API tools faq
paste
Guest User

Log

a guest
Oct 30th, 2016
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.88 KB | None | 0 0
raw download clone embed print report
  1. Plutorun started on Sun Oct 30 20:26:40 SAST 2016
  2. adjusting ipsec.d to /etc/ipsec.d
  3. nss directory plutomain: /etc/ipsec.d
  4. NSS Initialized
  5. Non-fips mode set in /proc/sys/crypto/fips_enabled
  6. FIPS: not a FIPS product
  7. FIPS HMAC integrity verification test passed
  8. Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:694
  9. Non-fips mode set in /proc/sys/crypto/fips_enabled
  10. LEAK_DETECTIVE support [disabled]
  11. OCF support for IKE [disabled]
  12. SAref support [disabled]: Protocol not available
  13. SAbind support [disabled]: Protocol not available
  14. NSS support [enabled]
  15. HAVE_STATSD notification support not compiled in
  16. Setting NAT-Traversal port-4500 floating to on
  17. port floating activation criteria nat_t=1/port_float=1
  18. NAT-Traversal support [enabled]
  19. 1 bad entries in virtual_private - none loaded
  20. | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
  21. | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
  22. | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
  23. ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
  24. ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
  25. ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
  26. ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  27. ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
  28. ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
  29. ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
  30. ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
  31. starting up 3 cryptographic helpers
  32. started helper (thread) pid=140588861937408 (fd:7)
  33. started helper (thread) pid=140588851447552 (fd:9)
  34. started helper (thread) pid=140588708001536 (fd:11)
  35. | status value returned by setting the priority of this thread (id=0) 22
  36. | helper 0 waiting on fd: 8
  37. Using Linux 2.6 IPsec interface code on 2.6.32-504.16.2.el6.x86_64 (experimental code)
  38. | status value returned by setting the priority of this thread (id=1) 22
  39. | helper 1 waiting on fd: 10
  40. | status value returned by setting the priority of this thread (id=2) 22
  41. | helper 2 waiting on fd: 12
  42. ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
  43. ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
  44. ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
  45. ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
  46. ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
  47. ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
  48. Could not change to directory '/etc/ipsec.d/cacerts': /
  49. Could not change to directory '/etc/ipsec.d/aacerts': /
  50. Could not change to directory '/etc/ipsec.d/ocspcerts': /
  51. Could not change to directory '/etc/ipsec.d/crls'
  52. | selinux support is NOT enabled.
  53. | inserting event EVENT_LOG_DAILY, timeout in 12799 seconds
  54. | next event EVENT_PENDING_DDNS in 60 seconds
  55. |
  56. | *received whack message
  57. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  58. | Added new connection host-prd/0x1 with policy PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  59. | from whack: got --esp=3des-sha1
  60. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  61. | esp string values: 3DES(3)_000-SHA1(2)_000
  62. | ike (phase1) algorihtm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
  63. | loopback=0 labeled_ipsec=0, policy_label=(null)
  64. | counting wild cards for @LEFTID is 0
  65. | counting wild cards for REMOTEIP/ID is 0
  66. | alg_info_addref() alg_info->ref_cnt=1
  67. | alg_info_addref() alg_info->ref_cnt=1
  68. added connection description "host-prd/0x1"
  69. | externalIP/32===externalIP<externalIP>[@LEFTID,+S=C]---defGateway...defGateway---REMOTEIP/ID<REMOTEIP/ID>[+S=C]===172.
  70. 25.48.43/32
  71. | ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  72. | * processed 0 messages from cryptographic helpers
  73. | next event EVENT_PENDING_DDNS in 60 seconds
  74. | next event EVENT_PENDING_DDNS in 60 seconds
  75. |
  76. | *received whack message
  77. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  78. | Added new connection host-prd/0x2 with policy PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  79. | from whack: got --esp=3des-sha1
  80. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  81. | esp string values: 3DES(3)_000-SHA1(2)_000
  82. | ike (phase1) algorihtm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
  83. | loopback=0 labeled_ipsec=0, policy_label=(null)
  84. | counting wild cards for @LEFTID is 0
  85. | counting wild cards for REMOTEIP/ID is 0
  86. | alg_info_addref() alg_info->ref_cnt=1
  87. | alg_info_addref() alg_info->ref_cnt=1
  88. added connection description "host-prd/0x2"
  89. | externalIP/32===externalIP<externalIP>[@LEFTID,+S=C]---defGateway...defGateway---REMOTEIP/ID<REMOTEIP/ID>[+S=C]===172.
  90. 25.48.36/32
  91. | ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  92. | * processed 0 messages from cryptographic helpers
  93. | next event EVENT_PENDING_DDNS in 60 seconds
  94. | next event EVENT_PENDING_DDNS in 60 seconds
  95. |
  96. | *received whack message
  97. listening for IKE messages
  98. | found lo with address 127.0.0.1
  99. | found eth0 with address externalIP
  100. | found eth1 with address 10.0.64.10
  101. adding interface eth1/eth1 10.0.64.10:500
  102. adding interface eth1/eth1 10.0.64.10:4500
  103. adding interface eth0/eth0 externalIP:500
  104. adding interface eth0/eth0 externalIP:4500
  105. adding interface lo/lo 127.0.0.1:500
  106. adding interface lo/lo 127.0.0.1:4500
  107. | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
  108. adding interface lo/lo ::1:500
  109. loading secrets from "/etc/ipsec.secrets"
  110. loading secrets from "/etc/ipsec.d/ipsec.secrets"
  111. | id type added to secret(0x7fdd6cc2f6a0) PPK_PSK: @LEFTID
  112. | id type added to secret(0x7fdd6cc2f6a0) PPK_PSK: REMOTEIP/ID
  113. | Processing PSK at line 10: passed
  114. | * processed 0 messages from cryptographic helpers
  115. | next event EVENT_PENDING_DDNS in 60 seconds
  116. | next event EVENT_PENDING_DDNS in 60 seconds
  117. |
  118. | *received whack message
  119. | * processed 0 messages from cryptographic helpers
  120. | next event EVENT_PENDING_DDNS in 60 seconds
  121. | next event EVENT_PENDING_DDNS in 60 seconds
  122. |
  123. | *received whack message
  124. initiating all conns with alias='host-prd'
  125. | processing connection host-prd/0x2
  126. | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  127. | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2
  128. | returning new proposal from esp_info
  129. | creating state object #1 at 0x7fdd6cc2f850
  130. | processing connection host-prd/0x2
  131. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  132. | RCOOKIE: 00 00 00 00 00 00 00 00
  133. | state hash entry 10
  134. | inserting state object #1 on chain 10
  135. | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
  136. | processing connection host-prd/0x2
  137. | Queuing pending Quick Mode with REMOTEIP/ID "host-prd/0x2"
  138. "host-prd/0x2" #1: initiating Main Mode
  139. | sending 216 bytes for main_outI1 through eth0:500 to REMOTEIP/ID:500 (using #1)
  140. | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
  141. | processing connection host-prd/0x1
  142. | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  143. | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2
  144. | returning new proposal from esp_info
  145. | Queuing pending Quick Mode with REMOTEIP/ID "host-prd/0x1"
  146. | * processed 0 messages from cryptographic helpers
  147. | next event EVENT_RETRANSMIT in 10 seconds for #1
  148. | next event EVENT_RETRANSMIT in 10 seconds for #1
  149. [root@htz001prdknl001 ~]# more /var/log/ipsec.log
  150. Plutorun started on Sun Oct 30 20:26:40 SAST 2016
  151. adjusting ipsec.d to /etc/ipsec.d
  152. nss directory plutomain: /etc/ipsec.d
  153. NSS Initialized
  154. Non-fips mode set in /proc/sys/crypto/fips_enabled
  155. FIPS: not a FIPS product
  156. FIPS HMAC integrity verification test passed
  157. Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:694
  158. Non-fips mode set in /proc/sys/crypto/fips_enabled
  159. LEAK_DETECTIVE support [disabled]
  160. OCF support for IKE [disabled]
  161. SAref support [disabled]: Protocol not available
  162. SAbind support [disabled]: Protocol not available
  163. NSS support [enabled]
  164. HAVE_STATSD notification support not compiled in
  165. Setting NAT-Traversal port-4500 floating to on
  166. port floating activation criteria nat_t=1/port_float=1
  167. NAT-Traversal support [enabled]
  168. 1 bad entries in virtual_private - none loaded
  169. | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
  170. | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
  171. | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
  172. ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
  173. ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
  174. ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
  175. ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  176. ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
  177. ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
  178. ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
  179. ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
  180. starting up 3 cryptographic helpers
  181. started helper (thread) pid=140588861937408 (fd:7)
  182. started helper (thread) pid=140588851447552 (fd:9)
  183. started helper (thread) pid=140588708001536 (fd:11)
  184. | status value returned by setting the priority of this thread (id=0) 22
  185. | helper 0 waiting on fd: 8
  186. Using Linux 2.6 IPsec interface code on 2.6.32-504.16.2.el6.x86_64 (experimental code)
  187. | status value returned by setting the priority of this thread (id=1) 22
  188. | helper 1 waiting on fd: 10
  189. | status value returned by setting the priority of this thread (id=2) 22
  190. | helper 2 waiting on fd: 12
  191. ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
  192. ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
  193. ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
  194. ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
  195. ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
  196. ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
  197. Could not change to directory '/etc/ipsec.d/cacerts': /
  198. Could not change to directory '/etc/ipsec.d/aacerts': /
  199. Could not change to directory '/etc/ipsec.d/ocspcerts': /
  200. Could not change to directory '/etc/ipsec.d/crls'
  201. | selinux support is NOT enabled.
  202. | inserting event EVENT_LOG_DAILY, timeout in 12799 seconds
  203. | next event EVENT_PENDING_DDNS in 60 seconds
  204. |
  205. | *received whack message
  206. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  207. | Added new connection host-prd/0x1 with policy PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  208. | from whack: got --esp=3des-sha1
  209. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  210. | esp string values: 3DES(3)_000-SHA1(2)_000
  211. | ike (phase1) algorihtm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
  212. | loopback=0 labeled_ipsec=0, policy_label=(null)
  213. | counting wild cards for @LEFTID is 0
  214. | counting wild cards for REMOTEIP/ID is 0
  215. | alg_info_addref() alg_info->ref_cnt=1
  216. | alg_info_addref() alg_info->ref_cnt=1
  217. added connection description "host-prd/0x1"
  218. | externalIP/32===externalIP<externalIP>[@LEFTID,+S=C]---defGateway...defGateway---REMOTEIP/ID<REMOTEIP/ID>[+S=C]===172.
  219. 25.48.43/32
  220. | ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  221. | * processed 0 messages from cryptographic helpers
  222. | next event EVENT_PENDING_DDNS in 60 seconds
  223. | next event EVENT_PENDING_DDNS in 60 seconds
  224. |
  225. | *received whack message
  226. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  227. | Added new connection host-prd/0x2 with policy PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  228. | from whack: got --esp=3des-sha1
  229. | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
  230. | esp string values: 3DES(3)_000-SHA1(2)_000
  231. | ike (phase1) algorihtm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
  232. | loopback=0 labeled_ipsec=0, policy_label=(null)
  233. | counting wild cards for @LEFTID is 0
  234. | counting wild cards for REMOTEIP/ID is 0
  235. | alg_info_addref() alg_info->ref_cnt=1
  236. | alg_info_addref() alg_info->ref_cnt=1
  237. added connection description "host-prd/0x2"
  238. | externalIP/32===externalIP<externalIP>[@LEFTID,+S=C]---defGateway...defGateway---REMOTEIP/ID<REMOTEIP/ID>[+S=C]===172.
  239. 25.48.36/32
  240. | ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK
  241. | * processed 0 messages from cryptographic helpers
  242. | next event EVENT_PENDING_DDNS in 60 seconds
  243. | next event EVENT_PENDING_DDNS in 60 seconds
  244. |
  245. | *received whack message
  246. listening for IKE messages
  247. | found lo with address 127.0.0.1
  248. | found eth0 with address externalIP
  249. | found eth1 with address 10.0.64.10
  250. adding interface eth1/eth1 10.0.64.10:500
  251. adding interface eth1/eth1 10.0.64.10:4500
  252. adding interface eth0/eth0 externalIP:500
  253. adding interface eth0/eth0 externalIP:4500
  254. adding interface lo/lo 127.0.0.1:500
  255. adding interface lo/lo 127.0.0.1:4500
  256. | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
  257. adding interface lo/lo ::1:500
  258. loading secrets from "/etc/ipsec.secrets"
  259. loading secrets from "/etc/ipsec.d/ipsec.secrets"
  260. | id type added to secret(0x7fdd6cc2f6a0) PPK_PSK: @LEFTID
  261. | id type added to secret(0x7fdd6cc2f6a0) PPK_PSK: REMOTEIP/ID
  262. | Processing PSK at line 10: passed
  263. | * processed 0 messages from cryptographic helpers
  264. | next event EVENT_PENDING_DDNS in 60 seconds
  265. | next event EVENT_PENDING_DDNS in 60 seconds
  266. |
  267. | *received whack message
  268. | * processed 0 messages from cryptographic helpers
  269. | next event EVENT_PENDING_DDNS in 60 seconds
  270. | next event EVENT_PENDING_DDNS in 60 seconds
  271. |
  272. | *received whack message
  273. initiating all conns with alias='host-prd'
  274. | processing connection host-prd/0x2
  275. | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  276. | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2
  277. | returning new proposal from esp_info
  278. | creating state object #1 at 0x7fdd6cc2f850
  279. | processing connection host-prd/0x2
  280. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  281. | RCOOKIE: 00 00 00 00 00 00 00 00
  282. | state hash entry 10
  283. | inserting state object #1 on chain 10
  284. | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
  285. | processing connection host-prd/0x2
  286. | Queuing pending Quick Mode with REMOTEIP/ID "host-prd/0x2"
  287. "host-prd/0x2" #1: initiating Main Mode
  288. | sending 216 bytes for main_outI1 through eth0:500 to REMOTEIP/ID:500 (using #1)
  289. | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
  290. | processing connection host-prd/0x1
  291. | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  292. | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2
  293. | returning new proposal from esp_info
  294. | Queuing pending Quick Mode with REMOTEIP/ID "host-prd/0x1"
  295. | * processed 0 messages from cryptographic helpers
  296. | next event EVENT_RETRANSMIT in 10 seconds for #1
  297. | next event EVENT_RETRANSMIT in 10 seconds for #1
  298. |
  299. | next event EVENT_RETRANSMIT in 0 seconds for #1
  300. | *time to handle event
  301. | handling event EVENT_RETRANSMIT
  302. | event after this is EVENT_PENDING_DDNS in 50 seconds
  303. | processing connection host-prd/0x2
  304. | handling event EVENT_RETRANSMIT for REMOTEIP/ID "host-prd/0x2" #1
  305. | sending 216 bytes for EVENT_RETRANSMIT through eth0:500 to REMOTEIP/ID:500 (using #1)
  306. | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
  307. | next event EVENT_RETRANSMIT in 20 seconds for #1
  308. |
  309. | next event EVENT_RETRANSMIT in 0 seconds for #1
  310. | *time to handle event
  311. | handling event EVENT_RETRANSMIT
  312. | event after this is EVENT_PENDING_DDNS in 30 seconds
  313. | processing connection host-prd/0x2
  314. | handling event EVENT_RETRANSMIT for REMOTEIP/ID "host-prd/0x2" #1
  315. | sending 216 bytes for EVENT_RETRANSMIT through eth0:500 to REMOTEIP/ID:500 (using #1)
  316. | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
  317. | next event EVENT_PENDING_DDNS in 30 seconds
  318. |
  319. | next event EVENT_PENDING_DDNS in 0 seconds
  320. | *time to handle event
  321. | handling event EVENT_PENDING_DDNS
  322. | event after this is EVENT_RETRANSMIT in 10 seconds
  323. | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
  324. | next event EVENT_RETRANSMIT in 10 seconds for #1
  325. |
  326. | next event EVENT_RETRANSMIT in 0 seconds for #1
  327. | *time to handle event
  328. | handling event EVENT_RETRANSMIT
  329. | event after this is EVENT_PENDING_DDNS in 50 seconds
  330. | processing connection host-prd/0x2
  331. | handling event EVENT_RETRANSMIT for REMOTEIP/ID "host-prd/0x2" #1
  332. | sending 216 bytes for EVENT_RETRANSMIT through eth0:500 to REMOTEIP/ID:500 (using #1)
  333. | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
  334. | next event EVENT_RETRANSMIT in 40 seconds for #1
  335. |
  336. | *received 100 bytes from REMOTEIP/ID:500 on eth0 (port=500)
  337. | **parse ISAKMP Message:
  338. | initiator cookie:
  339. | 9b 9f 27 9e d4 4c bf 1e
  340. | responder cookie:
  341. | 75 03 7c 62 ed 65 2b 80
  342. | next payload type: ISAKMP_NEXT_SA
  343. | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
  344. | exchange type: ISAKMP_XCHG_IDPROT
  345. | flags: none
  346. | message ID: 00 00 00 00
  347. | length: 100
  348. | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
  349. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  350. | RCOOKIE: 75 03 7c 62 ed 65 2b 80
  351. | state hash entry 3
  352. | v1 state object not found
  353. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  354. | RCOOKIE: 00 00 00 00 00 00 00 00
  355. | state hash entry 10
  356. | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
  357. | v1 state object #1 found, in STATE_MAIN_I1
  358. | processing connection host-prd/0x2
  359. | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
  360. | ***parse ISAKMP Security Association Payload:
  361. | next payload type: ISAKMP_NEXT_VID
  362. | length: 52
  363. | DOI: ISAKMP_DOI_IPSEC
  364. | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
  365. | ***parse ISAKMP Vendor ID Payload:
  366. | next payload type: ISAKMP_NEXT_NONE
  367. | length: 20
  368. "host-prd/0x2" #1: ignoring unknown Vendor ID payload [4855415745492d494b45763144534350]
  369. | ****parse IPsec DOI SIT:
  370. | IPsec DOI SIT: SIT_IDENTITY_ONLY
  371. | ****parse ISAKMP Proposal Payload:
  372. | next payload type: ISAKMP_NEXT_NONE
  373. | length: 40
  374. | proposal number: 0
  375. | protocol ID: PROTO_ISAKMP
  376. | SPI size: 0
  377. | number of transforms: 1
  378. | *****parse ISAKMP Transform Payload (ISAKMP):
  379. | next payload type: ISAKMP_NEXT_NONE
  380. | length: 32
  381. | transform number: 0
  382. | transform ID: KEY_IKE
  383. | ******parse ISAKMP Oakley attribute:
  384. | af+type: OAKLEY_LIFE_TYPE
  385. | length/value: 1
  386. | [1 is OAKLEY_LIFE_SECONDS]
  387. | ******parse ISAKMP Oakley attribute:
  388. | af+type: OAKLEY_LIFE_DURATION
  389. | length/value: 14400
  390. | ******parse ISAKMP Oakley attribute:
  391. | af+type: OAKLEY_ENCRYPTION_ALGORITHM
  392. | length/value: 5
  393. | [5 is OAKLEY_3DES_CBC]
  394. | ******parse ISAKMP Oakley attribute:
  395. | af+type: OAKLEY_HASH_ALGORITHM
  396. | length/value: 2
  397. | [2 is OAKLEY_SHA1]
  398. | ******parse ISAKMP Oakley attribute:
  399. | af+type: OAKLEY_AUTHENTICATION_METHOD
  400. | length/value: 1
  401. | [1 is OAKLEY_PRESHARED_KEY]
  402. | started looking for secret for @LEFTID->REMOTEIP/ID of kind PPK_PSK
  403. | actually looking for secret for @LEFTID->REMOTEIP/ID of kind PPK_PSK
  404. | 1: compared key REMOTEIP/ID to @LEFTID / REMOTEIP/ID -> 4
  405. | 2: compared key @LEFTID to @LEFTID / REMOTEIP/ID -> 12
  406. | line 9: match=12
  407. | best_match 0>12 best=0x7fdd6cc2f6a0 (line=9)
  408. | concluding with best_match=12 best=0x7fdd6cc2f6a0 (lineno=9)
  409. | ******parse ISAKMP Oakley attribute:
  410. | af+type: OAKLEY_GROUP_DESCRIPTION
  411. | length/value: 2
  412. | [2 is OAKLEY_GROUP_MODP1024]
  413. | Oakley Transform 0 accepted
  414. | 1: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
  415. | asking helper 1 to do build_kenonce op on seq: 1 (len=2776, pcw_work=1)
  416. | crypto helper write of request: cnt=2776<wlen=2776.
  417. | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
  418. | complete state transition with STF_SUSPEND
  419. | * processed 0 messages from cryptographic helpers
  420. | next event EVENT_PENDING_DDNS in 50 seconds
  421. | next event EVENT_PENDING_DDNS in 50 seconds
  422. | helper 1 read 2768+4/2776 bytes fd: 10
  423. | helper 1 doing build_kenonce op id: 1
  424. |
  425. | helper 1 has finished work (cnt now 1)
  426. | helper 1 replies to id: q#1
  427. | processing connection host-prd/0x2
  428. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  429. | RCOOKIE: 00 00 00 00 00 00 00 00
  430. | state hash entry 10
  431. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  432. | RCOOKIE: 75 03 7c 62 ed 65 2b 80
  433. | state hash entry 3
  434. | inserting state object #1 on chain 3
  435. | complete state transition with STF_OK
  436. "host-prd/0x2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  437. | sending reply packet to REMOTEIP/ID:500 (from port 500)
  438. | sending 180 bytes for STATE_MAIN_I1 through eth0:500 to REMOTEIP/ID:500 (using #1)
  439. | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
  440. "host-prd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
  441. | modecfg pull: noquirk policy:push not-client
  442. | phase 1 is done, looking for phase 2 to unpend
  443. | * processed 1 messages from cryptographic helpers
  444. | next event EVENT_RETRANSMIT in 10 seconds for #1
  445. | next event EVENT_RETRANSMIT in 10 seconds for #1
  446. |
  447. | *received 180 bytes from REMOTEIP/ID:500 on eth0 (port=500)
  448. | **parse ISAKMP Message:
  449. | initiator cookie:
  450. | 9b 9f 27 9e d4 4c bf 1e
  451. | responder cookie:
  452. | 75 03 7c 62 ed 65 2b 80
  453. | next payload type: ISAKMP_NEXT_KE
  454. | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
  455. | exchange type: ISAKMP_XCHG_IDPROT
  456. | flags: none
  457. | message ID: 00 00 00 00
  458. | length: 180
  459. | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
  460. | ICOOKIE: 9b 9f 27 9e d4 4c bf 1e
  461. | RCOOKIE: 75 03 7c 62 ed 65 2b 80
  462. | state hash entry 3
  463. | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
  464. | v1 state object #1 found, in STATE_MAIN_I2
  465. | processing connection host-prd/0x2
  466. | got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
  467. | ***parse ISAKMP Key Exchange Payload:
  468. | next payload type: ISAKMP_NEXT_NONCE
  469. | length: 132
  470. | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
  471. | ***parse ISAKMP Nonce Payload:
  472. | next payload type: ISAKMP_NEXT_NONE
  473. | length: 20
  474. | started looking for secret for @LEFTID->REMOTEIP/ID of kind PPK_PSK
  475. | actually looking for secret for @LEFTID->REMOTEIP/ID of kind PPK_PSK
  476. | 1: compared key REMOTEIP/ID to @LEFTID / REMOTEIP/ID -> 4
  477. | 2: compared key @LEFTID to @LEFTID / REMOTEIP/ID -> 12
  478. | line 9: match=12
  479. | best_match 0>12 best=0x7fdd6cc2f6a0 (line=9)
  480. | concluding with best_match=12 best=0x7fdd6cc2f6a0 (lineno=9)
  481. | parent1 type: 7 group: 2 len: 2776
  482. | 2: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
  483. | asking helper 2 to do compute dh+iv op on seq: 2 (len=2776, pcw_work=1)
  484. | crypto helper write of request: cnt=2776<wlen=2776.
  485. | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
  486. | complete state transition with STF_SUSPEND
  487. | * processed 0 messages from cryptographic helpers
  488. | next event EVENT_PENDING_DDNS in 50 seconds
  489. | next event EVENT_PENDING_DDNS in 50 seconds
  490. | helper 2 read 2768+4/2776 bytes fd: 12
  491. | helper 2 doing compute dh+iv op id: 2
  492. |
  493. | helper 2 has finished work (cnt now 1)
  494. | helper 2 replies to id: q#2
  495. | processing connection host-prd/0x2
  496. | thinking about whether to send my certificate:
  497. | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
  498. | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
  499. | so do not send cert.
  500. | I did not send a certificate because digital signatures are not being used. (PSK)
  501. | I am not sending a certificate request
  502. "host-prd/0x2" #1: I will NOT send an initial contact payload
  503. "host-prd/0x2" #1: Not sending INITIAL_CONTACT
  504. | complete state transition with STF_OK
  505. "host-prd/0x2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  506. | sending reply packet to REMOTEIP/ID:500 (from port 500)
  507. | sending 68 bytes for STATE_MAIN_I2 through eth0:500 to REMOTEIP/ID:500 (using #1)
  508. | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
  509. "host-prd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
  510. | modecfg pull: noquirk policy:push not-client
  511. | phase 1 is done, looking for phase 2 to unpend
  512. | * processed 1 messages from cryptographic helpers
  513. | next event EVENT_RETRANSMIT in 10 seconds for #1
  514. | next event EVENT_RETRANSMIT in 10 seconds for #1
  515. |
  516. | next event EVENT_RETRANSMIT in 0 seconds for #1
  517. | *time to handle event
  518. | handling event EVENT_RETRANSMIT
  519. | event after this is EVENT_PENDING_DDNS in 40 seconds
  520. | processing connection host-prd/0x2
  521. | handling event EVENT_RETRANSMIT for REMOTEIP/ID "host-prd/0x2" #1
  522. | sending 68 bytes for EVENT_RETRANSMIT through eth0:500 to REMOTEIP/ID:500 (using #1)
  523. | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
  524. | next event EVENT_RETRANSMIT in 20 seconds for #1
  525. |
  526. | next event EVENT_RETRANSMIT in 0 seconds for #1
  527. | *time to handle event
  528. | handling event EVENT_RETRANSMIT
  529. | event after this is EVENT_PENDING_DDNS in 20 seconds
  530. | processing connection host-prd/0x2
  531. | handling event EVENT_RETRANSMIT for REMOTEIP/ID "host-prd/0x2" #1
  532. | sending 68 bytes for EVENT_RETRANSMIT through eth0:500 to REMOTEIP/ID:500 (using #1)
  533. | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
  534. | next event EVENT_PENDING_DDNS in 20 seconds
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!