FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11731 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55a6f7a33320 size 40 | libevent_malloc: new ptr-libevent@0x55a6f7a33350 size 40 | libevent_malloc: new ptr-libevent@0x55a6f7a34ab0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55a6f7a34a70 size 56 | libevent_malloc: new ptr-libevent@0x55a6f7a34ae0 size 664 | libevent_malloc: new ptr-libevent@0x55a6f7a34d80 size 24 | libevent_malloc: new ptr-libevent@0x55a6f79ee310 size 384 | libevent_malloc: new ptr-libevent@0x55a6f7a34da0 size 16 | libevent_malloc: new ptr-libevent@0x55a6f7a34dc0 size 40 | libevent_malloc: new ptr-libevent@0x55a6f7a34df0 size 48 | libevent_realloc: new ptr-libevent@0x55a6f7a34e30 size 256 | libevent_malloc: new ptr-libevent@0x55a6f7a34f40 size 16 | libevent_free: release ptr-libevent@0x55a6f7a34a70 | libevent initialized | libevent_realloc: new ptr-libevent@0x55a6f7a34f60 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | starting up helper thread 2 | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | PARENT_I3: category: established IKE SA flags: 0: | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 0 | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55a6f7a3f750 | libevent_malloc: new ptr-libevent@0x55a6f7a467a0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a3f6b0 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55a6f7a39c00 | libevent_malloc: new ptr-libevent@0x55a6f7a46830 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a3f690 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | starting up helper thread 6 | outgoing-port-permit set 32768-60999 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 0) 22 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 0 waiting (nothing to do) | crypto helper 4 waiting (nothing to do) | starting up helper thread 1 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 1) 22 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 1 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | Setting up events, loop start | crypto helper 6 waiting (nothing to do) | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55a6f7a399c0 | libevent_malloc: new ptr-libevent@0x55a6f7a50db0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a50e40 size 16 | libevent_realloc: new ptr-libevent@0x55a6f7a50e60 size 256 | libevent_malloc: new ptr-libevent@0x55a6f7a50f70 size 8 | libevent_realloc: new ptr-libevent@0x55a6f7a45b20 size 144 | libevent_malloc: new ptr-libevent@0x55a6f7a50f90 size 152 | libevent_malloc: new ptr-libevent@0x55a6f7a51030 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55a6f7a51050 size 8 | libevent_malloc: new ptr-libevent@0x55a6f7a51070 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55a6f7a51110 size 8 | libevent_malloc: new ptr-libevent@0x55a6f7a51130 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55a6f7a511d0 size 8 | libevent_realloc: release ptr-libevent@0x55a6f7a45b20 | libevent_realloc: new ptr-libevent@0x55a6f7a511f0 size 256 | libevent_malloc: new ptr-libevent@0x55a6f7a45b20 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:11802) using fork+execve | forked child 11802 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55a6f7a3aac0 | libevent_malloc: new ptr-libevent@0x55a6f7a515d0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51660 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51680 | libevent_malloc: new ptr-libevent@0x55a6f7a516c0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51750 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51770 | libevent_malloc: new ptr-libevent@0x55a6f7a517b0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51840 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51860 | libevent_malloc: new ptr-libevent@0x55a6f7a518a0 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51930 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51950 | libevent_malloc: new ptr-libevent@0x55a6f7a51990 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51a20 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51a40 | libevent_malloc: new ptr-libevent@0x55a6f7a51a80 size 128 | libevent_malloc: new ptr-libevent@0x55a6f7a51b10 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.656 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x55a6f7a515d0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a3aac0 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a3aac0 | libevent_malloc: new ptr-libevent@0x55a6f7a515d0 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55a6f7a516c0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51680 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51680 | libevent_malloc: new ptr-libevent@0x55a6f7a516c0 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55a6f7a517b0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51770 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51770 | libevent_malloc: new ptr-libevent@0x55a6f7a517b0 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55a6f7a518a0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51860 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51860 | libevent_malloc: new ptr-libevent@0x55a6f7a518a0 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x55a6f7a51990 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51950 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51950 | libevent_malloc: new ptr-libevent@0x55a6f7a51990 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x55a6f7a51a80 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51a40 | add_fd_read_event_handler: new ethX-pe@0x55a6f7a51a40 | libevent_malloc: new ptr-libevent@0x55a6f7a51a80 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.354 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 11802 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0231 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection modecfg-road-east with policy ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | setting ID to ID_DER_ASN1_DN: 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'road' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a56280 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a56190 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a52820 | unreference key: 0x55a6f7a56fb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | warning: no secret key loaded for left certificate with nickname road: NSS: cert private key not found | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org is 0 | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a577b0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a56190 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a52820 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a52bf0 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a52ae0 | unreference key: 0x55a6f7a5b490 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | based upon policy, the connection is a template. | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none | new hp@0x55a6f7a57830 added connection description "modecfg-road-east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 0.0.0.0/0===<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+XS+S=C]...%any[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org,+MC+XC+S=C]===192.0.2.19/32 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.84 milliseconds in whack | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 244 bytes from 192.1.2.254:500 on eth1 (192.1.2.23:500) | 58 c3 42 63 35 b8 ec 66 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 00 f4 0d 00 00 54 | 00 00 00 01 00 00 00 01 00 00 00 48 00 01 00 02 | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 | start processing: from 192.1.2.254:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 244 (0xf4) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 84 (0x54) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.2.254:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 2 (0x2) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+XAUTH+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (modecfg-road-east) | find_next_host_connection returns modecfg-road-east | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "modecfg-road-east" for initial Main Mode message received on 192.1.2.23:500 | connect_to_host_pair: 192.1.2.23:500 192.1.2.254:500 -> hp@(nil): none | new hp@0x55a6f79ecbd0 | rw_instantiate() instantiated "modecfg-road-east"[1] for 192.1.2.254 | creating state object #1 at 0x55a6f7a5f130 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | ICOOKIE-DUMP: 58 c3 42 63 35 b8 ec 66 "modecfg-road-east"[1] #1: responding to Main Mode from unknown peer | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 2 (0x2) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 05 80 02 00 02 | attributes 80 03 fd ed 80 04 00 0e | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 40 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 52 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 152 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.2.254:500 (from 192.1.2.23:500) | sending 152 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.2.254:500 (using #1) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 01 10 02 00 00 00 00 00 00 00 00 98 0d 00 00 34 | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 | 00 