FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8274 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x5628c7fb1250 size 40 | libevent_malloc: new ptr-libevent@0x5628c7fb1280 size 40 | libevent_malloc: new ptr-libevent@0x5628c7fb29e0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x5628c7fb29a0 size 56 | libevent_malloc: new ptr-libevent@0x5628c7fb2a10 size 664 | libevent_malloc: new ptr-libevent@0x5628c7fb2cb0 size 24 | libevent_malloc: new ptr-libevent@0x5628c7f6c240 size 384 | libevent_malloc: new ptr-libevent@0x5628c7fb2cd0 size 16 | libevent_malloc: new ptr-libevent@0x5628c7fb2cf0 size 40 | libevent_malloc: new ptr-libevent@0x5628c7fb2d20 size 48 | libevent_realloc: new ptr-libevent@0x5628c7fb2d60 size 256 | libevent_malloc: new ptr-libevent@0x5628c7fb2e70 size 16 | libevent_free: release ptr-libevent@0x5628c7fb29a0 | libevent initialized | libevent_realloc: new ptr-libevent@0x5628c7fb2e90 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 | starting up helper thread 1 started thread for crypto helper 2 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 6) 22 | status value returned by setting the priority of this thread (crypto helper 3) 22 | checking IKEv1 state table | starting up helper thread 0 | crypto helper 6 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 0) 22 | status value returned by setting the priority of this thread (crypto helper 4) 22 | MAIN_R0: category: half-open IKE SA flags: 0: | crypto helper 3 waiting (nothing to do) | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | crypto helper 0 waiting (nothing to do) | MAIN_R1: category: open IKE SA flags: 200: | crypto helper 4 waiting (nothing to do) | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5628c7fbd650 | libevent_malloc: new ptr-libevent@0x5628c7fc4720 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fbd5b0 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5628c7fb7b00 | libevent_malloc: new ptr-libevent@0x5628c7fc47b0 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fbd590 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5628c7fb78c0 | libevent_malloc: new ptr-libevent@0x5628c7fced30 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcedc0 size 16 | libevent_realloc: new ptr-libevent@0x5628c7fcede0 size 256 | libevent_malloc: new ptr-libevent@0x5628c7fceef0 size 8 | libevent_realloc: new ptr-libevent@0x5628c7fc3a20 size 144 | libevent_malloc: new ptr-libevent@0x5628c7fcef10 size 152 | libevent_malloc: new ptr-libevent@0x5628c7fcefb0 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x5628c7fcefd0 size 8 | libevent_malloc: new ptr-libevent@0x5628c7fceff0 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x5628c7fcf090 size 8 | libevent_malloc: new ptr-libevent@0x5628c7fcf0b0 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x5628c7fcf150 size 8 | libevent_realloc: release ptr-libevent@0x5628c7fc3a20 | libevent_realloc: new ptr-libevent@0x5628c7fcf170 size 256 | libevent_malloc: new ptr-libevent@0x5628c7fc3a20 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:8423) using fork+execve | forked child 8423 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x5628c7fb89c0 | libevent_malloc: new ptr-libevent@0x5628c7fcf550 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcf5e0 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf600 | libevent_malloc: new ptr-libevent@0x5628c7fcf640 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcf6d0 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf6f0 | libevent_malloc: new ptr-libevent@0x5628c7fcf730 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcf7c0 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf7e0 | libevent_malloc: new ptr-libevent@0x5628c7fcf820 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcf8b0 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf8d0 | libevent_malloc: new ptr-libevent@0x5628c7fcf910 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcf9a0 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf9c0 | libevent_malloc: new ptr-libevent@0x5628c7fcfa00 size 128 | libevent_malloc: new ptr-libevent@0x5628c7fcfa90 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.553 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x5628c7fcf550 | free_event_entry: release EVENT_NULL-pe@0x5628c7fb89c0 | add_fd_read_event_handler: new ethX-pe@0x5628c7fb89c0 | libevent_malloc: new ptr-libevent@0x5628c7fcf550 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x5628c7fcf640 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf600 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf600 | libevent_malloc: new ptr-libevent@0x5628c7fcf640 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x5628c7fcf730 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf6f0 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf6f0 | libevent_malloc: new ptr-libevent@0x5628c7fcf730 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x5628c7fcf820 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf7e0 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf7e0 | libevent_malloc: new ptr-libevent@0x5628c7fcf820 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x5628c7fcf910 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf8d0 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf8d0 | libevent_malloc: new ptr-libevent@0x5628c7fcf910 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x5628c7fcfa00 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf9c0 | add_fd_read_event_handler: new ethX-pe@0x5628c7fcf9c0 | libevent_malloc: new ptr-libevent@0x5628c7fcfa00 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.344 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 8423 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0142 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection x509 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org" | ASCII to DN => 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 26 30 24 06 03 55 04 03 13 1d 6b 65 79 | ASCII to DN => 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | ASCII to DN => 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | ASCII to DN => 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | ASCII to DN => 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | ASCII to DN => 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org is 0 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org" | ASCII to DN => 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 23 30 21 06 03 55 04 03 13 1a 65 61 73 | ASCII to DN => 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | ASCII to DN => 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | ASCII to DN => 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5628c7fd4200 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5628c7fd41d0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5628c7fd0860 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5628c7fd0890 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5628c7fd0b20 | unreference key: 0x5628c7fd0910 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | based upon policy, the connection is a template. | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none | new hp@0x5628c7fb11a0 added connection description "x509" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...%any[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.35 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0508 milliseconds in whack | spent 0.00303 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (x509) | find_next_host_connection returns x509 | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "x509" for initial Main Mode message received on 192.1.2.23:500 | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none | new hp@0x5628c7f6ab00 | rw_instantiate() instantiated "x509"[1] 192.1.3.209 for 192.1.3.209 | creating state object #1 at 0x5628c7fd80c0 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | ICOOKIE-DUMP: 37 11 ab bf e9 9c df 65 "x509"[1] 192.1.3.209 #1: responding to Main Mode from unknown peer 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x5628c7fd4130 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.15 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 8f 06 45 29 93 c3 f9 21 8e c5 54 0e 1c e9 c9 79 | 2f e7 66 28 e6 7d 50 db d0 63 ac 71 03 0c d3 9e | 22 63 9b 44 81 73 4b b4 85 4f 99 12 1d f1 90 f8 | 00 82 1d 7b 91 8c 69 d9 48 35 75 db 09 6e e5 84 | c8 56 60 1e 12 1b 0c dd 10 30 70 a5 06 42 6b 2e | 8d 8f d7 40 a0 5d 26 25 d6 dd 51 99 af db 01 1e | a3 b0 d3 a5 f5 d7 cb a1 df 68 21 66 ce 67 a6 1c | a4 28 75 11 0a fe d8 bd 98 c3 f1 24 ef 6f a4 13 | 49 52 ad 13 24 08 9b d3 69 31 de 66 da e2 ce 2f | 4c af 45 5f 9b b5 f4 b4 ed aa 99 a2 57 24 52 01 | 8f 3b 01 f1 01 8e ea eb 97 34 6b 23 64 23 60 69 | 39 49 23 56 33 07 01 b6 48 bc 73 02 4e 50 f2 35 | a9 00 ca c9 b2 da d7 a7 31 d5 ab c6 e8 f7 ba 22 | 83 9e 96 1d 96 2e 18 b7 42 6e 03 e3 60 47 aa c0 | e1 7a e2 60 fd 12 c8 70 3b cc e1 06 0e 09 be c9 | 8a f6 03 f7 1e 3a 60 44 15 ee c4 d8 8a ea fe 7c | 14 00 00 24 6f 8f 9d ba da 40 83 3b dd 1e ed 5f | e1 87 81 b2 a5 0d 9b 46 fc a8 e9 5b 12 af 58 c4 | 60 b1 0f 09 14 00 00 24 c4 48 d6 37 b1 b0 8f d0 | ef ee 2b 00 9f 2f 5a 2a 25 36 9e 3c 8f 6f f7 40 | 0b 30 a8 bb d8 82 75 c0 00 00 00 24 fd 51 26 a8 | ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 03 4c 31 90 | ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 37 11 ab bf e9 9c df 65 | natd_hash: rcookie= dc 06 e1 d7 5a 5f 56 c1 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c4 48 d6 37 b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a | natd_hash: hash= 25 36 9e 3c 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 37 11 ab bf e9 9c df 65 | natd_hash: rcookie= dc 06 e1 d7 5a 5f 56 c1 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= fd 51 26 a8 ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 | natd_hash: hash= 03 4c 31 90 ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | expected NAT-D(me): c4 48 d6 37 b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a | expected NAT-D(me): 25 36 9e 3c 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | expected NAT-D(him): | fd 51 26 a8 ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 | 03 4c 31 90 ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | received NAT-D: c4 48 d6 37 b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a | received NAT-D: 25 36 9e 3c 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | received NAT-D: fd 51 26 a8 ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 | received NAT-D: 03 4c 31 90 ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5628c7fd4130 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5628c7fd4130 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (inI2_outR2 KE); request ID 1 | #1 spent 0.097 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.219 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.001003 seconds | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6548006900 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x5628c6794630 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 2b cf a1 bd 66 33 3e a1 73 93 40 38 47 54 cf 6b | keyex value 95 9f 06 57 ed a1 9b 3f 9f f5 f4 aa 31 96 85 9e | keyex value 83 95 f8 c2 f8 02 5c 31 bc 05 f8 56 dc 54 6a 7f | keyex value ba 73 ab d1 4d a4 47 e6 0b 4d ca 30 20 1e 4c 89 | keyex value f2 8c 00 88 31 5b 24 10 16 ee d8 ce 73 ad 65 8d | keyex value 09 17 99 03 34 07 79 ac 2c fe d2 a4 15 96 26 fc | keyex value fd 9c 2c be 20 77 87 4b 87 46 8f db f2 c4 cf e6 | keyex value 1d 18 90 70 66 f9 70 da f0 bf 21 a3 a2 fa 57 d3 | keyex value 69 2c f7 83 4c 51 4f 08 de a6 84 89 7b ca 7f 92 | keyex value f5 ff 74 a0 63 68 56 de e3 dc 45 06 ee cd 01 2b | keyex value f3 f9 18 78 f9 b3 41 92 45 b2 57 36 de 5a 60 47 | keyex value 4b 00 ec 83 11 df 8f 8c 24 d3 e2 a6 a5 4f ce d9 | keyex value 71 ad ca 79 70 12 01 b5 76 fc f1 65 33 8c 75 cc | keyex value 7d 62 1e ee 52 ee d2 4d 69 aa 89 c8 59 f3 b4 13 | keyex value f0 0e 1b 05 2c 6e c4 fe 80 f0 09 07 34 f9 4b a2 | keyex value 66 42 7b a3 0b 41 5e 38 b6 fa 95 8e 25 2f ca d9 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 39 b9 be 52 37 17 54 fd 1a b7 91 e6 d0 b5 10 e8 | Nr 60 a3 01 82 3c a7 90 8e fc 0b 09 7b 92 48 2e 9e | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 37 11 ab bf e9 9c df 65 | natd_hash: rcookie= dc 06 e1 d7 5a 5f 56 c1 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= fd 51 26 a8 ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 | natd_hash: hash= 03 4c 31 90 ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D fd 51 26 a8 ed a5 9a 1b 58 9c 05 f0 98 ac 12 29 | NAT-D 03 4c 31 90 ea 85 f9 cd bc 4d 30 1e 1f 9d 94 5c | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 37 11 ab bf e9 9c df 65 | natd_hash: rcookie= dc 06 e1 d7 5a 5f 56 c1 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c4 48 d6 37 b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a | natd_hash: hash= 25 36 9e 3c 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D c4 48 d6 37 b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a | NAT-D 25 36 9e 3c 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5628c7fd4130 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5628c7fd4130 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | #1 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | crypto helper 2 resuming | crypto helper 2 starting work-order 2 for state #1 | crypto helper 2 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | #1 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5628c7fd4130 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 2b cf a1 bd 66 33 3e a1 73 93 40 38 47 54 cf 6b | 95 9f 06 57 ed a1 9b 3f 9f f5 f4 aa 31 96 85 9e | 83 95 f8 c2 f8 02 5c 31 bc 05 f8 56 dc 54 6a 7f | ba 73 ab d1 4d a4 47 e6 0b 4d ca 30 20 1e 4c 89 | f2 8c 00 88 31 5b 24 10 16 ee d8 ce 73 ad 65 8d | 09 17 99 03 34 07 79 ac 2c fe d2 a4 15 96 26 fc | fd 9c 2c be 20 77 87 4b 87 46 8f db f2 c4 cf e6 | 1d 18 90 70 66 f9 70 da f0 bf 21 a3 a2 fa 57 d3 | 69 2c f7 83 4c 51 4f 08 de a6 84 89 7b ca 7f 92 | f5 ff 74 a0 63 68 56 de e3 dc 45 06 ee cd 01 2b | f3 f9 18 78 f9 b3 41 92 45 b2 57 36 de 5a 60 47 | 4b 00 ec 83 11 df 8f 8c 24 d3 e2 a6 a5 4f ce d9 | 71 ad ca 79 70 12 01 b5 76 fc f1 65 33 8c 75 cc | 7d 62 1e ee 52 ee d2 4d 69 aa 89 c8 59 f3 b4 13 | f0 0e 1b 05 2c 6e c4 fe 80 f0 09 07 34 f9 4b a2 | 66 42 7b a3 0b 41 5e 38 b6 fa 95 8e 25 2f ca d9 | 14 00 00 24 39 b9 be 52 37 17 54 fd 1a b7 91 e6 | d0 b5 10 e8 60 a3 01 82 3c a7 90 8e fc 0b 09 7b | 92 48 2e 9e 14 00 00 24 fd 51 26 a8 ed a5 9a 1b | 58 9c 05 f0 98 ac 12 29 03 4c 31 90 ea 85 f9 cd | bc 4d 30 1e 1f 9d 94 5c 00 00 00 24 c4 48 d6 37 | b1 b0 8f d0 ef ee 2b 00 9f 2f 5a 2a 25 36 9e 3c | 8f 6f f7 40 0b 30 a8 bb d8 82 75 c0 | !event_already_set at reschedule "x509"[1] 192.1.3.209 #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5628c7fd4130 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49970.524443 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.271 milliseconds in resume sending helper answer | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6548006900 | crypto helper 2 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.001166 seconds | (#1) spent 1.17 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6540004f00 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x5628c6794630 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0204 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6540004f00 | spent 0.00348 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.134 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00143 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.139 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00139 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.115 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00123 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 3.97 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0231 milliseconds in get_root_certs() filtering CAs | #1 spent 4.02 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.178 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0352 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.421 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3070798774 (0xb708abb6) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | b2 a8 fe 1a 5b 45 71 68 eb 68 e0 0b 5c c9 70 ba | 8d ec b6 f7 d3 25 ac b1 6c 7b f9 63 ca d2 6c 85 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 b7 08 ab b6 00 00 00 4c b9 f9 94 df | 17 e9 a4 15 15 67 78 76 dc 36 7b 1c 47 ae 24 94 | 31 c4 89 68 c8 08 fa 67 ed 93 ed 86 02 e1 45 e0 | aa 4c ab b0 54 84 c4 14 83 a7 7c f9 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 4.97 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 5.19 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00307 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.108 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00132 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0811 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00149 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00158 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00913 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.24 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0297 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.296 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3168488040 (0xbcdb4a68) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 62 e2 48 7e 7d 7b b8 8c 71 e5 b7 6b e5 f2 bb 42 | e8 42 a6 d2 d0 ff bd 78 89 a1 97 92 ae a5 ae b2 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 bc db 4a 68 00 00 00 4c a0 2f af b8 | f6 f8 8e 0c ca 3d 7a 36 0e 86 8a 35 f6 8e 07 d4 | 6e db 42 92 ad 92 8c 9a 73 5c 15 ea 57 11 12 4b | 6a 39 3b a6 a2 65 f7 78 62 98 f7 f5 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.877 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.158 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00164 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.147 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00162 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.141 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.141 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00119 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00542 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.273 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0438 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.369 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 954009572 (0x38dd07e4) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 84 0e 30 83 0f 1c a5 26 ec 43 57 a6 97 97 e8 7e | 23 94 bf ed 8a 53 56 68 e8 d6 59 99 70 3d 51 04 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 38 dd 07 e4 00 00 00 4c 90 88 f4 e1 | 46 01 84 92 c6 04 68 41 e0 ed ed 91 6b 84 07 d6 | e9 27 f9 84 08 0f b7 d0 d7 de a9 05 83 fe aa 26 | 64 6a 5f 87 fb 39 8e 5d a9 f6 57 aa | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.02 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.26 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00303 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.133 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00133 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.13 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.114 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00112 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00438 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.288 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0375 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.352 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2399390578 (0x8f03cb72) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | bb 24 28 14 84 73 59 5c 95 00 7f 1a 2b ba 0d 9f | 78 e0 02 f0 fb b9 0e ee 3e 50 6b 58 92 ac 5a d4 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 8f 03 cb 72 00 00 00 4c 67 69 53 c4 | ec a7 0c d4 a9 36 b9 71 97 87 58 0e e2 e2 a1 79 | 9f 3c c1 f2 4a 5d 38 75 49 33 60 96 ba 2a 2f 02 | 78 1b 5f 88 8e ae e3 8c 73 87 fc a6 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.958 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.17 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.16 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00134 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.147 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.151 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00142 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.149 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00127 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00561 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.29 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0434 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.388 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2607339045 (0x9b68d625) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | b3 47 52 ba 3e 55 3c 8f c3 14 b0 c0 6e 26 f6 77 | ff 32 3f 6d 24 ff f3 eb eb 55 e4 e6 fc 7f 75 d4 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 9b 68 d6 25 00 00 00 4c 39 ab e7 13 | 76 90 2d 8a 61 04 72 52 b6 52 13 4b cd ea b9 9d | 51 1d 2b e3 18 5b 69 fe fb 96 01 31 c5 ac 90 e8 | 2b ae cc 7f 70 34 ae 86 80 03 11 31 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.07 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.33 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.123 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00127 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.109 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.106 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.104 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00111 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00602 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.257 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0383 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.346 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 180444048 (0xac15b90) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 10 ed 0e 00 5d 60 6c 9c e4 bf 34 47 f3 31 b6 de | bc 99 18 4a b2 d6 f1 a1 af fa 8b 5e cb da 04 07 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 0a c1 5b 90 00 00 00 4c a9 5b 60 d5 | eb 67 6b ae 73 c0 09 67 07 b6 c0 f4 b3 d7 ac e0 | f0 44 4a ca 2d 04 90 a6 73 4b 2d 4c 16 95 25 9e | 77 a7 60 75 27 84 71 d7 80 f7 9a eb | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.926 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.11 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00347 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in for_each_state() at state.c:1572) | not behind NAT: no NAT-T KEEP-ALIVE required for conn x509 | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in for_each_state() at state.c:1574) | spent 0.0236 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | spent 0.00282 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 37 11 ab bf e9 9c df 65 dc 06 e1 d7 | 5a 5f 56 c1 05 10 02 01 00 00 00 00 00 00 08 4c | c8 34 f5 17 1c 8e 1a 33 a5 a1 72 45 0d 8c c9 e8 | 66 85 5a 76 8d 00 df 53 f2 3f db 05 c1 51 51 38 | 0a 54 b9 b8 7b 46 1b eb d4 62 f1 1f 59 ce d1 22 | 71 07 f7 41 5d 4b 0b 7f 6a 2f 2e 7d 63 d1 1c 06 | 11 b6 b1 6c 9c 2b fc 2a 49 50 ca 90 df 0a 21 71 | 6b 22 f4 35 6c a3 8e 0c c7 75 c3 d6 4d 66 b9 ae | b5 5b b3 62 d4 d3 ba 34 f5 bb 4e f6 3d b3 7d 67 | ae a5 6b 6f 95 34 e7 e6 b3 6f bd 24 ba 79 d2 80 | 7a 82 50 79 d9 8c eb 6a a3 e5 d3 09 41 a6 2e 66 | 9a 07 45 87 98 d1 85 16 c4 26 5a 55 c1 00 32 50 | c3 42 74 0b 95 3c 60 42 24 3c 6c a2 47 43 b5 af | 4a 84 c4 c5 4b 2d 21 7b c5 19 84 28 09 20 b6 e7 | 81 42 49 67 94 dd e8 43 87 80 1a dd d1 6a 79 72 | 40 e5 1d d8 c7 51 c0 41 97 df 5d ac c4 10 b8 b3 | 20 22 3d 24 cf b0 01 68 7a 3d 6f 76 dd 84 be d5 | d9 ef 5d 3e 25 2f 5c 80 df 61 c4 b0 c2 b9 ae 4d | b1 30 3c cd 60 86 57 dc 2b 19 99 e0 17 91 a7 87 | 7d 72 e7 6c 2f 72 f7 a9 b3 e5 3e 8f 2d 4f 34 28 | 09 24 69 de 6d a7 76 0d aa 2f b5 3d 3f 28 71 e8 | 67 e8 f9 ef 59 dd 60 c4 c6 e8 f9 c2 bd ff e5 55 | 6b b2 61 eb d6 32 a2 82 97 a0 69 3c 4e d3 16 a3 | 43 70 b1 db 1f 57 54 03 24 a9 fe 6f 52 f3 8a 00 | af 3d 5e 48 3a 66 52 05 66 16 64 5b 74 94 82 0c | b0 0c 4e 7d cf 67 d6 eb 59 40 e9 2a e4 2d fe 63 | 13 76 fe 60 54 97 d4 7a 6f e9 99 71 81 6d 69 e5 | a2 17 ea 65 4e ad f8 6e db 00 60 f7 6c a7 c9 92 | 12 95 75 55 ee f9 91 eb fd d0 33 cd d0 45 1e ee | ff ee f8 29 9f 26 cc cd d0 21 de 80 28 30 5b b7 | 64 42 1d 9c 82 29 a8 3f 9e 9d a5 08 d8 ec 4f 82 | 5b d0 e9 1c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.111 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 9d 71 3e 12 02 3f 22 0e 43 8c 44 08 | 00 41 d0 aa 29 be bd f3 de 43 63 51 ff c9 b1 2e | cc d8 4e fc 67 ee b1 85 c8 3d a0 09 3b 12 40 de | f5 ce ff 1e 22 7a 9f b4 00 f8 2c 9e 5d 10 8e 35 | c5 fa e5 4a 9c 42 78 a4 09 dc 64 36 3d 32 18 c6 | 21 b4 ce 92 ea d9 59 12 18 76 f4 95 5e 4a 7c 42 | 63 af d2 35 0e 9b 9a 0c a9 bb fb 19 d9 65 f9 ed | e7 84 e3 f9 59 04 a2 4f dd bb 59 13 e6 75 16 ad | e2 11 43 19 3a d5 23 f2 12 b0 c0 85 b8 2a b3 66 | 7a a8 70 20 76 7e 71 0d f6 16 32 91 9d de cf 87 | d4 9b be a1 4d 67 d9 ce 42 2d 58 c7 79 89 08 bb | 8b 03 c8 19 26 5a c2 5b fe 72 26 94 48 01 6c 95 | 82 22 65 d1 d4 ad d6 d3 2a f2 46 54 92 08 2d c7 | 92 cf 71 22 94 2a 62 ac 3e 3f 55 03 05 e3 d1 3b | 9a 6a eb a5 d3 c1 c7 70 2a b9 b1 2f 2f c5 34 a9 | 76 a2 f8 9e 25 cb 8f c0 3b c3 13 a8 8c dd c4 5a | d1 91 b2 c0 c3 34 c7 a0 c0 ab 46 8b 83 67 32 4f | 43 ac 36 87 1b 05 10 81 7d bb 0f 6f 09 24 ae 2c | b4 15 75 0a 0e 8a 6a c4 7d f6 73 73 92 63 6a 3d | c4 c4 59 51 77 4b 0b 7d 91 16 f2 2b 90 4f f6 82 | e2 dc b6 19 e6 bf 86 7d 4d 1a 4b 30 e9 67 fc 1e | ad 3b 26 67 ec d1 ec a7 89 ab dc f1 d6 83 f6 cd | 4f 34 44 54 33 10 e5 47 c9 06 e9 0a 6b a7 58 cf | 5e 53 3a b6 01 d6 18 3a af 48 c2 9b b0 47 bc a1 | 12 8c b2 3e 25 0b 23 eb 48 83 1d db 2d 4e 92 4b | 22 a4 51 40 96 7d 95 83 03 50 9b 18 d1 ce 79 51 | c9 c8 14 1b 2f 87 9e df 77 e5 d3 ba 7c 65 6c 3b | 48 81 4d 5b 11 f3 ab 16 dc 5f 3b 6a cf ee c8 47 | b2 20 00 52 26 db b2 23 ba 4c 32 d0 99 74 74 e6 | 47 97 76 72 7a 63 6f 44 61 0a 80 e3 6b 03 11 d4 | bc e0 f0 8d 99 1f 39 49 d8 af 24 1b 81 a8 45 47 | fa 60 9e e1 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0891 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000979 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 87 f9 6e 93 0c 13 29 94 3e f2 03 e8 | 5d d7 0b 8b 1c 3f b8 82 6a 31 74 29 a7 f8 5d 56 | 96 50 b7 d3 87 87 7f 87 e6 70 79 ef 36 74 3e 27 | 3f 4a 12 cc e2 10 15 69 f1 70 64 a3 68 12 e4 39 | 1f 93 4c 38 7f 57 ce ef e1 96 70 02 c7 07 5d c6 | a9 07 3c d5 8a 06 52 57 28 23 ee 45 4c 6f 89 43 | b5 5b fc 6a 67 5a 88 63 2b 5b 5a 60 6c fa ad 86 | 71 c5 a3 0b 61 bf e2 1a 01 a2 77 b7 0d 9d d7 38 | 65 9e e9 c6 29 b6 76 bc e2 e0 2c 24 26 79 9c ce | ea 12 f0 5a 2c 5b 40 45 86 49 0f e2 28 af 3e 8b | 06 cd 37 9d 5e 4a de d4 e5 4a c9 f1 0d a1 69 fb | 1a f6 ff c5 8a b1 2f f6 46 2d e7 ef 69 0c 49 55 | 81 59 71 09 f1 f1 fb e0 da 1e 89 25 2c 0c 7a c6 | 69 4d af bd 59 93 ab 0a c3 46 af 8c 9a ad 01 76 | 04 ab b8 ba 10 e9 15 cf cb 0e bc 05 a6 d8 84 65 | 3d 34 74 42 bb d8 96 8e dd a3 70 28 c7 75 f9 1e | 6b 1f bd 4e 4e 03 cd ef 2a ef 68 70 9d 6d 0f aa | 93 7e e2 40 9a 4a b2 a7 64 d1 fc 2c 45 64 5c c4 | 93 dc e9 a1 9d d7 77 0e 2c 58 57 50 14 36 e8 cf | 1d 67 de b0 bf 61 03 b3 f8 7a 12 59 ae fc e1 7b | 7a 8f 2a 8c 73 9a 47 fe bf 55 ce 3b 52 6f e7 44 | 2d 84 aa aa e6 6f f3 a0 76 d0 a7 38 03 27 c7 f6 | fa 9b 6f ce 17 42 7e 17 93 34 0b 8c 89 b9 b9 aa | 08 10 46 36 87 c9 c2 a6 81 e1 77 f9 35 17 a8 aa | 54 f1 fd bd ae 85 a2 5d 14 f2 6e d0 ec 82 a4 48 | d0 94 3e 18 34 1e 60 dc 75 3f be 6a 2e 51 bf e0 | 00 9e 75 61 9a 80 5c 03 a6 ff aa 40 84 89 84 42 | e1 45 b1 e1 fb a9 ef d2 a6 13 ef 3e 65 76 39 d9 | 8b c4 36 f8 5c 8e 47 cc e1 e4 8e d7 2c 72 6f 47 | 6f 18 7a e5 f2 b8 11 5f 31 a8 11 29 90 62 b5 af | b0 97 2c f2 fd 65 da d8 d0 f2 0f a5 44 ff 90 79 | 44 7f a3 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0914 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00105 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 b9 aa 4a f0 5f 46 8b 42 80 c3 78 8b | e3 05 9e 41 17 aa 80 32 9f ae ef 9a 13 e6 9c 6c | 69 82 89 b9 2b 0a 8c 92 16 9a d3 11 3c af 92 05 | 32 73 dd be 7c c4 fc e0 92 01 9d af 6e cc 02 b5 | a3 ae f8 43 0c a7 ad 96 e8 2c b2 6d 33 ed a3 ca | ea 89 57 79 ff ce 74 52 3f 2f df 31 19 2d 0d 12 | 72 0e 3e 91 0f 6b 29 fd db 0d 16 60 14 b6 20 c4 | da 36 49 67 41 51 7e 5e 12 6d 43 c8 a7 ce b6 dc | 54 88 7a 1e 42 b0 a5 4f b1 f9 23 bc bf 50 06 5a | 13 c8 4e b9 e8 cc ab b1 ba b7 46 02 d4 6e 9a e9 | 5c e1 fb fd e9 9e 9d b4 cb e0 86 de 42 bb c3 ff | 60 a8 63 e6 48 de a8 82 69 ff d8 5a a6 00 ee a2 | 7d c0 f9 a7 b3 c7 9f dd b9 9a d7 25 08 95 67 aa | 37 3a fd cb 3e 89 49 cf 92 dd 7b c8 54 9c 78 85 | ec 55 93 ce 33 fd ad 86 5c fa cf c3 04 53 c1 eb | 4f e7 53 31 9a 10 79 cc 6a bb 26 ea 35 5b 9d 5e | 7f 2b 72 f8 01 31 13 b0 d2 75 b1 ea f5 31 e5 f1 | 72 32 5c db 8e c1 2a 10 ff 0c d8 ec 44 56 eb fa | de c5 13 4a 69 6f 45 d2 7d a9 a7 30 fd f5 7d d8 | 6b 45 c3 c3 e6 39 48 34 63 91 7c 91 57 14 71 60 | aa 96 82 b4 5e e2 17 4d fe a2 7b 67 37 d4 1e 54 | d1 f5 b2 c1 82 12 97 e0 19 b9 00 f2 46 72 4e 51 | 45 ef e2 58 86 e0 84 a6 e8 31 1b bb a8 ec 7e 81 | 13 4b af 92 00 7a 0f 1d f2 00 c6 b2 0d 38 52 c1 | 03 10 59 7c 0e 2a f1 b8 0c 04 70 90 a2 38 e8 9d | e0 a8 55 60 81 45 a4 2a c4 88 32 5d 98 0f 47 bf | 86 55 b2 e9 42 ad e7 82 fe ad 78 6d 75 ec 2b 14 | 18 a9 5c 95 ef f4 b6 bc 50 f2 bf 09 7f 57 02 f5 | e5 f5 15 44 e0 f1 31 2c dc 05 7d 42 88 dc 40 06 | f5 00 ce e8 c0 ce c4 20 f3 9b c6 ac 11 4b 33 e1 | 41 29 6d 33 fc 32 59 d4 ee 25 91 49 29 b1 b8 63 | fd 5d 74 02 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0747 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000946 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 ae b7 ff 57 fe 8a 23 e1 bd 5f 01 d4 | c7 68 5b a8 33 3c d7 76 d3 fc aa 2b 68 4c c4 e2 | be 5f f2 83 30 60 e2 d5 e2 af 9a a6 26 29 78 1b | 72 67 3f 16 b9 a8 d3 0c 9e 14 b1 01 fd 65 22 40 | 10 7e 3c b5 27 32 67 87 fb 09 81 f4 55 04 a2 c3 | 38 41 c6 16 b1 3b 4d fc 04 fc 88 87 b3 13 5c b9 | 65 95 4a b4 da 6f 9d 09 71 f1 d6 e8 f5 5f 9b c5 | e2 c1 45 d1 d2 9c 67 c4 56 0c 4c 1a f6 d1 90 07 | b8 83 5c 06 1b d7 ca ad aa e4 62 d6 06 91 56 a9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00324 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.194 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.046 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.26 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 37 11 ab bf e9 9c df 65 | responder cookie: | dc 06 e1 d7 5a 5f 56 c1 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3832884618 (0xe4752d8a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 66 d7 3c bb 79 75 0d e6 00 84 20 b9 19 74 84 ef | d2 8c 7c 25 12 3b 43 36 5e a0 5b ef b5 25 10 07 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 37 11 ab bf e9 9c df 65 dc 06 e1 d7 5a 5f 56 c1 | 08 10 05 01 e4 75 2d 8a 00 00 00 4c 95 70 c4 74 | 75 f9 76 4a d7 ab 19 6a b4 09 30 af f0 d0 6a 9f | fd c2 f2 76 3f 26 72 04 fc b6 7b ed 1c 33 3f d1 | ed 84 46 53 55 a2 77 19 71 a1 4a e8 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.74 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.89 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00351 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000005 | spent 0.0105 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00296 milliseconds in global timer EVENT_SHUNT_SCAN | timer_event_cb: processing event@0x5628c7fd4130 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 1 | retransmits: current time 50030.527142; retransmit count 0 exceeds limit? NO; deltatime 60 exceeds limit? YES; monotime 60.002699 exceeds limit? YES "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: 60 second timeout exceeded after 0 retransmits. No response (or no acceptable response) to our IKEv1 message | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:124) | pstats #1 ikev1.isakmp failed too-many-retransmits | pstats #1 ikev1.isakmp deleted too-many-retransmits | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "x509"[1] 192.1.3.209 #1: deleting state (STATE_MAIN_R2) aged 60.006s and NOT sending notification | parent state #1: MAIN_R2(open IKE SA) => delete | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection x509 | connection is instance | not in pending use | State DB: state not found (connection_discard) | no states use this connection instance, deleting | start processing: connection "x509"[1] 192.1.3.209 (BACKGROUND) (in delete_connection() at connections.c:189) deleting connection "x509"[1] 192.1.3.209 instance with peer 192.1.3.209 {isakmp=#0/ipsec=#0} | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | free hp@0x5628c7f6ab00 | flush revival: connection 'x509' wasn't on the list | stop processing: connection "x509"[1] 192.1.3.209 (BACKGROUND) (in discard_connection() at connections.c:249) | State DB: deleting IKEv1 state #1 in MAIN_R2 | parent state #1: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.3.209:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5628c7fd4130 | in statetime_stop() and could not find #1 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (x509) | find_next_host_connection returns x509 | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "x509" for initial Main Mode message received on 192.1.2.23:500 | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none | new hp@0x5628c7ff8ff0 | rw_instantiate() instantiated "x509"[2] 192.1.3.209 for 192.1.3.209 | creating state object #2 at 0x5628c7fd80c0 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | #2 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #2: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | ICOOKIE-DUMP: 3d e1 3d a5 cd 9d 9b df "x509"[2] 192.1.3.209 #2: responding to Main Mode from unknown peer 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #2: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x5628c7ff4690 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 "x509"[2] 192.1.3.209 #2: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.4 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | fa b6 cd 3e 7c a4 c5 9a 41 ed 25 f1 54 8e f6 cd | 49 d6 1a f6 16 49 81 e5 ad 6a c6 c9 af c9 92 b2 | d7 92 08 fc 1d 50 48 fd 33 b1 32 f8 38 94 e5 90 | 9a 73 f9 d2 c4 10 1d 1a 60 5a 33 f9 f3 d9 52 7a | 5a 66 dc ed 42 4c 3d b8 df 93 1c 6f 2b 92 48 13 | f9 ef c0 52 dd a1 24 62 a4 2d 6e bb 5a ed cf 9b | f2 4c 8b 3b 5f 33 d6 02 00 e9 dd f6 cb fe 35 b6 | d3 ab b2 21 b8 06 57 aa af 3a 97 7e 45 a3 f3 a8 | e3 82 da 85 7f 55 92 bd 27 a3 4e 7c 67 9c ed 0c | ae 2b 56 23 62 1c dc d3 b5 5c cf d3 ab d1 34 0d | 08 90 b5 b9 80 0d 7e 62 8e e4 3d 5b 0e 90 91 61 | 09 a2 f8 9f b5 97 39 ce b8 e6 da 86 e0 1a f2 a2 | 2b 49 a2 45 89 72 e0 cb dc 6c 79 22 03 84 ce 99 | 3a 2f 98 6b e1 01 6d df 55 e8 64 41 92 46 98 9b | 12 4e 13 8f 15 56 0c fd 07 b1 c0 8f 95 f5 1c 10 | 26 bf 3b f3 90 21 c7 bb 5e 66 6c df b6 ad d8 ff | 14 00 00 24 ba a5 01 7b 9e 1a e3 f6 af 3f bf 8d | 39 8a 08 9f 09 ed 8d a1 eb dc 18 1d 8b a1 c9 f9 | d0 ec b7 29 14 00 00 24 87 8a ef 29 d2 ec 54 7f | 28 c9 1e e3 05 93 6f 38 bf ba 5b e4 6f a8 ee ec | cd aa 51 59 d6 2e df d8 00 00 00 24 80 e8 99 b2 | 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 e1 b7 d2 16 | ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R1 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 3d e1 3d a5 cd 9d 9b df | natd_hash: rcookie= a1 72 22 d8 bb 17 44 f0 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 87 8a ef 29 d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 | natd_hash: hash= bf ba 5b e4 6f a8 ee ec cd aa 51 59 d6 2e df d8 | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 3d e1 3d a5 cd 9d 9b df | natd_hash: rcookie= a1 72 22 d8 bb 17 44 f0 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 80 e8 99 b2 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 | natd_hash: hash= e1 b7 d2 16 ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | expected NAT-D(me): 87 8a ef 29 d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 | expected NAT-D(me): bf ba 5b e4 6f a8 ee ec cd aa 51 59 d6 2e df d8 | expected NAT-D(him): | 80 e8 99 b2 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 | e1 b7 d2 16 ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | received NAT-D: 87 8a ef 29 d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 | received NAT-D: bf ba 5b e4 6f a8 ee ec cd aa 51 59 d6 2e df d8 | received NAT-D: 80 e8 99 b2 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 | received NAT-D: e1 b7 d2 16 ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 3 for state #2 | state #2 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5628c7ff4690 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5628c7ff4690 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.123 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.265 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 3 for state #2 | crypto helper 5 doing build KE and nonce (inI2_outR2 KE); request ID 3 | crypto helper 5 finished build KE and nonce (inI2_outR2 KE); request ID 3 time elapsed 0.001577 seconds | (#2) spent 0.907 milliseconds in crypto helper computing work-order 3: inI2_outR2 KE (pcr) | crypto helper 5 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6544006900 size 128 | libevent_realloc: release ptr-libevent@0x5628c7fb2e90 | libevent_realloc: new ptr-libevent@0x5628c7fe71b0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 3 | calling continuation function 0x5628c6794630 | main_inI2_outR2_continue for #2: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 4d 4b 9a 07 4d fb ab da 20 86 aa a9 42 ec 4e 2f | keyex value 12 23 e4 8b 12 38 b1 04 5b 82 cf 0d f1 05 3f b5 | keyex value d3 91 13 81 04 21 00 91 a9 61 82 c2 cf 2e f4 6b | keyex value 86 77 ea 9a b7 0a 2a 58 f1 53 d5 d0 7d 85 72 58 | keyex value 08 2c 58 3b e2 78 9e 57 43 64 93 97 44 68 e4 95 | keyex value d8 92 bb 9c d6 19 03 02 0d 92 f3 12 3f e9 25 64 | keyex value 02 22 e8 01 5c 95 da f3 ea 80 7c 85 69 35 88 75 | keyex value 2e b4 15 f7 da 54 e2 d9 64 63 23 71 a7 c3 60 a3 | keyex value ba aa 41 04 65 4d ec e8 80 e9 34 55 30 ec 11 a7 | keyex value b8 8b 70 28 20 9d 1d ed 64 28 26 3c c7 d0 51 74 | keyex value ef 18 4d b4 0c da cd b5 e0 21 b1 0e ff 4c 93 a4 | keyex value 83 eb 3a 34 4c 4d bb 01 19 22 5c 2a 15 e4 76 3d | keyex value 37 f2 f6 60 eb 33 68 74 7b 32 17 e5 96 e4 30 ac | keyex value 48 91 cf e0 ed 00 c6 77 23 f3 b3 92 bc 4d c2 b2 | keyex value 07 60 e7 ae ee 61 b6 84 fb 2d 54 2e 29 c1 55 5e | keyex value 45 af 30 1a 94 a6 d5 6e 59 90 0b 64 10 ec 7d ae | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 45 98 a7 69 b6 2b 33 60 26 15 b3 b3 81 23 de 40 | Nr 69 39 f0 b6 d2 d8 68 06 24 5c 3f 00 ac 2d 1a a2 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 3d e1 3d a5 cd 9d 9b df | natd_hash: rcookie= a1 72 22 d8 bb 17 44 f0 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 80 e8 99 b2 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 | natd_hash: hash= e1 b7 d2 16 ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 80 e8 99 b2 1e 0e 52 be 66 06 3e 97 6e 01 5e b1 | NAT-D e1 b7 d2 16 ab 3d 9d df 02 e2 07 2c 10 98 c1 5e | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x5628c686ac40(32) | natd_hash: icookie= 3d e1 3d a5 cd 9d 9b df | natd_hash: rcookie= a1 72 22 d8 bb 17 44 f0 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 87 8a ef 29 d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 | natd_hash: hash= bf ba 5b e4 6f a8 ee ec cd aa 51 59 d6 2e df d8 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 87 8a ef 29 d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 | NAT-D bf ba 5b e4 6f a8 ee ec cd aa 51 59 d6 2e df d8 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5628c7ff4690 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5628c7ff4690 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | #2 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #2: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5628c7ff4690 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 4d 4b 9a 07 4d fb ab da 20 86 aa a9 42 ec 4e 2f | 12 23 e4 8b 12 38 b1 04 5b 82 cf 0d f1 05 3f b5 | d3 91 13 81 04 21 00 91 a9 61 82 c2 cf 2e f4 6b | 86 77 ea 9a b7 0a 2a 58 f1 53 d5 d0 7d 85 72 58 | 08 2c 58 3b e2 78 9e 57 43 64 93 97 44 68 e4 95 | d8 92 bb 9c d6 19 03 02 0d 92 f3 12 3f e9 25 64 | 02 22 e8 01 5c 95 da f3 ea 80 7c 85 69 35 88 75 | 2e b4 15 f7 da 54 e2 d9 64 63 23 71 a7 c3 60 a3 | ba aa 41 04 65 4d ec e8 80 e9 34 55 30 ec 11 a7 | b8 8b 70 28 20 9d 1d ed 64 28 26 3c c7 d0 51 74 | ef 18 4d b4 0c da cd b5 e0 21 b1 0e ff 4c 93 a4 | 83 eb 3a 34 4c 4d bb 01 19 22 5c 2a 15 e4 76 3d | 37 f2 f6 60 eb 33 68 74 7b 32 17 e5 96 e4 30 ac | 48 91 cf e0 ed 00 c6 77 23 f3 b3 92 bc 4d c2 b2 | 07 60 e7 ae ee 61 b6 84 fb 2d 54 2e 29 c1 55 5e | 45 af 30 1a 94 a6 d5 6e 59 90 0b 64 10 ec 7d ae | 14 00 00 24 45 98 a7 69 b6 2b 33 60 26 15 b3 b3 | 81 23 de 40 69 39 f0 b6 d2 d8 68 06 24 5c 3f 00 | ac 2d 1a a2 14 00 00 24 80 e8 99 b2 1e 0e 52 be | 66 06 3e 97 6e 01 5e b1 e1 b7 d2 16 ab 3d 9d df | 02 e2 07 2c 10 98 c1 5e 00 00 00 24 87 8a ef 29 | d2 ec 54 7f 28 c9 1e e3 05 93 6f 38 bf ba 5b e4 | 6f a8 ee ec cd aa 51 59 d6 2e df d8 | !event_already_set at reschedule "x509"[2] 192.1.3.209 #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5628c7ff4690 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5628c7fd4230 size 128 | #2 STATE_MAIN_R2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50034.586872 "x509"[2] 192.1.3.209 #2: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.37 milliseconds in resume sending helper answer | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6544006900 | crypto helper 6 resuming | crypto helper 6 starting work-order 4 for state #2 | crypto helper 6 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 | crypto helper 6 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 time elapsed 0.001445 seconds | (#2) spent 1.2 milliseconds in crypto helper computing work-order 4: main_inI2_outR2_tail (pcr) | crypto helper 6 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6538004f00 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 4 | calling continuation function 0x5628c6794630 | main_inI2_outR2_calcdone for #2: calculate DH finished | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.0182 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6538004f00 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.386 milliseconds in whack | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 | bb 17 44 f0 05 10 02 01 00 00 00 00 00 00 08 4c | 89 68 97 5b 2e fe 15 33 25 84 26 72 9c 31 e9 b4 | b2 46 cd d1 d6 55 32 e4 3b d0 fa 17 25 c8 cd b7 | 7c ce ac 9a 67 b1 e8 f3 58 e6 a1 b4 37 ba 76 02 | 56 e8 76 ed 2c f0 b5 c9 98 0b 51 b4 be 97 bc 39 | b3 e7 ff 36 8d 0b cb 24 c8 33 85 1e 5d 2f 27 c8 | 0b 4b 43 d1 b4 b8 3c 0f 2f 79 98 19 12 db 00 c5 | 28 e5 6a 9e 5d 1b 3f 34 ae 07 23 00 af 05 a8 db | ca 8b 34 45 6c f3 0b a8 9b 3a 95 82 aa 4b bc 25 | a0 a6 f1 23 38 ed 8e 9d 60 db 5a 66 34 74 6f 75 | 58 e8 e4 68 3e 4f f5 08 22 50 64 a1 1c f0 8a 67 | d2 a6 fa 3a da f9 bb e9 19 90 0e 8d 37 71 c6 0f | 83 8b a4 27 a1 d5 14 00 86 7f 30 61 f2 d4 f3 02 | 53 63 4d 04 a5 8a 6f 72 88 f0 54 20 ca 3e 1d 3f | cb 1f 3a 74 f0 95 53 df 82 ae 61 2e 98 68 58 b9 | 03 09 75 bb 38 5e 3a 83 74 60 65 f0 18 a3 72 d2 | 02 b2 ef 45 36 4b 8c 8a 80 4b 57 3d ba df 07 8e | 0a b6 bc 6f ad 2b 90 40 21 f7 30 a1 43 31 8d bd | 9b cd 7a 7b ef a2 70 dc 50 cf 97 ca 8c 93 51 b1 | e7 27 c4 7e ac 7f 11 ea 49 02 42 4a 9d 2b 38 72 | 29 af fe 61 23 c3 b6 90 b1 ac a0 2a a4 5c db ef | 18 bf 2d e8 a6 2c d6 1a 41 ca f5 b0 5d 84 3c 08 | 42 95 95 f3 a6 5c 60 a9 7b e5 af 15 46 0e 03 90 | d3 e7 02 57 e2 53 29 5d 2a 4a 59 9f 32 2e 5d 7e | 56 fc 60 86 69 32 e2 1f ec d2 cd 23 fb c8 71 06 | 09 e1 31 b2 99 de c5 8c 04 fa 7b d9 4f 9e 1a 0a | cb 47 35 97 72 ed b5 3e f1 56 77 1e 1b fa 56 84 | a1 89 24 6a 09 ef d4 ae c4 06 18 ac 8a e0 b0 f7 | 3b 15 e9 7c 60 ba 07 e4 66 f9 83 74 60 47 2f a0 | f9 f8 df 5e cf 53 d0 c0 e2 4f e4 a5 6b f9 27 ae | 67 08 f2 52 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.139 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00145 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 e8 d4 4c 0c 10 31 8c 91 ba ad 3a b1 | 93 f0 ba f3 6a bb cc 33 3d 65 ab 1b a0 62 48 94 | 77 b6 65 68 df 28 9f 8b b3 4c 9f 80 16 54 86 02 | b7 0c dc 14 f7 34 be 1e ed 4e 40 41 3d cd d3 53 | fb a7 74 eb d3 49 64 d6 0a 34 85 d1 df 89 cc e3 | cd 84 2e de a1 2d 52 a0 52 89 3f 10 56 71 71 27 | a9 9a 82 b1 ad 4f 5e 81 e2 9d e4 03 98 c5 4c 68 | 8f ea e1 60 20 15 2f 23 28 a8 e4 cc 38 da f9 1d | 72 76 0a 74 ef 0f 5b 9b 32 8c 80 65 20 51 9b e4 | 91 de 61 81 8d 52 da 6f 69 c8 3e 24 bd 16 93 c5 | d5 a9 2f c1 71 c1 c4 52 17 7a aa 2a ec eb b5 0f | 6c 90 b4 82 a5 b2 ea 47 b3 83 c9 37 56 d0 4f 2d | 9e e0 1b 2e c6 28 b9 d6 87 77 6c dd aa 5a b0 08 | 99 38 77 bd 4e f5 d6 9f 4f 04 ab e6 11 df cf f8 | c5 f8 c2 db 37 5d 85 dc 9c e7 8f 1a 04 ca aa 9a | c4 72 dc 4e 04 6d 74 d9 a3 80 fd fb d6 3a 1e a4 | 7b 3d 4f 57 2b a9 45 76 09 32 71 1c d8 ed 18 b6 | 51 22 7c f9 61 c8 f2 a0 67 f4 2e dc 6b a4 7d 86 | a7 b0 e3 6f 51 4b 31 b1 63 7c 73 ba bd 96 4b 41 | f5 1e 73 3a da 4b c1 cb e7 43 c9 bd 46 b4 7c 94 | 8d c8 74 be 95 a8 37 09 7d 39 42 8c bc a1 74 c3 | b5 ec 3e 0f 9a 3c 27 5e e9 f2 0e df 56 27 78 02 | c5 f8 fc 35 dd 81 c7 00 4e 2f bf 1f a3 2b db ed | 5e f6 fd 54 dc 96 46 78 ba 76 e0 9f 1d 73 19 9d | 33 5b b1 fc 34 57 36 82 a1 d6 c4 1e b9 5c 5e fd | 3b 88 42 c4 9c c9 0c d2 19 4f 27 dd 1e 34 ce f1 | 29 16 75 de d9 7b 4b 7e 81 d0 e2 49 83 57 00 ef | a6 2d 24 2d 29 1b a5 1f 0c e8 15 9b 56 2b 7a 15 | d5 01 8e ee 12 0e a3 a5 4b 00 f8 8c e5 fc 56 c8 | 58 45 39 44 f6 b3 8f 72 b6 fd 61 30 6a 72 7b c7 | 7f 39 29 3a 12 23 c5 2d 58 60 2d 41 4e 48 24 1f | 2a bc 1a 3a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.121 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00135 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 0a cc bc 18 6d 9b 7b 27 57 ac a5 12 | 18 73 49 1d 71 a9 a5 a5 b5 9d 6c 70 40 d2 60 2d | a3 e0 8b 74 68 67 7b 6c 4e fc 21 33 0b fb fe f4 | fa cf ed 47 7d d0 15 12 30 5f 11 d6 e1 08 63 90 | 21 66 24 5d c0 f5 b8 b6 fb a1 e9 b4 6b 1f 83 95 | 95 9c 11 03 e9 1e 92 5c 3f e3 73 cd ab 0f 89 9c | 19 a7 4c 80 6f ba fa 13 f0 3f 5f 19 72 26 0c 82 | cb 5c cd 12 c8 4e f2 0f 6d 83 d9 fc e5 eb 17 10 | 4b 21 77 6b 8a 8b 13 8c 40 98 8e 9b 44 34 60 51 | 24 57 79 c4 1c f6 50 5a 64 cf df 4a c9 0c e7 ff | e7 ff af 5e e4 20 ab 7d 6a 69 08 b3 c9 58 90 4d | 22 b5 62 2b ee d2 ed eb 30 2a 48 e4 1a 7e 88 00 | 12 3c 04 77 5a a6 b7 72 02 75 cc ca d7 52 53 d8 | 1c 1c 84 08 dc c7 c9 58 fd 72 d9 89 23 0d a7 68 | ee 30 54 b8 a2 0f e0 18 3b bf 67 f6 d3 2c 4b c9 | 8a 63 12 8c 28 38 50 ae c1 ee 7d 07 14 e6 0c b2 | 16 5c da b8 94 5b 57 ba a6 ea 7c 7c 59 3c c7 56 | 40 1b e3 f7 2b 2d 83 5c ec f6 5a a1 7d 34 a0 d7 | 3b 1f c8 1b 62 93 4f 1f 84 b8 e6 36 b4 0b e5 13 | b4 17 9b 5d b9 4e 29 7a 06 41 9f e8 08 f5 1b 96 | 5c f5 ab e6 e2 50 e5 c6 b3 a3 06 ba fb 12 b2 4d | f5 37 67 14 ed 22 9f f5 3c 9b f7 f9 07 13 34 d2 | 30 34 f4 8f ae 72 cc 97 a7 8b df 20 a5 d9 f6 79 | 1b f1 00 29 66 01 c5 64 c1 e7 c5 c5 d6 ce 51 30 | 8d 78 68 1f cc 1b 2f a6 b9 05 1c e2 12 47 66 13 | b3 b0 22 32 90 30 49 3e c2 46 b4 e5 71 22 92 75 | 80 58 b5 98 44 ac 57 e4 38 06 e3 3a 3f 46 1c de | e7 ac ad a1 54 5e 2b fd 3d b9 55 22 fd 9c 94 83 | 72 93 be cf 44 c6 a1 72 16 e1 75 53 9d fe 55 a1 | 2f 77 75 fa e6 2e c8 67 69 c6 91 8b d4 7f 33 d3 | c7 cd 6d 53 81 a2 22 ff e4 e1 38 33 d9 5b 4a 4b | 52 2e 80 c7 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.136 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 ff fe af 10 53 88 8c 79 bd ef 3b 76 | 42 1e 45 4a 63 1b 94 33 dd 83 f7 f4 90 bc d0 dc | 85 8d fd b2 b6 e8 2a ab d0 ca c2 35 0c 3c 26 1c | 7b 34 6f bd 30 9d 65 0e 4e 77 9f f4 d0 01 49 59 | 94 7e f9 34 26 15 7c 75 23 0d 59 d7 3d 9e 0b 29 | 13 3b 76 02 29 36 5f af da d7 fd 01 aa ee 64 65 | 96 b2 6d 01 2c c7 5e ae 0f 5d a6 0c d5 95 5b 5f | a9 b5 a2 31 2b da 40 82 54 0e b1 69 be b2 a0 f1 | 4e aa 48 ef 45 59 e4 b9 48 5a d6 f4 e1 ce 8a 42 | d5 54 16 30 af 14 aa 1b 6d 37 03 03 df 18 ff 34 | a5 2c 4a 30 90 17 e0 2e 93 fc 5a 88 aa bd f3 dc | ff 1c eb 6f 75 bd 84 8e e6 66 6c e2 02 b4 b0 f8 | ac 5a 2e 38 69 61 fb b8 ba 08 b5 df fc cc 1c df | 07 be 45 b0 5f 5f 1a 18 f7 91 59 66 de 04 4b e5 | 6b 67 24 35 36 12 08 b2 f5 a0 d7 fa d3 7b 6e 94 | d6 bc 30 34 96 81 87 f9 5e f3 c6 bb 5b 17 63 19 | 6c 57 c5 5e ea 71 b4 d9 aa 05 bb 64 3b 87 58 cd | 4d d8 7f ba 85 af 27 c1 15 8c ef e2 42 5a 3d 0f | 8d 5e b9 32 fd 0a 91 fa c0 6e 5f 89 35 ad 58 d6 | d7 bc 8e 77 5c cd 7c 70 9c 35 63 4f 6f 95 10 70 | b5 7b 93 5d 23 ca 9e 64 e1 d7 03 9b a7 31 a3 6f | 64 8f 6a 31 c4 c9 b0 9d 7a ec ec c0 3f 1f 50 74 | 7d 70 f9 33 32 9f 77 1e bf 02 12 32 06 da 55 ab | 6d 6d d9 72 9b d6 1a 8d b9 a4 a6 97 e4 0a 23 65 | 21 71 09 7d bf 0c bb 74 b5 a1 9d 28 28 2c 4c 1e | 64 a3 0f 04 8f 7c d9 77 ab ba 40 a2 5d 47 b6 7d | 0c b0 da 11 7f 53 62 f4 e0 04 1b db fe 04 3b af | 78 fe ed 7a 84 52 4e 99 9f 60 af 96 92 ec 75 65 | 7e 13 94 f8 1d 7c 3b e5 c3 b6 69 07 65 07 b7 8b | b3 a2 c1 d7 83 76 b6 51 d4 6b 0a c3 70 11 b5 13 | 30 2b 96 86 d9 78 04 fb 9f 85 24 dc 25 c5 4f 39 | a2 1d ed f5 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.12 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 38 05 94 ad 0d 21 02 95 76 b9 09 b4 | 4d 4c bb 9d c2 c8 5b a1 0f dc e5 f4 cb 7c 6f 55 | 63 9c 57 9a ed 5c 3e bc 64 12 19 95 c1 80 2a 93 | 27 a3 25 ec b8 30 2b c4 73 b3 71 09 52 ed f3 a9 | 7b f5 d1 cf b7 94 34 20 b6 ba 17 fa 72 19 51 5b | 80 66 3c 36 f7 d7 73 45 27 dc 22 4b 4c db 76 c9 | 23 e4 3f 11 2f 73 ce 4a 29 03 c5 7b fa 54 e8 11 | 3f fc 43 22 97 ad 58 5d 9f 58 e4 49 74 30 e8 52 | 26 68 4c 73 1a c6 e0 34 2c cd 71 30 bc 8d 1f 81 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[2] 192.1.3.209 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00463 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.268 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0375 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[2] 192.1.3.209 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[2] 192.1.3.209 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.372 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[2] 192.1.3.209 #2: X509: Certificate rejected for this connection "x509"[2] 192.1.3.209 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle "x509"[2] 192.1.3.209 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 976388450 (0x3a328162) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | ef d2 8b 13 c4 c1 d7 02 c9 5d f2 8f 64 06 fe c7 | 5e f4 f7 d1 45 27 c3 9c f9 37 92 43 cc 37 96 e1 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 08 10 05 01 3a 32 81 62 00 00 00 4c b1 30 dc d2 | 81 48 74 8f b6 dd d4 ba e2 a8 06 da 79 46 b6 01 | af b2 f7 69 3b 77 3e f5 ff f4 83 91 d7 e9 5a 6b | 32 50 43 e0 d0 17 4d 20 7b a8 07 15 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 0.99 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00278 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 | bb 17 44 f0 05 10 02 01 00 00 00 00 00 00 08 4c | 89 68 97 5b 2e fe 15 33 25 84 26 72 9c 31 e9 b4 | b2 46 cd d1 d6 55 32 e4 3b d0 fa 17 25 c8 cd b7 | 7c ce ac 9a 67 b1 e8 f3 58 e6 a1 b4 37 ba 76 02 | 56 e8 76 ed 2c f0 b5 c9 98 0b 51 b4 be 97 bc 39 | b3 e7 ff 36 8d 0b cb 24 c8 33 85 1e 5d 2f 27 c8 | 0b 4b 43 d1 b4 b8 3c 0f 2f 79 98 19 12 db 00 c5 | 28 e5 6a 9e 5d 1b 3f 34 ae 07 23 00 af 05 a8 db | ca 8b 34 45 6c f3 0b a8 9b 3a 95 82 aa 4b bc 25 | a0 a6 f1 23 38 ed 8e 9d 60 db 5a 66 34 74 6f 75 | 58 e8 e4 68 3e 4f f5 08 22 50 64 a1 1c f0 8a 67 | d2 a6 fa 3a da f9 bb e9 19 90 0e 8d 37 71 c6 0f | 83 8b a4 27 a1 d5 14 00 86 7f 30 61 f2 d4 f3 02 | 53 63 4d 04 a5 8a 6f 72 88 f0 54 20 ca 3e 1d 3f | cb 1f 3a 74 f0 95 53 df 82 ae 61 2e 98 68 58 b9 | 03 09 75 bb 38 5e 3a 83 74 60 65 f0 18 a3 72 d2 | 02 b2 ef 45 36 4b 8c 8a 80 4b 57 3d ba df 07 8e | 0a b6 bc 6f ad 2b 90 40 21 f7 30 a1 43 31 8d bd | 9b cd 7a 7b ef a2 70 dc 50 cf 97 ca 8c 93 51 b1 | e7 27 c4 7e ac 7f 11 ea 49 02 42 4a 9d 2b 38 72 | 29 af fe 61 23 c3 b6 90 b1 ac a0 2a a4 5c db ef | 18 bf 2d e8 a6 2c d6 1a 41 ca f5 b0 5d 84 3c 08 | 42 95 95 f3 a6 5c 60 a9 7b e5 af 15 46 0e 03 90 | d3 e7 02 57 e2 53 29 5d 2a 4a 59 9f 32 2e 5d 7e | 56 fc 60 86 69 32 e2 1f ec d2 cd 23 fb c8 71 06 | 09 e1 31 b2 99 de c5 8c 04 fa 7b d9 4f 9e 1a 0a | cb 47 35 97 72 ed b5 3e f1 56 77 1e 1b fa 56 84 | a1 89 24 6a 09 ef d4 ae c4 06 18 ac 8a e0 b0 f7 | 3b 15 e9 7c 60 ba 07 e4 66 f9 83 74 60 47 2f a0 | f9 f8 df 5e cf 53 d0 c0 e2 4f e4 a5 6b f9 27 ae | 67 08 f2 52 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.139 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00133 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 e8 d4 4c 0c 10 31 8c 91 ba ad 3a b1 | 93 f0 ba f3 6a bb cc 33 3d 65 ab 1b a0 62 48 94 | 77 b6 65 68 df 28 9f 8b b3 4c 9f 80 16 54 86 02 | b7 0c dc 14 f7 34 be 1e ed 4e 40 41 3d cd d3 53 | fb a7 74 eb d3 49 64 d6 0a 34 85 d1 df 89 cc e3 | cd 84 2e de a1 2d 52 a0 52 89 3f 10 56 71 71 27 | a9 9a 82 b1 ad 4f 5e 81 e2 9d e4 03 98 c5 4c 68 | 8f ea e1 60 20 15 2f 23 28 a8 e4 cc 38 da f9 1d | 72 76 0a 74 ef 0f 5b 9b 32 8c 80 65 20 51 9b e4 | 91 de 61 81 8d 52 da 6f 69 c8 3e 24 bd 16 93 c5 | d5 a9 2f c1 71 c1 c4 52 17 7a aa 2a ec eb b5 0f | 6c 90 b4 82 a5 b2 ea 47 b3 83 c9 37 56 d0 4f 2d | 9e e0 1b 2e c6 28 b9 d6 87 77 6c dd aa 5a b0 08 | 99 38 77 bd 4e f5 d6 9f 4f 04 ab e6 11 df cf f8 | c5 f8 c2 db 37 5d 85 dc 9c e7 8f 1a 04 ca aa 9a | c4 72 dc 4e 04 6d 74 d9 a3 80 fd fb d6 3a 1e a4 | 7b 3d 4f 57 2b a9 45 76 09 32 71 1c d8 ed 18 b6 | 51 22 7c f9 61 c8 f2 a0 67 f4 2e dc 6b a4 7d 86 | a7 b0 e3 6f 51 4b 31 b1 63 7c 73 ba bd 96 4b 41 | f5 1e 73 3a da 4b c1 cb e7 43 c9 bd 46 b4 7c 94 | 8d c8 74 be 95 a8 37 09 7d 39 42 8c bc a1 74 c3 | b5 ec 3e 0f 9a 3c 27 5e e9 f2 0e df 56 27 78 02 | c5 f8 fc 35 dd 81 c7 00 4e 2f bf 1f a3 2b db ed | 5e f6 fd 54 dc 96 46 78 ba 76 e0 9f 1d 73 19 9d | 33 5b b1 fc 34 57 36 82 a1 d6 c4 1e b9 5c 5e fd | 3b 88 42 c4 9c c9 0c d2 19 4f 27 dd 1e 34 ce f1 | 29 16 75 de d9 7b 4b 7e 81 d0 e2 49 83 57 00 ef | a6 2d 24 2d 29 1b a5 1f 0c e8 15 9b 56 2b 7a 15 | d5 01 8e ee 12 0e a3 a5 4b 00 f8 8c e5 fc 56 c8 | 58 45 39 44 f6 b3 8f 72 b6 fd 61 30 6a 72 7b c7 | 7f 39 29 3a 12 23 c5 2d 58 60 2d 41 4e 48 24 1f | 2a bc 1a 3a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.117 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00109 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 0a cc bc 18 6d 9b 7b 27 57 ac a5 12 | 18 73 49 1d 71 a9 a5 a5 b5 9d 6c 70 40 d2 60 2d | a3 e0 8b 74 68 67 7b 6c 4e fc 21 33 0b fb fe f4 | fa cf ed 47 7d d0 15 12 30 5f 11 d6 e1 08 63 90 | 21 66 24 5d c0 f5 b8 b6 fb a1 e9 b4 6b 1f 83 95 | 95 9c 11 03 e9 1e 92 5c 3f e3 73 cd ab 0f 89 9c | 19 a7 4c 80 6f ba fa 13 f0 3f 5f 19 72 26 0c 82 | cb 5c cd 12 c8 4e f2 0f 6d 83 d9 fc e5 eb 17 10 | 4b 21 77 6b 8a 8b 13 8c 40 98 8e 9b 44 34 60 51 | 24 57 79 c4 1c f6 50 5a 64 cf df 4a c9 0c e7 ff | e7 ff af 5e e4 20 ab 7d 6a 69 08 b3 c9 58 90 4d | 22 b5 62 2b ee d2 ed eb 30 2a 48 e4 1a 7e 88 00 | 12 3c 04 77 5a a6 b7 72 02 75 cc ca d7 52 53 d8 | 1c 1c 84 08 dc c7 c9 58 fd 72 d9 89 23 0d a7 68 | ee 30 54 b8 a2 0f e0 18 3b bf 67 f6 d3 2c 4b c9 | 8a 63 12 8c 28 38 50 ae c1 ee 7d 07 14 e6 0c b2 | 16 5c da b8 94 5b 57 ba a6 ea 7c 7c 59 3c c7 56 | 40 1b e3 f7 2b 2d 83 5c ec f6 5a a1 7d 34 a0 d7 | 3b 1f c8 1b 62 93 4f 1f 84 b8 e6 36 b4 0b e5 13 | b4 17 9b 5d b9 4e 29 7a 06 41 9f e8 08 f5 1b 96 | 5c f5 ab e6 e2 50 e5 c6 b3 a3 06 ba fb 12 b2 4d | f5 37 67 14 ed 22 9f f5 3c 9b f7 f9 07 13 34 d2 | 30 34 f4 8f ae 72 cc 97 a7 8b df 20 a5 d9 f6 79 | 1b f1 00 29 66 01 c5 64 c1 e7 c5 c5 d6 ce 51 30 | 8d 78 68 1f cc 1b 2f a6 b9 05 1c e2 12 47 66 13 | b3 b0 22 32 90 30 49 3e c2 46 b4 e5 71 22 92 75 | 80 58 b5 98 44 ac 57 e4 38 06 e3 3a 3f 46 1c de | e7 ac ad a1 54 5e 2b fd 3d b9 55 22 fd 9c 94 83 | 72 93 be cf 44 c6 a1 72 16 e1 75 53 9d fe 55 a1 | 2f 77 75 fa e6 2e c8 67 69 c6 91 8b d4 7f 33 d3 | c7 cd 6d 53 81 a2 22 ff e4 e1 38 33 d9 5b 4a 4b | 52 2e 80 c7 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0769 milliseconds in comm_handle_cb() reading and processing packet | spent 0.001 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 ff fe af 10 53 88 8c 79 bd ef 3b 76 | 42 1e 45 4a 63 1b 94 33 dd 83 f7 f4 90 bc d0 dc | 85 8d fd b2 b6 e8 2a ab d0 ca c2 35 0c 3c 26 1c | 7b 34 6f bd 30 9d 65 0e 4e 77 9f f4 d0 01 49 59 | 94 7e f9 34 26 15 7c 75 23 0d 59 d7 3d 9e 0b 29 | 13 3b 76 02 29 36 5f af da d7 fd 01 aa ee 64 65 | 96 b2 6d 01 2c c7 5e ae 0f 5d a6 0c d5 95 5b 5f | a9 b5 a2 31 2b da 40 82 54 0e b1 69 be b2 a0 f1 | 4e aa 48 ef 45 59 e4 b9 48 5a d6 f4 e1 ce 8a 42 | d5 54 16 30 af 14 aa 1b 6d 37 03 03 df 18 ff 34 | a5 2c 4a 30 90 17 e0 2e 93 fc 5a 88 aa bd f3 dc | ff 1c eb 6f 75 bd 84 8e e6 66 6c e2 02 b4 b0 f8 | ac 5a 2e 38 69 61 fb b8 ba 08 b5 df fc cc 1c df | 07 be 45 b0 5f 5f 1a 18 f7 91 59 66 de 04 4b e5 | 6b 67 24 35 36 12 08 b2 f5 a0 d7 fa d3 7b 6e 94 | d6 bc 30 34 96 81 87 f9 5e f3 c6 bb 5b 17 63 19 | 6c 57 c5 5e ea 71 b4 d9 aa 05 bb 64 3b 87 58 cd | 4d d8 7f ba 85 af 27 c1 15 8c ef e2 42 5a 3d 0f | 8d 5e b9 32 fd 0a 91 fa c0 6e 5f 89 35 ad 58 d6 | d7 bc 8e 77 5c cd 7c 70 9c 35 63 4f 6f 95 10 70 | b5 7b 93 5d 23 ca 9e 64 e1 d7 03 9b a7 31 a3 6f | 64 8f 6a 31 c4 c9 b0 9d 7a ec ec c0 3f 1f 50 74 | 7d 70 f9 33 32 9f 77 1e bf 02 12 32 06 da 55 ab | 6d 6d d9 72 9b d6 1a 8d b9 a4 a6 97 e4 0a 23 65 | 21 71 09 7d bf 0c bb 74 b5 a1 9d 28 28 2c 4c 1e | 64 a3 0f 04 8f 7c d9 77 ab ba 40 a2 5d 47 b6 7d | 0c b0 da 11 7f 53 62 f4 e0 04 1b db fe 04 3b af | 78 fe ed 7a 84 52 4e 99 9f 60 af 96 92 ec 75 65 | 7e 13 94 f8 1d 7c 3b e5 c3 b6 69 07 65 07 b7 8b | b3 a2 c1 d7 83 76 b6 51 d4 6b 0a c3 70 11 b5 13 | 30 2b 96 86 d9 78 04 fb 9f 85 24 dc 25 c5 4f 39 | a2 1d ed f5 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0748 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000965 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 38 05 94 ad 0d 21 02 95 76 b9 09 b4 | 4d 4c bb 9d c2 c8 5b a1 0f dc e5 f4 cb 7c 6f 55 | 63 9c 57 9a ed 5c 3e bc 64 12 19 95 c1 80 2a 93 | 27 a3 25 ec b8 30 2b c4 73 b3 71 09 52 ed f3 a9 | 7b f5 d1 cf b7 94 34 20 b6 ba 17 fa 72 19 51 5b | 80 66 3c 36 f7 d7 73 45 27 dc 22 4b 4c db 76 c9 | 23 e4 3f 11 2f 73 ce 4a 29 03 c5 7b fa 54 e8 11 | 3f fc 43 22 97 ad 58 5d 9f 58 e4 49 74 30 e8 52 | 26 68 4c 73 1a c6 e0 34 2c cd 71 30 bc 8d 1f 81 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[2] 192.1.3.209 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00402 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.297 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0433 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[2] 192.1.3.209 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[2] 192.1.3.209 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.397 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[2] 192.1.3.209 #2: X509: Certificate rejected for this connection "x509"[2] 192.1.3.209 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle "x509"[2] 192.1.3.209 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d e1 3d a5 cd 9d 9b df | responder cookie: | a1 72 22 d8 bb 17 44 f0 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1892833912 (0x70d25a78) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 60 63 81 c3 a5 82 46 b7 c7 42 8d 26 76 cf 9c 18 | 2c f3 fd 37 a2 88 26 57 19 3a d3 82 90 47 cd f3 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | 3d e1 3d a5 cd 9d 9b df a1 72 22 d8 bb 17 44 f0 | 08 10 05 01 70 d2 5a 78 00 00 00 4c f4 59 37 a4 | 5c ab 1c 5f d8 01 45 06 20 83 44 f8 a9 19 73 fd | 8e 41 36 e6 2d 9f ea 5b d1 77 20 f1 c2 cd 93 33 | 86 09 9e d2 68 58 ff a0 ef eb 35 72 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.03 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x5628c7fd6700 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x5628c7fd6340 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x5628c7fd61c0 @east.testing.libreswan.org cnt 1-- | unreference key: 0x5628c7fd5bd0 east@testing.libreswan.org cnt 1-- | unreference key: 0x5628c7fd5770 192.1.2.23 cnt 1-- | start processing: connection "x509"[2] 192.1.3.209 (in delete_connection() at connections.c:189) "x509"[2] 192.1.3.209: deleting connection "x509"[2] 192.1.3.209 instance with peer 192.1.3.209 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "x509"[2] 192.1.3.209 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.isakmp deleted other | [RE]START processing: state #2 connection "x509"[2] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "x509"[2] 192.1.3.209 #2: deleting state (STATE_MAIN_R2) aged 1.353s and NOT sending notification | parent state #2: MAIN_R2(open IKE SA) => delete | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x5628c7fd4230 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5628c7ff4690 | State DB: IKEv1 state not found (flush_incomplete_children) | stop processing: connection "x509"[2] 192.1.3.209 (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection x509 | State DB: deleting IKEv1 state #2 in MAIN_R2 | parent state #2: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.3.209:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5628c7ff8ff0 | flush revival: connection 'x509' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "x509" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5628c7fb11a0 | flush revival: connection 'x509' wasn't on the list | stop processing: connection "x509" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x5628c7fcf550 | free_event_entry: release EVENT_NULL-pe@0x5628c7fb89c0 | libevent_free: release ptr-libevent@0x5628c7fcf640 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf600 | libevent_free: release ptr-libevent@0x5628c7fcf730 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf6f0 | libevent_free: release ptr-libevent@0x5628c7fcf820 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf7e0 | libevent_free: release ptr-libevent@0x5628c7fcf910 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf8d0 | libevent_free: release ptr-libevent@0x5628c7fcfa00 | free_event_entry: release EVENT_NULL-pe@0x5628c7fcf9c0 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x5628c7fced30 | free_event_entry: release EVENT_NULL-pe@0x5628c7fb78c0 | libevent_free: release ptr-libevent@0x5628c7fc47b0 | free_event_entry: release EVENT_NULL-pe@0x5628c7fb7b00 | libevent_free: release ptr-libevent@0x5628c7fc4720 | free_event_entry: release EVENT_NULL-pe@0x5628c7fbd650 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x5628c7fcef10 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x5628c7fceff0 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x5628c7fcf0b0 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x5628c7fc3a20 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x5628c7fcf170 | libevent_free: release ptr-libevent@0x5628c7f6c240 | libevent_free: release ptr-libevent@0x5628c7fb2cb0 | libevent_free: release ptr-libevent@0x5628c7fe71b0 | libevent_free: release ptr-libevent@0x5628c7fb2cd0 | libevent_free: release ptr-libevent@0x5628c7fcedc0 | libevent_free: release ptr-libevent@0x5628c7fcefb0 | libevent_free: release ptr-libevent@0x5628c7fb2e70 | libevent_free: release ptr-libevent@0x5628c7fbd5b0 | libevent_free: release ptr-libevent@0x5628c7fbd590 | libevent_free: release ptr-libevent@0x5628c7fcfa90 | libevent_free: release ptr-libevent@0x5628c7fcf9a0 | libevent_free: release ptr-libevent@0x5628c7fcf8b0 | libevent_free: release ptr-libevent@0x5628c7fcf7c0 | libevent_free: release ptr-libevent@0x5628c7fcf6d0 | libevent_free: release ptr-libevent@0x5628c7fcf5e0 | libevent_free: release ptr-libevent@0x5628c7fb2d60 | libevent_free: release ptr-libevent@0x5628c7fcf090 | libevent_free: release ptr-libevent@0x5628c7fcefd0 | libevent_free: release ptr-libevent@0x5628c7fceef0 | libevent_free: release ptr-libevent@0x5628c7fcf150 | libevent_free: release ptr-libevent@0x5628c7fcede0 | libevent_free: release ptr-libevent@0x5628c7fb2cf0 | libevent_free: release ptr-libevent@0x5628c7fb2d20 | libevent_free: release ptr-libevent@0x5628c7fb2a10 | releasing global libevent data | libevent_free: release ptr-libevent@0x5628c7fb1250 | libevent_free: release ptr-libevent@0x5628c7fb1280 | libevent_free: release ptr-libevent@0x5628c7fb29e0