459c3c0 Sep 21 07:34:26.805112: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Sep 21 07:34:26.805115: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:26.805117: | DPD: scheduling timeout to 10 Sep 21 07:34:26.805119: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x7f0db4002b20 Sep 21 07:34:26.805121: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:34:26.805123: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:26.805126: | DPD: sending R_U_THERE 11122 to 192.1.2.23:500 (state #1) Sep 21 07:34:26.805140: | **emit ISAKMP Message: Sep 21 07:34:26.805142: | initiator cookie: Sep 21 07:34:26.805143: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805145: | responder cookie: Sep 21 07:34:26.805147: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805149: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805151: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:26.805153: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:26.805155: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:26.805156: | Message ID: 2058757983 (0x7ab6275f) Sep 21 07:34:26.805158: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:26.805160: | ***emit ISAKMP Hash Payload: Sep 21 07:34:26.805162: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805164: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:26.805166: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:26.805169: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:26.805170: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:26.805172: | ***emit ISAKMP Notification Payload: Sep 21 07:34:26.805174: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805176: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:26.805177: | protocol ID: 1 (0x1) Sep 21 07:34:26.805179: | SPI size: 16 (0x10) Sep 21 07:34:26.805181: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:26.805183: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:26.805185: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:26.805187: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:26.805188: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805190: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:26.805192: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805194: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:26.805195: | notify data 00 00 2b 72 Sep 21 07:34:26.805197: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:26.805220: | notification HASH(1): Sep 21 07:34:26.805222: | 34 b4 2c ac 4c b5 7a 09 0c 55 11 2d dd b1 f3 a4 Sep 21 07:34:26.805223: | 9f 61 03 b5 3f 01 e8 65 2b 26 29 e9 6f 07 55 36 Sep 21 07:34:26.805230: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:26.805232: | no IKEv1 message padding required Sep 21 07:34:26.805233: | emitting length of ISAKMP Message: 108 Sep 21 07:34:26.805244: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:26.805246: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805247: | 08 10 05 01 7a b6 27 5f 00 00 00 6c 7f 1b 72 12 Sep 21 07:34:26.805251: | 87 89 b0 ff 3c 4f e3 fc 5a 1d 71 42 2c 30 d8 41 Sep 21 07:34:26.805252: | ac 7e c4 c6 de 2e 43 5f a2 47 2b 06 ce e7 4b 84 Sep 21 07:34:26.805254: | 4c b1 42 e6 17 5a 63 a3 cd 60 a3 93 cd 3a 14 5d Sep 21 07:34:26.805255: | cc 51 03 be 48 2b b4 d0 a9 e8 ca 6f 76 01 3f d4 Sep 21 07:34:26.805257: | ff f8 5c 5e 64 18 39 26 0a 1f f6 70 Sep 21 07:34:26.805302: | libevent_free: release ptr-libevent@0x7f0db4006ad0 Sep 21 07:34:26.805305: | free_event_entry: release EVENT_DPD-pe@0x557db459b300 Sep 21 07:34:26.805311: | #7 spent 0.235 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:26.805315: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:26.805622: | spent 0.00214 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:26.805634: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:26.805637: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805638: | 08 10 05 01 13 40 ff 3d 00 00 00 6c be f3 4a 7e Sep 21 07:34:26.805639: | 9a a7 50 84 76 97 e4 34 55 fc a2 a3 f9 1e b3 cd Sep 21 07:34:26.805641: | 2f 10 26 69 78 45 db cc 93 a5 27 c3 6f 40 4a 71 Sep 21 07:34:26.805642: | e7 30 de a3 9a a5 5c 40 76 84 da 5d 2a 0f 6b 45 Sep 21 07:34:26.805644: | b8 8a 3a e2 34 dd 8e 7c c8 2f 6f e3 ee 20 7f d3 Sep 21 07:34:26.805645: | d3 18 2b bd 77 b2 f7 c3 68 12 4e a6 Sep 21 07:34:26.805648: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:26.805650: | **parse ISAKMP Message: Sep 21 07:34:26.805652: | initiator cookie: Sep 21 07:34:26.805653: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805655: | responder cookie: Sep 21 07:34:26.805656: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805658: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:26.805659: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:26.805661: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:26.805662: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:26.805664: | Message ID: 323026749 (0x1340ff3d) Sep 21 07:34:26.805666: | length: 108 (0x6c) Sep 21 07:34:26.805667: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:26.805670: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:26.805672: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:26.805674: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:26.805676: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:26.805677: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:26.805679: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:26.805681: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:26.805684: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:26.805691: | #1 is idle Sep 21 07:34:26.805693: | #1 idle Sep 21 07:34:26.805695: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:26.805701: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:26.805703: | ***parse ISAKMP Hash Payload: Sep 21 07:34:26.805704: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:26.805706: | length: 36 (0x24) Sep 21 07:34:26.805707: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:26.805709: | ***parse ISAKMP Notification Payload: Sep 21 07:34:26.805710: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805712: | length: 32 (0x20) Sep 21 07:34:26.805713: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:26.805715: | protocol ID: 1 (0x1) Sep 21 07:34:26.805716: | SPI size: 16 (0x10) Sep 21 07:34:26.805718: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:26.805722: | removing 12 bytes of padding Sep 21 07:34:26.805733: | informational HASH(1): Sep 21 07:34:26.805735: | 83 74 3c bb c3 bf 3b 29 5c 21 79 a8 54 5f d1 30 Sep 21 07:34:26.805737: | d8 7b 51 c8 dd 0d 84 71 af 64 bc 93 56 7a 22 92 Sep 21 07:34:26.805738: | received 'informational' message HASH(1) data ok Sep 21 07:34:26.805740: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805741: | info: 00 00 2b 72 Sep 21 07:34:26.805744: | processing informational R_U_THERE_ACK (36137) Sep 21 07:34:26.805745: | pstats ikev1_recv_notifies_e 36137 Sep 21 07:34:26.805747: | DPD: R_U_THERE_ACK, seqno received: 11122 expected: 11122 (state=#1) Sep 21 07:34:26.805750: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x7f0db4002b20 be deleted Sep 21 07:34:26.805752: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:26.805754: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x7f0db4002b20 Sep 21 07:34:26.805755: | complete v1 state transition with STF_IGNORE Sep 21 07:34:26.805759: | #1 spent 0.0141 milliseconds in process_packet_tail() Sep 21 07:34:26.805762: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:26.805765: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:26.805767: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:26.805769: | spent 0.141 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:26.855811: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:26.855828: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:34:26.855833: | spent 0.0106 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:26.855875: | spent 0.00191 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:26.855884: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:34:26.855887: | spent 0.00763 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:27.968958: | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:27.968978: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:27.968981: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.968984: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:27.968986: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:27.968988: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:27.968991: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:27.968993: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:27.968995: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:27.968998: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:27.969000: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:27.969002: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:27.969005: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:27.969020: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:27.969022: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:27.969024: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:27.969026: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:27.969029: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:27.969031: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:27.969033: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:27.969035: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:27.969038: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:27.969040: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:27.969042: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:27.969048: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:27.969051: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:27.969053: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:27.969055: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:27.969057: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:27.969060: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:27.969062: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:27.969067: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:27.969071: | **parse ISAKMP Message: Sep 21 07:34:27.969074: | initiator cookie: Sep 21 07:34:27.969076: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:27.969078: | responder cookie: Sep 21 07:34:27.969080: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.969098: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:27.969101: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:27.969103: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:27.969106: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:27.969108: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:27.969110: | length: 460 (0x1cc) Sep 21 07:34:27.969113: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:27.969118: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:27.969136: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:27.969139: | #5 is idle Sep 21 07:34:27.969141: | #5 idle Sep 21 07:34:27.969145: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:27.969149: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:27.969153: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:27.969156: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:27.969159: | spent 0.189 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:27.969164: | spent 0.0011 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:27.969170: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:27.969172: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.969173: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:27.969174: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:27.969176: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:27.969177: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:27.969178: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:27.969180: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:27.969181: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:27.969182: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:27.969184: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:27.969185: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:27.969186: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:27.969188: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:27.969189: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:27.969190: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:27.969192: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:27.969193: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:27.969194: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:27.969196: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:27.969197: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:27.969200: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:27.969202: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:27.969203: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:27.969204: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:27.969206: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:27.969207: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:27.969208: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:27.969209: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:27.969211: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:27.969213: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:27.969215: | **parse ISAKMP Message: Sep 21 07:34:27.969216: | initiator cookie: Sep 21 07:34:27.969218: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:27.969219: | responder cookie: Sep 21 07:34:27.969220: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.969222: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:27.969224: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:27.969225: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:27.969227: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:27.969228: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:27.969230: | length: 460 (0x1cc) Sep 21 07:34:27.969231: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:27.969233: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:27.969236: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:27.969237: | #4 is idle Sep 21 07:34:27.969239: | #4 idle Sep 21 07:34:27.969241: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Sep 21 07:34:27.969243: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:27.969246: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:27.969247: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:27.969250: | spent 0.0829 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:29.807823: | timer_event_cb: processing event@0x557db459c3c0 Sep 21 07:34:29.807836: | handling event EVENT_DPD for child state #7 Sep 21 07:34:29.807845: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:29.807851: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:29.807854: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:29.807860: | DPD: processing for state #7 ("north-dpd/0x2") Sep 21 07:34:29.807866: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:29.807883: | event_schedule: new EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:29.807887: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Sep 21 07:34:29.807891: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:29.807895: | DPD: scheduling timeout to 10 Sep 21 07:34:29.807898: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x557db459b300 Sep 21 07:34:29.807901: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:34:29.807903: | libevent_malloc: new ptr-libevent@0x7f0db4006ad0 size 128 Sep 21 07:34:29.807908: | DPD: sending R_U_THERE 11123 to 192.1.2.23:500 (state #1) Sep 21 07:34:29.807921: | **emit ISAKMP Message: Sep 21 07:34:29.807925: | initiator cookie: Sep 21 07:34:29.807927: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.807929: | responder cookie: Sep 21 07:34:29.807931: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.807934: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.807936: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:29.807939: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:29.807946: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:29.807948: | Message ID: 3805439700 (0xe2d266d4) Sep 21 07:34:29.807951: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:29.807954: | ***emit ISAKMP Hash Payload: Sep 21 07:34:29.807957: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.807960: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:29.807963: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:29.807967: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:29.807969: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:29.807972: | ***emit ISAKMP Notification Payload: Sep 21 07:34:29.807974: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.807977: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:29.807980: | protocol ID: 1 (0x1) Sep 21 07:34:29.807982: | SPI size: 16 (0x10) Sep 21 07:34:29.807985: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:29.807988: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:29.807991: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:29.807994: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:29.807997: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.807999: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:29.808001: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.808004: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:29.808006: | notify data 00 00 2b 73 Sep 21 07:34:29.808008: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:29.808042: | notification HASH(1): Sep 21 07:34:29.808046: | f0 4e 1b 52 9d 3f 66 8a b0 6e 40 fc 36 9d 97 76 Sep 21 07:34:29.808049: | 2b fe de f0 15 da 82 75 05 c2 0f 6a 3a 1a a4 24 Sep 21 07:34:29.808059: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:29.808062: | no IKEv1 message padding required Sep 21 07:34:29.808065: | emitting length of ISAKMP Message: 108 Sep 21 07:34:29.808080: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:29.808083: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.808085: | 08 10 05 01 e2 d2 66 d4 00 00 00 6c 7e 2e 5a f7 Sep 21 07:34:29.808088: | 1d 17 d0 5a a8 75 5f 3d 10 b4 e1 03 e1 6a f3 83 Sep 21 07:34:29.808090: | 04 73 dd 0e db f7 0f 0e b3 f0 cf 8f 4d db 42 b9 Sep 21 07:34:29.808092: | 14 fe 80 3c cc 7f 46 1b 9c 0f 9e 34 f4 c7 ae 2c Sep 21 07:34:29.808094: | 95 66 e9 a9 7a 0c 13 cc 35 2f 69 04 6a f8 5a 5f Sep 21 07:34:29.808097: | fd ae dd d0 be c5 44 dc 41 4a 09 da Sep 21 07:34:29.808152: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:29.808157: | free_event_entry: release EVENT_DPD-pe@0x557db459c3c0 Sep 21 07:34:29.808166: | #7 spent 0.311 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:29.808171: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:29.809924: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:29.809942: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:29.809946: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809948: | 08 10 05 01 db a2 69 06 00 00 00 6c b2 4f ad 61 Sep 21 07:34:29.809950: | 7a d1 db 09 6b 02 5b 75 5e d5 a5 22 11 49 de 89 Sep 21 07:34:29.809952: | a9 88 82 86 02 42 de 02 9b fa 35 02 6b 83 5b 52 Sep 21 07:34:29.809954: | ec b7 fb b5 05 42 f8 44 ce 3a 47 d7 6c d3 b2 5f Sep 21 07:34:29.809958: | 55 91 19 af 85 c6 a7 80 69 22 3e 9c c1 51 08 6f Sep 21 07:34:29.809960: | b8 77 a7 80 58 6a 67 91 b7 ef 12 5c Sep 21 07:34:29.809964: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:29.809967: | **parse ISAKMP Message: Sep 21 07:34:29.809970: | initiator cookie: Sep 21 07:34:29.809972: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.809974: | responder cookie: Sep 21 07:34:29.809976: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809979: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:29.809981: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:29.809984: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:29.809986: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:29.809988: | Message ID: 3684854022 (0xdba26906) Sep 21 07:34:29.809990: | length: 108 (0x6c) Sep 21 07:34:29.809993: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:29.809997: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:29.810001: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:29.810003: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:29.810006: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:29.810009: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:29.810011: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:29.810014: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:29.810019: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:29.810037: | #1 is idle Sep 21 07:34:29.810040: | #1 idle Sep 21 07:34:29.810044: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:29.810053: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:29.810057: | ***parse ISAKMP Hash Payload: Sep 21 07:34:29.810059: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:29.810062: | length: 36 (0x24) Sep 21 07:34:29.810064: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:29.810067: | ***parse ISAKMP Notification Payload: Sep 21 07:34:29.810070: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.810072: | length: 32 (0x20) Sep 21 07:34:29.810074: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:29.810076: | protocol ID: 1 (0x1) Sep 21 07:34:29.810079: | SPI size: 16 (0x10) Sep 21 07:34:29.810081: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:29.810083: | removing 12 bytes of padding Sep 21 07:34:29.810103: | informational HASH(1): Sep 21 07:34:29.810106: | 45 f2 a6 90 45 de 1b f0 51 c7 d4 a7 95 10 20 cb Sep 21 07:34:29.810109: | 91 6e aa a9 0a c6 42 3b 0a 59 9f f3 48 45 30 bb Sep 21 07:34:29.810111: | received 'informational' message HASH(1) data ok Sep 21 07:34:29.810114: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.810116: | info: 00 00 2b 73 Sep 21 07:34:29.810120: | processing informational R_U_THERE_ACK (36137) Sep 21 07:34:29.810123: | pstats ikev1_recv_notifies_e 36137 Sep 21 07:34:29.810126: | DPD: R_U_THERE_ACK, seqno received: 11123 expected: 11123 (state=#1) Sep 21 07:34:29.810129: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x557db459b300 be deleted Sep 21 07:34:29.810134: | libevent_free: release ptr-libevent@0x7f0db4006ad0 Sep 21 07:34:29.810137: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x557db459b300 Sep 21 07:34:29.810139: | complete v1 state transition with STF_IGNORE Sep 21 07:34:29.810144: | #1 spent 0.0229 milliseconds in process_packet_tail() Sep 21 07:34:29.810149: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:29.810154: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:29.810159: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:29.810163: | spent 0.228 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:31.968414: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:31.968464: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:34:31.968468: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:31.968476: | get_sa_info esp.62fa2058@192.1.3.33 Sep 21 07:34:31.968506: | get_sa_info esp.464c04b5@192.1.2.23 Sep 21 07:34:31.968530: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:31.968552: | get_sa_info esp.446218c0@192.1.2.23 Sep 21 07:34:31.968573: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:31.968581: | spent 0.174 milliseconds in whack Sep 21 07:34:32.809803: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:34:32.809824: | handling event EVENT_DPD for child state #7 Sep 21 07:34:32.809834: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:32.809842: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:32.809845: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:32.809850: | DPD: processing for state #7 ("north-dpd/0x2") Sep 21 07:34:32.809855: | DPD: not yet time for dpd event: 49919.178118 < 49919.178393 Sep 21 07:34:32.809859: | event_schedule: new EVENT_DPD-pe@0x557db459b300 Sep 21 07:34:32.809864: | inserting event EVENT_DPD, timeout in 0.000275 seconds for #7 Sep 21 07:34:32.809868: | libevent_malloc: new ptr-libevent@0x7f0db4006ad0 size 128 Sep 21 07:34:32.809873: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:32.809877: | free_event_entry: release EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:32.809886: | #7 spent 0.0828 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:32.809892: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:32.810957: | timer_event_cb: processing event@0x557db459b300 Sep 21 07:34:32.810966: | handling event EVENT_DPD for child state #7 Sep 21 07:34:32.810973: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:32.810980: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:32.810983: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:32.810987: | DPD: processing for state #7 ("north-dpd/0x2") Sep 21 07:34:32.810993: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:32.811012: | event_schedule: new EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:32.811016: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Sep 21 07:34:32.811019: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:32.811023: | DPD: scheduling timeout to 10 Sep 21 07:34:32.811026: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:32.811030: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:34:32.811034: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:32.811038: | DPD: sending R_U_THERE 11124 to 192.1.2.23:500 (state #1) Sep 21 07:34:32.811051: | **emit ISAKMP Message: Sep 21 07:34:32.811055: | initiator cookie: Sep 21 07:34:32.811057: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811060: | responder cookie: Sep 21 07:34:32.811063: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811066: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811070: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:32.811073: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:32.811077: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:32.811080: | Message ID: 79506494 (0x4bd2c3e) Sep 21 07:34:32.811084: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:32.811091: | ***emit ISAKMP Hash Payload: Sep 21 07:34:32.811094: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811099: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:32.811103: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:32.811107: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:32.811110: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:32.811113: | ***emit ISAKMP Notification Payload: Sep 21 07:34:32.811116: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811119: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:32.811122: | protocol ID: 1 (0x1) Sep 21 07:34:32.811125: | SPI size: 16 (0x10) Sep 21 07:34:32.811128: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:32.811132: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:32.811136: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:32.811140: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:32.811143: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811146: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:32.811149: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811153: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:32.811155: | notify data 00 00 2b 74 Sep 21 07:34:32.811158: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:32.811191: | notification HASH(1): Sep 21 07:34:32.811194: | c4 8c 55 4b c8 a9 d4 2c a0 0d af 9b 02 7b 6c 60 Sep 21 07:34:32.811197: | 1d c3 f5 74 f0 9d bf f1 3a 4a f5 ed 86 b3 de f5 Sep 21 07:34:32.811207: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:32.811210: | no IKEv1 message padding required Sep 21 07:34:32.811213: | emitting length of ISAKMP Message: 108 Sep 21 07:34:32.811228: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:32.811232: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811235: | 08 10 05 01 04 bd 2c 3e 00 00 00 6c 38 fb 1d fd Sep 21 07:34:32.811237: | f6 0d 6b 08 1d d8 67 00 5f 39 19 de b0 bb 24 d4 Sep 21 07:34:32.811240: | 13 41 45 92 7c 1c 4e 0b fc d7 3e 47 b4 04 b8 79 Sep 21 07:34:32.811243: | 1a af 6c 4a c7 4d 51 67 11 93 5a ad f7 1c 0d 39 Sep 21 07:34:32.811246: | 64 96 75 93 60 0d b2 8c 7f bb fa 41 5a 30 0e ce Sep 21 07:34:32.811249: | 6d 73 86 0b 10 95 5b cc b5 82 3c f4 Sep 21 07:34:32.811300: | libevent_free: release ptr-libevent@0x7f0db4006ad0 Sep 21 07:34:32.811305: | free_event_entry: release EVENT_DPD-pe@0x557db459b300 Sep 21 07:34:32.811310: | #7 spent 0.324 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:32.811317: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:32.811930: | spent 0.00186 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:32.811946: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:32.811950: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811953: | 08 10 05 01 ce a1 bc e6 00 00 00 6c d2 cd 23 01 Sep 21 07:34:32.811956: | b7 85 58 4d 5e 3e 3d d7 9d 9d 1b 10 20 ec 65 c8 Sep 21 07:34:32.811959: | 21 06 2f 26 43 7f 41 5c 66 87 2f 1e 6b 5e d1 4b Sep 21 07:34:32.811962: | 81 cc 93 21 98 5a 09 28 f5 e8 32 de dd 63 87 83 Sep 21 07:34:32.811964: | ef d8 dd 0a 7e ac 71 ee 0d ae 28 31 c6 b2 4c 0f Sep 21 07:34:32.811967: | b0 e8 c5 0c 9d 75 bf 09 d7 74 f9 a8 Sep 21 07:34:32.811972: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:32.811976: | **parse ISAKMP Message: Sep 21 07:34:32.811981: | initiator cookie: Sep 21 07:34:32.811984: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811987: | responder cookie: Sep 21 07:34:32.811989: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811992: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:32.811996: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:32.811999: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:32.812002: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:32.812005: | Message ID: 3466706150 (0xcea1bce6) Sep 21 07:34:32.812008: | length: 108 (0x6c) Sep 21 07:34:32.812011: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:32.812016: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:32.812020: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:32.812023: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:32.812027: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:32.812030: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:32.812033: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:32.812037: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:32.812043: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:32.812054: | #1 is idle Sep 21 07:34:32.812057: | #1 idle Sep 21 07:34:32.812061: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:32.812070: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:32.812074: | ***parse ISAKMP Hash Payload: Sep 21 07:34:32.812077: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:32.812079: | length: 36 (0x24) Sep 21 07:34:32.812083: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:32.812086: | ***parse ISAKMP Notification Payload: Sep 21 07:34:32.812089: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.812092: | length: 32 (0x20) Sep 21 07:34:32.812094: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:32.812097: | protocol ID: 1 (0x1) Sep 21 07:34:32.812100: | SPI size: 16 (0x10) Sep 21 07:34:32.812103: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:32.812106: | removing 12 bytes of padding Sep 21 07:34:32.812124: | informational HASH(1): Sep 21 07:34:32.812127: | 3c f8 e4 8f 99 78 81 a6 d6 f2 d3 20 22 54 75 5a Sep 21 07:34:32.812130: | 7f da 6a 39 7f 2e 3f 79 b8 e9 9c 84 35 88 d2 ef Sep 21 07:34:32.812133: | received 'informational' message HASH(1) data ok Sep 21 07:34:32.812136: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.812139: | info: 00 00 2b 74 Sep 21 07:34:32.812143: | processing informational R_U_THERE_ACK (36137) Sep 21 07:34:32.812146: | pstats ikev1_recv_notifies_e 36137 Sep 21 07:34:32.812149: | DPD: R_U_THERE_ACK, seqno received: 11124 expected: 11124 (state=#1) Sep 21 07:34:32.812153: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 be deleted Sep 21 07:34:32.812157: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:32.812161: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:32.812164: | complete v1 state transition with STF_IGNORE Sep 21 07:34:32.812169: | #1 spent 0.0252 milliseconds in process_packet_tail() Sep 21 07:34:32.812175: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:32.812181: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:32.812184: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:32.812189: | spent 0.249 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:32.861278: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:32.861498: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:32.861505: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:32.861702: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:32.861708: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:32.861723: | get_sa_info esp.62fa2058@192.1.3.33 Sep 21 07:34:32.861744: | get_sa_info esp.464c04b5@192.1.2.23 Sep 21 07:34:32.861770: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:32.861780: | get_sa_info esp.446218c0@192.1.2.23 Sep 21 07:34:32.861807: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:32.861817: | spent 0.548 milliseconds in whack Sep 21 07:34:33.169340: | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.169358: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.169361: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169363: | 08 10 05 01 aa 18 94 75 00 00 00 5c 5e e4 49 4f Sep 21 07:34:33.169365: | 23 e3 4a aa 21 6c e3 e2 6e de f2 49 80 57 12 d4 Sep 21 07:34:33.169368: | ff fa 9c 95 e1 91 7a e4 f0 20 9c b6 a6 0b 8e e6 Sep 21 07:34:33.169370: | 43 12 01 1a 3c e3 a6 fd 12 ff 7a 10 ed 05 a3 93 Sep 21 07:34:33.169372: | 1b 4d 65 f4 34 99 8b 50 76 26 59 7f Sep 21 07:34:33.169376: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.169380: | **parse ISAKMP Message: Sep 21 07:34:33.169382: | initiator cookie: Sep 21 07:34:33.169384: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.169385: | responder cookie: Sep 21 07:34:33.169387: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169389: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.169390: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.169392: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.169394: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.169395: | Message ID: 2853737589 (0xaa189475) Sep 21 07:34:33.169397: | length: 92 (0x5c) Sep 21 07:34:33.169399: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.169402: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:33.169404: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:33.169406: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.169408: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.169410: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.169411: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.169413: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.169417: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.169429: | #1 is idle Sep 21 07:34:33.169431: | #1 idle Sep 21 07:34:33.169433: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.169440: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.169442: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.169444: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.169446: | length: 36 (0x24) Sep 21 07:34:33.169447: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.169449: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.169451: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169452: | length: 16 (0x10) Sep 21 07:34:33.169454: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.169455: | protocol ID: 3 (0x3) Sep 21 07:34:33.169456: | SPI size: 4 (0x4) Sep 21 07:34:33.169458: | number of SPIs: 1 (0x1) Sep 21 07:34:33.169459: | removing 12 bytes of padding Sep 21 07:34:33.169472: | informational HASH(1): Sep 21 07:34:33.169476: | d5 06 a6 7f 7d f0 7a b5 9c 71 dc 8e 78 e6 25 14 Sep 21 07:34:33.169478: | 08 7c 0e fa ee 9b 69 d5 0b 43 a8 f8 1d 4a 2c b6 Sep 21 07:34:33.169479: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.169482: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.169483: | SPI 44 62 18 c0 Sep 21 07:34:33.169485: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.169488: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2506) Sep 21 07:34:33.169490: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #7 now Sep 21 07:34:33.169492: | state #7 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.169495: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:33.169497: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0dc40041c0 Sep 21 07:34:33.169498: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0dc40041c0 Sep 21 07:34:33.169501: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #7 Sep 21 07:34:33.169503: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:33.169506: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2550) Sep 21 07:34:33.169507: | del: Sep 21 07:34:33.169510: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.169514: | #1 spent 0.00327 milliseconds in process_packet_tail() Sep 21 07:34:33.169517: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.169520: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.169522: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.169524: | spent 0.174 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.169529: | timer_event_cb: processing event@0x7f0dc40041c0 Sep 21 07:34:33.169531: | handling event EVENT_SA_REPLACE for child state #7 Sep 21 07:34:33.169533: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.169536: | picked newest_ipsec_sa #7 for #7 Sep 21 07:34:33.169537: | replacing stale IPsec SA Sep 21 07:34:33.169540: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.169541: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.169545: | creating state object #8 at 0x557db45b57c0 Sep 21 07:34:33.169546: | State DB: adding IKEv1 state #8 in UNDEFINED Sep 21 07:34:33.169549: | pstats #8 ikev1.ipsec started Sep 21 07:34:33.169551: | duplicating state object #1 "north-dpd/0x2" as #8 for IPSEC SA Sep 21 07:34:33.169554: | #8 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:33.169557: | suspend processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:33.169560: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:33.169563: | child state #8: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:33.169568: "north-dpd/0x2" #8: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #7 {using isakmp#1 msgid:41da4563 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:33.169571: | adding quick_outI1 KE work-order 15 for state #8 Sep 21 07:34:33.169573: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:33.169575: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 Sep 21 07:34:33.169577: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:33.169584: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:33.169586: | crypto helper 0 resuming Sep 21 07:34:33.169596: | crypto helper 0 starting work-order 15 for state #8 Sep 21 07:34:33.169588: | resume processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:33.169608: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 15 Sep 21 07:34:33.169617: | state #7 requesting EVENT_DPD-pe@0x7f0db4002b20 be deleted Sep 21 07:34:33.169623: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:33.169626: | free_event_entry: release EVENT_DPD-pe@0x7f0db4002b20 Sep 21 07:34:33.169629: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f0db4002b20 Sep 21 07:34:33.169632: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #7 Sep 21 07:34:33.169635: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:33.169638: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:33.169641: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0dc40041c0 Sep 21 07:34:33.169647: | #7 spent 0.107 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.169652: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.169658: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:34:33.169660: | handling event EVENT_SA_EXPIRE for child state #7 Sep 21 07:34:33.169665: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.169668: | picked newest_ipsec_sa #7 for #7 Sep 21 07:34:33.169670: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.169673: | pstats #7 ikev1.ipsec re-failed exchange-timeout Sep 21 07:34:33.169676: | pstats #7 ikev1.ipsec deleted completed Sep 21 07:34:33.169680: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.169684: "north-dpd/0x2" #7: deleting state (STATE_QUICK_I2) aged 12.375s and sending notification Sep 21 07:34:33.169686: | child state #7: QUICK_I2(established CHILD SA) => delete Sep 21 07:34:33.169691: | get_sa_info esp.446218c0@192.1.2.23 Sep 21 07:34:33.169704: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:33.169711: "north-dpd/0x2" #7: ESP traffic information: in=0B out=84B Sep 21 07:34:33.169714: | #7 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:34:33.169716: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.169722: | **emit ISAKMP Message: Sep 21 07:34:33.169725: | initiator cookie: Sep 21 07:34:33.169727: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.169729: | responder cookie: Sep 21 07:34:33.169732: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169734: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169737: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.169739: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.169742: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.169744: | Message ID: 948945254 (0x388fc166) Sep 21 07:34:33.169747: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.169750: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.169752: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169755: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.169758: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.169761: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.169763: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.169766: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.169768: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169770: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.169773: | protocol ID: 3 (0x3) Sep 21 07:34:33.169775: | SPI size: 4 (0x4) Sep 21 07:34:33.169777: | number of SPIs: 1 (0x1) Sep 21 07:34:33.169780: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.169790: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.169796: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.169798: | delete payload 5f 2e 4c f3 Sep 21 07:34:33.169801: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.169821: | send delete HASH(1): Sep 21 07:34:33.169823: | c1 7a 69 8b 96 0b 72 7d f3 62 49 89 57 3e 09 34 Sep 21 07:34:33.169826: | ad 71 5c 7a 88 f7 3a 89 53 5a a3 f5 e2 fb 36 55 Sep 21 07:34:33.169833: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.169835: | no IKEv1 message padding required Sep 21 07:34:33.169837: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.169847: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:33.169850: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169852: | 08 10 05 01 38 8f c1 66 00 00 00 5c 11 f6 72 d6 Sep 21 07:34:33.169854: | ce 9f 47 0c 70 5a 6c 10 a0 13 0a 91 bf 99 1a af Sep 21 07:34:33.169857: | 8a 15 1e 1e 36 1b 1c d4 92 db da e3 41 3d e6 34 Sep 21 07:34:33.169859: | 90 b6 94 ef cd 8c 4b 9c 93 19 dd b2 68 74 40 4b Sep 21 07:34:33.169861: | 24 d3 b1 83 36 89 1a d4 05 10 05 30 Sep 21 07:34:33.169951: | running updown command "ipsec _updown" for verb down Sep 21 07:34:33.169957: | command executing down-client Sep 21 07:34:33.169992: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:33.170000: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:33.170021: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051260' PLUTO_CONN_POL Sep 21 07:34:33.170024: | popen cmd is 1411 chars long Sep 21 07:34:33.170027: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Sep 21 07:34:33.170029: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:34:33.170032: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Sep 21 07:34:33.170034: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Sep 21 07:34:33.170037: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Sep 21 07:34:33.170039: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Sep 21 07:34:33.170042: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Sep 21 07:34:33.170044: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Sep 21 07:34:33.170047: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Sep 21 07:34:33.170049: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Sep 21 07:34:33.170054: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Sep 21 07:34:33.170057: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Sep 21 07:34:33.170059: | cmd( 960):DDTIME='1569051260' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+: Sep 21 07:34:33.170062: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Sep 21 07:34:33.170064: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Sep 21 07:34:33.170067: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Sep 21 07:34:33.170069: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Sep 21 07:34:33.170072: | cmd(1360):IN=0x446218c0 SPI_OUT=0x5f2e4cf3 ipsec _updown 2>&1: Sep 21 07:34:33.170548: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 15 time elapsed 0.00094 seconds Sep 21 07:34:33.170558: | (#8) spent 0.942 milliseconds in crypto helper computing work-order 15: quick_outI1 KE (pcr) Sep 21 07:34:33.170562: | crypto helper 0 sending results from work-order 15 for state #8 to event queue Sep 21 07:34:33.170565: | scheduling resume sending helper answer for #8 Sep 21 07:34:33.170568: | libevent_malloc: new ptr-libevent@0x7f0dc800a080 size 128 Sep 21 07:34:33.170573: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:33.179922: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:34:33.179939: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:34:33.179943: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.179946: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.179997: | delete esp.446218c0@192.1.2.23 Sep 21 07:34:33.180031: | netlink response for Del SA esp.446218c0@192.1.2.23 included non-error error Sep 21 07:34:33.180035: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.180042: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.180083: | raw_eroute result=success Sep 21 07:34:33.180087: | delete esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:33.180112: | netlink response for Del SA esp.5f2e4cf3@192.1.3.33 included non-error error Sep 21 07:34:33.180118: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:33.180121: | State DB: deleting IKEv1 state #7 in QUICK_I2 Sep 21 07:34:33.180126: | child state #7: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.180148: | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.180160: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:33.180164: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f0db4002b20 Sep 21 07:34:33.180167: | in statetime_stop() and could not find #7 Sep 21 07:34:33.180170: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.180184: | processing resume sending helper answer for #8 Sep 21 07:34:33.180190: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:33.180194: | crypto helper 0 replies to request ID 15 Sep 21 07:34:33.180197: | calling continuation function 0x557db2ef5630 Sep 21 07:34:33.180199: | quick_outI1_continue for #8: calculated ke+nonce, sending I1 Sep 21 07:34:33.180205: | **emit ISAKMP Message: Sep 21 07:34:33.180207: | initiator cookie: Sep 21 07:34:33.180209: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.180211: | responder cookie: Sep 21 07:34:33.180213: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.180216: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180219: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.180225: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:33.180228: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.180230: | Message ID: 1104823651 (0x41da4563) Sep 21 07:34:33.180233: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.180236: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.180239: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180242: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.180245: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.180248: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.180251: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.180253: | emitting quick defaults using policy none Sep 21 07:34:33.180256: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:33.180259: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:33.180262: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:33.180264: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.180267: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:33.180270: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:33.180273: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.180276: | ****emit IPsec DOI SIT: Sep 21 07:34:33.180278: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:33.180281: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:33.180284: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:33.180286: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:33.180289: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180291: | proposal number: 0 (0x0) Sep 21 07:34:33.180294: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:33.180296: | SPI size: 4 (0x4) Sep 21 07:34:33.180298: | number of transforms: 2 (0x2) Sep 21 07:34:33.180301: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:33.180313: | netlink_get_spi: allocated 0xae40da97 for esp.0@192.1.3.33 Sep 21 07:34:33.180316: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:33.180318: | SPI ae 40 da 97 Sep 21 07:34:33.180321: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:33.180323: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.180326: | ESP transform number: 0 (0x0) Sep 21 07:34:33.180328: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:33.180331: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:33.180333: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180336: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:33.180339: | length/value: 14 (0xe) Sep 21 07:34:33.180342: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.180344: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180346: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:33.180348: | length/value: 1 (0x1) Sep 21 07:34:33.180351: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:33.180353: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180356: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:33.180358: | length/value: 1 (0x1) Sep 21 07:34:33.180360: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:33.180363: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180365: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:33.180367: | length/value: 28800 (0x7080) Sep 21 07:34:33.180370: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180372: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:33.180376: | length/value: 2 (0x2) Sep 21 07:34:33.180379: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:33.180381: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180383: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:33.180386: | length/value: 128 (0x80) Sep 21 07:34:33.180388: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:33.180391: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:33.180393: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180395: | ESP transform number: 1 (0x1) Sep 21 07:34:33.180397: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:33.180400: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.180402: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:33.180405: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180407: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:33.180410: | length/value: 14 (0xe) Sep 21 07:34:33.180412: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.180415: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180417: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:33.180420: | length/value: 1 (0x1) Sep 21 07:34:33.180422: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:33.180424: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180426: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:33.180429: | length/value: 1 (0x1) Sep 21 07:34:33.180431: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:33.180433: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180435: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:33.180438: | length/value: 28800 (0x7080) Sep 21 07:34:33.180441: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.180443: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:33.180446: | length/value: 2 (0x2) Sep 21 07:34:33.180448: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:33.180451: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:33.180453: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:33.180456: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:33.180459: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:33.180461: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:33.180465: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:33.180468: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:33.180471: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:33.180474: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:33.180476: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.180479: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:33.180482: | Ni bb 9a 2c 81 92 55 bd e9 20 94 fc f9 b6 46 ff b7 Sep 21 07:34:33.180484: | Ni 45 54 be f7 56 42 51 4f fe 58 de bf 11 2d 22 8a Sep 21 07:34:33.180487: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:33.180490: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:33.180492: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:33.180495: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:33.180498: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:33.180500: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.180503: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:33.180507: | keyex value 2d c4 85 8e 67 bf d1 3b 93 a6 f9 29 e4 3d 70 72 Sep 21 07:34:33.180510: | keyex value 2e fb 8d e9 50 67 ea 9f f8 10 35 a5 22 33 a3 b4 Sep 21 07:34:33.180512: | keyex value cd 37 e0 68 64 51 61 a7 4e 65 a2 f2 e1 09 81 e9 Sep 21 07:34:33.180514: | keyex value 14 51 a5 64 6d dd e9 fc 9b 95 38 bd 93 9f 6d 54 Sep 21 07:34:33.180516: | keyex value c0 53 92 92 c9 b7 6a 3e 90 c8 6c a3 c9 e4 64 49 Sep 21 07:34:33.180519: | keyex value bd b6 9b d0 59 03 aa e0 9e 2c a8 ec 86 1d ec aa Sep 21 07:34:33.180521: | keyex value 37 b2 e2 f4 c5 f1 d4 c9 e1 d5 34 b4 e8 58 d8 16 Sep 21 07:34:33.180523: | keyex value 59 0f 21 23 c7 5f a2 4b b0 f5 9d 7d 8c 8d 1c 46 Sep 21 07:34:33.180525: | keyex value 8a 9f d0 4b 38 03 01 16 bb 11 c8 76 1f f1 51 4b Sep 21 07:34:33.180528: | keyex value 90 e3 11 42 81 5b 67 89 b0 aa f5 28 80 60 ce e1 Sep 21 07:34:33.180530: | keyex value fe 55 ca 09 11 e2 a4 09 9e 04 e7 03 25 78 13 6b Sep 21 07:34:33.180532: | keyex value cc c6 77 3c b6 e5 e5 86 c4 ed 04 7a 5a a4 b6 cf Sep 21 07:34:33.180534: | keyex value 01 9d 60 27 d1 23 47 d9 df ac 87 b1 23 a8 36 de Sep 21 07:34:33.180536: | keyex value 38 ac c7 41 af 3a 39 f0 c0 85 2c 2a d6 ca b1 3b Sep 21 07:34:33.180539: | keyex value 60 53 8d 1b 15 a8 a7 5e 15 ac c3 b1 13 14 da 6e Sep 21 07:34:33.180541: | keyex value 97 36 67 d1 37 42 f6 14 72 a4 9e f2 de 84 39 24 Sep 21 07:34:33.180543: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:33.180546: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:33.180549: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:33.180551: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:33.180553: | Protocol ID: 0 (0x0) Sep 21 07:34:33.180555: | port: 0 (0x0) Sep 21 07:34:33.180558: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:33.180561: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:33.180564: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:33.180567: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.180570: | client network c0 00 03 00 Sep 21 07:34:33.180572: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.180574: | client mask ff ff ff 00 Sep 21 07:34:33.180577: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:33.180579: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:33.180582: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180584: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:33.180586: | Protocol ID: 0 (0x0) Sep 21 07:34:33.180588: | port: 0 (0x0) Sep 21 07:34:33.180591: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:33.180594: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:33.180597: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.180600: | client network c0 00 16 00 Sep 21 07:34:33.180602: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.180605: | client mask ff ff ff 00 Sep 21 07:34:33.180607: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:33.180642: | outI1 HASH(1): Sep 21 07:34:33.180646: | 00 8f 07 22 ec 45 60 34 f2 19 6e e5 ff 44 9b c9 Sep 21 07:34:33.180649: | 87 7e da dd 41 bf 97 2a 07 88 71 d8 92 50 1a 4e Sep 21 07:34:33.180660: | no IKEv1 message padding required Sep 21 07:34:33.180664: | emitting length of ISAKMP Message: 476 Sep 21 07:34:33.180681: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #8) Sep 21 07:34:33.180684: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.180686: | 08 10 20 01 41 da 45 63 00 00 01 dc 70 38 a7 12 Sep 21 07:34:33.180688: | b9 2e 22 8a ab 59 f4 05 bc 18 1c b5 0b d3 74 e3 Sep 21 07:34:33.180691: | c5 40 f7 a8 fb 87 e2 1e 49 af 53 50 28 88 1a e8 Sep 21 07:34:33.180693: | 1b 72 ab 0c 65 c0 e7 db 8e d1 9e 7b 6e 85 b1 37 Sep 21 07:34:33.180695: | 33 3b 9e 71 8e 85 d2 70 2b 84 3c c9 52 1f 1b 5f Sep 21 07:34:33.180697: | 49 8d e6 55 b9 ee f4 d1 60 64 9a 8b 4b 1b 71 00 Sep 21 07:34:33.180700: | f3 7b 1f 3b 3d 00 66 5a 53 e8 a1 65 63 dd c8 1d Sep 21 07:34:33.180702: | b4 3a 8b 06 0f e3 1d 85 a9 a8 e0 a5 62 fa 57 4d Sep 21 07:34:33.180704: | 3c 0d 53 8b 16 12 ba bb 0f 92 01 21 08 14 56 32 Sep 21 07:34:33.180706: | 09 06 ce 13 9d 77 71 43 86 06 68 e6 79 20 b9 d3 Sep 21 07:34:33.180708: | 3a cf 4d 93 c1 af 81 06 12 d4 0b 25 74 af 87 6f Sep 21 07:34:33.180710: | 9a 1f 9f e8 a6 74 c6 d7 ed 67 cf b0 ce a4 3b 4e Sep 21 07:34:33.180713: | 8a f8 a0 13 87 06 73 d7 cf ae 28 18 80 c5 c5 e5 Sep 21 07:34:33.180715: | ca 00 8d a7 99 93 36 02 d5 1c 88 8c 05 68 84 a1 Sep 21 07:34:33.180717: | a3 3f 4e 7b de da e1 82 86 fa 72 e7 fa 48 21 5d Sep 21 07:34:33.180719: | a6 3c 00 1e f0 79 4f 8e 08 0a f7 39 99 cb e7 7a Sep 21 07:34:33.180722: | 6c 62 7b d4 e9 be df fb ec 34 84 64 fd b0 02 ac Sep 21 07:34:33.180724: | 7f ef e2 d7 1d fd b5 c2 32 d0 ab 72 59 f7 8b 33 Sep 21 07:34:33.180726: | 2e c4 7e 3a e3 cc c6 bf d2 be 0f dd aa 5a 31 8e Sep 21 07:34:33.180728: | 94 e1 2d 28 e7 ea 9d 2f 21 2e bf bb 5b 06 dc f4 Sep 21 07:34:33.180730: | ae ed cb 3a 6e 6d 40 d2 97 76 c4 06 1a 3d 50 35 Sep 21 07:34:33.180732: | dc 20 60 ca c1 83 b4 63 27 d9 37 8c 7e 52 ad 5c Sep 21 07:34:33.180735: | a6 03 c8 bb fd 27 b3 8b 0e aa d6 1c 6b cf 51 39 Sep 21 07:34:33.180737: | f7 2c 2b 79 d3 f2 15 06 77 fb d7 e7 10 71 4e c3 Sep 21 07:34:33.180739: | c5 1d c2 ab cb 5e 7b 58 71 55 34 95 76 ce f6 9a Sep 21 07:34:33.180741: | 91 e3 35 b9 75 1c d6 dc c6 fd 6c 25 7a ce 48 ca Sep 21 07:34:33.180743: | ee 11 b7 44 c3 00 4a 46 ec 71 1b dc 8d 7e 87 88 Sep 21 07:34:33.180745: | ba a8 ea be b3 29 12 5c 2e bb 6b e4 68 e2 60 2c Sep 21 07:34:33.180747: | b1 80 1b d2 01 bc 99 d7 77 df 97 a1 Sep 21 07:34:33.180802: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.180811: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:33.180814: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db459c3c0 Sep 21 07:34:33.180818: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db459c3c0 Sep 21 07:34:33.180822: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 Sep 21 07:34:33.180825: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:33.180831: | #8 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49919.549082 Sep 21 07:34:33.180835: | resume sending helper answer for #8 suppresed complete_v1_state_transition() Sep 21 07:34:33.180843: | #8 spent 0.615 milliseconds in resume sending helper answer Sep 21 07:34:33.180848: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:33.180852: | libevent_free: release ptr-libevent@0x7f0dc800a080 Sep 21 07:34:33.180855: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.180861: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.180865: | spent 0.00554 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:33.181137: | spent 0.00206 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.181151: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.181153: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181157: | 08 10 05 01 49 51 b5 11 00 00 00 5c 6d f3 ee 61 Sep 21 07:34:33.181159: | ed b8 2e e6 98 4e 64 08 f7 da 9a 4a d5 c1 3c 74 Sep 21 07:34:33.181160: | 34 a6 a1 43 4c f2 8b 7e 08 4b 80 5b 36 89 27 89 Sep 21 07:34:33.181162: | 65 b6 c5 93 5f a8 d6 08 fa 43 bd 0a 8b 5c 36 64 Sep 21 07:34:33.181163: | c0 e2 23 2d 69 8a 7a 69 e0 db ac 21 Sep 21 07:34:33.181167: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.181172: | **parse ISAKMP Message: Sep 21 07:34:33.181177: | initiator cookie: Sep 21 07:34:33.181179: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.181182: | responder cookie: Sep 21 07:34:33.181185: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181188: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.181192: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.181195: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.181198: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.181201: | Message ID: 1230091537 (0x4951b511) Sep 21 07:34:33.181204: | length: 92 (0x5c) Sep 21 07:34:33.181207: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.181212: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.181217: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:33.181220: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.181224: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.181227: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.181231: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.181234: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.181241: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.181252: | #1 is idle Sep 21 07:34:33.181255: | #1 idle Sep 21 07:34:33.181260: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.181271: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.181274: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.181277: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.181280: | length: 36 (0x24) Sep 21 07:34:33.181284: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.181287: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.181290: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181293: | length: 16 (0x10) Sep 21 07:34:33.181296: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.181299: | protocol ID: 3 (0x3) Sep 21 07:34:33.181301: | SPI size: 4 (0x4) Sep 21 07:34:33.181304: | number of SPIs: 1 (0x1) Sep 21 07:34:33.181307: | removing 12 bytes of padding Sep 21 07:34:33.181325: | informational HASH(1): Sep 21 07:34:33.181329: | a7 45 bc 82 68 81 2d c2 54 e0 10 47 7b 96 a0 47 Sep 21 07:34:33.181332: | 82 11 07 f5 ed 1e 76 e6 24 98 83 44 23 ce 2e b9 Sep 21 07:34:33.181336: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.181340: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.181342: | SPI 3c 06 be f5 Sep 21 07:34:33.181345: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.181350: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x3c06bef5) not found (maybe expired) Sep 21 07:34:33.181353: | del: Sep 21 07:34:33.181357: | #1 spent 1.79 milliseconds Sep 21 07:34:33.181359: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.181362: | #1 spent 0.00593 milliseconds in process_packet_tail() Sep 21 07:34:33.181365: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.181369: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.181372: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.181375: | spent 0.231 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.181493: | spent 0.00174 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.181501: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.181503: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181505: | 08 10 05 01 41 12 ec 82 00 00 00 5c f1 38 b4 ea Sep 21 07:34:33.181506: | 5a e8 79 60 3f 09 d5 c0 99 c1 05 77 b5 a9 53 21 Sep 21 07:34:33.181507: | 52 5d 67 2f 33 fe e2 52 09 df b6 3c 8d e0 6b 0e Sep 21 07:34:33.181509: | 46 c7 b7 18 41 87 0b af d1 9b c3 b7 02 74 69 fe Sep 21 07:34:33.181510: | c1 dd 81 be b1 c4 35 65 8f 0e 79 22 Sep 21 07:34:33.181513: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.181515: | **parse ISAKMP Message: Sep 21 07:34:33.181516: | initiator cookie: Sep 21 07:34:33.181518: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.181520: | responder cookie: Sep 21 07:34:33.181522: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181525: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.181528: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.181531: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.181534: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.181537: | Message ID: 1091759234 (0x4112ec82) Sep 21 07:34:33.181540: | length: 92 (0x5c) Sep 21 07:34:33.181543: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.181548: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.181551: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:33.181555: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.181559: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.181562: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.181565: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.181569: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.181575: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.181584: | #1 is idle Sep 21 07:34:33.181587: | #1 idle Sep 21 07:34:33.181591: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.181599: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.181603: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.181606: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.181608: | length: 36 (0x24) Sep 21 07:34:33.181612: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.181615: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.181618: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181621: | length: 16 (0x10) Sep 21 07:34:33.181624: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.181627: | protocol ID: 3 (0x3) Sep 21 07:34:33.181629: | SPI size: 4 (0x4) Sep 21 07:34:33.181632: | number of SPIs: 1 (0x1) Sep 21 07:34:33.181635: | removing 12 bytes of padding Sep 21 07:34:33.181652: | informational HASH(1): Sep 21 07:34:33.181656: | 15 ea 89 08 f3 b0 9c b5 79 2e 71 4b 99 b5 0e f3 Sep 21 07:34:33.181659: | 43 d6 0a 20 bf 82 0d 28 1e 8e 6d 27 47 56 d2 ca Sep 21 07:34:33.181662: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.181665: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.181668: | SPI de 04 92 97 Sep 21 07:34:33.181671: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.181674: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xde049297) not found (maybe expired) Sep 21 07:34:33.181678: | del: Sep 21 07:34:33.181681: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.181684: | #1 spent 0.00255 milliseconds in process_packet_tail() Sep 21 07:34:33.181687: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.181690: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.181692: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.181694: | spent 0.198 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.181865: | spent 0.00202 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.181879: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.181882: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181884: | 08 10 05 01 1e 7f f4 8e 00 00 00 5c bd 96 20 f4 Sep 21 07:34:33.181887: | 6a 69 fd 1e 06 18 ec be 70 2d ca fb b4 67 14 87 Sep 21 07:34:33.181890: | 72 43 48 47 2e 22 e1 2d 24 6b 55 6c 4d 98 8c f3 Sep 21 07:34:33.181893: | c4 57 25 c7 67 dd c5 d2 96 4b 54 4e bd 68 33 b3 Sep 21 07:34:33.181895: | 42 39 0b 34 82 96 eb ab 42 ab d8 f3 Sep 21 07:34:33.181901: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.181904: | **parse ISAKMP Message: Sep 21 07:34:33.181907: | initiator cookie: Sep 21 07:34:33.181910: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.181912: | responder cookie: Sep 21 07:34:33.181915: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181918: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.181921: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.181924: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.181927: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.181930: | Message ID: 511702158 (0x1e7ff48e) Sep 21 07:34:33.181933: | length: 92 (0x5c) Sep 21 07:34:33.181936: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.181941: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.181945: | peer and cookies match on #6; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:33.181948: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.181952: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.181956: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.181958: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.181961: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.181965: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.181972: | #1 is idle Sep 21 07:34:33.181974: | #1 idle Sep 21 07:34:33.181976: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.181981: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.181983: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.181985: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.181987: | length: 36 (0x24) Sep 21 07:34:33.181988: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.181990: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.181992: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181993: | length: 16 (0x10) Sep 21 07:34:33.181995: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.181996: | protocol ID: 3 (0x3) Sep 21 07:34:33.181997: | SPI size: 4 (0x4) Sep 21 07:34:33.181999: | number of SPIs: 1 (0x1) Sep 21 07:34:33.182000: | removing 12 bytes of padding Sep 21 07:34:33.182011: | informational HASH(1): Sep 21 07:34:33.182013: | 75 09 b1 b4 2a 35 1b 52 85 1a 91 36 85 f7 0c 22 Sep 21 07:34:33.182017: | 26 e1 17 68 fb 94 69 b7 31 ee 9b 1f 8c 61 1d 1c Sep 21 07:34:33.182018: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.182020: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.182022: | SPI 46 4c 04 b5 Sep 21 07:34:33.182023: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.182026: | start processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2506) Sep 21 07:34:33.182029: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #6 now Sep 21 07:34:33.182031: | state #6 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.182033: | libevent_free: release ptr-libevent@0x7f0dc8007500 Sep 21 07:34:33.182035: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db4596910 Sep 21 07:34:33.182037: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db4596910 Sep 21 07:34:33.182039: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #6 Sep 21 07:34:33.182041: | libevent_malloc: new ptr-libevent@0x7f0dc800a080 size 128 Sep 21 07:34:33.182044: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2550) Sep 21 07:34:33.182045: | del: Sep 21 07:34:33.182048: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.182051: | #1 spent 0.00242 milliseconds in process_packet_tail() Sep 21 07:34:33.182054: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.182057: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.182058: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.182061: | spent 0.187 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.182065: | timer_event_cb: processing event@0x557db4596910 Sep 21 07:34:33.182067: | handling event EVENT_SA_REPLACE for child state #6 Sep 21 07:34:33.182070: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.182073: | picked newest_ipsec_sa #6 for #6 Sep 21 07:34:33.182074: | replacing stale IPsec SA Sep 21 07:34:33.182077: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.182079: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.182082: | creating state object #9 at 0x557db45c0c80 Sep 21 07:34:33.182084: | State DB: adding IKEv1 state #9 in UNDEFINED Sep 21 07:34:33.182086: | pstats #9 ikev1.ipsec started Sep 21 07:34:33.182088: | duplicating state object #1 "north-dpd/0x2" as #9 for IPSEC SA Sep 21 07:34:33.182091: | #9 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:33.182093: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:33.182096: | suspend processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:33.182098: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:33.182103: | child state #9: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:33.182107: "north-dpd/0x1" #9: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #6 {using isakmp#1 msgid:f887d160 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:33.182109: | adding quick_outI1 KE work-order 16 for state #9 Sep 21 07:34:33.182111: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc80076a0 Sep 21 07:34:33.182113: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 Sep 21 07:34:33.182115: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:33.182122: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:33.182124: | resume processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:33.182126: | crypto helper 1 resuming Sep 21 07:34:33.182128: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f0db4002b20 Sep 21 07:34:33.182136: | crypto helper 1 starting work-order 16 for state #9 Sep 21 07:34:33.182146: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #6 Sep 21 07:34:33.182150: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 16 Sep 21 07:34:33.182151: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:33.182160: | libevent_free: release ptr-libevent@0x7f0dc800a080 Sep 21 07:34:33.182163: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db4596910 Sep 21 07:34:33.182168: | #6 spent 0.0948 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.182174: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.182179: | timer_event_cb: processing event@0x7f0db4002b20 Sep 21 07:34:33.182182: | handling event EVENT_SA_EXPIRE for child state #6 Sep 21 07:34:33.182186: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.182190: | picked newest_ipsec_sa #6 for #6 Sep 21 07:34:33.182192: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.182195: | pstats #6 ikev1.ipsec re-failed exchange-timeout Sep 21 07:34:33.182197: | pstats #6 ikev1.ipsec deleted completed Sep 21 07:34:33.182202: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.182205: "north-dpd/0x1" #6: deleting state (STATE_QUICK_I2) aged 23.473s and sending notification Sep 21 07:34:33.182208: | child state #6: QUICK_I2(established CHILD SA) => delete Sep 21 07:34:33.182212: | get_sa_info esp.464c04b5@192.1.2.23 Sep 21 07:34:33.182222: | get_sa_info esp.62fa2058@192.1.3.33 Sep 21 07:34:33.182229: "north-dpd/0x1" #6: ESP traffic information: in=84B out=84B Sep 21 07:34:33.182232: | #6 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:34:33.182235: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.182243: | **emit ISAKMP Message: Sep 21 07:34:33.182245: | initiator cookie: Sep 21 07:34:33.182248: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.182250: | responder cookie: Sep 21 07:34:33.182252: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.182255: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.182257: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.182260: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.182262: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.182265: | Message ID: 2369060831 (0x8d34ffdf) Sep 21 07:34:33.182267: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.182270: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.182273: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.182276: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.182278: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.182281: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.182284: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.182286: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.182289: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.182291: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.182293: | protocol ID: 3 (0x3) Sep 21 07:34:33.182295: | SPI size: 4 (0x4) Sep 21 07:34:33.182298: | number of SPIs: 1 (0x1) Sep 21 07:34:33.182301: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.182303: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.182306: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.182311: | delete payload 62 fa 20 58 Sep 21 07:34:33.182314: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.182333: | send delete HASH(1): Sep 21 07:34:33.182336: | 68 c7 fd b4 6e 0b 31 c6 ca f7 d4 88 7e 56 5a c2 Sep 21 07:34:33.182338: | 00 3f db 27 77 2d 04 02 2c 18 48 79 cb d4 36 ef Sep 21 07:34:33.182345: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.182347: | no IKEv1 message padding required Sep 21 07:34:33.182350: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.182359: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:33.182362: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.182364: | 08 10 05 01 8d 34 ff df 00 00 00 5c 28 42 60 50 Sep 21 07:34:33.182366: | 8f f1 15 00 54 71 43 0a 99 0b 14 13 bc 20 b1 20 Sep 21 07:34:33.182369: | 62 0d eb c9 d2 a8 88 b6 3b a0 d9 d1 0b 80 aa 40 Sep 21 07:34:33.182371: | f8 d6 9a 3f 17 4f 51 4d 64 5c 1a 73 b7 a8 01 8a Sep 21 07:34:33.182373: | 85 aa e8 c5 4d 4f 59 e8 2d e3 08 b1 Sep 21 07:34:33.182542: | running updown command "ipsec _updown" for verb down Sep 21 07:34:33.182548: | command executing down-client Sep 21 07:34:33.182583: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:33.182592: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:33.182612: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051249' PLUTO_CONN_POLIC Sep 21 07:34:33.182615: | popen cmd is 1409 chars long Sep 21 07:34:33.182618: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Sep 21 07:34:33.182621: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:34:33.182623: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Sep 21 07:34:33.182626: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Sep 21 07:34:33.182629: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Sep 21 07:34:33.182631: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Sep 21 07:34:33.182634: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Sep 21 07:34:33.182636: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Sep 21 07:34:33.182639: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Sep 21 07:34:33.182642: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:34:33.182644: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:34:33.182647: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:34:33.182652: | cmd( 960):TIME='1569051249' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SA: Sep 21 07:34:33.182654: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Sep 21 07:34:33.182657: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Sep 21 07:34:33.182660: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Sep 21 07:34:33.182662: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Sep 21 07:34:33.182665: | cmd(1360):=0x464c04b5 SPI_OUT=0x62fa2058 ipsec _updown 2>&1: Sep 21 07:34:33.183204: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 16 time elapsed 0.001055 seconds Sep 21 07:34:33.183216: | (#9) spent 1 milliseconds in crypto helper computing work-order 16: quick_outI1 KE (pcr) Sep 21 07:34:33.183219: | crypto helper 1 sending results from work-order 16 for state #9 to event queue Sep 21 07:34:33.183222: | scheduling resume sending helper answer for #9 Sep 21 07:34:33.183226: | libevent_malloc: new ptr-libevent@0x7f0dc000b650 size 128 Sep 21 07:34:33.183231: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:33.194368: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:34:33.194380: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:34:33.194383: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.194387: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.194422: | delete esp.464c04b5@192.1.2.23 Sep 21 07:34:33.194449: | netlink response for Del SA esp.464c04b5@192.1.2.23 included non-error error Sep 21 07:34:33.194452: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.194459: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.194506: | raw_eroute result=success Sep 21 07:34:33.194511: | delete esp.62fa2058@192.1.3.33 Sep 21 07:34:33.194532: | netlink response for Del SA esp.62fa2058@192.1.3.33 included non-error error Sep 21 07:34:33.194537: | in connection_discard for connection north-dpd/0x1 Sep 21 07:34:33.194540: | State DB: deleting IKEv1 state #6 in QUICK_I2 Sep 21 07:34:33.194544: | child state #6: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.194561: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.194571: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:33.194574: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f0db4002b20 Sep 21 07:34:33.194577: | in statetime_stop() and could not find #6 Sep 21 07:34:33.194580: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.194594: | spent 0.00197 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.194606: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.194609: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194611: | 08 10 05 01 f0 f7 aa e2 00 00 00 5c e0 e3 c3 7a Sep 21 07:34:33.194614: | 57 2f 7d f4 38 0d 59 76 c6 66 59 4e 3f 46 d3 cd Sep 21 07:34:33.194616: | 2e 84 03 ec 8d 42 0e b7 87 2d 84 a4 22 42 93 63 Sep 21 07:34:33.194618: | e9 f5 b6 39 54 4a 97 13 2b cf 5a 51 96 75 2f 40 Sep 21 07:34:33.194621: | 8f a4 2c f7 f2 c0 7d 54 c0 75 39 ee Sep 21 07:34:33.194625: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.194628: | **parse ISAKMP Message: Sep 21 07:34:33.194631: | initiator cookie: Sep 21 07:34:33.194633: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.194635: | responder cookie: Sep 21 07:34:33.194637: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194640: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.194643: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.194648: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.194651: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.194654: | Message ID: 4042762978 (0xf0f7aae2) Sep 21 07:34:33.194656: | length: 92 (0x5c) Sep 21 07:34:33.194659: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.194663: | peer and cookies match on #9; msgid=00000000 st_msgid=f887d160 st_msgid_phase15=00000000 Sep 21 07:34:33.194667: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.194670: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.194673: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.194676: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.194678: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.194681: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.194687: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.194737: | #1 is idle Sep 21 07:34:33.194741: | #1 idle Sep 21 07:34:33.194745: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.194758: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.194761: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.194764: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.194766: | length: 36 (0x24) Sep 21 07:34:33.194769: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.194772: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.194774: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194776: | length: 16 (0x10) Sep 21 07:34:33.194779: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.194781: | protocol ID: 3 (0x3) Sep 21 07:34:33.194789: | SPI size: 4 (0x4) Sep 21 07:34:33.194793: | number of SPIs: 1 (0x1) Sep 21 07:34:33.194795: | removing 12 bytes of padding Sep 21 07:34:33.194814: | informational HASH(1): Sep 21 07:34:33.194817: | e2 7e 5a e3 c4 4c ca 18 05 1b 71 29 9f 99 c6 91 Sep 21 07:34:33.194820: | 1d bf a6 d7 18 24 d2 0d 3a 59 78 a5 5c bf 1b 82 Sep 21 07:34:33.194823: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.194826: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.194828: | SPI 24 fe 65 a2 Sep 21 07:34:33.194831: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.194835: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x24fe65a2) not found (maybe expired) Sep 21 07:34:33.194837: | del: Sep 21 07:34:33.194842: | #1 spent 1.02 milliseconds Sep 21 07:34:33.194845: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.194850: | #1 spent 0.00813 milliseconds in process_packet_tail() Sep 21 07:34:33.194855: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.194860: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.194863: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.194867: | spent 0.237 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.194874: | processing resume sending helper answer for #9 Sep 21 07:34:33.194879: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:33.194883: | crypto helper 1 replies to request ID 16 Sep 21 07:34:33.194885: | calling continuation function 0x557db2ef5630 Sep 21 07:34:33.194888: | quick_outI1_continue for #9: calculated ke+nonce, sending I1 Sep 21 07:34:33.194893: | **emit ISAKMP Message: Sep 21 07:34:33.194896: | initiator cookie: Sep 21 07:34:33.194898: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.194900: | responder cookie: Sep 21 07:34:33.194904: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194907: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194909: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.194912: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:33.194914: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.194917: | Message ID: 4169650528 (0xf887d160) Sep 21 07:34:33.194919: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.194922: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.194924: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194927: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.194930: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.194933: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.194936: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.194938: | emitting quick defaults using policy none Sep 21 07:34:33.194941: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:33.194944: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:33.194947: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:33.194949: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.194952: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:33.194955: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:33.194957: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.194960: | ****emit IPsec DOI SIT: Sep 21 07:34:33.194962: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:33.194965: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:33.194967: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:33.194970: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:33.194972: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194975: | proposal number: 0 (0x0) Sep 21 07:34:33.194977: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:33.194980: | SPI size: 4 (0x4) Sep 21 07:34:33.194982: | number of transforms: 2 (0x2) Sep 21 07:34:33.194985: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:33.194999: | netlink_get_spi: allocated 0xa74c642b for esp.0@192.1.3.33 Sep 21 07:34:33.195002: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:33.195004: | SPI a7 4c 64 2b Sep 21 07:34:33.195007: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:33.195009: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.195011: | ESP transform number: 0 (0x0) Sep 21 07:34:33.195014: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:33.195017: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:33.195020: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195023: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:33.195025: | length/value: 14 (0xe) Sep 21 07:34:33.195028: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.195031: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195033: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:33.195035: | length/value: 1 (0x1) Sep 21 07:34:33.195038: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:33.195041: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195043: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:33.195045: | length/value: 1 (0x1) Sep 21 07:34:33.195047: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:33.195050: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195052: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:33.195056: | length/value: 28800 (0x7080) Sep 21 07:34:33.195058: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195061: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:33.195063: | length/value: 2 (0x2) Sep 21 07:34:33.195066: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:33.195068: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195071: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:33.195073: | length/value: 128 (0x80) Sep 21 07:34:33.195076: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:33.195078: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:33.195081: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.195083: | ESP transform number: 1 (0x1) Sep 21 07:34:33.195086: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:33.195089: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.195092: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:33.195094: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195097: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:33.195099: | length/value: 14 (0xe) Sep 21 07:34:33.195101: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.195103: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195106: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:33.195108: | length/value: 1 (0x1) Sep 21 07:34:33.195110: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:33.195113: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195115: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:33.195117: | length/value: 1 (0x1) Sep 21 07:34:33.195119: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:33.195122: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195124: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:33.195126: | length/value: 28800 (0x7080) Sep 21 07:34:33.195129: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:33.195131: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:33.195133: | length/value: 2 (0x2) Sep 21 07:34:33.195135: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:33.195138: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:33.195141: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:33.195143: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:33.195146: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:33.195149: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:33.195152: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:33.195155: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:33.195158: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:33.195161: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:33.195163: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.195167: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:33.195169: | Ni a5 22 55 fb 8b 11 4a 17 3b 82 16 c8 ee 3e 29 48 Sep 21 07:34:33.195172: | Ni e8 8d de 03 f4 70 ce e3 41 67 db d5 d6 6b 56 50 Sep 21 07:34:33.195174: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:33.195177: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:33.195180: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:33.195182: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:33.195185: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:33.195189: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.195192: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:33.195194: | keyex value 4d 12 65 cd f4 c5 51 0e 09 2e ad 72 a8 1e ac a6 Sep 21 07:34:33.195196: | keyex value 7e 6a 8f ac ef 1c 3d 50 6a cb e8 0a 94 fe 6c 43 Sep 21 07:34:33.195198: | keyex value d2 23 72 c3 f2 c0 14 ca f3 fa c0 a6 3b 3a 58 32 Sep 21 07:34:33.195201: | keyex value cb aa a0 25 b8 4d 2c 1b 82 b5 58 67 0f d1 9e 4f Sep 21 07:34:33.195203: | keyex value df da 3b 6c 48 ca 17 35 c4 14 29 af 1c fc 7f 54 Sep 21 07:34:33.195205: | keyex value c0 86 ca 42 cd 1b 08 2e 0d 93 76 f1 d6 3c 55 e9 Sep 21 07:34:33.195207: | keyex value 7b ac 98 d7 43 0d d9 31 e2 af 96 8b 0f 5d 54 7a Sep 21 07:34:33.195209: | keyex value 86 01 de cb 18 c7 cf 25 29 65 e9 ea f1 cf 93 ac Sep 21 07:34:33.195211: | keyex value 0b cc 23 d9 5d d4 19 7b 3c 79 40 81 25 9a d8 af Sep 21 07:34:33.195213: | keyex value 76 10 9f 7e 8a c0 32 ba e8 21 ec 85 37 49 16 aa Sep 21 07:34:33.195215: | keyex value a7 4e 18 bb 9f 00 66 63 02 b9 54 55 5d b5 46 5e Sep 21 07:34:33.195218: | keyex value f7 69 a9 4d 5c 86 e9 7c 1f 5f 57 44 d0 30 87 a1 Sep 21 07:34:33.195220: | keyex value fa 22 82 4e 65 1f f7 35 0d 35 29 92 fa 39 ef d1 Sep 21 07:34:33.195222: | keyex value aa ba af 56 31 4b ff 22 20 15 a4 39 a6 d6 fd 35 Sep 21 07:34:33.195224: | keyex value c2 8f 52 d7 98 ad 6f 9f a0 ca 9a a6 3d af 3f 0b Sep 21 07:34:33.195227: | keyex value 5e 75 d1 b8 09 2e a2 00 75 db fb 56 60 0a f3 c1 Sep 21 07:34:33.195229: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:33.195232: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:33.195234: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:33.195237: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:33.195239: | Protocol ID: 0 (0x0) Sep 21 07:34:33.195242: | port: 0 (0x0) Sep 21 07:34:33.195245: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:33.195248: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:33.195251: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:33.195254: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.195257: | client network c0 00 03 00 Sep 21 07:34:33.195260: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.195262: | client mask ff ff ff 00 Sep 21 07:34:33.195264: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:33.195267: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:33.195269: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.195272: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:33.195274: | Protocol ID: 0 (0x0) Sep 21 07:34:33.195277: | port: 0 (0x0) Sep 21 07:34:33.195280: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:33.195283: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:33.195286: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.195288: | client network c0 00 02 00 Sep 21 07:34:33.195291: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:33.195293: | client mask ff ff ff 00 Sep 21 07:34:33.195296: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:33.195319: | outI1 HASH(1): Sep 21 07:34:33.195323: | e3 22 75 69 2a 81 d6 cd ad 63 59 5c 35 c5 48 64 Sep 21 07:34:33.195325: | 44 f0 9f e2 44 a4 7c 29 9e d4 b9 92 e6 84 40 14 Sep 21 07:34:33.195332: | no IKEv1 message padding required Sep 21 07:34:33.195335: | emitting length of ISAKMP Message: 476 Sep 21 07:34:33.195347: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #9) Sep 21 07:34:33.195350: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195353: | 08 10 20 01 f8 87 d1 60 00 00 01 dc 09 1b f7 28 Sep 21 07:34:33.195355: | 6b b4 40 f0 26 0b 4e 9a 46 da 70 c6 b2 2e bb 31 Sep 21 07:34:33.195357: | 81 2d 37 16 59 7b b2 dc 02 25 c7 2f b8 d5 a2 39 Sep 21 07:34:33.195359: | 4f 2a 80 5f 76 77 2b 22 35 f0 1a af 71 45 ce cb Sep 21 07:34:33.195361: | 93 6d f0 90 f2 7f 6b 50 21 ee 4c 02 ae 7b d0 95 Sep 21 07:34:33.195363: | 93 a8 bc 35 6b c6 de 57 6f 96 96 9e 5c ce dc d3 Sep 21 07:34:33.195365: | 14 5d 5e ea 5f 8f b6 e5 05 ec 9b 2a d1 fa 0a 25 Sep 21 07:34:33.195367: | fd 88 34 21 e9 c2 da ca eb 43 2e 41 12 dc c2 6d Sep 21 07:34:33.195369: | 3f 17 ab 0e f9 50 f8 3b ef 21 a0 72 26 f3 cd 8e Sep 21 07:34:33.195371: | 01 ac e0 33 21 28 4d d0 0c c3 4b 20 e0 1c c2 7b Sep 21 07:34:33.195374: | ab 6c 9d d1 bb e4 50 9b 46 90 df 5a b2 81 7d 68 Sep 21 07:34:33.195376: | bb 46 58 c8 98 60 98 1e ae d3 42 c1 2b 28 4e cb Sep 21 