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 00 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x55a6f7a56130 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 "modecfg-road-east"[1] #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.2.254:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.737 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 372 bytes from 192.1.2.254:500 on eth1 (192.1.2.23:500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 04 10 02 00 00 00 00 00 00 00 01 74 0a 00 01 04 | 31 68 d8 c4 22 9f ee 20 85 a7 f5 6e 63 33 dd a4 | 4c 0c 10 38 9f 70 1c 4c 52 1c e9 51 44 62 17 30 | 61 d3 fc 29 0c 9b 48 59 86 64 e0 15 6f d2 fe e4 | db 3b 15 28 d0 2a c8 f3 b7 ad 83 7c 1f 3c 95 7e | 57 6a 75 56 a4 99 4d 35 67 4f d9 fc 90 04 fe 9f | 73 62 8d aa 81 b7 9d 0c 83 b4 cc 8a 86 3f cb 55 | e0 46 39 f8 84 63 f5 e4 12 f7 3f 67 82 36 2d 63 | 41 ae 86 e4 f4 9c df 23 81 59 3e 4e 41 2a 54 9e | 81 04 c6 41 81 69 c5 42 23 dd d0 26 ab 35 dd 32 | 2c 62 e4 7d 38 ae ff 58 25 c8 1f e1 4d 24 c5 bf | dc b1 e9 8b 35 78 be 97 1a 3b 9c 78 9c 76 4f e8 | 46 47 f3 44 38 f7 78 67 ec 82 01 1c 0e bf 3b 9d | 56 9f 86 90 b5 4b 9f 61 e1 02 e3 b6 03 c9 45 bf | d5 31 f5 95 b5 88 31 72 27 8b 63 22 29 fa d7 43 | f5 43 dc da ed f5 7b 8d 2d 3c 47 d8 5b c1 6e 39 | 7e b2 df 43 d8 34 e0 65 fe 34 8c bc 0c a1 a2 55 | 14 00 00 24 5f 25 16 b8 65 c5 c0 70 73 06 81 f8 | 7b a0 8c 26 84 6e 3d 4f 9a b0 3a 2b 7b 28 20 28 | 15 99 15 89 14 00 00 18 c0 58 08 16 a3 ac f7 a1 | 80 d4 15 e1 46 1a 26 1f 60 0f ef 1f 00 00 00 18 | 17 94 ea 06 01 20 b3 47 92 c6 0a 8d 10 e5 45 fa | c8 e9 5c 04 | start processing: from 192.1.2.254:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 372 (0x174) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 24 (0x18) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 24 (0x18) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55a6f78137a0(20) | natd_hash: icookie= 58 c3 42 63 35 b8 ec 66 | natd_hash: rcookie= 2b 0f c0 d2 e5 70 a7 b4 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 46 1a 26 1f | natd_hash: hash= 60 0f ef 1f | natd_hash: hasher=0x55a6f78137a0(20) | natd_hash: icookie= 58 c3 42 63 35 b8 ec 66 | natd_hash: rcookie= 2b 0f c0 d2 e5 70 a7 b4 | natd_hash: ip= c0 01 02 fe | natd_hash: port= 01 f4 | natd_hash: hash= 7e 1d 4b bd 1d ae 98 f0 89 e5 ca 61 8f bd 0c b4 | natd_hash: hash= f2 02 b0 9d | expected NAT-D(me): c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 46 1a 26 1f | expected NAT-D(me): 60 0f ef 1f | expected NAT-D(him): | 7e 1d 4b bd 1d ae 98 f0 89 e5 ca 61 8f bd 0c b4 | f2 02 b0 9d | received NAT-D: c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 46 1a 26 1f | received NAT-D: 60 0f ef 1f | received NAT-D: 17 94 ea 06 01 20 b3 47 92 c6 0a 8d 10 e5 45 fa | received NAT-D: c8 e9 5c 04 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is behind NAT 192.1.2.254 | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.254 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: peer behind NAT | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55a6f7a56130 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a56130 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 2 resuming | #1 spent 0.0847 milliseconds in process_packet_tail() | crypto helper 2 starting work-order 1 for state #1 | stop processing: from 192.1.2.254:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 2 doing build KE and nonce (inI2_outR2 KE); request ID 1 | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.19 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000878 seconds | (#1) spent 0.884 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 2 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7fba54006900 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 1 | calling continuation function 0x55a6f773d630 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 67 cc 26 ad 65 b1 d3 0e 78 15 6d b2 2f 36 d5 89 | keyex value 8a b0 1f ae ee a4 9d 53 1c 04 03 52 a9 9c 54 3f | keyex value c5 b2 d2 50 a2 82 02 8c c8 66 9a d3 48 3d 1f 59 | keyex value fe 66 56 11 3a 00 68 44 fb f5 af 94 49 08 24 66 | keyex value 7a 64 d6 30 ca 1e f6 fa 8b 0d 28 59 7f ca 73 30 | keyex value 58 b2 5f ca 10 bc 18 25 90 94 e2 1f cf 04 68 6e | keyex value 63 90 31 10 47 b1 ad 35 d9 9b e3 96 65 f1 10 73 | keyex value af 82 81 8d 44 88 20 e3 8b 17 4e 41 50 e9 59 55 | keyex value 81 fd a4 bf 82 98 44 40 2e 43 05 a5 5a 37 98 0b | keyex value 01 04 da 62 96 7e 88 92 04 63 ce e4 49 0e 58 ab | keyex value ff d5 21 ec a7 44 03 c1 02 8b f6 cc e0 c8 13 97 | keyex value a8 dd 17 12 36 d7 bf 66 ca ed 9c 3b 1c ec 2e d5 | keyex value dd 58 04 ba b7 59 8b f9 c6 e0 47 1d ea 76 20 d9 | keyex value 36 4c f9 f0 ae 02 df 1e b6 6d 29 6d 56 cf 0a 0c | keyex value fb f2 b0 af 7b 49 d7 f5 97 41 94 71 27 67 d4 e7 | keyex value 3c 21 6f 8e fa 3a 8c 36 a1 b9 1e 36 ef c4 48 06 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 53 12 ea 3a 7d c4 e3 f6 0b 05 82 84 29 0b 15 46 | Nr 7b b1 75 a9 6a c1 28 8b 2f a6 52 f1 8b e1 73 9f | emitting length of ISAKMP Nonce Payload: 36 | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | ***emit ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_NONE (0x0) | cert type: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Certificate RequestPayload: 180 | sending NAT-D payloads | natd_hash: hasher=0x55a6f78137a0(20) | natd_hash: icookie= 58 c3 42 63 35 b8 ec 66 | natd_hash: rcookie= 2b 0f c0 d2 e5 70 a7 b4 | natd_hash: ip= c0 01 02 fe | natd_hash: port= 01 f4 | natd_hash: hash= 7e 1d 4b bd 1d ae 98 f0 89 e5 ca 61 8f bd 0c b4 | natd_hash: hash= f2 02 b0 9d | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 7e 1d 4b bd 1d ae 98 f0 89 e5 ca 61 8f bd 0c b4 | NAT-D f2 02 b0 9d | emitting length of ISAKMP NAT-D Payload: 24 | natd_hash: hasher=0x55a6f78137a0(20) | natd_hash: icookie= 58 c3 42 63 35 b8 ec 66 | natd_hash: rcookie= 2b 0f c0 d2 e5 70 a7 b4 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 46 1a 26 1f | natd_hash: hash= 60 0f ef 1f | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 46 1a 26 1f | NAT-D 60 0f ef 1f | emitting length of ISAKMP NAT-D Payload: 24 | no IKEv1 message padding required | emitting length of ISAKMP Message: 552 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a56130 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a56130 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | #1 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in complete_v1_state_transition() at ikev1.c:2649) | crypto helper 3 resuming | crypto helper 3 starting work-order 2 for state #1 | #1 is idle; has background offloaded task | crypto helper 3 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a56130 | sending reply packet to 192.1.2.254:500 (from 192.1.2.23:500) | sending 552 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.2.254:500 (using #1) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 04 10 02 00 00 00 00 00 00 00 02 28 0a 00 01 04 | 67 cc 26 ad 65 b1 d3 0e 78 15 6d b2 2f 36 d5 89 | 8a b0 1f ae ee a4 9d 53 1c 04 03 52 a9 9c 54 3f | c5 b2 d2 50 a2 82 02 8c c8 66 9a d3 48 3d 1f 59 | fe 66 56 11 3a 00 68 44 fb f5 af 94 49 08 24 66 | 7a 64 d6 30 ca 1e f6 fa 8b 0d 28 59 7f ca 73 30 | 58 b2 5f ca 10 bc 18 25 90 94 e2 1f cf 04 68 6e | 63 90 31 10 47 b1 ad 35 d9 9b e3 96 65 f1 10 73 | af 82 81 8d 44 88 20 e3 8b 17 4e 41 50 e9 59 55 | 81 fd a4 bf 82 98 44 40 2e 43 05 a5 5a 37 98 0b | 01 04 da 62 96 7e 88 92 04 63 ce e4 49 0e 58 ab | ff d5 21 ec a7 44 03 c1 02 8b f6 cc e0 c8 13 97 | a8 dd 17 12 36 d7 bf 66 ca ed 9c 3b 1c ec 2e d5 | dd 58 04 ba b7 59 8b f9 c6 e0 47 1d ea 76 20 d9 | 36 4c f9 f0 ae 02 df 1e b6 6d 29 6d 56 cf 0a 0c | fb f2 b0 af 7b 49 d7 f5 97 41 94 71 27 67 d4 e7 | 3c 21 6f 8e fa 3a 8c 36 a1 b9 1e 36 ef c4 48 06 | 07 00 00 24 53 12 ea 3a 7d c4 e3 f6 0b 05 82 84 | 29 0b 15 46 7b b1 75 a9 6a c1 28 8b 2f a6 52 f1 | 8b e1 73 9f 14 00 00 b4 04 30 81 ac 31 0b 30 09 | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 | 73 77 61 6e 2e 6f 72 67 14 00 00 18 7e 1d 4b bd | 1d ae 98 f0 89 e5 ca 61 8f bd 0c b4 f2 02 b0 9d | 00 00 00 18 c0 58 08 16 a3 ac f7 a1 80 d4 15 e1 | 46 1a 26 1f 60 0f ef 1f | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55a6f7a56130 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50015.408339 "modecfg-road-east"[1] #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.445 milliseconds in resume sending helper answer | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fba54006900 | crypto helper 3 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.001298 seconds | (#1) spent 1.24 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 3 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7fba4c00b7e0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 2 | calling continuation function 0x55a6f773d630 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0133 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fba4c00b7e0 | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 2020 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 05 10 02 01 00 00 00 00 00 00 07 e4 01 c0 bd 3e | 99 7d e1 bc da ca bd 5f f1 b7 0e 05 56 45 46 7e | a7 40 b5 ae d5 de 29 a1 78 83 5b 6c e6 c9 31 c2 | 04 38 6f ea 60 5e df 57 0c 24 13 a8 d6 4d 04 2d | 93 4c e9 0f d8 21 01 a6 48 83 0b 79 a7 4c ef 8f | 98 8a 58 16 68 43 3c 3e 8d 78 97 c3 0a cc 8a e2 | 8c 3f c9 34 71 90 d6 2a f1 41 39 ad 2f 80 5d 1c | d0 a1 ef 0a 51 3e a8 1b 82 97 24 36 fb 38 34 ac | 5c b6 be 32 10 50 49 78 1a 8e 79 2b 15 aa ec 7a | 47 45 ba 99 73 0f b6 e9 5d f7 9d 61 10 f0 75 5e | a8 5b 84 b7 6b 66 c9 ef 35 26 37 5f 4a 24 9d ba | 1d de 3e 1d ea 54 78 9d 63 56 1b 26 45 ac 0d 84 | 4b 70 18 61 56 4b c5 5e 6f 05 3e 83 c5 44 b2 27 | 0c 4e 9f e5 66 d8 c4 4c 92 1a 65 14 ff fe 63 c2 | 26 af 6d 15 f5 70 1b 4b 4e 9c 8d aa b1 95 7a 75 | 3b bb d4 c4 81 92 36 3e c5 6c 81 57 34 a1 b5 01 | fd 6b b4 15 f0 90 01 08 f2 b1 3c 07 d0 cc 87 cc | 7f 07 3d 9a b6 56 0c ad e0 75 14 f7 c5 62 8a 2c | 53 de 1b 2e d2 b7 6a ee 2c 2c 9f e9 aa 9e b4 de | ec 9d 42 47 07 70 63 7a 62 88 2c d9 07 ff a4 a6 | e6 b5 9a eb 86 75 a8 05 32 c4 98 e4 cb 79 64 72 | 08 ea 5c 7b 51 dc 35 dd 31 d5 b6 c4 b0 d8 a1 8b | a3 db 20 31 b8 36 e7 4b ac 60 9e 43 96 51 f2 46 | 4b e4 3d 63 de 2f 0e 89 57 7e 4a 36 ee 81 1e ab | 9a 9e 3e 7a e3 e8 6f 7d 85 39 eb 65 86 61 98 a7 | b0 1d a6 25 b8 a2 bb cc 27 c2 65 29 39 21 d9 64 | 08 2e 03 c1 a6 13 a6 b7 a7 76 46 00 bd 50 50 95 | 5e b3 4d 88 7f a6 51 39 94 72 79 1e cd 88 55 e5 | 06 ac 46 19 91 af 56 ad b2 eb 5f ea 7a 05 f7 de | 9b f7 d6 cd 72 95 1c 8e 47 ed 4d 77 bb 3a 05 a1 | 72 82 f1 f6 dc e4 20 31 d7 c4 77 ae 37 17 36 82 | a8 e6 02 2c 2a 56 ca 9d 2b 48 67 57 eb 24 c2 45 | 1d 9a 55 76 e6 a8 58 e8 9b 53 e8 17 b0 7e d2 d3 | 93 8a a8 52 76 8d fd b7 a3 b6 68 46 f2 c8 e3 0d | 70 3f e6 b1 df 0d c5 5e aa 03 f6 14 3d 3a 51 6b | f2 8f 2b 80 29 ed 0a a9 0e ea 83 10 f7 fd 1d 66 | 13 09 3d 49 45 af b3 e7 4a 9d d6 d8 6e 66 ee 93 | 16 a0 2b d6 42 1b ac b1 e4 0f 58 ef b0 98 2d db | 17 db 5d 59 e1 30 49 a2 b2 74 5f aa fa 4c 51 41 | ba fa 56 6c bb ec 91 b5 ad f2 ab 6f e5 e9 8c 64 | 6c 2e f0 5c 8b 07 41 29 77 77 2e 2b 9e 1a 13 08 | 68 d3 60 7d a3 d1 e1 66 b0 8d c0 b0 e9 03 4e 37 | 39 64 49 b0 b0 4a c5 35 2d e3 a3 2f 8e 23 5c ea | c8 84 fd 39 54 fc c9 bd b8 08 dc 81 ba 56 9a 53 | a0 61 91 00 74 e9 bd 38 db a3 d2 3a ce 92 83 c9 | 99 99 1a 15 4c b7 86 6c c7 13 76 a0 73 6a 75 05 | 0c 38 bb b3 4f 55 0d 45 37 64 b6 ae b1 a4 47 0c | 69 97 44 a6 2c 02 0a 87 5b 71 c5 09 df c4 87 30 | 4e a5 39 70 03 d6 ba 63 ed 5b 7c ae 7c 93 d3 d4 | 88 52 69 58 6c a2 05 8b 75 69 71 49 01 24 41 ea | cf 13 ab 3b f5 fc 8a 0b c4 d6 70 e5 4e d1 aa 0a | 9e 1c e0 b8 2b 90 54 d2 3e 6c 8e e9 6b 23 da 94 | 03 4c 8c 68 fb d8 ff 8f 32 88 c1 42 59 21 e4 80 | be 83 8c 8b 2c da db f1 42 a9 9b 32 49 95 3e 13 | 37 0b 82 b5 93 5c f9 14 d8 75 b8 4f 86 57 3f b8 | 25 c2 94 c6 ee 27 03 08 b4 8e 8e 77 aa 67 a8 4c | e7 79 09 50 51 dd 50 8c fb 79 e3 85 90 70 a4 f8 | 68 f9 5a a2 01 24 97 29 d7 b2 35 f0 fa 3b 32 3e | 88 b9 6c e5 88 66 7d 46 7c 77 72 71 a2 8c 64 80 | bf ae fa 1f 88 0a 9b c8 e1 13 84 c9 f1 20 e1 52 | e8 7b a5 66 e4 cd 0a 21 05 c3 8a 2c 23 11 cd ed | 40 81 52 a8 03 08 41 20 b4 7e b0 71 b2 4d a0 fd | 0c 89 60 8f 47 ad 5d 8c 35 59 ea f4 28 ea ef ad | a6 2e 7f 31 a7 ee e2 1e f2 ab 82 df 49 16 a3 ec | 19 2d ed 80 23 b4 d9 3a d7 e1 c6 82 21 e5 84 a3 | a4 0b d7 28 3f 26 81 38 ed 5f 48 2e 3a 21 82 10 | a7 ea e5 64 98 91 c2 96 98 ca b5 14 51 e6 42 31 | e1 fe e6 e5 19 25 13 46 90 da 14 47 61 ff 13 c3 | 09 fc f6 17 a9 9a 11 3a c0 f1 19 4a b4 10 bd b4 | 4d 7e b3 51 2a ec 5b a7 2c 9a b9 ac a8 5c 35 2b | 78 b4 f3 53 43 f9 af ba 4f 52 61 47 19 a8 1b de | a1 be b8 ad 4b d5 62 42 32 ea ff 01 11 41 e5 c7 | bc a2 14 04 b0 d6 21 66 9c 20 c9 a8 f0 37 a0 73 | fe 1a 14 4d 2f 40 fd cc 7d 38 e0 32 c5 42 c9 bd | 28 8b 51 18 bb fe ba 31 fa cf 92 76 12 cf d3 0e | 6d dc ae fa a6 84 92 7c ee a1 d8 39 3a 97 0c 18 | 51 c3 f9 e1 be ff 71 b2 60 da 1e 4c a5 6d 53 c9 | e7 2c 10 a0 d2 73 33 9e 0e a6 ee 68 c7 26 93 87 | 87 45 e8 be 7d 1d a5 eb 78 46 c5 6c 64 77 55 a0 | 9d 6c f4 f0 95 5c 21 7e 9e 4d 47 0a 7c 58 fe a3 | 57 71 8d 69 df 89 c1 44 7c 1a b7 84 98 4f 1d 29 | a1 77 71 3c d4 38 30 ec 82 33 08 bf 56 e2 d9 63 | fa d8 6c ea 10 6e 62 18 50 16 41 bf b2 e6 11 79 | fc ef c1 00 f4 e6 2c 9b 32 a4 f1 84 ac 17 ca fa | cc 9f c4 52 35 b9 3b 7e d3 c7 c3 a7 75 af 69 96 | b5 4b 44 70 39 3f 1b 05 ee c1 61 43 30 9a e1 aa | e7 07 41 fe 99 8e ec aa 9c 2e 6f 31 8a cd ff 74 | e2 3b d1 c2 6f 53 3d d2 32 e0 7c 94 60 14 40 6c | 52 fe 46 4e b4 04 eb c1 f3 df f4 05 70 29 cf 4b | 2f cd f3 1e 9b d6 2a a1 50 f4 5d a2 b1 2a e2 79 | 49 44 8b fd 82 7e ae 8f 8a 69 32 6b 29 7e fe b1 | 6c 28 77 6e cb 94 33 30 8f ae 0b 34 92 4c 02 e1 | 69 28 2e 71 af 39 63 b0 23 7b ef 8c 80 04 4d ad | a2 c5 81 4d c0 b0 5e e7 64 d6 27 3b 0c fc fe 33 | e1 4b 8a fc 9a 79 05 ca e2 46 cb 83 f5 b6 69 8f | 07 68 8b 8d 2f 2f 49 1c b8 89 3e 0e 92 4f 60 16 | ef 48 dc a7 3f 74 38 9d 52 b6 7c 8c 44 ff 05 33 | af 67 07 81 61 0a 4f 5e 40 7d 7f 37 d6 91 2d 7c | c3 7e 61 cd 21 c7 b9 25 0c 8d 9e 48 75 0c bd 76 | f4 ac 45 fe e5 a0 91 18 0e ed ed e4 c7 31 59 4b | 12 78 40 a6 9e 1a 12 c3 a9 76 e7 6f 50 da 88 75 | f8 fd ae 2c 9d 61 24 8f d4 d0 95 26 9a 42 1d 93 | e1 73 51 36 bb 41 5c 78 e1 68 65 f1 7a 3f e7 58 | a7 b1 d4 7a fe f8 7e e3 c7 c9 65 0b 2c 19 6c 12 | 91 61 20 5a 45 6e 59 32 9e f4 64 de e7 bf 94 d4 | 35 33 95 d6 91 2f 34 04 ff f0 1e c7 75 e6 7f 71 | 9e bc d4 f3 1c dc fc d2 c3 3a 21 87 70 8e 81 10 | 10 d4 59 8e e9 f7 6f 7a 97 55 fa 96 0e c5 be 35 | a8 32 cd 8f 5b 17 07 18 c3 fc 8c 8b ef 4f 6e 4b | 14 fb 81 1f cd 7a ff c8 1a b2 5a 9d c8 89 b3 82 | b4 f9 21 3a 05 05 cc 67 3b b7 2f 9a 10 c9 e7 3a | 56 a1 de 9f bc d4 f6 e2 f5 4d fb 65 ca 62 57 98 | d5 ca 66 9b 08 69 26 12 95 b6 ef 29 ff d3 89 49 | 8f 48 f3 2d 5e 59 ee d1 55 e9 0d 7a 89 b0 65 bf | 48 55 1a 2a f2 ca 37 ae 39 67 6f ec c7 c3 79 90 | 41 a7 be 10 f4 a0 ac dc 98 35 c6 9e e1 9b ac 7e | 7c 37 f6 b8 49 02 50 8c 1b 08 dd c9 4a 00 ab ec | e2 83 54 24 9d 8b bc 0d cb bd 56 34 c2 28 7d c0 | 87 33 75 75 7b f2 1e db 7b 53 15 3f 98 17 43 91 | 4c 23 31 94 f6 23 4d 9d 66 83 3b 9b b3 37 98 4d | 98 0b 95 c5 9b af fb a6 1b 41 c0 fa 54 ae ce 5a | 80 c4 96 a3 89 94 28 5c a5 b6 55 6e 91 75 23 22 | 79 c7 20 82 f2 68 ef a8 ab 78 fe c5 8a 6f 34 eb | a9 52 f2 e9 ca 17 f6 84 65 33 0d 66 53 59 af 2f | c6 f4 98 af b0 91 aa a2 52 24 cf 5f 9b 64 62 9b | 6d f1 b8 0e | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2020 (0x7e4) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 | obj: 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 | obj: 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1229 (0x4cd) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 4 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 | DER ASN1 DN: 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 | DER ASN1 DN: 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "modecfg-road-east"[1] #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.99 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0201 milliseconds in get_root_certs() filtering CAs | #1 spent 3.03 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0383 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0346 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec | certificate is valid (profile IPsec) | #1 spent 0.0839 milliseconds in find_and_verify_certs() calling verify_end_cert() "modecfg-road-east"[1] #1: certificate verified OK: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a56190 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a5c360 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a6f7a52820 | unreference key: 0x55a6f7a68fb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | #1 spent 0.191 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() | #1 spent 3.41 milliseconds in decode_certs() | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | ID_DER_ASN1_DN 'E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | SAN ID matched, updating that.cert | X509: CERT and ID matches current connection | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection for IKEv1: starting with "modecfg-road-east"[1] | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection: happy with starting point: "modecfg-road-east"[1] | The remote did not specify an IDr and our current connection is good enough | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | an RSA Sig check passed with *AwEAAaqjE [remote certificates] | #1 spent 0.163 milliseconds in try_all_keys() trying a pubkey "modecfg-road-east"[1] #1: Authenticated using RSA | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so send cert. | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_CERT (0x6) | ID type: ID_DER_ASN1_DN (0x9) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 "modecfg-road-east"[1] #1: I am sending my cert | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 | emitting length of ISAKMP Certificate Payload: 1265 | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload | SIG_R 40 08 fc 5f 2d 11 15 69 38 80 bc 08 22 04 f5 ef | SIG_R 15 62 96 6d 4b 05 60 f3 79 4b 60 89 8f ac 6e 8d | SIG_R b7 f3 ae 8c 63 c9 65 18 13 a9 5b dc ec 7d 1b 80 | SIG_R 20 f6 08 51 74 d5 ca e0 14 b3 30 05 ad 87 d8 99 | SIG_R 1f 63 fe a9 66 77 a1 84 a8 ab 20 8b 6f e0 c2 84 | SIG_R 75 08 52 e5 51 13 5f e7 14 dd 7c 9d a2 a0 07 95 | SIG_R cc b1 bf 24 01 99 7e 68 4b 26 82 1c 6a 5d ae 41 | SIG_R 22 93 25 15 1f d0 8a ff 2a 7f dd cb 6d 22 9b 0d | SIG_R ea 56 7e 27 f1 39 35 5c 17 82 75 f4 1b 49 80 ff | SIG_R 67 27 30 a2 2a b7 f3 59 32 f7 a7 55 4d de 5e 85 | SIG_R 44 1e 5c 5b d9 e9 be 67 47 61 09 55 ca 0a d8 d7 | SIG_R 95 bf 4d 1e d0 6a 4a 5e c5 c2 bb 1f d5 f7 4e 34 | SIG_R d4 57 3e 02 b3 9b 41 c5 5d 15 c9 43 5c 81 c7 b1 | SIG_R aa 2d 4b c7 fe 60 73 13 2d eb d3 47 f8 5a 60 cd | SIG_R 51 68 cf 46 05 3d 7c a4 