Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Mar 27 18:08:51.696532: | logger: newref @0x560a737b2928(0->1) (main() +1575 programs/pluto/plutomain.c)
- Mar 27 18:08:51.696608: | /usr/libexec/ipsec/pluto: releasing whack (but there are none) (main() +1576 programs/pluto/plutomain.c)
- Mar 27 18:08:51.696619: | logger: delref @0x560a737b2928(1->0) (main() +1576 programs/pluto/plutomain.c)
- Mar 27 18:08:51.696646: | checking IKEv1 state table
- Mar 27 18:08:51.696656: | MAIN_R0: category: half-open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696664: | -> MAIN_R1 DISCARD (main_inI1_outR1)
- Mar 27 18:08:51.696673: | MAIN_I1: category: half-open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696681: | -> MAIN_I2 RETRANSMIT (main_inR1_outI2)
- Mar 27 18:08:51.696690: | MAIN_R1: category: open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696697: | -> MAIN_R2 RETRANSMIT (main_inI2_outR2)
- Mar 27 18:08:51.696705: | -> MAIN_R1 RETRANSMIT (unexpected)
- Mar 27 18:08:51.696713: | -> MAIN_R1 RETRANSMIT (unexpected)
- Mar 27 18:08:51.696722: | MAIN_I2: category: open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696729: | -> MAIN_I3 RETRANSMIT (main_inR2_outI3)
- Mar 27 18:08:51.696737: | -> MAIN_I2 RETRANSMIT (unexpected)
- Mar 27 18:08:51.696745: | -> MAIN_I2 RETRANSMIT (unexpected)
- Mar 27 18:08:51.696754: | MAIN_R2: category: open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696761: | -> MAIN_R3 REPLACE (main_inI3_outR3)
- Mar 27 18:08:51.696769: | -> MAIN_R3 REPLACE (main_inI3_outR3)
- Mar 27 18:08:51.696777: | -> MAIN_R2 REPLACE (unexpected)
- Mar 27 18:08:51.696785: | MAIN_I3: category: open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696793: | -> MAIN_I4 REPLACE (main_inR3)
- Mar 27 18:08:51.696801: | -> MAIN_I4 REPLACE (main_inR3)
- Mar 27 18:08:51.696809: | -> MAIN_I3 REPLACE (unexpected)
- Mar 27 18:08:51.696817: | MAIN_R3: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696825: | -> MAIN_R3 NULL (unexpected)
- Mar 27 18:08:51.696834: | MAIN_I4: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696842: | -> MAIN_I4 NULL (unexpected)
- Mar 27 18:08:51.696850: | AGGR_R0: category: half-open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696858: | -> AGGR_R1 DISCARD (aggr_inI1_outR1)
- Mar 27 18:08:51.696866: | AGGR_I1: category: half-open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696874: | -> AGGR_I2 REPLACE (aggr_inR1_outI2)
- Mar 27 18:08:51.696882: | -> AGGR_I2 REPLACE (aggr_inR1_outI2)
- Mar 27 18:08:51.696891: | AGGR_R1: category: open IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696898: | -> AGGR_R2 REPLACE (aggr_inI2)
- Mar 27 18:08:51.696906: | -> AGGR_R2 REPLACE (aggr_inI2)
- Mar 27 18:08:51.696915: | AGGR_I2: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696922: | -> AGGR_I2 NULL (unexpected)
- Mar 27 18:08:51.696931: | AGGR_R2: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.696939: | -> AGGR_R2 NULL (unexpected)
- Mar 27 18:08:51.696947: | QUICK_R0: category: established CHILD SA; v1.flags: 0:
- Mar 27 18:08:51.696996: | -> QUICK_R1 RETRANSMIT (quick_inI1_outR1)
- Mar 27 18:08:51.697106: | QUICK_I1: category: established CHILD SA; v1.flags: 0:
- Mar 27 18:08:51.697115: | -> QUICK_I2 REPLACE (quick_inR1_outI2)
- Mar 27 18:08:51.697133: | QUICK_R1: category: established CHILD SA; v1.flags: 0:
- Mar 27 18:08:51.697141: | -> QUICK_R2 REPLACE (quick_inI2)
- Mar 27 18:08:51.697150: | QUICK_I2: category: established CHILD SA; v1.flags: 0:
- Mar 27 18:08:51.697158: | -> QUICK_I2 NULL (unexpected)
- Mar 27 18:08:51.697166: | QUICK_R2: category: established CHILD SA; v1.flags: 0:
- Mar 27 18:08:51.697174: | -> QUICK_R2 NULL (unexpected)
- Mar 27 18:08:51.697183: | INFO: category: informational; v1.flags: 0:
- Mar 27 18:08:51.697190: | -> INFO NULL (informational)
- Mar 27 18:08:51.697199: | INFO_PROTECTED: category: informational; v1.flags: 0:
- Mar 27 18:08:51.697207: | -> INFO_PROTECTED NULL (informational)
- Mar 27 18:08:51.697215: | XAUTH_R0: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697223: | -> XAUTH_R1 NULL (xauth_inR0)
- Mar 27 18:08:51.697232: | XAUTH_R1: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697252: | -> MAIN_R3 REPLACE (xauth_inR1)
- Mar 27 18:08:51.697261: | MODE_CFG_R0: category: informational; v1.flags: 0:
- Mar 27 18:08:51.697269: | -> MODE_CFG_R1 REPLACE (modecfg_inR0)
- Mar 27 18:08:51.697277: | MODE_CFG_R1: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697285: | -> MODE_CFG_R2 REPLACE (modecfg_inR1)
- Mar 27 18:08:51.697294: | MODE_CFG_R2: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697302: | -> MODE_CFG_R2 NULL (unexpected)
- Mar 27 18:08:51.697310: | MODE_CFG_I1: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697318: | -> MAIN_I4 REPLACE (modecfg_inR1)
- Mar 27 18:08:51.697326: | XAUTH_I0: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697334: | -> XAUTH_I1 RETRANSMIT (xauth_inI0)
- Mar 27 18:08:51.697343: | XAUTH_I1: category: established IKE SA; v1.flags: 0:
- Mar 27 18:08:51.697351: | -> MAIN_I4 RETRANSMIT (xauth_inI1)
- Mar 27 18:08:51.697366: | checking IKEv2 state table
- Mar 27 18:08:51.697376: | PARENT_I0: category: ignore; v2.secured: no
- Mar 27 18:08:51.697384: | -> PARENT_I1; RETRANSMIT; send-request
- Mar 27 18:08:51.697392: | IKE_SA_INIT no-message; payloads:
- Mar 27 18:08:51.697399: | initiating IKE_SA_INIT
- Mar 27 18:08:51.697407: | 1 transitions
- Mar 27 18:08:51.697415: | PARENT_I1: category: half-open IKE SA; v2.secured: no
- Mar 27 18:08:51.697423: | -> PARENT_I0; DISCARD
- Mar 27 18:08:51.697433: | IKE_SA_INIT response; payloads: N N(COOKIE)
- Mar 27 18:08:51.697440: | received anti-DDOS COOKIE response; resending IKE_SA_INIT request with cookie payload added
- Mar 27 18:08:51.697456: | -> PARENT_I0; DISCARD
- Mar 27 18:08:51.697465: | IKE_SA_INIT response; payloads: N N(INVALID_KE_PAYLOAD)
- Mar 27 18:08:51.697472: | received INVALID_KE_PAYLOAD response; resending IKE_SA_INIT with new KE payload
- Mar 27 18:08:51.697480: | -> PARENT_I0; DISCARD
- Mar 27 18:08:51.697489: | IKE_SA_INIT response; payloads: N N(REDIRECT)
- Mar 27 18:08:51.697497: | received REDIRECT response; resending IKE_SA_INIT request to new destination
- Mar 27 18:08:51.697505: | -> PARENT_I2; RETRANSMIT; send-request
- Mar 27 18:08:51.697515: | IKE_SA_INIT response; payloads: SA KE Ni [CERTREQ]
- Mar 27 18:08:51.697523: | Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
- Mar 27 18:08:51.697530: | 4 transitions
- Mar 27 18:08:51.697539: | PARENT_I2: category: open IKE SA; v2.secured: yes
- Mar 27 18:08:51.697547: | -> PARENT_I2; RETRANSMIT; send-request
- Mar 27 18:08:51.697555: | IKE_INTERMEDIATE response; payloads: SK
- Mar 27 18:08:51.697562: | Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE
- Mar 27 18:08:51.697570: | -> ESTABLISHED_IKE_SA; REPLACE
- Mar 27 18:08:51.697582: | IKE_AUTH response; payloads: SK {IDr AUTH [SA] [CERT] [TSi] [TSr] [CP]}
- Mar 27 18:08:51.697590: | Initiator: process IKE_AUTH response
- Mar 27 18:08:51.697598: | -> PARENT_I2; NULL
- Mar 27 18:08:51.697606: | IKE_AUTH response; payloads: SK
- Mar 27 18:08:51.697613: | Initiator: processing IKE_AUTH failure response
- Mar 27 18:08:51.697621: | 3 transitions
- Mar 27 18:08:51.697629: | PARENT_R0: category: half-open IKE SA; v2.secured: no
- Mar 27 18:08:51.697637: | -> PARENT_R1; DISCARD; send-response
- Mar 27 18:08:51.697646: | IKE_SA_INIT request; payloads: SA KE Ni
- Mar 27 18:08:51.697653: | Respond to IKE_SA_INIT
- Mar 27 18:08:51.697661: | 1 transitions
- Mar 27 18:08:51.697669: | PARENT_R1: category: half-open IKE SA; v2.secured: yes
- Mar 27 18:08:51.697677: | -> PARENT_R1; DISCARD; send-response
- Mar 27 18:08:51.697685: | IKE_INTERMEDIATE request; payloads: SK
- Mar 27 18:08:51.697693: | Responder: process IKE_INTERMEDIATE request
- Mar 27 18:08:51.697700: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
- Mar 27 18:08:51.697713: | IKE_AUTH request; payloads: SK {IDi AUTH [SA] [IDr] [CERT] [CERTREQ] [TSi] [TSr] [CP]}
- Mar 27 18:08:51.697720: | Responder: process IKE_AUTH request
- Mar 27 18:08:51.697736: | -> PARENT_R_EAP; DISCARD; send-response
- Mar 27 18:08:51.697748: | IKE_AUTH request; payloads: SK {IDi [SA] [IDr] [CERTREQ] [TSi] [TSr] [CP]}
- Mar 27 18:08:51.697755: | Responder: process IKE_AUTH request, initiate EAP
- Mar 27 18:08:51.697763: | 3 transitions
- Mar 27 18:08:51.697771: | PARENT_R_EAP: category: open IKE SA; v2.secured: yes
- Mar 27 18:08:51.697779: | -> PARENT_R_EAP; DISCARD; send-response
- Mar 27 18:08:51.697788: | IKE_AUTH request; payloads: SK {EAP}
- Mar 27 18:08:51.697796: | Responder: process IKE_AUTH/EAP, continue EAP
- Mar 27 18:08:51.697804: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
- Mar 27 18:08:51.697813: | IKE_AUTH request; payloads: SK {AUTH}
- Mar 27 18:08:51.697820: | Responder: process final IKE_AUTH/EAP
- Mar 27 18:08:51.697828: | 2 transitions
- Mar 27 18:08:51.697836: | IKE_AUTH_CHILD_I0: category: ignore; v2.secured: no
- Mar 27 18:08:51.697844: | -> ESTABLISHED_CHILD_SA; REPLACE
- Mar 27 18:08:51.697852: | IKE_AUTH no-message; payloads:
- Mar 27 18:08:51.697859: | Child SA created by initiator during IKE_AUTH
- Mar 27 18:08:51.697866: | 1 transitions
- Mar 27 18:08:51.697875: | IKE_AUTH_CHILD_R0: category: ignore; v2.secured: no
- Mar 27 18:08:51.697883: | -> ESTABLISHED_CHILD_SA; REPLACE
- Mar 27 18:08:51.697890: | IKE_AUTH no-message; payloads:
- Mar 27 18:08:51.697897: | Child SA created by responder during IKE_AUTH
- Mar 27 18:08:51.697905: | 1 transitions
- Mar 27 18:08:51.697913: | REKEY_IKE_I0: category: established IKE SA; v2.secured: no
- Mar 27 18:08:51.697921: | -> REKEY_IKE_I1; RETRANSMIT; send-request
- Mar 27 18:08:51.697929: | CREATE_CHILD_SA no-message; payloads:
- Mar 27 18:08:51.698043: | initiate rekey IKE_SA (CREATE_CHILD_SA)
- Mar 27 18:08:51.698115: | 1 transitions
- Mar 27 18:08:51.698128: | REKEY_IKE_R0: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698145: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
- Mar 27 18:08:51.698157: | CREATE_CHILD_SA request; payloads: SK {SA KE Ni [N]}
- Mar 27 18:08:51.698164: | process rekey IKE SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698172: | 1 transitions
- Mar 27 18:08:51.698180: | REKEY_IKE_I1: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698188: | -> ESTABLISHED_IKE_SA; REPLACE
- Mar 27 18:08:51.698202: | CREATE_CHILD_SA response; payloads: SK {SA KE Ni [N]}
- Mar 27 18:08:51.698209: | process rekey IKE SA response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698217: | -> IKE_SA_DELETE; RETAIN
- Mar 27 18:08:51.698226: | CREATE_CHILD_SA response; payloads: SK
- Mar 27 18:08:51.698288: | process rekey IKE SA failure response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698296: | 2 transitions
- Mar 27 18:08:51.698305: | REKEY_CHILD_I0: category: established IKE SA; v2.secured: no
- Mar 27 18:08:51.698313: | -> REKEY_CHILD_I1; RETRANSMIT; send-request
- Mar 27 18:08:51.698321: | CREATE_CHILD_SA no-message; payloads:
- Mar 27 18:08:51.698329: | initiate rekey Child SA (CREATE_CHILD_SA)
- Mar 27 18:08:51.698336: | 1 transitions
- Mar 27 18:08:51.698354: | REKEY_CHILD_R0: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698362: | -> ESTABLISHED_CHILD_SA; REPLACE; send-response
- Mar 27 18:08:51.698375: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP] N(REKEY_SA)}
- Mar 27 18:08:51.698383: | process rekey Child SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698390: | 1 transitions
- Mar 27 18:08:51.698399: | REKEY_CHILD_I1: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698406: | -> ESTABLISHED_CHILD_SA; REPLACE
- Mar 27 18:08:51.698418: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
- Mar 27 18:08:51.698426: | process rekey Child SA response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698434: | -> CHILD_SA_DELETE; RETAIN
- Mar 27 18:08:51.698442: | CREATE_CHILD_SA response; payloads: SK
- Mar 27 18:08:51.698458: | process rekey Child SA failure response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698465: | 2 transitions
- Mar 27 18:08:51.698474: | NEW_CHILD_I0: category: established IKE SA; v2.secured: no
- Mar 27 18:08:51.698482: | -> NEW_CHILD_I1; RETRANSMIT; send-request
- Mar 27 18:08:51.698489: | CREATE_CHILD_SA no-message; payloads:
- Mar 27 18:08:51.698497: | initiate create Child SA (CREATE_CHILD_SA)
- Mar 27 18:08:51.698504: | 1 transitions
- Mar 27 18:08:51.698512: | NEW_CHILD_R0: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698520: | -> ESTABLISHED_CHILD_SA; REPLACE; send-response
- Mar 27 18:08:51.698532: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
- Mar 27 18:08:51.698540: | process create Child SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698547: | 1 transitions
- Mar 27 18:08:51.698556: | NEW_CHILD_I1: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698563: | -> ESTABLISHED_CHILD_SA; REPLACE
- Mar 27 18:08:51.698575: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
- Mar 27 18:08:51.698583: | process create Child SA response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698590: | -> CHILD_SA_DELETE; RETAIN
- Mar 27 18:08:51.698599: | CREATE_CHILD_SA response; payloads: SK
- Mar 27 18:08:51.698606: | process create Child SA failure response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698613: | 2 transitions
- Mar 27 18:08:51.698622: | ESTABLISHED_IKE_SA: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698630: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
- Mar 27 18:08:51.698641: | CREATE_CHILD_SA request; payloads: SK {SA KE Ni [N]}
- Mar 27 18:08:51.698648: | process rekey IKE SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698656: | -> ESTABLISHED_IKE_SA; RETAIN
- Mar 27 18:08:51.698667: | CREATE_CHILD_SA response; payloads: SK {SA KE Ni [N]}
- Mar 27 18:08:51.698674: | process rekey IKE SA response (CREATE_CHILD_SA)
- Mar 27 18:08:51.698682: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
- Mar 27 18:08:51.698695: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP] N(REKEY_SA)}
- Mar 27 18:08:51.698702: | process rekey Child SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698710: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
- Mar 27 18:08:51.698722: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
- Mar 27 18:08:51.698729: | process create Child SA request (CREATE_CHILD_SA)
- Mar 27 18:08:51.698737: | -> ESTABLISHED_IKE_SA; RETAIN
- Mar 27 18:08:51.698749: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
- Mar 27 18:08:51.698756: | process Child SA response (new or rekey) (CREATE_CHILD_SA)
- Mar 27 18:08:51.698764: | -> ESTABLISHED_IKE_SA; RETAIN
- Mar 27 18:08:51.698773: | CREATE_CHILD_SA response; payloads: SK
- Mar 27 18:08:51.698780: | process CREATE_CHILD_SA failure response (new or rekey Child SA, rekey IKE SA)
- Mar 27 18:08:51.698788: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
- Mar 27 18:08:51.698796: | INFORMATIONAL request; payloads: SK
- Mar 27 18:08:51.698803: | Informational Request (liveness probe)
- Mar 27 18:08:51.698811: | -> ESTABLISHED_IKE_SA; RETAIN
- Mar 27 18:08:51.698819: | INFORMATIONAL response; payloads: SK
- Mar 27 18:08:51.698827: | Informational Response (liveness probe)
- Mar 27 18:08:51.698835: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
- Mar 27 18:08:51.698845: | INFORMATIONAL request; payloads: SK {[N] [D] [CP]}
- Mar 27 18:08:51.698853: | Informational Request
- Mar 27 18:08:51.698860: | -> ESTABLISHED_IKE_SA; RETAIN
- Mar 27 18:08:51.698871: | INFORMATIONAL response; payloads: SK {[N] [D] [CP]}
- Mar 27 18:08:51.698878: | Informational Response
- Mar 27 18:08:51.698885: | 10 transitions
- Mar 27 18:08:51.698894: | IKE_SA_DELETE: category: established IKE SA; v2.secured: yes
- Mar 27 18:08:51.698902: | -> IKE_SA_DELETE; RETAIN
- Mar 27 18:08:51.698960: | INFORMATIONAL response; payloads: SK {[N] [D] [CP]}
- Mar 27 18:08:51.698969: | IKE_SA_DEL: process INFORMATIONAL response
- Mar 27 18:08:51.698977: | 1 transitions
- Mar 27 18:08:51.698993: | initialize state state_db_entries.clonedfrom hash table
- Mar 27 18:08:51.699014: | initialize state state_db_entries.serialno hash table
- Mar 27 18:08:51.699040: | initialize state state_db_entries.connection_serialno hash table
- Mar 27 18:08:51.699060: | initialize state state_db_entries.reqid hash table
- Mar 27 18:08:51.699080: | initialize state state_db_entries.ike_initiator_spi hash table
- Mar 27 18:08:51.699100: | initialize state state_db_entries.ike_spis hash table
- Mar 27 18:08:51.699124: | initialize connection connection_db_entries.clonedfrom hash table
- Mar 27 18:08:51.699154: | initialize connection connection_db_entries.serialno hash table
- Mar 27 18:08:51.699176: | initialize connection connection_db_entries.that_id hash table
- Mar 27 18:08:51.699196: | initialize connection connection_db_entries.host_pair hash table
- Mar 27 18:08:51.699220: | initialize spd spd_db_entries.remote_client hash table
- Mar 27 18:08:51.699243: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
- Mar 27 18:08:51.707284: FIPS Mode: OFF
- Mar 27 18:08:51.707303: NSS crypto library initialized
- Mar 27 18:08:51.707373: FIPS mode disabled for pluto daemon
- Mar 27 18:08:51.707381: FIPS HMAC integrity support [not required]
- Mar 27 18:08:51.707597: libcap-ng support [enabled]
- Mar 27 18:08:51.707615: Linux audit support [enabled]
- Mar 27 18:08:51.707642: Linux audit activated
- Mar 27 18:08:51.707652: Starting Pluto (Libreswan Version 5.0~rc2 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS) NFTABLES CAT NFLOG) pid:1301452
- Mar 27 18:08:51.707663: core dump dir: /run/pluto
- Mar 27 18:08:51.707670: secrets file: /etc/ipsec.secrets
- Mar 27 18:08:51.707677: leak-detective enabled
- Mar 27 18:08:51.707694: NSS crypto [enabled]
- Mar 27 18:08:51.707736: XAUTH PAM support [enabled]
- Mar 27 18:08:51.707747: | initialize pid_entry pid_entry_db_entries.pid hash table
- Mar 27 18:08:51.707851: | libevent is using pluto's memory allocator
- Mar 27 18:08:51.707866: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
- Mar 27 18:08:51.707879: | libevent: newref @0x560a7381a578(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707889: | libevent: newref @0x560a7381b008(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707899: | libevent: newref @0x560a7381c9e8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707907: | creating event base
- Mar 27 18:08:51.707916: | libevent: newref @0x560a7381b598(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707926: | libevent: newref @0x560a7383f608(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707947: | libevent: newref @0x560a737b3df8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707956: | libevent: newref @0x560a7383f8d8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707978: | libevent: newref @0x560a7383f5c8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707988: | libevent: newref @0x560a73819c58(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.707997: | libevent: newref @0x560a7381a098(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.708011: | libevent: newref @0x560a7381fcf8(0->1) (libevent_realloc() +969 programs/pluto/server.c)
- Mar 27 18:08:51.708021: | libevent: newref @0x560a7383fa88(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.708035: | libevent: delref @0x560a7381b598(1->0) (libevent_free() +975 programs/pluto/server.c)
- Mar 27 18:08:51.708042: | libevent initialized
- Mar 27 18:08:51.708053: | libevent: newref @0x560a7381b598(0->1) (libevent_realloc() +969 programs/pluto/server.c)
- Mar 27 18:08:51.708071: | global periodic timer EVENT_RESET_LOG_LIMITER enabled with interval of 3600 seconds
- Mar 27 18:08:51.708079: | init_nat_traversal_timer() initialized with keep_alive=0s
- Mar 27 18:08:51.708087: NAT-Traversal support [enabled]
- Mar 27 18:08:51.708094: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
- Mar 27 18:08:51.708103: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
- Mar 27 18:08:51.708143: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
- Mar 27 18:08:51.708155: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
- Mar 27 18:08:51.708401: Encryption algorithms:
- Mar 27 18:08:51.708417: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
- Mar 27 18:08:51.708430: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
- Mar 27 18:08:51.708442: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
- Mar 27 18:08:51.708454: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
- Mar 27 18:08:51.708466: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
- Mar 27 18:08:51.708479: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
- Mar 27 18:08:51.708493: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
- Mar 27 18:08:51.708505: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
- Mar 27 18:08:51.708518: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
- Mar 27 18:08:51.708530: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
- Mar 27 18:08:51.708543: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
- Mar 27 18:08:51.708556: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
- Mar 27 18:08:51.708566: NULL [] IKEv1: ESP IKEv2: ESP NULL
- Mar 27 18:08:51.708578: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
- Mar 27 18:08:51.708586: Hash algorithms:
- Mar 27 18:08:51.708595: MD5 IKEv1: IKE IKEv2: NSS
- Mar 27 18:08:51.708605: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
- Mar 27 18:08:51.708616: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
- Mar 27 18:08:51.708626: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
- Mar 27 18:08:51.708636: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
- Mar 27 18:08:51.708646: IDENTITY IKEv1: IKEv2: FIPS
- Mar 27 18:08:51.708653: PRF algorithms:
- Mar 27 18:08:51.708701: HMAC_MD5 IKEv1: IKE IKEv2: IKE NSS md5
- Mar 27 18:08:51.708764: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
- Mar 27 18:08:51.708789: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
- Mar 27 18:08:51.708801: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
- Mar 27 18:08:51.708813: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
- Mar 27 18:08:51.708823: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
- Mar 27 18:08:51.708831: Integrity algorithms:
- Mar 27 18:08:51.708859: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS md5, hmac_md5
- Mar 27 18:08:51.708872: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
- Mar 27 18:08:51.708886: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
- Mar 27 18:08:51.708899: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
- Mar 27 18:08:51.708913: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
- Mar 27 18:08:51.708923: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
- Mar 27 18:08:51.708935: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
- Mar 27 18:08:51.708945: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
- Mar 27 18:08:51.708956: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
- Mar 27 18:08:51.708963: DH algorithms:
- Mar 27 18:08:51.708974: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
- Mar 27 18:08:51.708984: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
- Mar 27 18:08:51.708994: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
- Mar 27 18:08:51.709004: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
- Mar 27 18:08:51.709014: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
- Mar 27 18:08:51.709025: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
- Mar 27 18:08:51.709035: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
- Mar 27 18:08:51.709045: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
- Mar 27 18:08:51.709056: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
- Mar 27 18:08:51.709067: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
- Mar 27 18:08:51.709078: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
- Mar 27 18:08:51.709088: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
- Mar 27 18:08:51.709095: IPCOMP algorithms:
- Mar 27 18:08:51.709105: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
- Mar 27 18:08:51.709114: LZS IKEv1: IKEv2: ESP AH FIPS
- Mar 27 18:08:51.709123: LZJH IKEv1: IKEv2: ESP AH FIPS
- Mar 27 18:08:51.709131: testing CAMELLIA_CBC:
- Mar 27 18:08:51.709138: Camellia: 16 bytes with 128-bit key
- Mar 27 18:08:51.709220: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.709250: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.709258: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.709312: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.709324: Camellia: 16 bytes with 128-bit key
- Mar 27 18:08:51.709381: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.709409: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.709425: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.709468: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.709479: Camellia: 16 bytes with 256-bit key
- Mar 27 18:08:51.709538: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.709567: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.709575: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.709618: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.709629: Camellia: 16 bytes with 256-bit key
- Mar 27 18:08:51.709865: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.709945: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.709967: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710032: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710043: testing AES_GCM_16:
- Mar 27 18:08:51.710051: empty string
- Mar 27 18:08:51.710113: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.710145: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.710153: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710194: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710206: one block
- Mar 27 18:08:51.710266: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.710297: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.710306: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710341: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710354: two blocks
- Mar 27 18:08:51.710413: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.710444: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.710454: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710492: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710503: two blocks with associated data
- Mar 27 18:08:51.710563: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.710594: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.710603: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710738: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710763: testing AES_CTR:
- Mar 27 18:08:51.710772: Encrypting 16 octets using AES-CTR with 128-bit key
- Mar 27 18:08:51.710838: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.710868: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.710876: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.710916: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.710927: Encrypting 32 octets using AES-CTR with 128-bit key
- Mar 27 18:08:51.710983: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711012: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711028: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711074: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711085: Encrypting 36 octets using AES-CTR with 128-bit key
- Mar 27 18:08:51.711150: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711180: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711189: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711238: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711249: Encrypting 16 octets using AES-CTR with 192-bit key
- Mar 27 18:08:51.711307: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711337: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711346: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711386: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711397: Encrypting 32 octets using AES-CTR with 192-bit key
- Mar 27 18:08:51.711456: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711485: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711494: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711541: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711552: Encrypting 36 octets using AES-CTR with 192-bit key
- Mar 27 18:08:51.711694: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711730: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711738: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711789: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711800: Encrypting 16 octets using AES-CTR with 256-bit key
- Mar 27 18:08:51.711860: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.711890: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.711899: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.711939: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.711950: Encrypting 32 octets using AES-CTR with 256-bit key
- Mar 27 18:08:51.712010: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712039: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712048: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.712095: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.712106: Encrypting 36 octets using AES-CTR with 256-bit key
- Mar 27 18:08:51.712165: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712195: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712203: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.712252: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.712263: testing AES_CBC:
- Mar 27 18:08:51.712271: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
- Mar 27 18:08:51.712329: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712358: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712378: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.712419: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.712430: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
- Mar 27 18:08:51.712489: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712518: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712527: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.712595: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.712610: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
- Mar 27 18:08:51.712713: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712757: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712766: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.712867: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.712883: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
- Mar 27 18:08:51.712943: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.712973: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
- Mar 27 18:08:51.712981: | symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.713056: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
- Mar 27 18:08:51.713068: testing AES_XCBC:
- Mar 27 18:08:51.713078: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
- Mar 27 18:08:51.713143: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713175: | result: newref key-key@0x560a7383fbf0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713184: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.713218: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.713227: | PRF chunk interface: delref clone-key@0x560a7383fbf0
- Mar 27 18:08:51.713306: | result: newref k1-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713339: | result: newref k1-key@0x560a7383fbf0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.713348: | k1: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.713373: | xcbc: delref k1-key@0x560a7383fbf0
- Mar 27 18:08:51.713385: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.713449: | result: newref key symkey-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713481: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713490: | key symkey: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.713524: | result: newref key symkey-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.713691: | result: newref k1-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713725: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.713734: | k1: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.713758: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.713817: | result: newref xcbc-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713856: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.713865: | xcbc: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.713877: | PRF symkey interface: delref key-key@0x560a7383fbf0
- Mar 27 18:08:51.713910: | RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.713935: | RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.713948: | test_prf_vector: delref message-key@NULL
- Mar 27 18:08:51.713956: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.713967: | test_prf_vector: delref output-key@0x560a73842eb0
- Mar 27 18:08:51.713978: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
- Mar 27 18:08:51.714039: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714068: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714077: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.714108: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.714117: | PRF chunk interface: delref clone-key@0x560a73842eb0
- Mar 27 18:08:51.714181: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714211: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.714220: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.714242: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.714254: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.714313: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714343: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714351: | key symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.714383: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.714439: | result: newref message symkey-key@0x560a73846a10 (19-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714469: | result: newref message symkey-key@0x560a7383fbf0 (3-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714477: | message symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.714508: | symkey message: newref slot-key@0x560a73848340 (3-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.714556: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.714699: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714742: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.714751: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.714778: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.714838: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714867: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.714876: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.714887: | PRF symkey interface: delref key-key@0x560a73842eb0
- Mar 27 18:08:51.714918: | RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.714955: | RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.714968: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.714979: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.714990: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.715001: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
- Mar 27 18:08:51.715063: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715093: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715101: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.715133: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.715144: | PRF chunk interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.715214: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715246: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.715255: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.715280: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.715292: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.715355: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715388: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715396: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.715430: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.715491: | result: newref message symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715538: | result: newref message symkey-key@0x560a7383fbf0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715592: | message symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.715626: | symkey message: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.715649: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.715715: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715745: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.715753: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.715776: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.715838: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715870: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.715881: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.715893: | PRF symkey interface: delref key-key@0x560a73846a10
- Mar 27 18:08:51.715926: | RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.715951: | RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.715964: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.715977: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.715988: | test_prf_vector: delref output-key@0x560a73842eb0
- Mar 27 18:08:51.716011: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
- Mar 27 18:08:51.716079: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716111: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716120: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.716154: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.716163: | PRF chunk interface: delref clone-key@0x560a73842eb0
- Mar 27 18:08:51.716232: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716264: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.716275: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.716305: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.716317: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.716380: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716412: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716421: | key symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.716455: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.716546: | result: newref message symkey-key@0x560a73846a10 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716581: | result: newref message symkey-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716591: | message symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.716653: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.716677: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.716742: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716772: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.716781: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.716808: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.716867: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716897: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.716905: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.716916: | PRF symkey interface: delref key-key@0x560a73842eb0
- Mar 27 18:08:51.716948: | RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.716972: | RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.716985: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.716998: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.717009: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.717020: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
- Mar 27 18:08:51.717091: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717123: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717131: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.717175: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.717186: | PRF chunk interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.717256: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717288: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.717297: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.717326: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.717338: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.717402: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717434: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717442: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.717491: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.717602: | result: newref message symkey-key@0x560a73842eb0 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717637: | result: newref message symkey-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717646: | message symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.717677: | symkey message: newref slot-key@0x560a73848340 (32-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.717699: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.717765: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717794: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.717803: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.717830: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.717889: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717919: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.717927: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.717938: | PRF symkey interface: delref key-key@0x560a73846a10
- Mar 27 18:08:51.717972: | RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.717996: | RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.718009: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.718023: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.718034: | test_prf_vector: delref output-key@0x560a73842eb0
- Mar 27 18:08:51.718045: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
- Mar 27 18:08:51.718116: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718148: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718157: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.718190: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.718199: | PRF chunk interface: delref clone-key@0x560a73842eb0
- Mar 27 18:08:51.718269: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718312: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.718321: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.718356: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.718368: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.718432: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718498: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718511: | key symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.718599: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.718710: | result: newref message symkey-key@0x560a73846a10 (50-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718744: | result: newref message symkey-key@0x560a7383fbf0 (34-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718753: | message symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.718784: | symkey message: newref slot-key@0x560a73848340 (34-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.718807: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.718872: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.718902: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.718910: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.718942: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.719001: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719031: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719039: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.719050: | PRF symkey interface: delref key-key@0x560a73842eb0
- Mar 27 18:08:51.719081: | RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.719103: | RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.719115: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.719127: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.719141: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.719153: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
- Mar 27 18:08:51.719258: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719292: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719300: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.719332: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.719341: | PRF chunk interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.719407: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719474: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.719492: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.719815: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.719830: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.719894: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719935: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.719945: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.719979: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.720040: | result: newref message symkey-key@0x560a73842eb0 (1016-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720077: | result: newref message symkey-key@0x560a7383fbf0 (1000-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720088: | message symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.720126: | symkey message: newref slot-key@0x560a73848340 (1000-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.720156: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.720226: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720259: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.720267: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.720673: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.720738: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720768: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720777: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.720788: | PRF symkey interface: delref key-key@0x560a73846a10
- Mar 27 18:08:51.720819: | RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.720841: | RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.720854: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.720865: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.720876: | test_prf_vector: delref output-key@0x560a73842eb0
- Mar 27 18:08:51.720887: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
- Mar 27 18:08:51.720955: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720988: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.720996: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.721030: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.721039: | PRF chunk interface: delref clone-key@0x560a73842eb0
- Mar 27 18:08:51.721118: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721149: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.721158: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.721187: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.721198: | PRF chunk interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.721260: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721291: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721300: | key symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.721332: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.721472: | result: newref message symkey-key@0x560a73846a10 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721545: | result: newref message symkey-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721563: | message symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.721594: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.721616: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.721679: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721708: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.721717: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.721743: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.721800: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721829: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.721837: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.721848: | PRF symkey interface: delref key-key@0x560a73842eb0
- Mar 27 18:08:51.721878: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.721899: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.721911: | test_prf_vector: delref message-key@0x560a7383fbf0
- Mar 27 18:08:51.721922: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.721933: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.721943: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
- Mar 27 18:08:51.722003: | result: newref key-key@0x560a73841460 (26-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722032: | result: newref key-key@0x560a73846a10 (10-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722040: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.722051: | xcbc: addref local_draft_key-key@0x560a73846a10
- Mar 27 18:08:51.722084: | result: newref local_draft_key+=0-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722092: | append_symkey_bytes: delref lhs-key@0x560a73846a10
- Mar 27 18:08:51.722120: | result: newref PRF chunk interface-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +205 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.722129: | PRF chunk interface: delref local_draft_key-key@0x560a73841460
- Mar 27 18:08:51.722143: | PRF chunk interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.722263: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722296: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.722304: | k1: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.722370: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.722386: | PRF chunk interface: delref key-key@0x560a7383fbf0
- Mar 27 18:08:51.722453: | result: newref key symkey-key@0x560a73846a10 (26-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722482: | result: newref key symkey-key@0x560a7383fbf0 (10-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722491: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.722511: | xcbc: addref local_draft_key-key@0x560a7383fbf0
- Mar 27 18:08:51.722544: | result: newref local_draft_key+=0-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722553: | append_symkey_bytes: delref lhs-key@0x560a7383fbf0
- Mar 27 18:08:51.722580: | result: newref PRF symkey interface-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +205 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.722589: | PRF symkey interface: delref local_draft_key-key@0x560a73846a10
- Mar 27 18:08:51.722646: | result: newref message symkey-key@0x560a73842eb0 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722675: | result: newref message symkey-key@0x560a73846a10 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722684: | message symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.722716: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.722740: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.722808: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722839: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.722848: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.722876: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.722938: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722969: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.722977: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.722990: | PRF symkey interface: delref key-key@0x560a73841460
- Mar 27 18:08:51.723023: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.723044: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.723058: | test_prf_vector: delref message-key@0x560a73846a10
- Mar 27 18:08:51.723069: | test_prf_vector: delref key-key@0x560a7383fbf0
- Mar 27 18:08:51.723080: | test_prf_vector: delref output-key@0x560a73842eb0
- Mar 27 18:08:51.723093: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
- Mar 27 18:08:51.723158: | result: newref key-key@0x560a7383fbf0 (34-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723189: | result: newref key-key@0x560a73842eb0 (18-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723198: | key: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.723259: | result: newref zero_key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723290: | result: newref zero_key-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +216 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.723299: | zero_key: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.723384: | draft_chunk: newref slot-key@0x560a73848340 (18-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.723449: | draft_chunk: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.723530: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723559: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.723568: | k1: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.723594: | xcbc: delref k1-key@0x560a73846a10
- Mar 27 18:08:51.723651: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723688: | result: newref key-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +220 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.723697: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.723708: | PRF chunk interface: delref zero_key-key@0x560a7383fbf0
- Mar 27 18:08:51.723719: | PRF chunk interface: delref clone-key@0x560a73842eb0
- Mar 27 18:08:51.723782: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723811: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.723820: | k1: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.723846: | xcbc: delref k1-key@0x560a73842eb0
- Mar 27 18:08:51.723857: | PRF chunk interface: delref key-key@0x560a73846a10
- Mar 27 18:08:51.723914: | result: newref key symkey-key@0x560a73842eb0 (34-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723943: | result: newref key symkey-key@0x560a73846a10 (18-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.723951: | key symkey: delref tmp-key@0x560a73842eb0
- Mar 27 18:08:51.724008: | result: newref zero_key-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724040: | result: newref zero_key-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +216 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.724050: | zero_key: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.724082: | draft_chunk: newref slot-key@0x560a73848340 (18-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.724104: | draft_chunk: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.724173: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724202: | result: newref k1-key@0x560a7383fbf0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.724213: | k1: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.724241: | xcbc: delref k1-key@0x560a7383fbf0
- Mar 27 18:08:51.724404: | result: newref key symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724458: | result: newref key symkey-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +220 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.724467: | key symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.724478: | PRF symkey interface: delref zero_key-key@0x560a73842eb0
- Mar 27 18:08:51.724536: | result: newref message symkey-key@0x560a73841460 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724565: | result: newref message symkey-key@0x560a73842eb0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724574: | message symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.724603: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.724625: | symkey message: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.724688: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724717: | result: newref k1-key@0x560a73841460 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
- Mar 27 18:08:51.724725: | k1: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.724751: | xcbc: delref k1-key@0x560a73841460
- Mar 27 18:08:51.724808: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724837: | result: newref xcbc-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.724854: | xcbc: delref tmp-key@0x560a73848480
- Mar 27 18:08:51.724865: | PRF symkey interface: delref key-key@0x560a7383fbf0
- Mar 27 18:08:51.724896: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.724917: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.724929: | test_prf_vector: delref message-key@0x560a73842eb0
- Mar 27 18:08:51.724940: | test_prf_vector: delref key-key@0x560a73846a10
- Mar 27 18:08:51.724951: | test_prf_vector: delref output-key@0x560a73841460
- Mar 27 18:08:51.724962: testing HMAC_MD5:
- Mar 27 18:08:51.724969: RFC 2104: MD5_HMAC test 1
- Mar 27 18:08:51.725028: | result: newref key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725057: | result: newref key-key@0x560a73841460 (16-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.725065: | key: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.725082: | PRF chunk interface: delref clone-key@0x560a73841460
- Mar 27 18:08:51.725145: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725174: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725182: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.725212: | result: newref clone-key@0x560a73846a10 (16-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.725226: | PRF symkey interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.725386: | result: newref message symkey-key@0x560a7383fbf0 (24-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725422: | result: newref message symkey-key@0x560a73842eb0 (8-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725431: | message symkey: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.725470: | nss hmac digest hack: newref slot-key@0x560a73848340 (8-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.725493: | nss hmac digest hack: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.725558: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725587: | result: newref final-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725595: | final: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.725625: | RFC 2104: MD5_HMAC test 1: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.725646: | RFC 2104: MD5_HMAC test 1: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.725658: | test_prf_vector: delref message-key@0x560a73842eb0
- Mar 27 18:08:51.725669: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.725680: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.725690: RFC 2104: MD5_HMAC test 2
- Mar 27 18:08:51.725747: | result: newref key-key@0x560a73841460 (20-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725776: | result: newref key-key@0x560a73846a10 (4-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.725784: | key: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.725800: | PRF chunk interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.725866: | result: newref key symkey-key@0x560a73841460 (20-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725897: | result: newref key symkey-key@0x560a73846a10 (4-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.725906: | key symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.725947: | result: newref clone-key@0x560a73841460 (4-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.725963: | PRF symkey interface: delref clone-key@0x560a73841460
- Mar 27 18:08:51.726022: | result: newref message symkey-key@0x560a7383fbf0 (44-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726053: | result: newref message symkey-key@0x560a73842eb0 (28-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726062: | message symkey: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.726094: | nss hmac digest hack: newref slot-key@0x560a73848340 (28-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.726118: | nss hmac digest hack: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.726187: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726218: | result: newref final-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726227: | final: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.726393: | RFC 2104: MD5_HMAC test 2: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.726422: | RFC 2104: MD5_HMAC test 2: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.726482: | test_prf_vector: delref message-key@0x560a73842eb0
- Mar 27 18:08:51.726506: | test_prf_vector: delref key-key@0x560a73846a10
- Mar 27 18:08:51.726526: | test_prf_vector: delref output-key@0x560a73841460
- Mar 27 18:08:51.726537: RFC 2104: MD5_HMAC test 3
- Mar 27 18:08:51.726601: | result: newref key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726630: | result: newref key-key@0x560a73841460 (16-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.726638: | key: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.726654: | PRF chunk interface: delref clone-key@0x560a73841460
- Mar 27 18:08:51.726716: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726745: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726753: | key symkey: delref tmp-key@0x560a73846a10
- Mar 27 18:08:51.726784: | result: newref clone-key@0x560a73846a10 (16-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
- Mar 27 18:08:51.726797: | PRF symkey interface: delref clone-key@0x560a73846a10
- Mar 27 18:08:51.726857: | result: newref message symkey-key@0x560a7383fbf0 (66-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726889: | result: newref message symkey-key@0x560a73842eb0 (50-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.726898: | message symkey: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.726930: | nss hmac digest hack: newref slot-key@0x560a73848340 (50-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.726954: | nss hmac digest hack: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.727023: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727055: | result: newref final-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727063: | final: delref tmp-key@0x560a7383fbf0
- Mar 27 18:08:51.727095: | RFC 2104: MD5_HMAC test 3: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.727119: | RFC 2104: MD5_HMAC test 3: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.727131: | test_prf_vector: delref message-key@0x560a73842eb0
- Mar 27 18:08:51.727144: | test_prf_vector: delref key-key@0x560a73841460
- Mar 27 18:08:51.727163: | test_prf_vector: delref output-key@0x560a73846a10
- Mar 27 18:08:51.727177: testing HMAC_SHA1:
- Mar 27 18:08:51.727185: CAVP: IKEv2 key derivation with HMAC-SHA1
- Mar 27 18:08:51.727344: | result: newref gir symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727389: | result: newref gir symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727398: | gir symkey: delref tmp-key@0x560a73841460
- Mar 27 18:08:51.727436: | result: newref skeyseed-key@0x560a73841460 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)(ike_sa_skeyseed() +106 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
- Mar 27 18:08:51.727461: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)
- Mar 27 18:08:51.727483: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.727528: | result: newref keymat-key@0x560a73842eb0 (132-bytes, EXTRACT_KEY_FROM_KEY)(prfplus_key_data() +61 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
- Mar 27 18:08:51.727557: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (132-bytes, EXTRACT_KEY_FROM_KEY)
- Mar 27 18:08:51.727578: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.727611: | result: newref SK_d-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(test_kdf_vector() +311 lib/libswan/ike_alg_prf_test_vectors.c)
- Mar 27 18:08:51.727675: | result: newref gir_new symkey-key@0x560a738440b0 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727707: | result: newref gir_new symkey-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
- Mar 27 18:08:51.727715: | gir_new symkey: delref tmp-key@0x560a738440b0
- Mar 27 18:08:51.727755: | result: newref skeyseed-key@0x560a738440b0 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)(ike_sa_rekey_skeyseed() +136 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
- Mar 27 18:08:51.727787: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)
- Mar 27 18:08:51.727820: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
- Mar 27 18:08:51.727835: | test_kdf_vector: delref gir-key@0x560a73846a10
- Mar 27 18:08:51.727845: | test_kdf_vector: delref gir_new-key@0x560a73848480
- Mar 27 18:08:51.727856: | test_kdf_vector: delref skeyseed-key@0x560a73841460
- Mar 27 18:08:51.727869: | test_kdf_vector: delref dkm-key@0x560a73842eb0
- Mar 27 18:08:51.727880: | test_kdf_vector: delref skd-key@0x560a7383fbf0
- Mar 27 18:08:51.727893: | test_kdf_vector: delref skeyseed_rekey-key@0x560a738440b0
- Mar 27 18:08:51.727905: | building Vendor ID table
- Mar 27 18:08:51.728757: | verifying VID lookup table
- Mar 27 18:08:51.728772: | Vendor ID 'Openswan(project)' and 'Libreswan (3.6+)' clash
- Mar 27 18:08:51.728780: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.728789: | 4f 45 [OE]
- Mar 27 18:08:51.728796: | 68 Libreswan (3.6+) substring+hexa
- Mar 27 18:08:51.728812: | 4f 45 2d 4c 69 62 72 65 73 77 61 6e 2d [OE-Libreswan-]
- Mar 27 18:08:51.728820: | Vendor ID 'Openswan(project)' and 'Libreswan (this version)' clash
- Mar 27 18:08:51.728827: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.728836: | 4f 45 [OE]
- Mar 27 18:08:51.728843: | 67 Libreswan (this version)
- Mar 27 18:08:51.728863: | 4f 45 2d 4c 69 62 72 65 73 77 61 6e 2d 35 2e 30 7e 72 63 32 [OE-Libreswan-5.0~rc2]
- Mar 27 18:08:51.728871: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00' clash
- Mar 27 18:08:51.728879: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.728887: | 4f 45 [OE]
- Mar 27 18:08:51.728894: | 59 FreeS/WAN 2.00
- Mar 27 18:08:51.728913: | 4f 45 44 76 5b 57 6b 40 45 41 74 47 [OEDv[Wk@EAtG]
- Mar 27 18:08:51.728921: | Vendor ID 'Openswan(project)' and 'Openswan 2.2.0' clash
- Mar 27 18:08:51.728928: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.729007: | 4f 45 [OE]
- Mar 27 18:08:51.729051: | 62 Openswan 2.2.0
- Mar 27 18:08:51.729067: | 4f 45 48 72 4b 6e 5e 68 55 7c 60 4f [OEHrKn^hU|`O]
- Mar 27 18:08:51.729084: | Vendor ID 'Openswan(project)' and 'Libreswan 3.0 - 3.5' clash
- Mar 27 18:08:51.729092: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.729101: | 4f 45 [OE]
- Mar 27 18:08:51.729108: | 69 Libreswan 3.0 - 3.5 substring+match
- Mar 27 18:08:51.729117: | 4f 45 4e [OEN]
- Mar 27 18:08:51.729125: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00 (X.509-1.3.1 + LDAP)' clash
- Mar 27 18:08:51.729132: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.729141: | 4f 45 [OE]
- Mar 27 18:08:51.729148: | 61 FreeS/WAN 2.00 (X.509-1.3.1 + LDAP)
- Mar 27 18:08:51.729174: | 4f 45 57 5d 6a 53 43 42 46 74 79 6e [OEW]jSCBFtyn]
- Mar 27 18:08:51.729222: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00 (X.509-1.3.1)' clash
- Mar 27 18:08:51.729290: | 64 Openswan(project) substring+match
- Mar 27 18:08:51.729300: | 4f 45 [OE]
- Mar 27 18:08:51.729307: | 60 FreeS/WAN 2.00 (X.509-1.3.1)
- Mar 27 18:08:51.729323: | 4f 45 77 4e 4a 43 52 71 6e 45 48 6f [OEwNJCRqnEHo]
- Mar 27 18:08:51.729360: 3 CPU cores online
- Mar 27 18:08:51.729378: starting up 3 helper threads
- Mar 27 18:08:51.729389: | string logger: newref @0x560a738451b8(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
- Mar 27 18:08:51.729466: started thread for helper 0
- Mar 27 18:08:51.729479: | string logger: newref @0x560a73844838(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
- Mar 27 18:08:51.729523: | starting thread
- Mar 27 18:08:51.729572: helper(1): seccomp security for helper not supported
- Mar 27 18:08:51.729585: | starting thread
- Mar 27 18:08:51.729524: started thread for helper 1
- Mar 27 18:08:51.729669: | string logger: newref @0x560a7381b098(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
- Mar 27 18:08:51.729590: | status value returned by setting the priority of this thread: 22
- Mar 27 18:08:51.729718: | helper 1: waiting for work
- Mar 27 18:08:51.729749: started thread for helper 2
- Mar 27 18:08:51.729767: | starting thread
- Mar 27 18:08:51.729778: helper(3): seccomp security for helper not supported
- Mar 27 18:08:51.729632: helper(2): seccomp security for helper not supported
- Mar 27 18:08:51.729778: using Linux xfrm kernel support code on #20240227 SMP PREEMPT Tue Feb 27 08:58:35 UTC 2024
- Mar 27 18:08:51.729786: | status value returned by setting the priority of this thread: 22
- Mar 27 18:08:51.729823: | helper 3: waiting for work
- Mar 27 18:08:51.729802: | status value returned by setting the priority of this thread: 22
- Mar 27 18:08:51.729846: | helper 2: waiting for work
- Mar 27 18:08:51.729891: | fdl: newref @0x560a7384f408(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.729903: | libevent: newref @0x560a738438c8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.729926: | fdl: newref @0x560a73850e68(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.729937: | libevent: newref @0x560a73843888(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.729947: | Hard-wiring algorithms
- Mar 27 18:08:51.729955: | adding AES_CCM_16 to kernel algorithm db
- Mar 27 18:08:51.729963: | adding AES_CCM_12 to kernel algorithm db
- Mar 27 18:08:51.729970: | adding AES_CCM_8 to kernel algorithm db
- Mar 27 18:08:51.729978: | adding 3DES_CBC to kernel algorithm db
- Mar 27 18:08:51.729985: | adding CAMELLIA_CBC to kernel algorithm db
- Mar 27 18:08:51.729993: | adding AES_GCM_16 to kernel algorithm db
- Mar 27 18:08:51.730001: | adding AES_GCM_12 to kernel algorithm db
- Mar 27 18:08:51.730008: | adding AES_GCM_8 to kernel algorithm db
- Mar 27 18:08:51.730016: | adding AES_CTR to kernel algorithm db
- Mar 27 18:08:51.730023: | adding AES_CBC to kernel algorithm db
- Mar 27 18:08:51.730031: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
- Mar 27 18:08:51.730039: | adding NULL to kernel algorithm db
- Mar 27 18:08:51.730047: | adding CHACHA20_POLY1305 to kernel algorithm db
- Mar 27 18:08:51.730066: | adding HMAC_MD5_96 to kernel algorithm db
- Mar 27 18:08:51.730073: | adding HMAC_SHA1_96 to kernel algorithm db
- Mar 27 18:08:51.730081: | adding HMAC_SHA2_512_256 to kernel algorithm db
- Mar 27 18:08:51.730089: | adding HMAC_SHA2_384_192 to kernel algorithm db
- Mar 27 18:08:51.730096: | adding HMAC_SHA2_256_128 to kernel algorithm db
- Mar 27 18:08:51.730104: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
- Mar 27 18:08:51.730111: | adding AES_XCBC_96 to kernel algorithm db
- Mar 27 18:08:51.730119: | adding AES_CMAC_96 to kernel algorithm db
- Mar 27 18:08:51.730126: | adding NONE to kernel algorithm db
- Mar 27 18:08:51.730150: | sendrecv_xfrm_msg() sending 29 flush policy
- Mar 27 18:08:51.730280: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
- Mar 27 18:08:51.730293: | sendrecv_xfrm_msg() sending 28 flush state
- Mar 27 18:08:51.730317: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
- Mar 27 18:08:51.730362: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
- Mar 27 18:08:51.730373: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
- Mar 27 18:08:51.730382: | global one-shot timer EVENT_CHECK_CRLS initialized
- Mar 27 18:08:51.730389: | CRL: checking disabled
- Mar 27 18:08:51.730397: selinux support is NOT enabled.
- Mar 27 18:08:51.730435: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
- Mar 27 18:08:51.730443: watchdog: sending probes every 100 secs
- Mar 27 18:08:51.730452: | pluto_sd: executing action action: start(2), status 0
- Mar 27 18:08:51.730512: | global periodic timer EVENT_SD_WATCHDOG enabled with interval of 100 seconds
- Mar 27 18:08:51.732533: | unbound context created - setting debug level to 5
- Mar 27 18:08:51.732590: | /etc/hosts lookups activated
- Mar 27 18:08:51.732621: | /etc/resolv.conf usage activated
- Mar 27 18:08:51.732910: | outgoing-port-avoid set 0-65535
- Mar 27 18:08:51.733047: | outgoing-port-permit set 32768-60999
- Mar 27 18:08:51.733056: | loading dnssec root key from:/usr/share/dns/root.key
- Mar 27 18:08:51.733064: | no additional dnssec trust anchors defined via dnssec-trusted= option
- Mar 27 18:08:51.733101: | Setting up events, loop start
- Mar 27 18:08:51.733113: | fdl: newref @0x560a73854758(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.733127: | libevent: newref @0x560a7381b528(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733152: | libevent: newref @0x560a73854828(0->1) (libevent_realloc() +969 programs/pluto/server.c)
- Mar 27 18:08:51.733180: | libevent: newref @0x560a73843988(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733198: | libevent: newref @0x560a7384bed8(0->1) (libevent_realloc() +969 programs/pluto/server.c)
- Mar 27 18:08:51.733208: | libevent: newref @0x560a7381f1e8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733230: | libevent: newref @0x560a73843208(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733270: | signal event handler PLUTO_SIGCHLD installed
- Mar 27 18:08:51.733285: | libevent: newref @0x560a73843508(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733296: | libevent: newref @0x560a737bad38(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733306: | signal event handler PLUTO_SIGTERM installed
- Mar 27 18:08:51.733325: | libevent: newref @0x560a73849e68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733335: | libevent: newref @0x560a737bab68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.733344: | signal event handler PLUTO_SIGHUP installed
- Mar 27 18:08:51.734204: | created addconn helper (pid:1301457) using fork+execve
- Mar 27 18:08:51.734233: | forked child addconn 1301457
- Mar 27 18:08:51.734274: | pid: newref @0x560a73854958(0->1) (add_pid() +135 programs/pluto/server_fork.c)
- Mar 27 18:08:51.734302: | clone logger: newref @0x560a7381a418(0->1) (add_pid() +143 programs/pluto/server_fork.c)
- Mar 27 18:08:51.734329: | fdl: newref @0x560a73854a28(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.734370: | libevent: newref @0x560a7384f4d8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.734394: seccomp security not supported
- Mar 27 18:08:51.741410: | struct fd: newref @0x560a7384f518(0->1) (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.741436: | fd_accept: new fd@0x560a7384f518 (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.741473: | processing message from addconn
- Mar 27 18:08:51.741484: | whack: addconn: start: 'tunnel1' (logger@0x7fffc3c01d50/fd@0x560a7384f518/fd@(nil))
- Mar 27 18:08:51.741494: | FOR_EACH_CONNECTION_.... in (whack_connections_by_name() +79 programs/pluto/whack_connection.c)
- Mar 27 18:08:51.741503: | matches: 0
- Mar 27 18:08:51.741521: | FOR_EACH_CONNECTION_.... in (whack_connections_by_alias() +115 programs/pluto/whack_connection.c)
- Mar 27 18:08:51.741529: | matches: 0
- Mar 27 18:08:51.741537: | FOR_EACH_CONNECTION_.... in (connection_with_name_exists() +210 programs/pluto/connections.c)
- Mar 27 18:08:51.741545: | matches: 0
- Mar 27 18:08:51.741557: | struct connection: newref @0x560a738554d8(0->1) (add_connection() +3578 programs/pluto/connections.c)
- Mar 27 18:08:51.741569: | alloc logger: newref @0x560a7381a508(0->1) (add_connection() +3578 programs/pluto/connections.c)
- Mar 27 18:08:51.741579: | struct fd: addref @0x560a7384f518(1->2) (alloc_connection() +2034 programs/pluto/connections.c)
- Mar 27 18:08:51.741588: | "tunnel1": attach whack fd@0x560a7384f518 to empty logger 0x560a7381a508 slot 0
- Mar 27 18:08:51.741598: | left connection is CK_TEMPLATE: unspecified right address yet policy negotiate
- Mar 27 18:08:51.741606: | right connection is CK_TEMPLATE: unspecified right address yet policy negotiate
- Mar 27 18:08:51.741623: | added new IKEv2 connection "tunnel1" with policy IKEv2+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
- Mar 27 18:08:51.741784: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.741794: | constructing local IKE proposals for "tunnel1"
- Mar 27 18:08:51.741802: | generating IKEv2 IKE proposals
- Mar 27 18:08:51.741816: | converting IKE proposal AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
- Mar 27 18:08:51.741832: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.741843: | converting IKE proposal AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
- Mar 27 18:08:51.741867: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.741920: | converting IKE proposal CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
- Mar 27 18:08:51.741930: | omitting IKEv2 IKE CHACHA20_POLY1305 ENCRYPT transform key-length
- Mar 27 18:08:51.741952: | ... ikev2_proposal: 3:IKE=CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.741963: | converting IKE proposal AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
- Mar 27 18:08:51.741977: | ... ikev2_proposal: 4:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.741999: | converting IKE proposal AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
- Mar 27 18:08:51.742013: | ... ikev2_proposal: 5:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742022: "tunnel1": IKE SA proposals (connection add):
- Mar 27 18:08:51.742035: "tunnel1": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742048: "tunnel1": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742063: "tunnel1": 3:IKE=CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742076: "tunnel1": 4:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742091: "tunnel1": 5:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
- Mar 27 18:08:51.742214: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, CHACHA20_POLY1305-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
- Mar 27 18:08:51.742225: | constructing ESP/AH proposals for loading config with strip_dh=yes ms_dh_downgrade=no default_dh=NONE
- Mar 27 18:08:51.742239: | converting proposal AES_GCM_16_256-NONE to ikev2 pass 1 ...
- Mar 27 18:08:51.742253: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742262: | converting proposal AES_GCM_16_128-NONE to ikev2 pass 1 ...
- Mar 27 18:08:51.742273: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742283: | converting proposal CHACHA20_POLY1305-NONE to ikev2 pass 1 ...
- Mar 27 18:08:51.742291: | omitting IKEv2 ESP CHACHA20_POLY1305 ENCRYPT transform key-length
- Mar 27 18:08:51.742302: | ... ikev2_proposal: 3:ESP=CHACHA20_POLY1305-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742311: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 pass 1 ...
- Mar 27 18:08:51.742325: | ... ikev2_proposal: 4:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
- Mar 27 18:08:51.742334: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 pass 1 ...
- Mar 27 18:08:51.742347: | ... ikev2_proposal: 5:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
- Mar 27 18:08:51.742355: "tunnel1": Child SA proposals (connection add):
- Mar 27 18:08:51.742366: "tunnel1": 1:ESP=AES_GCM_C_256-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742378: "tunnel1": 2:ESP=AES_GCM_C_128-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742388: "tunnel1": 3:ESP=CHACHA20_POLY1305-NONE-NONE-ESN:YES+NO
- Mar 27 18:08:51.742399: "tunnel1": 4:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
- Mar 27 18:08:51.742412: "tunnel1": 5:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
- Mar 27 18:08:51.742421: | ikelifetime=whack (28800)
- Mar 27 18:08:51.742430: | ipsec-lifetime=whack (28800)
- Mar 27 18:08:51.742439: | c->sa_reqid=0 because wm->sa_reqid=0 and sec-label=n/a
- Mar 27 18:08:51.742456: | fake leftauth=secret leftauthby=PSK from whack authby PSK
- Mar 27 18:08:51.742468: | fake rightauth=secret rightauthby=PSK from whack authby PSK
- Mar 27 18:08:51.742481: | updating host ends from left.host.addr 192.168.1.10
- Mar 27 18:08:51.742489: | updated left.host_port from 0 to 500
- Mar 27 18:08:51.742501: | updated right.host_nexthop from 0.0.0.0 to 192.168.1.10
- Mar 27 18:08:51.742513: | updating host ends from right.host.addr 0.0.0.0
- Mar 27 18:08:51.742521: "tunnel1": warning: keyingtries=3 ignored, UP connection will attempt to establish until marked DOWN
- Mar 27 18:08:51.742555: | left child selectors from leftsubnet (selector); left.config.has_client=true
- Mar 27 18:08:51.742573: | ttoselectors_num() input: 192.168.10.0/24
- Mar 27 18:08:51.742631: | ttoselectors_num() nr tokens 1
- Mar 27 18:08:51.742659: | right child selectors unknown; probably derived from host?!?
- Mar 27 18:08:51.742672: | child.reqid=16388 because c->sa_reqid=0 (generate)
- Mar 27 18:08:51.742690: | set_connection_selector_proposals() left selector from 1 child.selectors
- Mar 27 18:08:51.742708: | left.child.has_client: no -> yes (set_connection_selector_proposals() +1625 programs/pluto/connections.c)
- Mar 27 18:08:51.742716: | set_connection_selector_proposals() right selector proposals from unset host family
- Mar 27 18:08:51.742726: | append_end_selector() right.child.selectors.proposed[0] <unset-selector> (set_connection_selector_proposals() +1665 programs/pluto/connections.c)
- Mar 27 18:08:51.742734: | adding connection spds using proposed
- Mar 27 18:08:51.742742: | left=1 right=1
- Mar 27 18:08:51.742750: | left[IPv4]=1 right[IPv4]=1
- Mar 27 18:08:51.742758: | left[IPv6]=0 right[IPv6]=0
- Mar 27 18:08:51.742765: | allocating 1 SPDs
- Mar 27 18:08:51.742774: | <unset-selectors>
- Mar 27 18:08:51.742786: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
- Mar 27 18:08:51.742794: | right child spd from selector <unset-selector> right.spd.has_client=no virt=no
- Mar 27 18:08:51.742815: | "tunnel1": 192.168.1.10->0.0.0.0 oriented=no
- Mar 27 18:08:51.742823: | orienting "tunnel1"
- Mar 27 18:08:51.742845: | left host type=IPADDR address=192.168.1.10 port=500 ikeport=0 encap=no tcp=no
- Mar 27 18:08:51.742909: | right host type=ANY address=0.0.0.0 port=500 ikeport=0 encap=no tcp=no
- Mar 27 18:08:51.742919: "tunnel1": added IKEv2 connection
- Mar 27 18:08:51.742956: | ike_life: 28800; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; replay_window: 128; policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES ipsec_max_bytes: 9223372036854775808 ipsec_max_packets 9223372036854775808
- Mar 27 18:08:51.742968: | "tunnel1": detach whack fd@0x560a7384f518 from logger 0x560a7381a508 slot 0 (add_connection() +3616 programs/pluto/connections.c)
- Mar 27 18:08:51.743004: | delref @0x560a7384f518(2->1) (add_connection() +3616 programs/pluto/connections.c)
- Mar 27 18:08:51.743014: | whack: addconn: stop: 'tunnel1' (logger@0x7fffc3c01d50/fd@0x560a7384f518/fd@(nil))
- Mar 27 18:08:51.743024: | delref @0x560a7384f518(1->0) (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.743045: | freeref fd@0x560a7384f518 (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.743060: | spent 1.68 (1.68) milliseconds in whack
- Mar 27 18:08:51.743128: addconn: "tunnel1": warning: keyingtries=3 ignored, UP connection will attempt to establish until marked DOWN
- Mar 27 18:08:51.743150: addconn: "tunnel1": added IKEv2 connection
- Mar 27 18:08:51.743158: addconn:
- Mar 27 18:08:51.743190: | struct fd: newref @0x560a73854af8(0->1) (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.743203: | fd_accept: new fd@0x560a73854af8 (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.743233: | processing message from addconn
- Mar 27 18:08:51.743245: | whack: listen: start: (logger@0x7fffc3c01d50/fd@0x560a73854af8/fd@(nil))
- Mar 27 18:08:51.743255: | pluto_sd: executing action action: reloading(4), status 0
- Mar 27 18:08:51.743351: listening for IKE messages
- Mar 27 18:08:51.743380: | finding raw interfaces of type IPv4
- Mar 27 18:08:51.743402: | allocated 2560 buffer for SIOCGIFCONF
- Mar 27 18:08:51.743421: | ioctl(SIOCGIFCONF) returned 280 bytes (roughly 7 IPv4 interfaces)
- Mar 27 18:08:51.743436: | found IPv4 interface lo with address 127.0.0.1
- Mar 27 18:08:51.743449: | found IPv4 interface enp0s3 with address 192.168.1.10
- Mar 27 18:08:51.743462: | found IPv4 interface enp0s8 with address 192.168.10.25
- Mar 27 18:08:51.743474: | found IPv4 interface enp0s8 with address 172.16.10.1
- Mar 27 18:08:51.743487: | found IPv4 interface enp0s8 with address 192.168.10.26
- Mar 27 18:08:51.743499: | found IPv4 interface enp0s9 with address 192.168.101.2
- Mar 27 18:08:51.743520: | found IPv4 interface enp0s10 with address 192.168.200.2
- Mar 27 18:08:51.743538: | struct iface: newref @0x560a73854de8(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743548: | kernel_ops_nic_detect_offload() enp0s10 ...
- Mar 27 18:08:51.743573: Kernel supports NIC esp-hw-offload
- Mar 27 18:08:51.743588: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743597: | iface: marking enp0s10 add
- Mar 27 18:08:51.743607: | struct iface: newref @0x560a7385a648(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743616: | kernel_ops_nic_detect_offload() enp0s9 ...
- Mar 27 18:08:51.743626: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743634: | iface: marking enp0s9 add
- Mar 27 18:08:51.743644: | struct iface: newref @0x560a7385a778(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743652: | kernel_ops_nic_detect_offload() enp0s8 ...
- Mar 27 18:08:51.743662: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743670: | iface: marking enp0s8 add
- Mar 27 18:08:51.743681: | struct iface: newref @0x560a7385a848(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743689: | kernel_ops_nic_detect_offload() enp0s8 ...
- Mar 27 18:08:51.743699: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743707: | iface: marking enp0s8 add
- Mar 27 18:08:51.743717: | struct iface: newref @0x560a7385a918(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743726: | kernel_ops_nic_detect_offload() enp0s8 ...
- Mar 27 18:08:51.743736: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743743: | iface: marking enp0s8 add
- Mar 27 18:08:51.743754: | struct iface: newref @0x560a7385a9e8(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743762: | kernel_ops_nic_detect_offload() enp0s3 ...
- Mar 27 18:08:51.743772: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743780: | iface: marking enp0s3 add
- Mar 27 18:08:51.743791: | struct iface: newref @0x560a7385aab8(0->1) (add_iface() +85 programs/pluto/iface.c)
- Mar 27 18:08:51.743799: | kernel_ops_nic_detect_offload() lo ...
- Mar 27 18:08:51.743844: | kernel_ops_nic_detect_offload() ... no
- Mar 27 18:08:51.743856: | iface: marking lo add
- Mar 27 18:08:51.743907: | no interfaces to sort
- Mar 27 18:08:51.743943: | struct iface_endpoint: newref @0x560a7385ab88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.743954: | struct iface: addref @0x560a73854de8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.743966: adding UDP interface enp0s10 192.168.200.2:500
- Mar 27 18:08:51.743999: | struct iface_endpoint: newref @0x560a7385ac88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744010: | struct iface: addref @0x560a73854de8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744019: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.744129: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.744142: adding UDP interface enp0s10 192.168.200.2:4500
- Mar 27 18:08:51.744175: | struct iface_endpoint: newref @0x560a7385ad88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744187: | struct iface: addref @0x560a7385a648(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744228: adding UDP interface enp0s9 192.168.101.2:500
- Mar 27 18:08:51.744268: | struct iface_endpoint: newref @0x560a7385ae88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744279: | struct iface: addref @0x560a7385a648(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744287: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.744297: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.744308: adding UDP interface enp0s9 192.168.101.2:4500
- Mar 27 18:08:51.744348: | struct iface_endpoint: newref @0x560a7385af88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744359: | struct iface: addref @0x560a7385a778(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744379: adding UDP interface enp0s8 192.168.10.26:500
- Mar 27 18:08:51.744438: | struct iface_endpoint: newref @0x560a7385b088(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744506: | struct iface: addref @0x560a7385a778(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744517: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.744527: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.744538: adding UDP interface enp0s8 192.168.10.26:4500
- Mar 27 18:08:51.744591: | struct iface_endpoint: newref @0x560a7385b188(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744603: | struct iface: addref @0x560a7385a848(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744614: adding UDP interface enp0s8 172.16.10.1:500
- Mar 27 18:08:51.744672: | struct iface_endpoint: newref @0x560a7385b288(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744683: | struct iface: addref @0x560a7385a848(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744691: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.744701: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.744721: adding UDP interface enp0s8 172.16.10.1:4500
- Mar 27 18:08:51.744769: | struct iface_endpoint: newref @0x560a7385b388(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744789: | struct iface: addref @0x560a7385a918(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744830: adding UDP interface enp0s8 192.168.10.25:500
- Mar 27 18:08:51.744900: | struct iface_endpoint: newref @0x560a7385b488(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744912: | struct iface: addref @0x560a7385a918(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.744920: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.744929: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.744940: adding UDP interface enp0s8 192.168.10.25:4500
- Mar 27 18:08:51.744997: | struct iface_endpoint: newref @0x560a7385b588(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745008: | struct iface: addref @0x560a7385a9e8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745020: adding UDP interface enp0s3 192.168.1.10:500
- Mar 27 18:08:51.745076: | struct iface_endpoint: newref @0x560a7385b688(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745087: | struct iface: addref @0x560a7385a9e8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745095: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.745105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.745125: adding UDP interface enp0s3 192.168.1.10:4500
- Mar 27 18:08:51.745171: | struct iface_endpoint: newref @0x560a7385b788(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745182: | struct iface: addref @0x560a7385aab8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745193: adding UDP interface lo 127.0.0.1:500
- Mar 27 18:08:51.745249: | struct iface_endpoint: newref @0x560a7385b888(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745292: | struct iface: addref @0x560a7385aab8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
- Mar 27 18:08:51.745317: | NAT-Traversal: Trying sockopt style NAT-T
- Mar 27 18:08:51.745328: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Mar 27 18:08:51.745339: adding UDP interface lo 127.0.0.1:4500
- Mar 27 18:08:51.745367: | updating interfaces - listing interfaces that are going down
- Mar 27 18:08:51.745387: | updating interfaces - checking orientation
- Mar 27 18:08:51.745405: | FOR_EACH_CONNECTION_.... in (check_orientations() +372 programs/pluto/orient.c)
- Mar 27 18:08:51.745421: | found "tunnel1"
- Mar 27 18:08:51.745429: | orienting "tunnel1"
- Mar 27 18:08:51.745441: | left host type=IPADDR address=192.168.1.10 port=500 ikeport=0 encap=no tcp=no
- Mar 27 18:08:51.745462: | right host type=ANY address=0.0.0.0 port=500 ikeport=0 encap=no tcp=no
- Mar 27 18:08:51.745472: | interface enp0s10 192.168.200.2 does not match left or right
- Mar 27 18:08:51.745481: | interface enp0s9 192.168.101.2 does not match left or right
- Mar 27 18:08:51.745491: | interface enp0s8 192.168.10.26 does not match left or right
- Mar 27 18:08:51.745501: | interface enp0s8 172.16.10.1 does not match left or right
- Mar 27 18:08:51.745510: | interface enp0s8 192.168.10.25 does not match left or right
- Mar 27 18:08:51.745520: | interface enp0s3 192.168.1.10 matches 'left'; orienting
- Mar 27 18:08:51.745530: | interface lo 127.0.0.1 does not match left or right
- Mar 27 18:08:51.745539: | struct iface: addref @0x560a7385a9e8(3->4) (orient() +324 programs/pluto/orient.c)
- Mar 27 18:08:51.745547: | orienting left=local right=remote
- Mar 27 18:08:51.745561: | "tunnel1": 192.168.1.10->0.0.0.0 oriented=yes
- Mar 27 18:08:51.745574: | skipping enp0s3 192.168.1.10; no custom UDP port
- Mar 27 18:08:51.745584: | skipping enp0s3 192.168.1.10; no custom TCP port
- Mar 27 18:08:51.745594: | struct fd: addref @0x560a73854af8(1->2) (check_orientations() +384 programs/pluto/orient.c)
- Mar 27 18:08:51.745603: | "tunnel1": attach whack fd@0x560a73854af8 to empty logger 0x560a7381a508 slot 0
- Mar 27 18:08:51.745614: "tunnel1": oriented IKEv2 connection (local: left=192.168.1.10 remote: right=0.0.0.0)
- Mar 27 18:08:51.745643: | "tunnel1": detach whack fd@0x560a73854af8 from logger 0x560a7381a508 slot 0 (check_orientations() +388 programs/pluto/orient.c)
- Mar 27 18:08:51.745654: | delref @0x560a73854af8(2->1) (check_orientations() +388 programs/pluto/orient.c)
- Mar 27 18:08:51.745662: | matches: 1
- Mar 27 18:08:51.745672: | fdl: newref @0x560a7385b988(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745684: | libevent: newref @0x560a7385ba58(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745709: | setup callback for interface lo 127.0.0.1:4500 fd 29 on UDP
- Mar 27 18:08:51.745719: | fdl: newref @0x560a7385ba98(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745729: | libevent: newref @0x560a7385bb68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745743: | setup callback for interface lo 127.0.0.1:500 fd 28 on UDP
- Mar 27 18:08:51.745752: | fdl: newref @0x560a7385bba8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745798: | libevent: newref @0x560a7385bc78(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745819: | setup callback for interface enp0s3 192.168.1.10:4500 fd 27 on UDP
- Mar 27 18:08:51.745830: | fdl: newref @0x560a7385bcb8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745850: | libevent: newref @0x560a7385bd88(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745864: | setup callback for interface enp0s3 192.168.1.10:500 fd 26 on UDP
- Mar 27 18:08:51.745874: | fdl: newref @0x560a7385bdc8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745884: | libevent: newref @0x560a7385be98(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745907: | setup callback for interface enp0s8 192.168.10.25:4500 fd 25 on UDP
- Mar 27 18:08:51.745917: | fdl: newref @0x560a7385bed8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745927: | libevent: newref @0x560a7385bfa8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745940: | setup callback for interface enp0s8 192.168.10.25:500 fd 24 on UDP
- Mar 27 18:08:51.745951: | fdl: newref @0x560a73854b48(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.745961: | libevent: newref @0x560a73854c18(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.745983: | setup callback for interface enp0s8 172.16.10.1:4500 fd 23 on UDP
- Mar 27 18:08:51.745993: | fdl: newref @0x560a73854c58(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746003: | libevent: newref @0x560a73854d28(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746017: | setup callback for interface enp0s8 172.16.10.1:500 fd 22 on UDP
- Mar 27 18:08:51.746035: | fdl: newref @0x560a7385bfe8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746046: | libevent: newref @0x560a7385a718(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746060: | setup callback for interface enp0s8 192.168.10.26:4500 fd 21 on UDP
- Mar 27 18:08:51.746070: | fdl: newref @0x560a7385c0b8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746080: | libevent: newref @0x560a73854f08(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746093: | setup callback for interface enp0s8 192.168.10.26:500 fd 20 on UDP
- Mar 27 18:08:51.746103: | fdl: newref @0x560a7385c188(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746113: | libevent: newref @0x560a73854d68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746127: | setup callback for interface enp0s9 192.168.101.2:4500 fd 19 on UDP
- Mar 27 18:08:51.746137: | fdl: newref @0x560a7385c258(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746147: | libevent: newref @0x560a73854da8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746160: | setup callback for interface enp0s9 192.168.101.2:500 fd 18 on UDP
- Mar 27 18:08:51.746170: | fdl: newref @0x560a7385c328(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746180: | libevent: newref @0x560a7385c3f8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746194: | setup callback for interface enp0s10 192.168.200.2:4500 fd 17 on UDP
- Mar 27 18:08:51.746206: | fdl: newref @0x560a7385c438(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
- Mar 27 18:08:51.746217: | libevent: newref @0x560a7385c508(0->1) (libevent_malloc() +959 programs/pluto/server.c)
- Mar 27 18:08:51.746230: | setup callback for interface enp0s10 192.168.200.2:500 fd 16 on UDP
- Mar 27 18:08:51.749983: | no stale xfrmi interface 'ipsec1' found
- Mar 27 18:08:51.750005: | certs and keys locked by 'free_preshared_secrets'
- Mar 27 18:08:51.750008: | certs and keys unlocked by 'free_preshared_secrets'
- Mar 27 18:08:51.750036: loading secrets from "/etc/ipsec.secrets"
- Mar 27 18:08:51.750139: loading secrets from "/etc/ipsec.d/con1.secrets"
- Mar 27 18:08:51.750189: | id type added to secret(0x560a7385f668) SECRET_PSK: 192.168.101.2
- Mar 27 18:08:51.750206: | id type added to secret(0x560a7385f668) SECRET_PSK: 192.168.102.1
- Mar 27 18:08:51.750257: | processing PSK at line 1: passed
- Mar 27 18:08:51.750267: | certs and keys locked by 'process_secret'
- Mar 27 18:08:51.750276: | certs and keys unlocked by 'process_secret'
- Mar 27 18:08:51.750292: | FOR_EACH_CONNECTION_.... in (load_groups() +342 programs/pluto/foodgroups.c)
- Mar 27 18:08:51.750309: | matches: 0
- Mar 27 18:08:51.750317: | old food groups:
- Mar 27 18:08:51.750324: | new food groups:
- Mar 27 18:08:51.750332: | pluto_sd: executing action action: ready(5), status 0
- Mar 27 18:08:51.750388: | whack: listen: stop: (logger@0x7fffc3c01d50/fd@0x560a73854af8/fd@(nil))
- Mar 27 18:08:51.750401: | delref @0x560a73854af8(1->0) (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.750421: | freeref fd@0x560a73854af8 (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
- Mar 27 18:08:51.750435: | spent 3.56 (7.26) milliseconds in whack
- Mar 27 18:08:51.750454: addconn: listening for IKE messages
- Mar 27 18:08:51.750466: addconn: Kernel supports NIC esp-hw-offload
- Mar 27 18:08:51.750479: addconn: adding UDP interface enp0s10 192.168.200.2:500
- Mar 27 18:08:51.750492: addconn: adding UDP interface enp0s10 192.168.200.2:4500
- Mar 27 18:08:51.750516: addconn: adding UDP interface enp0s9 192.168.101.2:500
- Mar 27 18:08:51.750530: addconn: adding UDP interface enp0s9 192.168.101.2:4500
- Mar 27 18:08:51.750543: addconn: adding UDP interface enp0s8 192.168.10.26:500
- Mar 27 18:08:51.750556: addconn: adding UDP interface enp0s8 192.168.10.26:4500
- Mar 27 18:08:51.750568: addconn: adding UDP interface enp0s8 172.16.10.1:500
- Mar 27 18:08:51.750581: addconn: adding UDP interface enp0s8 172.16.10.1:4500
- Mar 27 18:08:51.750594: addconn: adding UDP interface enp0s8 192.168.10.25:500
- Mar 27 18:08:51.750605: addconn: adding UDP interface enp0s8 192.16
- Mar 27 18:08:51.750629: addconn: 8.10.25:4500
- Mar 27 18:08:51.750656: addconn: adding UDP interface enp0s3 192.168.1.10:500
- Mar 27 18:08:51.750675: addconn: adding UDP interface enp0s3 192.168.1.10:4500
- Mar 27 18:08:51.750687: addconn: adding UDP interface lo 127.0.0.1:500
- Mar 27 18:08:51.750699: addconn: adding UDP interface lo 127.0.0.1:4500
- Mar 27 18:08:51.750718: addconn: "tunnel1": oriented IKEv2 connection (local: left=192.168.1.10 remote: right=0.0.0.0)
- Mar 27 18:08:51.750731: addconn: loading secrets from "/etc/ipsec.secrets"
- Mar 27 18:08:51.750744: addconn: loading secrets from "/etc/ipsec.d/con1.secrets"
- Mar 27 18:08:51.750752: addconn:
- Mar 27 18:08:51.751315: | addconn: reading fd 14 returned EOF
- Mar 27 18:08:51.751333: | fdl: delref @0x560a73854a28(1->0) (detach_fd_read_listener() +817 programs/pluto/server.c)
- Mar 27 18:08:51.751356: | processing signal PLUTO_SIGCHLD
- Mar 27 18:08:51.751374: | waitpid returned pid 1301457 (exited with status 0)
- Mar 27 18:08:51.751383: | reaped addconn helper child (status 0)
- Mar 27 18:08:51.751392: | releasing whack (but there are none) (free_pid_entry() +151 programs/pluto/server_fork.c)
- Mar 27 18:08:51.751402: | logger: delref @0x560a7381a418(1->0) (free_pid_entry() +151 programs/pluto/server_fork.c)
- Mar 27 18:08:51.751412: | pid: delref @0x560a73854958(1->0) (free_pid_entry() +152 programs/pluto/server_fork.c)
- Mar 27 18:08:51.751421: | waitpid returned ECHILD (no child processes left)
- Mar 27 18:08:51.751433: | spent 0.0644 (0.0643) milliseconds in signal handler PLUTO_SIGCHLD
- Mar 27 18:09:02.168396: | spent 0.00428 (0.00423) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
- Mar 27 18:09:02.168445: | struct msg_digest: newref @0x560a7385c548(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.168456: | struct iface_endpoint: addref @0x560a7385b588(1->2) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.168467: | alloc logger: newref @0x560a73858608(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.168484: | *received 652 bytes from 192.168.1.126:57597 on enp0s3 192.168.1.10:500 using UDP
- Mar 27 18:09:02.168493: | 8a 39 43 fb 73 2f 1e 90 00 00 00 00 00 00 00 00 .9C.s/..........
- Mar 27 18:09:02.168502: | 21 20 22 08 00 00 00 00 00 00 02 8c 22 00 00 f4 ! "........."...
- Mar 27 18:09:02.168511: | 02 00 00 88 01 01 00 0f 03 00 00 0c 01 00 00 0c ................
- Mar 27 18:09:02.168519: | 80 0e 01 00 03 00 00 0c 01 00 00 0c 80 0e 00 80 ................
- Mar 27 18:09:02.168527: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0d ................
- Mar 27 18:09:02.168536: | 03 00 00 08 03 00 00 0c 03 00 00 08 03 00 00 02 ................
- Mar 27 18:09:02.168544: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 06 ................
- Mar 27 18:09:02.168553: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02 ................
- Mar 27 18:09:02.168561: | 03 00 00 08 04 00 00 18 03 00 00 08 04 00 00 14 ................
- Mar 27 18:09:02.168570: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 0e ................
- Mar 27 18:09:02.168578: | 00 00 00 08 04 00 00 05 00 00 00 68 02 01 00 0b ...........h....
- Mar 27 18:09:02.168587: | 03 00 00 0c 01 00 00 14 80 0e 01 00 03 00 00 0c ................
- Mar 27 18:09:02.168595: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 ................
- Mar 27 18:09:02.168604: | 03 00 00 08 02 00 00 06 03 00 00 08 02 00 00 05 ................
- Mar 27 18:09:02.168625: | 03 00 00 08 02 00 00 02 03 00 00 08 04 00 00 18 ................
- Mar 27 18:09:02.168634: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 13 ................
- Mar 27 18:09:02.168643: | 03 00 00 08 04 00 00 0e 00 00 00 08 04 00 00 05 ................
- Mar 27 18:09:02.168651: | 28 00 01 08 00 18 00 00 85 7a 69 07 e4 a2 57 62 (........zi...Wb
- Mar 27 18:09:02.168660: | 98 7d 84 ae d8 15 40 00 ee 60 0f cb ab 62 6f 82 .}....@..`...bo.
- Mar 27 18:09:02.168668: | 3f 6e ae f3 ae 83 ce ab e5 a9 22 0e fc f4 76 0a ?n........"...v.
- Mar 27 18:09:02.168677: | fa 37 29 5b c2 7f 61 2b 74 52 ac 28 31 e6 19 c9 .7)[..a+tR.(1...
- Mar 27 18:09:02.168685: | 93 30 60 82 cb 23 e0 f5 78 e2 42 99 fb bd c8 63 .0`..#..x.B....c
- Mar 27 18:09:02.168693: | 35 bb 46 4a 2f 3e cd de fa af 85 41 ae 3a fa f2 5.FJ/>.....A.:..
- Mar 27 18:09:02.168702: | 8a 88 21 61 18 26 fe 0e 47 cd fe 58 03 3d 93 be ..!a.&..G..X.=..
- Mar 27 18:09:02.168710: | 5d 10 ee 8d 9d 2f 8f b5 87 b6 3b 0a 43 12 8f 57 ]..../....;.C..W
- Mar 27 18:09:02.168719: | 0e a6 58 70 8a ec a5 a9 a9 c9 d4 48 08 8c 64 d1 ..Xp.......H..d.
- Mar 27 18:09:02.168727: | e2 51 a6 9d d4 ca 9a ac 44 e1 47 a2 9d ce b5 2e .Q......D.G.....
- Mar 27 18:09:02.168736: | 0a 0e 1e 4f 3d 94 fe 50 a5 09 c4 fb 1a 29 07 a0 ...O=..P.....)..
- Mar 27 18:09:02.168744: | 06 86 7d 43 3b 17 21 40 bd c6 4b a6 d7 c2 bc 1e ..}C;.!@..K.....
- Mar 27 18:09:02.168753: | 60 c9 a4 12 02 20 b6 00 2f db cc fd e9 fe b7 c2 `.... ../.......
- Mar 27 18:09:02.168761: | 05 85 05 75 99 00 e0 97 11 66 8a 41 9d 8b 03 31 ...u.....f.A...1
- Mar 27 18:09:02.168770: | 12 cd 15 cd bc f2 f4 ec db 99 fb 44 da 8f e4 cc ...........D....
- Mar 27 18:09:02.168778: | a6 26 e9 69 04 81 91 57 5a cd bd 87 7d 35 7e b3 .&.i...WZ...}5~.
- Mar 27 18:09:02.168787: | 2b 7e 8d 51 11 af f0 0d 29 00 00 24 55 c3 b1 28 +~.Q....)..$U..(
- Mar 27 18:09:02.168795: | 57 37 f7 b2 b9 31 f1 80 ca ac ee 89 9a e1 2d 3e W7...1........->
- Mar 27 18:09:02.168804: | ac 22 6f 0d 99 ea 31 29 44 26 6a 7e 29 00 00 1c ."o...1)D&j~)...
- Mar 27 18:09:02.168812: | 00 00 40 04 09 9d 72 d6 50 46 f2 db 45 b7 8c 7a ..@...r.PF..E..z
- Mar 27 18:09:02.168820: | 12 67 41 ee 64 68 37 5f 29 00 00 1c 00 00 40 05 .gA.dh7_).....@.
- Mar 27 18:09:02.168829: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
- Mar 27 18:09:02.168837: | 89 bb 8c 96 29 00 00 10 00 00 40 2f 00 02 00 03 ....).....@/....
- Mar 27 18:09:02.168846: | 00 04 00 05 00 00 00 08 00 00 40 16 ..........@.
- Mar 27 18:09:02.168861: | **parse ISAKMP Message:
- Mar 27 18:09:02.168874: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
- Mar 27 18:09:02.168887: | responder SPI: 00 00 00 00 00 00 00 00
- Mar 27 18:09:02.168896: | next payload type: ISAKMP_NEXT_v2SA (0x21)
- Mar 27 18:09:02.168905: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Mar 27 18:09:02.168913: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
- Mar 27 18:09:02.168922: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Mar 27 18:09:02.168934: | Message ID: 0 (00 00 00 00)
- Mar 27 18:09:02.168945: | length: 652 (00 00 02 8c)
- Mar 27 18:09:02.168954: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
- Mar 27 18:09:02.168964: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request
- Mar 27 18:09:02.168974: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
- Mar 27 18:09:02.168983: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
- Mar 27 18:09:02.168991: | ***parse IKEv2 Security Association Payload:
- Mar 27 18:09:02.169000: | next payload type: ISAKMP_NEXT_v2KE (0x22)
- Mar 27 18:09:02.169009: | flags: none (0x0)
- Mar 27 18:09:02.169019: | length: 244 (00 f4)
- Mar 27 18:09:02.169045: | processing payload: ISAKMP_NEXT_v2SA (len=240)
- Mar 27 18:09:02.169056: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
- Mar 27 18:09:02.169065: | ***parse IKEv2 Key Exchange Payload:
- Mar 27 18:09:02.169083: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
- Mar 27 18:09:02.169092: | flags: none (0x0)
- Mar 27 18:09:02.169102: | length: 264 (01 08)
- Mar 27 18:09:02.169110: | DH group: OAKLEY_GROUP_DH24 (0x18)
- Mar 27 18:09:02.169119: | processing payload: ISAKMP_NEXT_v2KE (len=256)
- Mar 27 18:09:02.169126: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
- Mar 27 18:09:02.169135: | ***parse IKEv2 Nonce Payload:
- Mar 27 18:09:02.169143: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.169152: | flags: none (0x0)
- Mar 27 18:09:02.169161: | length: 36 (00 24)
- Mar 27 18:09:02.169170: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
- Mar 27 18:09:02.169178: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.169189: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.169231: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.169240: | flags: none (0x0)
- Mar 27 18:09:02.169250: | length: 28 (00 1c)
- Mar 27 18:09:02.169258: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.169267: | SPI size: 0 (00)
- Mar 27 18:09:02.169276: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
- Mar 27 18:09:02.169285: | processing payload: ISAKMP_NEXT_v2N (len=20)
- Mar 27 18:09:02.169293: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.169302: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.169310: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.169319: | flags: none (0x0)
- Mar 27 18:09:02.169328: | length: 28 (00 1c)
- Mar 27 18:09:02.169336: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.169346: | SPI size: 0 (00)
- Mar 27 18:09:02.169354: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
- Mar 27 18:09:02.169362: | processing payload: ISAKMP_NEXT_v2N (len=20)
- Mar 27 18:09:02.169370: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.169379: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.169387: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.169396: | flags: none (0x0)
- Mar 27 18:09:02.169405: | length: 16 (00 10)
- Mar 27 18:09:02.169414: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.169423: | SPI size: 0 (00)
- Mar 27 18:09:02.169431: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
- Mar 27 18:09:02.169440: | processing payload: ISAKMP_NEXT_v2N (len=8)
- Mar 27 18:09:02.169448: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.169456: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.169464: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.169473: | flags: none (0x0)
- Mar 27 18:09:02.169483: | length: 8 (00 08)
- Mar 27 18:09:02.169491: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.169500: | SPI size: 0 (00)
- Mar 27 18:09:02.169509: | Notify Message Type: v2N_REDIRECT_SUPPORTED (0x4016)
- Mar 27 18:09:02.169517: | processing payload: ISAKMP_NEXT_v2N (len=0)
- Mar 27 18:09:02.169526: | DDOS disabled and no cookie sent, continuing
- Mar 27 18:09:02.169541: | looking for transition from PARENT_R0 matching IKE_SA_INIT request: SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(SIGNATURE_HASH_ALGORITHMS),N(REDIRECT_SUPPORTED)
- Mar 27 18:09:02.169549: | trying: Respond to IKE_SA_INIT
- Mar 27 18:09:02.169557: | unsecured message matched
- Mar 27 18:09:02.169572: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=ECDSA
- Mar 27 18:09:02.169586: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169596: | matches: 0
- Mar 27 18:09:02.169607: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169616: | found "tunnel1"
- Mar 27 18:09:02.169626: | skipping "tunnel1", PSK missing required authby ECDSA
- Mar 27 18:09:02.169634: | matches: 1
- Mar 27 18:09:02.169646: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy ECDSA, sending reject response
- Mar 27 18:09:02.169669: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG
- Mar 27 18:09:02.169683: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169691: | matches: 0
- Mar 27 18:09:02.169703: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169711: | found "tunnel1"
- Mar 27 18:09:02.169720: | skipping "tunnel1", PSK missing required authby RSASIG
- Mar 27 18:09:02.169728: | matches: 1
- Mar 27 18:09:02.169739: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG, sending reject response
- Mar 27 18:09:02.169753: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG_v1_5
- Mar 27 18:09:02.169767: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169776: | matches: 0
- Mar 27 18:09:02.169787: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169795: | found "tunnel1"
- Mar 27 18:09:02.169804: | skipping "tunnel1", PSK missing required authby RSASIG_v1_5
- Mar 27 18:09:02.169812: | matches: 1
- Mar 27 18:09:02.169823: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG_v1_5, sending reject response
- Mar 27 18:09:02.169837: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=PSK
- Mar 27 18:09:02.169851: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169859: | matches: 0
- Mar 27 18:09:02.169871: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169879: | found "tunnel1"
- Mar 27 18:09:02.169888: | instant winner with non-opportunistic template "tunnel1"
- Mar 27 18:09:02.169896: | instantiate roadwarrior winner "tunnel1"
- Mar 27 18:09:02.169911: | "tunnel1": rw_responder_instantiate: remote=192.168.1.126 id=<null-id> kind=TEMPLATE sec_label= (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169920: | connection $1: "tunnel1"
- Mar 27 18:09:02.169928: | routing+kind: UNROUTED TEMPLATE
- Mar 27 18:09:02.169941: | host: 192.168.1.10->0.0.0.0
- Mar 27 18:09:02.169952: | selectors: 192.168.10.0/24 -> <unset-selector>
- Mar 27 18:09:02.169960: | spds: <unset-selectors>
- Mar 27 18:09:02.169971: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
- Mar 27 18:09:02.169982: | struct connection: newref @0x560a7385e018(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.169995: | alloc logger: newref @0x560a738584e8(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.170021: | "tunnel1"[1]: no whack to attach
- Mar 27 18:09:02.170033: | "tunnel1": template .instance_serial_next updated to 2; instance 1
- Mar 27 18:09:02.170046: | "tunnel1": addref @0x560a738554d8(1->2) "tunnel1"[1] <unset-address>: (alloc_connection() +2100 programs/pluto/connections.c)
- Mar 27 18:09:02.170056: | struct iface: addref @0x560a7385a9e8(4->5) (duplicate_connection() +78 programs/pluto/instantiate.c)
- Mar 27 18:09:02.170066: | left.child.has_client: no -> yes (duplicate_connection() +87 programs/pluto/instantiate.c)
- Mar 27 18:09:02.170075: | right.child.has_client: no -> no (duplicate_connection() +87 programs/pluto/instantiate.c)
- Mar 27 18:09:02.170087: | updating host ends from right.host.addr 192.168.1.126
- Mar 27 18:09:02.170096: | updated right.host_port from 0 to 500
- Mar 27 18:09:02.170123: | updated left.host_nexthop from 0.0.0.0 to 192.168.1.126
- Mar 27 18:09:02.170189: | "tunnel1"[1] 192.168.1.126: tunnel1 .child.reqid=16392 because t.config.sa_requid=0 (generate)
- Mar 27 18:09:02.170215: | "tunnel1"[1] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=yes
- Mar 27 18:09:02.170226: | update_selectors() left selectors from 1 child.selectors
- Mar 27 18:09:02.170234: | update_selectors() right.child selector formed from host address+protoport
- Mar 27 18:09:02.170248: | append_end_selector() right.child.selectors.proposed[0] 192.168.1.126/32 (update_selectors() +397 programs/pluto/instantiate.c)
- Mar 27 18:09:02.170257: | adding connection spds using proposed
- Mar 27 18:09:02.170265: | left=1 right=1
- Mar 27 18:09:02.170274: | left[IPv4]=1 right[IPv4]=1
- Mar 27 18:09:02.170283: | left[IPv6]=0 right[IPv6]=0
- Mar 27 18:09:02.170291: | allocating 1 SPDs
- Mar 27 18:09:02.170306: | 192.168.10.0/24===192.168.1.126/32
- Mar 27 18:09:02.170318: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
- Mar 27 18:09:02.170330: | right child spd from selector 192.168.1.126/32 right.spd.has_client=no virt=no
- Mar 27 18:09:02.170345: | "tunnel1"[1] 192.168.1.126: rw_responder_instantiate: from "tunnel1" (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.170356: | connection $2 clonedfrom $1: "tunnel1"[1] 192.168.1.126
- Mar 27 18:09:02.170365: | routing+kind: UNROUTED INSTANCE
- Mar 27 18:09:02.170378: | host: 192.168.1.10->192.168.1.126
- Mar 27 18:09:02.170391: | selectors: 192.168.10.0/24 -> 192.168.1.126/32
- Mar 27 18:09:02.170405: | spds: 192.168.10.0/24===192.168.1.126/32
- Mar 27 18:09:02.170414: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
- Mar 27 18:09:02.170426: | found connection: "tunnel1"[1] 192.168.1.126 with remote authby PSK
- Mar 27 18:09:02.170436: | struct iface_endpoint: addref @0x560a7385b588(2->3) (get_responder_endpoints() +610 programs/pluto/state.c)
- Mar 27 18:09:02.170487: | alloc logger: newref @0x560a73856be8(0->1) (new_v2_ike_sa() +666 programs/pluto/state.c)
- Mar 27 18:09:02.170497: | #0: no whack to attach
- Mar 27 18:09:02.170510: | "tunnel1"[1] 192.168.1.126: addref @0x560a7385e018(1->2) #1: (new_state() +491 programs/pluto/state.c)
- Mar 27 18:09:02.170520: | creating state object #1 at 0x560a7385e5c8
- Mar 27 18:09:02.170537: | pstats #1 ikev2.ike started
- Mar 27 18:09:02.170547: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
- Mar 27 18:09:02.170558: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (new_v2_ike_sa() +669 programs/pluto/state.c)
- Mar 27 18:09:02.170585: | Message ID: IKE #1 initializing (initiator: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.286391 .last_recv=0->33396.286391 responder: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.286391 .last_recv=0->33396.286391)
- Mar 27 18:09:02.170597: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #1
- Mar 27 18:09:02.170608: | tt: newref @0x560a7385a3d8(0->1) (schedule_timeout() +557 programs/pluto/server.c)
- Mar 27 18:09:02.170623: | #1 spent 2.22 (2.25) milliseconds
- Mar 27 18:09:02.170634: | #1.st_v2_transition PARENT_R0->PARENT_R1 -> PARENT_R0->PARENT_R1 (v2_dispatch() +2308 programs/pluto/ikev2.c)
- Mar 27 18:09:02.170656: | Message ID: IKE #1 responder starting message request 0 (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.286391 .last_recv=33396.286391 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.286391 .last_recv=33396.286391)
- Mar 27 18:09:02.170664: | calling processor Respond to IKE_SA_INIT
- Mar 27 18:09:02.170675: | #1 spent 2.28 (2.3) milliseconds
- Mar 27 18:09:02.170691: | #1 updating local interface from 192.168.1.10:500 to 192.168.1.10:500 using md->iface (update_ike_endpoints() +1714 programs/pluto/state.c)
- Mar 27 18:09:02.170702: | delref @0x560a7385b588(3->2) (update_ike_endpoints() +1719 programs/pluto/state.c)
- Mar 27 18:09:02.170712: | struct iface_endpoint: addref @0x560a7385b588(2->3) (update_ike_endpoints() +1720 programs/pluto/state.c)
- Mar 27 18:09:02.170730: | comparing remote proposals against IKE responder 5 local proposals
- Mar 27 18:09:02.170741: | local proposal 1 type ENCR has 1 transforms
- Mar 27 18:09:02.170750: | local proposal 1 type PRF has 2 transforms
- Mar 27 18:09:02.170758: | local proposal 1 type INTEG has 1 transforms
- Mar 27 18:09:02.170767: | local proposal 1 type DH has 8 transforms
- Mar 27 18:09:02.170775: | local proposal 1 type ESN has 0 transforms
- Mar 27 18:09:02.170785: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.170794: | local proposal 2 type ENCR has 1 transforms
- Mar 27 18:09:02.170802: | local proposal 2 type PRF has 2 transforms
- Mar 27 18:09:02.170811: | local proposal 2 type INTEG has 1 transforms
- Mar 27 18:09:02.170820: | local proposal 2 type DH has 8 transforms
- Mar 27 18:09:02.170828: | local proposal 2 type ESN has 0 transforms
- Mar 27 18:09:02.170838: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.170846: | local proposal 3 type ENCR has 1 transforms
- Mar 27 18:09:02.170855: | local proposal 3 type PRF has 2 transforms
- Mar 27 18:09:02.170863: | local proposal 3 type INTEG has 1 transforms
- Mar 27 18:09:02.170872: | local proposal 3 type DH has 8 transforms
- Mar 27 18:09:02.170880: | local proposal 3 type ESN has 0 transforms
- Mar 27 18:09:02.170890: | local proposal 3 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.170899: | local proposal 4 type ENCR has 1 transforms
- Mar 27 18:09:02.170907: | local proposal 4 type PRF has 2 transforms
- Mar 27 18:09:02.170916: | local proposal 4 type INTEG has 2 transforms
- Mar 27 18:09:02.170924: | local proposal 4 type DH has 8 transforms
- Mar 27 18:09:02.170933: | local proposal 4 type ESN has 0 transforms
- Mar 27 18:09:02.170943: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
- Mar 27 18:09:02.170951: | local proposal 5 type ENCR has 1 transforms
- Mar 27 18:09:02.170960: | local proposal 5 type PRF has 2 transforms
- Mar 27 18:09:02.170968: | local proposal 5 type INTEG has 2 transforms
- Mar 27 18:09:02.171004: | local proposal 5 type DH has 8 transforms
- Mar 27 18:09:02.171020: | local proposal 5 type ESN has 0 transforms
- Mar 27 18:09:02.171030: | local proposal 5 transforms: required: ENCR+PRF+INTEG+DH; optional: none
- Mar 27 18:09:02.171039: | ****parse IKEv2 Proposal Substructure Payload:
- Mar 27 18:09:02.171048: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Mar 27 18:09:02.171058: | length: 136 (00 88)
- Mar 27 18:09:02.171067: | prop #: 1 (01)
- Mar 27 18:09:02.171076: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Mar 27 18:09:02.171085: | spi size: 0 (00)
- Mar 27 18:09:02.171094: | # transforms: 15 (0f)
- Mar 27 18:09:02.171104: | Comparing remote proposal 1 containing 15 transforms against local proposal [1..5] of 5 local proposals
- Mar 27 18:09:02.171113: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171121: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171131: | length: 12 (00 0c)
- Mar 27 18:09:02.171140: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.171148: | IKEv2 transform ID: AES_CBC (0xc)
- Mar 27 18:09:02.171157: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.171165: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.171175: | length/value: 256 (01 00)
- Mar 27 18:09:02.171187: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 4 type 1 (ENCR) transform 0
- Mar 27 18:09:02.171196: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171204: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171214: | length: 12 (00 0c)
- Mar 27 18:09:02.171222: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.171231: | IKEv2 transform ID: AES_CBC (0xc)
- Mar 27 18:09:02.171239: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.171248: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.171257: | length/value: 128 (00 80)
- Mar 27 18:09:02.171278: | remote proposal 1 transform 1 (ENCR=AES_CBC_128) matches local proposal 5 type 1 (ENCR) transform 0
- Mar 27 18:09:02.171287: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171295: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171305: | length: 8 (00 08)
- Mar 27 18:09:02.171313: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.171322: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Mar 27 18:09:02.171332: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG) transform 0
- Mar 27 18:09:02.171343: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 5 type 3 (INTEG) transform 0
- Mar 27 18:09:02.171351: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171360: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171369: | length: 8 (00 08)
- Mar 27 18:09:02.171378: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.171386: | IKEv2 transform ID: AUTH_HMAC_SHA2_384_192 (0xd)
- Mar 27 18:09:02.171395: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171403: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171413: | length: 8 (00 08)
- Mar 27 18:09:02.171421: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.171430: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Mar 27 18:09:02.171439: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171447: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171457: | length: 8 (00 08)
- Mar 27 18:09:02.171465: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.171474: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
- Mar 27 18:09:02.171483: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171491: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171501: | length: 8 (00 08)
- Mar 27 18:09:02.171509: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.171518: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Mar 27 18:09:02.171528: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
- Mar 27 18:09:02.171538: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
- Mar 27 18:09:02.171548: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
- Mar 27 18:09:02.171558: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
- Mar 27 18:09:02.171569: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 5 type 2 (PRF) transform 0
- Mar 27 18:09:02.171577: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171585: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171595: | length: 8 (00 08)
- Mar 27 18:09:02.171604: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.171612: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
- Mar 27 18:09:02.171621: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171629: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171639: | length: 8 (00 08)
- Mar 27 18:09:02.171648: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.171656: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Mar 27 18:09:02.171665: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171673: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171683: | length: 8 (00 08)
- Mar 27 18:09:02.171691: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.171700: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Mar 27 18:09:02.171709: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171717: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171727: | length: 8 (00 08)
- Mar 27 18:09:02.171735: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.171744: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
- Mar 27 18:09:02.171760: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171769: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171779: | length: 8 (00 08)
- Mar 27 18:09:02.171787: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.171795: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
- Mar 27 18:09:02.171806: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 1 type 4 (DH) transform 1
- Mar 27 18:09:02.171816: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 2 type 4 (DH) transform 1
- Mar 27 18:09:02.171826: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 3 type 4 (DH) transform 1
- Mar 27 18:09:02.171836: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 4 type 4 (DH) transform 1
- Mar 27 18:09:02.171846: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 5 type 4 (DH) transform 1
- Mar 27 18:09:02.171855: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.171863: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.171873: | length: 8 (00 08)
- Mar 27 18:09:02.171881: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.171890: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.171900: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
- Mar 27 18:09:02.171910: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
- Mar 27 18:09:02.171920: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
- Mar 27 18:09:02.171930: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 4 type 4 (DH) transform 0
- Mar 27 18:09:02.171940: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 5 type 4 (DH) transform 0
- Mar 27 18:09:02.171949: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172125: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172138: | length: 8 (00 08)
- Mar 27 18:09:02.172147: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.172155: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Mar 27 18:09:02.172165: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172174: | last transform: v2_TRANSFORM_LAST (0x0)
- Mar 27 18:09:02.172183: | length: 8 (00 08)
- Mar 27 18:09:02.172192: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.172200: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
- Mar 27 18:09:02.172212: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
- Mar 27 18:09:02.172225: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.172235: | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.172247: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.172257: | remote proposal 1 does not match local proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.172269: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 3; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.172279: | remote proposal 1 does not match local proposal 3; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.172292: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 4; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
- Mar 27 18:09:02.172301: | remote proposal 1 matches local proposal 4
- Mar 27 18:09:02.172309: | ****parse IKEv2 Proposal Substructure Payload:
- Mar 27 18:09:02.172318: | last proposal: v2_PROPOSAL_LAST (0x0)
- Mar 27 18:09:02.172328: | length: 104 (00 68)
- Mar 27 18:09:02.172343: | prop #: 2 (02)
- Mar 27 18:09:02.172352: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Mar 27 18:09:02.172361: | spi size: 0 (00)
- Mar 27 18:09:02.172370: | # transforms: 11 (0b)
- Mar 27 18:09:02.172380: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..3] of 5 local proposals
- Mar 27 18:09:02.172389: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172397: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172407: | length: 12 (00 0c)
- Mar 27 18:09:02.172415: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.172424: | IKEv2 transform ID: AES_GCM_C (0x14)
- Mar 27 18:09:02.172432: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.172441: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.172450: | length/value: 256 (01 00)
- Mar 27 18:09:02.172462: | remote proposal 2 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
- Mar 27 18:09:02.172471: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172479: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172489: | length: 12 (00 0c)
- Mar 27 18:09:02.172497: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.172506: | IKEv2 transform ID: AES_GCM_C (0x14)
- Mar 27 18:09:02.172514: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.172522: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.172532: | length/value: 128 (00 80)
- Mar 27 18:09:02.172543: | remote proposal 2 transform 1 (ENCR=AES_GCM_C_128) matches local proposal 2 type 1 (ENCR) transform 0
- Mar 27 18:09:02.172552: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172560: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172570: | length: 8 (00 08)
- Mar 27 18:09:02.172579: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.172587: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Mar 27 18:09:02.172597: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
- Mar 27 18:09:02.172608: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
- Mar 27 18:09:02.172618: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
- Mar 27 18:09:02.172626: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172635: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172644: | length: 8 (00 08)
- Mar 27 18:09:02.172653: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.172661: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
- Mar 27 18:09:02.172670: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172679: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172688: | length: 8 (00 08)
- Mar 27 18:09:02.172697: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.172705: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Mar 27 18:09:02.172714: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172723: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172732: | length: 8 (00 08)
- Mar 27 18:09:02.172741: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.172749: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Mar 27 18:09:02.172758: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172767: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172776: | length: 8 (00 08)
- Mar 27 18:09:02.172785: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.172793: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
- Mar 27 18:09:02.172802: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172811: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172821: | length: 8 (00 08)
- Mar 27 18:09:02.172829: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.172837: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
- Mar 27 18:09:02.172856: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 1 type 4 (DH) transform 1
- Mar 27 18:09:02.172866: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 2 type 4 (DH) transform 1
- Mar 27 18:09:02.172876: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 3 type 4 (DH) transform 1
- Mar 27 18:09:02.172885: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.172893: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.172903: | length: 8 (00 08)
- Mar 27 18:09:02.172911: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.172920: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.172957: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
- Mar 27 18:09:02.172973: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
- Mar 27 18:09:02.172984: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
- Mar 27 18:09:02.172993: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.173001: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.173011: | length: 8 (00 08)
- Mar 27 18:09:02.173019: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.173028: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Mar 27 18:09:02.173037: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.173045: | last transform: v2_TRANSFORM_LAST (0x0)
- Mar 27 18:09:02.173055: | length: 8 (00 08)
- Mar 27 18:09:02.173064: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.173072: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
- Mar 27 18:09:02.173083: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
- Mar 27 18:09:02.173096: | comparing remote proposal 2 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
- Mar 27 18:09:02.173104: | remote proposal 2 matches local proposal 1
- Mar 27 18:09:02.173120: "tunnel1"[1] 192.168.1.126 #1: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
- Mar 27 18:09:02.173136: | accepted IKE proposal ikev2_proposal: 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256
- Mar 27 18:09:02.173144: | converting proposal to internal trans attrs
- Mar 27 18:09:02.173159: "tunnel1"[1] 192.168.1.126 #1: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting DH19
- Mar 27 18:09:02.173168: | opening output PBS v2N response
- Mar 27 18:09:02.173177: | **emit ISAKMP Message:
- Mar 27 18:09:02.173190: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
- Mar 27 18:09:02.173202: | responder SPI: 09 80 e8 d6 f4 ae 42 c2
- Mar 27 18:09:02.173211: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 27 18:09:02.173220: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Mar 27 18:09:02.173228: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
- Mar 27 18:09:02.173237: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
- Mar 27 18:09:02.173248: | Message ID: 0 (00 00 00 00)
- Mar 27 18:09:02.173257: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 27 18:09:02.173274: "tunnel1"[1] 192.168.1.126 #1: responding to IKE_SA_INIT message (ID 0) from 192.168.1.126:57597 with unencrypted notification INVALID_KE_PAYLOAD
- Mar 27 18:09:02.173282: | adding a v2N Payload
- Mar 27 18:09:02.173290: | ***emit IKEv2 Notify Payload:
- Mar 27 18:09:02.173299: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.173323: | flags: none (0x0)
- Mar 27 18:09:02.173331: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.173341: | SPI size: 0 (00)
- Mar 27 18:09:02.173349: | Notify Message Type: v2N_INVALID_KE_PAYLOAD (0x11)
- Mar 27 18:09:02.173358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.173367: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'v2N response'
- Mar 27 18:09:02.173376: | emitting 2 raw bytes of Notify data into IKEv2 Notify Payload
- Mar 27 18:09:02.173386: | Notify data: 00 13
- Mar 27 18:09:02.173394: | emitting length of IKEv2 Notify Payload: 10
- Mar 27 18:09:02.173402: | emitting length of ISAKMP Message: 38
- Mar 27 18:09:02.173414: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL
- Mar 27 18:09:02.173426: "tunnel1"[1] 192.168.1.126 #1: encountered fatal error in state STATE_V2_PARENT_R0
- Mar 27 18:09:02.173447: | Message ID: IKE #1 responding with recorded fatal message (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.286391 .last_recv=33396.286391 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.286391 .last_recv=33396.286391)
- Mar 27 18:09:02.173463: | Message ID: IKE #1 updating responder received message request 0 (initiator: responder: .recv=-1->0 .wip=0->-1 .last_recv=33396.286391->33396.28928)
- Mar 27 18:09:02.173478: | Message ID: IKE #1 updating responder sent message response 0 (initiator: responder: .sent=-1->0 .last_sent=33396.286391->33396.289296)
- Mar 27 18:09:02.173495: | sending 38 bytes for STF_FATAL through enp0s3 from 192.168.1.10:500 to 192.168.1.126:57597 using UDP (for #1)
- Mar 27 18:09:02.173504: | 8a 39 43 fb 73 2f 1e 90 09 80 e8 d6 f4 ae 42 c2 .9C.s/........B.
- Mar 27 18:09:02.173512: | 29 20 22 20 00 00 00 00 00 00 00 26 00 00 00 0a ) " .......&....
- Mar 27 18:09:02.173521: | 00 00 00 11 00 13 ......
- Mar 27 18:09:02.173604: | sent 1 messages
- Mar 27 18:09:02.173624: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_send_delete no->true (complete_v2_state_transition() +2822 programs/pluto/ikev2.c)
- Mar 27 18:09:02.173639: | "tunnel1"[1] 192.168.1.126 #1: routing: connection_zap_ike_family()
- Mar 27 18:09:02.173648: | IKE SA is no longer viable
- Mar 27 18:09:02.173663: | "tunnel1"[1] 192.168.1.126 #1: routing: IKE SA's connection has no Child SA #0
- Mar 27 18:09:02.173674: | FOR_EACH_STATE[clonedfrom=#1]... in (connection_zap_ike_family() +568 programs/pluto/terminate.c)
- Mar 27 18:09:02.173684: | matches: 0
- Mar 27 18:09:02.173701: | clone logger: newref @0x560a73856708(0->1) (teardown_ike() +1278 programs/pluto/routing.c)
- Mar 27 18:09:02.173718: | "tunnel1"[1] 192.168.1.126: addref @0x560a7385e018(2->3) "tunnel1"[1] 192.168.1.126 #1: (dispatch() +2436 programs/pluto/routing.c)
- Mar 27 18:09:02.173867: | "tunnel1"[1] 192.168.1.126 #1: routing: start TEARDOWN_IKE, UNROUTED, INSTANCE; IKE #1 (PARENT_R0) by=UNKNOWN; $2@0x560a7385e018 (complete_v2_state_transition() +2823 programs/pluto/ikev2.c)
- Mar 27 18:09:02.173882: | "tunnel1"[1] 192.168.1.126 #1: routing: IKE SA does not match .routing_sa #0
- Mar 27 18:09:02.173895: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_send_delete yes->true (delete_ike_sa() +771 programs/pluto/state.c)
- Mar 27 18:09:02.173921: | "tunnel1"[1] 192.168.1.126 #1: delete_state() skipping log_message:no
- Mar 27 18:09:02.173935: | FOR_EACH_STATE[clonedfrom=#1]... in (delete_state() +866 programs/pluto/state.c)
- Mar 27 18:09:02.173943: | matches: 0
- Mar 27 18:09:02.173955: "tunnel1"[1] 192.168.1.126 #1: deleting IKE SA (processing IKE_SA_INIT request)
- Mar 27 18:09:02.173967: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_log_message no->true (delete_state() +885 programs/pluto/state.c)
- Mar 27 18:09:02.173976: | pstats #1 ikev2.ike deleted other
- Mar 27 18:09:02.173988: | #1 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total
- Mar 27 18:09:02.174146: | suspend: no MD saved in state #1 (delete_state() +972 programs/pluto/state.c)
- Mar 27 18:09:02.174158: | #1 deleting EVENT_v2_DISCARD
- Mar 27 18:09:02.174171: | tt: delref @0x560a7385a3d8(1->0) (destroy_timeout() +575 programs/pluto/server.c)
- Mar 27 18:09:02.174181: | state-event: delref @0x560a7385a358(1->0) (delete_state() +979 programs/pluto/state.c)
- Mar 27 18:09:02.174233: | #1 STATE_V2_PARENT_R0: retransmits: cleared
- Mar 27 18:09:02.174243: | pending: flush_pending_by_state() ike 0x560a7385e5c8 pending (nil)
- Mar 27 18:09:02.174252: | FOR_EACH_STATE[clonedfrom=#1]... in (flush_incomplete_children() +729 programs/pluto/state.c)
- Mar 27 18:09:02.174260: | matches: 0
- Mar 27 18:09:02.174270: | delref @0x560a7385b588(3->2) (delete_state() +1032 programs/pluto/state.c)
- Mar 27 18:09:02.174287: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(3->2) #1: (delete_state() +1072 programs/pluto/state.c)
- Mar 27 18:09:02.174297: | parent state #1: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore)
- Mar 27 18:09:02.174307: | #1: releasing whack (but there are none) (delete_state() +1078 programs/pluto/state.c)
- Mar 27 18:09:02.174330: | delete_state: delref st->st_dh_shared_secret-key@NULL
- Mar 27 18:09:02.174339: | delete_state: delref st->st_skeyid_nss-key@NULL
- Mar 27 18:09:02.174347: | delete_state: delref st->st_skey_d_nss-key@NULL
- Mar 27 18:09:02.174355: | delete_state: delref st->st_skey_ai_nss-key@NULL
- Mar 27 18:09:02.174363: | delete_state: delref st->st_skey_ar_nss-key@NULL
- Mar 27 18:09:02.174371: | delete_state: delref st->st_skey_ei_nss-key@NULL
- Mar 27 18:09:02.174379: | delete_state: delref st->st_skey_er_nss-key@NULL
- Mar 27 18:09:02.174387: | delete_state: delref st->st_skey_pi_nss-key@NULL
- Mar 27 18:09:02.174396: | delete_state: delref st->st_skey_pr_nss-key@NULL
- Mar 27 18:09:02.174404: | delete_state: delref st->st_enc_key_nss-key@NULL
- Mar 27 18:09:02.174412: | delete_state: delref st->st_sk_d_no_ppk-key@NULL
- Mar 27 18:09:02.174420: | delete_state: delref st->st_sk_pi_no_ppk-key@NULL
- Mar 27 18:09:02.174428: | delete_state: delref st->st_sk_pr_no_ppk-key@NULL
- Mar 27 18:09:02.174437: | #1: releasing whack (but there are none) (delete_state() +1171 programs/pluto/state.c)
- Mar 27 18:09:02.174447: | logger: delref @0x560a73856be8(1->0) (delete_state() +1171 programs/pluto/state.c)
- Mar 27 18:09:02.174459: | "tunnel1"[1] 192.168.1.126 #1: routing: stop TEARDOWN_IKE, UNROUTED, INSTANCE; ok=yes (complete_v2_state_transition() +2823 programs/pluto/ikev2.c)
- Mar 27 18:09:02.174472: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(2->1) "tunnel1"[1] 192.168.1.126 #1: (dispatch() +2450 programs/pluto/routing.c)
- Mar 27 18:09:02.174481: | "tunnel1"[1] 192.168.1.126 #1: releasing whack (but there are none) (teardown_ike() +1290 programs/pluto/routing.c)
- Mar 27 18:09:02.174491: | logger: delref @0x560a73856708(1->0) (teardown_ike() +1290 programs/pluto/routing.c)
- Mar 27 18:09:02.174500: | in statetime_stop() and could not find #1
- Mar 27 18:09:02.174509: | in statetime_stop() and could not find #1
- Mar 27 18:09:02.174525: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(1->0) packet from 192.168.1.126:57597: (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174539: "tunnel1"[1] 192.168.1.126: deleting connection instance with peer 192.168.1.126
- Mar 27 18:09:02.174552: | clone logger: newref @0x560a73856708(0->1) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174561: | discard_connection() tunnel1 $2 [0x560a7385e018] cloned from $1
- Mar 27 18:09:02.174574: | "tunnel1"[1] 192.168.1.126: peekref @0x560a7385e018(0->0) (connection_ok_to_delete() +311 programs/pluto/connections.c)
- Mar 27 18:09:02.174583: | FOR_EACH_CONNECTION[clonedfrom=$2].... in (connection_ok_to_delete() +345 programs/pluto/connections.c)
- Mar 27 18:09:02.174592: | matches: 0
- Mar 27 18:09:02.174600: | FOR_EACH_STATE[connection_serialno=$2]... in (connection_ok_to_delete() +364 programs/pluto/connections.c)
- Mar 27 18:09:02.174608: | matches: 0
- Mar 27 18:09:02.174628: | delref @0x560a7385a9e8(5->4) (disorient() +49 programs/pluto/orient.c)
- Mar 27 18:09:02.174645: | "tunnel1"[1] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=no
- Mar 27 18:09:02.174658: | "tunnel1"[1] 192.168.1.126: releasing whack (but there are none) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174668: | logger: delref @0x560a738584e8(1->0) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174680: | "tunnel1": delref @0x560a738554d8(2->1) "tunnel1"[1] 192.168.1.126: (discard_connection() +454 programs/pluto/connections.c)
- Mar 27 18:09:02.174689: | "tunnel1"[1] 192.168.1.126: releasing whack (but there are none) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174699: | logger: delref @0x560a73856708(1->0) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.174713: | packet from 192.168.1.126:57597: delref @0x560a7385c548(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
- Mar 27 18:09:02.174726: | packet from 192.168.1.126:57597: releasing whack (but there are none) (process_iface_packet() +296 programs/pluto/demux.c)
- Mar 27 18:09:02.174736: | logger: delref @0x560a73858608(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
- Mar 27 18:09:02.174746: | delref @0x560a7385b588(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
- Mar 27 18:09:02.174759: | spent 6.3 (6.39) milliseconds in process_iface_packet() reading and processing packet
- Mar 27 18:09:02.207061: | spent 0.00404 (0.00404) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
- Mar 27 18:09:02.207120: | struct msg_digest: newref @0x560a7385c548(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.207136: | struct iface_endpoint: addref @0x560a7385b588(1->2) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.207147: | alloc logger: newref @0x560a73856708(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
- Mar 27 18:09:02.207164: | *received 460 bytes from 192.168.1.126:57597 on enp0s3 192.168.1.10:500 using UDP
- Mar 27 18:09:02.207173: | 8a 39 43 fb 73 2f 1e 90 00 00 00 00 00 00 00 00 .9C.s/..........
- Mar 27 18:09:02.207185: | 21 20 22 08 00 00 00 00 00 00 01 cc 22 00 00 f4 ! "........."...
- Mar 27 18:09:02.207194: | 02 00 00 88 01 01 00 0f 03 00 00 0c 01 00 00 0c ................
- Mar 27 18:09:02.207202: | 80 0e 01 00 03 00 00 0c 01 00 00 0c 80 0e 00 80 ................
- Mar 27 18:09:02.207213: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0d ................
- Mar 27 18:09:02.207221: | 03 00 00 08 03 00 00 0c 03 00 00 08 03 00 00 02 ................
- Mar 27 18:09:02.207230: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 06 ................
- Mar 27 18:09:02.207238: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02 ................
- Mar 27 18:09:02.207287: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 18 ................
- Mar 27 18:09:02.207300: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 0e ................
- Mar 27 18:09:02.207308: | 00 00 00 08 04 00 00 05 00 00 00 68 02 01 00 0b ...........h....
- Mar 27 18:09:02.207317: | 03 00 00 0c 01 00 00 14 80 0e 01 00 03 00 00 0c ................
- Mar 27 18:09:02.207325: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 ................
- Mar 27 18:09:02.207333: | 03 00 00 08 02 00 00 06 03 00 00 08 02 00 00 05 ................
- Mar 27 18:09:02.207342: | 03 00 00 08 02 00 00 02 03 00 00 08 04 00 00 13 ................
- Mar 27 18:09:02.207350: | 03 00 00 08 04 00 00 18 03 00 00 08 04 00 00 14 ................
- Mar 27 18:09:02.207359: | 03 00 00 08 04 00 00 0e 00 00 00 08 04 00 00 05 ................
- Mar 27 18:09:02.207367: | 28 00 00 48 00 13 00 00 f4 d8 f3 51 5c 7e cb a5 (..H.......Q\~..
- Mar 27 18:09:02.207376: | a9 ef 8d 9f bd db 4c 48 34 e0 bb d3 48 86 44 9a ......LH4...H.D.
- Mar 27 18:09:02.207384: | 90 84 91 df 78 f9 70 9f d6 62 8c 7d 6e 8a 05 83 ....x.p..b.}n...
- Mar 27 18:09:02.207407: | 8d 5b 32 94 b1 bf c9 1f c9 34 13 5a f6 b7 3d 81 .[2......4.Z..=.
- Mar 27 18:09:02.207416: | cc ca 3b 2e b9 fe a4 73 29 00 00 24 55 c3 b1 28 ..;....s)..$U..(
- Mar 27 18:09:02.207425: | 57 37 f7 b2 b9 31 f1 80 ca ac ee 89 9a e1 2d 3e W7...1........->
- Mar 27 18:09:02.207433: | ac 22 6f 0d 99 ea 31 29 44 26 6a 7e 29 00 00 1c ."o...1)D&j~)...
- Mar 27 18:09:02.207442: | 00 00 40 04 09 9d 72 d6 50 46 f2 db 45 b7 8c 7a ..@...r.PF..E..z
- Mar 27 18:09:02.207450: | 12 67 41 ee 64 68 37 5f 29 00 00 1c 00 00 40 05 .gA.dh7_).....@.
- Mar 27 18:09:02.207459: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
- Mar 27 18:09:02.207467: | 89 bb 8c 96 29 00 00 10 00 00 40 2f 00 02 00 03 ....).....@/....
- Mar 27 18:09:02.207476: | 00 04 00 05 00 00 00 08 00 00 40 16 ..........@.
- Mar 27 18:09:02.207487: | **parse ISAKMP Message:
- Mar 27 18:09:02.207501: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
- Mar 27 18:09:02.207514: | responder SPI: 00 00 00 00 00 00 00 00
- Mar 27 18:09:02.207523: | next payload type: ISAKMP_NEXT_v2SA (0x21)
- Mar 27 18:09:02.207531: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Mar 27 18:09:02.207540: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
- Mar 27 18:09:02.207549: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Mar 27 18:09:02.207560: | Message ID: 0 (00 00 00 00)
- Mar 27 18:09:02.207572: | length: 460 (00 00 01 cc)
- Mar 27 18:09:02.207581: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
- Mar 27 18:09:02.207590: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request
- Mar 27 18:09:02.207600: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
- Mar 27 18:09:02.207609: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
- Mar 27 18:09:02.207618: | ***parse IKEv2 Security Association Payload:
- Mar 27 18:09:02.207627: | next payload type: ISAKMP_NEXT_v2KE (0x22)
- Mar 27 18:09:02.207635: | flags: none (0x0)
- Mar 27 18:09:02.207645: | length: 244 (00 f4)
- Mar 27 18:09:02.207654: | processing payload: ISAKMP_NEXT_v2SA (len=240)
- Mar 27 18:09:02.207662: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
- Mar 27 18:09:02.207670: | ***parse IKEv2 Key Exchange Payload:
- Mar 27 18:09:02.207679: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
- Mar 27 18:09:02.207687: | flags: none (0x0)
- Mar 27 18:09:02.207697: | length: 72 (00 48)
- Mar 27 18:09:02.207706: | DH group: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.207714: | processing payload: ISAKMP_NEXT_v2KE (len=64)
- Mar 27 18:09:02.207722: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
- Mar 27 18:09:02.207730: | ***parse IKEv2 Nonce Payload:
- Mar 27 18:09:02.207739: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.207747: | flags: none (0x0)
- Mar 27 18:09:02.207757: | length: 36 (00 24)
- Mar 27 18:09:02.207765: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
- Mar 27 18:09:02.207773: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.207782: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.207790: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.207799: | flags: none (0x0)
- Mar 27 18:09:02.207808: | length: 28 (00 1c)
- Mar 27 18:09:02.207817: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.207826: | SPI size: 0 (00)
- Mar 27 18:09:02.207835: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
- Mar 27 18:09:02.207843: | processing payload: ISAKMP_NEXT_v2N (len=20)
- Mar 27 18:09:02.207852: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.207860: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.207868: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.207877: | flags: none (0x0)
- Mar 27 18:09:02.207887: | length: 28 (00 1c)
- Mar 27 18:09:02.207895: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.207904: | SPI size: 0 (00)
- Mar 27 18:09:02.207913: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
- Mar 27 18:09:02.207921: | processing payload: ISAKMP_NEXT_v2N (len=20)
- Mar 27 18:09:02.207937: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.207946: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.207954: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Mar 27 18:09:02.207963: | flags: none (0x0)
- Mar 27 18:09:02.207973: | length: 16 (00 10)
- Mar 27 18:09:02.207981: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.207990: | SPI size: 0 (00)
- Mar 27 18:09:02.207999: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
- Mar 27 18:09:02.208007: | processing payload: ISAKMP_NEXT_v2N (len=8)
- Mar 27 18:09:02.208015: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.208023: | ***parse IKEv2 Notify Payload:
- Mar 27 18:09:02.208032: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.208040: | flags: none (0x0)
- Mar 27 18:09:02.208050: | length: 8 (00 08)
- Mar 27 18:09:02.208059: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.208068: | SPI size: 0 (00)
- Mar 27 18:09:02.208076: | Notify Message Type: v2N_REDIRECT_SUPPORTED (0x4016)
- Mar 27 18:09:02.208209: | processing payload: ISAKMP_NEXT_v2N (len=0)
- Mar 27 18:09:02.208223: | DDOS disabled and no cookie sent, continuing
- Mar 27 18:09:02.208267: | looking for transition from PARENT_R0 matching IKE_SA_INIT request: SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(SIGNATURE_HASH_ALGORITHMS),N(REDIRECT_SUPPORTED)
- Mar 27 18:09:02.208277: | trying: Respond to IKE_SA_INIT
- Mar 27 18:09:02.208285: | unsecured message matched
- Mar 27 18:09:02.208300: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=ECDSA
- Mar 27 18:09:02.208315: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208324: | matches: 0
- Mar 27 18:09:02.208335: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208344: | found "tunnel1"
- Mar 27 18:09:02.208354: | skipping "tunnel1", PSK missing required authby ECDSA
- Mar 27 18:09:02.208362: | matches: 1
- Mar 27 18:09:02.208374: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy ECDSA, sending reject response
- Mar 27 18:09:02.208388: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG
- Mar 27 18:09:02.208402: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208410: | matches: 0
- Mar 27 18:09:02.208422: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208430: | found "tunnel1"
- Mar 27 18:09:02.208439: | skipping "tunnel1", PSK missing required authby RSASIG
- Mar 27 18:09:02.208447: | matches: 1
- Mar 27 18:09:02.208458: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG, sending reject response
- Mar 27 18:09:02.208472: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG_v1_5
- Mar 27 18:09:02.208486: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208494: | matches: 0
- Mar 27 18:09:02.208505: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208514: | found "tunnel1"
- Mar 27 18:09:02.208523: | skipping "tunnel1", PSK missing required authby RSASIG_v1_5
- Mar 27 18:09:02.208531: | matches: 1
- Mar 27 18:09:02.208542: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG_v1_5, sending reject response
- Mar 27 18:09:02.208556: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=PSK
- Mar 27 18:09:02.208579: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208588: | matches: 0
- Mar 27 18:09:02.208599: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208607: | found "tunnel1"
- Mar 27 18:09:02.208616: | instant winner with non-opportunistic template "tunnel1"
- Mar 27 18:09:02.208627: | instantiate roadwarrior winner "tunnel1"
- Mar 27 18:09:02.208642: | "tunnel1": rw_responder_instantiate: remote=192.168.1.126 id=<null-id> kind=TEMPLATE sec_label= (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208653: | connection $1: "tunnel1"
- Mar 27 18:09:02.208662: | routing+kind: UNROUTED TEMPLATE
- Mar 27 18:09:02.208674: | host: 192.168.1.10->0.0.0.0
- Mar 27 18:09:02.208688: | selectors: 192.168.10.0/24 -> <unset-selector>
- Mar 27 18:09:02.208696: | spds: <unset-selectors>
- Mar 27 18:09:02.208707: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
- Mar 27 18:09:02.208721: | struct connection: newref @0x560a7385df58(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208733: | alloc logger: newref @0x560a738584e8(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.208742: | "tunnel1"[2]: no whack to attach
- Mar 27 18:09:02.208753: | "tunnel1": template .instance_serial_next updated to 3; instance 2
- Mar 27 18:09:02.208766: | "tunnel1": addref @0x560a738554d8(1->2) "tunnel1"[2] <unset-address>: (alloc_connection() +2100 programs/pluto/connections.c)
- Mar 27 18:09:02.208776: | struct iface: addref @0x560a7385a9e8(4->5) (duplicate_connection() +78 programs/pluto/instantiate.c)
- Mar 27 18:09:02.208788: | left.child.has_client: no -> yes (duplicate_connection() +87 programs/pluto/instantiate.c)
- Mar 27 18:09:02.208798: | right.child.has_client: no -> no (duplicate_connection() +87 programs/pluto/instantiate.c)
- Mar 27 18:09:02.208810: | updating host ends from right.host.addr 192.168.1.126
- Mar 27 18:09:02.208821: | updated right.host_port from 0 to 500
- Mar 27 18:09:02.208834: | updated left.host_nexthop from 0.0.0.0 to 192.168.1.126
- Mar 27 18:09:02.208846: | "tunnel1"[2] 192.168.1.126: tunnel1 .child.reqid=16396 because t.config.sa_requid=0 (generate)
- Mar 27 18:09:02.208866: | "tunnel1"[2] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=yes
- Mar 27 18:09:02.208875: | update_selectors() left selectors from 1 child.selectors
- Mar 27 18:09:02.208886: | update_selectors() right.child selector formed from host address+protoport
- Mar 27 18:09:02.208899: | append_end_selector() right.child.selectors.proposed[0] 192.168.1.126/32 (update_selectors() +397 programs/pluto/instantiate.c)
- Mar 27 18:09:02.208908: | adding connection spds using proposed
- Mar 27 18:09:02.208918: | left=1 right=1
- Mar 27 18:09:02.208927: | left[IPv4]=1 right[IPv4]=1
- Mar 27 18:09:02.208936: | left[IPv6]=0 right[IPv6]=0
- Mar 27 18:09:02.208946: | allocating 1 SPDs
- Mar 27 18:09:02.208961: | 192.168.10.0/24===192.168.1.126/32
- Mar 27 18:09:02.208973: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
- Mar 27 18:09:02.208987: | right child spd from selector 192.168.1.126/32 right.spd.has_client=no virt=no
- Mar 27 18:09:02.209000: | "tunnel1"[2] 192.168.1.126: rw_responder_instantiate: from "tunnel1" (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
- Mar 27 18:09:02.209014: | connection $3 clonedfrom $1: "tunnel1"[2] 192.168.1.126
- Mar 27 18:09:02.209023: | routing+kind: UNROUTED INSTANCE
- Mar 27 18:09:02.209035: | host: 192.168.1.10->192.168.1.126
- Mar 27 18:09:02.209051: | selectors: 192.168.10.0/24 -> 192.168.1.126/32
- Mar 27 18:09:02.209082: | spds: 192.168.10.0/24===192.168.1.126/32
- Mar 27 18:09:02.209093: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
- Mar 27 18:09:02.209104: | found connection: "tunnel1"[2] 192.168.1.126 with remote authby PSK
- Mar 27 18:09:02.209125: | struct iface_endpoint: addref @0x560a7385b588(2->3) (get_responder_endpoints() +610 programs/pluto/state.c)
- Mar 27 18:09:02.209165: | alloc logger: newref @0x560a73856be8(0->1) (new_v2_ike_sa() +666 programs/pluto/state.c)
- Mar 27 18:09:02.209175: | #0: no whack to attach
- Mar 27 18:09:02.209188: | "tunnel1"[2] 192.168.1.126: addref @0x560a7385df58(1->2) #2: (new_state() +491 programs/pluto/state.c)
- Mar 27 18:09:02.209198: | creating state object #2 at 0x560a7385e508
- Mar 27 18:09:02.209217: | pstats #2 ikev2.ike started
- Mar 27 18:09:02.209227: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
- Mar 27 18:09:02.209239: | #2.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (new_v2_ike_sa() +669 programs/pluto/state.c)
- Mar 27 18:09:02.209265: | Message ID: IKE #2 initializing (initiator: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.325071 .last_recv=0->33396.325071 responder: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.325071 .last_recv=0->33396.325071)
- Mar 27 18:09:02.209277: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #2
- Mar 27 18:09:02.209288: | tt: newref @0x560a7385a518(0->1) (schedule_timeout() +557 programs/pluto/server.c)
- Mar 27 18:09:02.209303: | #2 spent 2.23 (2.26) milliseconds
- Mar 27 18:09:02.209314: | #2.st_v2_transition PARENT_R0->PARENT_R1 -> PARENT_R0->PARENT_R1 (v2_dispatch() +2308 programs/pluto/ikev2.c)
- Mar 27 18:09:02.209335: | Message ID: IKE #2 responder starting message request 0 (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.325071 .last_recv=33396.325071 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.325071 .last_recv=33396.325071)
- Mar 27 18:09:02.209344: | calling processor Respond to IKE_SA_INIT
- Mar 27 18:09:02.209355: | #2 spent 2.28 (2.31) milliseconds
- Mar 27 18:09:02.210098: | #2 updating local interface from 192.168.1.10:500 to 192.168.1.10:500 using md->iface (update_ike_endpoints() +1714 programs/pluto/state.c)
- Mar 27 18:09:02.210120: | delref @0x560a7385b588(3->2) (update_ike_endpoints() +1719 programs/pluto/state.c)
- Mar 27 18:09:02.210133: | struct iface_endpoint: addref @0x560a7385b588(2->3) (update_ike_endpoints() +1720 programs/pluto/state.c)
- Mar 27 18:09:02.210153: | comparing remote proposals against IKE responder 5 local proposals
- Mar 27 18:09:02.210171: | local proposal 1 type ENCR has 1 transforms
- Mar 27 18:09:02.210180: | local proposal 1 type PRF has 2 transforms
- Mar 27 18:09:02.210189: | local proposal 1 type INTEG has 1 transforms
- Mar 27 18:09:02.210198: | local proposal 1 type DH has 8 transforms
- Mar 27 18:09:02.210206: | local proposal 1 type ESN has 0 transforms
- Mar 27 18:09:02.210216: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.210225: | local proposal 2 type ENCR has 1 transforms
- Mar 27 18:09:02.210233: | local proposal 2 type PRF has 2 transforms
- Mar 27 18:09:02.210242: | local proposal 2 type INTEG has 1 transforms
- Mar 27 18:09:02.210251: | local proposal 2 type DH has 8 transforms
- Mar 27 18:09:02.210259: | local proposal 2 type ESN has 0 transforms
- Mar 27 18:09:02.210268: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.210277: | local proposal 3 type ENCR has 1 transforms
- Mar 27 18:09:02.210286: | local proposal 3 type PRF has 2 transforms
- Mar 27 18:09:02.210294: | local proposal 3 type INTEG has 1 transforms
- Mar 27 18:09:02.210303: | local proposal 3 type DH has 8 transforms
- Mar 27 18:09:02.210311: | local proposal 3 type ESN has 0 transforms
- Mar 27 18:09:02.210321: | local proposal 3 transforms: required: ENCR+PRF+DH; optional: INTEG
- Mar 27 18:09:02.210329: | local proposal 4 type ENCR has 1 transforms
- Mar 27 18:09:02.210338: | local proposal 4 type PRF has 2 transforms
- Mar 27 18:09:02.210346: | local proposal 4 type INTEG has 2 transforms
- Mar 27 18:09:02.210355: | local proposal 4 type DH has 8 transforms
- Mar 27 18:09:02.210363: | local proposal 4 type ESN has 0 transforms
- Mar 27 18:09:02.210373: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
- Mar 27 18:09:02.210392: | local proposal 5 type ENCR has 1 transforms
- Mar 27 18:09:02.210401: | local proposal 5 type PRF has 2 transforms
- Mar 27 18:09:02.210410: | local proposal 5 type INTEG has 2 transforms
- Mar 27 18:09:02.210418: | local proposal 5 type DH has 8 transforms
- Mar 27 18:09:02.210427: | local proposal 5 type ESN has 0 transforms
- Mar 27 18:09:02.210436: | local proposal 5 transforms: required: ENCR+PRF+INTEG+DH; optional: none
- Mar 27 18:09:02.210446: | ****parse IKEv2 Proposal Substructure Payload:
- Mar 27 18:09:02.210455: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Mar 27 18:09:02.210465: | length: 136 (00 88)
- Mar 27 18:09:02.210475: | prop #: 1 (01)
- Mar 27 18:09:02.210483: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Mar 27 18:09:02.210492: | spi size: 0 (00)
- Mar 27 18:09:02.210501: | # transforms: 15 (0f)
- Mar 27 18:09:02.210512: | Comparing remote proposal 1 containing 15 transforms against local proposal [1..5] of 5 local proposals
- Mar 27 18:09:02.210521: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210529: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210539: | length: 12 (00 0c)
- Mar 27 18:09:02.210547: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.210556: | IKEv2 transform ID: AES_CBC (0xc)
- Mar 27 18:09:02.210565: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.210573: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.210583: | length/value: 256 (01 00)
- Mar 27 18:09:02.210595: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 4 type 1 (ENCR) transform 0
- Mar 27 18:09:02.210604: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210612: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210622: | length: 12 (00 0c)
- Mar 27 18:09:02.210631: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.210639: | IKEv2 transform ID: AES_CBC (0xc)
- Mar 27 18:09:02.210647: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.210656: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.210666: | length/value: 128 (00 80)
- Mar 27 18:09:02.210677: | remote proposal 1 transform 1 (ENCR=AES_CBC_128) matches local proposal 5 type 1 (ENCR) transform 0
- Mar 27 18:09:02.210686: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210694: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210704: | length: 8 (00 08)
- Mar 27 18:09:02.210712: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.210721: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Mar 27 18:09:02.210732: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG) transform 0
- Mar 27 18:09:02.210742: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 5 type 3 (INTEG) transform 0
- Mar 27 18:09:02.210750: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210759: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210769: | length: 8 (00 08)
- Mar 27 18:09:02.210777: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.210785: | IKEv2 transform ID: AUTH_HMAC_SHA2_384_192 (0xd)
- Mar 27 18:09:02.210795: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210803: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210813: | length: 8 (00 08)
- Mar 27 18:09:02.210821: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.210829: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Mar 27 18:09:02.210839: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210847: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210857: | length: 8 (00 08)
- Mar 27 18:09:02.210865: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
- Mar 27 18:09:02.210873: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
- Mar 27 18:09:02.210883: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.210905: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.210915: | length: 8 (00 08)
- Mar 27 18:09:02.210924: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.210932: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Mar 27 18:09:02.210943: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
- Mar 27 18:09:02.210953: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
- Mar 27 18:09:02.210963: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
- Mar 27 18:09:02.210973: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
- Mar 27 18:09:02.210983: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 5 type 2 (PRF) transform 0
- Mar 27 18:09:02.210992: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211000: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211520: | length: 8 (00 08)
- Mar 27 18:09:02.211536: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.211544: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
- Mar 27 18:09:02.211554: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211563: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211573: | length: 8 (00 08)
- Mar 27 18:09:02.211581: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.211589: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Mar 27 18:09:02.211598: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211607: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211617: | length: 8 (00 08)
- Mar 27 18:09:02.211625: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.211633: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Mar 27 18:09:02.211642: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211651: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211661: | length: 8 (00 08)
- Mar 27 18:09:02.211669: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.211678: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.211688: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
- Mar 27 18:09:02.211698: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
- Mar 27 18:09:02.211709: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
- Mar 27 18:09:02.211719: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 4 type 4 (DH) transform 0
- Mar 27 18:09:02.211729: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 5 type 4 (DH) transform 0
- Mar 27 18:09:02.211737: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211746: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211755: | length: 8 (00 08)
- Mar 27 18:09:02.211764: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.211772: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
- Mar 27 18:09:02.211781: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211790: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211800: | length: 8 (00 08)
- Mar 27 18:09:02.211808: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.211816: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
- Mar 27 18:09:02.211825: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211834: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.211844: | length: 8 (00 08)
- Mar 27 18:09:02.211852: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.211860: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Mar 27 18:09:02.211869: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.211878: | last transform: v2_TRANSFORM_LAST (0x0)
- Mar 27 18:09:02.211898: | length: 8 (00 08)
- Mar 27 18:09:02.211907: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.211916: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
- Mar 27 18:09:02.211928: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
- Mar 27 18:09:02.211940: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.211950: | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.211963: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.211972: | remote proposal 1 does not match local proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.211999: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 3; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
- Mar 27 18:09:02.212035: | remote proposal 1 does not match local proposal 3; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
- Mar 27 18:09:02.212049: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 4; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
- Mar 27 18:09:02.212058: | remote proposal 1 matches local proposal 4
- Mar 27 18:09:02.212067: | ****parse IKEv2 Proposal Substructure Payload:
- Mar 27 18:09:02.212076: | last proposal: v2_PROPOSAL_LAST (0x0)
- Mar 27 18:09:02.212086: | length: 104 (00 68)
- Mar 27 18:09:02.212095: | prop #: 2 (02)
- Mar 27 18:09:02.212103: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Mar 27 18:09:02.212113: | spi size: 0 (00)
- Mar 27 18:09:02.212122: | # transforms: 11 (0b)
- Mar 27 18:09:02.212132: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..3] of 5 local proposals
- Mar 27 18:09:02.212140: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212149: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212159: | length: 12 (00 0c)
- Mar 27 18:09:02.212167: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.212176: | IKEv2 transform ID: AES_GCM_C (0x14)
- Mar 27 18:09:02.212184: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.212192: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.212202: | length/value: 256 (01 00)
- Mar 27 18:09:02.212214: | remote proposal 2 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
- Mar 27 18:09:02.212223: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212231: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212241: | length: 12 (00 0c)
- Mar 27 18:09:02.212249: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.212258: | IKEv2 transform ID: AES_GCM_C (0x14)
- Mar 27 18:09:02.212266: | ******parse IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.212274: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.212284: | length/value: 128 (00 80)
- Mar 27 18:09:02.212296: | remote proposal 2 transform 1 (ENCR=AES_GCM_C_128) matches local proposal 2 type 1 (ENCR) transform 0
- Mar 27 18:09:02.212304: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212313: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212323: | length: 8 (00 08)
- Mar 27 18:09:02.212331: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.212339: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Mar 27 18:09:02.212350: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
- Mar 27 18:09:02.212360: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
- Mar 27 18:09:02.212370: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
- Mar 27 18:09:02.212388: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212397: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212406: | length: 8 (00 08)
- Mar 27 18:09:02.212415: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.212423: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
- Mar 27 18:09:02.212432: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212441: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212451: | length: 8 (00 08)
- Mar 27 18:09:02.212459: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.212467: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Mar 27 18:09:02.212476: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212485: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212495: | length: 8 (00 08)
- Mar 27 18:09:02.212503: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.212511: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Mar 27 18:09:02.212520: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212529: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212539: | length: 8 (00 08)
- Mar 27 18:09:02.212547: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.212555: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.212566: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
- Mar 27 18:09:02.212576: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
- Mar 27 18:09:02.212586: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
- Mar 27 18:09:02.212595: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212603: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212613: | length: 8 (00 08)
- Mar 27 18:09:02.212621: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.212630: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
- Mar 27 18:09:02.212639: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212647: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212657: | length: 8 (00 08)
- Mar 27 18:09:02.212665: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.212674: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
- Mar 27 18:09:02.212683: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212691: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.212701: | length: 8 (00 08)
- Mar 27 18:09:02.212709: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.212718: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Mar 27 18:09:02.212727: | *****parse IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.212735: | last transform: v2_TRANSFORM_LAST (0x0)
- Mar 27 18:09:02.212745: | length: 8 (00 08)
- Mar 27 18:09:02.212753: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.212762: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
- Mar 27 18:09:02.212773: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
- Mar 27 18:09:02.212785: | comparing remote proposal 2 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
- Mar 27 18:09:02.212794: | remote proposal 2 matches local proposal 1
- Mar 27 18:09:02.212811: "tunnel1"[2] 192.168.1.126 #2: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=ECP_256;DH=DH24;DH=ECP_384;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=ECP_256;DH=DH24;DH=ECP_384;DH=MODP2048;DH=MODP1536[better-match]
- Mar 27 18:09:02.212824: | accepted IKE proposal ikev2_proposal: 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256
- Mar 27 18:09:02.212840: | converting proposal to internal trans attrs
- Mar 27 18:09:02.212853: | IKEV2_FRAGMENTATION_SUPPORTED neither requested nor accepted
- Mar 27 18:09:02.212861: | USE_PPK neither requested nor accepted
- Mar 27 18:09:02.212869: | nat: IKE.SPIr is zero
- Mar 27 18:09:02.212903: | natd_hash: hasher=0x560a71c0dc40(20)
- Mar 27 18:09:02.212912: | natd_hash: icookie=
- Mar 27 18:09:02.212921: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
- Mar 27 18:09:02.212929: | natd_hash: rcookie=
- Mar 27 18:09:02.212937: | 00 00 00 00 00 00 00 00 ........
- Mar 27 18:09:02.212945: | natd_hash: ip=
- Mar 27 18:09:02.212953: | c0 a8 01 0a ....
- Mar 27 18:09:02.226663: | natd_hash: port=
- Mar 27 18:09:02.226692: | 01 f4 ..
- Mar 27 18:09:02.226700: | natd_hash: hash=
- Mar 27 18:09:02.226708: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
- Mar 27 18:09:02.226717: | 89 bb 8c 96 ....
- Mar 27 18:09:02.226726: | nat: IKE.SPIr is zero
- Mar 27 18:09:02.226767: | natd_hash: hasher=0x560a71c0dc40(20)
- Mar 27 18:09:02.226776: | natd_hash: icookie=
- Mar 27 18:09:02.226784: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
- Mar 27 18:09:02.226792: | natd_hash: rcookie=
- Mar 27 18:09:02.226801: | 00 00 00 00 00 00 00 00 ........
- Mar 27 18:09:02.226809: | natd_hash: ip=
- Mar 27 18:09:02.226817: | c0 a8 01 7e ...~
- Mar 27 18:09:02.226825: | natd_hash: port=
- Mar 27 18:09:02.226833: | e0 fd ..
- Mar 27 18:09:02.226841: | natd_hash: hash=
- Mar 27 18:09:02.226849: | 4b 97 41 67 d1 80 cd 03 f4 e2 a6 cd 13 78 cc 8a K.Ag.........x..
- Mar 27 18:09:02.226858: | d6 c5 fb 8a ....
- Mar 27 18:09:02.226867: | NAT_TRAVERSAL encaps using auto-detect
- Mar 27 18:09:02.226874: | NAT_TRAVERSAL this end is NOT behind NAT
- Mar 27 18:09:02.226886: | NAT_TRAVERSAL that end is behind NAT 192.168.1.126:57597
- Mar 27 18:09:02.226897: | NAT_TRAVERSAL nat-keepalive enabled 192.168.1.126:57597
- Mar 27 18:09:02.226905: | NAT: responder so initiator gets to switch ports
- Mar 27 18:09:02.226915: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
- Mar 27 18:09:02.226923: | 00 02 ..
- Mar 27 18:09:02.226933: | digsig: received and ignored unacceptable hash algorithm SHA2_256
- Mar 27 18:09:02.226942: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
- Mar 27 18:09:02.226950: | 00 03 ..
- Mar 27 18:09:02.226958: | digsig: received and ignored unacceptable hash algorithm SHA2_384
- Mar 27 18:09:02.226967: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
- Mar 27 18:09:02.226975: | 00 04 ..
- Mar 27 18:09:02.226983: | digsig: received and ignored unacceptable hash algorithm SHA2_512
- Mar 27 18:09:02.226992: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
- Mar 27 18:09:02.227000: | 00 05 ..
- Mar 27 18:09:02.227009: | digsig: received and ignored unacceptable hash algorithm IDENTITY
- Mar 27 18:09:02.227021: | job: newref @0x560a738601e8(0->1) (submit_task() +331 programs/pluto/server_pool.c)
- Mar 27 18:09:02.227037: | clone logger: newref @0x560a73855e58(0->1) (submit_task() +358 programs/pluto/server_pool.c)
- Mar 27 18:09:02.227046: | job 1 helper 0 #2 process_v2_IKE_SA_INIT_request (dh): added to pending queue
- Mar 27 18:09:02.227055: | #2 deleting EVENT_v2_DISCARD
- Mar 27 18:09:02.227068: | tt: delref @0x560a7385a518(1->0) (destroy_timeout() +575 programs/pluto/server.c)
- Mar 27 18:09:02.227079: | state-event: delref @0x560a7385a358(1->0) (delete_event() +534 programs/pluto/timer.c)
- Mar 27 18:09:02.227105: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x560a7385a358 timeout in 60 seconds for #2
- Mar 27 18:09:02.227116: | tt: newref @0x560a73860288(0->1) (schedule_timeout() +557 programs/pluto/server.c)
- Mar 27 18:09:02.227137: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
- Mar 27 18:09:02.227207: | suspend: saving MD@0x560a7385c548 in state #2 (complete_v2_state_transition() +2702 programs/pluto/ikev2.c)
- Mar 27 18:09:02.227221: | struct msg_digest: addref @0x560a7385c548(1->2) (complete_v2_state_transition() +2702 programs/pluto/ikev2.c)
- Mar 27 18:09:02.227224: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): started
- Mar 27 18:09:02.230951: | struct dh_local_secret: newref @0x7f49e80016f8(0->1) (calc_dh_local_secret() +85 programs/pluto/crypt_dh.c)
- Mar 27 18:09:02.230975: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): finished
- Mar 27 18:09:02.230991: | "tunnel1"[2] 192.168.1.126 #2: spent 3.77 (3.77) milliseconds in job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh)
- Mar 27 18:09:02.231001: | scheduling resume sending job back to main thread for #2
- Mar 27 18:09:02.231012: | tt: newref @0x7f49e8004278(0->1) (schedule_timeout() +557 programs/pluto/server.c)
- Mar 27 18:09:02.231026: | helper 1: waiting for work
- Mar 27 18:09:02.227230: | #2 is busy; has suspended MD 0x560a7385c548
- Mar 27 18:09:02.232548: | #2 spent 3.12 (23.2) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch()
- Mar 27 18:09:02.232562: | #2 spent 5.42 (25.5) milliseconds in process_v2_IKE_SA_INIT()
- Mar 27 18:09:02.232581: | "tunnel1"[2] 192.168.1.126: delref @0x560a7385df58(2->1) packet from 192.168.1.126:57597: (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
- Mar 27 18:09:02.232596: | packet from 192.168.1.126:57597: delref @0x560a7385c548(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
- Mar 27 18:09:02.232608: | spent 5.46 (25.6) milliseconds in process_iface_packet() reading and processing packet
- Mar 27 18:09:02.232630: | processing resume sending job back to main thread for #2
- Mar 27 18:09:02.232641: | suspend: restoring MD@0x560a7385c548 from state #2 (resume_handler() +641 programs/pluto/server.c)
- Mar 27 18:09:02.232651: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): calling state's callback function
- Mar 27 18:09:02.232660: | process_v2_IKE_SA_INIT_request_continue() for #2 STATE_V2_PARENT_R0: calculated ke+nonce, sending R1
- Mar 27 18:09:02.232721: | opening output PBS IKE_SA_INIT response
- Mar 27 18:09:02.232730: | **emit ISAKMP Message:
- Mar 27 18:09:02.232743: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
- Mar 27 18:09:02.232756: | responder SPI: d4 6c 1e 33 4e f8 a5 ba
- Mar 27 18:09:02.232765: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 27 18:09:02.232774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Mar 27 18:09:02.232782: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
- Mar 27 18:09:02.232791: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
- Mar 27 18:09:02.232803: | Message ID: 0 (00 00 00 00)
- Mar 27 18:09:02.232812: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 27 18:09:02.232821: | emitting ikev2_proposal ...
- Mar 27 18:09:02.232829: | ***emit IKEv2 Security Association Payload:
- Mar 27 18:09:02.232838: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.232847: | flags: none (0x0)
- Mar 27 18:09:02.232856: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
- Mar 27 18:09:02.232865: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.232875: | ****emit IKEv2 Proposal Substructure Payload:
- Mar 27 18:09:02.232884: | last proposal: v2_PROPOSAL_LAST (0x0)
- Mar 27 18:09:02.232893: | prop #: 2 (02)
- Mar 27 18:09:02.232902: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Mar 27 18:09:02.232911: | spi size: 0 (00)
- Mar 27 18:09:02.232930: | # transforms: 3 (03)
- Mar 27 18:09:02.232938: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
- Mar 27 18:09:02.232948: | *****emit IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.232956: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.232964: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
- Mar 27 18:09:02.232973: | IKEv2 transform ID: AES_GCM_C (0x14)
- Mar 27 18:09:02.232981: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
- Mar 27 18:09:02.232990: | ******emit IKEv2 Attribute Substructure Payload:
- Mar 27 18:09:02.232999: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
- Mar 27 18:09:02.233009: | length/value: 256 (01 00)
- Mar 27 18:09:02.233018: | emitting length of IKEv2 Transform Substructure Payload: 12
- Mar 27 18:09:02.233026: | *****emit IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.233034: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.233043: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
- Mar 27 18:09:02.233051: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Mar 27 18:09:02.233061: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.233070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
- Mar 27 18:09:02.233078: | emitting length of IKEv2 Transform Substructure Payload: 8
- Mar 27 18:09:02.233087: | *****emit IKEv2 Transform Substructure Payload:
- Mar 27 18:09:02.233095: | last transform: v2_TRANSFORM_LAST (0x0)
- Mar 27 18:09:02.233104: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
- Mar 27 18:09:02.233112: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.233122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
- Mar 27 18:09:02.233130: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
- Mar 27 18:09:02.233139: | emitting length of IKEv2 Transform Substructure Payload: 8
- Mar 27 18:09:02.233147: | emitting length of IKEv2 Proposal Substructure Payload: 36
- Mar 27 18:09:02.233156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
- Mar 27 18:09:02.233164: | emitting length of IKEv2 Security Association Payload: 40
- Mar 27 18:09:02.233173: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
- Mar 27 18:09:02.233185: | struct dh_local_secret: addref @0x7f49e80016f8(1->2) (unpack_KE_from_helper() +155 programs/pluto/crypt_ke.c)
- Mar 27 18:09:02.233194: | ***emit IKEv2 Key Exchange Payload:
- Mar 27 18:09:02.233202: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.233211: | flags: none (0x0)
- Mar 27 18:09:02.233219: | DH group: OAKLEY_GROUP_ECP_256 (0x13)
- Mar 27 18:09:02.233228: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
- Mar 27 18:09:02.233237: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.233246: | emitting 64 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
- Mar 27 18:09:02.233255: | ba f6 7f e8 ef 30 b4 53 6b 10 8f 52 24 50 97 47 .....0.Sk..R$P.G
- Mar 27 18:09:02.233263: | 16 1a 0e 52 c1 64 c7 7a 93 10 01 be b4 c1 8a f4 ...R.d.z........
- Mar 27 18:09:02.233272: | a3 a2 86 8a a3 5c 7e ad db 85 92 55 dc 9f ae 2e .....\~....U....
- Mar 27 18:09:02.233280: | a0 50 ee 16 5a b0 6b 44 bb 17 25 03 68 83 3a 14 .P..Z.kD..%.h.:.
- Mar 27 18:09:02.233296: | emitting length of IKEv2 Key Exchange Payload: 72
- Mar 27 18:09:02.233305: | ***emit IKEv2 Nonce Payload:
- Mar 27 18:09:02.233314: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.233323: | flags: none (0x0)
- Mar 27 18:09:02.233331: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
- Mar 27 18:09:02.233340: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.233349: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
- Mar 27 18:09:02.233358: | 64 9f a3 db de 22 b2 ce b5 4f 56 da 33 d7 bf 6c d...."...OV.3..l
- Mar 27 18:09:02.233366: | 8b 2a f4 84 dd fd fa 56 2c 95 d5 10 35 ca 1f 4e .*.....V,...5..N
- Mar 27 18:09:02.233375: | emitting length of IKEv2 Nonce Payload: 36
- Mar 27 18:09:02.233384: | INTERMEDIATE_EXCHANGE_SUPPORTED neither requested nor accepted
- Mar 27 18:09:02.233393: | NAT-Traversal support [enabled] add v2N payloads.
- Mar 27 18:09:02.233415: | natd_hash: hasher=0x560a71c0dc40(20)
- Mar 27 18:09:02.233424: | natd_hash: icookie=
- Mar 27 18:09:02.233433: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
- Mar 27 18:09:02.233441: | natd_hash: rcookie=
- Mar 27 18:09:02.233449: | d4 6c 1e 33 4e f8 a5 ba .l.3N...
- Mar 27 18:09:02.233457: | natd_hash: ip=
- Mar 27 18:09:02.237260: | c0 a8 01 0a ....
- Mar 27 18:09:02.237283: | natd_hash: port=
- Mar 27 18:09:02.237292: | 01 f4 ..
- Mar 27 18:09:02.237300: | natd_hash: hash=
- Mar 27 18:09:02.237308: | bf 11 12 55 30 b0 71 a9 62 6c f8 04 6b 4a f3 04 ...U0.q.bl..kJ..
- Mar 27 18:09:02.237317: | 95 df a0 bd ....
- Mar 27 18:09:02.237326: | adding a v2N Payload
- Mar 27 18:09:02.237335: | ***emit IKEv2 Notify Payload:
- Mar 27 18:09:02.237344: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.237353: | flags: none (0x0)
- Mar 27 18:09:02.237361: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.237387: | SPI size: 0 (00)
- Mar 27 18:09:02.237400: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
- Mar 27 18:09:02.237410: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.237419: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.237429: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
- Mar 27 18:09:02.237438: | bf 11 12 55 30 b0 71 a9 62 6c f8 04 6b 4a f3 04 ...U0.q.bl..kJ..
- Mar 27 18:09:02.237446: | 95 df a0 bd ....
- Mar 27 18:09:02.237455: | emitting length of IKEv2 Notify Payload: 28
- Mar 27 18:09:02.237488: | natd_hash: hasher=0x560a71c0dc40(20)
- Mar 27 18:09:02.237497: | natd_hash: icookie=
- Mar 27 18:09:02.237505: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
- Mar 27 18:09:02.237513: | natd_hash: rcookie=
- Mar 27 18:09:02.237522: | d4 6c 1e 33 4e f8 a5 ba .l.3N...
- Mar 27 18:09:02.237529: | natd_hash: ip=
- Mar 27 18:09:02.237538: | c0 a8 01 7e ...~
- Mar 27 18:09:02.237546: | natd_hash: port=
- Mar 27 18:09:02.237554: | e0 fd ..
- Mar 27 18:09:02.237562: | natd_hash: hash=
- Mar 27 18:09:02.237570: | 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 b4 c4 a4 89 .ev.n+HV~>7.....
- Mar 27 18:09:02.237579: | 9d 9f f6 b9 ....
- Mar 27 18:09:02.237587: | adding a v2N Payload
- Mar 27 18:09:02.237595: | ***emit IKEv2 Notify Payload:
- Mar 27 18:09:02.237603: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.237612: | flags: none (0x0)
- Mar 27 18:09:02.237620: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.237644: | SPI size: 0 (00)
- Mar 27 18:09:02.237652: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
- Mar 27 18:09:02.237662: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.237670: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.237680: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
- Mar 27 18:09:02.237688: | 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 b4 c4 a4 89 .ev.n+HV~>7.....
- Mar 27 18:09:02.237697: | 9d 9f f6 b9 ....
- Mar 27 18:09:02.237705: | emitting length of IKEv2 Notify Payload: 28
- Mar 27 18:09:02.237713: | adding a v2N Payload
- Mar 27 18:09:02.237721: | ***emit IKEv2 Notify Payload:
- Mar 27 18:09:02.237730: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Mar 27 18:09:02.237738: | flags: none (0x0)
- Mar 27 18:09:02.237747: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
- Mar 27 18:09:02.237756: | SPI size: 0 (00)
- Mar 27 18:09:02.237764: | Notify Message Type: v2N_CHILDLESS_IKEV2_SUPPORTED (0x4022)
- Mar 27 18:09:02.237773: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
- Mar 27 18:09:02.237782: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
- Mar 27 18:09:02.237791: | emitting 0 raw bytes of Notify data into IKEv2 Notify Payload
- Mar 27 18:09:02.237799: | Notify data:
- Mar 27 18:09:02.237807: | emitting length of IKEv2 Notify Payload: 8
- Mar 27 18:09:02.237817: | emitting length of ISAKMP Message: 240
- Mar 27 18:09:02.237828: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): final status STF_OK; cleaning up
- Mar 27 18:09:02.237840: | delref @0x7f49e80016f8(2->1) (cleanup_ke_and_nonce() +83 programs/pluto/crypt_ke.c)
- Mar 27 18:09:02.237850: | "tunnel1"[2] 192.168.1.126 #2: releasing whack (but there are none) (free_job() +430 programs/pluto/server_pool.c)
- Mar 27 18:09:02.237860: | logger: delref @0x560a73855e58(1->0) (free_job() +430 programs/pluto/server_pool.c)
- Mar 27 18:09:02.237871: | job: delref @0x560a738601e8(1->0) (free_job() +431 programs/pluto/server_pool.c)
- Mar 27 18:09:02.237882: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
- Mar 27 18:09:02.237891: | transitioning from state STATE_V2_PARENT_R0 to state STATE_V2_PARENT_R1
- Mar 27 18:09:02.237899: | Message ID: updating counters for #2
- Mar 27 18:09:02.237915: | Message ID: IKE #2 updating responder received message request 0 (initiator: responder: .recv=-1->0 .wip=0->-1 .last_recv=33396.325071->33396.353731)
- Mar 27 18:09:02.237929: | Message ID: IKE #2 updating responder sent message response 0 (initiator: responder: .sent=-1->0 .last_sent=33396.325071->33396.353747)
- Mar 27 18:09:02.237940: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
- Mar 27 18:09:02.237961: | Message ID: IKE #2 no pending message initiators to schedule (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.325071 .last_recv=33396.325071 responder: .sent=0 .recv=0 .recv_frags=0 .wip=-1 .last_sent=33396.353747 .last_recv=33396.353731)
- Mar 27 18:09:02.237971: | #2 deleting EVENT_CRYPTO_TIMEOUT
- Mar 27 18:09:02.237984: | tt: delref @0x560a73860288(1->0) (destroy_timeout() +575 programs/pluto/server.c)
- Mar 27 18:09:02.237994: | state-event: delref @0x560a7385a358(1->0) (delete_event() +534 programs/pluto/timer.c)
- Mar 27 18:09:02.238005: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #2
- Mar 27 18:09:02.238016: | tt: newref @0x560a73860688(0->1) (schedule_timeout() +557 programs/pluto/server.c)
- Mar 27 18:09:02.238035: | sending 240 bytes for Respond to IKE_SA_INIT through enp0s3 from 192.168.1.10:500 to 192.168.1.126:57597 using UDP (for #2)
- Mar 27 18:09:02.238044: | 8a 39 43 fb 73 2f 1e 90 d4 6c 1e 33 4e f8 a5 ba .9C.s/...l.3N...
- Mar 27 18:09:02.238052: | 21 20 22 20 00 00 00 00 00 00 00 f0 22 00 00 28 ! " ........"..(
- Mar 27 18:09:02.238069: | 00 00 00 24 02 01 00 03 03 00 00 0c 01 00 00 14 ...$............
- Mar 27 18:09:02.238078: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 ................
- Mar 27 18:09:02.238086: | 04 00 00 13 28 00 00 48 00 13 00 00 ba f6 7f e8 ....(..H........
- Mar 27 18:09:02.238095: | ef 30 b4 53 6b 10 8f 52 24 50 97 47 16 1a 0e 52 .0.Sk..R$P.G...R
- Mar 27 18:09:02.238103: | c1 64 c7 7a 93 10 01 be b4 c1 8a f4 a3 a2 86 8a .d.z............
- Mar 27 18:09:02.238112: | a3 5c 7e ad db 85 92 55 dc 9f ae 2e a0 50 ee 16 .\~....U.....P..
- Mar 27 18:09:02.238120: | 5a b0 6b 44 bb 17 25 03 68 83 3a 14 29 00 00 24 Z.kD..%.h.:.)..$
- Mar 27 18:09:02.238129: | 64 9f a3 db de 22 b2 ce b5 4f 56 da 33 d7 bf 6c d...."...OV.3..l
- Mar 27 18:09:02.238137: | 8b 2a f4 84 dd fd fa 56 2c 95 d5 10 35 ca 1f 4e .*.....V,...5..N
- Mar 27 18:09:02.238146: | 29 00 00 1c 00 00 40 04 bf 11 12 55 30 b0 71 a9 ).....@....U0.q.
- Mar 27 18:09:02.238154: | 62 6c f8 04 6b 4a f3 04 95 df a0 bd 29 00 00 1c bl..kJ......)...
- Mar 27 18:09:02.238163: | 00 00 40 05 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 ..@..ev.n+HV~>7.
- Mar 27 18:09:02.238171: | b4 c4 a4 89 9d 9f f6 b9 00 00 00 08 00 00 40 22 ..............@"
- Mar 27 18:09:02.238325: | sent 1 messages
- Mar 27 18:09:02.238363: "tunnel1"[2] 192.168.1.126 #2: processed IKE_SA_INIT request from 192.168.1.126:UDP/57597 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}
- Mar 27 18:09:02.238381: | packet from 192.168.1.126:57597: delref @0x560a7385c548(1->0) (resume_handler() +687 programs/pluto/server.c)
- Mar 27 18:09:02.238393: | packet from 192.168.1.126:57597: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
- Mar 27 18:09:02.238403: | logger: delref @0x560a73856708(1->0) (resume_handler() +687 programs/pluto/server.c)
- Mar 27 18:09:02.238446: | delref @0x560a7385b588(3->2) (resume_handler() +687 programs/pluto/server.c)
- Mar 27 18:09:02.238468: | #2 spent 2.07 (5.82) milliseconds in resume sending job back to main thread
- Mar 27 18:09:02.238480: | tt: delref @0x7f49e8004278(1->0) (destroy_timeout() +575 programs/pluto/server.c)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement