Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Jun 27 16:43:32.554963: NSS DB directory: sql:/etc/ipsec.d
- Jun 27 16:43:32.555056: Initializing NSS
- Jun 27 16:43:32.555062: Opening NSS database "sql:/etc/ipsec.d" read-only
- Jun 27 16:43:32.600727: NSS initialized
- Jun 27 16:43:32.600755: NSS crypto library initialized
- Jun 27 16:43:32.600758: FIPS HMAC integrity support [disabled]
- Jun 27 16:43:32.600836: libcap-ng support [enabled]
- Jun 27 16:43:32.600842: Linux audit support [disabled]
- Jun 27 16:43:32.600845: Starting Pluto (Libreswan Version v3.24-5-gb2b97fc-dirty-master XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2856
- Jun 27 16:43:32.600847: core dump dir: /run/pluto
- Jun 27 16:43:32.600849: secrets file: /etc/ipsec.secrets
- Jun 27 16:43:32.600851: leak-detective enabled
- Jun 27 16:43:32.600853: NSS crypto [enabled]
- Jun 27 16:43:32.600855: XAUTH PAM support [enabled]
- Jun 27 16:43:32.600921: | init_nat_traversal() initialized with keep_alive=0s
- Jun 27 16:43:32.600924: NAT-Traversal support [enabled]
- Jun 27 16:43:32.600943: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
- Jun 27 16:43:32.601040: | event_schedule: new EVENT_REINIT_SECRET-pe@0x559b0ecd1cb8
- Jun 27 16:43:32.601046: | inserting event EVENT_REINIT_SECRET, timeout in 3600.000 seconds
- Jun 27 16:43:32.601050: | event_schedule: new EVENT_PENDING_DDNS-pe@0x559b0ecd1e08
- Jun 27 16:43:32.601053: | inserting event EVENT_PENDING_DDNS, timeout in 60.000 seconds
- Jun 27 16:43:32.601055: | event_schedule: new EVENT_PENDING_PHASE2-pe@0x559b0ecd1f08
- Jun 27 16:43:32.601058: | inserting event EVENT_PENDING_PHASE2, timeout in 120.000 seconds
- Jun 27 16:43:32.601077: Encryption algorithms:
- Jun 27 16:43:32.601083: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
- Jun 27 16:43:32.601086: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
- Jun 27 16:43:32.601089: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
- Jun 27 16:43:32.601092: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
- Jun 27 16:43:32.601094: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
- Jun 27 16:43:32.601097: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
- Jun 27 16:43:32.601099: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
- Jun 27 16:43:32.601102: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
- Jun 27 16:43:32.601104: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
- Jun 27 16:43:32.601107: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
- Jun 27 16:43:32.601110: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
- Jun 27 16:43:32.601112: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
- Jun 27 16:43:32.601115: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
- Jun 27 16:43:32.601117: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
- Jun 27 16:43:32.601120: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
- Jun 27 16:43:32.601122: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
- Jun 27 16:43:32.601125: NULL IKEv1: ESP IKEv2: ESP []
- Jun 27 16:43:32.601134: Hash algorithms:
- Jun 27 16:43:32.601136: MD5 IKEv1: IKE IKEv2:
- Jun 27 16:43:32.601139: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
- Jun 27 16:43:32.601150: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
- Jun 27 16:43:32.601153: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
- Jun 27 16:43:32.601164: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
- Jun 27 16:43:32.601170: PRF algorithms:
- Jun 27 16:43:32.601173: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
- Jun 27 16:43:32.601175: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
- Jun 27 16:43:32.601177: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
- Jun 27 16:43:32.601179: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
- Jun 27 16:43:32.601182: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
- Jun 27 16:43:32.601184: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
- Jun 27 16:43:32.601191: Integrity algorithms:
- Jun 27 16:43:32.601194: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
- Jun 27 16:43:32.601196: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
- Jun 27 16:43:32.601199: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
- Jun 27 16:43:32.601201: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
- Jun 27 16:43:32.601203: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
- Jun 27 16:43:32.601206: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
- Jun 27 16:43:32.601208: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
- Jun 27 16:43:32.601210: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
- Jun 27 16:43:32.601219: DH algorithms:
- Jun 27 16:43:32.601221: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
- Jun 27 16:43:32.601223: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
- Jun 27 16:43:32.601226: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
- Jun 27 16:43:32.601228: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
- Jun 27 16:43:32.601230: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
- Jun 27 16:43:32.601232: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
- Jun 27 16:43:32.601234: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
- Jun 27 16:43:32.601237: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
- Jun 27 16:43:32.601239: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
- Jun 27 16:43:32.601241: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
- Jun 27 16:43:32.601244: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
- Jun 27 16:43:32.601246: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
- Jun 27 16:43:32.601248: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
- Jun 27 16:43:32.603224: starting up 2 crypto helpers
- Jun 27 16:43:32.603265: started thread for crypto helper 0
- Jun 27 16:43:32.603278: started thread for crypto helper 1
- Jun 27 16:43:32.603285: | ignoring microcode for XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0) -> MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_v1_RETRANSMIT
- Jun 27 16:43:32.603288: | MAIN_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603290: | MAIN_I1 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603292: | MAIN_R1 (timeout: EVENT_SO_DISCARD flags: 200)
- Jun 27 16:43:32.603295: | MAIN_I2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603297: | MAIN_R2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603299: | MAIN_I3 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603301: | MAIN_R3 (timeout: EVENT_SA_REPLACE flags: 200)
- Jun 27 16:43:32.603303: | MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603305: | AGGR_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603307: | AGGR_I1 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603313: | AGGR_R1 (timeout: EVENT_SO_DISCARD flags: 200)
- Jun 27 16:43:32.603316: | AGGR_I2 (timeout: EVENT_SA_REPLACE flags: 200)
- Jun 27 16:43:32.603318: | AGGR_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603320: | QUICK_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603322: | QUICK_I1 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603324: | QUICK_R1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603326: | QUICK_I2 (timeout: EVENT_SA_REPLACE flags: 200)
- Jun 27 16:43:32.603328: | QUICK_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603330: | INFO (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603332: | INFO_PROTECTED (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603335: | XAUTH_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603337: | XAUTH_R1 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603339: | MODE_CFG_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603341: | MODE_CFG_R1 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603343: | MODE_CFG_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603345: | MODE_CFG_I1 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603347: | XAUTH_I0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603349: | XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603357: | Processing IKEv2 state V2_REKEY_IKE_I0 (microcode Initiate CREATE_CHILD_SA IKE Rekey)
- Jun 27 16:43:32.603359: | Processing IKEv2 state V2_REKEY_CHILD_I0 (microcode Initiate CREATE_CHILD_SA IPsec Rekey SA)
- Jun 27 16:43:32.603362: | Processing IKEv2 state V2_CREATE_I0 (microcode Initiate CREATE_CHILD_SA IPsec SA)
- Jun 27 16:43:32.603364: | Processing IKEv2 state PARENT_I0 (microcode initiate IKE_SA_INIT)
- Jun 27 16:43:32.603366: | Processing IKEv2 state PARENT_I1 (microcode Initiator: process SA_INIT reply notification)
- Jun 27 16:43:32.603369: | Processing IKEv2 state PARENT_I2 (microcode Initiator: process INVALID_SYNTAX AUTH notification)
- Jun 27 16:43:32.603371: | Processing IKEv2 state PARENT_R0 (microcode Respond to IKE_SA_INIT)
- Jun 27 16:43:32.603373: | Processing IKEv2 state PARENT_R1 (microcode Responder: process AUTH request (no SKEYSEED))
- Jun 27 16:43:32.603375: | Processing IKEv2 state V2_REKEY_IKE_R (microcode Respond to CREATE_CHILD_SA IKE Rekey)
- Jun 27 16:43:32.603378: | Processing IKEv2 state V2_REKEY_IKE_I (microcode Process CREATE_CHILD_SA IKE Rekey Response)
- Jun 27 16:43:32.603380: | Processing IKEv2 state V2_CREATE_I (microcode Process CREATE_CHILD_SA IPsec SA Response)
- Jun 27 16:43:32.603382: | Processing IKEv2 state V2_CREATE_R (microcode Respond to CREATE_CHILD_SA IPsec SA Request)
- Jun 27 16:43:32.603385: | Processing IKEv2 state PARENT_I3 (microcode I3: INFORMATIONAL Request)
- Jun 27 16:43:32.603387: | Processing IKEv2 state PARENT_R2 (microcode R2: process INFORMATIONAL Request)
- Jun 27 16:43:32.603390: | Processing IKEv2 state IKESA_DEL (microcode IKE_SA_DEL: process INFORMATIONAL)
- Jun 27 16:43:32.603393: | ignoring microcode for PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_RETAIN
- Jun 27 16:43:32.603396: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Jun 27 16:43:32.603399: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Jun 27 16:43:32.603402: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Jun 27 16:43:32.603404: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Jun 27 16:43:32.603407: | ignoring microcode for PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) -> PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) with event EVENT_SA_REPLACE
- Jun 27 16:43:32.603410: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Jun 27 16:43:32.603416: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Jun 27 16:43:32.603419: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Jun 27 16:43:32.603422: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Jun 27 16:43:32.603424: | IKEv2_BASE (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603426: | PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603428: | PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603430: | PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603433: | PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0)
- Jun 27 16:43:32.603435: | PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603437: | V2_CREATE_I0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603439: | V2_CREATE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603441: | V2_REKEY_IKE_I0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603443: | V2_REKEY_IKE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603445: | V2_REKEY_CHILD_I0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603447: | V2_REKEY_CHILD_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Jun 27 16:43:32.603450: | V2_CREATE_R (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603452: | V2_REKEY_IKE_R (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603454: | V2_REKEY_CHILD_R (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603456: | V2_IPSEC_I (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603458: | V2_IPSEC_R (timeout: EVENT_SA_REPLACE flags: 0)
- Jun 27 16:43:32.603460: | IKESA_DEL (timeout: EVENT_RETAIN flags: 0)
- Jun 27 16:43:32.603462: | CHILDSA_DEL (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603464: | PARENT_R0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603466: | PARENT_I0 (timeout: EVENT_NULL flags: 0)
- Jun 27 16:43:32.603480: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-6-amd64
- Jun 27 16:43:32.603501: | process 2856 listening for PF_KEY_V2 on file descriptor 15
- Jun 27 16:43:32.603504: | kernel_alg_init()
- Jun 27 16:43:32.603508: | Hard-wiring new AEAD algorithms
- Jun 27 16:43:32.603512: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=18(ESP_AES_GCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603516: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=19(ESP_AES_GCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603518: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=20(ESP_AES_GCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603521: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=14(ESP_AES_CCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603524: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=15(ESP_AES_CCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603527: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=16(ESP_AES_CCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603530: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=23(ESP_NULL_AUTH_AES_GMAC), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.603532: | Hard-wiring new INTEG algorithms
- Jun 27 16:43:32.603535: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=250(AH_AES_CMAC_96), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Jun 27 16:43:32.603602: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
- Jun 27 16:43:32.603607: | 02 07 00 02 02 00 00 00 01 00 00 00 28 0b 00 00
- Jun 27 16:43:32.603683: | starting up helper thread 1
- Jun 27 16:43:32.603688: seccomp security for crypto helper not supported
- Jun 27 16:43:32.603692: | status value returned by setting the priority of this thread (crypto helper 1) 22
- Jun 27 16:43:32.603695: | crypto helper 1 waiting (nothing to do)
- Jun 27 16:43:32.603700: | starting up helper thread 0
- Jun 27 16:43:32.603702: seccomp security for crypto helper not supported
- Jun 27 16:43:32.603704: | status value returned by setting the priority of this thread (crypto helper 0) 22
- Jun 27 16:43:32.603706: | crypto helper 0 waiting (nothing to do)
- Jun 27 16:43:32.605403: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 1 for process 0
- Jun 27 16:43:32.605412: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 2 for process 0
- Jun 27 16:43:32.605416: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 3 for process 0
- Jun 27 16:43:32.605419: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 4 for process 0
- Jun 27 16:43:32.605423: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 5 for process 0
- Jun 27 16:43:32.605426: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 6 for process 0
- Jun 27 16:43:32.605429: | pfkey_get: K_SADB_REGISTER message 1
- Jun 27 16:43:32.605433: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72
- Jun 27 16:43:32.605436: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Jun 27 16:43:32.605439: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Jun 27 16:43:32.605442: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Jun 27 16:43:32.605445: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
- Jun 27 16:43:32.605448: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
- Jun 27 16:43:32.605450: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
- Jun 27 16:43:32.605453: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Jun 27 16:43:32.605456: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Jun 27 16:43:32.605458: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88
- Jun 27 16:43:32.605461: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Jun 27 16:43:32.605463: | kernel_alg_add(2,15,11) fails because alg combo is invalid
- Jun 27 16:43:32.605466: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
- Jun 27 16:43:32.605468: | kernel_alg_add(2,15,2) fails because alg combo is invalid
- Jun 27 16:43:32.605471: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
- Jun 27 16:43:32.605473: | kernel_alg_add(2,15,3) fails because alg combo is invalid
- Jun 27 16:43:32.605476: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
- Jun 27 16:43:32.605478: | kernel_alg_add(2,15,6) fails because alg combo is invalid
- Jun 27 16:43:32.605481: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
- Jun 27 16:43:32.605483: | kernel_alg_add(2,15,7) fails because alg combo is invalid
- Jun 27 16:43:32.605489: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.605492: | kernel_alg_add(2,15,12) fails because alg combo is invalid
- Jun 27 16:43:32.605495: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.605497: | kernel_alg_add(2,15,252) fails because alg combo is invalid
- Jun 27 16:43:32.605500: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.605502: | kernel_alg_add(2,15,22) fails because alg combo is invalid
- Jun 27 16:43:32.605504: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.605507: | kernel_alg_add(2,15,253) fails because alg combo is invalid
- Jun 27 16:43:32.605509: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
- Jun 27 16:43:32.605512: | kernel_alg_add(2,15,13) fails because alg combo is invalid
- Jun 27 16:43:32.605514: | AH registered with kernel.
- Jun 27 16:43:32.605517: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
- Jun 27 16:43:32.605519: | 02 07 00 03 02 00 00 00 02 00 00 00 28 0b 00 00
- Jun 27 16:43:32.607079: | pfkey_get: K_SADB_REGISTER message 2
- Jun 27 16:43:32.607087: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
- Jun 27 16:43:32.607091: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Jun 27 16:43:32.607094: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251
- Jun 27 16:43:32.607097: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Jun 27 16:43:32.607099: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2
- Jun 27 16:43:32.607102: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Jun 27 16:43:32.607104: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3
- Jun 27 16:43:32.607107: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
- Jun 27 16:43:32.607109: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5
- Jun 27 16:43:32.607112: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
- Jun 27 16:43:32.607114: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6
- Jun 27 16:43:32.607117: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
- Jun 27 16:43:32.607119: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7
- Jun 27 16:43:32.607122: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Jun 27 16:43:32.607124: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8
- Jun 27 16:43:32.607126: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Jun 27 16:43:32.607129: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9
- Jun 27 16:43:32.607131: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
- Jun 27 16:43:32.607134: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Jun 27 16:43:32.607140: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
- Jun 27 16:43:32.607143: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES(UNUSED)) - too weak
- Jun 27 16:43:32.607146: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
- Jun 27 16:43:32.607148: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
- Jun 27 16:43:32.607151: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
- Jun 27 16:43:32.607154: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH(UNUSED)) - too weak
- Jun 27 16:43:32.607156: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.607159: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.607162: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.607165: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Jun 27 16:43:32.607167: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
- Jun 27 16:43:32.607170: | ESP registered with kernel.