7c c8 be 78 68 2c 69 dc | SIG_R 45 4b 6f dc 43 9c 58 e2 20 94 79 96 ef 75 b4 36 | SIG_R 8b 16 85 c2 5b f4 c2 1b d3 3f 1d 04 f4 69 6d 98 | SIG_R a5 3a 19 ed e5 e5 63 dc 38 b9 88 d0 ff 0a 2e 76 | SIG_R db 25 e4 01 eb a4 da 2a a1 2d 4d 62 05 14 9a 9a | SIG_R aa ad d5 e9 90 c0 17 ba c9 fb d4 cf 50 8b 58 b2 | SIG_R 80 6e e3 03 fb da f6 ce 34 18 60 d1 1e f2 1d f9 | SIG_R ce 82 6d a1 d9 9e f7 47 fc ea 73 21 c9 4c 4d b5 | SIG_R d8 70 26 de db 33 42 83 fd 5a 5b 37 8f 36 94 01 | SIG_R 7b 43 a6 01 d9 8b fd b6 e1 ab 39 0d 71 64 74 77 | emitting length of ISAKMP Signature Payload: 388 | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 1876 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a6f7a56130 | state #1 NAT-T: new mapping 192.1.2.254:4500 | new NAT mapping for #1, was 192.1.2.254:500, now 192.1.2.254:4500 | State DB: IKEv1 state not found (nat_traversal_new_mapping) | NAT-T: #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:4500 (using md->iface in nat_traversal_change_port_lookup()) | sending reply packet to 192.1.2.254:4500 (from 192.1.2.23:4500) | sending 1880 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 05 10 02 01 00 00 00 00 00 00 07 54 | d4 4a 81 66 f1 0a be 07 a2 13 ff 66 3e d7 bf 1c | 26 f2 cf 5d 46 bb 35 38 f7 26 f8 00 2f 46 17 62 | 28 34 3b 4a 41 b8 43 2f 85 2b 75 7c 1e e8 e2 95 | d7 ac a3 78 94 39 e8 31 b8 e7 64 16 df 7f a3 bf | 73 0c 55 a9 2c dd 19 b5 05 af 9d 9e 1d b2 a7 79 | ff 70 4c e4 0f 4a 4e 06 ad b8 86 cd 9b 2b 6b 32 | d7 66 cb 73 71 cb e6 05 e9 23 00 b0 07 c2 fb 77 | d9 9f ee cb 9b 8a b8 19 28 1f 46 9e 25 85 9c 57 | 97 c8 09 4a a5 da 23 77 47 d3 27 3f 79 75 7a e3 | 9a 51 c6 6f a5 c3 2c b8 3e f1 e8 5f 75 8b f2 07 | eb 03 8c 6b af 0d 4e cb 0a cb 8e 16 82 cd 6a 08 | f2 e3 57 6d af 98 b6 5a eb 18 ae 59 29 63 9d f0 | 1d df 6c 74 bc 80 75 d9 25 69 11 62 76 d0 4a 8c | 35 bb fb 41 6c 84 ba a4 6f a5 3c 6a 05 76 9a 27 | 05 9e 37 07 86 2c b5 1e b5 11 37 0e 61 34 8e a8 | a0 53 01 f0 0e ff 35 d8 04 94 54 7b d2 17 5d 69 | 0b 5c b6 b0 34 40 67 e7 35 96 a2 25 35 a3 1c 4d | 8b 79 2c 9b 08 71 41 a7 82 22 8e 05 9c ea bf 3b | 26 a0 95 fc a8 00 60 5c 20 93 42 3e 2d 02 57 fa | 89 df d6 aa ae cd 58 c4 25 76 30 f6 cd fb fd 51 | 59 9b 8c 8e ff 08 72 af fd 53 a7 e3 9d 49 a3 7d | b7 b8 98 c4 25 b3 01 26 90 4e 63 a4 2f 25 94 71 | 94 13 dd c3 61 95 e7 53 0d c4 f2 8a 75 bb 70 d3 | 8b ee f6 6f 45 ca 10 72 c3 9b ea a8 d5 f6 4b dc | 2b b4 ef 6d ed 7b 8e 3a 1f 92 63 f2 69 41 df 7d | ec 30 bd 9a c5 0e 24 10 16 02 ca 2e e3 2b 16 fb | 39 5b e9 73 01 a5 31 2a 2a 81 62 9c f9 26 43 7e | 6d c7 e6 54 90 1b ec 53 26 90 d6 d5 b6 ef 51 00 | 2a d4 bc 24 38 e0 70 1c c1 76 62 6f dd d2 e5 5e | 96 33 93 65 ef 05 9f 13 3e 4e d6 6b e3 bc e0 cd | 77 b9 4a 41 b3 26 1d 5c e5 c4 50 6b 80 b2 f8 19 | 07 fb 66 3b 1e e3 3f c7 1b 2e 96 eb cf 81 d9 48 | cb 64 d4 b5 45 09 03 30 fc 62 17 3a 1f c8 96 40 | 15 6d cb a1 3d 3d 99 47 f8 79 4a 93 82 f5 f0 8a | a3 70 54 cf b3 ac 92 d9 64 30 3c 5c c8 37 7c 48 | 27 98 99 f5 3b 65 05 0a 55 66 b7 fa 92 84 a9 c5 | e4 c7 1b bb ed 53 c0 71 09 c0 88 73 04 b6 bb ca | ac 8e 3b fd 8c 65 3f 04 25 7b 01 01 7c 60 17 8b | 23 b8 ff da e5 f4 f3 06 cc e9 ee 84 20 c8 2e 13 | e4 89 db 67 bc 7f 42 93 42 40 76 0b 54 c8 ba 61 | 54 dd e8 2a e6 8d ae 91 82 c3 df 1b 94 49 61 12 | 27 7a b8 52 b1 79 e1 1b 68 72 2b 13 fc ac 47 93 | 3e 9b e5 a5 80 80 07 39 5e 8d f7 08 5b c9 5d 5f | c2 78 98 58 ca a6 93 75 70 e1 3c 76 be d0 00 14 | de 16 80 ba 0e fd 0a f0 d7 4e 32 ac 4b 96 fb 9f | bc b7 9f 7a 24 8b 79 c8 2c 2a 1a a5 42 22 35 13 | 2f 0a b0 8e dd 70 63 43 84 fc 86 cf a6 b0 42 11 | 6a d1 1a a4 c6 95 e8 14 d4 ef 68 38 ed 0b ee 7d | ff 5c f5 a8 ad 73 fe b0 cf 25 90 0c ba a7 e9 7b | 46 d8 3d 80 24 80 2b 28 d7 40 07 d8 c6 65 31 14 | 38 6c 11 35 a9 83 5a ed e8 cd a2 da a6 14 02 b9 | ef c3 6e 27 1c 73 29 1b 70 bd d2 3a 8a 7d 4e 7c | e9 14 da d6 bf 1e 96 4e 56 c1 1d c8 19 f3 aa 0e | 0e 01 d7 83 94 77 4d 57 cb 4a 8d 0e 07 7a 54 2a | 19 8d 66 8b ba 13 d7 86 35 fc 4a da 13 52 df fd | e0 b5 8e 62 4b e9 e1 b8 01 98 ba 45 db 6b 59 57 | 94 c3 7d 1a 54 5f cc 1d 04 24 98 d4 5b 03 d5 0c | a0 65 5d 81 67 59 60 19 ff f0 01 a7 bd 9c 24 35 | 70 72 43 59 6b 5d bd 42 ad 83 d9 c4 7b e0 16 bd | d3 9b 71 e9 11 45 a1 c5 b6 05 99 97 63 7a bb 2e | 17 c9 10 c6 dd 61 cc 3b 69 1d 9e 9c 74 e5 ca 6a | 37 fe 07 86 d6 d4 e8 25 33 57 76 a7 5a 77 ac 3f | 57 3f 82 c6 13 7f c9 e0 07 bf 4b 65 22 f7 20 54 | 5f 44 b0 54 99 c1 75 e5 d4 cf ea be 1e cb fc 4a | c7 58 6b 99 7e 5d 4e cc 39 08 a3 c7 3d d7 98 bd | 60 03 02 c7 35 83 90 cb ba 2d b6 32 87 2f 01 e5 | 76 9d 27 60 cd 38 2d 1b c3 32 85 f4 ef 2d 62 a5 | b8 6a 3c 5a 0c 7d e5 e8 a6 30 8d 1d 5b 2d d6 40 | af 91 49 32 cc 8f d9 d4 40 eb 1c 03 50 9c e0 52 | 95 c1 66 b9 77 b9 94 a9 02 ba 69 9d 46 19 c6 21 | cc e4 9e 4c 14 d1 8a 42 ce db 06 40 4e 78 7f a2 | e7 39 7c ca fd c7 d5 c7 19 7b e1 f7 8d 42 b8 50 | 60 90 90 41 66 7d 7d 31 f4 af 5a a8 b7 95 2e 28 | fc af 6f b8 83 e2 14 e8 b3 53 cb 0d 37 d0 38 0c | 1c 81 99 2a 01 27 59 66 08 fc b7 31 f9 d2 29 13 | ba 08 ed 1b 97 f3 1f c2 f8 24 80 ed e5 43 6e c1 | 73 26 75 41 2e 1b 71 44 56 d2 e9 83 7d 8e 77 6b | 77 3b b4 4d ed 2a 21 80 bf 66 2e 3f 06 cd ef 01 | 9b 76 9a 10 07 03 54 12 ed af 8f 60 f8 fe 0c 66 | 02 4e f8 b9 23 7d 2c f4 c8 43 e9 11 77 68 b5 91 | 24 53 5a b5 0f 75 76 99 38 2b 35 b1 d0 0b b0 c3 | 6a 58 55 73 bf dc a6 67 0b 6c 03 e7 c5 a8 c5 95 | 6f 27 68 6f 3c 0c 22 1d 06 92 55 60 3e e5 91 13 | f1 3a 31 da 9d 0c ee f3 2b b5 71 98 09 61 cd 1e | 31 b5 0e 4e b2 3b aa 29 8b 62 65 53 00 37 2f aa | 8f a9 72 00 d5 a2 fc 7e eb 4b 59 30 ad 74 cb 05 | 55 78 f9 66 7f 25 f0 89 ea 9e 84 6b 8d f5 c5 90 | a9 ee c6 83 55 7f 70 c6 6a db 40 db 4a 11 fd 5e | ae a7 16 96 fd c1 41 94 7a e4 13 e9 09 2f 21 71 | f9 36 6e b6 d6 14 a5 5c 44 4b 48 0d 0d a0 99 12 | 11 d7 2e 17 17 8e 6f 02 59 71 8e 4f 0d 6b a9 79 | d1 49 8e a2 ad 34 86 6e f1 cc 3b b9 11 c3 4b c0 | 7e d1 20 2f 41 95 ee a4 39 d0 86 1c e6 3d f7 5a | 47 6b 9d af 82 74 8a 43 c4 1b c1 84 cf 46 89 d8 | d7 98 1f fe fa 8f 3c f8 62 13 18 5d 4f a3 4b a4 | 3b d7 6d df bc bf 76 be c3 43 a6 6d fd 2c 04 1e | a2 be 23 46 9c 06 9f 74 8a 2f b6 c3 fb ed 51 ae | 14 a5 4f e1 39 ef 5d 65 cf d8 cc de 5c 14 95 c9 | df 8b 86 78 d6 7b a2 6f 25 7d 3d c0 ed b2 d6 e5 | 57 21 57 9d a6 d5 0a 07 09 c2 de 62 26 f2 ba 6e | a3 d6 98 fb 32 e1 2a e5 55 1c f9 c8 0a 83 d7 5e | 8b 1c 03 55 a5 b7 1a 1a 25 ce ac ea 48 9f 9f 32 | ac c0 ac b5 97 ef 41 a1 29 93 d8 33 8b f1 09 ea | 40 35 c3 2e 7c 05 46 b7 e6 c2 78 52 c5 1f a5 ea | 8f 07 de 2b e6 5b 3f 0d 6a 03 25 91 c0 fe d5 be | 00 24 a5 6e 77 62 f3 1e 16 67 8b 91 d2 1b 80 d3 | 5f 8c bd 4e 61 00 4d 29 5d ee e2 9a b6 7a 8c 14 | 5f 45 dd 3b 53 e5 98 38 cd 61 31 26 2f a7 76 af | 78 c2 13 fe a1 91 81 ff 17 e1 7c 52 74 6c c2 b6 | 96 16 29 b8 23 0a 33 98 fb 60 de 26 ac 48 1f d9 | 5d 95 42 3c be 95 10 e7 fd 57 94 12 c1 92 b3 47 | d7 4a 53 14 26 a9 47 33 b2 e5 d3 d1 65 28 b6 fd | e0 b3 c0 e4 f5 53 56 22 4a 91 ca 51 03 b4 74 88 | ab c8 b8 1f 28 13 57 90 be db f4 8f cf bd 56 a8 | f9 c2 74 9e f4 b7 f9 e0 4a a3 13 b4 61 86 c9 38 | ba fa f5 3f 7b 0d 43 cd | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | pstats #1 ikev1.isakmp established "modecfg-road-east"[1] #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH: Sending XAUTH Login/Password Request | event_schedule: new EVENT_v1_SEND_XAUTH-pe@0x55a6f7a5c390 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #1 | libevent_malloc: new ptr-libevent@0x7fba4c00b7e0 size 128 | libevent_realloc: release ptr-libevent@0x55a6f7a34f60 | libevent_realloc: new ptr-libevent@0x55a6f7a63e50 size 128 | #1 spent 7.67 milliseconds | #1 spent 11.4 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 11.9 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55a6f7a5c390 | handling event EVENT_v1_SEND_XAUTH for parent state #1 | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in timer_event_cb() at timer.c:250) | XAUTH: event EVENT_v1_SEND_XAUTH #1 STATE_MAIN_R3 "modecfg-road-east"[1] #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0) | parent state #1: MAIN_R3(established IKE SA) => XAUTH_R0(established IKE SA) | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3027329473 (0xb47161c1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 16 | XAUTH: send request HASH(1): | 7a 29 e9 77 13 bf 01 55 97 1e 5c 07 33 6e 48 33 | 2b 3f 6a 02 | no IKEv1 message padding required | emitting length of ISAKMP Message: 68 | no IKEv1 message padding required | emitting length of ISAKMP Message: 68 | sending 72 bytes for XAUTH: req through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 06 01 b4 71 61 c1 00 00 00 44 | 02 c8 26 76 e1 3f 9a 94 48 c8 c3 e7 36 4f 32 ba | 4f d3 ff 14 b8 62 48 6a 7c 03 5f f4 12 7e 59 33 | b0 37 2c 47 1b 39 22 cd | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | event_schedule: new EVENT_RETRANSMIT-pe@0x55a6f7a5c5a0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | #1 STATE_XAUTH_R0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50015.510849 | libevent_free: release ptr-libevent@0x7fba4c00b7e0 | free_event_entry: release EVENT_v1_SEND_XAUTH-pe@0x55a6f7a5c390 | #1 spent 0.208 milliseconds in timer_event_cb() EVENT_v1_SEND_XAUTH | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in timer_event_cb() at timer.c:557) | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 84 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 08 10 06 01 b4 71 61 c1 00 00 00 54 49 37 fa 8c | 6c ba 91 5c d2 a6 dd e9 be 2b 1e 3d 88 f9 ea 5c | a6 64 15 65 a3 2e ce 84 61 ef 89 45 4f 93 ef 42 | 51 92 76 a8 df d9 4e 53 23 c6 b0 d1 19 4c c3 fb | a4 3c bf 59 | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3027329473 (0xb47161c1) | length: 84 (0x54) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=b47161c1 st_msgid=00000000 st_msgid_phase15=b47161c1 | p15 state object #1 found, in STATE_XAUTH_R0 | State DB: found IKEv1 state #1 in XAUTH_R0 (find_v1_info_state) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_v1_packet() at ikev1.c:1778) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 24 (0x18) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 28 (0x1c) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | removing 4 bytes of padding | xauth_inR0 HASH(1): | 1c da 48 db 5b 0c 19 6d f0 e7 39 3d a6 40 80 e5 | f1 a2 a9 3b | received 'xauth_inR0' message HASH(1) data ok | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 4 (0x4) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 8 (0x8) | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_XAUTH_R0: retransmits: cleared | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a6f7a5c5a0 "modecfg-road-east"[1] #1: XAUTH: authentication method 'always ok' requested to authenticate user 'use3' | scheduling resume xauth immediate for #1 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.0426 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.188 milliseconds in comm_handle_cb() reading and processing packet | processing resume xauth immediate for #1 | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:797) "modecfg-road-east"[1] #1: XAUTH: User use3: Authentication Successful | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 494697312 (0x1d7c7b60) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: status HASH(1): | b1 41 46 5c d2 d2 84 76 77 5b dd b7 5e ab 01 0f | c8 02 47 bb | no IKEv1 message padding required | emitting length of ISAKMP Message: 64 | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 68 | event_schedule: new EVENT_RETRANSMIT-pe@0x55a6f7a5c5a0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x7fba4c00b7e0 size 128 | #1 STATE_XAUTH_R0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50015.511731 | sending 72 bytes for XAUTH: status through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 06 01 1d 7c 7b 60 00 00 00 44 | ce fb 06 9e e0 be aa 5b 67 54 37 27 d6 1a d1 22 | 01 90 0b 51 d2 e1 4a 6d e9 e6 e4 c1 7c fd 44 6c | 75 a2 cb 66 87 37 d3 28 | parent state #1: XAUTH_R0(established IKE SA) => XAUTH_R1(established IKE SA) | resume xauth immediate for #1 suppresed complete_v1_state_transition() | #1 spent 0.154 milliseconds in resume xauth immediate | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x55a6f7a561f0 | spent 0.002 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 08 10 06 01 1d 7c 7b 60 00 00 00 44 f7 a6 22 df | 4e d3 d7 6d 8c e4 d4 bd 50 b0 25 b1 33 1f f7 70 | d3 bb aa 6f 65 02 ee 8e 8a fd 81 7c c5 f8 b1 51 | ec 2d f3 c7 | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 494697312 (0x1d7c7b60) | length: 68 (0x44) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=1d7c7b60 st_msgid=00000000 st_msgid_phase15=1d7c7b60 | p15 state object #1 found, in STATE_XAUTH_R1 | State DB: found IKEv1 state #1 in XAUTH_R1 (find_v1_info_state) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_v1_packet() at ikev1.c:1778) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 24 (0x18) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | removing 4 bytes of padding | xauth_inR1 HASH(1): | e7 d0 b4 27 fe 8e e2 95 84 47 31 1f ca 62 40 94 | 78 9a c0 3e | received 'xauth_inR1' message HASH(1) data ok "modecfg-road-east"[1] #1: XAUTH: xauth_inR1(STF_OK) | modecfg server, pull mode. Starting new exchange. | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3 | parent state #1: XAUTH_R1(established IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x7fba4c00b7e0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a6f7a5c5a0 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x7fba4c00b7e0 size 128 | pstats #1 ikev1.isakmp established "modecfg-road-east"[1] #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #1 spent 0.0614 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.209 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00137 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 84 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 08 10 06 01 d7 9b fc e0 00 00 00 54 5f 5e ff 33 | 7c 1f 9a 21 84 a2 6d c7 a9 09 e5 2d 47 b8 07 23 | 0b 68 ab 6d a5 a5 59 9f 1c 9f bb c9 98 ad 45 46 | ea 5d ca a4 3e 07 59 26 64 a3 d6 f0 93 95 18 bf | e9 86 8e e0 | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3617324256 (0xd79bfce0) | length: 84 (0x54) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=d79bfce0 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_R3 | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthserver modecfgserver | call init_phase2_iv | set from_state to STATE_MAIN_R3 this is modecfgserver and IS_PHASE1() is TRUE | #1 is idle | #1 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 24 (0x18) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | modecfg_inR0 HASH(1): | 84 86 4f c4 15 8e f0 b4 f4 ee 3c 49 37 43 36 45 | b9 ea 70 68 | received 'modecfg_inR0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3617324256 (0xd79bfce0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in modecfg_inR0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_BANNER (0x7000) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_BANNER received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_DOMAIN (0x7002) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_DOMAIN received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute CISCO_SPLIT_INC received. | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | emitting 4 raw bytes of IP_addr into ISAKMP ModeCfg attribute | IP_addr c0 00 02 13 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | emitting 4 raw bytes of IP4_submsk into ISAKMP ModeCfg attribute | IP4_submsk 00 00 00 00 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 01 02 03 04 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 05 06 07 08 | emitting length of ISAKMP ModeCfg attribute: 4 | We are not sending a domain | We are not sending a banner | We are 0.0.0.0/0 so not sending CISCO_SPLIT_INC | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 40 | XAUTH: mode config response HASH(1): | 58 60 54 c4 fc 9a d5 1e 4f 5a aa 2c 47 b6 ec a9 | 47 2c 94 3b | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 "modecfg-road-east"[1] #1: modecfg_inR0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1 | parent state #1: MAIN_R3(established IKE SA) => MODE_CFG_R1(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7fba4c00b7e0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | sending reply packet to 192.1.2.254:4500 (from 192.1.2.23:4500) | sending 96 bytes for STATE_MODE_CFG_R0 through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 06 01 d7 9b fc e0 00 00 00 5c | 10 6d 49 eb d1 c0 61 86 95 1f ba 34 7b b3 9f 4e | 48 e6 e3 18 dd 17 8f 15 ba 40 70 51 89 83 21 26 | 56 c9 86 01 6a 49 46 28 72 65 eb 93 6e 86 25 40 | cb 38 50 2e a4 fe cf 2d d0 2a ea 01 ba 92 17 27 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x7fba4c00b7e0 size 128 | pstats #1 ikev1.isakmp established "modecfg-road-east"[1] #1: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack {auth=RSA_SIG cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #1 spent 0.246 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.381 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 08 10 20 01 85 ac 06 91 00 00 01 cc 7c b6 85 7a | 4c d8 ac 25 3b a9 32 86 5f 9b 12 e5 8c aa a4 98 | ea 18 07 68 44 d9 ed 73 ec eb 2f 1b 04 d1 9c 16 | d2 26 f6 14 0d 2b c0 4e bb 4b 90 57 63 ec e4 4a | e4 11 a5 9b e7 05 c7 3c 3f ee ef 3e b6 ed dd 90 | b3 3d c5 ef 52 7d 3c bb 6b a5 e4 a0 cc 59 25 f2 | f7 4a 47 53 2a 36 2d d3 f2 11 c2 0c 23 19 8b 98 | dd 99 4b fc c8 6d 8a eb 09 5b f9 00 35 bb cb 9a | 5e eb c9 bb 32 44 fb 86 8e 82 33 67 58 d8 c9 c0 | 1f 5d 71 89 6a ca ce a1 f0 93 e2 f5 42 d1 79 e6 | 25 86 64 1f c1 d6 b4 22 38 73 8d 91 71 7d ce ce | 9c 8b 87 42 28 74 86 4c b2 42 80 0b e2 13 7c ea | 72 04 a8 e2 95 2b b0 42 ee 5e dc 55 1e ae ee 05 | 09 b2 d0 83 da b0 15 15 77 bb 96 60 70 b8 67 e1 | 80 6b 68 3b be 6c 68 18 a0 02 d0 a4 31 b0 23 6c | 0b 19 d0 a3 3b ca d7 9c 32 7c bb 5f e5 cc bf 53 | 81 37 bf d3 95 d2 f5 a7 33 b9 20 35 a5 f8 c8 b2 | d8 c3 e5 f3 04 2b b5 3a 31 d8 1f 46 ce 31 ec d3 | 7f 8d d6 c5 6c 52 ed 5b 71 17 a1 35 09 91 13 26 | 88 0c 6e 73 fc dd ab 11 46 e8 73 b4 6b e4 4d b8 | d4 0a c2 37 aa 30 8c 36 25 25 31 79 09 e3 d5 89 | 74 20 8a 8a ba c7 3d 00 62 66 a6 83 8d 11 6b d8 | 46 db 07 17 51 8d ee a9 e4 fc 91 69 6d f6 1b 1a | 57 4f 74 45 8b bd b0 c8 95 3d d3 3c 15 da d6 d9 | 7a d3 6b 51 f1 a0 8d fc dd e4 f6 cb f3 72 cf ce | df 74 59 47 28 03 6a 5d e2 04 4c da 12 8e d9 b5 | 31 29 26 bb f5 92 b7 da 07 ae bb 79 c6 8f 37 dc | 65 db c3 10 bf 3b bd eb 53 20 1c e9 | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2242643601 (0x85ac0691) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MODE_CFG_R1 (find_state_ikev1) | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_v1_packet() at ikev1.c:1583) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 24 (0x18) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 84 (0x54) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 12 (0xc) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 13 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: 00 00 00 00 00 00 00 00 | quick_inI1_outR1 HASH(1): | 80 65 79 13 93 f3 70 94 a0 aa 81 3e d4 3d 5b 95 | 82 5e d4 59 | received 'quick_inI1_outR1' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 13 | peer client is 192.0.2.19/32 | peer client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address 00 00 00 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask 00 00 00 00 | our client is subnet 0.0.0.0/0 | our client protocol/port is 0/0 "modecfg-road-east"[1] #1: the peer proposed: 0.0.0.0/0:0/0 -> 192.0.2.19/32:0/0 | find_client_connection starting with modecfg-road-east | looking for 0.0.0.0/0:0:0/0 -> 192.0.2.19/32:0:0/0 | concrete checking against sr#0 0.0.0.0/0:0 -> 192.0.2.19/32:0 | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | results matched | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | fc_try trying modecfg-road-east:0.0.0.0/0:0:0/0 -> 192.0.2.19/32:0:0/0 vs modecfg-road-east:0.0.0.0/0:0:0/0 -> 192.0.2.19/32:0:0/0 | fc_try concluding with modecfg-road-east [129] | fc_try modecfg-road-east gives modecfg-road-east | concluding with d = modecfg-road-east | client wildcard: no port wildcard: no virtual: no | NAT-Traversal: received 0 NAT-OA. | creating state object #2 at 0x55a6f7a5fbf0 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.ipsec started | duplicating state object #1 "modecfg-road-east"[1] as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:4500 from #1.st_localport (in duplicate_state() at state.c:1481) | suspend processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) | start processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 88 30 7d 9e | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 3 (0x3) | [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC] | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+peer behind NAT | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | adding quick_outI1 KE work-order 3 for state #2 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a5c390 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #1 spent 0.234 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.483 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 3 for state #2 | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 3 | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000883 seconds | (#2) spent 0.885 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) | crypto helper 0 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7fba50006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 3 | calling continuation function 0x55a6f773d630 | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outR1 DH work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a5c390 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a5c390 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | suspending state #2 and saving MD | #2 is busy; has a suspended MD | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD | crypto helper 4 resuming | #2 spent 0.0868 milliseconds in resume sending helper answer | crypto helper 4 starting work-order 4 for state #2 | stop processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fba50006900 | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 time elapsed 0.000722 seconds | (#2) spent 0.718 milliseconds in crypto helper computing work-order 4: quick outR1 DH (pcr) | crypto helper 4 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7fba44003590 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 4 | calling continuation function 0x55a6f773d630 | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2242643601 (0x85ac0691) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 88 30 7d 9e | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 3 (0x3) | [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC] | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+peer behind NAT | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x178c03ce for esp.0@192.1.2.23 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 17 8c 03 ce | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) | attributes 80 03 00 0e 80 04 00 03 80 01 00 01 80 02 70 80 | attributes 80 05 00 02 80 06 00 80 | emitting length of ISAKMP Transform Payload (ESP): 32 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 "modecfg-road-east"[1] #2: responding to Quick Mode proposal {msgid:85ac0691} "modecfg-road-east"[1] #2: us: 0.0.0.0/0===<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+XS+S=C] "modecfg-road-east"[1] #2: them: [C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org,+MC+XC+S=C]===192.0.2.19/32 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 7c 33 9c 71 b1 bf 89 e7 4a 04 a5 08 5c 55 76 c3 | Nr ad 7a 83 aa 10 b5 9a a1 99 6e ba 7b 4b 55 fa 1c | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 79 2f b1 c6 1e 9b 60 e9 42 e1 6b 15 ae 53 5e ed | keyex value 42 62 44 af b2 cd dd 0c 51 83 28 4e b3 34 00 af | keyex value e1 1d 92 68 15 97 77 f2 c6 7d fc 8d e0 f5 76 64 | keyex value 36 63 8c 81 bf f9 69 1d 93 71 c4 bc 2c e8 5b f8 | keyex value f7 4b de 71 3f 23 cb 7b d2 de 23 8c 1e 11 21 49 | keyex value 97 c6 35 2c ff 74 6d 3c 8e 0a 93 93 a4 68 54 98 | keyex value 25 62 ed 23 68 05 43 fb b1 92 8e ed ed b2 be ec | keyex value 88 2e 0a a3 a3 cf 27 7d fe 12 a8 f3 82 56 e9 08 | keyex value 1b 23 9f 56 e6 9b ce 94 72 f8 dd 96 6e 4a d5 4b | keyex value 13 ef 6c 8f 91 8b 9a 02 9d a2 53 69 fc 69 ea d5 | keyex value c4 49 ff 03 73 48 28 b8 ba c2 e3 0e 5f 2d 41 6e | keyex value 29 7e 0c fd 9b a6 16 03 25 44 30 8e 55 7d d4 91 | keyex value ea 1a 63 2b 81 2d d9 d9 d4 fb 3d 26 54 7e fb 44 | keyex value 82 84 9e ab 99 ab 1f 08 b0 f8 e2 4c 00 16 0b 28 | keyex value dc 83 78 c4 96 c9 57 11 1b e1 93 42 13 30 f2 e8 | keyex value bf 64 bb d7 33 c5 e5 dc a5 d6 86 75 93 6c fd c5 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body c0 00 02 13 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body 00 00 00 00 00 00 00 00 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | quick inR1 outI2 HASH(2): | 33 12 0b 90 f3 08 a1 04 f3 df 73 e4 44 13 80 06 | c8 64 07 de | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | FOR_EACH_CONNECTION_... in route_owner | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | route owner of "modecfg-road-east"[1] unrouted: NULL | install_inbound_ipsec_sa() checking if we can route | could_route called for modecfg-road-east (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | route owner of "modecfg-road-east"[1] unrouted: NULL; eroute owner: NULL | routing is easy, or has resolvable near-conflict | checking if this is a replacement state | st=0x55a6f7a5fbf0 ost=(nil) st->serialno=#2 ost->serialno=#0 | installing outgoing SA now as refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'modecfg-road-east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.88307d9e@192.1.2.254 included non-error error | outgoing SA has refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'modecfg-road-east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.178c03ce@192.1.2.23 included non-error error | priority calculation of connection "modecfg-road-east" is 0xfffdf | add inbound eroute 192.0.2.19/32:0 --0-> 0.0.0.0/0:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1048543 | raw_eroute result=success | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 436 | finished processing quick inI1 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a6f7a5c390 | sending reply packet to 192.1.2.254:4500 (from 192.1.2.23:4500) | sending 440 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #2) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 20 01 85 ac 06 91 00 00 01 b4 | 64 4c ad 9a 9f f5 8f 17 a4 27 2e 0e fc 86 10 6c | 5a 7c 48 2b 87 20 16 0f 07 9e a6 8c e7 40 a2 e5 | 34 36 d4 3e 35 ca fb 48 33 ac b7 ab 7c 8b 0f 89 | c5 4d d5 b5 07 9b 9f 1f a8 46 7b de 23 7c 0b 78 | e3 15 e0 55 10 a4 fa f7 ec bb 5b 45 bb 21 9d c1 | c0 1b e7 34 c8 d0 42 e6 1a 74 95 8f ef c6 e2 2c | 18 af 7d ef 00 4e ac a2 a5 46 6c 10 32 5a f4 11 | af 9c 99 eb 47 ac 89 80 e4 f4 fb 39 65 e7 c1 7e | da 2b ca 8b 80 44 46 20 1a 41 df a6 a5 a5 1e c9 | 1a e7 0b c5 0a 16 bf 9f 60 c4 e6 66 3d 10 7f 4e | 25 45 f0 a0 f2 2e 07 4c cd c6 ee 14 0c 5b 5a b9 | 5a c3 85 84 90 f4 cf 6a 02 1d f8 b0 36 02 ac 39 | ea 96 41 cb 8b a1 de 10 01 02 ab 47 9c fd 91 42 | 56 72 3a 64 3d 5b f1 54 1d 4d 96 11 ac 3d 39 ea | f3 17 60 64 3b 99 75 f4 e6 87 c1 a6 6d b1 cb de | 67 1d 4f ec 35 57 6b 6e bb 13 4b fd c5 39 a4 3c | 9f 55 48 eb bc 5f 38 d3 b8 53 64 b1 d9 92 60 56 | 08 9d d8 e0 b0 21 12 8b 2d 6d 93 4a 4a 09 0a 68 | 3e 8f 64 0d 1b 16 9a 4e e6 b3 dd 51 ca 05 3f 67 | 1e b1 d4 04 97 1d 09 15 77 31 bf 23 48 85 19 39 | 26 d9 da 4d fb 24 29 46 d9 2e 28 0f 07 10 f3 96 | 91 52 c8 7d af 12 97 11 18 4e cc 4b c0 e1 28 98 | 70 fa 5a 0c 11 b8 7e a8 04 a8 f1 2a 3e 95 ef d4 | e1 b9 e3 35 12 75 b8 4f 0a 78 98 00 b8 f0 7a 02 | 33 36 88 b1 50 ed 69 22 d5 7a 19 4b 7a dd 07 58 | 7a b9 60 1f 15 75 57 90 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55a6f7a5c390 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | #2 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50015.518833 | pstats #2 ikev1.ipsec established | NAT-T: NAT Traversal detected - their IKE port is '500' | NAT-T: encaps is 'auto' "modecfg-road-east"[1] #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x88307d9e <0x178c03ce xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=:4500 DPD=passive username=use3} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.978 milliseconds in resume sending helper answer | stop processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fba44003590 | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 52 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) | 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 e5 70 a7 b4 | 08 10 20 01 85 ac 06 91 00 00 00 34 ca 9a 21 23 | 66 2e 21 7b 1a 23 d1 51 3e 6f 34 8b 07 50 9a 60 | 77 bb 22 c4 | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2242643601 (0x85ac0691) | length: 52 (0x34) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) | start processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_v1_packet() at ikev1.c:1609) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.254:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 24 (0x18) | quick_inI2 HASH(3): | 85 9d b8 dc f0 9d 72 8c 40 0f d0 c0 98 5a 81 e4 | 47 b1 3c a4 | received 'quick_inI2' message HASH(3) data ok | install_ipsec_sa() for #2: outbound only | could_route called for modecfg-road-east (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | route owner of "modecfg-road-east"[1] unrouted: NULL; eroute owner: NULL | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | route owner of "modecfg-road-east"[1] unrouted: NULL; eroute owner: NULL | route_and_eroute with c: modecfg-road-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "modecfg-road-east" is 0xfffdf | eroute_connection add eroute 0.0.0.0/0:0 --0-> 192.0.2.19/32:0 => tun.0@192.1.2.254 (raw_eroute) | IPsec Sa SPD priority set to 1048543 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT | popen cmd is 1431 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' : | cmd( 80):PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_: | cmd( 160):MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.tes: | cmd( 240):ting.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/: | cmd( 320):0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0: | cmd( 400):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: | cmd( 480):92.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Dep: | cmd( 560):artment, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO: | cmd( 640):_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIEN: | cmd( 720):T_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_: | cmd( 800):CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan t: | cmd( 880):est CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME=': | cmd( 960):0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+S: | cmd(1040):AREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use3' PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd(1200):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd(1280):='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd(1360):VTI_SHARED='no' SPI_IN=0x88307d9e SPI_OUT=0x178c03ce ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS | popen cmd is 1436 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-e: | cmd( 80):ast' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' P: | cmd( 160):LUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas: | cmd( 240):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0: | cmd( 320):.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PO: | cmd( 400):RT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PE: | cmd( 480):ER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 560):t Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' : | cmd( 640):PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_: | cmd( 720):CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: | cmd( 800):PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libres: | cmd( 880):wan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDT: | cmd( 960):IME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_AL: | cmd(1040):LOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_: | cmd(1120):ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use3' PLUTO_IS_PEER_CISCO='0' P: | cmd(1200):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: | cmd(1280):ERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: | cmd(1360):'no' VTI_SHARED='no' SPI_IN=0x88307d9e SPI_OUT=0x178c03ce ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E | popen cmd is 1434 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-eas: | cmd( 80):t' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLU: | cmd( 160):TO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.: | cmd( 240):testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0: | cmd( 320):.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT: | cmd( 400):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER: | cmd( 480):='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 560):Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PL: | cmd( 640):UTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CL: | cmd( 720):IENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: | cmd( 800):ER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswa: | cmd( 880):n test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIM: | cmd( 960):E='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLO: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_AD: | cmd(1120):DRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use3' PLUTO_IS_PEER_CISCO='0' PLU: | cmd(1200):TO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SER: | cmd(1280):VER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n: | cmd(1360):o' VTI_SHARED='no' SPI_IN=0x88307d9e SPI_OUT=0x178c03ce ipsec _updown 2>&1: | route_and_eroute: instance "modecfg-road-east"[1] , setting eroute_owner {spd=0x55a6f7a5b820,sr=0x55a6f7a5b820} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.666 milliseconds in install_ipsec_sa() | inI2: instance modecfg-road-east[1], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_QUICK_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a6f7a5c390 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55a6f7a5c390 | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x55a6f7a561f0 size 128 | pstats #2 ikev1.ipsec established | NAT-T: NAT Traversal detected - their IKE port is '500' | NAT-T: encaps is 'auto' "modecfg-road-east"[1] #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x88307d9e <0x178c03ce xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=:4500 DPD=passive username=use3} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #2 spent 0.744 milliseconds in process_packet_tail() | stop processing: from 192.1.2.254:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.851 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00262 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00259 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.178c03ce@192.1.2.23 | get_sa_info esp.88307d9e@192.1.2.254 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.435 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x55a6f7a5d710 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a5d300 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a5cfe0 @east.testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a5cc00 east@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a5c7f0 192.1.2.23 cnt 1-- | unreference key: 0x55a6f7a576f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a57550 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a56b70 @road.testing.libreswan.org cnt 1-- | start processing: connection "modecfg-road-east"[1] (in delete_connection() at connections.c:189) "modecfg-road-east"[1] : deleting connection "modecfg-road-east"[1] instance with peer {isakmp=#1/ipsec=#2} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "modecfg-road-east"[1] (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.ipsec deleted completed | [RE]START processing: state #2 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in delete_state() at state.c:879) "modecfg-road-east"[1] #2: deleting state (STATE_QUICK_R2) aged 5.262s and sending notification | child state #2: QUICK_R2(established CHILD SA) => delete | get_sa_info esp.88307d9e@192.1.2.254 | get_sa_info esp.178c03ce@192.1.2.23 "modecfg-road-east"[1] #2: ESP traffic information: in=336B out=336B XAUTHuser=use3 | #2 send IKEv1 delete notification for STATE_QUICK_R2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2335356358 (0x8b32b5c6) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 17 8c 03 ce | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | c9 49 84 35 4c 06 c9 b7 52 d7 dd 9c 73 a0 81 50 | 7c 6f 82 9c | no IKEv1 message padding required | emitting length of ISAKMP Message: 68 | sending 72 bytes for delete notify through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 05 01 8b 32 b5 c6 00 00 00 44 | f4 75 e6 d6 a6 57 02 74 63 6f f2 e8 0b e8 b2 be | d1 89 75 a3 3d 40 2b fc 7f 86 a0 d7 c5 7c 85 38 | cc 9e 53 f8 90 1a 22 31 | state #2 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55a6f7a561f0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a6f7a5c390 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051369' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_A | popen cmd is 1326 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUT: | cmd( 160):O_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.t: | cmd( 240):esting.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.: | cmd( 320):0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT=: | cmd( 400):'0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER=: | cmd( 480):'192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test D: | cmd( 560):epartment, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLU: | cmd( 640):TO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLI: | cmd( 720):ENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEE: | cmd( 800):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051369' PLUTO_CONN_POLICY='RSASI: | cmd( 880):G+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: | cmd( 960):SN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: | cmd(1040):=0 PLUTO_USERNAME='use3' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: | cmd(1120):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0': | cmd(1200): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: | cmd(1280):88307d9e SPI_OUT=0x178c03ce ipsec _updown 2>&1: | shunt_eroute() called for connection 'modecfg-road-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0.0.0.0/0:0 --0->- 192.0.2.19/32:0 | netlink_shunt_eroute for proto 0, and source 0.0.0.0/0:0 dest 192.0.2.19/32:0 | priority calculation of connection "modecfg-road-east" is 0xfffdf | IPsec Sa SPD priority set to 1048543 | delete esp.88307d9e@192.1.2.254 | netlink response for Del SA esp.88307d9e@192.1.2.254 included non-error error | priority calculation of connection "modecfg-road-east" is 0xfffdf | delete inbound eroute 192.0.2.19/32:0 --0-> 0.0.0.0/0:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.178c03ce@192.1.2.23 | netlink response for Del SA esp.178c03ce@192.1.2.23 included non-error error | stop processing: connection "modecfg-road-east"[1] (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection modecfg-road-east | State DB: deleting IKEv1 state #2 in QUICK_R2 | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.254:4500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev1.isakmp deleted completed | [RE]START processing: state #1 connection "modecfg-road-east"[1] from 192.1.2.254:4500 (in delete_state() at state.c:879) "modecfg-road-east"[1] #1: deleting state (STATE_MODE_CFG_R1) aged 5.393s and sending notification | parent state #1: MODE_CFG_R1(established IKE SA) => delete | #1 send IKEv1 delete notification for STATE_MODE_CFG_R1 | **emit ISAKMP Message: | initiator cookie: | 58 c3 42 63 35 b8 ec 66 | responder cookie: | 2b 0f c0 d2 e5 70 a7 b4 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3361974953 (0xc863aaa9) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 24 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI 58 c3 42 63 35 b8 ec 66 | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 2b 0f c0 d2 e5 70 a7 b4 | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | d4 1d bf 49 bc b9 ae 0c 28 cd f4 6d db 2c 9f 40 | 83 19 a9 3b | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 84 | sending 88 bytes for delete notify through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) | 00 00 00 00 58 c3 42 63 35 b8 ec 66 2b 0f c0 d2 | e5 70 a7 b4 08 10 05 01 c8 63 aa a9 00 00 00 54 | 0b 8a 7b d2 12 01 0f 6c ed 4a 93 42 55 12 de ca | fc 47 15 5b 02 37 a4 ee 33 30 fc 4c 0f 6f 9b 87 | 24 5b 94 6f ef 72 88 26 d1 31 54 2b 3e e8 2b 8c | 1a 97 2a 47 d0 5f 5d c3 | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7fba4c00b7e0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a6f7a5c5a0 | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection modecfg-road-east | State DB: deleting IKEv1 state #1 in MODE_CFG_R1 | parent state #1: MODE_CFG_R1(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x55a6f7a70d10 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 2-- | stop processing: state #1 from 192.1.2.254:4500 (in delete_state() at state.c:1143) | unreference key: 0x55a6f7a70d10 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a5c6b0 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x55a6f7a63d90 @road.testing.libreswan.org cnt 1-- | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'modecfg-road-east' to 'delete' for rt_kind 'unrouted' using protoports 0.0.0.0/0:0 --0->- 192.0.2.19/32:0 | netlink_shunt_eroute for proto 0, and source 0.0.0.0/0:0 dest 192.0.2.19/32:0 | priority calculation of connection "modecfg-road-east" is 0xfffdf | priority calculation of connection "modecfg-road-east" is 0xfffdf | FOR_EACH_CONNECTION_... in route_owner | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | conn modecfg-road-east mark 0/00000000, 0/00000000 vs | conn modecfg-road-east mark 0/00000000, 0/00000000 | route owner of "modecfg-road-east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWA | popen cmd is 1285 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='modecfg-road-e: | cmd( 80):ast' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' P: | cmd( 160):LUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas: | cmd( 240):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0: | cmd( 320):.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PO: | cmd( 400):RT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_P: | cmd( 480):EER='192.1.2.254' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Te: | cmd( 560):st Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org': | cmd( 640): PLUTO_PEER_CLIENT='192.0.2.19/32' PLUTO_PEER_CLIENT_NET='192.0.2.19' PLUTO_PEER: | cmd( 720):_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: | cmd( 800):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC: | cmd( 880):RYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 960):' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: | cmd(1040):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: | cmd(1120):R_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: | cmd(1200):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: | cmd(1280): 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55a6f79ecbd0 | flush revival: connection 'modecfg-road-east' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "modecfg-road-east" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55a6f7a57830 | flush revival: connection 'modecfg-road-east' wasn't on the list | stop processing: connection "modecfg-road-east" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55a6f7a515d0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a3aac0 | libevent_free: release ptr-libevent@0x55a6f7a516c0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51680 | libevent_free: release ptr-libevent@0x55a6f7a517b0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51770 | libevent_free: release ptr-libevent@0x55a6f7a518a0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51860 | libevent_free: release ptr-libevent@0x55a6f7a51990 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51950 | libevent_free: release ptr-libevent@0x55a6f7a51a80 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a51a40 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55a6f7a50db0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a399c0 | libevent_free: release ptr-libevent@0x55a6f7a46830 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a39c00 | libevent_free: release ptr-libevent@0x55a6f7a467a0 | free_event_entry: release EVENT_NULL-pe@0x55a6f7a3f750 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55a6f7a50f90 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55a6f7a51070 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55a6f7a51130 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55a6f7a45b20 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55a6f7a511f0 | libevent_free: release ptr-libevent@0x55a6f79ee310 | libevent_free: release ptr-libevent@0x55a6f7a34d80 | libevent_free: release ptr-libevent@0x55a6f7a63e50 | libevent_free: release ptr-libevent@0x55a6f7a34da0 | libevent_free: release ptr-libevent@0x55a6f7a50e40 | libevent_free: release ptr-libevent@0x55a6f7a51030 | libevent_free: release ptr-libevent@0x55a6f7a34f40 | libevent_free: release ptr-libevent@0x55a6f7a3f6b0 | libevent_free: release ptr-libevent@0x55a6f7a3f690 | libevent_free: release ptr-libevent@0x55a6f7a51b10 | libevent_free: release ptr-libevent@0x55a6f7a51a20 | libevent_free: release ptr-libevent@0x55a6f7a51930 | libevent_free: release ptr-libevent@0x55a6f7a51840 | libevent_free: release ptr-libevent@0x55a6f7a51750 | libevent_free: release ptr-libevent@0x55a6f7a51660 | libevent_free: release ptr-libevent@0x55a6f7a34e30 | libevent_free: release ptr-libevent@0x55a6f7a51110 | libevent_free: release ptr-libevent@0x55a6f7a51050 | libevent_free: release ptr-libevent@0x55a6f7a50f70 | libevent_free: release ptr-libevent@0x55a6f7a511d0 | libevent_free: release ptr-libevent@0x55a6f7a50e60 | libevent_free: release ptr-libevent@0x55a6f7a34dc0 | libevent_free: release ptr-libevent@0x55a6f7a34df0 | libevent_free: release ptr-libevent@0x55a6f7a34ae0 | releasing global libevent data | libevent_free: release ptr-libevent@0x55a6f7a33320 | libevent_free: release ptr-libevent@0x55a6f7a33350 | libevent_free: release ptr-libevent@0x55a6f7a34ab0