07:34:33.195378: | 27 1c 21 46 f8 bf a9 ce c4 59 e0 b3 93 bf ba 5e Sep 21 07:34:33.195380: | f6 7c c7 e3 35 4f c2 62 18 b0 65 84 ab 6f 02 72 Sep 21 07:34:33.195382: | 90 cf 2c b3 3e e6 cc 66 47 0d fe 3b e6 65 b8 1a Sep 21 07:34:33.195385: | b9 3f 2c ec 28 b4 75 96 57 bd ec 58 59 86 d4 2d Sep 21 07:34:33.195387: | 91 11 32 fa d3 38 be 2c 0d 97 64 98 9f 70 e1 71 Sep 21 07:34:33.195389: | 47 7c 5c 10 2e 40 6c fc 3e 4f d6 66 15 29 c0 bd Sep 21 07:34:33.195391: | 48 4f 74 07 d3 5c 98 e2 b0 99 92 3f bc fd fe 2a Sep 21 07:34:33.195393: | 74 ea a7 cb 65 90 7e 21 9a d0 9d f1 2e b3 6d 0f Sep 21 07:34:33.195395: | ff d2 ef 3c 88 f3 e5 b4 7a 0f 93 81 3d 57 6c f5 Sep 21 07:34:33.195397: | c7 ce 34 47 ac 16 06 ca e8 0b df d7 d7 cc 93 c1 Sep 21 07:34:33.195400: | 55 b2 2c 58 80 29 8d d7 3e af ca fd dc 32 91 65 Sep 21 07:34:33.195402: | b5 b0 d0 89 da f5 46 bd 20 d7 db 3b 88 3d c3 e2 Sep 21 07:34:33.195404: | 7f 0d a7 33 9c 2a d1 e3 58 2f 66 10 bc 7f 23 27 Sep 21 07:34:33.195406: | d5 a3 b9 0c 9e af 3f 8c 54 95 79 9e 36 d0 9c 27 Sep 21 07:34:33.195409: | 22 ed d1 3d 90 af ef b0 32 59 aa 3a 7a 9f 72 6e Sep 21 07:34:33.195411: | f9 36 11 36 6d f0 f4 ce a4 4e c2 a8 1b 8e 46 61 Sep 21 07:34:33.195413: | f4 e9 fc cd a9 8a 50 0b 48 88 6e 3c Sep 21 07:34:33.195440: | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.195445: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:33.195448: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0dc80076a0 Sep 21 07:34:33.195451: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f0dc80076a0 Sep 21 07:34:33.195455: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9 Sep 21 07:34:33.195458: | libevent_malloc: new ptr-libevent@0x7f0db8006530 size 128 Sep 21 07:34:33.195463: | #9 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49919.563715 Sep 21 07:34:33.195466: | resume sending helper answer for #9 suppresed complete_v1_state_transition() Sep 21 07:34:33.195471: | #9 spent 0.575 milliseconds in resume sending helper answer Sep 21 07:34:33.195476: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:33.195479: | libevent_free: release ptr-libevent@0x7f0dc000b650 Sep 21 07:34:33.195482: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.195487: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.195491: | spent 0.00535 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:33.195502: | spent 0.00151 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.195512: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.195515: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195517: | 08 10 05 01 9f 3d 1d ce 00 00 00 5c e8 c0 ac f9 Sep 21 07:34:33.195519: | 4e 9f 91 55 c9 00 85 21 03 c7 d4 2d 85 42 60 17 Sep 21 07:34:33.195522: | 84 20 e2 73 bd 27 e5 fe ef 61 5b 54 57 b3 bb 4a Sep 21 07:34:33.195524: | 31 53 c7 36 54 4c 8d b8 6f f1 7a 71 3d 62 21 c2 Sep 21 07:34:33.195526: | 12 a6 c7 30 4e be 80 bc 31 46 19 3e Sep 21 07:34:33.195530: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.195533: | **parse ISAKMP Message: Sep 21 07:34:33.195536: | initiator cookie: Sep 21 07:34:33.195538: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.195540: | responder cookie: Sep 21 07:34:33.195543: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195545: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.195548: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.195551: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.195553: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.195556: | Message ID: 2671582670 (0x9f3d1dce) Sep 21 07:34:33.195559: | length: 92 (0x5c) Sep 21 07:34:33.195562: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.195565: | peer and cookies match on #9; msgid=00000000 st_msgid=f887d160 st_msgid_phase15=00000000 Sep 21 07:34:33.195568: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.195571: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.195574: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.195577: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.195579: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.195582: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.195587: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.195596: | #1 is idle Sep 21 07:34:33.195599: | #1 idle Sep 21 07:34:33.195602: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.195610: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.195613: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.195616: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.195619: | length: 36 (0x24) Sep 21 07:34:33.195621: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.195624: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.195627: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.195629: | length: 16 (0x10) Sep 21 07:34:33.195631: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.195634: | protocol ID: 3 (0x3) Sep 21 07:34:33.195636: | SPI size: 4 (0x4) Sep 21 07:34:33.195638: | number of SPIs: 1 (0x1) Sep 21 07:34:33.195641: | removing 12 bytes of padding Sep 21 07:34:33.195657: | informational HASH(1): Sep 21 07:34:33.195660: | bd a6 6b b4 44 f0 24 8f 78 d7 cd 49 3a b6 49 31 Sep 21 07:34:33.195662: | 80 05 35 d1 94 69 d4 c2 e3 e9 18 de b4 b8 57 89 Sep 21 07:34:33.195665: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.195668: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:33.195670: | SPI 9b 1d 50 1b Sep 21 07:34:33.195672: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:33.195675: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9b1d501b) not found (maybe expired) Sep 21 07:34:33.195678: | del: Sep 21 07:34:33.195681: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.195686: | #1 spent 0.00349 milliseconds in process_packet_tail() Sep 21 07:34:33.195692: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:33.195697: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:33.195700: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.195703: | spent 0.197 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.195711: | spent 0.00148 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.195720: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:33.195723: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195725: | 08 10 05 01 03 f8 ef 6e 00 00 00 5c f5 2d 2d 39 Sep 21 07:34:33.195727: | 0b c4 94 a1 68 87 bd 09 c7 1f 0a 80 03 63 07 a8 Sep 21 07:34:33.195729: | f0 4a 01 cf 6d 9f 5c 77 27 2d 55 df 7a 7b f2 59 Sep 21 07:34:33.195731: | 9d b0 d7 1c 0a c0 9d eb 94 f3 43 d0 bc 23 d3 c9 Sep 21 07:34:33.195734: | 02 19 98 e4 48 0c c0 7f c8 85 96 66 Sep 21 07:34:33.195737: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.195740: | **parse ISAKMP Message: Sep 21 07:34:33.195743: | initiator cookie: Sep 21 07:34:33.195745: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.195748: | responder cookie: Sep 21 07:34:33.195750: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195752: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:33.195755: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.195757: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.195760: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.195762: | Message ID: 66645870 (0x3f8ef6e) Sep 21 07:34:33.195765: | length: 92 (0x5c) Sep 21 07:34:33.195768: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:33.195771: | peer and cookies match on #9; msgid=00000000 st_msgid=f887d160 st_msgid_phase15=00000000 Sep 21 07:34:33.195774: | peer and cookies match on #8; msgid=00000000 st_msgid=41da4563 st_msgid_phase15=00000000 Sep 21 07:34:33.195777: | peer and cookies match on #5; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:33.195779: | peer and cookies match on #4; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:33.195799: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:33.195804: | p15 state object #1 found, in STATE_MAIN_I4 Sep 21 07:34:33.195807: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:33.195812: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:33.195820: | #1 is idle Sep 21 07:34:33.195823: | #1 idle Sep 21 07:34:33.195827: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:33.195834: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:33.195837: | ***parse ISAKMP Hash Payload: Sep 21 07:34:33.195840: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:33.195842: | length: 36 (0x24) Sep 21 07:34:33.195845: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:33.195847: | ***parse ISAKMP Delete Payload: Sep 21 07:34:33.195850: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.195852: | length: 28 (0x1c) Sep 21 07:34:33.195854: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.195856: | protocol ID: 1 (0x1) Sep 21 07:34:33.195858: | SPI size: 16 (0x10) Sep 21 07:34:33.195861: | number of SPIs: 1 (0x1) Sep 21 07:34:33.195878: | informational HASH(1): Sep 21 07:34:33.195882: | cb ad 35 d7 d4 72 3c bd 98 b3 49 0b 16 d3 ad 45 Sep 21 07:34:33.195885: | 6a 28 66 29 da b9 15 54 6d a5 f9 2c eb 8d bf f0 Sep 21 07:34:33.195888: | received 'informational' message HASH(1) data ok Sep 21 07:34:33.195890: | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie Sep 21 07:34:33.195893: | iCookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.195897: | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie Sep 21 07:34:33.195899: | rCookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.195903: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:34:33.195905: | del: Sep 21 07:34:33.195909: "north-dpd/0x2" #1: received Delete SA payload: self-deleting ISAKMP State #1 Sep 21 07:34:33.195912: | pstats #1 ikev1.isakmp deleted completed Sep 21 07:34:33.195916: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.195919: "north-dpd/0x2" #1: deleting state (STATE_MAIN_I4) aged 66.348s and sending notification Sep 21 07:34:33.195922: | parent state #1: MAIN_I4(established IKE SA) => delete Sep 21 07:34:33.195982: | #1 send IKEv1 delete notification for STATE_MAIN_I4 Sep 21 07:34:33.195989: | **emit ISAKMP Message: Sep 21 07:34:33.195992: | initiator cookie: Sep 21 07:34:33.195994: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.195996: | responder cookie: Sep 21 07:34:33.195998: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.196001: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.196003: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.196006: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.196008: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.196011: | Message ID: 3412030493 (0xcb5f741d) Sep 21 07:34:33.196013: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.196016: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.196018: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.196021: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.196024: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.196027: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.196030: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.196032: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.196035: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.196037: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.196039: | protocol ID: 1 (0x1) Sep 21 07:34:33.196042: | SPI size: 16 (0x10) Sep 21 07:34:33.196044: | number of SPIs: 1 (0x1) Sep 21 07:34:33.196047: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.196049: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.196052: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:34:33.196055: | initiator SPI 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.196057: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:34:33.196060: | responder SPI 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.196062: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:34:33.196079: | send delete HASH(1): Sep 21 07:34:33.196083: | 79 61 70 f9 7c bf 19 67 eb aa e7 3e 5c 9f c7 12 Sep 21 07:34:33.196085: | 0e d3 28 63 6e 42 9a 92 a3 a0 17 5b ec 17 a4 4e Sep 21 07:34:33.196092: | no IKEv1 message padding required Sep 21 07:34:33.196095: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.196108: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:33.196112: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.196114: | 08 10 05 01 cb 5f 74 1d 00 00 00 5c bd de c5 d6 Sep 21 07:34:33.196116: | b9 87 b8 19 15 45 2c 65 b2 05 51 72 90 fe d5 41 Sep 21 07:34:33.196118: | 98 82 06 96 80 88 a0 97 00 69 49 7a 09 ae b1 7c Sep 21 07:34:33.196121: | 76 61 96 a0 21 a2 ee bb ee 9b b8 e3 54 f4 07 69 Sep 21 07:34:33.196123: | 21 f1 87 88 37 87 fb ab d3 a0 a8 55 Sep 21 07:34:33.196148: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.196155: | libevent_free: release ptr-libevent@0x557db4595480 Sep 21 07:34:33.196159: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db4596720 Sep 21 07:34:33.196163: "north-dpd/0x2" #1: reschedule pending child #9 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Sep 21 07:34:33.196166: | state #9 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.196168: | #9 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:33.196172: | libevent_free: release ptr-libevent@0x7f0db8006530 Sep 21 07:34:33.196174: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f0dc80076a0 Sep 21 07:34:33.196177: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0dc80076a0 Sep 21 07:34:33.196181: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #9 Sep 21 07:34:33.196184: | libevent_malloc: new ptr-libevent@0x7f0dc000b650 size 128 Sep 21 07:34:33.196187: "north-dpd/0x2" #1: reschedule pending child #8 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Sep 21 07:34:33.196190: | state #8 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.196193: | #8 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:33.196196: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:33.196198: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db459c3c0 Sep 21 07:34:33.196201: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db459c3c0 Sep 21 07:34:33.196205: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #8 Sep 21 07:34:33.196207: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:33.196211: "north-dpd/0x2" #1: reschedule pending child #5 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Sep 21 07:34:33.196214: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.196216: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:34:33.196219: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557db4595380 Sep 21 07:34:33.196222: | event_schedule: new EVENT_SA_REPLACE-pe@0x557db4595380 Sep 21 07:34:33.196225: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #5 Sep 21 07:34:33.196227: | libevent_malloc: new ptr-libevent@0x7f0dc0004f00 size 128 Sep 21 07:34:33.196230: "north-dpd/0x2" #1: reschedule pending child #4 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Sep 21 07:34:33.196233: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.196236: | libevent_free: release ptr-libevent@0x7f0dc40036d0 Sep 21 07:34:33.196239: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f0db8005860 Sep 21 07:34:33.196241: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f0db8005860 Sep 21 07:34:33.196245: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Sep 21 07:34:33.196247: | libevent_malloc: new ptr-libevent@0x7f0dc40036d0 size 128 Sep 21 07:34:33.196250: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:33.196253: | picked newest_isakmp_sa #0 for #1 Sep 21 07:34:33.196256: "north-dpd/0x2" #1: deleting IKE SA for connection 'north-dpd/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:34:33.196259: | add revival: connection 'north-dpd/0x2' added to the list and scheduled for 0 seconds Sep 21 07:34:33.196262: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:34:33.196266: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:33.196269: | State DB: deleting IKEv1 state #1 in MAIN_I4 Sep 21 07:34:33.196272: | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) Sep 21 07:34:33.196284: | unreference key: 0x557db45b3cc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:34:33.196297: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.196308: | unreference key: 0x557db45b3cc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.196316: | unreference key: 0x557db45b4830 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.196320: | unreference key: 0x557db45955a0 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:33.196325: | unreference key: 0x557db459c2d0 east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.196329: | unreference key: 0x557db459dc50 192.1.2.23 cnt 1-- Sep 21 07:34:33.196336: | in statetime_start() with no state Sep 21 07:34:33.196340: | complete v1 state transition with STF_IGNORE Sep 21 07:34:33.196344: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:33.196348: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:33.196350: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.196355: | spent 0.607 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.196362: | timer_event_cb: processing event@0x7f0dc80076a0 Sep 21 07:34:33.196365: | handling event EVENT_SA_REPLACE for child state #9 Sep 21 07:34:33.196370: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.196373: | picked newest_ipsec_sa #0 for #9 Sep 21 07:34:33.196376: | replacing stale IPsec SA Sep 21 07:34:33.196380: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.196382: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.196389: | creating state object #10 at 0x557db459cf40 Sep 21 07:34:33.196392: | State DB: adding IKEv1 state #10 in UNDEFINED Sep 21 07:34:33.196400: | pstats #10 ikev1.isakmp started Sep 21 07:34:33.196407: | suspend processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:34:33.196412: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:34:33.196415: | parent state #10: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Sep 21 07:34:33.196418: | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) Sep 21 07:34:33.196422: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #10 "north-dpd/0x1" Sep 21 07:34:33.196425: "north-dpd/0x1" #10: initiating Main Mode Sep 21 07:34:33.196430: | **emit ISAKMP Message: Sep 21 07:34:33.196432: | initiator cookie: Sep 21 07:34:33.196435: | 7a 44 0d e6 0b 05 4e ef Sep 21 07:34:33.196437: | responder cookie: Sep 21 07:34:33.196439: | 00 00 00 00 00 00 00 00 Sep 21 07:34:33.196442: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:33.196444: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.196447: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:33.196449: | flags: none (0x0) Sep 21 07:34:33.196451: | Message ID: 0 (0x0) Sep 21 07:34:33.196454: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.196457: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:34:33.196460: | no specific IKE algorithms specified - using defaults Sep 21 07:34:33.196484: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196490: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196494: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196499: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196504: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196509: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196514: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196518: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196522: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:34:33.196529: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196533: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196537: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:34:33.196541: | oakley_alg_makedb() returning 0x557db45aa110 Sep 21 07:34:33.196546: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:33.196549: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:33.196551: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.196554: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:33.196557: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:33.196560: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.196563: | ****emit IPsec DOI SIT: Sep 21 07:34:33.196565: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:33.196568: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:33.196571: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Sep 21 07:34:33.196573: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:33.196576: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.196578: | proposal number: 0 (0x0) Sep 21 07:34:33.196580: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:34:33.196583: | SPI size: 0 (0x0) Sep 21 07:34:33.196585: | number of transforms: 18 (0x12) Sep 21 07:34:33.196588: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:33.196591: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.196594: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196596: | ISAKMP transform number: 0 (0x0) Sep 21 07:34:33.196598: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.196600: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.196603: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196606: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.196608: | length/value: 1 (0x1) Sep 21 07:34:33.196612: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.196614: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196617: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.196619: | length/value: 3600 (0xe10) Sep 21 07:34:33.196622: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196625: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.196627: | length/value: 7 (0x7) Sep 21 07:34:33.196629: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.196631: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196634: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.196636: | length/value: 4 (0x4) Sep 21 07:34:33.196638: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.196640: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196643: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.196645: | length/value: 3 (0x3) Sep 21 07:34:33.196647: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.196649: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196651: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.196653: | length/value: 14 (0xe) Sep 21 07:34:33.196656: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.196658: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196660: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.196663: | length/value: 256 (0x100) Sep 21 07:34:33.196665: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.196668: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.196670: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196674: | ISAKMP transform number: 1 (0x1) Sep 21 07:34:33.196676: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.196679: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196682: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.196685: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196687: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.196689: | length/value: 1 (0x1) Sep 21 07:34:33.196691: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.196694: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196696: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.196698: | length/value: 3600 (0xe10) Sep 21 07:34:33.196701: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196703: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.196706: | length/value: 7 (0x7) Sep 21 07:34:33.196708: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.196710: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196713: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.196715: | length/value: 4 (0x4) Sep 21 07:34:33.196717: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.196719: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196722: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.196724: | length/value: 3 (0x3) Sep 21 07:34:33.196726: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.196728: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196731: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.196733: | length/value: 14 (0xe) Sep 21 07:34:33.196735: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.196738: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196740: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.196742: | length/value: 128 (0x80) Sep 21 07:34:33.196745: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.196747: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.196750: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196752: | ISAKMP transform number: 2 (0x2) Sep 21 07:34:33.196755: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.196757: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196760: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.196763: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196766: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.196768: | length/value: 1 (0x1) Sep 21 07:34:33.196770: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.196773: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196775: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.196778: | length/value: 3600 (0xe10) Sep 21 07:34:33.196781: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196789: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.196795: | length/value: 7 (0x7) Sep 21 07:34:33.196797: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.196800: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196802: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.196804: | length/value: 6 (0x6) Sep 21 07:34:33.196807: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.196809: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196812: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.196814: | length/value: 3 (0x3) Sep 21 07:34:33.196817: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.196819: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196822: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.196824: | length/value: 14 (0xe) Sep 21 07:34:33.196827: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.196831: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196833: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.196836: | length/value: 256 (0x100) Sep 21 07:34:33.196839: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.196841: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.196844: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196846: | ISAKMP transform number: 3 (0x3) Sep 21 07:34:33.196848: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.196852: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196855: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.196858: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196861: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.196863: | length/value: 1 (0x1) Sep 21 07:34:33.196865: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.196868: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196870: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.196873: | length/value: 3600 (0xe10) Sep 21 07:34:33.196876: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196878: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.196881: | length/value: 7 (0x7) Sep 21 07:34:33.196883: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.196886: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196888: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.196890: | length/value: 6 (0x6) Sep 21 07:34:33.196893: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.196895: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196898: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.196900: | length/value: 3 (0x3) Sep 21 07:34:33.196902: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.196905: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196908: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.196910: | length/value: 14 (0xe) Sep 21 07:34:33.196912: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.196914: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196917: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.196920: | length/value: 128 (0x80) Sep 21 07:34:33.196922: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.196925: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.196927: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196930: | ISAKMP transform number: 4 (0x4) Sep 21 07:34:33.196932: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.196936: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.196938: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.196941: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196943: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.196945: | length/value: 1 (0x1) Sep 21 07:34:33.196948: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.196950: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196952: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.196954: | length/value: 3600 (0xe10) Sep 21 07:34:33.196956: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196959: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.196961: | length/value: 7 (0x7) Sep 21 07:34:33.196963: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.196965: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196967: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.196970: | length/value: 2 (0x2) Sep 21 07:34:33.196972: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.196974: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196979: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.196981: | length/value: 3 (0x3) Sep 21 07:34:33.196983: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.196985: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196987: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.196990: | length/value: 14 (0xe) Sep 21 07:34:33.196992: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.196994: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.196996: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.196999: | length/value: 256 (0x100) Sep 21 07:34:33.197001: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197004: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197006: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197008: | ISAKMP transform number: 5 (0x5) Sep 21 07:34:33.197010: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197013: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197016: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197018: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197021: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197023: | length/value: 1 (0x1) Sep 21 07:34:33.197026: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197028: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197031: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197033: | length/value: 3600 (0xe10) Sep 21 07:34:33.197035: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197037: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197040: | length/value: 7 (0x7) Sep 21 07:34:33.197042: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197044: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197047: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197049: | length/value: 2 (0x2) Sep 21 07:34:33.197051: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.197054: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197056: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197058: | length/value: 3 (0x3) Sep 21 07:34:33.197061: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197063: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197065: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197067: | length/value: 14 (0xe) Sep 21 07:34:33.197070: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.197072: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197074: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197077: | length/value: 128 (0x80) Sep 21 07:34:33.197079: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197081: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197084: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197086: | ISAKMP transform number: 6 (0x6) Sep 21 07:34:33.197088: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197091: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197093: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197096: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197098: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197100: | length/value: 1 (0x1) Sep 21 07:34:33.197102: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197105: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197107: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197109: | length/value: 3600 (0xe10) Sep 21 07:34:33.197112: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197114: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197119: | length/value: 7 (0x7) Sep 21 07:34:33.197122: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197124: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197126: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197129: | length/value: 4 (0x4) Sep 21 07:34:33.197131: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.197133: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197135: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197137: | length/value: 3 (0x3) Sep 21 07:34:33.197139: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197142: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197144: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197146: | length/value: 5 (0x5) Sep 21 07:34:33.197149: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197151: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197153: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197156: | length/value: 256 (0x100) Sep 21 07:34:33.197158: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197160: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197163: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197165: | ISAKMP transform number: 7 (0x7) Sep 21 07:34:33.197167: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197170: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197172: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197175: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197177: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197179: | length/value: 1 (0x1) Sep 21 07:34:33.197181: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197184: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197186: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197188: | length/value: 3600 (0xe10) Sep 21 07:34:33.197191: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197193: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197196: | length/value: 7 (0x7) Sep 21 07:34:33.197198: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197200: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197203: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197205: | length/value: 4 (0x4) Sep 21 07:34:33.197207: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.197209: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197212: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197214: | length/value: 3 (0x3) Sep 21 07:34:33.197217: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197219: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197222: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197224: | length/value: 5 (0x5) Sep 21 07:34:33.197227: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197229: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197232: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197234: | length/value: 128 (0x80) Sep 21 07:34:33.197236: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197239: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197241: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197243: | ISAKMP transform number: 8 (0x8) Sep 21 07:34:33.197245: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197248: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197251: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197253: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197255: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197257: | length/value: 1 (0x1) Sep 21 07:34:33.197261: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197263: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197266: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197268: | length/value: 3600 (0xe10) Sep 21 07:34:33.197270: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197272: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197275: | length/value: 7 (0x7) Sep 21 07:34:33.197277: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197279: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197281: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197283: | length/value: 6 (0x6) Sep 21 07:34:33.197285: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.197287: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197290: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197292: | length/value: 3 (0x3) Sep 21 07:34:33.197294: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197296: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197299: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197301: | length/value: 5 (0x5) Sep 21 07:34:33.197303: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197305: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197308: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197310: | length/value: 256 (0x100) Sep 21 07:34:33.197312: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197314: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197317: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197319: | ISAKMP transform number: 9 (0x9) Sep 21 07:34:33.197321: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197324: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197326: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197329: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197331: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197333: | length/value: 1 (0x1) Sep 21 07:34:33.197336: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197338: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197340: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197342: | length/value: 3600 (0xe10) Sep 21 07:34:33.197345: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197347: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197349: | length/value: 7 (0x7) Sep 21 07:34:33.197351: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197353: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197356: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197358: | length/value: 6 (0x6) Sep 21 07:34:33.197360: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.197362: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197365: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197367: | length/value: 3 (0x3) Sep 21 07:34:33.197369: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197371: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197373: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197376: | length/value: 5 (0x5) Sep 21 07:34:33.197378: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197381: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197383: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197386: | length/value: 128 (0x80) Sep 21 07:34:33.197388: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197390: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197392: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197395: | ISAKMP transform number: 10 (0xa) Sep 21 07:34:33.197397: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197399: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197404: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197407: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197409: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197411: | length/value: 1 (0x1) Sep 21 07:34:33.197413: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197416: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197418: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197421: | length/value: 3600 (0xe10) Sep 21 07:34:33.197423: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197426: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197428: | length/value: 7 (0x7) Sep 21 07:34:33.197430: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197433: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197435: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197438: | length/value: 2 (0x2) Sep 21 07:34:33.197440: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.197442: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197444: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197447: | length/value: 3 (0x3) Sep 21 07:34:33.197449: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197452: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197454: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197456: | length/value: 5 (0x5) Sep 21 07:34:33.197459: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197461: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197464: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197466: | length/value: 256 (0x100) Sep 21 07:34:33.197469: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197471: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197473: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197476: | ISAKMP transform number: 11 (0xb) Sep 21 07:34:33.197478: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197481: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197484: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197487: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197489: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197491: | length/value: 1 (0x1) Sep 21 07:34:33.197494: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197497: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197500: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197502: | length/value: 3600 (0xe10) Sep 21 07:34:33.197504: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197507: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197509: | length/value: 7 (0x7) Sep 21 07:34:33.197511: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:33.197514: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197516: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197518: | length/value: 2 (0x2) Sep 21 07:34:33.197521: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.197523: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197526: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197528: | length/value: 3 (0x3) Sep 21 07:34:33.197530: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197532: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197535: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197537: | length/value: 5 (0x5) Sep 21 07:34:33.197539: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197542: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197544: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:33.197547: | length/value: 128 (0x80) Sep 21 07:34:33.197549: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:33.197553: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197556: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197558: | ISAKMP transform number: 12 (0xc) Sep 21 07:34:33.197560: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197563: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197566: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197568: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197570: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197573: | length/value: 1 (0x1) Sep 21 07:34:33.197575: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197577: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197580: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197582: | length/value: 3600 (0xe10) Sep 21 07:34:33.197584: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197587: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197589: | length/value: 5 (0x5) Sep 21 07:34:33.197591: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197593: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197596: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197598: | length/value: 4 (0x4) Sep 21 07:34:33.197600: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.197602: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197605: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197607: | length/value: 3 (0x3) Sep 21 07:34:33.197610: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197612: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197614: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197617: | length/value: 14 (0xe) Sep 21 07:34:33.197619: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.197621: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197623: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197626: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197628: | ISAKMP transform number: 13 (0xd) Sep 21 07:34:33.197630: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197633: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197636: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197638: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197640: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197643: | length/value: 1 (0x1) Sep 21 07:34:33.197645: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197647: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197650: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197652: | length/value: 3600 (0xe10) Sep 21 07:34:33.197655: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197657: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197659: | length/value: 5 (0x5) Sep 21 07:34:33.197661: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197664: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197666: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197669: | length/value: 6 (0x6) Sep 21 07:34:33.197671: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.197673: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197676: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197678: | length/value: 3 (0x3) Sep 21 07:34:33.197680: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197683: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197685: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197687: | length/value: 14 (0xe) Sep 21 07:34:33.197690: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.197694: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197696: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197698: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197701: | ISAKMP transform number: 14 (0xe) Sep 21 07:34:33.197703: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197706: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197708: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197711: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197713: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197715: | length/value: 1 (0x1) Sep 21 07:34:33.197718: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197720: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197722: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197725: | length/value: 3600 (0xe10) Sep 21 07:34:33.197727: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197730: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197732: | length/value: 5 (0x5) Sep 21 07:34:33.197734: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197736: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197739: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197741: | length/value: 2 (0x2) Sep 21 07:34:33.197743: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.197746: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197748: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197750: | length/value: 3 (0x3) Sep 21 07:34:33.197752: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197754: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197756: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197759: | length/value: 14 (0xe) Sep 21 07:34:33.197761: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:33.197763: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197766: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197768: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197770: | ISAKMP transform number: 15 (0xf) Sep 21 07:34:33.197772: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197775: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197778: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197780: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197787: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197792: | length/value: 1 (0x1) Sep 21 07:34:33.197795: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197797: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197800: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197802: | length/value: 3600 (0xe10) Sep 21 07:34:33.197804: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197807: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197809: | length/value: 5 (0x5) Sep 21 07:34:33.197811: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197813: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197816: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197818: | length/value: 4 (0x4) Sep 21 07:34:33.197820: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:33.197822: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197824: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197827: | length/value: 3 (0x3) Sep 21 07:34:33.197829: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197831: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197833: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197836: | length/value: 5 (0x5) Sep 21 07:34:33.197840: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197843: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197845: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197847: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197850: | ISAKMP transform number: 16 (0x10) Sep 21 07:34:33.197852: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197855: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197858: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197860: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197863: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197865: | length/value: 1 (0x1) Sep 21 07:34:33.197867: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197870: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197872: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197874: | length/value: 3600 (0xe10) Sep 21 07:34:33.197877: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197879: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197881: | length/value: 5 (0x5) Sep 21 07:34:33.197884: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197886: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197889: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197891: | length/value: 6 (0x6) Sep 21 07:34:33.197894: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:33.197896: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197898: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197901: | length/value: 3 (0x3) Sep 21 07:34:33.197903: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197905: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197908: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197911: | length/value: 5 (0x5) Sep 21 07:34:33.197913: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197915: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197918: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:33.197920: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.197923: | ISAKMP transform number: 17 (0x11) Sep 21 07:34:33.197926: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:33.197928: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:33.197931: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:33.197934: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197937: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:33.197939: | length/value: 1 (0x1) Sep 21 07:34:33.197941: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:33.197944: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197946: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:33.197949: | length/value: 3600 (0xe10) Sep 21 07:34:33.197951: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197954: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:33.197956: | length/value: 5 (0x5) Sep 21 07:34:33.197959: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:33.197961: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197964: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:33.197966: | length/value: 2 (0x2) Sep 21 07:34:33.197969: | [2 is OAKLEY_SHA1] Sep 21 07:34:33.197971: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197973: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:33.197976: | length/value: 3 (0x3) Sep 21 07:34:33.197979: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:33.197981: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:33.197984: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:33.197986: | length/value: 5 (0x5) Sep 21 07:34:33.197990: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:33.197993: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:33.197995: | emitting length of ISAKMP Proposal Payload: 632 Sep 21 07:34:33.197998: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:34:33.198001: | emitting length of ISAKMP Security Association Payload: 644 Sep 21 07:34:33.198004: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:33.198009: | out_vid(): sending [FRAGMENTATION] Sep 21 07:34:33.198012: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198014: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:33.198017: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:33.198020: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198023: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198027: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198030: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:34:33.198032: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198035: | out_vid(): sending [Dead Peer Detection] Sep 21 07:34:33.198037: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198040: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.198043: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198046: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198049: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198052: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:34:33.198054: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198057: | nat add vid Sep 21 07:34:33.198059: | sending draft and RFC NATT VIDs Sep 21 07:34:33.198061: | out_vid(): sending [RFC 3947] Sep 21 07:34:33.198064: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198067: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:33.198069: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:33.198072: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198075: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198077: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198079: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:34:33.198082: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198084: | skipping VID_NATT_RFC Sep 21 07:34:33.198087: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:34:33.198089: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198091: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:33.198094: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:33.198096: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198099: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198101: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198105: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:33.198108: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198112: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:34:33.198114: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198117: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:33.198120: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:33.198123: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198125: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198128: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198130: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 21 07:34:33.198133: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198135: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:34:33.198137: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:33.198140: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.198143: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:33.198145: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198148: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:33.198150: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:33.198152: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:33.198155: | no IKEv1 message padding required Sep 21 07:34:33.198157: | emitting length of ISAKMP Message: 792 Sep 21 07:34:33.198165: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #10) Sep 21 07:34:33.198168: | 7a 44 0d e6 0b 05 4e ef 00 00 00 00 00 00 00 00 Sep 21 07:34:33.198170: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:34:33.198172: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:34:33.198174: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198176: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:33.198179: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:34:33.198181: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:34:33.198183: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:34:33.198185: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:34:33.198188: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.198190: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.198192: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:34:33.198195: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198197: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:33.198199: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:34:33.198202: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:34:33.198204: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:34:33.198206: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:33.198209: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.198211: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.198213: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:33.198215: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198217: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:33.198219: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:34:33.198221: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:34:33.198223: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:34:33.198225: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:34:33.198228: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.198232: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.198234: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:33.198236: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198238: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:33.198241: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198243: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:34:33.198245: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198247: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:33.198250: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198252: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:34:33.198254: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198257: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:33.198259: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.198261: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:34:33.198263: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:34:33.198265: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:34:33.198267: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:34:33.198270: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:34:33.198272: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:33.198274: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:34:33.198276: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:34:33.198278: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:33.198310: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db459e1a0 Sep 21 07:34:33.198315: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 Sep 21 07:34:33.198318: | libevent_malloc: new ptr-libevent@0x7f0db00069c0 size 128 Sep 21 07:34:33.198323: | #10 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49919.566574 Sep 21 07:34:33.198329: | #10 spent 1.92 milliseconds in main_outI1() Sep 21 07:34:33.198335: | stop processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) Sep 21 07:34:33.198339: | event_schedule: new EVENT_SA_EXPIRE-pe@0x557db459b300 Sep 21 07:34:33.198342: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #9 Sep 21 07:34:33.198345: | libevent_malloc: new ptr-libevent@0x7f0dc800a080 size 128 Sep 21 07:34:33.198348: | libevent_free: release ptr-libevent@0x7f0dc000b650 Sep 21 07:34:33.198351: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0dc80076a0 Sep 21 07:34:33.198355: | #9 spent 1.97 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.198358: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198361: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:34:33.198364: Initiating connection north-dpd/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:34:33.198366: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:33.198370: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:34:33.198373: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:33.198377: | connection 'north-dpd/0x2' +POLICY_UP Sep 21 07:34:33.198380: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:34:33.198382: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.198387: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #10 "north-dpd/0x1" Sep 21 07:34:33.198391: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Sep 21 07:34:33.198395: | spent 0.0303 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:34:33.198398: | timer_event_cb: processing event@0x7f0db8005860 Sep 21 07:34:33.198401: | handling event EVENT_SA_REPLACE for child state #4 Sep 21 07:34:33.198408: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198411: | picked newest_ipsec_sa #0 for #4 Sep 21 07:34:33.198413: | replacing stale IPsec SA Sep 21 07:34:33.198417: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.198419: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.198423: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Sep 21 07:34:33.198426: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f0dc80076a0 Sep 21 07:34:33.198429: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Sep 21 07:34:33.198431: | libevent_malloc: new ptr-libevent@0x7f0dc000b650 size 128 Sep 21 07:34:33.198434: | libevent_free: release ptr-libevent@0x7f0dc40036d0 Sep 21 07:34:33.198437: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f0db8005860 Sep 21 07:34:33.198441: | #4 spent 0.042 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.198446: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198449: | timer_event_cb: processing event@0x557db459c3c0 Sep 21 07:34:33.198452: | handling event EVENT_SA_REPLACE for child state #8 Sep 21 07:34:33.198456: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198459: | picked newest_ipsec_sa #0 for #8 Sep 21 07:34:33.198461: | replacing stale IPsec SA Sep 21 07:34:33.198465: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.198467: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.198471: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Sep 21 07:34:33.198474: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f0db8005860 Sep 21 07:34:33.198477: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #8 Sep 21 07:34:33.198479: | libevent_malloc: new ptr-libevent@0x7f0dc40036d0 size 128 Sep 21 07:34:33.198482: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:33.198485: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db459c3c0 Sep 21 07:34:33.198489: | #8 spent 0.0386 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.198493: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198496: | timer_event_cb: processing event@0x557db4595380 Sep 21 07:34:33.198499: | handling event EVENT_SA_REPLACE for child state #5 Sep 21 07:34:33.198503: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198506: | picked newest_ipsec_sa #0 for #5 Sep 21 07:34:33.198508: | replacing stale IPsec SA Sep 21 07:34:33.198512: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:33.198514: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.198518: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x1" Sep 21 07:34:33.198521: | event_schedule: new EVENT_SA_EXPIRE-pe@0x557db459c3c0 Sep 21 07:34:33.198524: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #5 Sep 21 07:34:33.198526: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:33.198529: | libevent_free: release ptr-libevent@0x7f0dc0004f00 Sep 21 07:34:33.198532: | free_event_entry: release EVENT_SA_REPLACE-pe@0x557db4595380 Sep 21 07:34:33.198536: | #5 spent 0.0385 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:33.198540: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198545: | timer_event_cb: processing event@0x557db459b300 Sep 21 07:34:33.198548: | handling event EVENT_SA_EXPIRE for child state #9 Sep 21 07:34:33.198552: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198557: | picked newest_ipsec_sa #0 for #9 Sep 21 07:34:33.198560: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.198563: | pstats #9 ikev1.ipsec failed exchange-timeout Sep 21 07:34:33.198565: | pstats #9 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:33.198570: | [RE]START processing: state #9 connection "north-dpd/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.198573: "north-dpd/0x1" #9: deleting state (STATE_QUICK_I1) aged 0.016s and NOT sending notification Sep 21 07:34:33.198576: | child state #9: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:33.198579: | child state #9: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:33.198583: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.198590: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.198604: | raw_eroute result=success Sep 21 07:34:33.198607: | in connection_discard for connection north-dpd/0x1 Sep 21 07:34:33.198610: | State DB: deleting IKEv1 state #9 in CHILDSA_DEL Sep 21 07:34:33.198613: | child state #9: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:33.198629: | stop processing: state #9 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.198634: | libevent_free: release ptr-libevent@0x7f0dc800a080 Sep 21 07:34:33.198637: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x557db459b300 Sep 21 07:34:33.198639: | in statetime_stop() and could not find #9 Sep 21 07:34:33.198642: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198645: | timer_event_cb: processing event@0x557db459c3c0 Sep 21 07:34:33.198648: | handling event EVENT_SA_EXPIRE for child state #5 Sep 21 07:34:33.198653: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198656: | picked newest_ipsec_sa #0 for #5 Sep 21 07:34:33.198658: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.198660: | pstats #5 ikev1.ipsec failed exchange-timeout Sep 21 07:34:33.198663: | pstats #5 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:33.198667: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.198670: "north-dpd/0x1" #5: deleting state (STATE_QUICK_I1) aged 53.267s and NOT sending notification Sep 21 07:34:33.198673: | child state #5: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:33.198676: | child state #5: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:33.198743: | delete esp.3c06bef5@192.1.2.23 Sep 21 07:34:33.198781: | netlink response for Del SA esp.3c06bef5@192.1.2.23 included non-error error Sep 21 07:34:33.198790: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.198797: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.198806: | raw_eroute result=success Sep 21 07:34:33.198810: | delete esp.458a72ab@192.1.3.33 Sep 21 07:34:33.198817: "north-dpd/0x1" #5: ERROR: netlink response for Del SA esp.458a72ab@192.1.3.33 included errno 3: No such process Sep 21 07:34:33.198821: | in connection_discard for connection north-dpd/0x1 Sep 21 07:34:33.198824: | State DB: deleting IKEv1 state #5 in CHILDSA_DEL Sep 21 07:34:33.198827: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:33.198839: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.198847: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:33.198850: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x557db459c3c0 Sep 21 07:34:33.198853: | in statetime_stop() and could not find #5 Sep 21 07:34:33.198855: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.198859: | timer_event_cb: processing event@0x7f0dc80076a0 Sep 21 07:34:33.198862: | handling event EVENT_SA_EXPIRE for child state #4 Sep 21 07:34:33.198868: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.198872: | picked newest_ipsec_sa #0 for #4 Sep 21 07:34:33.198874: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.198876: | pstats #4 ikev1.ipsec failed exchange-timeout Sep 21 07:34:33.198879: | pstats #4 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:33.198883: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.198886: "north-dpd/0x2" #4: deleting state (STATE_QUICK_I1) aged 53.267s and NOT sending notification Sep 21 07:34:33.198889: | child state #4: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:33.198892: | child state #4: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:33.198940: | delete esp.de049297@192.1.2.23 Sep 21 07:34:33.198965: | netlink response for Del SA esp.de049297@192.1.2.23 included non-error error Sep 21 07:34:33.198969: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.198976: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.198984: | raw_eroute result=success Sep 21 07:34:33.198988: | delete esp.6c70d87f@192.1.3.33 Sep 21 07:34:33.198994: "north-dpd/0x2" #4: ERROR: netlink response for Del SA esp.6c70d87f@192.1.3.33 included errno 3: No such process Sep 21 07:34:33.198997: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:33.199000: | State DB: deleting IKEv1 state #4 in CHILDSA_DEL Sep 21 07:34:33.199003: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:33.199014: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.199021: | libevent_free: release ptr-libevent@0x7f0dc000b650 Sep 21 07:34:33.199025: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f0dc80076a0 Sep 21 07:34:33.199027: | in statetime_stop() and could not find #4 Sep 21 07:34:33.199030: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.199034: | timer_event_cb: processing event@0x7f0db8005860 Sep 21 07:34:33.199036: | handling event EVENT_SA_EXPIRE for child state #8 Sep 21 07:34:33.199041: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.199044: | picked newest_ipsec_sa #0 for #8 Sep 21 07:34:33.199047: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:33.199049: | pstats #8 ikev1.ipsec failed exchange-timeout Sep 21 07:34:33.199051: | pstats #8 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:33.199056: | [RE]START processing: state #8 connection "north-dpd/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.199059: "north-dpd/0x2" #8: deleting state (STATE_QUICK_I1) aged 0.029s and NOT sending notification Sep 21 07:34:33.199061: | child state #8: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:33.199064: | child state #8: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:33.199067: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.199074: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:33.199083: | raw_eroute result=success Sep 21 07:34:33.199086: | in connection_discard for connection north-dpd/0x2 Sep 21 07:34:33.199088: | State DB: deleting IKEv1 state #8 in CHILDSA_DEL Sep 21 07:34:33.199091: | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:33.199102: | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.199114: | libevent_free: release ptr-libevent@0x7f0dc40036d0 Sep 21 07:34:33.199117: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f0db8005860 Sep 21 07:34:33.199119: | in statetime_stop() and could not find #8 Sep 21 07:34:33.199122: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.697647: | timer_event_cb: processing event@0x557db459e1a0 Sep 21 07:34:33.697665: | handling event EVENT_RETRANSMIT for parent state #10 Sep 21 07:34:33.697675: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:33.697680: | IKEv1 retransmit event Sep 21 07:34:33.697685: | [RE]START processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:33.697690: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #10 keying attempt 1 of 0; retransmit 1 Sep 21 07:34:33.697697: | retransmits: current time 49920.065958; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.499384 exceeds limit? NO Sep 21 07:34:33.697702: | event_schedule: new EVENT_RETRANSMIT-pe@0x557db459b300 Sep 21 07:34:33.697706: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 Sep 21 07:34:33.697710: | libevent_malloc: new ptr-libevent@0x7f0db4006900 size 128 Sep 21 07:34:33.697716: "north-dpd/0x1" #10: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:34:33.697723: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #10) Sep 21 07:34:33.697726: | 7a 44 0d e6 0b 05 4e ef 00 00 00 00 00 00 00 00 Sep 21 07:34:33.697729: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:34:33.697731: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:34:33.697733: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697735: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:33.697737: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:34:33.697739: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:34:33.697742: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:34:33.697744: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:34:33.697746: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.697749: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.697751: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:34:33.697753: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697755: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:33.697757: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:34:33.697759: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:34:33.697761: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:34:33.697764: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:33.697766: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.697768: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.697770: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:33.697773: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697775: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:33.697777: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:34:33.697779: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:34:33.697781: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:34:33.697793: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:34:33.697796: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:33.697798: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:33.697800: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:33.697802: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697804: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:33.697807: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697809: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:34:33.697811: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697813: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:33.697819: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697822: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:34:33.697824: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697826: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:33.697828: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:33.697830: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:34:33.697832: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:34:33.697835: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:34:33.697837: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:34:33.697839: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:34:33.697841: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:33.697843: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:34:33.697845: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:34:33.697848: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:33.697888: | libevent_free: release ptr-libevent@0x7f0db00069c0 Sep 21 07:34:33.697894: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db459e1a0 Sep 21 07:34:33.697902: | #10 spent 0.233 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:33.697907: | stop processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:33.703114: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.703141: shutting down Sep 21 07:34:33.703151: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:34:33.703154: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:34:33.703159: destroying root certificate cache Sep 21 07:34:33.703183: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:33.703186: forgetting secrets Sep 21 07:34:33.703190: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:33.703202: | unreference key: 0x557db459be50 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.703207: | unreference key: 0x557db459baf0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.703211: | unreference key: 0x557db459b7e0 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:33.703215: | unreference key: 0x557db459b400 east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.703220: | unreference key: 0x557db459b1e0 192.1.2.23 cnt 1-- Sep 21 07:34:33.703229: | unreference key: 0x557db4596610 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.703233: | unreference key: 0x557db45961d0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.703237: | unreference key: 0x557db4591b60 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:33.703242: | start processing: connection "north-dpd/0x2" (in delete_connection() at connections.c:189) Sep 21 07:34:33.703245: | removing pending policy for no connection {0x7f0db0001230} Sep 21 07:34:33.703248: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:33.703250: | pass 0 Sep 21 07:34:33.703253: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.703255: | state #10 Sep 21 07:34:33.703257: | pass 1 Sep 21 07:34:33.703260: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.703262: | state #10 Sep 21 07:34:33.703268: | shunt_eroute() called for connection 'north-dpd/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:34:33.703273: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:34:33.703276: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.703323: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Sep 21 07:34:33.703338: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.703341: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.703344: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:33.703346: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.703349: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:33.703352: | route owner of "north-dpd/0x2" unrouted: NULL Sep 21 07:34:33.703355: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:33.703358: | command executing unroute-client Sep 21 07:34:33.703397: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO Sep 21 07:34:33.703401: | popen cmd is 1274 chars long Sep 21 07:34:33.703404: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Sep 21 07:34:33.703406: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:34:33.703409: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Sep 21 07:34:33.703411: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:34:33.703414: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:34:33.703416: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none: Sep 21 07:34:33.703419: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Sep 21 07:34:33.703421: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Sep 21 07:34:33.703424: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PL: Sep 21 07:34:33.703426: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:34:33.703429: | cmd( 800): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Sep 21 07:34:33.703431: | cmd( 880):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Sep 21 07:34:33.703434: | cmd( 960):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Sep 21 07:34:33.703436: | cmd(1040):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Sep 21 07:34:33.703439: | cmd(1120): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Sep 21 07:34:33.703441: | cmd(1200):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:33.717998: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718046: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718075: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718103: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718131: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718163: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718189: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718198: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718210: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718222: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718234: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718249: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718261: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718273: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718285: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718297: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718310: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718322: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718334: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718346: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718359: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718372: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718385: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718397: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718409: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718422: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718436: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718449: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718461: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718473: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718486: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718499: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718511: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718523: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718536: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718591: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718597: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718600: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718603: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718607: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718609: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718618: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718759: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718794: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.718829: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.724591: | flush revival: connection 'north-dpd/0x2' wasn't on the list Sep 21 07:34:33.724611: | stop processing: connection "north-dpd/0x2" (in discard_connection() at connections.c:249) Sep 21 07:34:33.724622: | start processing: connection "north-dpd/0x1" (in delete_connection() at connections.c:189) Sep 21 07:34:33.724626: | removing pending policy for no connection {0x557db4533580} Sep 21 07:34:33.724629: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:33.724632: | pass 0 Sep 21 07:34:33.724635: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.724637: | state #10 Sep 21 07:34:33.724641: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.724647: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.724651: | pstats #10 ikev1.isakmp deleted other Sep 21 07:34:33.724656: | [RE]START processing: state #10 connection "north-dpd/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:33.724660: "north-dpd/0x1" #10: deleting state (STATE_MAIN_I1) aged 0.528s and NOT sending notification Sep 21 07:34:33.724664: | parent state #10: MAIN_I1(half-open IKE SA) => delete Sep 21 07:34:33.724881: | state #10 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.724890: | #10 STATE_MAIN_I1: retransmits: cleared Sep 21 07:34:33.724896: | libevent_free: release ptr-libevent@0x7f0db4006900 Sep 21 07:34:33.724900: | free_event_entry: release EVENT_RETRANSMIT-pe@0x557db459b300 Sep 21 07:34:33.724904: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:33.724907: | picked newest_isakmp_sa #0 for #10 Sep 21 07:34:33.724910: "north-dpd/0x1" #10: deleting IKE SA for connection 'north-dpd/0x1' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:34:33.724914: | add revival: connection 'north-dpd/0x1' added to the list and scheduled for 0 seconds Sep 21 07:34:33.724918: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:34:33.724925: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:34:33.724928: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:34:33.724931: | in connection_discard for connection north-dpd/0x1 Sep 21 07:34:33.724934: | State DB: deleting IKEv1 state #10 in MAIN_I1 Sep 21 07:34:33.724938: | parent state #10: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:34:33.724943: | stop processing: state #10 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.724947: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.724950: | pass 1 Sep 21 07:34:33.724952: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.724958: | shunt_eroute() called for connection 'north-dpd/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:34:33.724964: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:34:33.724968: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.725009: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Sep 21 07:34:33.725020: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.725024: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.725027: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:33.725031: | route owner of "north-dpd/0x1" unrouted: NULL Sep 21 07:34:33.725034: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:33.725036: | command executing unroute-client Sep 21 07:34:33.725080: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN Sep 21 07:34:33.725087: | popen cmd is 1272 chars long Sep 21 07:34:33.725090: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Sep 21 07:34:33.725093: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:34:33.725096: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Sep 21 07:34:33.725099: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:34:33.725101: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:34:33.725104: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none: Sep 21 07:34:33.725107: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Sep 21 07:34:33.725109: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Sep 21 07:34:33.725112: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:34:33.725114: | cmd( 720):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:34:33.725117: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:34:33.725120: | cmd( 880):+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:34:33.725122: | cmd( 960):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:34:33.725125: | cmd(1040):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:34:33.725128: | cmd(1120):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:34:33.725130: | cmd(1200):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:33.747182: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747232: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747261: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747288: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747314: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747341: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747369: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747396: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747423: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747450: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747476: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747505: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747532: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747561: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747591: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747618: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747647: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747675: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747703: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747730: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747756: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747787: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747819: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747846: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747873: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747899: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747948: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.747978: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748140: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748176: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748204: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748232: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748261: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748285: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748293: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748305: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748319: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748331: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748342: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748354: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748365: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748378: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748498: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748511: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.748523: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.757298: | free hp@0x557db4595e00 Sep 21 07:34:33.757313: | flush revival: connection 'north-dpd/0x1' revival flushed Sep 21 07:34:33.757318: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:34:33.757341: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:34:33.757345: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:34:33.757358: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:34:33.757363: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:34:33.757366: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:34:33.757369: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:34:33.757371: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:34:33.757374: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:34:33.757378: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:34:33.757387: | libevent_free: release ptr-libevent@0x557db4590860 Sep 21 07:34:33.757390: | free_event_entry: release EVENT_NULL-pe@0x557db4579dd0 Sep 21 07:34:33.757403: | libevent_free: release ptr-libevent@0x557db4590950 Sep 21 07:34:33.757406: | free_event_entry: release EVENT_NULL-pe@0x557db4590910 Sep 21 07:34:33.757413: | libevent_free: release ptr-libevent@0x557db4590a40 Sep 21 07:34:33.757416: | free_event_entry: release EVENT_NULL-pe@0x557db4590a00 Sep 21 07:34:33.757425: | libevent_free: release ptr-libevent@0x557db4590b30 Sep 21 07:34:33.757428: | free_event_entry: release EVENT_NULL-pe@0x557db4590af0 Sep 21 07:34:33.757435: | libevent_free: release ptr-libevent@0x557db4590c20 Sep 21 07:34:33.757438: | free_event_entry: release EVENT_NULL-pe@0x557db4590be0 Sep 21 07:34:33.757444: | libevent_free: release ptr-libevent@0x557db4590d10 Sep 21 07:34:33.757447: | free_event_entry: release EVENT_NULL-pe@0x557db4590cd0 Sep 21 07:34:33.757452: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:33.758016: | libevent_free: release ptr-libevent@0x557db4590040 Sep 21 07:34:33.758026: | free_event_entry: release EVENT_NULL-pe@0x557db4578cd0 Sep 21 07:34:33.758031: | libevent_free: release ptr-libevent@0x557db4585ac0 Sep 21 07:34:33.758034: | free_event_entry: release EVENT_NULL-pe@0x557db4578f10 Sep 21 07:34:33.758037: | libevent_free: release ptr-libevent@0x557db4585a30 Sep 21 07:34:33.758040: | free_event_entry: release EVENT_NULL-pe@0x557db457ea60 Sep 21 07:34:33.758044: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:34:33.758046: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:34:33.758049: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:34:33.758051: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:34:33.758054: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:34:33.758056: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:34:33.758059: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:34:33.758061: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:34:33.758063: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:34:33.758068: | libevent_free: release ptr-libevent@0x557db4590220 Sep 21 07:34:33.758071: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:34:33.758074: | libevent_free: release ptr-libevent@0x557db4590300 Sep 21 07:34:33.758077: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:34:33.758080: | libevent_free: release ptr-libevent@0x557db45903c0 Sep 21 07:34:33.758082: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:34:33.758085: | libevent_free: release ptr-libevent@0x557db4584e30 Sep 21 07:34:33.758088: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:34:33.758090: | releasing event base Sep 21 07:34:33.758104: | libevent_free: release ptr-libevent@0x557db4590480 Sep 21 07:34:33.758107: | libevent_free: release ptr-libevent@0x557db452d670 Sep 21 07:34:33.758111: | libevent_free: release ptr-libevent@0x557db45740c0 Sep 21 07:34:33.758114: | libevent_free: release ptr-libevent@0x557db459e1e0 Sep 21 07:34:33.758117: | libevent_free: release ptr-libevent@0x557db45740e0 Sep 21 07:34:33.758120: | libevent_free: release ptr-libevent@0x557db45900d0 Sep 21 07:34:33.758122: | libevent_free: release ptr-libevent@0x557db45902c0 Sep 21 07:34:33.758124: | libevent_free: release ptr-libevent@0x557db4574280 Sep 21 07:34:33.758127: | libevent_free: release ptr-libevent@0x557db457e9c0 Sep 21 07:34:33.758129: | libevent_free: release ptr-libevent@0x557db457e9a0 Sep 21 07:34:33.758131: | libevent_free: release ptr-libevent@0x557db4590da0 Sep 21 07:34:33.758133: | libevent_free: release ptr-libevent@0x557db4590cb0 Sep 21 07:34:33.758136: | libevent_free: release ptr-libevent@0x557db4590bc0 Sep 21 07:34:33.758138: | libevent_free: release ptr-libevent@0x557db4590ad0 Sep 21 07:34:33.758140: | libevent_free: release ptr-libevent@0x557db45909e0 Sep 21 07:34:33.758143: | libevent_free: release ptr-libevent@0x557db45908f0 Sep 21 07:34:33.758145: | libevent_free: release ptr-libevent@0x557db4574170 Sep 21 07:34:33.758148: | libevent_free: release ptr-libevent@0x557db45903a0 Sep 21 07:34:33.758150: | libevent_free: release ptr-libevent@0x557db45902e0 Sep 21 07:34:33.758153: | libevent_free: release ptr-libevent@0x557db4590200 Sep 21 07:34:33.758155: | libevent_free: release ptr-libevent@0x557db4590460 Sep 21 07:34:33.758157: | libevent_free: release ptr-libevent@0x557db45900f0 Sep 21 07:34:33.758160: | libevent_free: release ptr-libevent@0x557db4574100 Sep 21 07:34:33.758165: | libevent_free: release ptr-libevent@0x557db4574130 Sep 21 07:34:33.758167: | libevent_free: release ptr-libevent@0x557db4573e20 Sep 21 07:34:33.758170: | releasing global libevent data Sep 21 07:34:33.758173: | libevent_free: release ptr-libevent@0x557db45725d0 Sep 21 07:34:33.758175: | libevent_free: release ptr-libevent@0x557db4572600 Sep 21 07:34:33.758178: | libevent_free: release ptr-libevent@0x557db4573df0