- Jun 27 16:43:32.607173: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
- Jun 27 16:43:32.607176: | 02 07 00 09 02 00 00 00 03 00 00 00 28 0b 00 00
- Jun 27 16:43:32.608733: | pfkey_get: K_SADB_REGISTER message 3
- Jun 27 16:43:32.608741: | IPCOMP registered with kernel.
- Jun 27 16:43:32.608748: | Registered AH, ESP and IPCOMP
- Jun 27 16:43:32.608752: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ecdec88
- Jun 27 16:43:32.608755: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
- Jun 27 16:43:32.608759: | setup kernel fd callback
- Jun 27 16:43:32.608929: | selinux support is NOT enabled.
- Jun 27 16:43:32.608937: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
- Jun 27 16:43:32.608939: watchdog: sending probes every 100 secs
- Jun 27 16:43:32.608952: | pluto_sd: executing action action: start(2), status 0
- Jun 27 16:43:32.608972: | event_schedule: new EVENT_SD_WATCHDOG-pe@0x559b0ecdef88
- Jun 27 16:43:32.608975: | inserting event EVENT_SD_WATCHDOG, timeout in 100.000 seconds
- Jun 27 16:43:32.609209: | unbound context created - setting debug level to 5
- Jun 27 16:43:32.609236: | /etc/hosts lookups activated
- Jun 27 16:43:32.609254: | /etc/resolv.conf usage activated
- Jun 27 16:43:32.609258: | Loading dnssec root key from:/var/lib/unbound/root.key
- Jun 27 16:43:32.609261: | No additional dnssec trust anchors defined via dnssec-trusted= option
- Jun 27 16:43:32.609263: | Setting up events, loop start
- Jun 27 16:43:32.609506: | created addconn helper (pid:2886) using fork+execve
- Jun 27 16:43:32.609517: | forked child 2886
- Jun 27 16:43:32.609529: | pid table: inserting object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 into list 0x559b0e2f18e0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
- Jun 27 16:43:32.609533: | pid table: inserted object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
- Jun 27 16:43:32.609536: | pid table: list entry 0x559b0e2f18e0 is HEAD (older 0x559b0ece1ee0 newer 0x559b0ece1ee0)
- Jun 27 16:43:32.609538: seccomp security not supported
- Jun 27 16:43:32.615975: | Added new connection v6neighbor-hole-in with policy AUTH_NEVER+PASS+NEVER_NEGOTIATE
- Jun 27 16:43:32.615999: | counting wild cards for ::1 is 0
- Jun 27 16:43:32.616004: | counting wild cards for %any is 0
- Jun 27 16:43:32.616010: added connection description "v6neighbor-hole-in"
- Jun 27 16:43:32.616021: | ::/0===::1<::1>:58/34560...%any:58/34816===::/0
- Jun 27 16:43:32.616025: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE
- Jun 27 16:43:32.616067: | Added new connection v6neighbor-hole-out with policy AUTH_NEVER+PASS+NEVER_NEGOTIATE
- Jun 27 16:43:32.616074: | counting wild cards for ::1 is 0
- Jun 27 16:43:32.616077: | counting wild cards for %any is 0
- Jun 27 16:43:32.616080: added connection description "v6neighbor-hole-out"
- Jun 27 16:43:32.616086: | ::/0===::1<::1>:58/34816...%any:58/34560===::/0
- Jun 27 16:43:32.616089: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE
- Jun 27 16:43:32.616127: | Added new connection xauth-aggr with policy PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Jun 27 16:43:32.616134: | counting wild cards for 192.168.1.137 is 0
- Jun 27 16:43:32.616137: | counting wild cards for (none) is 15
- Jun 27 16:43:32.616141: | add new addresspool to global pools 192.168.20.2-192.168.20.10 size 9 ptr 0x559b0ece3158
- Jun 27 16:43:32.616144: | based upon policy, the connection is a template.
- Jun 27 16:43:32.616147: | reference addresspool of conn xauth-aggr[0] kind CK_TEMPLATE refcnt 0
- Jun 27 16:43:32.616149: added connection description "xauth-aggr"
- Jun 27 16:43:32.616156: | 0.0.0.0/0===192.168.1.137<192.168.1.137>[MS+XS+S=C]...%any[+MC+XC+S=C]
- Jun 27 16:43:32.616160: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Jun 27 16:43:32.616205: | Added new connection xauth with policy PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Jun 27 16:43:32.616212: | counting wild cards for 192.168.1.137 is 0
- Jun 27 16:43:32.616215: | counting wild cards for (none) is 15
- Jun 27 16:43:32.616218: | re-use addresspool 192.168.20.2-192.168.20.10 exists ref count 1 used 0 size 9 ptr 0x559b0ece3158 re-use it
- Jun 27 16:43:32.616220: | based upon policy, the connection is a template.
- Jun 27 16:43:32.616223: | reference addresspool of conn xauth[0] kind CK_TEMPLATE refcnt 1
- Jun 27 16:43:32.616225: added connection description "xauth"
- Jun 27 16:43:32.616231: | 0.0.0.0/0===192.168.1.137<192.168.1.137>[MS+XS+S=C]...%any[+MC+XC+S=C]
- Jun 27 16:43:32.616235: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Jun 27 16:43:32.616271: | pluto_sd: executing action action: reloading(4), status 0
- Jun 27 16:43:32.616286: listening for IKE messages
- Jun 27 16:43:32.616304: | Inspecting interface lo
- Jun 27 16:43:32.616308: | found lo with address 127.0.0.1
- Jun 27 16:43:32.616310: | Inspecting interface eth0
- Jun 27 16:43:32.616313: | found eth0 with address 192.168.1.137
- Jun 27 16:43:32.616333: adding interface eth0/eth0 192.168.1.137:500
- Jun 27 16:43:32.616343: | NAT-Traversal: Trying sockopt style NAT-T
- Jun 27 16:43:32.616346: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Jun 27 16:43:32.616349: adding interface eth0/eth0 192.168.1.137:4500
- Jun 27 16:43:32.616358: adding interface lo/lo 127.0.0.1:500
- Jun 27 16:43:32.616367: | NAT-Traversal: Trying sockopt style NAT-T
- Jun 27 16:43:32.616370: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Jun 27 16:43:32.616372: adding interface lo/lo 127.0.0.1:4500
- Jun 27 16:43:32.616407: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
- Jun 27 16:43:32.616434: adding interface lo/lo ::1:500
- Jun 27 16:43:32.616441: | connect_to_host_pair: 192.168.1.137:500 0.0.0.0:500 -> hp:none
- Jun 27 16:43:32.616444: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
- Jun 27 16:43:32.616447: | connect_to_host_pair: 192.168.1.137:500 0.0.0.0:500 -> hp:xauth
- Jun 27 16:43:32.616449: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
- Jun 27 16:43:32.616452: | connect_to_host_pair: ::1:500 :::500 -> hp:none
- Jun 27 16:43:32.616455: | find_host_pair: comparing ::1:500 to :::500
- Jun 27 16:43:32.616457: | connect_to_host_pair: ::1:500 :::500 -> hp:v6neighbor-hole-out
- Jun 27 16:43:32.616466: | setup callback for interface lo:500 fd 20
- Jun 27 16:43:32.616470: | setup callback for interface lo:4500 fd 19
- Jun 27 16:43:32.616473: | setup callback for interface lo:500 fd 18
- Jun 27 16:43:32.616476: | setup callback for interface eth0:4500 fd 17
- Jun 27 16:43:32.616480: | setup callback for interface eth0:500 fd 16
- Jun 27 16:43:32.616485: | certs and keys locked by 'free_preshared_secrets'
- Jun 27 16:43:32.616487: | certs and keys unlocked by 'free_preshard_secrets'
- Jun 27 16:43:32.616503: loading secrets from "/etc/ipsec.secrets"
- Jun 27 16:43:32.616533: loading secrets from "/etc/ipsec.d/xauth.secrets"
- Jun 27 16:43:32.616540: | id type added to secret(0x559b0ece4998) PKK_PSK: 192.168.1.137
- Jun 27 16:43:32.616543: WARNING: using a weak secret (PSK)
- Jun 27 16:43:32.616547: | Processing PSK at line 1: passed
- Jun 27 16:43:32.616549: | certs and keys locked by 'process_secret'
- Jun 27 16:43:32.616552: | certs and keys unlocked by 'process_secret'
- Jun 27 16:43:32.616563: | pluto_sd: executing action action: ready(5), status 0
- Jun 27 16:43:32.616677: | processing: start connection "v6neighbor-hole-in" (in whack_route_connection() at rcv_whack.c:106)
- Jun 27 16:43:32.616685: | could_route called for v6neighbor-hole-in (kind=CK_PERMANENT)
- Jun 27 16:43:32.616688: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616690: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616692: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616694: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616697: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616699: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616701: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616703: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616707: | route owner of "v6neighbor-hole-in" unrouted: NULL; eroute owner: NULL
- Jun 27 16:43:32.616709: | route_and_eroute() for proto 58, and source port 34560 dest port 34816
- Jun 27 16:43:32.616712: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616714: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616716: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616718: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616720: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616723: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616725: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.616727: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
- Jun 27 16:43:32.616730: | route owner of "v6neighbor-hole-in" unrouted: NULL; eroute owner: NULL
- Jun 27 16:43:32.616734: | route_and_eroute with c: v6neighbor-hole-in (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
- Jun 27 16:43:32.616737: | shunt_eroute() called for connection 'v6neighbor-hole-in' to 'add' for rt_kind 'prospective erouted' using protoports 58--34560->-34816
- Jun 27 16:43:32.616740: | netlink_shunt_eroute for proto 58, and source port 34560 dest port 34816
- Jun 27 16:43:32.616743: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
- Jun 27 16:43:32.616746: | netlink_raw_eroute: SPI_PASS
- Jun 27 16:43:32.616752: | IPsec Sa SPD priority set to 1
- Jun 27 16:43:32.616774: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
- Jun 27 16:43:32.616777: | netlink_raw_eroute: SPI_PASS
- Jun 27 16:43:32.616779: | IPsec Sa SPD priority set to 1
- Jun 27 16:43:32.616788: | route_and_eroute: firewall_notified: true
- Jun 27 16:43:32.616791: | running updown command "ipsec _updown" for verb prepare
- Jun 27 16:43:32.616793: | command executing prepare-client-v6
- Jun 27 16:43:32.616808: | executing prepare-client-v6: PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:43:32.616811: | popen cmd is 902 chars long
- Jun 27 16:43:32.616814: | cmd( 0):PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
- Jun 27 16:43:32.616816: | cmd( 80):hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':
- Jun 27 16:43:32.616819: | cmd( 160):::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' P:
- Jun 27 16:43:32.616821: | cmd( 240):LUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER=':::
- Jun 27 16:43:32.616823: | cmd( 320):' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO:
- Jun 27 16:43:32.616825: | cmd( 400):_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PE:
- Jun 27 16:43:32.616827: | cmd( 480):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PA:
- Jun 27 16:43:32.616829: | cmd( 560):SS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' :
- Jun 27 16:43:32.616831: | cmd( 640):XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_:
- Jun 27 16:43:32.616833: | cmd( 720):INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_:
- Jun 27 16:43:32.616836: | cmd( 800):CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=:
- Jun 27 16:43:32.616838: | cmd( 880):0x0 ipsec _updown 2>&1:
- Jun 27 16:43:32.619188: | running updown command "ipsec _updown" for verb route
- Jun 27 16:43:32.619199: | command executing route-client-v6
- Jun 27 16:43:32.619216: | executing route-client-v6: PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:43:32.619219: | popen cmd is 900 chars long
- Jun 27 16:43:32.619222: | cmd( 0):PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-ho:
- Jun 27 16:43:32.619229: | cmd( 80):le-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':::
- Jun 27 16:43:32.619231: | cmd( 160):/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLU:
- Jun 27 16:43:32.619234: | cmd( 240):TO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' :
- Jun 27 16:43:32.619236: | cmd( 320):PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_P:
- Jun 27 16:43:32.619238: | cmd( 400):EER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER:
- Jun 27 16:43:32.619240: | cmd( 480):_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS:
- Jun 27 16:43:32.619242: | cmd( 560):+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XA:
- Jun 27 16:43:32.619244: | cmd( 640):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN:
- Jun 27 16:43:32.619246: | cmd( 720):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO:
- Jun 27 16:43:32.619249: | cmd( 800):NFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x:
- Jun 27 16:43:32.619251: | cmd( 880):0 ipsec _updown 2>&1:
- Jun 27 16:43:32.621366: | processing: stop connection "v6neighbor-hole-in" (in whack_route_connection() at rcv_whack.c:116)
- Jun 27 16:43:32.621395: | waitpid returned nothing left to do (all child processes are busy)
- Jun 27 16:43:32.621399: | waitpid returned nothing left to do (all child processes are busy)
- Jun 27 16:43:32.621436: | processing: start connection "v6neighbor-hole-out" (in whack_route_connection() at rcv_whack.c:106)
- Jun 27 16:43:32.621441: | could_route called for v6neighbor-hole-out (kind=CK_PERMANENT)
- Jun 27 16:43:32.621444: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621447: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621449: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621451: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621454: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621456: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621458: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621461: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621465: | route owner of "v6neighbor-hole-out" unrouted: NULL; eroute owner: NULL
- Jun 27 16:43:32.621468: | route_and_eroute() for proto 58, and source port 34816 dest port 34560
- Jun 27 16:43:32.621470: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621472: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621475: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621477: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621479: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621481: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621484: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:43:32.621486: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:43:32.621489: | route owner of "v6neighbor-hole-out" unrouted: NULL; eroute owner: NULL
- Jun 27 16:43:32.621492: | route_and_eroute with c: v6neighbor-hole-out (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
- Jun 27 16:43:32.621495: | shunt_eroute() called for connection 'v6neighbor-hole-out' to 'add' for rt_kind 'prospective erouted' using protoports 58--34816->-34560
- Jun 27 16:43:32.621497: | netlink_shunt_eroute for proto 58, and source port 34816 dest port 34560
- Jun 27 16:43:32.621501: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
- Jun 27 16:43:32.621504: | netlink_raw_eroute: SPI_PASS
- Jun 27 16:43:32.621506: | IPsec Sa SPD priority set to 1
- Jun 27 16:43:32.621521: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
- Jun 27 16:43:32.621528: | netlink_raw_eroute: SPI_PASS
- Jun 27 16:43:32.621530: | IPsec Sa SPD priority set to 1
- Jun 27 16:43:32.621550: | route_and_eroute: firewall_notified: true
- Jun 27 16:43:32.621553: | running updown command "ipsec _updown" for verb prepare
- Jun 27 16:43:32.621555: | command executing prepare-client-v6
- Jun 27 16:43:32.621570: | executing prepare-client-v6: PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:43:32.621573: | popen cmd is 903 chars long
- Jun 27 16:43:32.621576: | cmd( 0):PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
- Jun 27 16:43:32.621578: | cmd( 80):hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=:
- Jun 27 16:43:32.621581: | cmd( 160):'::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' :
- Jun 27 16:43:32.621583: | cmd( 240):PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::
- Jun 27 16:43:32.621585: | cmd( 320)::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUT:
- Jun 27 16:43:32.621587: | cmd( 400):O_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_P:
- Jun 27 16:43:32.621590: | cmd( 480):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+P:
- Jun 27 16:43:32.621592: | cmd( 560):ASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6':
- Jun 27 16:43:32.621594: | cmd( 640): XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN:
- Jun 27 16:43:32.621596: | cmd( 720):_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM:
- Jun 27 16:43:32.621599: | cmd( 800):_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT:
- Jun 27 16:43:32.621601: | cmd( 880):=0x0 ipsec _updown 2>&1:
- Jun 27 16:43:32.623909: | running updown command "ipsec _updown" for verb route
- Jun 27 16:43:32.623926: | command executing route-client-v6
- Jun 27 16:43:32.623948: | executing route-client-v6: PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:43:32.623952: | popen cmd is 901 chars long
- Jun 27 16:43:32.623954: | cmd( 0):PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-ho:
- Jun 27 16:43:32.623957: | cmd( 80):le-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::
- Jun 27 16:43:32.623965: | cmd( 160)::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PL:
- Jun 27 16:43:32.623968: | cmd( 240):UTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::':
- Jun 27 16:43:32.623970: | cmd( 320): PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_:
- Jun 27 16:43:32.623972: | cmd( 400):PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEE:
- Jun 27 16:43:32.623975: | cmd( 480):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PAS:
- Jun 27 16:43:32.623977: | cmd( 560):S+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' X:
- Jun 27 16:43:32.623979: | cmd( 640):AUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_I:
- Jun 27 16:43:32.623981: | cmd( 720):NFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_C:
- Jun 27 16:43:32.623983: | cmd( 800):ONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0:
- Jun 27 16:43:32.623986: | cmd( 880):x0 ipsec _updown 2>&1:
- Jun 27 16:43:32.626441: | processing: stop connection "v6neighbor-hole-out" (in whack_route_connection() at rcv_whack.c:116)
- Jun 27 16:43:32.626494: | waitpid returned nothing left to do (all child processes are busy)
- Jun 27 16:43:32.626498: | waitpid returned nothing left to do (all child processes are busy)
- Jun 27 16:43:32.626924: | waitpid returned pid 2886 (exited with status 0)
- Jun 27 16:43:32.626935: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:32.626939: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:32.626941: | reaped addconn helper child (status 0)
- Jun 27 16:43:32.626946: | pid table: removing object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
- Jun 27 16:43:32.626948: | pid table: empty
- Jun 27 16:43:32.626956: | waitpid returned ECHILD (no child processes left)
- Jun 27 16:43:46.407761: | *received 1168 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:43:46.407800: | 10 78 8d 8e 71 84 24 7b 00 00 00 00 00 00 00 00
- Jun 27 16:43:46.407804: | 01 10 04 00 00 00 00 00 00 00 04 90 04 00 02 cc
- Jun 27 16:43:46.407807: | 00 00 00 01 00 00 00 01 00 00 02 c0 01 01 00 12
- Jun 27 16:43:46.407810: | 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
- Jun 27 16:43:46.407813: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407816: | 00 0c 00 04 00 01 51 80 03 00 00 28 02 01 00 00
- Jun 27 16:43:46.407819: | 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407822: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407825: | 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 00 c0
- Jun 27 16:43:46.407828: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407831: | 00 0c 00 04 00 01 51 80 03 00 00 28 04 01 00 00
- Jun 27 16:43:46.407835: | 80 01 00 07 80 0e 00 c0 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407838: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407841: | 03 00 00 28 05 01 00 00 80 01 00 07 80 0e 00 80
- Jun 27 16:43:46.407844: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407847: | 00 0c 00 04 00 01 51 80 03 00 00 28 06 01 00 00
- Jun 27 16:43:46.407850: | 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407853: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407856: | 03 00 00 28 07 01 00 00 80 01 00 03 80 0e 01 00
- Jun 27 16:43:46.407859: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407862: | 00 0c 00 04 00 01 51 80 03 00 00 28 08 01 00 00
- Jun 27 16:43:46.407865: | 80 01 00 03 80 0e 01 00 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407868: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407871: | 03 00 00 28 09 01 00 00 80 01 00 03 80 0e 00 c0
- Jun 27 16:43:46.407874: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407885: | 00 0c 00 04 00 01 51 80 03 00 00 28 0a 01 00 00
- Jun 27 16:43:46.407888: | 80 01 00 03 80 0e 00 c0 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407891: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407894: | 03 00 00 28 0b 01 00 00 80 01 00 03 80 0e 00 80
- Jun 27 16:43:46.407897: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407900: | 00 0c 00 04 00 01 51 80 03 00 00 28 0c 01 00 00
- Jun 27 16:43:46.407903: | 80 01 00 03 80 0e 00 80 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407906: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407909: | 03 00 00 24 0d 01 00 00 80 01 00 05 80 02 00 01
- Jun 27 16:43:46.407912: | 80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04
- Jun 27 16:43:46.407915: | 00 01 51 80 03 00 00 24 0e 01 00 00 80 01 00 05
- Jun 27 16:43:46.407918: | 80 02 00 02 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407921: | 00 0c 00 04 00 01 51 80 03 00 00 24 0f 01 00 00
- Jun 27 16:43:46.407924: | 80 01 00 06 80 02 00 01 80 04 00 02 80 03 fd e9
- Jun 27 16:43:46.407927: | 80 0b 00 01 00 0c 00 04 00 01 51 80 03 00 00 24
- Jun 27 16:43:46.407930: | 10 01 00 00 80 01 00 06 80 02 00 02 80 04 00 02
- Jun 27 16:43:46.407933: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.407936: | 03 00 00 24 11 01 00 00 80 01 00 01 80 02 00 01
- Jun 27 16:43:46.407939: | 80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04
- Jun 27 16:43:46.407942: | 00 01 51 80 00 00 00 24 12 01 00 00 80 01 00 01
- Jun 27 16:43:46.407945: | 80 02 00 02 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.407947: | 00 0c 00 04 00 01 51 80 0a 00 00 84 8a 4b 9f 17
- Jun 27 16:43:46.407950: | f3 4f cf 1a c3 00 f5 d6 35 38 62 22 2e 76 cf 32
- Jun 27 16:43:46.407953: | a6 0b 75 0f 64 7f fe c0 16 02 fc a8 c5 a9 a4 d6
- Jun 27 16:43:46.407956: | ca 19 36 e6 37 30 95 fc f2 63 ca cb 4c 6b ed 2c
- Jun 27 16:43:46.407959: | 8c 51 04 21 cc bb cd c9 17 5a d8 48 7b 77 e6 c2
- Jun 27 16:43:46.407962: | 62 fa 32 cb 6a 53 c5 7d 78 44 4a 6d 28 f7 a2 5e
- Jun 27 16:43:46.407965: | 61 07 7d f9 f8 c3 ef 54 47 26 17 6c 0b 23 9e 9d
- Jun 27 16:43:46.407968: | 06 20 d3 4d cb b1 00 49 2f 1b 82 e3 fd 96 78 44
- Jun 27 16:43:46.407971: | ca ed 9e c1 04 23 97 78 c4 da 74 7f 05 00 00 18
- Jun 27 16:43:46.407993: | 24 e7 e8 87 de 28 85 95 e1 15 f8 1a 1f 75 16 2f
- Jun 27 16:43:46.407995: | ed 2e ac 61 0d 00 00 08 02 00 00 00 0d 00 00 0c
- Jun 27 16:43:46.408008: | 09 00 26 89 df d6 b7 12 0d 00 00 14 44 85 15 2d
- Jun 27 16:43:46.408010: | 18 b6 bb cd 0b e8 a8 46 95 79 dd cc 0d 00 00 14
- Jun 27 16:43:46.408013: | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62
- Jun 27 16:43:46.408015: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5
- Jun 27 16:43:46.408017: | ec 42 7b 1f 0d 00 00 14 7d 94 19 a6 53 10 ca 6f
- Jun 27 16:43:46.408019: | 2c 17 9d 92 15 52 9d 56 0d 00 00 14 4a 13 1c 81
- Jun 27 16:43:46.408022: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 18
- Jun 27 16:43:46.408024: | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
- Jun 27 16:43:46.408026: | 80 00 00 00 0d 00 00 14 af ca d7 13 68 a1 f1 c9
- Jun 27 16:43:46.408028: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 3b 90 31 dc
- Jun 27 16:43:46.408031: | e4 fc f8 8b 48 9a 92 39 63 dd 0c 49 0d 00 00 14
- Jun 27 16:43:46.408042: | f1 4b 94 b7 bf f1 fe f0 27 73 b8 c4 9f ed ed 26
- Jun 27 16:43:46.408044: | 0d 00 00 18 16 6f 93 2d 55 eb 64 d8 e4 df 4f d3
- Jun 27 16:43:46.408046: | 7e 23 13 f0 d0 fd 84 51 0d 00 00 14 84 04 ad f9
- Jun 27 16:43:46.408049: | cd a0 57 60 b2 ca 29 2e 4b ff 53 7b 00 00 00 14
- Jun 27 16:43:46.408051: | 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
- Jun 27 16:43:46.408057: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:43:46.408063: | **parse ISAKMP Message:
- Jun 27 16:43:46.408066: | initiator cookie:
- Jun 27 16:43:46.408068: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.408071: | responder cookie:
- Jun 27 16:43:46.408077: | 00 00 00 00 00 00 00 00
- Jun 27 16:43:46.408080: | next payload type: ISAKMP_NEXT_SA (0x1)
- Jun 27 16:43:46.408083: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:43:46.408086: | exchange type: ISAKMP_XCHG_AGGR (0x4)
- Jun 27 16:43:46.408090: | flags: none (0x0)
- Jun 27 16:43:46.408092: | message ID: 00 00 00 00
- Jun 27 16:43:46.408095: | length: 1168 (0x490)
- Jun 27 16:43:46.408098: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_AGGR (4)
- Jun 27 16:43:46.408104: | icookie table: hash icookie 10 78 8d 8e 71 84 24 7b to 1034384676883124323 slot 0x559b0e2ebf40
- Jun 27 16:43:46.408107: | v1 state object not found
- Jun 27 16:43:46.408110: | #null state always idle
- Jun 27 16:43:46.408113: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x432opt: 0x102000
- Jun 27 16:43:46.408116: | ***parse ISAKMP Security Association Payload:
- Jun 27 16:43:46.408118: | next payload type: ISAKMP_NEXT_KE (0x4)
- Jun 27 16:43:46.408121: | length: 716 (0x2cc)
- Jun 27 16:43:46.408123: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Jun 27 16:43:46.408126: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x430opt: 0x102000
- Jun 27 16:43:46.408128: | ***parse ISAKMP Key Exchange Payload:
- Jun 27 16:43:46.408131: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Jun 27 16:43:46.408133: | length: 132 (0x84)
- Jun 27 16:43:46.408136: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x420opt: 0x102000
- Jun 27 16:43:46.408138: | ***parse ISAKMP Nonce Payload:
- Jun 27 16:43:46.408140: | next payload type: ISAKMP_NEXT_ID (0x5)
- Jun 27 16:43:46.408143: | length: 24 (0x18)
- Jun 27 16:43:46.408145: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x20opt: 0x102000
- Jun 27 16:43:46.408148: | ***parse ISAKMP Identification Payload:
- Jun 27 16:43:46.408150: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408153: | length: 8 (0x8)
- Jun 27 16:43:46.408155: | ID type: ID_FQDN (0x2)
- Jun 27 16:43:46.408158: | DOI specific A: 0 (0x0)
- Jun 27 16:43:46.408160: | DOI specific B: 0 (0x0)
- Jun 27 16:43:46.408162: | obj:
- Jun 27 16:43:46.408165: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408167: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408169: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408172: | length: 12 (0xc)
- Jun 27 16:43:46.408174: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408176: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408178: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408181: | length: 20 (0x14)
- Jun 27 16:43:46.408183: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408185: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408187: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408190: | length: 20 (0x14)
- Jun 27 16:43:46.408192: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408194: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408196: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408198: | length: 20 (0x14)
- Jun 27 16:43:46.408201: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408203: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408205: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408207: | length: 20 (0x14)
- Jun 27 16:43:46.408210: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408212: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408214: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408216: | length: 20 (0x14)
- Jun 27 16:43:46.408219: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408221: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408223: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408225: | length: 24 (0x18)
- Jun 27 16:43:46.408228: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408230: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408234: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408236: | length: 20 (0x14)
- Jun 27 16:43:46.408239: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408241: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408243: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408245: | length: 20 (0x14)
- Jun 27 16:43:46.408248: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408250: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408252: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408254: | length: 20 (0x14)
- Jun 27 16:43:46.408257: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408259: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408261: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408263: | length: 24 (0x18)
- Jun 27 16:43:46.408266: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408268: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408270: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.408272: | length: 20 (0x14)
- Jun 27 16:43:46.408275: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.408277: | ***parse ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.408279: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.408281: | length: 20 (0x14)
- Jun 27 16:43:46.408287: | received Vendor ID payload [XAUTH]
- Jun 27 16:43:46.408290: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
- Jun 27 16:43:46.408293: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-01]
- Jun 27 16:43:46.408296: | quirks.qnat_traversal_vid set to=81
- Jun 27 16:43:46.408298: | received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
- Jun 27 16:43:46.408301: | quirks.qnat_traversal_vid set to=83
- Jun 27 16:43:46.408303: | received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
- Jun 27 16:43:46.408306: | quirks.qnat_traversal_vid set to=90
- Jun 27 16:43:46.408308: | received Vendor ID payload [RFC 3947]
- Jun 27 16:43:46.408312: | received Vendor ID payload [FRAGMENTATION 80000000]
- Jun 27 16:43:46.408315: | received Vendor ID payload [Dead Peer Detection]
- Jun 27 16:43:46.408318: | received Vendor ID payload [DPDv1_NG]
- Jun 27 16:43:46.408321: | ignoring Vendor ID payload [Shrew Soft client]
- Jun 27 16:43:46.408324: | ignoring Vendor ID payload [Netscreen-15]
- Jun 27 16:43:46.408327: | ignoring Vendor ID payload [Sidewinder]
- Jun 27 16:43:46.408330: | received Vendor ID payload [Cisco-Unity]
- Jun 27 16:43:46.408333: | ****parse IPsec DOI SIT:
- Jun 27 16:43:46.408336: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Jun 27 16:43:46.408339: | ****parse ISAKMP Proposal Payload:
- Jun 27 16:43:46.408341: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.408343: | length: 704 (0x2c0)
- Jun 27 16:43:46.408345: | proposal number: 1 (0x1)
- Jun 27 16:43:46.408348: | protocol ID: PROTO_ISAKMP (0x1)
- Jun 27 16:43:46.408350: | SPI size: 0 (0x0)
- Jun 27 16:43:46.408352: | number of transforms: 18 (0x12)
- Jun 27 16:43:46.408355: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408357: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408359: | length: 40 (0x28)
- Jun 27 16:43:46.408362: | ISAKMP transform number: 1 (0x1)
- Jun 27 16:43:46.408364: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408367: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408369: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408371: | length/value: 7 (0x7)
- Jun 27 16:43:46.408374: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408376: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408378: | length/value: 256 (0x100)
- Jun 27 16:43:46.408380: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408383: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408385: | length/value: 1 (0x1)
- Jun 27 16:43:46.408387: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408389: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408394: | length/value: 2 (0x2)
- Jun 27 16:43:46.408396: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408398: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408401: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408403: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408405: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408407: | length/value: 1 (0x1)
- Jun 27 16:43:46.408410: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408412: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408414: | length/value: 4 (0x4)
- Jun 27 16:43:46.408417: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408419: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408421: | length: 40 (0x28)
- Jun 27 16:43:46.408423: | ISAKMP transform number: 2 (0x2)
- Jun 27 16:43:46.408426: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408428: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408430: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408432: | length/value: 7 (0x7)
- Jun 27 16:43:46.408435: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408437: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408439: | length/value: 256 (0x100)
- Jun 27 16:43:46.408441: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408444: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408446: | length/value: 2 (0x2)
- Jun 27 16:43:46.408448: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408450: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408452: | length/value: 2 (0x2)
- Jun 27 16:43:46.408455: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408457: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408459: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408461: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408464: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408466: | length/value: 1 (0x1)
- Jun 27 16:43:46.408468: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408470: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408472: | length/value: 4 (0x4)
- Jun 27 16:43:46.408475: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408477: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408479: | length: 40 (0x28)
- Jun 27 16:43:46.408481: | ISAKMP transform number: 3 (0x3)
- Jun 27 16:43:46.408484: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408486: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408488: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408490: | length/value: 7 (0x7)
- Jun 27 16:43:46.408493: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408495: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408497: | length/value: 192 (0xc0)
- Jun 27 16:43:46.408499: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408502: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408504: | length/value: 1 (0x1)
- Jun 27 16:43:46.408506: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408508: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408511: | length/value: 2 (0x2)
- Jun 27 16:43:46.408513: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408515: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408517: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408519: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408522: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408524: | length/value: 1 (0x1)
- Jun 27 16:43:46.408526: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408528: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408531: | length/value: 4 (0x4)
- Jun 27 16:43:46.408533: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408535: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408537: | length: 40 (0x28)
- Jun 27 16:43:46.408542: | ISAKMP transform number: 4 (0x4)
- Jun 27 16:43:46.408544: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408546: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408548: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408551: | length/value: 7 (0x7)
- Jun 27 16:43:46.408553: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408555: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408557: | length/value: 192 (0xc0)
- Jun 27 16:43:46.408560: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408562: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408564: | length/value: 2 (0x2)
- Jun 27 16:43:46.408566: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408568: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408571: | length/value: 2 (0x2)
- Jun 27 16:43:46.408573: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408575: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408577: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408580: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408582: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408584: | length/value: 1 (0x1)
- Jun 27 16:43:46.408586: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408588: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408591: | length/value: 4 (0x4)
- Jun 27 16:43:46.408593: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408595: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408597: | length: 40 (0x28)
- Jun 27 16:43:46.408600: | ISAKMP transform number: 5 (0x5)
- Jun 27 16:43:46.408602: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408604: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408606: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408608: | length/value: 7 (0x7)
- Jun 27 16:43:46.408611: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408613: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408615: | length/value: 128 (0x80)
- Jun 27 16:43:46.408617: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408620: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408622: | length/value: 1 (0x1)
- Jun 27 16:43:46.408624: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408626: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408629: | length/value: 2 (0x2)
- Jun 27 16:43:46.408631: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408633: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408635: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408637: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408640: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408642: | length/value: 1 (0x1)
- Jun 27 16:43:46.408644: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408646: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408649: | length/value: 4 (0x4)
- Jun 27 16:43:46.408651: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408653: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408655: | length: 40 (0x28)
- Jun 27 16:43:46.408658: | ISAKMP transform number: 6 (0x6)
- Jun 27 16:43:46.408660: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408662: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408664: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408667: | length/value: 7 (0x7)
- Jun 27 16:43:46.408669: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408671: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408673: | length/value: 128 (0x80)
- Jun 27 16:43:46.408675: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408678: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408680: | length/value: 2 (0x2)
- Jun 27 16:43:46.408682: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408684: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408686: | length/value: 2 (0x2)
- Jun 27 16:43:46.408691: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408693: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408695: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408698: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408700: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408702: | length/value: 1 (0x1)
- Jun 27 16:43:46.408704: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408707: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408709: | length/value: 4 (0x4)
- Jun 27 16:43:46.408711: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408713: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408715: | length: 40 (0x28)
- Jun 27 16:43:46.408718: | ISAKMP transform number: 7 (0x7)
- Jun 27 16:43:46.408720: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408722: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408724: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408727: | length/value: 3 (0x3)
- Jun 27 16:43:46.408729: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408731: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408733: | length/value: 256 (0x100)
- Jun 27 16:43:46.408735: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408738: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408740: | length/value: 1 (0x1)
- Jun 27 16:43:46.408742: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408744: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408746: | length/value: 2 (0x2)
- Jun 27 16:43:46.408749: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408751: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408753: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408755: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408758: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408760: | length/value: 1 (0x1)
- Jun 27 16:43:46.408762: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408764: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408766: | length/value: 4 (0x4)
- Jun 27 16:43:46.408769: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408771: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408773: | length: 40 (0x28)
- Jun 27 16:43:46.408775: | ISAKMP transform number: 8 (0x8)
- Jun 27 16:43:46.408778: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408780: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408782: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408784: | length/value: 3 (0x3)
- Jun 27 16:43:46.408787: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408789: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408791: | length/value: 256 (0x100)
- Jun 27 16:43:46.408793: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408795: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408798: | length/value: 2 (0x2)
- Jun 27 16:43:46.408800: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408802: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408804: | length/value: 2 (0x2)
- Jun 27 16:43:46.408807: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408809: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408811: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408813: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408815: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408818: | length/value: 1 (0x1)
- Jun 27 16:43:46.408820: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408822: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408824: | length/value: 4 (0x4)
- Jun 27 16:43:46.408827: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408829: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408831: | length: 40 (0x28)
- Jun 27 16:43:46.408833: | ISAKMP transform number: 9 (0x9)
- Jun 27 16:43:46.408837: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408840: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408842: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408844: | length/value: 3 (0x3)
- Jun 27 16:43:46.408847: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408849: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408851: | length/value: 192 (0xc0)
- Jun 27 16:43:46.408853: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408855: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408858: | length/value: 1 (0x1)
- Jun 27 16:43:46.408860: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408862: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408864: | length/value: 2 (0x2)
- Jun 27 16:43:46.408867: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408869: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408871: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408873: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408875: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408878: | length/value: 1 (0x1)
- Jun 27 16:43:46.408880: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408882: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408884: | length/value: 4 (0x4)
- Jun 27 16:43:46.408887: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408889: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408891: | length: 40 (0x28)
- Jun 27 16:43:46.408893: | ISAKMP transform number: 10 (0xa)
- Jun 27 16:43:46.408896: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408898: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408900: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408902: | length/value: 3 (0x3)
- Jun 27 16:43:46.408905: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408907: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408909: | length/value: 192 (0xc0)
- Jun 27 16:43:46.408911: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408913: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408916: | length/value: 2 (0x2)
- Jun 27 16:43:46.408918: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408920: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408922: | length/value: 2 (0x2)
- Jun 27 16:43:46.408925: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408927: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408929: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408931: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408933: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408936: | length/value: 1 (0x1)
- Jun 27 16:43:46.408938: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408940: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.408942: | length/value: 4 (0x4)
- Jun 27 16:43:46.408945: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.408947: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.408949: | length: 40 (0x28)
- Jun 27 16:43:46.408951: | ISAKMP transform number: 11 (0xb)
- Jun 27 16:43:46.408954: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.408956: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408958: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.408960: | length/value: 3 (0x3)
- Jun 27 16:43:46.408963: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408965: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.408967: | length/value: 128 (0x80)
- Jun 27 16:43:46.408969: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408972: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.408974: | length/value: 1 (0x1)
- Jun 27 16:43:46.408976: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408978: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.408980: | length/value: 2 (0x2)
- Jun 27 16:43:46.408983: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408987: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.408989: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.408991: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.408994: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.408996: | length/value: 1 (0x1)
- Jun 27 16:43:46.408998: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409000: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409002: | length/value: 4 (0x4)
- Jun 27 16:43:46.409005: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409007: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409009: | length: 40 (0x28)
- Jun 27 16:43:46.409011: | ISAKMP transform number: 12 (0xc)
- Jun 27 16:43:46.409014: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409016: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409018: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409020: | length/value: 3 (0x3)
- Jun 27 16:43:46.409023: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409025: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.409027: | length/value: 128 (0x80)
- Jun 27 16:43:46.409029: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409031: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409034: | length/value: 2 (0x2)
- Jun 27 16:43:46.409036: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409038: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409040: | length/value: 2 (0x2)
- Jun 27 16:43:46.409043: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409045: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409047: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409049: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409051: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409054: | length/value: 1 (0x1)
- Jun 27 16:43:46.409056: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409058: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409060: | length/value: 4 (0x4)
- Jun 27 16:43:46.409063: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409065: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409067: | length: 36 (0x24)
- Jun 27 16:43:46.409069: | ISAKMP transform number: 13 (0xd)
- Jun 27 16:43:46.409072: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409074: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409076: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409078: | length/value: 5 (0x5)
- Jun 27 16:43:46.409081: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409083: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409085: | length/value: 1 (0x1)
- Jun 27 16:43:46.409087: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409089: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409092: | length/value: 2 (0x2)
- Jun 27 16:43:46.409094: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409096: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409098: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409101: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409103: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409105: | length/value: 1 (0x1)
- Jun 27 16:43:46.409107: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409110: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409112: | length/value: 4 (0x4)
- Jun 27 16:43:46.409114: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409116: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409118: | length: 36 (0x24)
- Jun 27 16:43:46.409121: | ISAKMP transform number: 14 (0xe)
- Jun 27 16:43:46.409123: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409125: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409127: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409130: | length/value: 5 (0x5)
- Jun 27 16:43:46.409134: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409136: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409138: | length/value: 2 (0x2)
- Jun 27 16:43:46.409141: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409143: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409145: | length/value: 2 (0x2)
- Jun 27 16:43:46.409147: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409150: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409152: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409154: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409156: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409158: | length/value: 1 (0x1)
- Jun 27 16:43:46.409161: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409163: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409165: | length/value: 4 (0x4)
- Jun 27 16:43:46.409167: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409170: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409172: | length: 36 (0x24)
- Jun 27 16:43:46.409174: | ISAKMP transform number: 15 (0xf)
- Jun 27 16:43:46.409176: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409179: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409181: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409183: | length/value: 6 (0x6)
- Jun 27 16:43:46.409185: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409188: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409190: | length/value: 1 (0x1)
- Jun 27 16:43:46.409192: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409194: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409196: | length/value: 2 (0x2)
- Jun 27 16:43:46.409199: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409201: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409203: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409205: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409208: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409210: | length/value: 1 (0x1)
- Jun 27 16:43:46.409212: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409214: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409216: | length/value: 4 (0x4)
- Jun 27 16:43:46.409219: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409221: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409223: | length: 36 (0x24)
- Jun 27 16:43:46.409225: | ISAKMP transform number: 16 (0x10)
- Jun 27 16:43:46.409228: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409230: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409232: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409234: | length/value: 6 (0x6)
- Jun 27 16:43:46.409237: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409239: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409241: | length/value: 2 (0x2)
- Jun 27 16:43:46.409243: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409245: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409248: | length/value: 2 (0x2)
- Jun 27 16:43:46.409250: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409252: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409254: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409257: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409259: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409261: | length/value: 1 (0x1)
- Jun 27 16:43:46.409263: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409266: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409268: | length/value: 4 (0x4)
- Jun 27 16:43:46.409270: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409272: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409275: | length: 36 (0x24)
- Jun 27 16:43:46.409277: | ISAKMP transform number: 17 (0x11)
- Jun 27 16:43:46.409281: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409283: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409286: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409288: | length/value: 1 (0x1)
- Jun 27 16:43:46.409290: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409292: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409294: | length/value: 1 (0x1)
- Jun 27 16:43:46.409297: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409299: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409301: | length/value: 2 (0x2)
- Jun 27 16:43:46.409303: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409306: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409308: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409310: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409312: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409314: | length/value: 1 (0x1)
- Jun 27 16:43:46.409317: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409319: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409321: | length/value: 4 (0x4)
- Jun 27 16:43:46.409324: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409326: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.409328: | length: 36 (0x24)
- Jun 27 16:43:46.409330: | ISAKMP transform number: 18 (0x12)
- Jun 27 16:43:46.409332: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409335: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409337: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409339: | length/value: 1 (0x1)
- Jun 27 16:43:46.409341: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409344: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409346: | length/value: 2 (0x2)
- Jun 27 16:43:46.409348: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409350: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409352: | length/value: 2 (0x2)
- Jun 27 16:43:46.409355: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409357: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409359: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409361: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409364: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409366: | length/value: 1 (0x1)
- Jun 27 16:43:46.409368: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409370: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409373: | length/value: 4 (0x4)
- Jun 27 16:43:46.409377: | find_host_connection me=192.168.1.137:500 him=192.168.1.138:500 policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
- Jun 27 16:43:46.409381: | find_host_pair: comparing ::1:500 to :::500
- Jun 27 16:43:46.409384: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
- Jun 27 16:43:46.409387: | find_next_host_connection policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
- Jun 27 16:43:46.409390: | find_next_host_connection returns empty
- Jun 27 16:43:46.409393: | find_host_connection me=192.168.1.137:500 him=%any:500 policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
- Jun 27 16:43:46.409395: | find_host_pair: comparing ::1:500 to :::500
- Jun 27 16:43:46.409398: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
- Jun 27 16:43:46.409400: | find_next_host_connection policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
- Jun 27 16:43:46.409404: | found policy = PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (xauth-aggr)
- Jun 27 16:43:46.409407: | find_next_host_connection returns xauth-aggr
- Jun 27 16:43:46.409412: | reference addresspool of conn xauth-aggr[1] kind CK_TEMPLATE refcnt 2
- Jun 27 16:43:46.409418: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
- Jun 27 16:43:46.409421: | find_host_pair: comparing ::1:500 to :::500
- Jun 27 16:43:46.409424: | connect_to_host_pair: 192.168.1.137:500 192.168.1.138:500 -> hp:none
- Jun 27 16:43:46.409428: | rw_instantiate() instantiated "xauth-aggr"[1] 192.168.1.138 for 192.168.1.138
- Jun 27 16:43:46.409433: packet from 192.168.1.138:500: IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and is cracked on large scale by TLA's
- Jun 27 16:43:46.409437: | creating state object #1 at 0x559b0ece6568
- Jun 27 16:43:46.409440: | parent state #1: new => STATE_UNDEFINED(ignore)
- Jun 27 16:43:46.409447: | processing: start state #1 192.168.1.138:500 (in aggr_inI1_outR1() at ikev1_aggr.c:215)
- Jun 27 16:43:46.409450: | parent state #1: STATE_UNDEFINED(ignore) => STATE_AGGR_R1(open-ike)
- Jun 27 16:43:46.409452: | ignore states: 0
- Jun 27 16:43:46.409455: | half-open-ike states: 0
- Jun 27 16:43:46.409457: | open-ike states: 1
- Jun 27 16:43:46.409459: | established-anonymous-ike states: 0
- Jun 27 16:43:46.409461: | established-authenticated-ike states: 0
- Jun 27 16:43:46.409463: | anonymous-ipsec states: 0
- Jun 27 16:43:46.409465: | authenticated-ipsec states: 0
- Jun 27 16:43:46.409468: | informational states: 0
- Jun 27 16:43:46.409470: | unknown states: 0
- Jun 27 16:43:46.409472: | category states: 1 count states: 1
- Jun 27 16:43:46.409477: "xauth-aggr"[1] 192.168.1.138 #1: Peer ID is ID_FQDN: '@'
- Jun 27 16:43:46.409480: | X509: no CERT payloads to process
- Jun 27 16:43:46.409484: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in aggr_inI1_outR1() at ikev1_aggr.c:246)
- Jun 27 16:43:46.409519: | inserting state object #1
- Jun 27 16:43:46.409524: | serialno list: inserting object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 into list 0x559b0e2fa5c0 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
- Jun 27 16:43:46.409528: | serialno list: inserted object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
- Jun 27 16:43:46.409531: | serialno list: list entry 0x559b0e2fa5c0 is HEAD (older 0x559b0ece6d10 newer 0x559b0ece6d10)
- Jun 27 16:43:46.409534: | serialno table: inserting object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 into list 0x559b0e2ed360 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
- Jun 27 16:43:46.409538: | serialno table: inserted object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
- Jun 27 16:43:46.409541: | serialno table: list entry 0x559b0e2ed360 is HEAD (older 0x559b0ece6d30 newer 0x559b0ece6d30)
- Jun 27 16:43:46.409547: "xauth-aggr"[1] 192.168.1.138 #1: responding to Aggressive Mode, state #1, connection "xauth-aggr"[1] 192.168.1.138 from 192.168.1.138
- Jun 27 16:43:46.409550: | sender checking NAT-T: enabled and 90
- Jun 27 16:43:46.409553: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
- Jun 27 16:43:46.409555: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
- Jun 27 16:43:46.409558: | ****parse IPsec DOI SIT:
- Jun 27 16:43:46.409561: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Jun 27 16:43:46.409563: | ****parse ISAKMP Proposal Payload:
- Jun 27 16:43:46.409566: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.409568: | length: 704 (0x2c0)
- Jun 27 16:43:46.409570: | proposal number: 1 (0x1)
- Jun 27 16:43:46.409572: | protocol ID: PROTO_ISAKMP (0x1)
- Jun 27 16:43:46.409575: | SPI size: 0 (0x0)
- Jun 27 16:43:46.409577: | number of transforms: 18 (0x12)
- Jun 27 16:43:46.409579: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.409581: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.409584: | length: 40 (0x28)
- Jun 27 16:43:46.409586: | ISAKMP transform number: 1 (0x1)
- Jun 27 16:43:46.409588: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.409591: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409593: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.409595: | length/value: 7 (0x7)
- Jun 27 16:43:46.409598: | [7 is OAKLEY_AES_CBC]
- Jun 27 16:43:46.409601: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409603: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.409606: | length/value: 256 (0x100)
- Jun 27 16:43:46.409609: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409611: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.409617: | length/value: 1 (0x1)
- Jun 27 16:43:46.409619: | [1 is OAKLEY_MD5]
- Jun 27 16:43:46.409622: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409624: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.409626: | length/value: 2 (0x2)
- Jun 27 16:43:46.409629: | [2 is OAKLEY_GROUP_MODP1024]
- Jun 27 16:43:46.409631: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409634: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.409636: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.409638: | [65001 is XAUTHInitPreShared]
- Jun 27 16:43:46.409642: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.409646: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.409649: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
- Jun 27 16:43:46.409652: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
- Jun 27 16:43:46.409654: | line 1: match=9
- Jun 27 16:43:46.409657: | best_match 0>9 best=0x559b0ece4998 (line=1)
- Jun 27 16:43:46.409659: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
- Jun 27 16:43:46.409662: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409664: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.409666: | length/value: 1 (0x1)
- Jun 27 16:43:46.409669: | [1 is OAKLEY_LIFE_SECONDS]
- Jun 27 16:43:46.409671: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.409673: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.409675: | length/value: 4 (0x4)
- Jun 27 16:43:46.409678: | long duration: 86400
- Jun 27 16:43:46.409682: "xauth-aggr"[1] 192.168.1.138 #1: WARNING: connection xauth-aggr PSK length of 4 bytes is too short for md5 PRF in FIPS mode (8 bytes required)
- Jun 27 16:43:46.409685: | OAKLEY proposal verified unconditionally; no alg_info to check against
- Jun 27 16:43:46.409687: | Oakley Transform 1 accepted
- Jun 27 16:43:46.409693: | adding outI2 KE work-order 1 for state #1
- Jun 27 16:43:46.409696: | state #1 requesting to delete non existing event
- Jun 27 16:43:46.409698: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece6fe8
- Jun 27 16:43:46.409704: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
- Jun 27 16:43:46.409709: | backlog: inserting object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 into list 0x559b0e2fb5e0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.409712: | backlog: inserted object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.409715: | backlog: list entry 0x559b0e2fb5e0 is HEAD (older 0x559b0ece73c0 newer 0x559b0ece73c0)
- Jun 27 16:43:46.410000: | crypto helper 1 resuming
- Jun 27 16:43:46.410009: | backlog: removing object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.410011: | backlog: empty
- Jun 27 16:43:46.410016: | crypto helper 1 starting work-order 1 for state #1
- Jun 27 16:43:46.410019: | crypto helper 1 doing build KE and nonce; request ID 1
- Jun 27 16:43:46.410317: | crypto helper 1 finished build KE and nonce; request ID 1 time elapsed 298 usec
- Jun 27 16:43:46.410324: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
- Jun 27 16:43:46.410327: | scheduling now-event sending helper answer for #1
- Jun 27 16:43:46.410333: | crypto helper 1 waiting (nothing to do)
- Jun 27 16:43:46.410355: | complete v1 state transition with STF_SUSPEND
- Jun 27 16:43:46.410373: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2272)
- Jun 27 16:43:46.410387: | suspending state #1 and saving MD
- Jun 27 16:43:46.410400: | #1 is busy; has a suspended MD
- Jun 27 16:43:46.410414: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:43:46.410429: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:43:46.410448: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.410469: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.410482: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:43:46.410501: | executing now-event sending helper answer for 1
- Jun 27 16:43:46.410514: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:43:46.410526: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:43:46.410540: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:594)
- Jun 27 16:43:46.410553: | crypto helper 1 replies to request ID 1
- Jun 27 16:43:46.410565: | calling continuation function 0x559b0dfb9810
- Jun 27 16:43:46.410577: | aggr inI1_outR1: calculated ke+nonce, calculating DH
- Jun 27 16:43:46.410590: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.410603: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.410616: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
- Jun 27 16:43:46.410629: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
- Jun 27 16:43:46.410641: | line 1: match=9
- Jun 27 16:43:46.410653: | best_match 0>9 best=0x559b0ece4998 (line=1)
- Jun 27 16:43:46.410665: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
- Jun 27 16:43:46.410681: | adding aggr outR1 DH work-order 2 for state #1
- Jun 27 16:43:46.410694: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Jun 27 16:43:46.410708: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece6fe8
- Jun 27 16:43:46.410721: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece45e8
- Jun 27 16:43:46.410734: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
- Jun 27 16:43:46.410748: | backlog: inserting object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 into list 0x559b0e2fb5e0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.410762: | backlog: inserted object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.410774: | backlog: list entry 0x559b0e2fb5e0 is HEAD (older 0x559b0ece7f90 newer 0x559b0ece7f90)
- Jun 27 16:43:46.410795: | crypto helper 0 resuming
- Jun 27 16:43:46.410801: | backlog: removing object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
- Jun 27 16:43:46.410803: | backlog: empty
- Jun 27 16:43:46.410806: | crypto helper 0 starting work-order 2 for state #1
- Jun 27 16:43:46.410808: | crypto helper 0 doing compute dh+iv (V1 Phase 1); request ID 2
- Jun 27 16:43:46.411227: | crypto helper 0 finished compute dh+iv (V1 Phase 1); request ID 2 time elapsed 418 usec
- Jun 27 16:43:46.411233: | crypto helper 0 sending results from work-order 2 for state #1 to event queue
- Jun 27 16:43:46.411236: | scheduling now-event sending helper answer for #1
- Jun 27 16:43:46.411240: | crypto helper 0 waiting (nothing to do)
- Jun 27 16:43:46.411259: | suspending state #1 and saving MD
- Jun 27 16:43:46.411272: | #1 is busy; has a suspended MD
- Jun 27 16:43:46.411287: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:597)
- Jun 27 16:43:46.411300: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.411312: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.411328: | executing now-event sending helper answer for 1
- Jun 27 16:43:46.411342: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:43:46.411355: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:43:46.411369: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:594)
- Jun 27 16:43:46.411381: | crypto helper 0 replies to request ID 2
- Jun 27 16:43:46.411393: | calling continuation function 0x559b0dfba8c0
- Jun 27 16:43:46.411410: | aggr_inI1_outR1_continue2 for #1: calculated ke+nonce+DH, sending R1
- Jun 27 16:43:46.411423: | thinking about whether to send my certificate:
- Jun 27 16:43:46.411436: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
- Jun 27 16:43:46.411449: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
- Jun 27 16:43:46.411461: | so do not send cert.
- Jun 27 16:43:46.411473: | I did not send a certificate because digital signatures are not being used. (PSK)
- Jun 27 16:43:46.411485: | I am not sending a certificate request
- Jun 27 16:43:46.411518: | **emit ISAKMP Message:
- Jun 27 16:43:46.411531: | initiator cookie:
- Jun 27 16:43:46.411543: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.411555: | responder cookie:
- Jun 27 16:43:46.411567: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.411579: | next payload type: ISAKMP_NEXT_SA (0x1)
- Jun 27 16:43:46.411592: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:43:46.411604: | exchange type: ISAKMP_XCHG_AGGR (0x4)
- Jun 27 16:43:46.411616: | flags: none (0x0)
- Jun 27 16:43:46.411628: | message ID: 00 00 00 00
- Jun 27 16:43:46.411641: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Jun 27 16:43:46.411654: | ***emit ISAKMP Security Association Payload:
- Jun 27 16:43:46.411666: | next payload type: ISAKMP_NEXT_KE (0x4)
- Jun 27 16:43:46.411678: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Jun 27 16:43:46.411692: | ****parse IPsec DOI SIT:
- Jun 27 16:43:46.411704: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Jun 27 16:43:46.411717: | ****parse ISAKMP Proposal Payload:
- Jun 27 16:43:46.411729: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.411741: | length: 704 (0x2c0)
- Jun 27 16:43:46.411753: | proposal number: 1 (0x1)
- Jun 27 16:43:46.411765: | protocol ID: PROTO_ISAKMP (0x1)
- Jun 27 16:43:46.411777: | SPI size: 0 (0x0)
- Jun 27 16:43:46.411789: | number of transforms: 18 (0x12)
- Jun 27 16:43:46.411802: | *****parse ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.411814: | next payload type: ISAKMP_NEXT_T (0x3)
- Jun 27 16:43:46.411826: | length: 40 (0x28)
- Jun 27 16:43:46.411838: | ISAKMP transform number: 1 (0x1)
- Jun 27 16:43:46.411850: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.411862: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.411875: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Jun 27 16:43:46.411887: | length/value: 7 (0x7)
- Jun 27 16:43:46.411899: | [7 is OAKLEY_AES_CBC]
- Jun 27 16:43:46.411912: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.411924: | af+type: OAKLEY_KEY_LENGTH (0x800e)
- Jun 27 16:43:46.411936: | length/value: 256 (0x100)
- Jun 27 16:43:46.411948: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.411960: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Jun 27 16:43:46.411972: | length/value: 1 (0x1)
- Jun 27 16:43:46.412002: | [1 is OAKLEY_MD5]
- Jun 27 16:43:46.412024: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.412037: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Jun 27 16:43:46.412059: | length/value: 2 (0x2)
- Jun 27 16:43:46.412071: | [2 is OAKLEY_GROUP_MODP1024]
- Jun 27 16:43:46.412084: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.412116: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Jun 27 16:43:46.412129: | length/value: 65001 (0xfde9)
- Jun 27 16:43:46.412151: | [65001 is XAUTHInitPreShared]
- Jun 27 16:43:46.412164: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.412177: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
- Jun 27 16:43:46.412190: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
- Jun 27 16:43:46.412203: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
- Jun 27 16:43:46.412214: | line 1: match=9
- Jun 27 16:43:46.412227: | best_match 0>9 best=0x559b0ece4998 (line=1)
- Jun 27 16:43:46.412239: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
- Jun 27 16:43:46.412251: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.412268: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Jun 27 16:43:46.412281: | length/value: 1 (0x1)
- Jun 27 16:43:46.412293: | [1 is OAKLEY_LIFE_SECONDS]
- Jun 27 16:43:46.412305: | ******parse ISAKMP Oakley attribute:
- Jun 27 16:43:46.412317: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Jun 27 16:43:46.412329: | length/value: 4 (0x4)
- Jun 27 16:43:46.412341: | long duration: 86400
- Jun 27 16:43:46.412355: "xauth-aggr"[1] 192.168.1.138 #1: WARNING: connection xauth-aggr PSK length of 4 bytes is too short for md5 PRF in FIPS mode (8 bytes required)
- Jun 27 16:43:46.412368: | OAKLEY proposal verified unconditionally; no alg_info to check against
- Jun 27 16:43:46.412380: | Oakley Transform 1 accepted
- Jun 27 16:43:46.412392: | ****emit IPsec DOI SIT:
- Jun 27 16:43:46.412404: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Jun 27 16:43:46.412416: | ****emit ISAKMP Proposal Payload:
- Jun 27 16:43:46.412429: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.412441: | proposal number: 1 (0x1)
- Jun 27 16:43:46.412463: | protocol ID: PROTO_ISAKMP (0x1)
- Jun 27 16:43:46.412475: | SPI size: 0 (0x0)
- Jun 27 16:43:46.412543: | number of transforms: 1 (0x1)
- Jun 27 16:43:46.412559: | *****emit ISAKMP Transform Payload (ISAKMP):
- Jun 27 16:43:46.412573: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.412585: | ISAKMP transform number: 1 (0x1)
- Jun 27 16:43:46.412597: | ISAKMP transform ID: KEY_IKE (0x1)
- Jun 27 16:43:46.412610: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
- Jun 27 16:43:46.412623: | attributes 80 01 00 07 80 0e 01 00 80 02 00 01 80 04 00 02
- Jun 27 16:43:46.412635: | attributes 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
- Jun 27 16:43:46.412647: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
- Jun 27 16:43:46.412659: | emitting length of ISAKMP Proposal Payload: 48
- Jun 27 16:43:46.412671: | emitting length of ISAKMP Security Association Payload: 60
- Jun 27 16:43:46.412685: | ***emit ISAKMP Key Exchange Payload:
- Jun 27 16:43:46.412724: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Jun 27 16:43:46.412738: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
- Jun 27 16:43:46.412750: | keyex value d8 13 b1 7f 08 0e ae 98 88 f2 14 14 42 81 df ef
- Jun 27 16:43:46.412762: | keyex value 03 44 03 53 42 3d ae e3 93 2a af b4 0b 92 33 b7
- Jun 27 16:43:46.412810: | keyex value aa 13 b6 89 b1 ee 81 4c 30 14 9b b0 61 cf a9 70
- Jun 27 16:43:46.412824: | keyex value 2e 20 a3 02 b3 4a 66 d3 7d d2 2a 27 d9 f7 75 40
- Jun 27 16:43:46.412836: | keyex value 07 46 f5 ca 6d 47 b5 08 a5 79 f8 be a8 18 ae 9f
- Jun 27 16:43:46.412848: | keyex value a5 a2 f7 77 d6 4d 28 ec 19 2a f2 59 84 ac 3a 8e
- Jun 27 16:43:46.412860: | keyex value bd 7e a4 66 99 ac 8f 85 17 d2 f3 ab 2e 2c fe 8b
- Jun 27 16:43:46.413170: | keyex value 4e 39 d7 a1 b9 e1 92 a0 ec 0a 35 f8 c0 36 56 f8
- Jun 27 16:43:46.413190: | emitting length of ISAKMP Key Exchange Payload: 132
- Jun 27 16:43:46.413203: | ***emit ISAKMP Nonce Payload:
- Jun 27 16:43:46.413216: | next payload type: ISAKMP_NEXT_ID (0x5)
- Jun 27 16:43:46.413238: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Jun 27 16:43:46.413250: | Nr 67 aa 71 bd 16 98 00 d5 7e 7e 3d 40 c7 95 d9 7a
- Jun 27 16:43:46.413262: | Nr f2 80 2b 8c 1c 00 30 be 5a f4 47 51 02 23 d5 09
- Jun 27 16:43:46.413274: | emitting length of ISAKMP Nonce Payload: 36
- Jun 27 16:43:46.413287: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Jun 27 16:43:46.413299: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:43:46.413311: | ID type: ID_IPV4_ADDR (0x1)
- Jun 27 16:43:46.413323: | Protocol ID: 0 (0x0)
- Jun 27 16:43:46.413335: | port: 0 (0x0)
- Jun 27 16:43:46.413348: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
- Jun 27 16:43:46.413360: | my identity c0 a8 01 89
- Jun 27 16:43:46.413372: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Jun 27 16:43:46.413443: | ***emit ISAKMP Hash Payload:
- Jun 27 16:43:46.413460: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.413477: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload
- Jun 27 16:43:46.413490: | HASH_R c5 ad 5f d7 3a 01 8d b6 97 26 6d 3d 7a 42 cb 22
- Jun 27 16:43:46.413502: | emitting length of ISAKMP Hash Payload: 20
- Jun 27 16:43:46.413515: | out_vid(): sending [Dead Peer Detection]
- Jun 27 16:43:46.413527: | ***emit ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.413540: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.413552: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
- Jun 27 16:43:46.413564: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
- Jun 27 16:43:46.413577: | emitting length of ISAKMP Vendor ID Payload: 20
- Jun 27 16:43:46.413589: | out_vid(): sending [RFC 3947]
- Jun 27 16:43:46.413601: | ***emit ISAKMP Vendor ID Payload:
- Jun 27 16:43:46.413613: | next payload type: ISAKMP_NEXT_VID (0xd)
- Jun 27 16:43:46.413626: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
- Jun 27 16:43:46.413638: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
- Jun 27 16:43:46.413650: | emitting length of ISAKMP Vendor ID Payload: 20
- Jun 27 16:43:46.413662: | sending NAT-D payloads
- Jun 27 16:43:46.413681: | natd_hash: hasher=0x559b0e2d9400(16)
- Jun 27 16:43:46.413939: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.413966: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.413979: | natd_hash: ip= c0 a8 01 8a
- Jun 27 16:43:46.413991: | natd_hash: port=500
- Jun 27 16:43:46.414003: | natd_hash: hash= 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
- Jun 27 16:43:46.414015: | ***emit ISAKMP NAT-D Payload:
- Jun 27 16:43:46.414028: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Jun 27 16:43:46.414040: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
- Jun 27 16:43:46.414053: | NAT-D 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
- Jun 27 16:43:46.414065: | emitting length of ISAKMP NAT-D Payload: 20
- Jun 27 16:43:46.414084: | natd_hash: hasher=0x559b0e2d9400(16)
- Jun 27 16:43:46.414098: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.414110: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.414122: | natd_hash: ip= c0 a8 01 89
- Jun 27 16:43:46.414134: | natd_hash: port=500
- Jun 27 16:43:46.414146: | natd_hash: hash= 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.414158: | ***emit ISAKMP NAT-D Payload:
- Jun 27 16:43:46.414170: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.414182: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
- Jun 27 16:43:46.414194: | NAT-D 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.414206: | emitting length of ISAKMP NAT-D Payload: 20
- Jun 27 16:43:46.414219: | no IKEv1 message padding required
- Jun 27 16:43:46.414231: | emitting length of ISAKMP Message: 368
- Jun 27 16:43:46.414243: | complete v1 state transition with STF_OK
- Jun 27 16:43:46.414258: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2297)
- Jun 27 16:43:46.414271: | #1 is idle
- Jun 27 16:43:46.414283: | doing_xauth:yes, t_xauth_client_done:no
- Jun 27 16:43:46.414295: | peer supports fragmentation
- Jun 27 16:43:46.414307: | peer supports dpd
- Jun 27 16:43:46.414319: | dpd is active locally
- Jun 27 16:43:46.414331: | IKEv1: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
- Jun 27 16:43:46.414343: | event_already_set, deleting event
- Jun 27 16:43:46.414355: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Jun 27 16:43:46.414369: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece45e8
- Jun 27 16:43:46.414385: | sending reply packet to 192.168.1.138:500 (from port 500)
- Jun 27 16:43:46.414648: | sending 368 bytes for STATE_AGGR_R0 through eth0:500 to 192.168.1.138:500 (using #1)
- Jun 27 16:43:46.414666: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.414678: | 01 10 04 00 00 00 00 00 00 00 01 70 04 00 00 3c
- Jun 27 16:43:46.414690: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
- Jun 27 16:43:46.414707: | 00 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
- Jun 27 16:43:46.414719: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
- Jun 27 16:43:46.414731: | 00 0c 00 04 00 01 51 80 0a 00 00 84 d8 13 b1 7f
- Jun 27 16:43:46.414743: | 08 0e ae 98 88 f2 14 14 42 81 df ef 03 44 03 53
- Jun 27 16:43:46.414754: | 42 3d ae e3 93 2a af b4 0b 92 33 b7 aa 13 b6 89
- Jun 27 16:43:46.414766: | b1 ee 81 4c 30 14 9b b0 61 cf a9 70 2e 20 a3 02
- Jun 27 16:43:46.414778: | b3 4a 66 d3 7d d2 2a 27 d9 f7 75 40 07 46 f5 ca
- Jun 27 16:43:46.414790: | 6d 47 b5 08 a5 79 f8 be a8 18 ae 9f a5 a2 f7 77
- Jun 27 16:43:46.414802: | d6 4d 28 ec 19 2a f2 59 84 ac 3a 8e bd 7e a4 66
- Jun 27 16:43:46.414814: | 99 ac 8f 85 17 d2 f3 ab 2e 2c fe 8b 4e 39 d7 a1
- Jun 27 16:43:46.414825: | b9 e1 92 a0 ec 0a 35 f8 c0 36 56 f8 05 00 00 24
- Jun 27 16:43:46.414837: | 67 aa 71 bd 16 98 00 d5 7e 7e 3d 40 c7 95 d9 7a
- Jun 27 16:43:46.414849: | f2 80 2b 8c 1c 00 30 be 5a f4 47 51 02 23 d5 09
- Jun 27 16:43:46.414861: | 08 00 00 0c 01 00 00 00 c0 a8 01 89 0d 00 00 14
- Jun 27 16:43:46.414873: | c5 ad 5f d7 3a 01 8d b6 97 26 6d 3d 7a 42 cb 22
- Jun 27 16:43:46.414885: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
- Jun 27 16:43:46.414897: | 77 57 01 00 14 00 00 14 4a 13 1c 81 07 03 58 45
- Jun 27 16:43:46.414908: | 5c 57 28 f2 0e 95 45 2f 14 00 00 14 91 0f 11 37
- Jun 27 16:43:46.414920: | fe a4 a4 2f 57 46 1a 14 97 56 28 ae 00 00 00 14
- Jun 27 16:43:46.414932: | 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.415024: | !event_already_set at reschedule
- Jun 27 16:43:46.415239: | event_schedule: new EVENT_SO_DISCARD-pe@0x559b0ece4788
- Jun 27 16:43:46.415259: | inserting event EVENT_SO_DISCARD, timeout in 60.000 seconds for #1
- Jun 27 16:43:46.415275: "xauth-aggr"[1] 192.168.1.138 #1: STATE_AGGR_R1: sent AR1, expecting AI2
- Jun 27 16:43:46.415289: | modecfg pull: quirk-poll policy:pull not-client
- Jun 27 16:43:46.415301: | phase 1 is done, looking for phase 2 to unpend
- Jun 27 16:43:46.415317: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:597)
- Jun 27 16:43:46.415330: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.415343: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.415973: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:43:46.416010: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.416032: | 08 10 04 01 00 00 00 00 00 00 00 5c 8b a1 01 4a
- Jun 27 16:43:46.416044: | ec 4d f6 fd 48 10 7a 85 7e 83 dc 15 ed ee c8 f0
- Jun 27 16:43:46.416057: | 96 b4 1f f3 ac 58 b4 7e 18 2a 13 33 de 46 05 83
- Jun 27 16:43:46.416069: | eb d6 6c ff ce cd fa 16 09 d4 ab 87 f6 bf c4 e4
- Jun 27 16:43:46.416081: | 41 8d 65 77 20 b9 32 50 e5 c1 ec e0
- Jun 27 16:43:46.416095: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:43:46.416109: | **parse ISAKMP Message:
- Jun 27 16:43:46.416123: | initiator cookie:
- Jun 27 16:43:46.416136: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.416149: | responder cookie:
- Jun 27 16:43:46.416161: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.416175: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:43:46.416187: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:43:46.416200: | exchange type: ISAKMP_XCHG_AGGR (0x4)
- Jun 27 16:43:46.416212: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:43:46.416225: | message ID: 00 00 00 00
- Jun 27 16:43:46.416237: | length: 92 (0x5c)
- Jun 27 16:43:46.416250: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_AGGR (4)
- Jun 27 16:43:46.416267: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:43:46.416280: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
- Jun 27 16:43:46.416293: | v1 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:43:46.416308: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1117)
- Jun 27 16:43:46.416325: | #1 is idle
- Jun 27 16:43:46.416338: | #1 idle
- Jun 27 16:43:46.416367: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x102000
- Jun 27 16:43:46.416382: | ***parse ISAKMP Hash Payload:
- Jun 27 16:43:46.416395: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Jun 27 16:43:46.416408: | length: 20 (0x14)
- Jun 27 16:43:46.416420: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.416433: | ***parse ISAKMP NAT-D Payload:
- Jun 27 16:43:46.416446: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Jun 27 16:43:46.416458: | length: 20 (0x14)
- Jun 27 16:43:46.416470: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
- Jun 27 16:43:46.416483: | ***parse ISAKMP NAT-D Payload:
- Jun 27 16:43:46.416495: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.416508: | length: 20 (0x14)
- Jun 27 16:43:46.416520: | removing 4 bytes of padding
- Jun 27 16:43:46.416534: | checking NAT-T: enabled and RFC 3947 (NAT-Traversal)
- Jun 27 16:43:46.416552: | natd_hash: hasher=0x559b0e2d9400(16)
- Jun 27 16:43:46.416566: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.416579: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.416591: | natd_hash: ip= c0 a8 01 89
- Jun 27 16:43:46.416604: | natd_hash: port=500
- Jun 27 16:43:46.416616: | natd_hash: hash= 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.416632: | natd_hash: hasher=0x559b0e2d9400(16)
- Jun 27 16:43:46.416646: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.416658: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.416671: | natd_hash: ip= c0 a8 01 8a
- Jun 27 16:43:46.416683: | natd_hash: port=500
- Jun 27 16:43:46.416695: | natd_hash: hash= 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
- Jun 27 16:43:46.416708: | expected NAT-D(me): 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.416720: | expected NAT-D(him):
- Jun 27 16:43:46.416732: | 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
- Jun 27 16:43:46.416745: | received NAT-D: 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
- Jun 27 16:43:46.416758: | received NAT-D: 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
- Jun 27 16:43:46.416771: | NAT_TRAVERSAL encaps using auto-detect
- Jun 27 16:43:46.416783: | NAT_TRAVERSAL this end is NOT behind NAT
- Jun 27 16:43:46.416795: | NAT_TRAVERSAL that end is NOT behind NAT
- Jun 27 16:43:46.416808: | NAT_TRAVERSAL nat_keepalive enabled 192.168.1.138
- Jun 27 16:43:46.416821: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
- Jun 27 16:43:46.416833: | NAT_T_WITH_KA detected
- Jun 27 16:43:46.416846: | event_schedule: new EVENT_NAT_T_KEEPALIVE-pe@0x559b0ece5c18
- Jun 27 16:43:46.416860: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20.000 seconds
- Jun 27 16:43:46.416874: | **emit ISAKMP Identification Payload (IPsec DOI):
- Jun 27 16:43:46.416887: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.416900: | ID type: ID_IPV4_ADDR (0x1)
- Jun 27 16:43:46.416913: | Protocol ID: 0 (0x0)
- Jun 27 16:43:46.416925: | port: 0 (0x0)
- Jun 27 16:43:46.416938: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
- Jun 27 16:43:46.416950: | my identity c0 a8 01 8a
- Jun 27 16:43:46.416963: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Jun 27 16:43:46.416976: | ***parse ISAKMP Identification Payload:
- Jun 27 16:43:46.416988: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.417001: | length: 12 (0xc)
- Jun 27 16:43:46.417013: | ID type: ID_IPV4_ADDR (0x1)
- Jun 27 16:43:46.417025: | DOI specific A: 0 (0x0)
- Jun 27 16:43:46.417038: | DOI specific B: 0 (0x0)
- Jun 27 16:43:46.417052: "xauth-aggr"[1] 192.168.1.138 #1: Peer ID is ID_IPV4_ADDR: '192.168.1.138'
- Jun 27 16:43:46.417065: | X509: no CERT payloads to process
- Jun 27 16:43:46.417131: "xauth-aggr"[1] 192.168.1.138 #1: received Hash Payload does not match computed value
- Jun 27 16:43:46.417232: | complete v1 state transition with INVALID_HASH_INFORMATION
- Jun 27 16:43:46.417253: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2297)
- Jun 27 16:43:46.417336: | #1 is idle
- Jun 27 16:43:46.417359: "xauth-aggr"[1] 192.168.1.138 #1: sending encrypted notification INVALID_HASH_INFORMATION to 192.168.1.138:500
- Jun 27 16:43:46.417374: | **emit ISAKMP Message:
- Jun 27 16:43:46.417387: | initiator cookie:
- Jun 27 16:43:46.417399: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.417411: | responder cookie:
- Jun 27 16:43:46.417423: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.417446: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:43:46.417538: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:43:46.417555: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:43:46.417568: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:43:46.417581: | message ID: fe e7 24 fd
- Jun 27 16:43:46.417594: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Jun 27 16:43:46.417607: | ***emit ISAKMP Hash Payload:
- Jun 27 16:43:46.417619: | next payload type: ISAKMP_NEXT_N (0xb)
- Jun 27 16:43:46.417633: | emitting 16 zero bytes of HASH(1) into ISAKMP Hash Payload
- Jun 27 16:43:46.417645: | emitting length of ISAKMP Hash Payload: 20
- Jun 27 16:43:46.417658: | ***emit ISAKMP Notification Payload:
- Jun 27 16:43:46.417670: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Jun 27 16:43:46.417712: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Jun 27 16:43:46.417726: | protocol ID: 1 (0x1)
- Jun 27 16:43:46.417739: | SPI size: 0 (0x0)
- Jun 27 16:43:46.417751: | Notify Message Type: INVALID_HASH_INFORMATION (0x17)
- Jun 27 16:43:46.417836: | emitting length of ISAKMP Notification Payload: 12
- Jun 27 16:43:46.417896: | encrypting: 0b 00 00 14 89 f0 ae a3 3c 05 15 31 a6 0b d0 a6
- Jun 27 16:43:46.417913: | encrypting: 0f 4b 04 d5 00 00 00 0c 00 00 00 01 01 00 00 17
- Jun 27 16:43:46.417956: | IV: 47 42 ae 77 17 99 e5 89 d3 c8 19 ca 61 61 8a ba
- Jun 27 16:43:46.417979: | no IKEv1 message padding required
- Jun 27 16:43:46.418023: | emitting length of ISAKMP Message: 60
- Jun 27 16:43:46.418039: | sending 60 bytes for notification packet through eth0:500 to 192.168.1.138:500 (using #1)
- Jun 27 16:43:46.418052: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.418064: | 08 10 05 01 fe e7 24 fd 00 00 00 3c 2f 0a 3b 3d
- Jun 27 16:43:46.418104: | 70 1f b5 f1 e1 ba 72 c0 fb 41 44 ed 29 15 ef c6
- Jun 27 16:43:46.418118: | c2 4d 35 6c 32 d0 dd c9 80 98 08 c9
- Jun 27 16:43:46.418183: | state transition function for STATE_AGGR_R1 failed: INVALID_HASH_INFORMATION
- Jun 27 16:43:46.418276: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:43:46.418295: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:43:46.418319: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.418341: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.418364: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:43:46.418395: | *received 76 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:43:46.418419: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.418444: | 08 10 05 01 ff 6b 06 cc 00 00 00 4c c1 6c 21 a3
- Jun 27 16:43:46.418467: | d2 eb 85 0a ba ac e5 0a 20 2f 88 74 ca a2 42 46
- Jun 27 16:43:46.418488: | ef b3 9a 53 8d eb 16 57 60 be b9 9f b5 72 13 5f
- Jun 27 16:43:46.418511: | e1 98 c8 62 88 a4 c5 b0 d0 fd d7 c7
- Jun 27 16:43:46.418534: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:43:46.418558: | **parse ISAKMP Message:
- Jun 27 16:43:46.418580: | initiator cookie:
- Jun 27 16:43:46.418601: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:43:46.418623: | responder cookie:
- Jun 27 16:43:46.418647: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:43:46.418671: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:43:46.418694: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:43:46.418707: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:43:46.418729: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:43:46.418750: | message ID: ff 6b 06 cc
- Jun 27 16:43:46.418772: | length: 76 (0x4c)
- Jun 27 16:43:46.418794: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:43:46.418819: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:43:46.418842: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:43:46.418864: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:43:46.418888: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:43:46.418917: | #1 is idle
- Jun 27 16:43:46.418942: | #1 idle
- Jun 27 16:43:46.418971: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:43:46.418997: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
- Jun 27 16:43:46.419021: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
- Jun 27 16:43:46.419044: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:43:46.419070: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:43:46.419095: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:43:46.419118: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.419140: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:43:46.419162: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:43:52.617594: | timer_event_cb: processing event@0x559b0ecdec88
- Jun 27 16:43:52.617849: | handling event EVENT_SHUNT_SCAN
- Jun 27 16:43:52.617879: | expiring aged bare shunts from shunt table
- Jun 27 16:43:52.617899: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ece5dc8
- Jun 27 16:43:52.617918: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
- Jun 27 16:43:52.617939: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ecdec88
- Jun 27 16:44:01.438498: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:01.438572: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:01.438590: | 08 10 05 01 7f 04 30 dc 00 00 00 5c db e5 a8 b2
- Jun 27 16:44:01.438606: | e9 27 65 dd 59 90 7c e9 74 b7 9b 49 71 e6 c5 91
- Jun 27 16:44:01.438621: | 3b 87 cb d4 28 44 48 32 5e 65 a9 00 f7 e8 b2 ae
- Jun 27 16:44:01.438637: | 39 e7 b4 d9 9b cd e5 35 36 2d 5f b7 e4 de cb 00
- Jun 27 16:44:01.438653: | cc 99 18 19 dd 7a 55 5b 47 a5 c3 2c
- Jun 27 16:44:01.438671: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:01.438690: | **parse ISAKMP Message:
- Jun 27 16:44:01.438708: | initiator cookie:
- Jun 27 16:44:01.438723: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:01.438738: | responder cookie:
- Jun 27 16:44:01.438754: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:01.438771: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:01.438787: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:01.438804: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:01.438820: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:01.438836: | message ID: 7f 04 30 dc
- Jun 27 16:44:01.438851: | length: 92 (0x5c)
- Jun 27 16:44:01.438868: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:01.438889: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:01.438908: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:01.438936: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:01.438955: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:01.439000: | #1 is idle
- Jun 27 16:44:01.439018: | #1 idle
- Jun 27 16:44:01.439054: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:01.439077: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 220 (0xdc)
- Jun 27 16:44:01.439094: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:01.439117: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:01.439138: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:01.439155: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:01.439170: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:01.439187: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:06.423774: | timer_event_cb: processing event@0x559b0ece5c18
- Jun 27 16:44:06.423851: | handling event EVENT_NAT_T_KEEPALIVE
- Jun 27 16:44:06.423879: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in for_each_state() at state.c:1614)
- Jun 27 16:44:06.423898: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
- Jun 27 16:44:06.423916: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in for_each_state() at state.c:1614)
- Jun 27 16:44:06.423933: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:06.423949: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:06.423969: | free_event_entry: release EVENT_NAT_T_KEEPALIVE-pe@0x559b0ece5c18
- Jun 27 16:44:12.624893: | timer_event_cb: processing event@0x559b0ece5dc8
- Jun 27 16:44:12.625034: | handling event EVENT_SHUNT_SCAN
- Jun 27 16:44:12.625061: | expiring aged bare shunts from shunt table
- Jun 27 16:44:12.625085: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ece5c18
- Jun 27 16:44:12.625108: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
- Jun 27 16:44:12.625140: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ece5dc8
- Jun 27 16:44:16.469843: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:16.469881: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:16.469886: | 08 10 05 01 df 97 4f ad 00 00 00 5c 6e 91 3f 08
- Jun 27 16:44:16.469889: | 2e aa e5 a2 1e 0b c7 03 f5 b6 85 67 31 0a 06 a7
- Jun 27 16:44:16.469892: | 09 d0 a9 eb 10 f8 d3 ee 16 3e b9 0f f3 0d 2d 92
- Jun 27 16:44:16.469896: | ec ed 88 f0 fc 1a e4 ec 46 81 61 ef 64 47 a0 95
- Jun 27 16:44:16.469899: | 1f d3 29 59 2a 31 78 6f f4 af 7d 16
- Jun 27 16:44:16.469906: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:16.469912: | **parse ISAKMP Message:
- Jun 27 16:44:16.469917: | initiator cookie:
- Jun 27 16:44:16.469920: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:16.469924: | responder cookie:
- Jun 27 16:44:16.469927: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:16.469931: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:16.469935: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:16.469939: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:16.469943: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:16.469946: | message ID: df 97 4f ad
- Jun 27 16:44:16.469950: | length: 92 (0x5c)
- Jun 27 16:44:16.469954: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:16.469964: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:16.469970: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:16.469974: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:16.469994: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:16.470027: | #1 is idle
- Jun 27 16:44:16.470031: | #1 idle
- Jun 27 16:44:16.470049: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:16.470056: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 157 (0x9d)
- Jun 27 16:44:16.470060: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:16.470074: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:16.470080: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:16.470084: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:16.470087: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:16.470091: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:20.469924: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:20.469959: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:20.469963: | 08 10 05 01 b2 84 d2 f6 00 00 00 5c b3 e0 02 1f
- Jun 27 16:44:20.469966: | 75 cc 68 99 01 9f 44 3e 1f e6 72 57 29 0c 55 79
- Jun 27 16:44:20.469969: | 48 bb 0f 44 0d 81 65 d5 8d 10 03 23 d4 df 5f 61
- Jun 27 16:44:20.469971: | 5d 7a 3b 83 4b ce 21 e9 e6 5a 2c f2 1b f7 8b 9f
- Jun 27 16:44:20.469974: | a0 15 02 6d 57 80 45 26 0f cc a5 c1
- Jun 27 16:44:20.469980: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:20.469986: | **parse ISAKMP Message:
- Jun 27 16:44:20.469990: | initiator cookie:
- Jun 27 16:44:20.469993: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:20.469996: | responder cookie:
- Jun 27 16:44:20.469998: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:20.470002: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:20.470005: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:20.470009: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:20.470012: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:20.470015: | message ID: b2 84 d2 f6
- Jun 27 16:44:20.470019: | length: 92 (0x5c)
- Jun 27 16:44:20.470022: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:20.470032: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:20.470037: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:20.470041: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:20.470048: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:20.470079: | #1 is idle
- Jun 27 16:44:20.470082: | #1 idle
- Jun 27 16:44:20.470100: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:20.470106: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
- Jun 27 16:44:20.470110: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
- Jun 27 16:44:20.470114: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:20.470123: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:20.470129: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:20.470133: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:20.470136: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:20.470140: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:23.501182: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:23.501254: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:23.501295: | 08 10 05 01 a0 a0 32 42 00 00 00 5c c7 50 0e b3
- Jun 27 16:44:23.501299: | 28 a5 2a fc 79 76 91 86 27 f7 53 91 b9 cf 8f 0f
- Jun 27 16:44:23.501302: | e8 64 ec a3 f8 50 4c 0c 01 c8 56 8f 9b e1 0d d0
- Jun 27 16:44:23.501305: | b1 b9 5f 83 36 56 1e 6e 7c 96 de 86 bd c2 4e 29
- Jun 27 16:44:23.501308: | 4f 59 33 e6 2a 64 78 45 7e be b7 39
- Jun 27 16:44:23.501317: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:23.501328: | **parse ISAKMP Message:
- Jun 27 16:44:23.501333: | initiator cookie:
- Jun 27 16:44:23.501336: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:23.501339: | responder cookie:
- Jun 27 16:44:23.501341: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:23.501346: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:23.501350: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:23.501353: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:23.501358: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:23.501361: | message ID: a0 a0 32 42
- Jun 27 16:44:23.501364: | length: 92 (0x5c)
- Jun 27 16:44:23.501369: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:23.501379: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:23.501388: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:23.501391: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:23.501403: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:23.501483: | #1 is idle
- Jun 27 16:44:23.501488: | #1 idle
- Jun 27 16:44:23.501529: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:23.501539: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 160 (0xa0)
- Jun 27 16:44:23.501544: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:23.501561: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:23.501567: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:23.501572: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:23.501577: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:23.501581: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:25.501070: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:25.501104: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:25.501108: | 08 10 05 01 40 bc a2 4a 00 00 00 5c be 5b 23 e2
- Jun 27 16:44:25.501110: | d5 82 22 f5 75 fc c5 1c ec a2 64 49 24 99 b8 98
- Jun 27 16:44:25.501113: | 97 1d e8 4b 65 83 3b bc 7f c9 aa 75 4d 65 91 27
- Jun 27 16:44:25.501116: | 0e be 3c 91 2c ea ff 98 8f 72 9b 9d f8 56 6c a9
- Jun 27 16:44:25.501119: | a5 c4 f9 5b 20 15 f0 cd fe 24 9a 57
- Jun 27 16:44:25.501125: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:25.501131: | **parse ISAKMP Message:
- Jun 27 16:44:25.501135: | initiator cookie:
- Jun 27 16:44:25.501137: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:25.501140: | responder cookie:
- Jun 27 16:44:25.501143: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:25.501147: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:25.501150: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:25.501153: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:25.501157: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:25.501160: | message ID: 40 bc a2 4a
- Jun 27 16:44:25.501164: | length: 92 (0x5c)
- Jun 27 16:44:25.501168: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:25.501177: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:25.501195: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:25.501199: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:25.501206: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:25.501237: | #1 is idle
- Jun 27 16:44:25.501240: | #1 idle
- Jun 27 16:44:25.501257: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:25.501263: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
- Jun 27 16:44:25.501268: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
- Jun 27 16:44:25.501272: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:25.501281: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:25.501287: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:25.501291: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:25.501294: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:25.501298: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:26.519465: | *received 76 bytes from 192.168.1.138:500 on eth0 (port=500)
- Jun 27 16:44:26.519495: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:26.519497: | 08 10 05 01 20 63 f2 3d 00 00 00 4c ec 77 df f9
- Jun 27 16:44:26.519500: | 50 03 98 ba a9 cc 33 63 cc 78 23 7b 52 fa 5e 95
- Jun 27 16:44:26.519502: | fb 2c 80 2e 30 05 52 35 2c be d9 a7 c6 c5 03 f9
- Jun 27 16:44:26.519504: | b5 1a 45 22 5e e6 41 91 6f ab 63 66
- Jun 27 16:44:26.519509: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
- Jun 27 16:44:26.519513: | **parse ISAKMP Message:
- Jun 27 16:44:26.519517: | initiator cookie:
- Jun 27 16:44:26.519519: | 10 78 8d 8e 71 84 24 7b
- Jun 27 16:44:26.519521: | responder cookie:
- Jun 27 16:44:26.519523: | 9f 03 d1 e8 76 2f 9f cb
- Jun 27 16:44:26.519526: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Jun 27 16:44:26.519529: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Jun 27 16:44:26.519531: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Jun 27 16:44:26.519534: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Jun 27 16:44:26.519537: | message ID: 20 63 f2 3d
- Jun 27 16:44:26.519539: | length: 76 (0x4c)
- Jun 27 16:44:26.519542: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Jun 27 16:44:26.519550: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
- Jun 27 16:44:26.519554: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
- Jun 27 16:44:26.519556: | p15 state object #1 found, in STATE_AGGR_R1
- Jun 27 16:44:26.519563: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
- Jun 27 16:44:26.519590: | #1 is idle
- Jun 27 16:44:26.519593: | #1 idle
- Jun 27 16:44:26.519614: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
- Jun 27 16:44:26.519620: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 77 (0x4d)
- Jun 27 16:44:26.519623: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
- Jun 27 16:44:26.519630: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
- Jun 27 16:44:26.519635: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
- Jun 27 16:44:26.519638: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:26.519640: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:26.519644: | processing: STOP connection NULL (in process_md() at demux.c:397)
- Jun 27 16:44:28.097817: shutting down
- Jun 27 16:44:28.097843: | processing: RESET whack log_fd (was 15) (in exit_pluto() at plutomain.c:1784)
- Jun 27 16:44:28.097848: | pluto_sd: executing action action: stopping(6), status 0
- Jun 27 16:44:28.097866: | certs and keys locked by 'free_preshared_secrets'
- Jun 27 16:44:28.097869: forgetting secrets
- Jun 27 16:44:28.097873: | certs and keys unlocked by 'free_preshard_secrets'
- Jun 27 16:44:28.097880: | processing: start connection "xauth-aggr"[1] 192.168.1.138 (in delete_connection() at connections.c:264)
- Jun 27 16:44:28.097884: "xauth-aggr"[1] 192.168.1.138: deleting connection "xauth-aggr"[1] 192.168.1.138 instance with peer 192.168.1.138 {isakmp=#0/ipsec=#0}
- Jun 27 16:44:28.097887: | Deleting states for connection - including all other IPsec SA's of this IKE SA
- Jun 27 16:44:28.097890: | pass 0
- Jun 27 16:44:28.097892: | state #1
- Jun 27 16:44:28.097896: | processing: suspend connection "xauth-aggr" (in foreach_state_by_connection_func_delete() at state.c:1335)
- Jun 27 16:44:28.097900: | processing: start state #1 connection "xauth-aggr" 192.168.1.138:500 (in foreach_state_by_connection_func_delete() at state.c:1335)
- Jun 27 16:44:28.097904: | processing: [RE]START state #1 connection "xauth-aggr" 192.168.1.138:500 (in delete_state() at state.c:980)
- Jun 27 16:44:28.097908: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:44:28.097910: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:44:28.097913: "xauth-aggr" #1: deleting state (STATE_AGGR_R1) and NOT sending notification
- Jun 27 16:44:28.097917: | parent state #1: STATE_AGGR_R1(open-ike) => delete
- Jun 27 16:44:28.097920: | state #1 requesting N/A-pe@(nil) be deleted
- Jun 27 16:44:28.097923: | delete_pluto_event cannot delete NULL event
- Jun 27 16:44:28.097925: | state #1 requesting N/A-pe@(nil) be deleted
- Jun 27 16:44:28.097927: | delete_pluto_event cannot delete NULL event
- Jun 27 16:44:28.097929: | state #1 requesting N/A-pe@(nil) be deleted
- Jun 27 16:44:28.097931: | delete_pluto_event cannot delete NULL event
- Jun 27 16:44:28.097934: | state #1 requesting EVENT_SO_DISCARD to be deleted
- Jun 27 16:44:28.097939: | free_event_entry: release EVENT_SO_DISCARD-pe@0x559b0ece4788
- Jun 27 16:44:28.097944: | serialno list: removing object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
- Jun 27 16:44:28.097946: | serialno list: empty
- Jun 27 16:44:28.097949: | serialno table: removing object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
- Jun 27 16:44:28.097951: | serialno table: empty
- Jun 27 16:44:28.097962: | in connection_discard for connection xauth-aggr
- Jun 27 16:44:28.097965: | parent state #1: STATE_AGGR_R1(open-ike) => STATE_UNDEFINED(ignore)
- Jun 27 16:44:28.097968: | ignore states: 0
- Jun 27 16:44:28.097979: | half-open-ike states: 0
- Jun 27 16:44:28.097981: | open-ike states: 0
- Jun 27 16:44:28.097983: | established-anonymous-ike states: 0
- Jun 27 16:44:28.097985: | established-authenticated-ike states: 0
- Jun 27 16:44:28.097987: | anonymous-ipsec states: 0
- Jun 27 16:44:28.097989: | authenticated-ipsec states: 0
- Jun 27 16:44:28.097991: | informational states: 0
- Jun 27 16:44:28.097993: | unknown states: 0
- Jun 27 16:44:28.097995: | category states: 0 count states: 0
- Jun 27 16:44:28.098020: | processing: stop state #1 192.168.1.138:500 (in delete_state() at state.c:1198)
- Jun 27 16:44:28.098023: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:44:28.098025: | serialno table: hash serialno #1 to head 0x559b0e2ed360
- Jun 27 16:44:28.098028: | processing: resume connection "xauth-aggr" (in delete_state() at state.c:1198)
- Jun 27 16:44:28.098045: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1335)
- Jun 27 16:44:28.098048: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:28.098050: | serialno table: hash serialno #0 to head 0x559b0e2ed340
- Jun 27 16:44:28.098053: | processing: resume connection "xauth-aggr" (in foreach_state_by_connection_func_delete() at state.c:1335)
- Jun 27 16:44:28.098058: | pass 1
- Jun 27 16:44:28.098061: | unreference addresspool of conn xauth-aggr[1] kind CK_GOING_AWAY refcnt 3
- Jun 27 16:44:28.098065: | processing: stop connection "xauth-aggr" (in delete_connection() at connections.c:314)
- Jun 27 16:44:28.098070: | processing: start connection "v6neighbor-hole-out" (in delete_connection() at connections.c:264)
- Jun 27 16:44:28.098073: "v6neighbor-hole-out": deleting non-instance connection
- Jun 27 16:44:28.098075: | Deleting states for connection - including all other IPsec SA's of this IKE SA
- Jun 27 16:44:28.098077: | pass 0
- Jun 27 16:44:28.098079: | pass 1
- Jun 27 16:44:28.098083: | shunt_eroute() called for connection 'v6neighbor-hole-out' to 'delete' for rt_kind 'unrouted' using protoports 58--34816->-34560
- Jun 27 16:44:28.098096: | netlink_shunt_eroute for proto 58, and source port 34816 dest port 34560
- Jun 27 16:44:28.098100: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
- Jun 27 16:44:28.098128: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
- Jun 27 16:44:28.098150: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.098152: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
- Jun 27 16:44:28.098155: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.098157: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:44:28.098160: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.098162: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:44:28.098165: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.098167: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:44:28.098170: | route owner of "v6neighbor-hole-out" unrouted: NULL
- Jun 27 16:44:28.098173: | running updown command "ipsec _updown" for verb unroute
- Jun 27 16:44:28.098175: | command executing unroute-client-v6
- Jun 27 16:44:28.098194: | executing unroute-client-v6: PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:44:28.098197: | popen cmd is 903 chars long
- Jun 27 16:44:28.098200: | cmd( 0):PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
- Jun 27 16:44:28.098202: | cmd( 80):hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=:
- Jun 27 16:44:28.098204: | cmd( 160):'::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' :
- Jun 27 16:44:28.098207: | cmd( 240):PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::
- Jun 27 16:44:28.098209: | cmd( 320)::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUT:
- Jun 27 16:44:28.098211: | cmd( 400):O_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_P:
- Jun 27 16:44:28.098213: | cmd( 480):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+P:
- Jun 27 16:44:28.098215: | cmd( 560):ASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6':
- Jun 27 16:44:28.098217: | cmd( 640): XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN:
- Jun 27 16:44:28.098220: | cmd( 720):_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM:
- Jun 27 16:44:28.098225: | cmd( 800):_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT:
- Jun 27 16:44:28.098227: | cmd( 880):=0x0 ipsec _updown 2>&1:
- Jun 27 16:44:28.101596: | processing: stop connection "v6neighbor-hole-out" (in delete_connection() at connections.c:314)
- Jun 27 16:44:28.101610: | processing: start connection "v6neighbor-hole-in" (in delete_connection() at connections.c:264)
- Jun 27 16:44:28.101613: "v6neighbor-hole-in": deleting non-instance connection
- Jun 27 16:44:28.101616: | Deleting states for connection - including all other IPsec SA's of this IKE SA
- Jun 27 16:44:28.101618: | pass 0
- Jun 27 16:44:28.101620: | pass 1
- Jun 27 16:44:28.101623: | shunt_eroute() called for connection 'v6neighbor-hole-in' to 'delete' for rt_kind 'unrouted' using protoports 58--34560->-34816
- Jun 27 16:44:28.101626: | netlink_shunt_eroute for proto 58, and source port 34560 dest port 34816
- Jun 27 16:44:28.101629: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
- Jun 27 16:44:28.101646: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
- Jun 27 16:44:28.101657: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.101660: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
- Jun 27 16:44:28.101662: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.101664: | conn xauth mark 0/00000000, 0/00000000
- Jun 27 16:44:28.101666: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
- Jun 27 16:44:28.101669: | conn xauth-aggr mark 0/00000000, 0/00000000
- Jun 27 16:44:28.101672: | route owner of "v6neighbor-hole-in" unrouted: NULL
- Jun 27 16:44:28.101674: | running updown command "ipsec _updown" for verb unroute
- Jun 27 16:44:28.101676: | command executing unroute-client-v6
- Jun 27 16:44:28.101693: | executing unroute-client-v6: PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
- Jun 27 16:44:28.101696: | popen cmd is 902 chars long
- Jun 27 16:44:28.101699: | cmd( 0):PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
- Jun 27 16:44:28.101701: | cmd( 80):hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':
- Jun 27 16:44:28.101704: | cmd( 160):::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' P:
- Jun 27 16:44:28.101706: | cmd( 240):LUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER=':::
- Jun 27 16:44:28.101708: | cmd( 320):' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO:
- Jun 27 16:44:28.101710: | cmd( 400):_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PE:
- Jun 27 16:44:28.101712: | cmd( 480):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PA:
- Jun 27 16:44:28.101714: | cmd( 560):SS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' :
- Jun 27 16:44:28.101716: | cmd( 640):XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_:
- Jun 27 16:44:28.101719: | cmd( 720):INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_:
- Jun 27 16:44:28.101725: | cmd( 800):CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=:
- Jun 27 16:44:28.101727: | cmd( 880):0x0 ipsec _updown 2>&1:
- Jun 27 16:44:28.103944: | processing: stop connection "v6neighbor-hole-in" (in delete_connection() at connections.c:314)
- Jun 27 16:44:28.103957: | processing: start connection "xauth" (in delete_connection() at connections.c:264)
- Jun 27 16:44:28.103960: "xauth": deleting non-instance connection
- Jun 27 16:44:28.103962: | Deleting states for connection - including all other IPsec SA's of this IKE SA
- Jun 27 16:44:28.103964: | pass 0
- Jun 27 16:44:28.103966: | pass 1
- Jun 27 16:44:28.103969: | unreference addresspool of conn xauth[0] kind CK_TEMPLATE refcnt 2
- Jun 27 16:44:28.103972: | processing: stop connection "xauth" (in delete_connection() at connections.c:314)
- Jun 27 16:44:28.103976: | processing: start connection "xauth-aggr" (in delete_connection() at connections.c:264)
- Jun 27 16:44:28.103978: "xauth-aggr": deleting non-instance connection
- Jun 27 16:44:28.103980: | Deleting states for connection - including all other IPsec SA's of this IKE SA
- Jun 27 16:44:28.103982: | pass 0
- Jun 27 16:44:28.103984: | pass 1
- Jun 27 16:44:28.103986: | unreference addresspool of conn xauth-aggr[1] kind CK_TEMPLATE refcnt 1
- Jun 27 16:44:28.103989: | freeing memory for addresspool ptr 0x559b0ece3158
- Jun 27 16:44:28.103992: | free_lease_list: addresspool free the lease list ptr (nil)
- Jun 27 16:44:28.103995: | processing: stop connection "xauth-aggr" (in delete_connection() at connections.c:314)
- Jun 27 16:44:28.103998: | crl fetch request list locked by 'free_crl_fetch'
- Jun 27 16:44:28.104001: | crl fetch request list unlocked by 'free_crl_fetch'
- Jun 27 16:44:28.104008: shutting down interface lo/lo ::1:500
- Jun 27 16:44:28.104011: shutting down interface lo/lo 127.0.0.1:4500
- Jun 27 16:44:28.104013: shutting down interface lo/lo 127.0.0.1:500
- Jun 27 16:44:28.104015: shutting down interface eth0/eth0 192.168.1.137:4500
- Jun 27 16:44:28.104017: shutting down interface eth0/eth0 192.168.1.137:500
- Jun 27 16:44:28.104027: | free_event_entry: release EVENT_NULL-pe@0x559b0ece3f18
- Jun 27 16:44:28.104038: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4018
- Jun 27 16:44:28.104045: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4118
- Jun 27 16:44:28.104052: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4218
- Jun 27 16:44:28.104057: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4418
- Jun 27 16:44:28.104188: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ece5c18
- Jun 27 16:44:28.104194: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1d38
- Jun 27 16:44:28.104197: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1b98
- Jun 27 16:44:28.104201: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1848
- Jun 27 16:44:28.104215: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1748
- Jun 27 16:44:28.104219: | free_event_entry: release EVENT_SD_WATCHDOG-pe@0x559b0ecdef88
- Jun 27 16:44:28.104223: | free_event_entry: release EVENT_NULL-pe@0x559b0ecdee88
- Jun 27 16:44:28.104227: | free_event_entry: release EVENT_NULL-pe@0x559b0ecded88
- Jun 27 16:44:28.104230: | free_event_entry: release EVENT_PENDING_PHASE2-pe@0x559b0ecd1f08
- Jun 27 16:44:28.104233: | free_event_entry: release EVENT_PENDING_DDNS-pe@0x559b0ecd1e08
- Jun 27 16:44:28.104235: | free_event_entry: release EVENT_REINIT_SECRET-pe@0x559b0ecd1cb8
- Jun 27 16:44:28.104270: leak detective found no leaks
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement