FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18084 core dump dir: /var/tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55c72fd015b0 size 40 | libevent_malloc: new ptr-libevent@0x55c72fd015e0 size 40 | libevent_malloc: new ptr-libevent@0x55c72fd032e0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55c72fd032a0 size 56 | libevent_malloc: new ptr-libevent@0x55c72fd03310 size 664 | libevent_malloc: new ptr-libevent@0x55c72fd035b0 size 24 | libevent_malloc: new ptr-libevent@0x55c72fcd83e0 size 384 | libevent_malloc: new ptr-libevent@0x55c72fd035d0 size 16 | libevent_malloc: new ptr-libevent@0x55c72fd035f0 size 40 | libevent_malloc: new ptr-libevent@0x55c72fd03620 size 48 | libevent_realloc: new ptr-libevent@0x55c72fd03660 size 256 | libevent_malloc: new ptr-libevent@0x55c72fd03770 size 16 | libevent_free: release ptr-libevent@0x55c72fd032a0 | libevent initialized | libevent_realloc: new ptr-libevent@0x55c72fd03790 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 started thread for crypto helper 2 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55c72fd09240 | libevent_malloc: new ptr-libevent@0x55c72fd14fe0 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd03a50 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55c72fd09200 | libevent_malloc: new ptr-libevent@0x55c72fd15070 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd081c0 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55c72fd032a0 | libevent_malloc: new ptr-libevent@0x55c72fd1f5e0 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd1f670 size 16 | libevent_realloc: new ptr-libevent@0x55c72fd1f690 size 256 | libevent_malloc: new ptr-libevent@0x55c72fd1f7a0 size 8 | libevent_realloc: new ptr-libevent@0x55c72fd14360 size 144 | libevent_malloc: new ptr-libevent@0x55c72fd1f7c0 size 152 | libevent_malloc: new ptr-libevent@0x55c72fd1f860 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55c72fd1f880 size 8 | libevent_malloc: new ptr-libevent@0x55c72fd1f8a0 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55c72fd1f940 size 8 | libevent_malloc: new ptr-libevent@0x55c72fd1f960 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55c72fd1fa00 size 8 | libevent_realloc: release ptr-libevent@0x55c72fd14360 | libevent_realloc: new ptr-libevent@0x55c72fd1fa20 size 256 | libevent_malloc: new ptr-libevent@0x55c72fd14360 size 152 | signal event handler PLUTO_SIGSYS installed | starting up helper thread 2 | created addconn helper (pid:18175) using fork+execve | forked child 18175 | status value returned by setting the priority of this thread (crypto helper 2) 22 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | crypto helper 2 waiting (nothing to do) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.1.3.209 Kernel supports NIC esp-hw-offload adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.1.3.209:4500 | starting up helper thread 6 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55c72fd089a0 | libevent_malloc: new ptr-libevent@0x55c72fd1fd20 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd1fdb0 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1fdd0 | libevent_malloc: new ptr-libevent@0x55c72fd1fe10 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd1fea0 size 16 | setup callback for interface lo 127.0.0.1:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1fec0 | libevent_malloc: new ptr-libevent@0x55c72fd1ff00 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd1ff90 size 16 | setup callback for interface eth0 192.1.3.209:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1ffb0 | libevent_malloc: new ptr-libevent@0x55c72fd1fff0 size 128 | libevent_malloc: new ptr-libevent@0x55c72fd20080 size 16 | setup callback for interface eth0 192.1.3.209:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 loaded private key for keyid: PKK_RSA:AQPHFfpyJ | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.486 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.1.3.209 | no interfaces to sort | libevent_free: release ptr-libevent@0x55c72fd1fd20 | free_event_entry: release EVENT_NULL-pe@0x55c72fd089a0 | add_fd_read_event_handler: new ethX-pe@0x55c72fd089a0 | libevent_malloc: new ptr-libevent@0x55c72fd1fd20 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 20 | libevent_free: release ptr-libevent@0x55c72fd1fe10 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1fdd0 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1fdd0 | libevent_malloc: new ptr-libevent@0x55c72fd1fe10 size 128 | setup callback for interface lo 127.0.0.1:500 fd 19 | libevent_free: release ptr-libevent@0x55c72fd1ff00 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1fec0 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1fec0 | libevent_malloc: new ptr-libevent@0x55c72fd1ff00 size 128 | setup callback for interface eth0 192.1.3.209:4500 fd 18 | libevent_free: release ptr-libevent@0x55c72fd1fff0 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1ffb0 | add_fd_read_event_handler: new ethX-pe@0x55c72fd1ffb0 | libevent_malloc: new ptr-libevent@0x55c72fd1fff0 size 128 | setup callback for interface eth0 192.1.3.209:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 loaded private key for keyid: PKK_RSA:AQPHFfpyJ | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.252 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 18175 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0145 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection xauth-road-eastnet with policy ENCRYPT+TUNNEL+PFS+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @road is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55c72fd01500 added connection description "xauth-road-eastnet" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.3.209[@road,+XC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east,+XS+S=C]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.117 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid @road | add pubkey 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c | add pubkey 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 | add pubkey a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 | add pubkey 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 | add pubkey dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 | add pubkey ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 | add pubkey f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d | add pubkey 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c | add pubkey 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c | add pubkey 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 | add pubkey f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c | add pubkey bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 | add pubkey 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 | add pubkey 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb | add pubkey 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e | add pubkey f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 | add pubkey 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 | add pubkey 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 | add pubkey 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 | add pubkey 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed | add pubkey 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c | add pubkey da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b | add pubkey 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c | add pubkey 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 | add pubkey 90 6a fd 31 f5 ab | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 | keyid: *AQPHFfpyJ | n c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 | n 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef | n aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 | n 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 | n 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 | n da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 | n a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 | n d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd | n 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a | n 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 | n 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 | n d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 | n 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b | n 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb | n 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 | n db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a | n 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff | n 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b | n 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b | n 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 | n 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d | n cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c | n e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 | n 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a | n fd 31 f5 ab | e 03 | CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | CKAID 59 b0 ef 45 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.153 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid @east | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | keyid: *AQO9bJbr3 | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 | n 48 ef | e 03 | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.115 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0584 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'xauth-road-eastnet' +POLICY_UP | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x55c72fd213b0 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | suspend processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:118) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@22) -> fd@23 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "xauth-road-eastnet" IKE SA #1 "xauth-road-eastnet" "xauth-road-eastnet" #1: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55c72fd227b0 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 25 11 10 30 5e 35 d9 1b 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 "xauth-road-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22170 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #1 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.093195 | #1 spent 1.68 milliseconds in main_outI1() | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:349) | close_any(fd@21) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.72 milliseconds in whack | spent 0.00318 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 156 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 156 (0x9c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 1 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22170 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd22170 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.143 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.293 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 1 for state #1 | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.001042 seconds | (#1) spent 1.03 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f7268006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x55c72f6e9630 | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 8f 6b 35 a6 16 71 46 ab e6 cf 71 b2 14 bc 4b 7e | keyex value ec 29 07 4e 07 db 23 f7 52 bc 28 d8 c6 b7 c2 2f | keyex value 44 3d 28 bd 8c e1 cc bf df c0 69 50 90 1b bd 8c | keyex value 5b 42 f1 bd a9 d9 3b 84 ef 3e 0f 43 60 0d 70 7a | keyex value 17 c1 c4 52 50 f9 76 0e ea 24 46 aa 8d 11 3a 4c | keyex value 5c 56 6d f8 41 df e1 da 9a 89 d2 b2 62 10 2d 87 | keyex value 86 a6 5c d5 70 fe 77 fa 6d ab 3b 32 c6 2f f1 71 | keyex value 9f f2 07 6c 84 57 72 46 ae 4f 17 96 76 c4 0f 5c | keyex value 9c 0e 7b f5 26 22 a2 d7 a0 46 70 8c 2c 77 5e 5b | keyex value 8f 1c a7 e4 72 65 5f 54 4d 90 c9 62 c0 3c 1d 16 | keyex value 60 3c d1 b8 19 fd ca 38 7f 40 26 bf 6c d3 ad 7c | keyex value 2c f8 7f 17 7b 14 b0 0b 1f 09 3b 1b 0d 88 dc 55 | keyex value 04 2e 4d 2b 92 6c c8 18 72 49 8e e9 bd 8d 86 6d | keyex value d1 90 e7 d1 94 06 e3 b2 99 f9 a0 27 a1 12 14 ab | keyex value 16 ea 9c ad 7e bc ac 5a c5 8c 41 ff 95 b5 53 97 | keyex value ad 2f b8 25 71 6e 0c 75 04 af 76 cc c2 67 ab f6 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 7c 94 76 02 44 d9 d2 81 3b bf 4a 2c b4 48 db d7 | Ni 89 13 02 a1 da ae 5e 5f c9 95 8d 86 f7 f3 47 75 | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= 25 11 10 30 5e 35 d9 1b | natd_hash: rcookie= 0c e6 ed c2 6e ef cf 80 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 5d da d2 c2 a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a | natd_hash: hash= bb b7 d8 a5 c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 5d da d2 c2 a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a | NAT-D bb b7 d8 a5 c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= 25 11 10 30 5e 35 d9 1b | natd_hash: rcookie= 0c e6 ed c2 6e ef cf 80 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 23 a1 10 a2 a4 23 46 93 10 98 23 ef 7e 9d 45 7b | natd_hash: hash= 2b e0 07 86 cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 23 a1 10 a2 a4 23 46 93 10 98 23 ef 7e 9d 45 7b | NAT-D 2b e0 07 86 cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd22170 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 396 bytes for STATE_MAIN_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 8f 6b 35 a6 16 71 46 ab e6 cf 71 b2 14 bc 4b 7e | ec 29 07 4e 07 db 23 f7 52 bc 28 d8 c6 b7 c2 2f | 44 3d 28 bd 8c e1 cc bf df c0 69 50 90 1b bd 8c | 5b 42 f1 bd a9 d9 3b 84 ef 3e 0f 43 60 0d 70 7a | 17 c1 c4 52 50 f9 76 0e ea 24 46 aa 8d 11 3a 4c | 5c 56 6d f8 41 df e1 da 9a 89 d2 b2 62 10 2d 87 | 86 a6 5c d5 70 fe 77 fa 6d ab 3b 32 c6 2f f1 71 | 9f f2 07 6c 84 57 72 46 ae 4f 17 96 76 c4 0f 5c | 9c 0e 7b f5 26 22 a2 d7 a0 46 70 8c 2c 77 5e 5b | 8f 1c a7 e4 72 65 5f 54 4d 90 c9 62 c0 3c 1d 16 | 60 3c d1 b8 19 fd ca 38 7f 40 26 bf 6c d3 ad 7c | 2c f8 7f 17 7b 14 b0 0b 1f 09 3b 1b 0d 88 dc 55 | 04 2e 4d 2b 92 6c c8 18 72 49 8e e9 bd 8d 86 6d | d1 90 e7 d1 94 06 e3 b2 99 f9 a0 27 a1 12 14 ab | 16 ea 9c ad 7e bc ac 5a c5 8c 41 ff 95 b5 53 97 | ad 2f b8 25 71 6e 0c 75 04 af 76 cc c2 67 ab f6 | 14 00 00 24 7c 94 76 02 44 d9 d2 81 3b bf 4a 2c | b4 48 db d7 89 13 02 a1 da ae 5e 5f c9 95 8d 86 | f7 f3 47 75 14 00 00 24 5d da d2 c2 a0 94 cd 0f | 1c 7a 23 81 7b 3e 45 7a bb b7 d8 a5 c8 f5 c7 a2 | 7a bc 7a e6 d2 a3 68 bd 00 00 00 24 23 a1 10 a2 | a4 23 46 93 10 98 23 ef 7e 9d 45 7b 2b e0 07 86 | cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | !event_already_set at reschedule "xauth-road-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22170 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #1 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.097918 "xauth-road-eastnet" #1: STATE_MAIN_I2: sent MI2, expecting MR2 | XAUTH client is not yet authenticated | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.337 milliseconds in resume sending helper answer | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7268006900 | spent 0.00306 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 95 2f 42 15 41 0e 81 e3 0f d6 a3 e4 8b 6e f5 84 | 3c 84 ed 4b b5 c7 7d 4b 4c 5e 43 2b 06 43 c5 65 | aa ad df f1 6d 56 f3 55 81 73 c1 39 97 dd 2e 91 | 9b dc 82 78 f8 f5 b2 f6 34 5b 5e ac d3 35 7e 7f | f7 8b 88 46 4a 6c 2e d3 9a 2f 6b e7 2b cb a4 78 | b3 5f 00 88 8a 71 cf 54 b9 a8 17 f8 22 ef 08 b6 | 13 6d 57 ad 10 4a 5d fc a6 d3 66 1f 20 69 46 a6 | 49 e5 33 d9 9d 8b 3c 28 eb 4e fa 37 2e 13 00 f5 | 91 dc e0 39 d6 37 a5 5b 77 f2 e7 c0 c6 c8 2c 6b | c0 d9 08 68 4a 99 14 3f fd b6 24 71 56 f4 47 38 | 74 4f 0c 5e e0 62 05 98 de 79 d6 06 ab fa 73 c3 | e4 af dd 6f 76 64 13 02 60 6d 2b be 6b 6f 2b 31 | 8e 63 0f 85 a9 af 41 4b 9b 13 30 33 77 15 92 9c | b3 91 32 93 8c 95 1d 94 2f 78 58 ab a9 f1 cc 66 | c0 4d 5d 77 c0 65 8c 48 34 d0 43 7e fc bb 8b 02 | 6d 2a 4d 4d 72 49 1e 4e 20 3c 5b b3 17 d3 69 1b | 14 00 00 24 08 9b cc e7 06 e4 60 b5 80 4c c7 0f | 07 5f 3b 79 f9 7d 21 f0 97 65 cf c6 eb f8 07 fd | db a7 92 d3 14 00 00 24 23 a1 10 a2 a4 23 46 93 | 10 98 23 ef 7e 9d 45 7b 2b e0 07 86 cc f7 d2 bf | dc 7c 3a 6e bd d3 ca d1 00 00 00 24 5d da d2 c2 | a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a bb b7 d8 a5 | c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for @road->@east of kind PKK_PSK | actually looking for secret for @road->@east of kind PKK_PSK | line 1: key type PKK_PSK(@road) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22170 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7268002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 1 resuming | #1 spent 0.0528 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.203 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 starting work-order 2 for state #1 | crypto helper 1 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 | crypto helper 1 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001085 seconds | (#1) spent 1.09 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f7260004f00 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x55c72f6e9630 | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: 0?? | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because I do not have one. | I am not sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= 25 11 10 30 5e 35 d9 1b | natd_hash: rcookie= 0c e6 ed c2 6e ef cf 80 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 23 a1 10 a2 a4 23 46 93 10 98 23 ef 7e 9d 45 7b | natd_hash: hash= 2b e0 07 86 cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= 25 11 10 30 5e 35 d9 1b | natd_hash: rcookie= 0c e6 ed c2 6e ef cf 80 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 5d da d2 c2 a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a | natd_hash: hash= bb b7 d8 a5 c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | expected NAT-D(me): 23 a1 10 a2 a4 23 46 93 10 98 23 ef 7e 9d 45 7b | expected NAT-D(me): 2b e0 07 86 cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | expected NAT-D(him): | 5d da d2 c2 a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a | bb b7 d8 a5 c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | received NAT-D: 23 a1 10 a2 a4 23 46 93 10 98 23 ef 7e 9d 45 7b | received NAT-D: 2b e0 07 86 cc f7 d2 bf dc 7c 3a 6e bd d3 ca d1 | received NAT-D: 5d da d2 c2 a0 94 cd 0f 1c 7a 23 81 7b 3e 45 7a | received NAT-D: bb b7 d8 a5 c8 f5 c7 a2 7a bc 7a e6 d2 a3 68 bd | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_SIG (0x9) | ID type: ID_FQDN (0x2) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 72 6f 61 64 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | started looking for secret for @road->@east of kind PKK_RSA | actually looking for secret for @road->@east of kind PKK_RSA | line 1: key type PKK_RSA(@road) to type PKK_RSA | 1: compared key (none) to @road / @east -> 002 | 2: compared key (none) to @road / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55c72fd151c0 (line=1) | concluding with best_match=002 best=0x55c72fd151c0 (lineno=1) | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 388 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 44 60 31 88 2e 0f 1a 48 68 ce 8f 53 f3 92 50 bb | SIG_I 5e 3c de a9 a8 84 33 3d 16 6e de 75 a2 7c 4c 71 | SIG_I d2 fd 9a 85 04 c1 c7 0b c6 40 70 08 8e b7 88 fa | SIG_I 99 52 36 4d 8d c1 cf 1a ff 66 d4 41 dd 28 ed f6 | SIG_I 4b ea 55 ee 96 04 14 41 54 18 1f 61 99 cc f7 15 | SIG_I ba e5 90 ce 07 f8 5e 33 e5 48 1e c2 2e b0 35 5b | SIG_I 47 ef d9 34 ef f4 0a c8 02 61 aa 88 95 e7 60 1b | SIG_I a2 78 12 a1 84 19 52 c9 bf bb d0 90 f1 ea 8e 4f | SIG_I 42 a2 76 08 94 55 06 7c c3 be 4d b0 23 b1 ee f0 | SIG_I 10 91 61 16 96 95 0c 72 82 3d 9e ed 36 d2 5d 88 | SIG_I f3 f5 8d 32 91 f4 22 5e 7f 9b c3 60 ab 0e fb f7 | SIG_I ae 1c 69 74 01 42 9e 5e 95 59 28 35 82 9f d3 25 | SIG_I 04 dd e3 2b 4b bf 17 2c 73 4d 9d 30 1a 45 56 d0 | SIG_I 2a 5b 75 eb b6 a0 b7 43 cf 54 26 54 52 e3 20 ff | SIG_I 48 2a a7 6c a0 76 92 71 f1 f4 58 c5 9b ba 8d f1 | SIG_I 1b a3 86 04 b8 78 7f 58 01 61 35 47 19 ea ae d6 | SIG_I fc 5d cc 4e 6a 83 de 8e f8 e9 5c 78 81 c1 75 38 | SIG_I de 97 3b 1e 37 38 a4 0c 5f 2e 2b bb 83 cb 4f 08 | SIG_I f8 bf 54 f7 b9 c8 bd c2 6c af 4f 07 6c e1 9f 10 | SIG_I bd b6 c7 3b 78 48 2b 3e 67 d1 a2 31 39 17 a5 ae | SIG_I d0 d3 6a bb e3 c1 2c ac 92 1b 75 43 d1 7c b3 c8 | SIG_I ca 69 a5 9d 08 00 9d 69 8b 9c f3 60 2c 76 fc 49 | SIG_I 08 6e 63 8a 10 5a 0e 28 96 a4 be 37 2d e2 9a 3a | SIG_I 9e 7c aa 93 70 18 6c 95 6a 16 99 88 87 67 bc 4c | SIG_I 8a 41 e5 de | emitting length of ISAKMP Signature Payload: 392 | Not sending INITIAL_CONTACT | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 444 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7268002b20 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 444 bytes for STATE_MAIN_I2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 05 10 02 01 00 00 00 00 00 00 01 bc 33 bf bf d4 | 33 4d 02 5c 0f bc 29 bd ef 03 e6 0e 35 27 5b 5a | a2 dd d3 33 cd 44 4e 1b 00 5d 3e bd 68 ea 66 54 | 51 4f fb 45 72 b3 86 da d0 5e d5 d3 72 78 82 ea | ee 0f 99 fb d2 d8 17 7b 09 ad ba 18 d9 c5 1d 75 | 3a 4e 19 96 be 70 15 f3 1c 93 10 d4 b7 85 64 a3 | fe 4f c2 d7 8d 49 f4 d9 1c 5f 67 b0 78 6b 7b 72 | 58 88 2a bb ef 5e d8 87 7d e3 0f 01 4a 29 6f 13 | ce 72 b2 10 30 b4 70 b6 17 bd e3 dd e3 56 0a b1 | 04 7d e0 1e e1 23 b6 6d 38 30 f8 c6 e5 bf a0 74 | 21 f1 ca 92 81 c9 72 c5 58 65 9d 65 16 30 bb 3b | 8b 1e e6 38 b9 ae e6 7d 16 97 5d 03 f1 2f e3 ce | 01 17 9d b9 80 c4 54 35 45 0b 77 a2 80 4f 43 9b | c9 a7 e8 d8 17 9e 5a 41 0e 73 09 db 2e 37 6f 2c | 44 d0 fc fd cd 12 22 29 10 fe 27 f5 cb 14 92 99 | 9d 4d 61 bb 0f 72 f5 44 c7 c7 53 bd 4a 8d e7 83 | fa a2 fe 01 f1 76 8d b0 9f 0b d2 87 12 3a 67 8d | 2b a6 ca 01 92 79 ba 0f d0 8f 70 71 10 c2 9b 62 | 93 3b a8 d7 91 54 3a 4d c6 12 3a 77 7e 23 15 e5 | 34 cb d0 5e 25 a9 0e d6 ba 48 3b 34 c7 b6 b1 0b | fe a9 c4 05 bc 7e 56 a4 85 2d 48 c6 37 fb 8d 03 | d2 59 b4 60 8f f7 9e 2d d4 ac 6b 44 c7 4c f1 c5 | e3 80 fc 64 f5 fd 9e c5 45 5c 57 b4 03 5d c3 60 | 4d 05 9c 1c b0 bf ca 72 7f 56 0a 62 3d 3f 35 ba | 93 50 4a 88 4d 83 fc 4b 98 e7 74 35 7a da 6e 50 | 6d 7c 79 be fb 38 fc cb 97 c3 87 20 72 47 f9 89 | 89 a7 01 bd a1 a5 76 09 d3 39 9d f2 | !event_already_set at reschedule "xauth-road-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd212d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.109497 "xauth-road-eastnet" #1: STATE_MAIN_I3: sent MI3, expecting MR3 | XAUTH client is not yet authenticated | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 7.72 milliseconds in resume sending helper answer | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7260004f00 | spent 0.00278 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 332 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 05 10 02 01 00 00 00 00 00 00 01 4c c2 4b a4 65 | 1d 64 1e cb 14 88 bb 0f 48 ab da e3 7f 3d 77 d8 | d8 91 a6 3a fc b6 87 a1 a2 25 e0 30 48 bd 6e 30 | b1 0f 8e 84 ad 41 bb 0b d1 9d 97 00 f6 5f f5 44 | ba 37 82 50 70 da 40 3e f3 5e 43 45 c4 33 43 c3 | 18 3d 04 2e 1f 66 d3 fd 0a 5f fb 48 6c 51 e7 22 | 64 f5 bd f2 03 ca 26 a6 d0 a1 90 48 ed 54 76 c6 | c9 3f 8c 29 df 77 ac 95 55 81 6f bb 47 22 12 ab | 3c 5d 2e ee 04 d0 61 48 07 c1 c4 28 c4 d1 29 d5 | 41 34 13 0f f6 64 ff c9 8d 59 88 56 1d 48 1b 68 | ad e0 40 f2 35 d7 7c 8b 0f a5 1c 0e b3 e3 47 8d | ca 63 c7 6b 23 78 61 1b c3 e2 22 36 d7 ff a8 50 | ac ce 23 ab e4 3e 2a 35 41 64 fe b1 a1 58 e4 0d | 91 94 98 80 6e 8e e1 b8 d1 15 20 66 24 92 d8 3d | b8 55 2e 81 80 99 28 a2 19 fd 18 81 7a 8c f4 3b | fe 15 f5 3d 5a df 98 a3 90 0f cd 2f d1 14 07 dd | 64 69 d3 3e 9f 88 69 32 ae cd 5f f9 4e 05 fc fb | 64 b1 2c e1 70 94 af 0f 79 8e b6 20 e1 e7 22 50 | 30 5d c7 a8 58 9e 15 e8 06 48 29 60 c8 fd 4e 3e | 37 fe 6a ae 77 7a 65 b5 67 7e 56 20 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 332 (0x14c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 65 61 73 74 | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 278 (0x116) | removing 14 bytes of padding | message 'main_inR3' HASH payload not checked early "xauth-road-eastnet" #1: Peer ID is ID_FQDN: '@east' | X509: no CERT payloads to process | required RSA CA is '%any' | checking RSA keyid '@east' for match with '@east' | RSA key issuer CA is '%any' | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] | #1 spent 0.0659 milliseconds in try_all_keys() trying a pubkey "xauth-road-eastnet" #1: Authenticated using RSA | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd212d0 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd212d0 | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | pstats #1 ikev1.isakmp established "xauth-road-eastnet" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #1 spent 0.307 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.471 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00328 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 08 10 06 01 1e 19 8e 3a 00 00 00 5c e3 47 b4 a2 | f2 74 a3 d4 53 fc df b9 e8 ff 2f 96 b0 b8 f8 02 | 91 b1 d9 d2 60 46 a4 66 5b 9a 67 e1 5e f2 b4 2d | 63 8b 70 fc cc c8 9d c9 ac b8 b4 64 4d d0 6b e9 | 37 d1 5a 7c e6 6c 16 51 26 ef 3a 64 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 504991290 (0x1e198e3a) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=1e198e3a st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient | call init_phase2_iv | set from_state to STATE_MAIN_I4 this is xauthclient and IS_PHASE1() is TRUE | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | xauth_inI0 HASH(1): | 88 1a 67 12 5a 14 12 98 98 83 17 d9 18 47 0b 97 | f8 75 9b b6 da b4 8e 11 3d 7d 33 b5 71 08 1d 45 | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 504991290 (0x1e198e3a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | Received Cisco XAUTH username | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | Received Cisco XAUTH password | XAUTH: Username or password request received | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | prompting for Username: | emitting 7 raw bytes of XAUTH username into ISAKMP ModeCfg attribute | XAUTH username 62 61 64 75 73 65 72 | emitting length of ISAKMP ModeCfg attribute: 7 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | started looking for xauth secret for baduser | line 1: key type PKK_XAUTH(@baduser) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | looked up username=baduser, got=(nil) | prompting for Password: | emitting 8 raw bytes of XAUTH password into ISAKMP ModeCfg attribute | XAUTH password 75 73 65 31 70 61 73 73 | emitting length of ISAKMP ModeCfg attribute: 8 | emitting length of ISAKMP Mode Attribute: 31 "xauth-road-eastnet" #1: XAUTH: Answering XAUTH challenge with user='baduser' | XAUTH: client response HASH(1): | 71 eb 42 72 83 8d c8 18 65 ac d3 93 45 0a 00 7f | af 3c dc 70 55 5f f0 1f 43 fe 5b 09 db d9 02 21 | padding IKEv1 message with 1 bytes | emitting 1 zero bytes of message padding into ISAKMP Message | emitting length of ISAKMP Message: 96 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 108 | xauth_inI0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 | parent state #1: MAIN_I4(established IKE SA) => XAUTH_I1(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd212d0 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 108 bytes for STATE_XAUTH_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 08 10 06 01 1e 19 8e 3a 00 00 00 6c 65 5e f6 15 | ad 49 c6 21 3a 58 0c ec ea 22 e9 cf 3f 85 46 6e | 35 8a 62 16 94 1d be 99 07 7a f2 e3 9c 68 ba 56 | a6 59 9d c9 1e 63 37 f4 53 45 8a 24 b5 2f 32 0d | 8a 7d 1a 02 04 38 f4 2f ae 91 ff 16 2f 92 b0 ba | 1a 7f 3d 8a 1d 34 2d 77 d8 e2 a8 2c | !event_already_set at reschedule "xauth-road-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd212d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #1 STATE_XAUTH_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.196217 | pstats #1 ikev1.isakmp established "xauth-road-eastnet" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #1 spent 0.237 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.366 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 08 10 06 01 60 82 ca f9 00 00 00 4c d4 1a 98 5f | 73 f0 8e fc 34 f1 d5 b6 36 99 83 d0 74 3e ea a5 | 64 43 79 d3 d9 f7 9b 75 d2 7e a8 f0 f4 91 a6 79 | 7f cc dd a0 fb f3 58 95 e3 cf 46 65 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1619184377 (0x6082caf9) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=6082caf9 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_XAUTH_I1 | State DB: found IKEv1 state #1 in XAUTH_I1 (find_v1_info_state) | start processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient | call init_phase2_iv | set from_state to STATE_XAUTH_I1 this is xauthclient and state == STATE_XAUTH_I1 | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | xauth_inI0 HASH(1): | 3b cc 7f f7 6c eb c9 be 7d 2f 93 ad 23 99 a0 ee | b8 e8 96 89 d5 9d 23 67 f5 32 84 f5 f0 c9 1f 66 | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1619184377 (0x6082caf9) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 0 (0x0) "xauth-road-eastnet" #1: Received Cisco XAUTH status: FAIL | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: ack status HASH(1): | 4c 09 c6 14 ad 21 7a 07 f6 f2 e5 94 48 ca 0b 56 | e9 3c e7 79 7b fd 0a 65 b5 b9 9c d8 dd 87 cc 5f | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 "xauth-road-eastnet" #1: xauth: xauth_client_ackstatus() returned STF_OK "xauth-road-eastnet" #1: XAUTH: aborting entire IKE Exchange | complete v1 state transition with STF_FATAL | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #1 is idle | release_pending_whacks: state #1 fd@22 .st_dev=9 .st_ino=4241276 | close_any(fd@22) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@23 | close_any(fd@23) (in release_pending_whacks() at pending.c:223) | pstats #1 ikev1.isakmp deleted completed | [RE]START processing: state #1 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #1: deleting state (STATE_XAUTH_I1) aged 0.108s and sending notification | parent state #1: XAUTH_I1(established IKE SA) => delete | #1 send IKEv1 delete notification for STATE_XAUTH_I1 | **emit ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3654724202 (0xd9d6aa6a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI 25 11 10 30 5e 35 d9 1b | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 0c e6 ed c2 6e ef cf 80 | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | 5c 55 b4 b3 92 07 57 a9 10 ee fa a4 a7 5d c8 c1 | a0 6c 26 b9 9e bd ec 6d 9e 66 6c 4f 88 95 af ae | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 08 10 05 01 d9 d6 aa 6a 00 00 00 5c 32 e1 eb 03 | e2 96 5a 6d d5 f9 34 92 fa 30 17 af d9 23 1c 46 | 5d a2 63 2a 93 8f b5 59 ae c4 62 c0 0d 04 53 bf | da 8c 84 62 b2 6a d0 c3 f6 30 24 6e bc 6e a7 c0 | c4 db 60 17 ae e6 1e 12 54 ce 21 cd | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_XAUTH_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd212d0 | in connection_discard for connection xauth-road-eastnet | removing pending policy for "xauth-road-eastnet" {0x55c72fcd1720} | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #1 "xauth-road-eastnet" #1: deleting IKE SA for connection 'xauth-road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'xauth-road-eastnet' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #1 in XAUTH_I1 | parent state #1: XAUTH_I1(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x55c72fd21190 @east cnt 2-- | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.659 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_REVIVE_CONNS Initiating connection xauth-road-eastnet which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'xauth-road-eastnet' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #2 at 0x55c72fd21390 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | suspend processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:118) | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) | parent state #2: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "xauth-road-eastnet" IKE SA #2 "xauth-road-eastnet" "xauth-road-eastnet" #2: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55c72fd22610 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #2) | b2 47 a6 b0 08 bf 4c a8 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 "xauth-road-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd21f30 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #2 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.202016 | #2 spent 1.42 milliseconds in main_outI1() | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:349) | spent 1.45 milliseconds in global timer EVENT_REVIVE_CONNS | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | 25 11 10 30 5e 35 d9 1b 0c e6 ed c2 6e ef cf 80 | 08 10 05 01 4e ae 31 87 00 00 00 5c 03 57 1a d8 | ab 5c c0 6c d0 26 64 bd 39 53 c6 51 14 f7 b5 b7 | a7 30 0d 32 5a 61 1b f9 27 a0 37 f7 92 e6 2d d7 | c5 16 f1 a2 8c 60 ba 4e 94 e1 39 d8 80 97 42 fd | de da d3 62 44 33 95 a9 f6 29 aa f9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 25 11 10 30 5e 35 d9 1b | responder cookie: | 0c e6 ed c2 6e ef cf 80 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1320038791 (0x4eae3187) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | State DB: IKEv1 state not found (find_v1_info_state) | State DB: IKEv1 state not found (find_state_ikev1_init) | Informational Exchange is for an unknown (expired?) SA with MSGID:0x4eae3187 | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes: | 25 11 10 30 5e 35 d9 1b | - unknown SA's md->hdr.isa_ike_responder_spi.bytes: | 0c e6 ed c2 6e ef cf 80 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0487 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 156 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 156 (0x9c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #2 in MAIN_I1 (find_state_ikev1_init) | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 3 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd21f30 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd21f30 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | crypto helper 3 resuming | #2 spent 0.0992 milliseconds in process_packet_tail() | crypto helper 3 starting work-order 3 for state #2 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 3 doing build KE and nonce (outI2 KE); request ID 3 | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.221 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 finished build KE and nonce (outI2 KE); request ID 3 time elapsed 0.000584 seconds | (#2) spent 0.589 milliseconds in crypto helper computing work-order 3: outI2 KE (pcr) | crypto helper 3 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f7264006900 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 3 | calling continuation function 0x55c72f6e9630 | main_inR1_outI2_continue for #2: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value cb 52 99 3f d0 59 0a e1 76 54 29 d9 41 e0 8a 05 | keyex value 69 f6 d8 01 8a 6d ec f5 24 dc 82 03 59 76 5b f1 | keyex value 18 5a 59 85 eb 9e 48 b9 28 f6 b0 21 f0 1b 04 08 | keyex value 3f 9e 5d 6c e2 1a 2d ca 5c ad 0f f6 78 9b 0d 7a | keyex value 8c 3b fd 1d bf 4d f0 6e e2 fa db 71 47 e9 e8 38 | keyex value d6 f0 94 ff ba 98 c9 d0 06 db a7 a9 40 06 55 48 | keyex value 03 89 71 1d 95 3e 72 b4 9d af c8 39 fe af 6c de | keyex value 7b 56 d2 1c 43 13 d0 ac be 3f 8e 98 ff f1 89 d6 | keyex value 14 fc 1c 59 56 ce db 0b 55 bb 21 d1 09 ec f7 01 | keyex value c7 47 44 53 1e 8a c7 13 e2 a6 f7 95 b3 3c 05 54 | keyex value 9f 0b a9 ff 88 e2 7a 18 ea 1e 08 fd c6 49 14 ce | keyex value 5a 4b 79 d6 d1 a6 24 18 b2 ac 86 ef dd 15 d6 74 | keyex value 09 6e ba 5e 7d 62 2a 4f 43 29 94 0b 47 8a 9b 08 | keyex value 36 3d 98 c1 c9 8c 91 c1 14 ce 15 1f ab f8 37 78 | keyex value e2 e8 d1 b7 ce 4a 67 fe 50 62 72 05 6d 26 8a c6 | keyex value 8f 14 98 90 92 4a d4 74 ec dd cd ff 38 2b 15 65 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 71 57 d9 3d 48 c1 68 17 e2 66 8a 92 eb 15 b9 6a | Ni a2 a5 33 24 78 af 02 ce 6c 48 16 69 e4 74 7d b4 | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b2 47 a6 b0 08 bf 4c a8 | natd_hash: rcookie= 2a b8 fd a1 10 e3 b7 14 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a2 ba 64 48 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d | natd_hash: hash= cb 25 fc e1 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D a2 ba 64 48 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d | NAT-D cb 25 fc e1 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b2 47 a6 b0 08 bf 4c a8 | natd_hash: rcookie= 2a b8 fd a1 10 e3 b7 14 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= f3 68 2d 51 44 26 5f 98 64 4c bf ac 4f 05 45 36 | natd_hash: hash= ee 14 4d a4 aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D f3 68 2d 51 44 26 5f 98 64 4c bf ac 4f 05 45 36 | NAT-D ee 14 4d a4 aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #2 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #2: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd21f30 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 396 bytes for STATE_MAIN_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #2) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | cb 52 99 3f d0 59 0a e1 76 54 29 d9 41 e0 8a 05 | 69 f6 d8 01 8a 6d ec f5 24 dc 82 03 59 76 5b f1 | 18 5a 59 85 eb 9e 48 b9 28 f6 b0 21 f0 1b 04 08 | 3f 9e 5d 6c e2 1a 2d ca 5c ad 0f f6 78 9b 0d 7a | 8c 3b fd 1d bf 4d f0 6e e2 fa db 71 47 e9 e8 38 | d6 f0 94 ff ba 98 c9 d0 06 db a7 a9 40 06 55 48 | 03 89 71 1d 95 3e 72 b4 9d af c8 39 fe af 6c de | 7b 56 d2 1c 43 13 d0 ac be 3f 8e 98 ff f1 89 d6 | 14 fc 1c 59 56 ce db 0b 55 bb 21 d1 09 ec f7 01 | c7 47 44 53 1e 8a c7 13 e2 a6 f7 95 b3 3c 05 54 | 9f 0b a9 ff 88 e2 7a 18 ea 1e 08 fd c6 49 14 ce | 5a 4b 79 d6 d1 a6 24 18 b2 ac 86 ef dd 15 d6 74 | 09 6e ba 5e 7d 62 2a 4f 43 29 94 0b 47 8a 9b 08 | 36 3d 98 c1 c9 8c 91 c1 14 ce 15 1f ab f8 37 78 | e2 e8 d1 b7 ce 4a 67 fe 50 62 72 05 6d 26 8a c6 | 8f 14 98 90 92 4a d4 74 ec dd cd ff 38 2b 15 65 | 14 00 00 24 71 57 d9 3d 48 c1 68 17 e2 66 8a 92 | eb 15 b9 6a a2 a5 33 24 78 af 02 ce 6c 48 16 69 | e4 74 7d b4 14 00 00 24 a2 ba 64 48 7c 5f 20 26 | 88 1e 6b 98 f9 49 db 0d cb 25 fc e1 00 76 1b b3 | 02 f7 4a 6d 9e 75 ef 21 00 00 00 24 f3 68 2d 51 | 44 26 5f 98 64 4c bf ac 4f 05 45 36 ee 14 4d a4 | aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | !event_already_set at reschedule "xauth-road-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd21f30 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #2 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.205336 "xauth-road-eastnet" #2: STATE_MAIN_I2: sent MI2, expecting MR2 | XAUTH client is not yet authenticated | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.302 milliseconds in resume sending helper answer | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7264006900 | spent 0.00437 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ac 8f 50 a0 bf b9 ce 14 b3 c7 30 42 f9 6a d5 46 | a8 c6 e3 76 95 70 18 08 cf 7d 1e 41 f7 4d 05 46 | 54 0e 13 9f 74 ca 67 c7 d0 c3 d3 48 2a 13 23 7d | c9 71 78 05 09 d8 a6 23 e1 4e 6e 3c f1 c3 60 77 | d9 5a 7c 74 c7 94 76 ce 65 58 40 91 41 88 e6 42 | c2 76 90 1c 0d 89 d9 e8 b1 2f d5 33 91 3b bc 2f | 52 1a c1 5b bc 96 fb d3 01 cb 8c b4 e6 42 30 f7 | c0 12 d5 ef a4 f5 a5 b8 4c 05 ea 4e 17 b7 4a 6f | 40 84 9a c8 ce 5c 8a 96 ed ea 51 96 a3 5b 94 20 | a1 99 b7 63 01 b6 cc cc b6 1b 31 d0 ed 14 d7 31 | e4 01 83 0e 26 42 2f 64 9f 09 24 2f 6c 72 f9 3b | 65 e8 fc 94 07 23 0f 81 27 dd e9 32 d9 31 0c 53 | c5 19 83 12 00 aa f1 13 f9 20 25 35 19 53 e6 50 | e9 bb ad d2 d2 3c 15 73 9b 2d da 5b 5a 5c 29 45 | 27 0b b0 b7 e5 52 db d8 61 64 ab aa 86 45 22 1e | c9 fa 1e 58 a9 68 3f b5 c4 c3 70 1f c6 22 51 80 | 14 00 00 24 c6 8d 08 eb 31 0a 1c ff 3b bf 87 49 | 9e 23 13 fc 9c a6 b9 f5 27 ba 43 68 fe 13 67 8a | 8b b5 2b d1 14 00 00 24 f3 68 2d 51 44 26 5f 98 | 64 4c bf ac 4f 05 45 36 ee 14 4d a4 aa 1a 3c 70 | b1 82 c9 48 de d2 4a ea 00 00 00 24 a2 ba 64 48 | 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d cb 25 fc e1 | 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_I2 (find_state_ikev1) | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for @road->@east of kind PKK_PSK | actually looking for secret for @road->@east of kind PKK_PSK | line 1: key type PKK_PSK(@road) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 4 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd21f30 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7264002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | crypto helper 2 resuming | crypto helper 2 starting work-order 4 for state #2 | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | crypto helper 2 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 4 | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.0668 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.204 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 4 time elapsed 0.001157 seconds | (#2) spent 0.992 milliseconds in crypto helper computing work-order 4: aggr outR1 DH (pcr) | crypto helper 2 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f7258004f00 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 4 | calling continuation function 0x55c72f6e9630 | main_inR2_outI3_cryptotail for #2: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: 0?? | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because I do not have one. | I am not sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b2 47 a6 b0 08 bf 4c a8 | natd_hash: rcookie= 2a b8 fd a1 10 e3 b7 14 | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= f3 68 2d 51 44 26 5f 98 64 4c bf ac 4f 05 45 36 | natd_hash: hash= ee 14 4d a4 aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b2 47 a6 b0 08 bf 4c a8 | natd_hash: rcookie= 2a b8 fd a1 10 e3 b7 14 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a2 ba 64 48 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d | natd_hash: hash= cb 25 fc e1 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | expected NAT-D(me): f3 68 2d 51 44 26 5f 98 64 4c bf ac 4f 05 45 36 | expected NAT-D(me): ee 14 4d a4 aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | expected NAT-D(him): | a2 ba 64 48 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d | cb 25 fc e1 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | received NAT-D: f3 68 2d 51 44 26 5f 98 64 4c bf ac 4f 05 45 36 | received NAT-D: ee 14 4d a4 aa 1a 3c 70 b1 82 c9 48 de d2 4a ea | received NAT-D: a2 ba 64 48 7c 5f 20 26 88 1e 6b 98 f9 49 db 0d | received NAT-D: cb 25 fc e1 00 76 1b b3 02 f7 4a 6d 9e 75 ef 21 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_SIG (0x9) | ID type: ID_FQDN (0x2) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 72 6f 61 64 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | started looking for secret for @road->@east of kind PKK_RSA | actually looking for secret for @road->@east of kind PKK_RSA | line 1: key type PKK_RSA(@road) to type PKK_RSA | 1: compared key (none) to @road / @east -> 002 | 2: compared key (none) to @road / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55c72fd151c0 (line=1) | concluding with best_match=002 best=0x55c72fd151c0 (lineno=1) | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 388 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 7a 20 10 ce 55 64 cb 4a 9c 61 e1 2c ce d6 f9 72 | SIG_I 02 85 ef 4a 30 22 d9 b5 53 f4 35 98 b2 e3 fb 07 | SIG_I 56 ee 6c f7 4a 71 07 f4 70 40 90 14 13 1a 74 9e | SIG_I a4 38 00 39 fb 7d 0b 5f d5 3c 0f b0 66 48 cb 90 | SIG_I 45 a0 ee c7 80 22 3c ad 79 ba 23 62 7f a9 22 18 | SIG_I e0 23 4e 53 22 f8 a2 a4 86 ca 98 1b 49 b6 22 c8 | SIG_I 04 dd 3d 59 dc 5d 36 a2 f8 a2 bb 5a d0 78 dd 4a | SIG_I c4 9e 09 a4 f9 9c ea cb 12 79 83 41 ee bf 2f 9b | SIG_I 2c 5a 06 b2 25 de fc a3 eb 6c 27 4b c2 1c f8 cf | SIG_I 64 bd 12 b9 4f 1c d5 d4 a6 e8 72 ef 97 9a cc 66 | SIG_I 5b e5 72 2b 4f cd a6 07 bb 94 d5 01 95 1b 70 f9 | SIG_I b7 53 38 ca 4e 62 bb 85 c1 32 c1 d6 b8 12 bd 89 | SIG_I c5 75 f7 7f ff 3e 42 32 6e 6b 7c d0 63 a9 b0 6d | SIG_I d1 3d 7a a8 b9 1c 51 09 21 7f 43 76 ee 8a 81 f7 | SIG_I 45 cc 8e ed fd f4 24 4c 15 12 cc 75 e4 8f 86 5d | SIG_I 1a 55 ad 72 83 6e 90 c3 f3 98 e9 41 ef cc fb 57 | SIG_I 4c 3f 81 a6 08 60 be 0a ec 8f 17 8a 55 b6 56 9d | SIG_I 6b 70 6d 6a b4 91 c1 8f 55 e7 00 e8 11 95 4c a8 | SIG_I 20 4b 6f 05 4b 55 bf 18 27 b1 5e 67 77 c0 93 7a | SIG_I 30 3e 6a fc 1c 13 60 a1 70 0d 64 b9 c4 88 28 28 | SIG_I 1a a0 8f 7a 6b 79 46 eb 2f 08 a3 3a 55 3f 23 da | SIG_I 62 c2 59 b7 d5 92 3a f8 04 09 2f 9d 42 c6 a0 0f | SIG_I 46 b2 7b 2b 91 0a d4 b4 c4 9a 79 64 2f 6e 19 4f | SIG_I 3f f6 b1 2d 7e ef ab af bc b6 42 8a 33 9e c3 28 | SIG_I 96 1a 53 28 | emitting length of ISAKMP Signature Payload: 392 | Not sending INITIAL_CONTACT | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 444 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #2: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7264002b20 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 444 bytes for STATE_MAIN_I2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #2) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 05 10 02 01 00 00 00 00 00 00 01 bc b2 25 13 13 | 4b 74 fb b7 4b 26 82 57 54 c4 8c 02 79 65 74 cb | 9e 2c e6 57 3d 32 51 0e 6a 91 bd 64 f3 1e 7c 44 | ab 78 47 02 ed 91 87 3e a9 42 f1 fe 8b d4 ff c1 | 21 61 88 0b 8c 0d 71 21 3c ef ab 37 fc ca bf fb | 97 4b b6 ea 11 f7 a4 b8 f0 b7 f9 43 bf e9 58 30 | 18 c8 ff 1a e4 7a 0d 63 cd 70 32 8a 1d 5f 3e 74 | fa d4 17 db 3f d1 a2 7c 2c de a5 2c 46 2e a3 54 | 5b 23 1e ec 8e eb 12 b2 52 e2 e1 14 aa 31 d0 1d | c7 62 be 63 51 b1 f8 a8 55 6e d5 d9 ac 0f 7b d4 | 8a ef 9e 62 66 25 0a c9 f2 b5 c2 47 58 5e 75 62 | fd ea ca df b8 18 55 50 10 b5 53 80 67 63 e0 2c | 8c 2a 87 ca e4 79 47 69 5c 98 25 03 56 f3 52 be | 00 2c 11 93 ea 52 9f e1 87 e8 11 7c 2d 72 8c 36 | 9d 6e 15 d2 67 21 de 90 9d 71 18 69 08 91 ba 17 | ee 64 06 3e c8 33 78 89 02 6f 4b e4 c3 c7 74 e4 | 43 dd 49 2d 56 ba f0 4d 9e 1d c0 ed 92 5a 45 92 | ee 8f 27 71 50 79 99 1c b1 59 48 30 ca 65 26 49 | ec 45 bf 14 f2 0e 61 d7 72 22 3e 70 fe 11 ca 7f | e2 a1 77 92 dc 7e 84 1b 04 e8 7a 49 ae d3 a7 62 | 55 fa 6f 0e 20 b2 fb 1d 83 93 50 75 0e 99 1b 1c | 3a 91 4e e2 aa cc d8 02 67 5c 5e c3 e6 82 79 f8 | 0e e7 6c 17 77 50 2d 01 06 2d d6 e7 e7 6f 9d 7d | 94 a0 9c fa 4d b8 96 b7 0e 8b 1b 97 ae f7 07 9f | a5 55 b7 af f3 6e bb b8 60 ce 4c f6 28 64 d6 4b | 3d fb d4 81 ba 88 52 25 3e 74 f7 1c 55 1a a1 bf | e4 25 f1 a5 51 a2 d8 28 ee 7e 35 ff | !event_already_set at reschedule "xauth-road-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22630 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #2 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.218602 "xauth-road-eastnet" #2: STATE_MAIN_I3: sent MI3, expecting MR3 | XAUTH client is not yet authenticated | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 9.41 milliseconds in resume sending helper answer | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7258004f00 | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 332 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 05 10 02 01 00 00 00 00 00 00 01 4c de 2f a3 2b | fa 28 08 d8 dc 2a 35 37 91 53 e4 e4 82 7d 82 69 | 95 76 f5 00 d2 23 bb f8 e6 26 de b2 00 d1 72 f1 | e4 6f 3b 01 bd e8 e9 59 d5 24 f7 2f ba 1e 5f f8 | aa 8d 8e 78 1b c5 10 ed 39 ae d5 21 e8 0e d5 ca | 02 dd fd dc d3 b5 c7 0b 4b 4d 52 8a 88 13 f6 24 | 6a 15 29 cb b7 de 5d a4 e8 44 3f 6a 13 02 34 74 | ef 44 c2 97 39 81 13 c9 54 d0 a7 4a cd f9 de 81 | 8a 6e 13 66 cf b8 0a cb 90 31 2a 32 d9 d8 39 6c | 74 5a d8 7c 7d 92 6f b8 c2 ff a5 93 ce 45 34 b8 | 1e b6 a3 29 b1 72 b9 ec fc 77 d3 c6 c5 fe 33 a4 | 73 df e4 fc 21 9c 17 df 48 7f 8b c8 96 b2 db 80 | 94 08 78 88 68 ad dc 8b df ac ec e1 fd 50 f6 c2 | b3 cc f7 06 a5 0e 99 9f b9 89 6f d0 55 69 8d c2 | 32 41 02 0f 8d e7 17 e9 24 8b c7 88 23 93 e9 1a | 7e 5c 31 9f a5 fd e6 4c d0 60 3d ab 09 23 36 56 | 71 eb 2f cb 28 d4 fa 6c 49 0e 21 d0 88 6b 0b fc | f0 7f ea 61 41 ab 79 69 99 7f 69 7d 71 e4 b8 07 | df 5c 06 ee 30 ed 8a 5b ef d8 82 51 c9 cd c0 1c | 2c 08 7b 20 a9 74 c8 c4 dc 59 88 29 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 332 (0x14c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_I3 (find_state_ikev1) | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 65 61 73 74 | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 278 (0x116) | removing 14 bytes of padding | message 'main_inR3' HASH payload not checked early "xauth-road-eastnet" #2: Peer ID is ID_FQDN: '@east' | X509: no CERT payloads to process | required RSA CA is '%any' | checking RSA keyid '@east' for match with '@east' | RSA key issuer CA is '%any' | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] | #2 spent 0.0546 milliseconds in try_all_keys() trying a pubkey "xauth-road-eastnet" #2: Authenticated using RSA | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 | parent state #2: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22630 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd22630 | inserting event EVENT_SA_REPLACE, timeout in 2848 seconds for #2 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | pstats #2 ikev1.isakmp established "xauth-road-eastnet" #2: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #2 spent 0.229 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.379 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 08 10 06 01 3f 13 d6 8f 00 00 00 5c da 45 e7 0e | a8 0d 99 91 85 d3 6c f2 a2 7a aa 56 d0 d0 45 2a | 2e 92 c8 78 10 db 43 99 ae 74 28 1f 93 74 7a da | 95 30 d8 71 6d dd d5 87 cf 03 e4 7a 26 f4 7a 27 | 09 81 b2 0a 88 7c 8a 85 70 73 ba 37 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1058264719 (0x3f13d68f) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #2; msgid=3f13d68f st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #2; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #2 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #2 in MAIN_I4 (find_v1_info_state) | start processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient | call init_phase2_iv | set from_state to STATE_MAIN_I4 this is xauthclient and IS_PHASE1() is TRUE | #2 is idle | #2 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | xauth_inI0 HASH(1): | 24 d9 10 bd aa de 03 02 fe cf 34 fd 89 c2 40 ae | 6a f6 fd 81 61 9c 59 b4 c7 57 72 97 dd 99 a5 6f | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1058264719 (0x3f13d68f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | Received Cisco XAUTH username | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | Received Cisco XAUTH password | XAUTH: Username or password request received | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) "xauth-road-eastnet" #2: XAUTH username requested, but no file descriptor available for prompt | complete v1 state transition with STF_FATAL | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #2 is idle | release_pending_whacks: state #2 has no whack fd | release_pending_whacks: IKE SA #2 fd@-1 has pending CHILD SA with socket fd@-1 | pstats #2 ikev1.isakmp deleted completed | [RE]START processing: state #2 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #2: deleting state (STATE_MAIN_I4) aged 0.104s and sending notification | parent state #2: MAIN_I4(established IKE SA) => delete | #2 send IKEv1 delete notification for STATE_MAIN_I4 | **emit ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 284556730 (0x10f5fdba) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI b2 47 a6 b0 08 bf 4c a8 | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 2a b8 fd a1 10 e3 b7 14 | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | ce a8 57 d0 54 fd 79 03 67 43 dc 6e 91 91 4b 12 | 8a 29 3f 70 57 42 c1 b1 23 0e dc fc f3 af 30 96 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #2) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 08 10 05 01 10 f5 fd ba 00 00 00 5c 64 fc f6 8b | 52 53 4e b6 17 20 87 be 17 ed 49 33 b1 9a 36 ea | c1 97 bc 41 37 60 21 b3 db 04 08 30 34 0c 8e 15 | 7a 35 48 6c a9 73 32 ce 39 a1 55 b9 a3 73 1c e3 | 98 9e 28 23 69 f4 c2 c5 e4 7a 27 26 | state #2 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd22630 | in connection_discard for connection xauth-road-eastnet | removing pending policy for "xauth-road-eastnet" {0x55c72fcd3170} | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #2 "xauth-road-eastnet" #2: deleting IKE SA for connection 'xauth-road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'xauth-road-eastnet' added to the list and scheduled for 5 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #2 in MAIN_I4 | parent state #2: MAIN_I4(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x55c72fd21190 @east cnt 2-- | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) | in statetime_stop() and could not find #2 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.589 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b2 47 a6 b0 08 bf 4c a8 2a b8 fd a1 10 e3 b7 14 | 08 10 05 01 1b 92 bb 86 00 00 00 5c dc 36 fb e1 | 70 d1 54 da 66 be 70 2f f1 bd 6e 2a ba 3d 4a 10 | 39 51 be a2 a4 b7 7e a4 f3 00 78 83 0e 06 2b ad | 1f 15 fb da 45 21 28 ac a7 e6 de 7f e0 d2 6f 19 | 9d 7e 1b 3c 30 09 33 be be 52 42 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b2 47 a6 b0 08 bf 4c a8 | responder cookie: | 2a b8 fd a1 10 e3 b7 14 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 462601094 (0x1b92bb86) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | State DB: IKEv1 state not found (find_v1_info_state) | State DB: IKEv1 state not found (find_state_ikev1_init) | Informational Exchange is for an unknown (expired?) SA with MSGID:0x1b92bb86 | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes: | b2 47 a6 b0 08 bf 4c a8 | - unknown SA's md->hdr.isa_ike_responder_spi.bytes: | 2a b8 fd a1 10 e3 b7 14 | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0722 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in terminate_a_connection() at terminate.c:69) "xauth-road-eastnet": terminating SAs using this connection | connection 'xauth-road-eastnet' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "xauth-road-eastnet" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55c72fd01500 | flush revival: connection 'xauth-road-eastnet' revival flushed | stop processing: connection "xauth-road-eastnet" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection xauth-road-eastnet with policy ENCRYPT+TUNNEL+PFS+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @road is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55c72fd20400 added connection description "xauth-road-eastnet" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.3.209[@road,+XC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east,+XS+S=C]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.128 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid @road | unreference key: 0x55c72fd20340 @road cnt 1-- | add pubkey 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c | add pubkey 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 | add pubkey a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 | add pubkey 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 | add pubkey dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 | add pubkey ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 | add pubkey f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d | add pubkey 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c | add pubkey 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c | add pubkey 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 | add pubkey f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c | add pubkey bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 | add pubkey 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 | add pubkey 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb | add pubkey 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e | add pubkey f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 | add pubkey 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 | add pubkey 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 | add pubkey 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 | add pubkey 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed | add pubkey 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c | add pubkey da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b | add pubkey 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c | add pubkey 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 | add pubkey 90 6a fd 31 f5 ab | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | computed rsa CKAID 59 b0 ef 45 | keyid: *AQPHFfpyJ | n c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 | n 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef | n aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 | n 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 | n 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 | n da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 | n a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 | n d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd | n 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a | n 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 | n 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 | n d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 | n 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b | n 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb | n 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 | n db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a | n 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff | n 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b | n 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b | n 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 | n 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d | n cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c | n e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 | n 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a | n fd 31 f5 ab | e 03 | CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 | CKAID 59 b0 ef 45 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.155 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) add keyid @east | unreference key: 0x55c72fd21190 @east cnt 1-- | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | keyid: *AQO9bJbr3 | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 | n 48 ef | e 03 | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.115 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'xauth-road-eastnet' +POLICY_UP | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x55c72fd21310 | State DB: adding IKEv1 state #3 in UNDEFINED | pstats #3 ikev1.isakmp started | suspend processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:118) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) | parent state #3: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@22) -> fd@23 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "xauth-road-eastnet" IKE SA #3 "xauth-road-eastnet" "xauth-road-eastnet" #3: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55c72fd22a10 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 "xauth-road-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd28bc0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #3 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.430684 | #3 spent 1.77 milliseconds in main_outI1() | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "xauth-road-eastnet" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:349) | close_any(fd@21) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.84 milliseconds in whack | spent 0.00191 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 156 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 156 (0x9c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #3 in MAIN_I1 (find_state_ikev1_init) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #3 is idle | #3 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 5 for state #3 | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd28bc0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd28bc0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #3 and saving MD | #3 is busy; has a suspended MD | #3 spent 0.143 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.3 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 5 for state #3 | crypto helper 4 doing build KE and nonce (outI2 KE); request ID 5 | crypto helper 4 finished build KE and nonce (outI2 KE); request ID 5 time elapsed 0.002741 seconds | (#3) spent 1.07 milliseconds in crypto helper computing work-order 5: outI2 KE (pcr) | crypto helper 4 sending results from work-order 5 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f725c006900 size 128 | libevent_realloc: release ptr-libevent@0x55c72fd03790 | libevent_realloc: new ptr-libevent@0x55c72fd22670 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 5 | calling continuation function 0x55c72f6e9630 | main_inR1_outI2_continue for #3: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value a0 32 04 5f ff 98 57 a3 49 0a eb 7a 22 43 cd 40 | keyex value 61 29 4a d0 76 39 d4 12 c5 f4 96 c9 65 1e c5 53 | keyex value 4f b6 ac 90 6b ba f3 3d a1 d3 b2 03 45 eb 01 9b | keyex value c6 ca 7d b9 84 f7 43 53 3b 8e f5 c0 3d 9a 0e 13 | keyex value c5 05 d5 a6 b2 68 24 c2 25 22 d3 e0 92 92 02 8d | keyex value 4c 48 8e f5 fe 3a d3 2e c2 b5 77 b8 37 ce a3 c1 | keyex value 5a 85 d2 33 14 4f 32 c2 07 c5 57 8f 0a d3 78 b0 | keyex value a1 d1 2f 81 4d 0b 88 6f 6d 5e a7 5c cd 40 52 58 | keyex value da 44 e0 b0 ab 81 29 d8 56 e5 88 13 1d ee 7a 78 | keyex value ad 3e d8 f6 2f 74 0c 6f 10 34 4c 50 6e e1 f3 55 | keyex value ca 58 cf da b3 72 64 8b 07 6a 18 77 63 4c d0 95 | keyex value 45 0b 2a e1 36 de 08 9f e8 85 64 79 da 43 80 06 | keyex value 0e c9 c6 0d a2 59 34 4e 95 e2 cd d4 89 90 91 20 | keyex value 1f 05 17 76 62 1b 03 9b 79 11 d0 0d fd 22 cc b8 | keyex value 6c 9a fd 0e cc 16 c0 33 ca a1 51 49 3f 7f 39 4e | keyex value e5 60 ca ad 08 76 26 e7 65 8d 44 27 fd 51 75 96 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 8f f4 59 bc d9 6b d6 7e c2 1e ad ca 8a 4d 69 47 | Ni 41 56 10 41 77 04 84 80 c0 23 17 75 6d a7 93 89 | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b3 e1 ac 9a 04 90 58 5f | natd_hash: rcookie= 8b 0b 3e b4 dd 4c 88 6f | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= bd 24 9b f9 b1 33 d3 45 f4 c7 6b bc ad a9 db 47 | natd_hash: hash= a0 bc 1e d1 f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D bd 24 9b f9 b1 33 d3 45 f4 c7 6b bc ad a9 db 47 | NAT-D a0 bc 1e d1 f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b3 e1 ac 9a 04 90 58 5f | natd_hash: rcookie= 8b 0b 3e b4 dd 4c 88 6f | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 38 0a 13 2e 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e | natd_hash: hash= ad e7 4d 1d 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 38 0a 13 2e 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e | NAT-D ad e7 4d 1d 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #3 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #3: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd28bc0 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 396 bytes for STATE_MAIN_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | a0 32 04 5f ff 98 57 a3 49 0a eb 7a 22 43 cd 40 | 61 29 4a d0 76 39 d4 12 c5 f4 96 c9 65 1e c5 53 | 4f b6 ac 90 6b ba f3 3d a1 d3 b2 03 45 eb 01 9b | c6 ca 7d b9 84 f7 43 53 3b 8e f5 c0 3d 9a 0e 13 | c5 05 d5 a6 b2 68 24 c2 25 22 d3 e0 92 92 02 8d | 4c 48 8e f5 fe 3a d3 2e c2 b5 77 b8 37 ce a3 c1 | 5a 85 d2 33 14 4f 32 c2 07 c5 57 8f 0a d3 78 b0 | a1 d1 2f 81 4d 0b 88 6f 6d 5e a7 5c cd 40 52 58 | da 44 e0 b0 ab 81 29 d8 56 e5 88 13 1d ee 7a 78 | ad 3e d8 f6 2f 74 0c 6f 10 34 4c 50 6e e1 f3 55 | ca 58 cf da b3 72 64 8b 07 6a 18 77 63 4c d0 95 | 45 0b 2a e1 36 de 08 9f e8 85 64 79 da 43 80 06 | 0e c9 c6 0d a2 59 34 4e 95 e2 cd d4 89 90 91 20 | 1f 05 17 76 62 1b 03 9b 79 11 d0 0d fd 22 cc b8 | 6c 9a fd 0e cc 16 c0 33 ca a1 51 49 3f 7f 39 4e | e5 60 ca ad 08 76 26 e7 65 8d 44 27 fd 51 75 96 | 14 00 00 24 8f f4 59 bc d9 6b d6 7e c2 1e ad ca | 8a 4d 69 47 41 56 10 41 77 04 84 80 c0 23 17 75 | 6d a7 93 89 14 00 00 24 bd 24 9b f9 b1 33 d3 45 | f4 c7 6b bc ad a9 db 47 a0 bc 1e d1 f9 29 eb 54 | 60 71 f4 ae 79 ee b5 c2 00 00 00 24 38 0a 13 2e | 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e ad e7 4d 1d | 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | !event_already_set at reschedule "xauth-road-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd28bc0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #3 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.436092 "xauth-road-eastnet" #3: STATE_MAIN_I2: sent MI2, expecting MR2 | XAUTH client is not yet authenticated | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 0.357 milliseconds in resume sending helper answer | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f725c006900 | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 25 ff d2 22 cc 2e 88 f7 17 31 1c 0c 99 4f 47 56 | f5 6c e2 db cb 4a 44 68 d1 27 f3 26 90 0f 00 b6 | 3b 7c 6d c7 7e cc e3 dd de 92 ee 87 0b 23 48 e7 | 99 f4 c1 38 e0 74 9b 80 f0 27 aa c0 7c 56 91 01 | ff 54 4b 9b 90 90 5e 41 f9 9a 01 46 50 eb b7 7d | 1c 99 8a 6a 73 79 b6 80 85 8c f8 88 d7 fc fb 53 | 7d 62 b9 87 96 e8 f7 9a f8 88 1f 2f 67 9c ef 9d | 3c 58 9a 5e 59 27 4d 2f 74 e2 cb 93 1f cd 25 07 | e2 51 0d d8 9e 39 a6 66 a3 13 47 2a 00 9c 2c ac | ac 67 4f 86 f8 2a ff 9f f7 bf ae c6 25 9d a4 20 | 11 13 05 9d 22 23 f1 6b 8c a7 c8 08 c1 03 dd 50 | c3 57 88 79 df 4d 86 2a 8c 49 02 07 6d a6 d6 61 | c2 68 43 7e e0 c1 06 a3 cc 10 80 99 19 d1 c4 7e | 49 61 f5 6b 33 ab 9c 56 d9 8e 01 c2 0c 39 f9 cc | 51 8b 70 1c fa 4e 81 d1 3d b2 c5 ed c2 00 1b 9c | 12 5a 96 fb 72 6b 09 f3 61 1f c7 fa 0b 78 34 dc | 14 00 00 24 3b 76 6a ba 09 38 bf de 68 3f 27 a0 | ca f7 25 bf 23 0d 9f fc ec 35 66 ef 95 2b 4d 60 | 15 00 ac 9b 14 00 00 24 38 0a 13 2e 2f 2d 5a 97 | 8f c9 62 6c 28 38 42 0e ad e7 4d 1d 22 cb f4 dd | bc 2b 18 2c 70 24 97 c9 00 00 00 24 bd 24 9b f9 | b1 33 d3 45 f4 c7 6b bc ad a9 db 47 a0 bc 1e d1 | f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #3 in MAIN_I2 (find_state_ikev1) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #3 is idle | #3 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for @road->@east of kind PKK_PSK | actually looking for secret for @road->@east of kind PKK_PSK | line 1: key type PKK_PSK(@road) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 6 for state #3 | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd28bc0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f725c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | suspending state #3 and saving MD | #3 is busy; has a suspended MD | #3 spent 0.0638 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.202 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 6 for state #3 | crypto helper 6 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 6 | crypto helper 6 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 6 time elapsed 0.00103 seconds | (#3) spent 1.04 milliseconds in crypto helper computing work-order 6: aggr outR1 DH (pcr) | crypto helper 6 sending results from work-order 6 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 6 | calling continuation function 0x55c72f6e9630 | main_inR2_outI3_cryptotail for #3: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: 0?? | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because I do not have one. | I am not sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b3 e1 ac 9a 04 90 58 5f | natd_hash: rcookie= 8b 0b 3e b4 dd 4c 88 6f | natd_hash: ip= c0 01 03 d1 | natd_hash: port= 01 f4 | natd_hash: hash= 38 0a 13 2e 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e | natd_hash: hash= ad e7 4d 1d 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | natd_hash: hasher=0x55c72f7bfc40(32) | natd_hash: icookie= b3 e1 ac 9a 04 90 58 5f | natd_hash: rcookie= 8b 0b 3e b4 dd 4c 88 6f | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= bd 24 9b f9 b1 33 d3 45 f4 c7 6b bc ad a9 db 47 | natd_hash: hash= a0 bc 1e d1 f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | expected NAT-D(me): 38 0a 13 2e 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e | expected NAT-D(me): ad e7 4d 1d 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | expected NAT-D(him): | bd 24 9b f9 b1 33 d3 45 f4 c7 6b bc ad a9 db 47 | a0 bc 1e d1 f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | received NAT-D: 38 0a 13 2e 2f 2d 5a 97 8f c9 62 6c 28 38 42 0e | received NAT-D: ad e7 4d 1d 22 cb f4 dd bc 2b 18 2c 70 24 97 c9 | received NAT-D: bd 24 9b f9 b1 33 d3 45 f4 c7 6b bc ad a9 db 47 | received NAT-D: a0 bc 1e d1 f9 29 eb 54 60 71 f4 ae 79 ee b5 c2 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_SIG (0x9) | ID type: ID_FQDN (0x2) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 72 6f 61 64 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | started looking for secret for @road->@east of kind PKK_RSA | actually looking for secret for @road->@east of kind PKK_RSA | line 1: key type PKK_RSA(@road) to type PKK_RSA | 1: compared key (none) to @road / @east -> 002 | 2: compared key (none) to @road / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55c72fd151c0 (line=1) | concluding with best_match=002 best=0x55c72fd151c0 (lineno=1) | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 388 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 56 07 44 54 58 4a 09 f1 70 5f e4 39 b0 7d f9 54 | SIG_I a1 8c d3 f6 83 49 c7 a3 f4 78 da 95 9a c1 68 df | SIG_I 52 3f 61 c7 b6 66 97 61 73 94 4c 5f 50 f5 9e 8a | SIG_I 55 54 de 37 42 81 01 b8 3b 07 fc 5e 94 17 67 fd | SIG_I 25 96 b0 6e b3 ad fa d1 5b e7 fd b1 62 bc 1c 0f | SIG_I 41 e4 4b c6 81 07 70 1d 30 b4 e5 9d 36 12 51 4d | SIG_I 6e 6a d7 d6 23 82 d4 d0 29 50 db 42 6c a4 47 9f | SIG_I b2 f9 62 66 58 b6 43 3c 53 38 ce d1 87 2e 81 18 | SIG_I c6 e7 e8 0a d0 08 fc 60 e1 b7 94 a6 43 9d be eb | SIG_I 68 1d ff ed 3b 87 ef c5 2a da ca 06 86 76 2b c6 | SIG_I 83 57 dd c8 ff 58 81 01 38 af 45 85 64 cd e3 4c | SIG_I ce fc de 6d a6 2a 47 3c db 22 d1 d2 9d b7 e5 db | SIG_I 2a cf c5 22 39 3e b5 1e 9c f8 be fa d1 5a 73 1e | SIG_I 43 4c 70 b4 28 8f cd fb ec 84 28 11 e2 11 fa 07 | SIG_I 5c f7 d4 cc d3 28 23 24 b4 7d 11 ce 86 d7 ef 71 | SIG_I 69 d7 6a 0f a4 7b d7 df a5 2a 2c dc 93 ef 94 eb | SIG_I c6 63 9c 12 2b 08 33 f3 e1 15 45 17 53 e3 f5 e7 | SIG_I 9d 6c 62 fe 90 d8 ff 49 90 5f 97 b6 bb c4 38 05 | SIG_I de db 90 ab 11 61 3b c6 78 39 ce 24 6e af 14 4d | SIG_I 06 91 97 a0 d9 37 01 8e 3c 98 1d 00 f1 c1 a0 bd | SIG_I 74 45 db 8d 78 57 af 27 e0 a9 2f fb 38 5d 30 32 | SIG_I 20 89 20 13 5f 5a 98 2b a6 6d b9 68 63 84 29 2d | SIG_I 1d a7 64 76 0d 11 03 25 39 2f 9c 57 03 96 51 d0 | SIG_I 06 75 ec 47 74 bd 89 32 26 ba 87 13 86 e3 eb d3 | SIG_I 1e df e1 aa | emitting length of ISAKMP Signature Payload: 392 | Not sending INITIAL_CONTACT | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 444 | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #3: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f725c002b20 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 444 bytes for STATE_MAIN_I2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 05 10 02 01 00 00 00 00 00 00 01 bc 50 38 32 7e | ea cf 5c c9 16 72 29 f9 88 f9 2d 6e 8f 13 71 47 | 04 d1 e6 09 8e 07 ea a7 0e f0 5c 2d a5 78 a1 6b | fd 12 30 18 a8 48 5d 98 3a 23 82 94 8d ae 79 fd | fd 78 55 24 ed 25 4a 98 b9 05 15 76 04 60 d7 ff | 5c 2c f5 7b 4c 12 01 67 35 fe 5c 6d 62 fb cd 7c | d4 ca 4e 8a 62 91 86 7d cd 41 06 6a eb e4 82 0a | 3f 45 dc 87 6c 4d 4c bd 8d 68 6f b4 4b 5a 51 1e | f1 25 f6 c3 f5 cb 80 02 e7 29 fa 16 8e d9 43 8e | 47 3e 38 5d 9b dd 73 90 f7 c9 3f b7 fb 34 28 c4 | 11 bf 7f 55 dc 0b b4 c5 5a 38 c8 02 83 df ff 33 | ca b8 bf c1 9b f1 5e f4 fe cb 0b ab e8 11 e1 be | aa 7b 3e c3 e5 c6 4d 4e cd 09 3f 5e 21 82 57 17 | 11 01 ad d2 a3 f0 b6 3a 61 f2 e1 ea 65 9b 45 8c | 38 0a 76 0f 96 3e 0c 64 bc 0f 5f 9b 75 16 42 a0 | 6c b9 93 44 87 13 d8 19 62 44 7c 0e 5a c2 4b 5a | 37 ad 64 b1 31 ba 74 c7 24 6f 23 ca e9 b3 69 37 | 32 6c 50 23 ec 33 2b a7 71 b1 6e 62 e1 2d b6 1a | fe 32 6a 3c 8d 86 59 ad d6 79 d0 6f 1a 86 21 44 | 27 93 66 52 10 42 6c ec d1 33 3d fa 6d 5d db 3d | a3 ad 0f 81 cc 68 cf 42 12 f4 31 82 e6 a1 5e 8a | 82 7e b5 b9 92 8a 3a 8d 81 3e 60 41 3a 1a 6e 4f | 15 8c b6 74 19 a9 21 9d b9 10 8b 08 2e be 2b 12 | 71 1d 7e c2 79 4b 74 da dc ce 59 bc fb a5 24 e0 | 8b 83 5c 3a 45 c1 06 89 cd 12 71 87 a1 08 3f cb | f4 f9 d2 d0 cd 16 bc d7 c4 28 70 ac 3d 89 6d dd | 7a 16 9d fe 93 45 d3 10 39 7f ca a3 | !event_already_set at reschedule "xauth-road-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22590 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #3 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.458774 "xauth-road-eastnet" #3: STATE_MAIN_I3: sent MI3, expecting MR3 | XAUTH client is not yet authenticated | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 9.74 milliseconds in resume sending helper answer | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7250004f00 | spent 0.00186 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 332 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 05 10 02 01 00 00 00 00 00 00 01 4c 02 b4 e0 1d | df a8 ad ac 88 c1 dd a8 5b 3a 3d f0 d3 15 b5 44 | 9f 95 60 18 34 a4 dd 52 c8 52 90 42 14 91 6a a7 | 53 22 70 ff 7c 71 3a b4 72 93 8f 3c 11 4d 38 69 | 1e 3d 8e d7 2a 24 63 56 ba 56 98 d0 32 40 6a 04 | 1b 89 a1 1c ba 0d b0 f3 a4 1a d7 7b f3 78 3c 4f | d9 7b f4 81 f1 9a 5d fe d2 ac a2 32 3f e6 a6 c2 | c9 80 89 e6 ee 55 ef 73 8e ce e5 59 ec 06 ba c8 | d2 74 81 32 bf 1d 56 dd ed ab bc 45 fd 94 a5 b5 | 67 5c a8 44 39 82 31 82 45 bb 34 ab d1 a5 10 63 | 54 6a 5c 7a 36 15 20 2c ab b6 01 07 93 93 40 76 | e8 b7 a9 42 fb e1 d7 21 65 d9 b3 21 70 75 9e 0f | 98 19 b4 aa 6e 6f c7 12 e4 4e 15 e0 6c f6 ac 14 | 6b a1 f1 9c f1 2e b3 60 28 03 ed b2 78 1d be 7f | 51 1c 25 12 30 0a 7f bc 6e 6d a2 85 dd 7f ac c1 | d1 a7 e5 f2 4f 69 65 1c cd 7a 76 bc 4e d4 ff 54 | 7e a6 7e 44 e1 15 5f 97 42 ab cd bc 85 e9 7d 86 | f6 29 66 6f af da 57 02 b1 ca 2e fb a7 35 f1 c1 | b3 ca ba b6 64 30 58 d9 17 a4 b4 22 ae 18 be 68 | e7 5b 51 2b cb f0 9c c3 4c d5 2a 63 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 332 (0x14c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #3 in MAIN_I3 (find_state_ikev1) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 65 61 73 74 | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 278 (0x116) | removing 14 bytes of padding | message 'main_inR3' HASH payload not checked early "xauth-road-eastnet" #3: Peer ID is ID_FQDN: '@east' | X509: no CERT payloads to process | required RSA CA is '%any' | checking RSA keyid '@east' for match with '@east' | RSA key issuer CA is '%any' | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] | #3 spent 0.0559 milliseconds in try_all_keys() trying a pubkey "xauth-road-eastnet" #3: Authenticated using RSA | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 | parent state #3: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22590 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd22590 | inserting event EVENT_SA_REPLACE, timeout in 2638 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | pstats #3 ikev1.isakmp established "xauth-road-eastnet" #3: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #3 spent 0.265 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.437 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 06 01 c1 4c b3 61 00 00 00 5c a3 5e 82 8d | e1 8e 13 07 90 8a e5 fe a5 b4 64 19 5b f6 2b 19 | e3 47 b6 93 96 c1 aa 25 51 ca 82 cf 47 eb 1f b8 | 85 ef 33 72 e6 49 bc 4b 98 d4 cd b3 43 49 88 d2 | 3a 58 29 0f 93 35 1f a1 f1 5c cb 5d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3243029345 (0xc14cb361) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #3; msgid=c14cb361 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #3 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient | call init_phase2_iv | set from_state to STATE_MAIN_I4 this is xauthclient and IS_PHASE1() is TRUE | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | xauth_inI0 HASH(1): | a7 47 69 24 f8 33 59 c4 e1 8b ce 8f 02 94 11 fe | 68 fe fa b3 0d db 02 ae a9 94 98 d4 32 46 89 78 | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3243029345 (0xc14cb361) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | Received Cisco XAUTH username | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | Received Cisco XAUTH password | XAUTH: Username or password request received | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | prompting for Username: | emitting 8 raw bytes of XAUTH username into ISAKMP ModeCfg attribute | XAUTH username 67 6f 6f 64 75 73 65 72 | emitting length of ISAKMP ModeCfg attribute: 8 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | started looking for xauth secret for gooduser | line 1: key type PKK_XAUTH(@gooduser) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | looked up username=gooduser, got=(nil) | prompting for Password: | emitting 8 raw bytes of XAUTH password into ISAKMP ModeCfg attribute | XAUTH password 75 73 65 31 70 61 73 73 | emitting length of ISAKMP ModeCfg attribute: 8 | emitting length of ISAKMP Mode Attribute: 32 "xauth-road-eastnet" #3: XAUTH: Answering XAUTH challenge with user='gooduser' | XAUTH: client response HASH(1): | 6f ca 47 cb 28 49 a0 40 3f ec 37 5e b4 b3 24 f7 | a4 fd 05 0b f7 51 7a 44 05 d2 5e a4 7c f3 62 bd | no IKEv1 message padding required | emitting length of ISAKMP Message: 96 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 108 | xauth_inI0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 | parent state #3: MAIN_I4(established IKE SA) => XAUTH_I1(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd22590 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 108 bytes for STATE_XAUTH_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 06 01 c1 4c b3 61 00 00 00 6c 5b b0 a7 b0 | 92 d0 e3 27 94 ee c8 64 01 4d 71 45 4d 46 f6 02 | ce 1f c8 fd 06 ea fc f4 2c a8 77 08 d6 37 45 70 | 47 99 3e f8 42 a8 d5 48 40 e6 ea d1 65 13 3e 7d | 0b 25 bc a0 7b 63 a0 d6 64 91 67 be e3 37 70 4c | 0a e7 26 33 a3 79 f0 08 19 02 7a 1a | !event_already_set at reschedule "xauth-road-eastnet" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22590 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | #3 STATE_XAUTH_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.539574 | pstats #3 ikev1.isakmp established "xauth-road-eastnet" #3: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #3 spent 0.293 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.491 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00231 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 06 01 08 ff 48 d5 00 00 00 4c 85 f9 8a bf | 29 01 f8 90 8e b0 76 68 ef f3 3e 09 db 72 9c f1 | 44 4d 89 61 6a 71 2e 7e e6 31 56 f1 72 44 ac 41 | 66 4f ee 78 ac 9c 1c 96 98 0d 94 49 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 150948053 (0x8ff48d5) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #3; msgid=08ff48d5 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #3 found, in STATE_XAUTH_I1 | State DB: found IKEv1 state #3 in XAUTH_I1 (find_v1_info_state) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1654) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient | call init_phase2_iv | set from_state to STATE_XAUTH_I1 this is xauthclient and state == STATE_XAUTH_I1 | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | xauth_inI0 HASH(1): | 92 e4 87 72 05 b1 01 88 f3 ae aa 69 f0 1c f1 ab | ef 12 7b dc 3d 61 c3 39 44 e0 55 c5 77 8e fc bb | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 150948053 (0x8ff48d5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | Received Cisco XAUTH status: OK | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: ack status HASH(1): | a7 9d 81 15 de 77 2b 2e 0c e1 1a 94 e6 14 fe c6 | e8 23 32 cf 09 a2 4d bb 69 28 6d d9 29 94 bb fa | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 "xauth-road-eastnet" #3: XAUTH: Successfully Authenticated | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #3 is idle | doing_xauth:no, t_xauth_client_done:yes | IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 "xauth-road-eastnet" #3: XAUTH completed; ModeCFG skipped as per configuration | parent state #3: XAUTH_I1(established IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22590 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 76 bytes for STATE_XAUTH_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 06 01 08 ff 48 d5 00 00 00 4c e0 b4 35 f5 | 5c 4c 90 ac b9 a2 17 03 09 97 d6 8b a3 be 3e df | e3 55 3e 51 90 b9 65 2b 49 f8 93 a6 7f bb cb f6 | bc f5 dd 4f ed d5 71 57 9e 68 93 32 | !event_already_set at reschedule | fixup XAUTH without ModeCFG event from EVENT_RETRANSMIT to EVENT_SA_REPLACE | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd22590 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #3 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | pstats #3 ikev1.isakmp established "xauth-road-eastnet" #3: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | unpending state #3 | creating state object #4 at 0x55c72fd24dd0 | State DB: adding IKEv1 state #4 in UNDEFINED | pstats #4 ikev1.ipsec started | duplicating state object #3 "xauth-road-eastnet" as #4 for IPSEC SA | #4 setting local endpoint to 192.1.3.209:500 from #3.st_localport (in duplicate_state() at state.c:1481) | suspend processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "xauth-road-eastnet" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#3 msgid:419fcffb proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 7 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd212d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | stop processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) | resume processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) | unqueuing pending Quick Mode with 192.1.2.23 "xauth-road-eastnet" | removing pending policy for no connection {0x55c72fd23090} | close_any(fd@22) (in release_whack() at state.c:654) | #3 spent 0.277 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.44 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 7 for state #4 | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 7 | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000999 seconds | (#4) spent 0.992 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) | crypto helper 5 sending results from work-order 7 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f7254007fa0 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 7 | calling continuation function 0x55c72f6e9630 | quick_outI1_continue for #4: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1100992507 (0x419fcffb) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x41c03211 for esp.0@192.1.3.209 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 41 c0 32 11 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 59 a5 10 a8 29 2e c6 81 d5 5f 42 02 c8 7f 91 48 | Ni 77 d0 69 44 4d 51 7d 22 c1 d7 37 ec 45 e0 23 02 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 29 2c 82 cc cc fc 3c 40 c0 cb de f0 cc e0 97 1b | keyex value ad 21 8f ec 43 45 34 b4 c3 6a e9 ec 6b 52 b4 4a | keyex value 5f a9 c8 b7 77 d8 ed e0 3e 30 d7 20 53 b4 1b b8 | keyex value 0f 1e fb a5 3e f7 ff d8 0e 55 41 2f fa d5 e2 a9 | keyex value b7 2c 6d 91 9a d0 72 cb 4d eb de 94 03 25 8a 2a | keyex value 97 76 63 d7 37 8d de 07 5e c3 d9 c4 c8 6a 3a d7 | keyex value 5c 02 8b 1a 3d de 2b 37 0f a6 e0 97 7b f6 aa 9c | keyex value 4c 4f 62 dc a5 63 6f a0 01 57 2a 27 d4 b7 57 a8 | keyex value d7 39 4f 74 73 92 2d fa 1e d0 9e b5 af 98 e1 2d | keyex value d1 bb 6a a4 93 00 f2 82 8d b8 89 67 a2 9a 9f 4b | keyex value f1 52 c3 50 58 50 44 97 dc 48 32 d3 4a 75 dd 75 | keyex value 14 4b 71 73 0e ff ab 15 2a 75 d7 45 15 0c 01 14 | keyex value c0 0c 49 a5 3a 84 99 71 8a 5d cc d2 50 27 a2 4c | keyex value 9c 9b 11 74 2b 88 56 7c 1d 74 c8 f0 81 10 f4 88 | keyex value e7 ce ee 76 f4 71 c6 e2 d1 38 63 12 7c 58 2f a2 | keyex value e2 5f ec d6 c0 8f cf 2f 13 2e 4d 2d da 8a 68 25 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 01 03 d1 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff 00 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | f1 99 cd 08 c2 cf b3 bd 6f 67 fd 72 57 00 1f bc | d0 f8 54 f2 e9 81 eb aa c2 7f c9 25 6f ab de 7c | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #4) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 20 01 41 9f cf fb 00 00 01 dc 7d 13 94 6a | c1 b3 76 d5 ce e4 65 3b b5 d1 59 c7 1e 17 39 92 | dc 06 08 32 2b b1 b6 8d a4 7c 32 b5 60 c8 87 bc | d8 f6 00 88 70 17 1d 3f bc 21 ac 8c 88 ca 09 1f | 90 15 97 14 bb 50 a9 9f 8c ef 19 e4 1e 80 0f 93 | c9 cf 15 c5 f3 6a c8 62 43 d5 e2 61 f8 62 fa 55 | 43 12 c1 3a bc 4f f9 3b b5 24 2a 74 f8 f4 27 3b | 6e 6b fc 63 1b 4e 88 0d 19 d9 a4 05 3b 55 4b 24 | 78 8f f2 6f 98 e7 72 b4 a1 8e 6a 16 be 51 e8 9f | 2a 97 0c 55 d7 52 75 0e a0 84 7c 60 ef 5f 2d d8 | 4d 2a 75 0f 2b 0a b5 ed da 3a a8 30 f0 cc f1 01 | 73 cb 04 8e 57 57 e8 57 08 85 d9 85 34 a1 6c ff | fa 5b 9c fc 9e 43 31 d9 db 12 cb ac 4f a4 a2 ff | 6d 88 ec 02 fd 32 a3 d3 bf db 6e f8 1d 4d 67 22 | a9 ed b6 bf 54 ca f7 37 e6 ac 1f f3 a0 ee aa 55 | 7b 9f 2f de 89 03 40 1c 90 ac e1 fc 10 75 63 2e | 6c 3d b4 c3 3a e5 c2 bd a4 6f eb 20 91 da 6a 50 | 32 8e aa fd 44 6d a9 c2 a7 4d f5 2a 94 6a 0b 36 | 96 8e 8b cd a2 92 3b 49 39 b4 88 4f b3 d3 4c cf | ca 5d c9 01 ed 0f 59 53 3b 7c 01 c3 89 33 88 52 | 54 4a 14 2f 8d 8c 19 1d 3a 9f 21 89 43 20 99 a1 | ac a8 66 8a 40 f5 14 4d 96 8f 1b cb 43 64 29 51 | 89 83 12 61 31 84 30 98 3b 61 47 67 fc dc 59 2b | ef 34 f2 03 ca 3e 42 32 a3 37 c4 43 43 4f 17 07 | d2 29 d3 cd c0 c5 40 2e 61 f8 f2 cc b9 64 fc fe | 2c 30 f5 3a e4 b3 d2 ff b7 69 f8 02 a7 c3 49 77 | 2a 7b 00 a9 64 9c 54 bb 42 97 21 0f 7f de fc a2 | 1d 99 d8 6c 57 26 9b cd 40 b3 71 31 7a 03 7e fe | bd 30 cd 34 8c c8 eb 66 ee c0 df e8 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f7250004f00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd212d0 "xauth-road-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd212d0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | #4 STATE_QUICK_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50020.54516 | resume sending helper answer for #4 suppresed complete_v1_state_transition() | #4 spent 0.565 milliseconds in resume sending helper answer | stop processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7254007fa0 | spent 0.00204 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 20 01 41 9f cf fb 00 00 01 bc 91 cb 86 b8 | e5 23 86 0e 8a bd cf 0d 18 8f e3 71 e6 e6 84 24 | fe 1e ed 6e 24 80 43 ba c7 85 23 d6 03 d7 a5 70 | 4d cd 98 03 f3 27 a0 f6 b7 25 7a 28 86 4e 00 8e | 27 ac 1e ca 3b 54 26 33 6f bc ee bd e7 9a 03 b0 | 1b 29 e0 cc 97 57 db a2 5f a2 92 92 ac 58 4b b9 | 15 30 7c b4 ba 75 7e a6 ca 20 02 65 0e 21 6a 7f | 7c 54 ba fb fb 68 df 3f 56 83 8e a7 66 e4 ee 18 | 4a 8d a8 be 38 f4 b5 7c 5b e0 c0 ab a0 aa d5 f4 | 96 ee 9c c0 9a c7 63 5b 98 89 44 0d b9 b3 66 36 | 22 23 77 af 55 88 0d 12 d2 c1 0c 47 81 de a2 54 | 36 68 d6 99 7e d0 a8 7b aa 67 75 d4 ed 48 ac 66 | a4 6f 86 ae 4e 17 ff b4 ac 31 33 5b 00 72 36 79 | 96 53 e1 9f 89 a2 c9 8f 55 dd 1b 9c f5 f2 4c ed | ab 5f a7 0a b0 83 b9 7a 2d b6 9e 1b 1e dd 8f 83 | 26 85 18 66 d3 92 12 19 f5 a3 cb b5 91 8d 10 ab | 6f e1 9b 3e 66 c1 aa bc d6 0f b4 a8 e5 27 91 c1 | ff 74 8f f0 22 36 0c 4f 94 3d 01 52 ba 58 e6 82 | f8 3d 2c 93 cd 31 dc 02 18 2a 1a c7 21 37 52 54 | f4 22 d2 91 da 2d c1 be c1 f7 9b f1 55 a2 39 9f | 8a 9b 4a 84 dd 87 73 00 3c 06 a3 ea fb 1d 89 35 | 8a 87 3d c9 24 73 fb a0 11 ba 14 69 66 05 d5 49 | 18 33 19 49 53 f7 44 56 bd 37 28 ac c2 b3 05 98 | cd c2 f3 77 3d 16 9d 31 3b 67 37 b9 f4 00 30 5d | 87 e0 bc c0 6f ea e2 e8 aa b9 6f 7e 35 fb 83 d9 | 45 c6 42 61 47 4d 5b 8c 61 9b 85 91 ea 6b 93 c3 | ee 0a 41 49 07 f7 26 b8 8a 87 8f 7b | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1100992507 (0x419fcffb) | length: 444 (0x1bc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) | #4 is idle | #4 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 12 (0xc) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 01 03 d1 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 00 ff ff ff 00 | quick_inR1_outI2 HASH(2): | e6 43 12 80 c6 30 1a 00 ad e5 cb 5e 42 8f ff 8b | 76 d6 cb ca a7 33 e6 74 3d f5 9b a6 f0 9a 62 e3 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI a7 8a 6f 6d | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @road->@east of kind PKK_PSK | actually looking for secret for @road->@east of kind PKK_PSK | line 1: key type PKK_PSK(@road) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 8 for state #4 | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f7250004f00 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd212d0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd212d0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) | crypto helper 0 resuming | suspending state #4 and saving MD | #4 is busy; has a suspended MD | crypto helper 0 starting work-order 8 for state #4 | #4 spent 0.156 milliseconds in process_packet_tail() | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 8 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.406 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 8 time elapsed 0.000916 seconds | (#4) spent 0.922 milliseconds in crypto helper computing work-order 8: quick outI2 DH (pcr) | crypto helper 0 sending results from work-order 8 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f7268002030 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x55c72f6e9630 | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1100992507 (0x419fcffb) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 01 03 d1 | our client is 192.1.3.209/32 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff 00 | peer client is subnet 192.0.2.0/24 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 47 eb 99 ce a5 38 d9 12 f6 f5 08 df e8 aa 2d f5 | f0 f4 bc 7f 5d 1b 8f 09 9f 2a 56 ce 42 c1 ea a1 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #4: inbound and outbound | could_route called for xauth-road-eastnet (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn xauth-road-eastnet mark 0/00000000, 0/00000000 vs | conn xauth-road-eastnet mark 0/00000000, 0/00000000 | route owner of "xauth-road-eastnet" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'xauth-road-eastnet' not available on interface eth0 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.a78a6f6d@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'xauth-road-eastnet' not available on interface eth0 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.41c03211@192.1.3.209 included non-error error | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => tun.10000@192.1.3.209 (raw_eroute) | IPsec Sa SPD priority set to 1040359 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #4: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn xauth-road-eastnet mark 0/00000000, 0/00000000 vs | conn xauth-road-eastnet mark 0/00000000, 0/00000000 | route owner of "xauth-road-eastnet" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: xauth-road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #4 | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | eroute_connection add eroute 192.1.3.209/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1040359 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-host | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT | popen cmd is 1078 chars long | cmd( 0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' P: | cmd( 80):LUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_: | cmd( 160):MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209': | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USE: | cmd( 800):RNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: | cmd( 880):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: | cmd( 960):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa78a6f6d: | cmd(1040): SPI_OUT=0x41c03211 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-host | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=' | popen cmd is 1083 chars long | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastn: | cmd( 80):et' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3: | cmd( 240):.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: | cmd( 400):ER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='R: | cmd( 640):SASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: | cmd( 800):O_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: | cmd( 880):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: | cmd( 960):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa78: | cmd(1040):a6f6d SPI_OUT=0x41c03211 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-host | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT | popen cmd is 1081 chars long | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet: | cmd( 80):' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLU: | cmd( 160):TO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.2: | cmd( 240):09' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': | cmd( 320):0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA: | cmd( 640):SIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd( 800):USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: | cmd( 880):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUT: | cmd( 960):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa78a6: | cmd(1040):f6d SPI_OUT=0x41c03211 ipsec _updown 2>&1: | route_and_eroute: instance "xauth-road-eastnet", setting eroute_owner {spd=0x55c72fd20ba0,sr=0x55c72fd20ba0} to #4 (was #0) (newest_ipsec_sa=#0) | #3 spent 0.793 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance xauth-road-eastnet[0], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #3 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) | #4 is idle | doing_xauth:no, t_xauth_client_done:yes | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #4: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f7250004f00 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c72fd212d0 | sending reply packet to 192.1.2.23:500 (from 192.1.3.209:500) | sending 76 bytes for STATE_QUICK_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #4) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 20 01 41 9f cf fb 00 00 00 4c 54 ef 5c fe | c7 77 22 83 13 bb 70 c2 00 46 de 54 d4 de fe 73 | 34 99 13 19 11 ef e8 9b 2c fc cb 8f 2c c3 76 95 | 24 f2 cb 95 35 bc b0 51 50 7e c8 10 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd212d0 | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | pstats #4 ikev1.ipsec established | NAT-T: encaps is 'auto' "xauth-road-eastnet" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa78a6f6d <0x41c03211 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=gooduser} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@23) (in release_whack() at state.c:654) | resume sending helper answer for #4 suppresed complete_v1_state_transition() | #4 spent 1.14 milliseconds in resume sending helper answer | stop processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f7268002030 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00263 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0026 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.41c03211@192.1.3.209 | get_sa_info esp.a78a6f6d@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0812 milliseconds in whack | processing global timer EVENT_REVIVE_CONNS | spent 0.00116 milliseconds in global timer EVENT_REVIVE_CONNS | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.41c03211@192.1.3.209 | get_sa_info esp.a78a6f6d@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.317 milliseconds in whack | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 05 01 87 b1 90 38 00 00 00 5c 9b aa 56 aa | c1 4d a7 99 a7 05 7a 4e 67 aa 3c 96 40 61 dd bc | d6 04 ca 7c b0 53 08 cd 86 2e 1b 26 0b 79 44 dd | d9 24 3a 74 c4 0f 25 a9 07 77 00 f8 48 d9 66 2d | 32 5a c0 5d 91 3b b8 99 89 22 c4 bf | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2276560952 (0x87b19038) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #4; msgid=00000000 st_msgid=419fcffb st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #3 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | 85 2a 8b 9a f5 c5 25 1c 61 c0 96 44 69 5d 2c a2 | 24 4a f4 17 18 6d 94 39 19 97 ab e6 f9 39 8a 36 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI a7 8a 6f 6d | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "xauth-road-eastnet" (BACKGROUND) (in accept_delete() at ikev1_main.c:2506) "xauth-road-eastnet" #3: received Delete SA payload: replace IPsec State #4 now | state #4 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f7250004f00 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd212d0 | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd212d0 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f7250004f00 size 128 | stop processing: connection "xauth-road-eastnet" (BACKGROUND) (in accept_delete() at ikev1_main.c:2550) | del: | complete v1 state transition with STF_IGNORE | #3 spent 0.00392 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.201 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55c72fd212d0 | handling event EVENT_SA_REPLACE for child state #4 | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #4 for #4 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x55c72fd26ec0 | State DB: adding IKEv1 state #5 in UNDEFINED | pstats #5 ikev1.ipsec started | duplicating state object #3 "xauth-road-eastnet" as #5 for IPSEC SA | #5 setting local endpoint to 192.1.3.209:500 from #3.st_localport (in duplicate_state() at state.c:1481) | suspend processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) | start processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "xauth-road-eastnet" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #4 {using isakmp#3 msgid:ec691d33 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 9 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f72540041c0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f7268002030 size 128 | stop processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) | resume processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55c72fd220b0 | crypto helper 1 resuming | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 | crypto helper 1 starting work-order 9 for state #5 | libevent_malloc: new ptr-libevent@0x7f7258004f00 size 128 | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 9 | libevent_free: release ptr-libevent@0x7f7250004f00 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd212d0 | #4 spent 0.0731 milliseconds in timer_event_cb() EVENT_SA_REPLACE | stop processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55c72fd220b0 | handling event EVENT_SA_EXPIRE for child state #4 | start processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #4 for #4 | un-established partial CHILD SA timeout (SA expired) | pstats #4 ikev1.ipsec re-failed exchange-timeout | pstats #4 ikev1.ipsec deleted completed | [RE]START processing: state #4 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #4: deleting state (STATE_QUICK_I2) aged 5.243s and sending notification | child state #4: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.a78a6f6d@192.1.2.23 | get_sa_info esp.41c03211@192.1.3.209 "xauth-road-eastnet" #4: ESP traffic information: in=336B out=336B XAUTHuser=gooduser | #4 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2030372076 (0x790504ec) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 41 c0 32 11 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 79 18 c9 8d 3d 7f b7 0a 41 5f 2c 64 b2 ed 95 66 | 21 22 ce 56 91 c5 59 87 e9 c0 15 82 96 5a b8 9b | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 05 01 79 05 04 ec 00 00 00 5c 24 dc a1 2d | 13 fd cb 82 e2 33 0a 1b 33 f3 86 c5 e1 10 84 26 | e6 90 96 8b 85 3a 17 9b 10 b4 b1 ce ee 62 af 9c | 4f e0 18 92 93 27 a8 e3 d4 49 2a 41 53 73 bd c4 | ad 47 d7 3a dd 0c eb 42 ff 09 ce 0a | running updown command "ipsec _updown" for verb down | command executing down-host | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051374' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC | popen cmd is 1089 chars long | cmd( 0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet': | cmd( 80): PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUT: | cmd( 160):O_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.20: | cmd( 240):9' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051374' PLUTO_CONN_POL: | cmd( 640):ICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: | cmd( 800):0 PLUTO_USERNAME='gooduser' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: | cmd( 880):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: | cmd( 960):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: | cmd(1040):=0xa78a6f6d SPI_OUT=0x41c03211 ipsec _updown 2>&1: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.000941 seconds | (#5) spent 0.935 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) | crypto helper 1 sending results from work-order 9 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f726000aad0 size 128 | crypto helper 1 waiting (nothing to do) | shunt_eroute() called for connection 'xauth-road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | IPsec Sa SPD priority set to 1040359 | delete esp.a78a6f6d@192.1.2.23 | netlink response for Del SA esp.a78a6f6d@192.1.2.23 included non-error error | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) | raw_eroute result=success | delete esp.41c03211@192.1.3.209 | netlink response for Del SA esp.41c03211@192.1.3.209 included non-error error | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #4 in QUICK_I2 | child state #4: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x7f7258004f00 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55c72fd220b0 | in statetime_stop() and could not find #4 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 05 01 3e 61 eb 6b 00 00 00 5c 65 d2 3f e2 | 45 f9 6a 72 82 24 3c e4 6a 3b 92 dd 74 d4 5a 71 | ec b0 11 22 01 16 9e bb aa 0c 04 6a a6 d2 7f 24 | b9 ac 80 0f ce 94 73 69 e6 d3 a0 bc 52 e6 cb c2 | 36 d1 b0 81 95 ea e7 d3 b2 dc 2d 67 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1046604651 (0x3e61eb6b) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #5; msgid=00000000 st_msgid=ec691d33 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #3 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) | start processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 28 (0x1c) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | informational HASH(1): | b2 00 4e e2 10 57 a1 58 42 3a 9b c1 61 ef d8 63 | eb 98 49 66 27 5c 87 0b 74 59 94 98 07 67 e0 2a | received 'informational' message HASH(1) data ok | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie | iCookie b3 e1 ac 9a 04 90 58 5f | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie | rCookie 8b 0b 3e b4 dd 4c 88 6f | State DB: found IKEv1 state #3 in MAIN_I4 (find_state_ikev1) | del: "xauth-road-eastnet" #3: received Delete SA payload: self-deleting ISAKMP State #3 | pstats #3 ikev1.isakmp deleted completed | [RE]START processing: state #3 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #3: deleting state (STATE_MAIN_I4) aged 5.372s and sending notification | parent state #3: MAIN_I4(established IKE SA) => delete | #3 send IKEv1 delete notification for STATE_MAIN_I4 | **emit ISAKMP Message: | initiator cookie: | b3 e1 ac 9a 04 90 58 5f | responder cookie: | 8b 0b 3e b4 dd 4c 88 6f | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2440473432 (0x9176ab58) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI b3 e1 ac 9a 04 90 58 5f | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 8b 0b 3e b4 dd 4c 88 6f | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | de a3 95 3e 77 37 73 4f ea db ee ed f2 ad f1 f5 | dc 0e ad 1f a0 10 f2 66 26 3f 47 43 0c 5d 08 e1 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #3) | b3 e1 ac 9a 04 90 58 5f 8b 0b 3e b4 dd 4c 88 6f | 08 10 05 01 91 76 ab 58 00 00 00 5c 5c fa c1 39 | cd 60 60 61 8a 7d 65 a2 52 1b 9e c8 cb af 91 7e | 10 4e 0d 3e 4b c7 93 07 f9 83 83 df 18 d8 ba b5 | 82 63 f9 be c2 32 03 cc c6 32 53 19 9d 10 59 18 | 4f 0f 42 23 be 52 4a 21 e9 83 06 5b | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd22590 "xauth-road-eastnet" #3: reschedule pending child #5 STATE_QUICK_I1 of connection "xauth-road-eastnet" - the parent is going away | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f7268002030 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f72540041c0 | event_schedule: new EVENT_SA_REPLACE-pe@0x55c72fd22590 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f7268002030 size 128 | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #3 "xauth-road-eastnet" #3: deleting IKE SA for connection 'xauth-road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'xauth-road-eastnet' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #3 in MAIN_I4 | parent state #3: MAIN_I4(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x55c72fd21190 @east cnt 2-- | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.483 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #5 | start processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 9 | calling continuation function 0x55c72f6e9630 | work-order 9 state #5 crypto result suppressed | resume sending helper answer for #5 suppresed complete_v1_state_transition() | #5 spent 0.0153 milliseconds in resume sending helper answer | stop processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f726000aad0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00457 milliseconds in signal handler PLUTO_SIGCHLD | timer_event_cb: processing event@0x55c72fd22590 | handling event EVENT_SA_REPLACE for child state #5 | start processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #0 for #5 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #6 at 0x55c72fd21310 | State DB: adding IKEv1 state #6 in UNDEFINED | pstats #6 ikev1.isakmp started | suspend processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) | start processing: state #6 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) | parent state #6: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "xauth-road-eastnet" IKE SA #6 "xauth-road-eastnet" "xauth-road-eastnet" #6: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | 89 0f 91 7e 8e 71 6e f2 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55c72fd27a00 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #6) | 89 0f 91 7e 8e 71 6e f2 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 "xauth-road-eastnet" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x55c72fd22ab0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f726000aad0 size 128 | #6 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50025.803322 | #6 spent 1.49 milliseconds in main_outI1() | stop processing: state #6 connection "xauth-road-eastnet" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55c72fd22630 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #5 | libevent_malloc: new ptr-libevent@0x55c72fd23960 size 128 | libevent_free: release ptr-libevent@0x7f7268002030 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c72fd22590 | #5 spent 1.53 milliseconds in timer_event_cb() EVENT_SA_REPLACE | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection xauth-road-eastnet which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'xauth-road-eastnet' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "xauth-road-eastnet" | stop processing: connection "xauth-road-eastnet" (in initiate_a_connection() at initiate.c:349) | spent 0.0243 milliseconds in global timer EVENT_REVIVE_CONNS | timer_event_cb: processing event@0x55c72fd22630 | handling event EVENT_SA_EXPIRE for child state #5 | start processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #0 for #5 | un-established partial CHILD SA timeout (SA expired) | pstats #5 ikev1.ipsec failed exchange-timeout | pstats #5 ikev1.ipsec deleted exchange-timeout | [RE]START processing: state #5 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #5: deleting state (STATE_QUICK_I1) aged 0.016s and NOT sending notification | child state #5: QUICK_I1(established CHILD SA) => delete | child state #5: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) | raw_eroute result=success | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #5 in CHILDSA_DEL | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55c72fd23960 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55c72fd22630 | in statetime_stop() and could not find #5 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x55c72fd21190 @east cnt 1-- | unreference key: 0x55c72fd20340 @road cnt 1-- | start processing: connection "xauth-road-eastnet" (in delete_connection() at connections.c:189) | removing pending policy for no connection {0x55c72fcd30f0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "xauth-road-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "xauth-road-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev1.isakmp deleted other | [RE]START processing: state #6 connection "xauth-road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) "xauth-road-eastnet" #6: deleting state (STATE_MAIN_I1) aged 0.628s and NOT sending notification | parent state #6: MAIN_I1(half-open IKE SA) => delete | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f726000aad0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c72fd22ab0 | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #6 "xauth-road-eastnet" #6: deleting IKE SA for connection 'xauth-road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'xauth-road-eastnet' added to the list and scheduled for 5 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds | stop processing: connection "xauth-road-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection xauth-road-eastnet | State DB: deleting IKEv1 state #6 in MAIN_I1 | parent state #6: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'xauth-road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | priority calculation of connection "xauth-road-eastnet" is 0xfdfe7 | FOR_EACH_CONNECTION_... in route_owner | conn xauth-road-eastnet mark 0/00000000, 0/00000000 vs | conn xauth-road-eastnet mark 0/00000000, 0/00000000 | route owner of "xauth-road-eastnet" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-host | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH | popen cmd is 1044 chars long | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='xauth-road-eastn: | cmd( 80):et' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' P: | cmd( 160):LUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3: | cmd( 240):.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_P: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': | cmd( 640):RSASIG+ENCRYPT+TUNNEL+PFS+UP+XAUTH+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 720):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd( 800):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: | cmd( 880):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: | cmd( 960):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown : | cmd(1040):2>&1: unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. unroute-host output: Error: Peer netns reference is invalid. | free hp@0x55c72fd20400 | flush revival: connection 'xauth-road-eastnet' revival flushed | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.1.3.209:4500 shutting down interface eth0/eth0 192.1.3.209:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55c72fd1fd20 | free_event_entry: release EVENT_NULL-pe@0x55c72fd089a0 | libevent_free: release ptr-libevent@0x55c72fd1fe10 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1fdd0 | libevent_free: release ptr-libevent@0x55c72fd1ff00 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1fec0 | libevent_free: release ptr-libevent@0x55c72fd1fff0 | free_event_entry: release EVENT_NULL-pe@0x55c72fd1ffb0 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55c72fd1f5e0 | free_event_entry: release EVENT_NULL-pe@0x55c72fd032a0 | libevent_free: release ptr-libevent@0x55c72fd15070 | free_event_entry: release EVENT_NULL-pe@0x55c72fd09200 | libevent_free: release ptr-libevent@0x55c72fd14fe0 | free_event_entry: release EVENT_NULL-pe@0x55c72fd09240 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55c72fd1f7c0 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55c72fd1f8a0 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55c72fd1f960 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55c72fd14360 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55c72fd1fa20 | libevent_free: release ptr-libevent@0x55c72fcd83e0 | libevent_free: release ptr-libevent@0x55c72fd035b0 | libevent_free: release ptr-libevent@0x55c72fd22670 | libevent_free: release ptr-libevent@0x55c72fd035d0 | libevent_free: release ptr-libevent@0x55c72fd1f670 | libevent_free: release ptr-libevent@0x55c72fd1f860 | libevent_free: release ptr-libevent@0x55c72fd03770 | libevent_free: release ptr-libevent@0x55c72fd03a50 | libevent_free: release ptr-libevent@0x55c72fd081c0 | libevent_free: release ptr-libevent@0x55c72fd20080 | libevent_free: release ptr-libevent@0x55c72fd1ff90 | libevent_free: release ptr-libevent@0x55c72fd1fea0 | libevent_free: release ptr-libevent@0x55c72fd1fdb0 | libevent_free: release ptr-libevent@0x55c72fd03660 | libevent_free: release ptr-libevent@0x55c72fd1f940 | libevent_free: release ptr-libevent@0x55c72fd1f880 | libevent_free: release ptr-libevent@0x55c72fd1f7a0 | libevent_free: release ptr-libevent@0x55c72fd1fa00 | libevent_free: release ptr-libevent@0x55c72fd1f690 | libevent_free: release ptr-libevent@0x55c72fd035f0 | libevent_free: release ptr-libevent@0x55c72fd03620 | libevent_free: release ptr-libevent@0x55c72fd03310 | releasing global libevent data | libevent_free: release ptr-libevent@0x55c72fd015b0 | libevent_free: release ptr-libevent@0x55c72fd015e0 | libevent_free: release ptr-libevent@0x55c72fd032e0