API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2018
334
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 165.41 KB | None | 0 0
raw download clone embed print report
  1. Jun 27 16:43:32.554963: NSS DB directory: sql:/etc/ipsec.d
  2. Jun 27 16:43:32.555056: Initializing NSS
  3. Jun 27 16:43:32.555062: Opening NSS database "sql:/etc/ipsec.d" read-only
  4. Jun 27 16:43:32.600727: NSS initialized
  5. Jun 27 16:43:32.600755: NSS crypto library initialized
  6. Jun 27 16:43:32.600758: FIPS HMAC integrity support [disabled]
  7. Jun 27 16:43:32.600836: libcap-ng support [enabled]
  8. Jun 27 16:43:32.600842: Linux audit support [disabled]
  9. Jun 27 16:43:32.600845: Starting Pluto (Libreswan Version v3.24-5-gb2b97fc-dirty-master XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2856
  10. Jun 27 16:43:32.600847: core dump dir: /run/pluto
  11. Jun 27 16:43:32.600849: secrets file: /etc/ipsec.secrets
  12. Jun 27 16:43:32.600851: leak-detective enabled
  13. Jun 27 16:43:32.600853: NSS crypto [enabled]
  14. Jun 27 16:43:32.600855: XAUTH PAM support [enabled]
  15. Jun 27 16:43:32.600921: | init_nat_traversal() initialized with keep_alive=0s
  16. Jun 27 16:43:32.600924: NAT-Traversal support [enabled]
  17. Jun 27 16:43:32.600943: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
  18. Jun 27 16:43:32.601040: | event_schedule: new EVENT_REINIT_SECRET-pe@0x559b0ecd1cb8
  19. Jun 27 16:43:32.601046: | inserting event EVENT_REINIT_SECRET, timeout in 3600.000 seconds
  20. Jun 27 16:43:32.601050: | event_schedule: new EVENT_PENDING_DDNS-pe@0x559b0ecd1e08
  21. Jun 27 16:43:32.601053: | inserting event EVENT_PENDING_DDNS, timeout in 60.000 seconds
  22. Jun 27 16:43:32.601055: | event_schedule: new EVENT_PENDING_PHASE2-pe@0x559b0ecd1f08
  23. Jun 27 16:43:32.601058: | inserting event EVENT_PENDING_PHASE2, timeout in 120.000 seconds
  24. Jun 27 16:43:32.601077: Encryption algorithms:
  25. Jun 27 16:43:32.601083: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
  26. Jun 27 16:43:32.601086: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
  27. Jun 27 16:43:32.601089: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
  28. Jun 27 16:43:32.601092: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
  29. Jun 27 16:43:32.601094: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
  30. Jun 27 16:43:32.601097: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
  31. Jun 27 16:43:32.601099: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
  32. Jun 27 16:43:32.601102: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
  33. Jun 27 16:43:32.601104: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
  34. Jun 27 16:43:32.601107: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
  35. Jun 27 16:43:32.601110: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
  36. Jun 27 16:43:32.601112: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
  37. Jun 27 16:43:32.601115: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
  38. Jun 27 16:43:32.601117: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
  39. Jun 27 16:43:32.601120: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
  40. Jun 27 16:43:32.601122: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
  41. Jun 27 16:43:32.601125: NULL IKEv1: ESP IKEv2: ESP []
  42. Jun 27 16:43:32.601134: Hash algorithms:
  43. Jun 27 16:43:32.601136: MD5 IKEv1: IKE IKEv2:
  44. Jun 27 16:43:32.601139: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
  45. Jun 27 16:43:32.601150: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
  46. Jun 27 16:43:32.601153: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
  47. Jun 27 16:43:32.601164: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
  48. Jun 27 16:43:32.601170: PRF algorithms:
  49. Jun 27 16:43:32.601173: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
  50. Jun 27 16:43:32.601175: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
  51. Jun 27 16:43:32.601177: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
  52. Jun 27 16:43:32.601179: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
  53. Jun 27 16:43:32.601182: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
  54. Jun 27 16:43:32.601184: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
  55. Jun 27 16:43:32.601191: Integrity algorithms:
  56. Jun 27 16:43:32.601194: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
  57. Jun 27 16:43:32.601196: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
  58. Jun 27 16:43:32.601199: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
  59. Jun 27 16:43:32.601201: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
  60. Jun 27 16:43:32.601203: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
  61. Jun 27 16:43:32.601206: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
  62. Jun 27 16:43:32.601208: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
  63. Jun 27 16:43:32.601210: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
  64. Jun 27 16:43:32.601219: DH algorithms:
  65. Jun 27 16:43:32.601221: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
  66. Jun 27 16:43:32.601223: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
  67. Jun 27 16:43:32.601226: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
  68. Jun 27 16:43:32.601228: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
  69. Jun 27 16:43:32.601230: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
  70. Jun 27 16:43:32.601232: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
  71. Jun 27 16:43:32.601234: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
  72. Jun 27 16:43:32.601237: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
  73. Jun 27 16:43:32.601239: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
  74. Jun 27 16:43:32.601241: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
  75. Jun 27 16:43:32.601244: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
  76. Jun 27 16:43:32.601246: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
  77. Jun 27 16:43:32.601248: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
  78. Jun 27 16:43:32.603224: starting up 2 crypto helpers
  79. Jun 27 16:43:32.603265: started thread for crypto helper 0
  80. Jun 27 16:43:32.603278: started thread for crypto helper 1
  81. Jun 27 16:43:32.603285: | ignoring microcode for XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0) -> MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_v1_RETRANSMIT
  82. Jun 27 16:43:32.603288: | MAIN_R0 (timeout: EVENT_NULL flags: 0)
  83. Jun 27 16:43:32.603290: | MAIN_I1 (timeout: EVENT_NULL flags: 0)
  84. Jun 27 16:43:32.603292: | MAIN_R1 (timeout: EVENT_SO_DISCARD flags: 200)
  85. Jun 27 16:43:32.603295: | MAIN_I2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
  86. Jun 27 16:43:32.603297: | MAIN_R2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
  87. Jun 27 16:43:32.603299: | MAIN_I3 (timeout: EVENT_v1_RETRANSMIT flags: 0)
  88. Jun 27 16:43:32.603301: | MAIN_R3 (timeout: EVENT_SA_REPLACE flags: 200)
  89. Jun 27 16:43:32.603303: | MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0)
  90. Jun 27 16:43:32.603305: | AGGR_R0 (timeout: EVENT_NULL flags: 0)
  91. Jun 27 16:43:32.603307: | AGGR_I1 (timeout: EVENT_NULL flags: 0)
  92. Jun 27 16:43:32.603313: | AGGR_R1 (timeout: EVENT_SO_DISCARD flags: 200)
  93. Jun 27 16:43:32.603316: | AGGR_I2 (timeout: EVENT_SA_REPLACE flags: 200)
  94. Jun 27 16:43:32.603318: | AGGR_R2 (timeout: EVENT_SA_REPLACE flags: 0)
  95. Jun 27 16:43:32.603320: | QUICK_R0 (timeout: EVENT_NULL flags: 0)
  96. Jun 27 16:43:32.603322: | QUICK_I1 (timeout: EVENT_NULL flags: 0)
  97. Jun 27 16:43:32.603324: | QUICK_R1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
  98. Jun 27 16:43:32.603326: | QUICK_I2 (timeout: EVENT_SA_REPLACE flags: 200)
  99. Jun 27 16:43:32.603328: | QUICK_R2 (timeout: EVENT_SA_REPLACE flags: 0)
  100. Jun 27 16:43:32.603330: | INFO (timeout: EVENT_NULL flags: 0)
  101. Jun 27 16:43:32.603332: | INFO_PROTECTED (timeout: EVENT_NULL flags: 0)
  102. Jun 27 16:43:32.603335: | XAUTH_R0 (timeout: EVENT_NULL flags: 0)
  103. Jun 27 16:43:32.603337: | XAUTH_R1 (timeout: EVENT_NULL flags: 0)
  104. Jun 27 16:43:32.603339: | MODE_CFG_R0 (timeout: EVENT_NULL flags: 0)
  105. Jun 27 16:43:32.603341: | MODE_CFG_R1 (timeout: EVENT_SA_REPLACE flags: 0)
  106. Jun 27 16:43:32.603343: | MODE_CFG_R2 (timeout: EVENT_SA_REPLACE flags: 0)
  107. Jun 27 16:43:32.603345: | MODE_CFG_I1 (timeout: EVENT_NULL flags: 0)
  108. Jun 27 16:43:32.603347: | XAUTH_I0 (timeout: EVENT_NULL flags: 0)
  109. Jun 27 16:43:32.603349: | XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
  110. Jun 27 16:43:32.603357: | Processing IKEv2 state V2_REKEY_IKE_I0 (microcode Initiate CREATE_CHILD_SA IKE Rekey)
  111. Jun 27 16:43:32.603359: | Processing IKEv2 state V2_REKEY_CHILD_I0 (microcode Initiate CREATE_CHILD_SA IPsec Rekey SA)
  112. Jun 27 16:43:32.603362: | Processing IKEv2 state V2_CREATE_I0 (microcode Initiate CREATE_CHILD_SA IPsec SA)
  113. Jun 27 16:43:32.603364: | Processing IKEv2 state PARENT_I0 (microcode initiate IKE_SA_INIT)
  114. Jun 27 16:43:32.603366: | Processing IKEv2 state PARENT_I1 (microcode Initiator: process SA_INIT reply notification)
  115. Jun 27 16:43:32.603369: | Processing IKEv2 state PARENT_I2 (microcode Initiator: process INVALID_SYNTAX AUTH notification)
  116. Jun 27 16:43:32.603371: | Processing IKEv2 state PARENT_R0 (microcode Respond to IKE_SA_INIT)
  117. Jun 27 16:43:32.603373: | Processing IKEv2 state PARENT_R1 (microcode Responder: process AUTH request (no SKEYSEED))
  118. Jun 27 16:43:32.603375: | Processing IKEv2 state V2_REKEY_IKE_R (microcode Respond to CREATE_CHILD_SA IKE Rekey)
  119. Jun 27 16:43:32.603378: | Processing IKEv2 state V2_REKEY_IKE_I (microcode Process CREATE_CHILD_SA IKE Rekey Response)
  120. Jun 27 16:43:32.603380: | Processing IKEv2 state V2_CREATE_I (microcode Process CREATE_CHILD_SA IPsec SA Response)
  121. Jun 27 16:43:32.603382: | Processing IKEv2 state V2_CREATE_R (microcode Respond to CREATE_CHILD_SA IPsec SA Request)
  122. Jun 27 16:43:32.603385: | Processing IKEv2 state PARENT_I3 (microcode I3: INFORMATIONAL Request)
  123. Jun 27 16:43:32.603387: | Processing IKEv2 state PARENT_R2 (microcode R2: process INFORMATIONAL Request)
  124. Jun 27 16:43:32.603390: | Processing IKEv2 state IKESA_DEL (microcode IKE_SA_DEL: process INFORMATIONAL)
  125. Jun 27 16:43:32.603393: | ignoring microcode for PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_RETAIN
  126. Jun 27 16:43:32.603396: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
  127. Jun 27 16:43:32.603399: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
  128. Jun 27 16:43:32.603402: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
  129. Jun 27 16:43:32.603404: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
  130. Jun 27 16:43:32.603407: | ignoring microcode for PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) -> PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) with event EVENT_SA_REPLACE
  131. Jun 27 16:43:32.603410: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
  132. Jun 27 16:43:32.603416: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
  133. Jun 27 16:43:32.603419: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
  134. Jun 27 16:43:32.603422: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
  135. Jun 27 16:43:32.603424: | IKEv2_BASE (timeout: EVENT_NULL flags: 0)
  136. Jun 27 16:43:32.603426: | PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0)
  137. Jun 27 16:43:32.603428: | PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0)
  138. Jun 27 16:43:32.603430: | PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0)
  139. Jun 27 16:43:32.603433: | PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0)
  140. Jun 27 16:43:32.603435: | PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0)
  141. Jun 27 16:43:32.603437: | V2_CREATE_I0 (timeout: EVENT_NULL flags: 0)
  142. Jun 27 16:43:32.603439: | V2_CREATE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
  143. Jun 27 16:43:32.603441: | V2_REKEY_IKE_I0 (timeout: EVENT_NULL flags: 0)
  144. Jun 27 16:43:32.603443: | V2_REKEY_IKE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
  145. Jun 27 16:43:32.603445: | V2_REKEY_CHILD_I0 (timeout: EVENT_NULL flags: 0)
  146. Jun 27 16:43:32.603447: | V2_REKEY_CHILD_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
  147. Jun 27 16:43:32.603450: | V2_CREATE_R (timeout: EVENT_NULL flags: 0)
  148. Jun 27 16:43:32.603452: | V2_REKEY_IKE_R (timeout: EVENT_NULL flags: 0)
  149. Jun 27 16:43:32.603454: | V2_REKEY_CHILD_R (timeout: EVENT_NULL flags: 0)
  150. Jun 27 16:43:32.603456: | V2_IPSEC_I (timeout: EVENT_SA_REPLACE flags: 0)
  151. Jun 27 16:43:32.603458: | V2_IPSEC_R (timeout: EVENT_SA_REPLACE flags: 0)
  152. Jun 27 16:43:32.603460: | IKESA_DEL (timeout: EVENT_RETAIN flags: 0)
  153. Jun 27 16:43:32.603462: | CHILDSA_DEL (timeout: EVENT_NULL flags: 0)
  154. Jun 27 16:43:32.603464: | PARENT_R0 (timeout: EVENT_NULL flags: 0)
  155. Jun 27 16:43:32.603466: | PARENT_I0 (timeout: EVENT_NULL flags: 0)
  156. Jun 27 16:43:32.603480: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-6-amd64
  157. Jun 27 16:43:32.603501: | process 2856 listening for PF_KEY_V2 on file descriptor 15
  158. Jun 27 16:43:32.603504: | kernel_alg_init()
  159. Jun 27 16:43:32.603508: | Hard-wiring new AEAD algorithms
  160. Jun 27 16:43:32.603512: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=18(ESP_AES_GCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  161. Jun 27 16:43:32.603516: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=19(ESP_AES_GCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  162. Jun 27 16:43:32.603518: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=20(ESP_AES_GCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  163. Jun 27 16:43:32.603521: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=14(ESP_AES_CCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  164. Jun 27 16:43:32.603524: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=15(ESP_AES_CCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  165. Jun 27 16:43:32.603527: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=16(ESP_AES_CCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  166. Jun 27 16:43:32.603530: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=23(ESP_NULL_AUTH_AES_GMAC), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  167. Jun 27 16:43:32.603532: | Hard-wiring new INTEG algorithms
  168. Jun 27 16:43:32.603535: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=250(AH_AES_CMAC_96), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
  169. Jun 27 16:43:32.603602: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
  170. Jun 27 16:43:32.603607: | 02 07 00 02 02 00 00 00 01 00 00 00 28 0b 00 00
  171. Jun 27 16:43:32.603683: | starting up helper thread 1
  172. Jun 27 16:43:32.603688: seccomp security for crypto helper not supported
  173. Jun 27 16:43:32.603692: | status value returned by setting the priority of this thread (crypto helper 1) 22
  174. Jun 27 16:43:32.603695: | crypto helper 1 waiting (nothing to do)
  175. Jun 27 16:43:32.603700: | starting up helper thread 0
  176. Jun 27 16:43:32.603702: seccomp security for crypto helper not supported
  177. Jun 27 16:43:32.603704: | status value returned by setting the priority of this thread (crypto helper 0) 22
  178. Jun 27 16:43:32.603706: | crypto helper 0 waiting (nothing to do)
  179. Jun 27 16:43:32.605403: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 1 for process 0
  180. Jun 27 16:43:32.605412: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 2 for process 0
  181. Jun 27 16:43:32.605416: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 3 for process 0
  182. Jun 27 16:43:32.605419: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 4 for process 0
  183. Jun 27 16:43:32.605423: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 5 for process 0
  184. Jun 27 16:43:32.605426: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 6 for process 0
  185. Jun 27 16:43:32.605429: | pfkey_get: K_SADB_REGISTER message 1
  186. Jun 27 16:43:32.605433: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72
  187. Jun 27 16:43:32.605436: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
  188. Jun 27 16:43:32.605439: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
  189. Jun 27 16:43:32.605442: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
  190. Jun 27 16:43:32.605445: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
  191. Jun 27 16:43:32.605448: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
  192. Jun 27 16:43:32.605450: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
  193. Jun 27 16:43:32.605453: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
  194. Jun 27 16:43:32.605456: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
  195. Jun 27 16:43:32.605458: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88
  196. Jun 27 16:43:32.605461: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
  197. Jun 27 16:43:32.605463: | kernel_alg_add(2,15,11) fails because alg combo is invalid
  198. Jun 27 16:43:32.605466: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
  199. Jun 27 16:43:32.605468: | kernel_alg_add(2,15,2) fails because alg combo is invalid
  200. Jun 27 16:43:32.605471: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
  201. Jun 27 16:43:32.605473: | kernel_alg_add(2,15,3) fails because alg combo is invalid
  202. Jun 27 16:43:32.605476: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
  203. Jun 27 16:43:32.605478: | kernel_alg_add(2,15,6) fails because alg combo is invalid
  204. Jun 27 16:43:32.605481: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
  205. Jun 27 16:43:32.605483: | kernel_alg_add(2,15,7) fails because alg combo is invalid
  206. Jun 27 16:43:32.605489: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  207. Jun 27 16:43:32.605492: | kernel_alg_add(2,15,12) fails because alg combo is invalid
  208. Jun 27 16:43:32.605495: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  209. Jun 27 16:43:32.605497: | kernel_alg_add(2,15,252) fails because alg combo is invalid
  210. Jun 27 16:43:32.605500: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  211. Jun 27 16:43:32.605502: | kernel_alg_add(2,15,22) fails because alg combo is invalid
  212. Jun 27 16:43:32.605504: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  213. Jun 27 16:43:32.605507: | kernel_alg_add(2,15,253) fails because alg combo is invalid
  214. Jun 27 16:43:32.605509: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
  215. Jun 27 16:43:32.605512: | kernel_alg_add(2,15,13) fails because alg combo is invalid
  216. Jun 27 16:43:32.605514: | AH registered with kernel.
  217. Jun 27 16:43:32.605517: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
  218. Jun 27 16:43:32.605519: | 02 07 00 03 02 00 00 00 02 00 00 00 28 0b 00 00
  219. Jun 27 16:43:32.607079: | pfkey_get: K_SADB_REGISTER message 2
  220. Jun 27 16:43:32.607087: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
  221. Jun 27 16:43:32.607091: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
  222. Jun 27 16:43:32.607094: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251
  223. Jun 27 16:43:32.607097: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
  224. Jun 27 16:43:32.607099: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2
  225. Jun 27 16:43:32.607102: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
  226. Jun 27 16:43:32.607104: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3
  227. Jun 27 16:43:32.607107: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
  228. Jun 27 16:43:32.607109: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5
  229. Jun 27 16:43:32.607112: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
  230. Jun 27 16:43:32.607114: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6
  231. Jun 27 16:43:32.607117: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
  232. Jun 27 16:43:32.607119: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7
  233. Jun 27 16:43:32.607122: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
  234. Jun 27 16:43:32.607124: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8
  235. Jun 27 16:43:32.607126: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
  236. Jun 27 16:43:32.607129: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9
  237. Jun 27 16:43:32.607131: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
  238. Jun 27 16:43:32.607134: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
  239. Jun 27 16:43:32.607140: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
  240. Jun 27 16:43:32.607143: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES(UNUSED)) - too weak
  241. Jun 27 16:43:32.607146: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
  242. Jun 27 16:43:32.607148: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
  243. Jun 27 16:43:32.607151: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
  244. Jun 27 16:43:32.607154: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH(UNUSED)) - too weak
  245. Jun 27 16:43:32.607156: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  246. Jun 27 16:43:32.607159: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  247. Jun 27 16:43:32.607162: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  248. Jun 27 16:43:32.607165: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
  249. Jun 27 16:43:32.607167: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
  250. Jun 27 16:43:32.607170: | ESP registered with kernel.
  251. Jun 27 16:43:32.607173: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
  252. Jun 27 16:43:32.607176: | 02 07 00 09 02 00 00 00 03 00 00 00 28 0b 00 00
  253. Jun 27 16:43:32.608733: | pfkey_get: K_SADB_REGISTER message 3
  254. Jun 27 16:43:32.608741: | IPCOMP registered with kernel.
  255. Jun 27 16:43:32.608748: | Registered AH, ESP and IPCOMP
  256. Jun 27 16:43:32.608752: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ecdec88
  257. Jun 27 16:43:32.608755: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
  258. Jun 27 16:43:32.608759: | setup kernel fd callback
  259. Jun 27 16:43:32.608929: | selinux support is NOT enabled.
  260. Jun 27 16:43:32.608937: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
  261. Jun 27 16:43:32.608939: watchdog: sending probes every 100 secs
  262. Jun 27 16:43:32.608952: | pluto_sd: executing action action: start(2), status 0
  263. Jun 27 16:43:32.608972: | event_schedule: new EVENT_SD_WATCHDOG-pe@0x559b0ecdef88
  264. Jun 27 16:43:32.608975: | inserting event EVENT_SD_WATCHDOG, timeout in 100.000 seconds
  265. Jun 27 16:43:32.609209: | unbound context created - setting debug level to 5
  266. Jun 27 16:43:32.609236: | /etc/hosts lookups activated
  267. Jun 27 16:43:32.609254: | /etc/resolv.conf usage activated
  268. Jun 27 16:43:32.609258: | Loading dnssec root key from:/var/lib/unbound/root.key
  269. Jun 27 16:43:32.609261: | No additional dnssec trust anchors defined via dnssec-trusted= option
  270. Jun 27 16:43:32.609263: | Setting up events, loop start
  271. Jun 27 16:43:32.609506: | created addconn helper (pid:2886) using fork+execve
  272. Jun 27 16:43:32.609517: | forked child 2886
  273. Jun 27 16:43:32.609529: | pid table: inserting object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 into list 0x559b0e2f18e0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
  274. Jun 27 16:43:32.609533: | pid table: inserted object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
  275. Jun 27 16:43:32.609536: | pid table: list entry 0x559b0e2f18e0 is HEAD (older 0x559b0ece1ee0 newer 0x559b0ece1ee0)
  276. Jun 27 16:43:32.609538: seccomp security not supported
  277. Jun 27 16:43:32.615975: | Added new connection v6neighbor-hole-in with policy AUTH_NEVER+PASS+NEVER_NEGOTIATE
  278. Jun 27 16:43:32.615999: | counting wild cards for ::1 is 0
  279. Jun 27 16:43:32.616004: | counting wild cards for %any is 0
  280. Jun 27 16:43:32.616010: added connection description "v6neighbor-hole-in"
  281. Jun 27 16:43:32.616021: | ::/0===::1<::1>:58/34560...%any:58/34816===::/0
  282. Jun 27 16:43:32.616025: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE
  283. Jun 27 16:43:32.616067: | Added new connection v6neighbor-hole-out with policy AUTH_NEVER+PASS+NEVER_NEGOTIATE
  284. Jun 27 16:43:32.616074: | counting wild cards for ::1 is 0
  285. Jun 27 16:43:32.616077: | counting wild cards for %any is 0
  286. Jun 27 16:43:32.616080: added connection description "v6neighbor-hole-out"
  287. Jun 27 16:43:32.616086: | ::/0===::1<::1>:58/34816...%any:58/34560===::/0
  288. Jun 27 16:43:32.616089: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE
  289. Jun 27 16:43:32.616127: | Added new connection xauth-aggr with policy PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
  290. Jun 27 16:43:32.616134: | counting wild cards for 192.168.1.137 is 0
  291. Jun 27 16:43:32.616137: | counting wild cards for (none) is 15
  292. Jun 27 16:43:32.616141: | add new addresspool to global pools 192.168.20.2-192.168.20.10 size 9 ptr 0x559b0ece3158
  293. Jun 27 16:43:32.616144: | based upon policy, the connection is a template.
  294. Jun 27 16:43:32.616147: | reference addresspool of conn xauth-aggr[0] kind CK_TEMPLATE refcnt 0
  295. Jun 27 16:43:32.616149: added connection description "xauth-aggr"
  296. Jun 27 16:43:32.616156: | 0.0.0.0/0===192.168.1.137<192.168.1.137>[MS+XS+S=C]...%any[+MC+XC+S=C]
  297. Jun 27 16:43:32.616160: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
  298. Jun 27 16:43:32.616205: | Added new connection xauth with policy PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
  299. Jun 27 16:43:32.616212: | counting wild cards for 192.168.1.137 is 0
  300. Jun 27 16:43:32.616215: | counting wild cards for (none) is 15
  301. Jun 27 16:43:32.616218: | re-use addresspool 192.168.20.2-192.168.20.10 exists ref count 1 used 0 size 9 ptr 0x559b0ece3158 re-use it
  302. Jun 27 16:43:32.616220: | based upon policy, the connection is a template.
  303. Jun 27 16:43:32.616223: | reference addresspool of conn xauth[0] kind CK_TEMPLATE refcnt 1
  304. Jun 27 16:43:32.616225: added connection description "xauth"
  305. Jun 27 16:43:32.616231: | 0.0.0.0/0===192.168.1.137<192.168.1.137>[MS+XS+S=C]...%any[+MC+XC+S=C]
  306. Jun 27 16:43:32.616235: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
  307. Jun 27 16:43:32.616271: | pluto_sd: executing action action: reloading(4), status 0
  308. Jun 27 16:43:32.616286: listening for IKE messages
  309. Jun 27 16:43:32.616304: | Inspecting interface lo
  310. Jun 27 16:43:32.616308: | found lo with address 127.0.0.1
  311. Jun 27 16:43:32.616310: | Inspecting interface eth0
  312. Jun 27 16:43:32.616313: | found eth0 with address 192.168.1.137
  313. Jun 27 16:43:32.616333: adding interface eth0/eth0 192.168.1.137:500
  314. Jun 27 16:43:32.616343: | NAT-Traversal: Trying sockopt style NAT-T
  315. Jun 27 16:43:32.616346: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
  316. Jun 27 16:43:32.616349: adding interface eth0/eth0 192.168.1.137:4500
  317. Jun 27 16:43:32.616358: adding interface lo/lo 127.0.0.1:500
  318. Jun 27 16:43:32.616367: | NAT-Traversal: Trying sockopt style NAT-T
  319. Jun 27 16:43:32.616370: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
  320. Jun 27 16:43:32.616372: adding interface lo/lo 127.0.0.1:4500
  321. Jun 27 16:43:32.616407: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
  322. Jun 27 16:43:32.616434: adding interface lo/lo ::1:500
  323. Jun 27 16:43:32.616441: | connect_to_host_pair: 192.168.1.137:500 0.0.0.0:500 -> hp:none
  324. Jun 27 16:43:32.616444: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
  325. Jun 27 16:43:32.616447: | connect_to_host_pair: 192.168.1.137:500 0.0.0.0:500 -> hp:xauth
  326. Jun 27 16:43:32.616449: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
  327. Jun 27 16:43:32.616452: | connect_to_host_pair: ::1:500 :::500 -> hp:none
  328. Jun 27 16:43:32.616455: | find_host_pair: comparing ::1:500 to :::500
  329. Jun 27 16:43:32.616457: | connect_to_host_pair: ::1:500 :::500 -> hp:v6neighbor-hole-out
  330. Jun 27 16:43:32.616466: | setup callback for interface lo:500 fd 20
  331. Jun 27 16:43:32.616470: | setup callback for interface lo:4500 fd 19
  332. Jun 27 16:43:32.616473: | setup callback for interface lo:500 fd 18
  333. Jun 27 16:43:32.616476: | setup callback for interface eth0:4500 fd 17
  334. Jun 27 16:43:32.616480: | setup callback for interface eth0:500 fd 16
  335. Jun 27 16:43:32.616485: | certs and keys locked by 'free_preshared_secrets'
  336. Jun 27 16:43:32.616487: | certs and keys unlocked by 'free_preshard_secrets'
  337. Jun 27 16:43:32.616503: loading secrets from "/etc/ipsec.secrets"
  338. Jun 27 16:43:32.616533: loading secrets from "/etc/ipsec.d/xauth.secrets"
  339. Jun 27 16:43:32.616540: | id type added to secret(0x559b0ece4998) PKK_PSK: 192.168.1.137
  340. Jun 27 16:43:32.616543: WARNING: using a weak secret (PSK)
  341. Jun 27 16:43:32.616547: | Processing PSK at line 1: passed
  342. Jun 27 16:43:32.616549: | certs and keys locked by 'process_secret'
  343. Jun 27 16:43:32.616552: | certs and keys unlocked by 'process_secret'
  344. Jun 27 16:43:32.616563: | pluto_sd: executing action action: ready(5), status 0
  345. Jun 27 16:43:32.616677: | processing: start connection "v6neighbor-hole-in" (in whack_route_connection() at rcv_whack.c:106)
  346. Jun 27 16:43:32.616685: | could_route called for v6neighbor-hole-in (kind=CK_PERMANENT)
  347. Jun 27 16:43:32.616688: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  348. Jun 27 16:43:32.616690: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  349. Jun 27 16:43:32.616692: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  350. Jun 27 16:43:32.616694: | conn xauth mark 0/00000000, 0/00000000
  351. Jun 27 16:43:32.616697: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  352. Jun 27 16:43:32.616699: | conn xauth-aggr mark 0/00000000, 0/00000000
  353. Jun 27 16:43:32.616701: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  354. Jun 27 16:43:32.616703: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
  355. Jun 27 16:43:32.616707: | route owner of "v6neighbor-hole-in" unrouted: NULL; eroute owner: NULL
  356. Jun 27 16:43:32.616709: | route_and_eroute() for proto 58, and source port 34560 dest port 34816
  357. Jun 27 16:43:32.616712: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  358. Jun 27 16:43:32.616714: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  359. Jun 27 16:43:32.616716: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  360. Jun 27 16:43:32.616718: | conn xauth mark 0/00000000, 0/00000000
  361. Jun 27 16:43:32.616720: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  362. Jun 27 16:43:32.616723: | conn xauth-aggr mark 0/00000000, 0/00000000
  363. Jun 27 16:43:32.616725: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  364. Jun 27 16:43:32.616727: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
  365. Jun 27 16:43:32.616730: | route owner of "v6neighbor-hole-in" unrouted: NULL; eroute owner: NULL
  366. Jun 27 16:43:32.616734: | route_and_eroute with c: v6neighbor-hole-in (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
  367. Jun 27 16:43:32.616737: | shunt_eroute() called for connection 'v6neighbor-hole-in' to 'add' for rt_kind 'prospective erouted' using protoports 58--34560->-34816
  368. Jun 27 16:43:32.616740: | netlink_shunt_eroute for proto 58, and source port 34560 dest port 34816
  369. Jun 27 16:43:32.616743: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
  370. Jun 27 16:43:32.616746: | netlink_raw_eroute: SPI_PASS
  371. Jun 27 16:43:32.616752: | IPsec Sa SPD priority set to 1
  372. Jun 27 16:43:32.616774: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
  373. Jun 27 16:43:32.616777: | netlink_raw_eroute: SPI_PASS
  374. Jun 27 16:43:32.616779: | IPsec Sa SPD priority set to 1
  375. Jun 27 16:43:32.616788: | route_and_eroute: firewall_notified: true
  376. Jun 27 16:43:32.616791: | running updown command "ipsec _updown" for verb prepare
  377. Jun 27 16:43:32.616793: | command executing prepare-client-v6
  378. Jun 27 16:43:32.616808: | executing prepare-client-v6: PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  379. Jun 27 16:43:32.616811: | popen cmd is 902 chars long
  380. Jun 27 16:43:32.616814: | cmd( 0):PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
  381. Jun 27 16:43:32.616816: | cmd( 80):hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':
  382. Jun 27 16:43:32.616819: | cmd( 160):::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' P:
  383. Jun 27 16:43:32.616821: | cmd( 240):LUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER=':::
  384. Jun 27 16:43:32.616823: | cmd( 320):' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO:
  385. Jun 27 16:43:32.616825: | cmd( 400):_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PE:
  386. Jun 27 16:43:32.616827: | cmd( 480):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PA:
  387. Jun 27 16:43:32.616829: | cmd( 560):SS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' :
  388. Jun 27 16:43:32.616831: | cmd( 640):XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_:
  389. Jun 27 16:43:32.616833: | cmd( 720):INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_:
  390. Jun 27 16:43:32.616836: | cmd( 800):CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=:
  391. Jun 27 16:43:32.616838: | cmd( 880):0x0 ipsec _updown 2>&1:
  392. Jun 27 16:43:32.619188: | running updown command "ipsec _updown" for verb route
  393. Jun 27 16:43:32.619199: | command executing route-client-v6
  394. Jun 27 16:43:32.619216: | executing route-client-v6: PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  395. Jun 27 16:43:32.619219: | popen cmd is 900 chars long
  396. Jun 27 16:43:32.619222: | cmd( 0):PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-ho:
  397. Jun 27 16:43:32.619229: | cmd( 80):le-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':::
  398. Jun 27 16:43:32.619231: | cmd( 160):/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLU:
  399. Jun 27 16:43:32.619234: | cmd( 240):TO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' :
  400. Jun 27 16:43:32.619236: | cmd( 320):PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_P:
  401. Jun 27 16:43:32.619238: | cmd( 400):EER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER:
  402. Jun 27 16:43:32.619240: | cmd( 480):_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS:
  403. Jun 27 16:43:32.619242: | cmd( 560):+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XA:
  404. Jun 27 16:43:32.619244: | cmd( 640):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN:
  405. Jun 27 16:43:32.619246: | cmd( 720):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO:
  406. Jun 27 16:43:32.619249: | cmd( 800):NFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x:
  407. Jun 27 16:43:32.619251: | cmd( 880):0 ipsec _updown 2>&1:
  408. Jun 27 16:43:32.621366: | processing: stop connection "v6neighbor-hole-in" (in whack_route_connection() at rcv_whack.c:116)
  409. Jun 27 16:43:32.621395: | waitpid returned nothing left to do (all child processes are busy)
  410. Jun 27 16:43:32.621399: | waitpid returned nothing left to do (all child processes are busy)
  411. Jun 27 16:43:32.621436: | processing: start connection "v6neighbor-hole-out" (in whack_route_connection() at rcv_whack.c:106)
  412. Jun 27 16:43:32.621441: | could_route called for v6neighbor-hole-out (kind=CK_PERMANENT)
  413. Jun 27 16:43:32.621444: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  414. Jun 27 16:43:32.621447: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
  415. Jun 27 16:43:32.621449: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  416. Jun 27 16:43:32.621451: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  417. Jun 27 16:43:32.621454: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  418. Jun 27 16:43:32.621456: | conn xauth mark 0/00000000, 0/00000000
  419. Jun 27 16:43:32.621458: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  420. Jun 27 16:43:32.621461: | conn xauth-aggr mark 0/00000000, 0/00000000
  421. Jun 27 16:43:32.621465: | route owner of "v6neighbor-hole-out" unrouted: NULL; eroute owner: NULL
  422. Jun 27 16:43:32.621468: | route_and_eroute() for proto 58, and source port 34816 dest port 34560
  423. Jun 27 16:43:32.621470: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  424. Jun 27 16:43:32.621472: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
  425. Jun 27 16:43:32.621475: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  426. Jun 27 16:43:32.621477: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  427. Jun 27 16:43:32.621479: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  428. Jun 27 16:43:32.621481: | conn xauth mark 0/00000000, 0/00000000
  429. Jun 27 16:43:32.621484: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  430. Jun 27 16:43:32.621486: | conn xauth-aggr mark 0/00000000, 0/00000000
  431. Jun 27 16:43:32.621489: | route owner of "v6neighbor-hole-out" unrouted: NULL; eroute owner: NULL
  432. Jun 27 16:43:32.621492: | route_and_eroute with c: v6neighbor-hole-out (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
  433. Jun 27 16:43:32.621495: | shunt_eroute() called for connection 'v6neighbor-hole-out' to 'add' for rt_kind 'prospective erouted' using protoports 58--34816->-34560
  434. Jun 27 16:43:32.621497: | netlink_shunt_eroute for proto 58, and source port 34816 dest port 34560
  435. Jun 27 16:43:32.621501: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
  436. Jun 27 16:43:32.621504: | netlink_raw_eroute: SPI_PASS
  437. Jun 27 16:43:32.621506: | IPsec Sa SPD priority set to 1
  438. Jun 27 16:43:32.621521: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
  439. Jun 27 16:43:32.621528: | netlink_raw_eroute: SPI_PASS
  440. Jun 27 16:43:32.621530: | IPsec Sa SPD priority set to 1
  441. Jun 27 16:43:32.621550: | route_and_eroute: firewall_notified: true
  442. Jun 27 16:43:32.621553: | running updown command "ipsec _updown" for verb prepare
  443. Jun 27 16:43:32.621555: | command executing prepare-client-v6
  444. Jun 27 16:43:32.621570: | executing prepare-client-v6: PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  445. Jun 27 16:43:32.621573: | popen cmd is 903 chars long
  446. Jun 27 16:43:32.621576: | cmd( 0):PLUTO_VERB='prepare-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
  447. Jun 27 16:43:32.621578: | cmd( 80):hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=:
  448. Jun 27 16:43:32.621581: | cmd( 160):'::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' :
  449. Jun 27 16:43:32.621583: | cmd( 240):PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::
  450. Jun 27 16:43:32.621585: | cmd( 320)::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUT:
  451. Jun 27 16:43:32.621587: | cmd( 400):O_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_P:
  452. Jun 27 16:43:32.621590: | cmd( 480):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+P:
  453. Jun 27 16:43:32.621592: | cmd( 560):ASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6':
  454. Jun 27 16:43:32.621594: | cmd( 640): XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN:
  455. Jun 27 16:43:32.621596: | cmd( 720):_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM:
  456. Jun 27 16:43:32.621599: | cmd( 800):_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT:
  457. Jun 27 16:43:32.621601: | cmd( 880):=0x0 ipsec _updown 2>&1:
  458. Jun 27 16:43:32.623909: | running updown command "ipsec _updown" for verb route
  459. Jun 27 16:43:32.623926: | command executing route-client-v6
  460. Jun 27 16:43:32.623948: | executing route-client-v6: PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  461. Jun 27 16:43:32.623952: | popen cmd is 901 chars long
  462. Jun 27 16:43:32.623954: | cmd( 0):PLUTO_VERB='route-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-ho:
  463. Jun 27 16:43:32.623957: | cmd( 80):le-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::
  464. Jun 27 16:43:32.623965: | cmd( 160)::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PL:
  465. Jun 27 16:43:32.623968: | cmd( 240):UTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::':
  466. Jun 27 16:43:32.623970: | cmd( 320): PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_:
  467. Jun 27 16:43:32.623972: | cmd( 400):PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEE:
  468. Jun 27 16:43:32.623975: | cmd( 480):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PAS:
  469. Jun 27 16:43:32.623977: | cmd( 560):S+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' X:
  470. Jun 27 16:43:32.623979: | cmd( 640):AUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_I:
  471. Jun 27 16:43:32.623981: | cmd( 720):NFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_C:
  472. Jun 27 16:43:32.623983: | cmd( 800):ONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0:
  473. Jun 27 16:43:32.623986: | cmd( 880):x0 ipsec _updown 2>&1:
  474. Jun 27 16:43:32.626441: | processing: stop connection "v6neighbor-hole-out" (in whack_route_connection() at rcv_whack.c:116)
  475. Jun 27 16:43:32.626494: | waitpid returned nothing left to do (all child processes are busy)
  476. Jun 27 16:43:32.626498: | waitpid returned nothing left to do (all child processes are busy)
  477. Jun 27 16:43:32.626924: | waitpid returned pid 2886 (exited with status 0)
  478. Jun 27 16:43:32.626935: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  479. Jun 27 16:43:32.626939: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  480. Jun 27 16:43:32.626941: | reaped addconn helper child (status 0)
  481. Jun 27 16:43:32.626946: | pid table: removing object 0x559b0ece1ed8 (addconn pid 2886) entry 0x559b0ece1ee0 (older 0x559b0e2f18e0 newer 0x559b0e2f18e0)
  482. Jun 27 16:43:32.626948: | pid table: empty
  483. Jun 27 16:43:32.626956: | waitpid returned ECHILD (no child processes left)
  484. Jun 27 16:43:46.407761: | *received 1168 bytes from 192.168.1.138:500 on eth0 (port=500)
  485. Jun 27 16:43:46.407800: | 10 78 8d 8e 71 84 24 7b 00 00 00 00 00 00 00 00
  486. Jun 27 16:43:46.407804: | 01 10 04 00 00 00 00 00 00 00 04 90 04 00 02 cc
  487. Jun 27 16:43:46.407807: | 00 00 00 01 00 00 00 01 00 00 02 c0 01 01 00 12
  488. Jun 27 16:43:46.407810: | 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
  489. Jun 27 16:43:46.407813: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  490. Jun 27 16:43:46.407816: | 00 0c 00 04 00 01 51 80 03 00 00 28 02 01 00 00
  491. Jun 27 16:43:46.407819: | 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 02
  492. Jun 27 16:43:46.407822: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  493. Jun 27 16:43:46.407825: | 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 00 c0
  494. Jun 27 16:43:46.407828: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  495. Jun 27 16:43:46.407831: | 00 0c 00 04 00 01 51 80 03 00 00 28 04 01 00 00
  496. Jun 27 16:43:46.407835: | 80 01 00 07 80 0e 00 c0 80 02 00 02 80 04 00 02
  497. Jun 27 16:43:46.407838: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  498. Jun 27 16:43:46.407841: | 03 00 00 28 05 01 00 00 80 01 00 07 80 0e 00 80
  499. Jun 27 16:43:46.407844: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  500. Jun 27 16:43:46.407847: | 00 0c 00 04 00 01 51 80 03 00 00 28 06 01 00 00
  501. Jun 27 16:43:46.407850: | 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 02
  502. Jun 27 16:43:46.407853: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  503. Jun 27 16:43:46.407856: | 03 00 00 28 07 01 00 00 80 01 00 03 80 0e 01 00
  504. Jun 27 16:43:46.407859: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  505. Jun 27 16:43:46.407862: | 00 0c 00 04 00 01 51 80 03 00 00 28 08 01 00 00
  506. Jun 27 16:43:46.407865: | 80 01 00 03 80 0e 01 00 80 02 00 02 80 04 00 02
  507. Jun 27 16:43:46.407868: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  508. Jun 27 16:43:46.407871: | 03 00 00 28 09 01 00 00 80 01 00 03 80 0e 00 c0
  509. Jun 27 16:43:46.407874: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  510. Jun 27 16:43:46.407885: | 00 0c 00 04 00 01 51 80 03 00 00 28 0a 01 00 00
  511. Jun 27 16:43:46.407888: | 80 01 00 03 80 0e 00 c0 80 02 00 02 80 04 00 02
  512. Jun 27 16:43:46.407891: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  513. Jun 27 16:43:46.407894: | 03 00 00 28 0b 01 00 00 80 01 00 03 80 0e 00 80
  514. Jun 27 16:43:46.407897: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  515. Jun 27 16:43:46.407900: | 00 0c 00 04 00 01 51 80 03 00 00 28 0c 01 00 00
  516. Jun 27 16:43:46.407903: | 80 01 00 03 80 0e 00 80 80 02 00 02 80 04 00 02
  517. Jun 27 16:43:46.407906: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  518. Jun 27 16:43:46.407909: | 03 00 00 24 0d 01 00 00 80 01 00 05 80 02 00 01
  519. Jun 27 16:43:46.407912: | 80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04
  520. Jun 27 16:43:46.407915: | 00 01 51 80 03 00 00 24 0e 01 00 00 80 01 00 05
  521. Jun 27 16:43:46.407918: | 80 02 00 02 80 04 00 02 80 03 fd e9 80 0b 00 01
  522. Jun 27 16:43:46.407921: | 00 0c 00 04 00 01 51 80 03 00 00 24 0f 01 00 00
  523. Jun 27 16:43:46.407924: | 80 01 00 06 80 02 00 01 80 04 00 02 80 03 fd e9
  524. Jun 27 16:43:46.407927: | 80 0b 00 01 00 0c 00 04 00 01 51 80 03 00 00 24
  525. Jun 27 16:43:46.407930: | 10 01 00 00 80 01 00 06 80 02 00 02 80 04 00 02
  526. Jun 27 16:43:46.407933: | 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  527. Jun 27 16:43:46.407936: | 03 00 00 24 11 01 00 00 80 01 00 01 80 02 00 01
  528. Jun 27 16:43:46.407939: | 80 04 00 02 80 03 fd e9 80 0b 00 01 00 0c 00 04
  529. Jun 27 16:43:46.407942: | 00 01 51 80 00 00 00 24 12 01 00 00 80 01 00 01
  530. Jun 27 16:43:46.407945: | 80 02 00 02 80 04 00 02 80 03 fd e9 80 0b 00 01
  531. Jun 27 16:43:46.407947: | 00 0c 00 04 00 01 51 80 0a 00 00 84 8a 4b 9f 17
  532. Jun 27 16:43:46.407950: | f3 4f cf 1a c3 00 f5 d6 35 38 62 22 2e 76 cf 32
  533. Jun 27 16:43:46.407953: | a6 0b 75 0f 64 7f fe c0 16 02 fc a8 c5 a9 a4 d6
  534. Jun 27 16:43:46.407956: | ca 19 36 e6 37 30 95 fc f2 63 ca cb 4c 6b ed 2c
  535. Jun 27 16:43:46.407959: | 8c 51 04 21 cc bb cd c9 17 5a d8 48 7b 77 e6 c2
  536. Jun 27 16:43:46.407962: | 62 fa 32 cb 6a 53 c5 7d 78 44 4a 6d 28 f7 a2 5e
  537. Jun 27 16:43:46.407965: | 61 07 7d f9 f8 c3 ef 54 47 26 17 6c 0b 23 9e 9d
  538. Jun 27 16:43:46.407968: | 06 20 d3 4d cb b1 00 49 2f 1b 82 e3 fd 96 78 44
  539. Jun 27 16:43:46.407971: | ca ed 9e c1 04 23 97 78 c4 da 74 7f 05 00 00 18
  540. Jun 27 16:43:46.407993: | 24 e7 e8 87 de 28 85 95 e1 15 f8 1a 1f 75 16 2f
  541. Jun 27 16:43:46.407995: | ed 2e ac 61 0d 00 00 08 02 00 00 00 0d 00 00 0c
  542. Jun 27 16:43:46.408008: | 09 00 26 89 df d6 b7 12 0d 00 00 14 44 85 15 2d
  543. Jun 27 16:43:46.408010: | 18 b6 bb cd 0b e8 a8 46 95 79 dd cc 0d 00 00 14
  544. Jun 27 16:43:46.408013: | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62
  545. Jun 27 16:43:46.408015: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5
  546. Jun 27 16:43:46.408017: | ec 42 7b 1f 0d 00 00 14 7d 94 19 a6 53 10 ca 6f
  547. Jun 27 16:43:46.408019: | 2c 17 9d 92 15 52 9d 56 0d 00 00 14 4a 13 1c 81
  548. Jun 27 16:43:46.408022: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 18
  549. Jun 27 16:43:46.408024: | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
  550. Jun 27 16:43:46.408026: | 80 00 00 00 0d 00 00 14 af ca d7 13 68 a1 f1 c9
  551. Jun 27 16:43:46.408028: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 3b 90 31 dc
  552. Jun 27 16:43:46.408031: | e4 fc f8 8b 48 9a 92 39 63 dd 0c 49 0d 00 00 14
  553. Jun 27 16:43:46.408042: | f1 4b 94 b7 bf f1 fe f0 27 73 b8 c4 9f ed ed 26
  554. Jun 27 16:43:46.408044: | 0d 00 00 18 16 6f 93 2d 55 eb 64 d8 e4 df 4f d3
  555. Jun 27 16:43:46.408046: | 7e 23 13 f0 d0 fd 84 51 0d 00 00 14 84 04 ad f9
  556. Jun 27 16:43:46.408049: | cd a0 57 60 b2 ca 29 2e 4b ff 53 7b 00 00 00 14
  557. Jun 27 16:43:46.408051: | 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
  558. Jun 27 16:43:46.408057: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  559. Jun 27 16:43:46.408063: | **parse ISAKMP Message:
  560. Jun 27 16:43:46.408066: | initiator cookie:
  561. Jun 27 16:43:46.408068: | 10 78 8d 8e 71 84 24 7b
  562. Jun 27 16:43:46.408071: | responder cookie:
  563. Jun 27 16:43:46.408077: | 00 00 00 00 00 00 00 00
  564. Jun 27 16:43:46.408080: | next payload type: ISAKMP_NEXT_SA (0x1)
  565. Jun 27 16:43:46.408083: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  566. Jun 27 16:43:46.408086: | exchange type: ISAKMP_XCHG_AGGR (0x4)
  567. Jun 27 16:43:46.408090: | flags: none (0x0)
  568. Jun 27 16:43:46.408092: | message ID: 00 00 00 00
  569. Jun 27 16:43:46.408095: | length: 1168 (0x490)
  570. Jun 27 16:43:46.408098: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_AGGR (4)
  571. Jun 27 16:43:46.408104: | icookie table: hash icookie 10 78 8d 8e 71 84 24 7b to 1034384676883124323 slot 0x559b0e2ebf40
  572. Jun 27 16:43:46.408107: | v1 state object not found
  573. Jun 27 16:43:46.408110: | #null state always idle
  574. Jun 27 16:43:46.408113: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x432opt: 0x102000
  575. Jun 27 16:43:46.408116: | ***parse ISAKMP Security Association Payload:
  576. Jun 27 16:43:46.408118: | next payload type: ISAKMP_NEXT_KE (0x4)
  577. Jun 27 16:43:46.408121: | length: 716 (0x2cc)
  578. Jun 27 16:43:46.408123: | DOI: ISAKMP_DOI_IPSEC (0x1)
  579. Jun 27 16:43:46.408126: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x430opt: 0x102000
  580. Jun 27 16:43:46.408128: | ***parse ISAKMP Key Exchange Payload:
  581. Jun 27 16:43:46.408131: | next payload type: ISAKMP_NEXT_NONCE (0xa)
  582. Jun 27 16:43:46.408133: | length: 132 (0x84)
  583. Jun 27 16:43:46.408136: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x420opt: 0x102000
  584. Jun 27 16:43:46.408138: | ***parse ISAKMP Nonce Payload:
  585. Jun 27 16:43:46.408140: | next payload type: ISAKMP_NEXT_ID (0x5)
  586. Jun 27 16:43:46.408143: | length: 24 (0x18)
  587. Jun 27 16:43:46.408145: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x20opt: 0x102000
  588. Jun 27 16:43:46.408148: | ***parse ISAKMP Identification Payload:
  589. Jun 27 16:43:46.408150: | next payload type: ISAKMP_NEXT_VID (0xd)
  590. Jun 27 16:43:46.408153: | length: 8 (0x8)
  591. Jun 27 16:43:46.408155: | ID type: ID_FQDN (0x2)
  592. Jun 27 16:43:46.408158: | DOI specific A: 0 (0x0)
  593. Jun 27 16:43:46.408160: | DOI specific B: 0 (0x0)
  594. Jun 27 16:43:46.408162: | obj:
  595. Jun 27 16:43:46.408165: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  596. Jun 27 16:43:46.408167: | ***parse ISAKMP Vendor ID Payload:
  597. Jun 27 16:43:46.408169: | next payload type: ISAKMP_NEXT_VID (0xd)
  598. Jun 27 16:43:46.408172: | length: 12 (0xc)
  599. Jun 27 16:43:46.408174: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  600. Jun 27 16:43:46.408176: | ***parse ISAKMP Vendor ID Payload:
  601. Jun 27 16:43:46.408178: | next payload type: ISAKMP_NEXT_VID (0xd)
  602. Jun 27 16:43:46.408181: | length: 20 (0x14)
  603. Jun 27 16:43:46.408183: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  604. Jun 27 16:43:46.408185: | ***parse ISAKMP Vendor ID Payload:
  605. Jun 27 16:43:46.408187: | next payload type: ISAKMP_NEXT_VID (0xd)
  606. Jun 27 16:43:46.408190: | length: 20 (0x14)
  607. Jun 27 16:43:46.408192: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  608. Jun 27 16:43:46.408194: | ***parse ISAKMP Vendor ID Payload:
  609. Jun 27 16:43:46.408196: | next payload type: ISAKMP_NEXT_VID (0xd)
  610. Jun 27 16:43:46.408198: | length: 20 (0x14)
  611. Jun 27 16:43:46.408201: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  612. Jun 27 16:43:46.408203: | ***parse ISAKMP Vendor ID Payload:
  613. Jun 27 16:43:46.408205: | next payload type: ISAKMP_NEXT_VID (0xd)
  614. Jun 27 16:43:46.408207: | length: 20 (0x14)
  615. Jun 27 16:43:46.408210: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  616. Jun 27 16:43:46.408212: | ***parse ISAKMP Vendor ID Payload:
  617. Jun 27 16:43:46.408214: | next payload type: ISAKMP_NEXT_VID (0xd)
  618. Jun 27 16:43:46.408216: | length: 20 (0x14)
  619. Jun 27 16:43:46.408219: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  620. Jun 27 16:43:46.408221: | ***parse ISAKMP Vendor ID Payload:
  621. Jun 27 16:43:46.408223: | next payload type: ISAKMP_NEXT_VID (0xd)
  622. Jun 27 16:43:46.408225: | length: 24 (0x18)
  623. Jun 27 16:43:46.408228: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  624. Jun 27 16:43:46.408230: | ***parse ISAKMP Vendor ID Payload:
  625. Jun 27 16:43:46.408234: | next payload type: ISAKMP_NEXT_VID (0xd)
  626. Jun 27 16:43:46.408236: | length: 20 (0x14)
  627. Jun 27 16:43:46.408239: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  628. Jun 27 16:43:46.408241: | ***parse ISAKMP Vendor ID Payload:
  629. Jun 27 16:43:46.408243: | next payload type: ISAKMP_NEXT_VID (0xd)
  630. Jun 27 16:43:46.408245: | length: 20 (0x14)
  631. Jun 27 16:43:46.408248: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  632. Jun 27 16:43:46.408250: | ***parse ISAKMP Vendor ID Payload:
  633. Jun 27 16:43:46.408252: | next payload type: ISAKMP_NEXT_VID (0xd)
  634. Jun 27 16:43:46.408254: | length: 20 (0x14)
  635. Jun 27 16:43:46.408257: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  636. Jun 27 16:43:46.408259: | ***parse ISAKMP Vendor ID Payload:
  637. Jun 27 16:43:46.408261: | next payload type: ISAKMP_NEXT_VID (0xd)
  638. Jun 27 16:43:46.408263: | length: 24 (0x18)
  639. Jun 27 16:43:46.408266: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  640. Jun 27 16:43:46.408268: | ***parse ISAKMP Vendor ID Payload:
  641. Jun 27 16:43:46.408270: | next payload type: ISAKMP_NEXT_VID (0xd)
  642. Jun 27 16:43:46.408272: | length: 20 (0x14)
  643. Jun 27 16:43:46.408275: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
  644. Jun 27 16:43:46.408277: | ***parse ISAKMP Vendor ID Payload:
  645. Jun 27 16:43:46.408279: | next payload type: ISAKMP_NEXT_NONE (0x0)
  646. Jun 27 16:43:46.408281: | length: 20 (0x14)
  647. Jun 27 16:43:46.408287: | received Vendor ID payload [XAUTH]
  648. Jun 27 16:43:46.408290: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  649. Jun 27 16:43:46.408293: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-01]
  650. Jun 27 16:43:46.408296: | quirks.qnat_traversal_vid set to=81
  651. Jun 27 16:43:46.408298: | received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
  652. Jun 27 16:43:46.408301: | quirks.qnat_traversal_vid set to=83
  653. Jun 27 16:43:46.408303: | received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
  654. Jun 27 16:43:46.408306: | quirks.qnat_traversal_vid set to=90
  655. Jun 27 16:43:46.408308: | received Vendor ID payload [RFC 3947]
  656. Jun 27 16:43:46.408312: | received Vendor ID payload [FRAGMENTATION 80000000]
  657. Jun 27 16:43:46.408315: | received Vendor ID payload [Dead Peer Detection]
  658. Jun 27 16:43:46.408318: | received Vendor ID payload [DPDv1_NG]
  659. Jun 27 16:43:46.408321: | ignoring Vendor ID payload [Shrew Soft client]
  660. Jun 27 16:43:46.408324: | ignoring Vendor ID payload [Netscreen-15]
  661. Jun 27 16:43:46.408327: | ignoring Vendor ID payload [Sidewinder]
  662. Jun 27 16:43:46.408330: | received Vendor ID payload [Cisco-Unity]
  663. Jun 27 16:43:46.408333: | ****parse IPsec DOI SIT:
  664. Jun 27 16:43:46.408336: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
  665. Jun 27 16:43:46.408339: | ****parse ISAKMP Proposal Payload:
  666. Jun 27 16:43:46.408341: | next payload type: ISAKMP_NEXT_NONE (0x0)
  667. Jun 27 16:43:46.408343: | length: 704 (0x2c0)
  668. Jun 27 16:43:46.408345: | proposal number: 1 (0x1)
  669. Jun 27 16:43:46.408348: | protocol ID: PROTO_ISAKMP (0x1)
  670. Jun 27 16:43:46.408350: | SPI size: 0 (0x0)
  671. Jun 27 16:43:46.408352: | number of transforms: 18 (0x12)
  672. Jun 27 16:43:46.408355: | *****parse ISAKMP Transform Payload (ISAKMP):
  673. Jun 27 16:43:46.408357: | next payload type: ISAKMP_NEXT_T (0x3)
  674. Jun 27 16:43:46.408359: | length: 40 (0x28)
  675. Jun 27 16:43:46.408362: | ISAKMP transform number: 1 (0x1)
  676. Jun 27 16:43:46.408364: | ISAKMP transform ID: KEY_IKE (0x1)
  677. Jun 27 16:43:46.408367: | ******parse ISAKMP Oakley attribute:
  678. Jun 27 16:43:46.408369: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  679. Jun 27 16:43:46.408371: | length/value: 7 (0x7)
  680. Jun 27 16:43:46.408374: | ******parse ISAKMP Oakley attribute:
  681. Jun 27 16:43:46.408376: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  682. Jun 27 16:43:46.408378: | length/value: 256 (0x100)
  683. Jun 27 16:43:46.408380: | ******parse ISAKMP Oakley attribute:
  684. Jun 27 16:43:46.408383: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  685. Jun 27 16:43:46.408385: | length/value: 1 (0x1)
  686. Jun 27 16:43:46.408387: | ******parse ISAKMP Oakley attribute:
  687. Jun 27 16:43:46.408389: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  688. Jun 27 16:43:46.408394: | length/value: 2 (0x2)
  689. Jun 27 16:43:46.408396: | ******parse ISAKMP Oakley attribute:
  690. Jun 27 16:43:46.408398: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  691. Jun 27 16:43:46.408401: | length/value: 65001 (0xfde9)
  692. Jun 27 16:43:46.408403: | ******parse ISAKMP Oakley attribute:
  693. Jun 27 16:43:46.408405: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  694. Jun 27 16:43:46.408407: | length/value: 1 (0x1)
  695. Jun 27 16:43:46.408410: | ******parse ISAKMP Oakley attribute:
  696. Jun 27 16:43:46.408412: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  697. Jun 27 16:43:46.408414: | length/value: 4 (0x4)
  698. Jun 27 16:43:46.408417: | *****parse ISAKMP Transform Payload (ISAKMP):
  699. Jun 27 16:43:46.408419: | next payload type: ISAKMP_NEXT_T (0x3)
  700. Jun 27 16:43:46.408421: | length: 40 (0x28)
  701. Jun 27 16:43:46.408423: | ISAKMP transform number: 2 (0x2)
  702. Jun 27 16:43:46.408426: | ISAKMP transform ID: KEY_IKE (0x1)
  703. Jun 27 16:43:46.408428: | ******parse ISAKMP Oakley attribute:
  704. Jun 27 16:43:46.408430: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  705. Jun 27 16:43:46.408432: | length/value: 7 (0x7)
  706. Jun 27 16:43:46.408435: | ******parse ISAKMP Oakley attribute:
  707. Jun 27 16:43:46.408437: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  708. Jun 27 16:43:46.408439: | length/value: 256 (0x100)
  709. Jun 27 16:43:46.408441: | ******parse ISAKMP Oakley attribute:
  710. Jun 27 16:43:46.408444: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  711. Jun 27 16:43:46.408446: | length/value: 2 (0x2)
  712. Jun 27 16:43:46.408448: | ******parse ISAKMP Oakley attribute:
  713. Jun 27 16:43:46.408450: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  714. Jun 27 16:43:46.408452: | length/value: 2 (0x2)
  715. Jun 27 16:43:46.408455: | ******parse ISAKMP Oakley attribute:
  716. Jun 27 16:43:46.408457: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  717. Jun 27 16:43:46.408459: | length/value: 65001 (0xfde9)
  718. Jun 27 16:43:46.408461: | ******parse ISAKMP Oakley attribute:
  719. Jun 27 16:43:46.408464: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  720. Jun 27 16:43:46.408466: | length/value: 1 (0x1)
  721. Jun 27 16:43:46.408468: | ******parse ISAKMP Oakley attribute:
  722. Jun 27 16:43:46.408470: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  723. Jun 27 16:43:46.408472: | length/value: 4 (0x4)
  724. Jun 27 16:43:46.408475: | *****parse ISAKMP Transform Payload (ISAKMP):
  725. Jun 27 16:43:46.408477: | next payload type: ISAKMP_NEXT_T (0x3)
  726. Jun 27 16:43:46.408479: | length: 40 (0x28)
  727. Jun 27 16:43:46.408481: | ISAKMP transform number: 3 (0x3)
  728. Jun 27 16:43:46.408484: | ISAKMP transform ID: KEY_IKE (0x1)
  729. Jun 27 16:43:46.408486: | ******parse ISAKMP Oakley attribute:
  730. Jun 27 16:43:46.408488: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  731. Jun 27 16:43:46.408490: | length/value: 7 (0x7)
  732. Jun 27 16:43:46.408493: | ******parse ISAKMP Oakley attribute:
  733. Jun 27 16:43:46.408495: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  734. Jun 27 16:43:46.408497: | length/value: 192 (0xc0)
  735. Jun 27 16:43:46.408499: | ******parse ISAKMP Oakley attribute:
  736. Jun 27 16:43:46.408502: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  737. Jun 27 16:43:46.408504: | length/value: 1 (0x1)
  738. Jun 27 16:43:46.408506: | ******parse ISAKMP Oakley attribute:
  739. Jun 27 16:43:46.408508: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  740. Jun 27 16:43:46.408511: | length/value: 2 (0x2)
  741. Jun 27 16:43:46.408513: | ******parse ISAKMP Oakley attribute:
  742. Jun 27 16:43:46.408515: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  743. Jun 27 16:43:46.408517: | length/value: 65001 (0xfde9)
  744. Jun 27 16:43:46.408519: | ******parse ISAKMP Oakley attribute:
  745. Jun 27 16:43:46.408522: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  746. Jun 27 16:43:46.408524: | length/value: 1 (0x1)
  747. Jun 27 16:43:46.408526: | ******parse ISAKMP Oakley attribute:
  748. Jun 27 16:43:46.408528: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  749. Jun 27 16:43:46.408531: | length/value: 4 (0x4)
  750. Jun 27 16:43:46.408533: | *****parse ISAKMP Transform Payload (ISAKMP):
  751. Jun 27 16:43:46.408535: | next payload type: ISAKMP_NEXT_T (0x3)
  752. Jun 27 16:43:46.408537: | length: 40 (0x28)
  753. Jun 27 16:43:46.408542: | ISAKMP transform number: 4 (0x4)
  754. Jun 27 16:43:46.408544: | ISAKMP transform ID: KEY_IKE (0x1)
  755. Jun 27 16:43:46.408546: | ******parse ISAKMP Oakley attribute:
  756. Jun 27 16:43:46.408548: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  757. Jun 27 16:43:46.408551: | length/value: 7 (0x7)
  758. Jun 27 16:43:46.408553: | ******parse ISAKMP Oakley attribute:
  759. Jun 27 16:43:46.408555: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  760. Jun 27 16:43:46.408557: | length/value: 192 (0xc0)
  761. Jun 27 16:43:46.408560: | ******parse ISAKMP Oakley attribute:
  762. Jun 27 16:43:46.408562: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  763. Jun 27 16:43:46.408564: | length/value: 2 (0x2)
  764. Jun 27 16:43:46.408566: | ******parse ISAKMP Oakley attribute:
  765. Jun 27 16:43:46.408568: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  766. Jun 27 16:43:46.408571: | length/value: 2 (0x2)
  767. Jun 27 16:43:46.408573: | ******parse ISAKMP Oakley attribute:
  768. Jun 27 16:43:46.408575: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  769. Jun 27 16:43:46.408577: | length/value: 65001 (0xfde9)
  770. Jun 27 16:43:46.408580: | ******parse ISAKMP Oakley attribute:
  771. Jun 27 16:43:46.408582: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  772. Jun 27 16:43:46.408584: | length/value: 1 (0x1)
  773. Jun 27 16:43:46.408586: | ******parse ISAKMP Oakley attribute:
  774. Jun 27 16:43:46.408588: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  775. Jun 27 16:43:46.408591: | length/value: 4 (0x4)
  776. Jun 27 16:43:46.408593: | *****parse ISAKMP Transform Payload (ISAKMP):
  777. Jun 27 16:43:46.408595: | next payload type: ISAKMP_NEXT_T (0x3)
  778. Jun 27 16:43:46.408597: | length: 40 (0x28)
  779. Jun 27 16:43:46.408600: | ISAKMP transform number: 5 (0x5)
  780. Jun 27 16:43:46.408602: | ISAKMP transform ID: KEY_IKE (0x1)
  781. Jun 27 16:43:46.408604: | ******parse ISAKMP Oakley attribute:
  782. Jun 27 16:43:46.408606: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  783. Jun 27 16:43:46.408608: | length/value: 7 (0x7)
  784. Jun 27 16:43:46.408611: | ******parse ISAKMP Oakley attribute:
  785. Jun 27 16:43:46.408613: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  786. Jun 27 16:43:46.408615: | length/value: 128 (0x80)
  787. Jun 27 16:43:46.408617: | ******parse ISAKMP Oakley attribute:
  788. Jun 27 16:43:46.408620: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  789. Jun 27 16:43:46.408622: | length/value: 1 (0x1)
  790. Jun 27 16:43:46.408624: | ******parse ISAKMP Oakley attribute:
  791. Jun 27 16:43:46.408626: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  792. Jun 27 16:43:46.408629: | length/value: 2 (0x2)
  793. Jun 27 16:43:46.408631: | ******parse ISAKMP Oakley attribute:
  794. Jun 27 16:43:46.408633: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  795. Jun 27 16:43:46.408635: | length/value: 65001 (0xfde9)
  796. Jun 27 16:43:46.408637: | ******parse ISAKMP Oakley attribute:
  797. Jun 27 16:43:46.408640: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  798. Jun 27 16:43:46.408642: | length/value: 1 (0x1)
  799. Jun 27 16:43:46.408644: | ******parse ISAKMP Oakley attribute:
  800. Jun 27 16:43:46.408646: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  801. Jun 27 16:43:46.408649: | length/value: 4 (0x4)
  802. Jun 27 16:43:46.408651: | *****parse ISAKMP Transform Payload (ISAKMP):
  803. Jun 27 16:43:46.408653: | next payload type: ISAKMP_NEXT_T (0x3)
  804. Jun 27 16:43:46.408655: | length: 40 (0x28)
  805. Jun 27 16:43:46.408658: | ISAKMP transform number: 6 (0x6)
  806. Jun 27 16:43:46.408660: | ISAKMP transform ID: KEY_IKE (0x1)
  807. Jun 27 16:43:46.408662: | ******parse ISAKMP Oakley attribute:
  808. Jun 27 16:43:46.408664: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  809. Jun 27 16:43:46.408667: | length/value: 7 (0x7)
  810. Jun 27 16:43:46.408669: | ******parse ISAKMP Oakley attribute:
  811. Jun 27 16:43:46.408671: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  812. Jun 27 16:43:46.408673: | length/value: 128 (0x80)
  813. Jun 27 16:43:46.408675: | ******parse ISAKMP Oakley attribute:
  814. Jun 27 16:43:46.408678: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  815. Jun 27 16:43:46.408680: | length/value: 2 (0x2)
  816. Jun 27 16:43:46.408682: | ******parse ISAKMP Oakley attribute:
  817. Jun 27 16:43:46.408684: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  818. Jun 27 16:43:46.408686: | length/value: 2 (0x2)
  819. Jun 27 16:43:46.408691: | ******parse ISAKMP Oakley attribute:
  820. Jun 27 16:43:46.408693: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  821. Jun 27 16:43:46.408695: | length/value: 65001 (0xfde9)
  822. Jun 27 16:43:46.408698: | ******parse ISAKMP Oakley attribute:
  823. Jun 27 16:43:46.408700: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  824. Jun 27 16:43:46.408702: | length/value: 1 (0x1)
  825. Jun 27 16:43:46.408704: | ******parse ISAKMP Oakley attribute:
  826. Jun 27 16:43:46.408707: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  827. Jun 27 16:43:46.408709: | length/value: 4 (0x4)
  828. Jun 27 16:43:46.408711: | *****parse ISAKMP Transform Payload (ISAKMP):
  829. Jun 27 16:43:46.408713: | next payload type: ISAKMP_NEXT_T (0x3)
  830. Jun 27 16:43:46.408715: | length: 40 (0x28)
  831. Jun 27 16:43:46.408718: | ISAKMP transform number: 7 (0x7)
  832. Jun 27 16:43:46.408720: | ISAKMP transform ID: KEY_IKE (0x1)
  833. Jun 27 16:43:46.408722: | ******parse ISAKMP Oakley attribute:
  834. Jun 27 16:43:46.408724: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  835. Jun 27 16:43:46.408727: | length/value: 3 (0x3)
  836. Jun 27 16:43:46.408729: | ******parse ISAKMP Oakley attribute:
  837. Jun 27 16:43:46.408731: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  838. Jun 27 16:43:46.408733: | length/value: 256 (0x100)
  839. Jun 27 16:43:46.408735: | ******parse ISAKMP Oakley attribute:
  840. Jun 27 16:43:46.408738: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  841. Jun 27 16:43:46.408740: | length/value: 1 (0x1)
  842. Jun 27 16:43:46.408742: | ******parse ISAKMP Oakley attribute:
  843. Jun 27 16:43:46.408744: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  844. Jun 27 16:43:46.408746: | length/value: 2 (0x2)
  845. Jun 27 16:43:46.408749: | ******parse ISAKMP Oakley attribute:
  846. Jun 27 16:43:46.408751: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  847. Jun 27 16:43:46.408753: | length/value: 65001 (0xfde9)
  848. Jun 27 16:43:46.408755: | ******parse ISAKMP Oakley attribute:
  849. Jun 27 16:43:46.408758: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  850. Jun 27 16:43:46.408760: | length/value: 1 (0x1)
  851. Jun 27 16:43:46.408762: | ******parse ISAKMP Oakley attribute:
  852. Jun 27 16:43:46.408764: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  853. Jun 27 16:43:46.408766: | length/value: 4 (0x4)
  854. Jun 27 16:43:46.408769: | *****parse ISAKMP Transform Payload (ISAKMP):
  855. Jun 27 16:43:46.408771: | next payload type: ISAKMP_NEXT_T (0x3)
  856. Jun 27 16:43:46.408773: | length: 40 (0x28)
  857. Jun 27 16:43:46.408775: | ISAKMP transform number: 8 (0x8)
  858. Jun 27 16:43:46.408778: | ISAKMP transform ID: KEY_IKE (0x1)
  859. Jun 27 16:43:46.408780: | ******parse ISAKMP Oakley attribute:
  860. Jun 27 16:43:46.408782: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  861. Jun 27 16:43:46.408784: | length/value: 3 (0x3)
  862. Jun 27 16:43:46.408787: | ******parse ISAKMP Oakley attribute:
  863. Jun 27 16:43:46.408789: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  864. Jun 27 16:43:46.408791: | length/value: 256 (0x100)
  865. Jun 27 16:43:46.408793: | ******parse ISAKMP Oakley attribute:
  866. Jun 27 16:43:46.408795: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  867. Jun 27 16:43:46.408798: | length/value: 2 (0x2)
  868. Jun 27 16:43:46.408800: | ******parse ISAKMP Oakley attribute:
  869. Jun 27 16:43:46.408802: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  870. Jun 27 16:43:46.408804: | length/value: 2 (0x2)
  871. Jun 27 16:43:46.408807: | ******parse ISAKMP Oakley attribute:
  872. Jun 27 16:43:46.408809: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  873. Jun 27 16:43:46.408811: | length/value: 65001 (0xfde9)
  874. Jun 27 16:43:46.408813: | ******parse ISAKMP Oakley attribute:
  875. Jun 27 16:43:46.408815: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  876. Jun 27 16:43:46.408818: | length/value: 1 (0x1)
  877. Jun 27 16:43:46.408820: | ******parse ISAKMP Oakley attribute:
  878. Jun 27 16:43:46.408822: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  879. Jun 27 16:43:46.408824: | length/value: 4 (0x4)
  880. Jun 27 16:43:46.408827: | *****parse ISAKMP Transform Payload (ISAKMP):
  881. Jun 27 16:43:46.408829: | next payload type: ISAKMP_NEXT_T (0x3)
  882. Jun 27 16:43:46.408831: | length: 40 (0x28)
  883. Jun 27 16:43:46.408833: | ISAKMP transform number: 9 (0x9)
  884. Jun 27 16:43:46.408837: | ISAKMP transform ID: KEY_IKE (0x1)
  885. Jun 27 16:43:46.408840: | ******parse ISAKMP Oakley attribute:
  886. Jun 27 16:43:46.408842: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  887. Jun 27 16:43:46.408844: | length/value: 3 (0x3)
  888. Jun 27 16:43:46.408847: | ******parse ISAKMP Oakley attribute:
  889. Jun 27 16:43:46.408849: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  890. Jun 27 16:43:46.408851: | length/value: 192 (0xc0)
  891. Jun 27 16:43:46.408853: | ******parse ISAKMP Oakley attribute:
  892. Jun 27 16:43:46.408855: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  893. Jun 27 16:43:46.408858: | length/value: 1 (0x1)
  894. Jun 27 16:43:46.408860: | ******parse ISAKMP Oakley attribute:
  895. Jun 27 16:43:46.408862: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  896. Jun 27 16:43:46.408864: | length/value: 2 (0x2)
  897. Jun 27 16:43:46.408867: | ******parse ISAKMP Oakley attribute:
  898. Jun 27 16:43:46.408869: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  899. Jun 27 16:43:46.408871: | length/value: 65001 (0xfde9)
  900. Jun 27 16:43:46.408873: | ******parse ISAKMP Oakley attribute:
  901. Jun 27 16:43:46.408875: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  902. Jun 27 16:43:46.408878: | length/value: 1 (0x1)
  903. Jun 27 16:43:46.408880: | ******parse ISAKMP Oakley attribute:
  904. Jun 27 16:43:46.408882: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  905. Jun 27 16:43:46.408884: | length/value: 4 (0x4)
  906. Jun 27 16:43:46.408887: | *****parse ISAKMP Transform Payload (ISAKMP):
  907. Jun 27 16:43:46.408889: | next payload type: ISAKMP_NEXT_T (0x3)
  908. Jun 27 16:43:46.408891: | length: 40 (0x28)
  909. Jun 27 16:43:46.408893: | ISAKMP transform number: 10 (0xa)
  910. Jun 27 16:43:46.408896: | ISAKMP transform ID: KEY_IKE (0x1)
  911. Jun 27 16:43:46.408898: | ******parse ISAKMP Oakley attribute:
  912. Jun 27 16:43:46.408900: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  913. Jun 27 16:43:46.408902: | length/value: 3 (0x3)
  914. Jun 27 16:43:46.408905: | ******parse ISAKMP Oakley attribute:
  915. Jun 27 16:43:46.408907: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  916. Jun 27 16:43:46.408909: | length/value: 192 (0xc0)
  917. Jun 27 16:43:46.408911: | ******parse ISAKMP Oakley attribute:
  918. Jun 27 16:43:46.408913: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  919. Jun 27 16:43:46.408916: | length/value: 2 (0x2)
  920. Jun 27 16:43:46.408918: | ******parse ISAKMP Oakley attribute:
  921. Jun 27 16:43:46.408920: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  922. Jun 27 16:43:46.408922: | length/value: 2 (0x2)
  923. Jun 27 16:43:46.408925: | ******parse ISAKMP Oakley attribute:
  924. Jun 27 16:43:46.408927: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  925. Jun 27 16:43:46.408929: | length/value: 65001 (0xfde9)
  926. Jun 27 16:43:46.408931: | ******parse ISAKMP Oakley attribute:
  927. Jun 27 16:43:46.408933: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  928. Jun 27 16:43:46.408936: | length/value: 1 (0x1)
  929. Jun 27 16:43:46.408938: | ******parse ISAKMP Oakley attribute:
  930. Jun 27 16:43:46.408940: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  931. Jun 27 16:43:46.408942: | length/value: 4 (0x4)
  932. Jun 27 16:43:46.408945: | *****parse ISAKMP Transform Payload (ISAKMP):
  933. Jun 27 16:43:46.408947: | next payload type: ISAKMP_NEXT_T (0x3)
  934. Jun 27 16:43:46.408949: | length: 40 (0x28)
  935. Jun 27 16:43:46.408951: | ISAKMP transform number: 11 (0xb)
  936. Jun 27 16:43:46.408954: | ISAKMP transform ID: KEY_IKE (0x1)
  937. Jun 27 16:43:46.408956: | ******parse ISAKMP Oakley attribute:
  938. Jun 27 16:43:46.408958: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  939. Jun 27 16:43:46.408960: | length/value: 3 (0x3)
  940. Jun 27 16:43:46.408963: | ******parse ISAKMP Oakley attribute:
  941. Jun 27 16:43:46.408965: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  942. Jun 27 16:43:46.408967: | length/value: 128 (0x80)
  943. Jun 27 16:43:46.408969: | ******parse ISAKMP Oakley attribute:
  944. Jun 27 16:43:46.408972: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  945. Jun 27 16:43:46.408974: | length/value: 1 (0x1)
  946. Jun 27 16:43:46.408976: | ******parse ISAKMP Oakley attribute:
  947. Jun 27 16:43:46.408978: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  948. Jun 27 16:43:46.408980: | length/value: 2 (0x2)
  949. Jun 27 16:43:46.408983: | ******parse ISAKMP Oakley attribute:
  950. Jun 27 16:43:46.408987: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  951. Jun 27 16:43:46.408989: | length/value: 65001 (0xfde9)
  952. Jun 27 16:43:46.408991: | ******parse ISAKMP Oakley attribute:
  953. Jun 27 16:43:46.408994: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  954. Jun 27 16:43:46.408996: | length/value: 1 (0x1)
  955. Jun 27 16:43:46.408998: | ******parse ISAKMP Oakley attribute:
  956. Jun 27 16:43:46.409000: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  957. Jun 27 16:43:46.409002: | length/value: 4 (0x4)
  958. Jun 27 16:43:46.409005: | *****parse ISAKMP Transform Payload (ISAKMP):
  959. Jun 27 16:43:46.409007: | next payload type: ISAKMP_NEXT_T (0x3)
  960. Jun 27 16:43:46.409009: | length: 40 (0x28)
  961. Jun 27 16:43:46.409011: | ISAKMP transform number: 12 (0xc)
  962. Jun 27 16:43:46.409014: | ISAKMP transform ID: KEY_IKE (0x1)
  963. Jun 27 16:43:46.409016: | ******parse ISAKMP Oakley attribute:
  964. Jun 27 16:43:46.409018: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  965. Jun 27 16:43:46.409020: | length/value: 3 (0x3)
  966. Jun 27 16:43:46.409023: | ******parse ISAKMP Oakley attribute:
  967. Jun 27 16:43:46.409025: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  968. Jun 27 16:43:46.409027: | length/value: 128 (0x80)
  969. Jun 27 16:43:46.409029: | ******parse ISAKMP Oakley attribute:
  970. Jun 27 16:43:46.409031: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  971. Jun 27 16:43:46.409034: | length/value: 2 (0x2)
  972. Jun 27 16:43:46.409036: | ******parse ISAKMP Oakley attribute:
  973. Jun 27 16:43:46.409038: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  974. Jun 27 16:43:46.409040: | length/value: 2 (0x2)
  975. Jun 27 16:43:46.409043: | ******parse ISAKMP Oakley attribute:
  976. Jun 27 16:43:46.409045: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  977. Jun 27 16:43:46.409047: | length/value: 65001 (0xfde9)
  978. Jun 27 16:43:46.409049: | ******parse ISAKMP Oakley attribute:
  979. Jun 27 16:43:46.409051: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  980. Jun 27 16:43:46.409054: | length/value: 1 (0x1)
  981. Jun 27 16:43:46.409056: | ******parse ISAKMP Oakley attribute:
  982. Jun 27 16:43:46.409058: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  983. Jun 27 16:43:46.409060: | length/value: 4 (0x4)
  984. Jun 27 16:43:46.409063: | *****parse ISAKMP Transform Payload (ISAKMP):
  985. Jun 27 16:43:46.409065: | next payload type: ISAKMP_NEXT_T (0x3)
  986. Jun 27 16:43:46.409067: | length: 36 (0x24)
  987. Jun 27 16:43:46.409069: | ISAKMP transform number: 13 (0xd)
  988. Jun 27 16:43:46.409072: | ISAKMP transform ID: KEY_IKE (0x1)
  989. Jun 27 16:43:46.409074: | ******parse ISAKMP Oakley attribute:
  990. Jun 27 16:43:46.409076: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  991. Jun 27 16:43:46.409078: | length/value: 5 (0x5)
  992. Jun 27 16:43:46.409081: | ******parse ISAKMP Oakley attribute:
  993. Jun 27 16:43:46.409083: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  994. Jun 27 16:43:46.409085: | length/value: 1 (0x1)
  995. Jun 27 16:43:46.409087: | ******parse ISAKMP Oakley attribute:
  996. Jun 27 16:43:46.409089: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  997. Jun 27 16:43:46.409092: | length/value: 2 (0x2)
  998. Jun 27 16:43:46.409094: | ******parse ISAKMP Oakley attribute:
  999. Jun 27 16:43:46.409096: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1000. Jun 27 16:43:46.409098: | length/value: 65001 (0xfde9)
  1001. Jun 27 16:43:46.409101: | ******parse ISAKMP Oakley attribute:
  1002. Jun 27 16:43:46.409103: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1003. Jun 27 16:43:46.409105: | length/value: 1 (0x1)
  1004. Jun 27 16:43:46.409107: | ******parse ISAKMP Oakley attribute:
  1005. Jun 27 16:43:46.409110: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1006. Jun 27 16:43:46.409112: | length/value: 4 (0x4)
  1007. Jun 27 16:43:46.409114: | *****parse ISAKMP Transform Payload (ISAKMP):
  1008. Jun 27 16:43:46.409116: | next payload type: ISAKMP_NEXT_T (0x3)
  1009. Jun 27 16:43:46.409118: | length: 36 (0x24)
  1010. Jun 27 16:43:46.409121: | ISAKMP transform number: 14 (0xe)
  1011. Jun 27 16:43:46.409123: | ISAKMP transform ID: KEY_IKE (0x1)
  1012. Jun 27 16:43:46.409125: | ******parse ISAKMP Oakley attribute:
  1013. Jun 27 16:43:46.409127: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1014. Jun 27 16:43:46.409130: | length/value: 5 (0x5)
  1015. Jun 27 16:43:46.409134: | ******parse ISAKMP Oakley attribute:
  1016. Jun 27 16:43:46.409136: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1017. Jun 27 16:43:46.409138: | length/value: 2 (0x2)
  1018. Jun 27 16:43:46.409141: | ******parse ISAKMP Oakley attribute:
  1019. Jun 27 16:43:46.409143: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1020. Jun 27 16:43:46.409145: | length/value: 2 (0x2)
  1021. Jun 27 16:43:46.409147: | ******parse ISAKMP Oakley attribute:
  1022. Jun 27 16:43:46.409150: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1023. Jun 27 16:43:46.409152: | length/value: 65001 (0xfde9)
  1024. Jun 27 16:43:46.409154: | ******parse ISAKMP Oakley attribute:
  1025. Jun 27 16:43:46.409156: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1026. Jun 27 16:43:46.409158: | length/value: 1 (0x1)
  1027. Jun 27 16:43:46.409161: | ******parse ISAKMP Oakley attribute:
  1028. Jun 27 16:43:46.409163: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1029. Jun 27 16:43:46.409165: | length/value: 4 (0x4)
  1030. Jun 27 16:43:46.409167: | *****parse ISAKMP Transform Payload (ISAKMP):
  1031. Jun 27 16:43:46.409170: | next payload type: ISAKMP_NEXT_T (0x3)
  1032. Jun 27 16:43:46.409172: | length: 36 (0x24)
  1033. Jun 27 16:43:46.409174: | ISAKMP transform number: 15 (0xf)
  1034. Jun 27 16:43:46.409176: | ISAKMP transform ID: KEY_IKE (0x1)
  1035. Jun 27 16:43:46.409179: | ******parse ISAKMP Oakley attribute:
  1036. Jun 27 16:43:46.409181: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1037. Jun 27 16:43:46.409183: | length/value: 6 (0x6)
  1038. Jun 27 16:43:46.409185: | ******parse ISAKMP Oakley attribute:
  1039. Jun 27 16:43:46.409188: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1040. Jun 27 16:43:46.409190: | length/value: 1 (0x1)
  1041. Jun 27 16:43:46.409192: | ******parse ISAKMP Oakley attribute:
  1042. Jun 27 16:43:46.409194: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1043. Jun 27 16:43:46.409196: | length/value: 2 (0x2)
  1044. Jun 27 16:43:46.409199: | ******parse ISAKMP Oakley attribute:
  1045. Jun 27 16:43:46.409201: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1046. Jun 27 16:43:46.409203: | length/value: 65001 (0xfde9)
  1047. Jun 27 16:43:46.409205: | ******parse ISAKMP Oakley attribute:
  1048. Jun 27 16:43:46.409208: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1049. Jun 27 16:43:46.409210: | length/value: 1 (0x1)
  1050. Jun 27 16:43:46.409212: | ******parse ISAKMP Oakley attribute:
  1051. Jun 27 16:43:46.409214: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1052. Jun 27 16:43:46.409216: | length/value: 4 (0x4)
  1053. Jun 27 16:43:46.409219: | *****parse ISAKMP Transform Payload (ISAKMP):
  1054. Jun 27 16:43:46.409221: | next payload type: ISAKMP_NEXT_T (0x3)
  1055. Jun 27 16:43:46.409223: | length: 36 (0x24)
  1056. Jun 27 16:43:46.409225: | ISAKMP transform number: 16 (0x10)
  1057. Jun 27 16:43:46.409228: | ISAKMP transform ID: KEY_IKE (0x1)
  1058. Jun 27 16:43:46.409230: | ******parse ISAKMP Oakley attribute:
  1059. Jun 27 16:43:46.409232: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1060. Jun 27 16:43:46.409234: | length/value: 6 (0x6)
  1061. Jun 27 16:43:46.409237: | ******parse ISAKMP Oakley attribute:
  1062. Jun 27 16:43:46.409239: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1063. Jun 27 16:43:46.409241: | length/value: 2 (0x2)
  1064. Jun 27 16:43:46.409243: | ******parse ISAKMP Oakley attribute:
  1065. Jun 27 16:43:46.409245: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1066. Jun 27 16:43:46.409248: | length/value: 2 (0x2)
  1067. Jun 27 16:43:46.409250: | ******parse ISAKMP Oakley attribute:
  1068. Jun 27 16:43:46.409252: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1069. Jun 27 16:43:46.409254: | length/value: 65001 (0xfde9)
  1070. Jun 27 16:43:46.409257: | ******parse ISAKMP Oakley attribute:
  1071. Jun 27 16:43:46.409259: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1072. Jun 27 16:43:46.409261: | length/value: 1 (0x1)
  1073. Jun 27 16:43:46.409263: | ******parse ISAKMP Oakley attribute:
  1074. Jun 27 16:43:46.409266: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1075. Jun 27 16:43:46.409268: | length/value: 4 (0x4)
  1076. Jun 27 16:43:46.409270: | *****parse ISAKMP Transform Payload (ISAKMP):
  1077. Jun 27 16:43:46.409272: | next payload type: ISAKMP_NEXT_T (0x3)
  1078. Jun 27 16:43:46.409275: | length: 36 (0x24)
  1079. Jun 27 16:43:46.409277: | ISAKMP transform number: 17 (0x11)
  1080. Jun 27 16:43:46.409281: | ISAKMP transform ID: KEY_IKE (0x1)
  1081. Jun 27 16:43:46.409283: | ******parse ISAKMP Oakley attribute:
  1082. Jun 27 16:43:46.409286: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1083. Jun 27 16:43:46.409288: | length/value: 1 (0x1)
  1084. Jun 27 16:43:46.409290: | ******parse ISAKMP Oakley attribute:
  1085. Jun 27 16:43:46.409292: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1086. Jun 27 16:43:46.409294: | length/value: 1 (0x1)
  1087. Jun 27 16:43:46.409297: | ******parse ISAKMP Oakley attribute:
  1088. Jun 27 16:43:46.409299: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1089. Jun 27 16:43:46.409301: | length/value: 2 (0x2)
  1090. Jun 27 16:43:46.409303: | ******parse ISAKMP Oakley attribute:
  1091. Jun 27 16:43:46.409306: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1092. Jun 27 16:43:46.409308: | length/value: 65001 (0xfde9)
  1093. Jun 27 16:43:46.409310: | ******parse ISAKMP Oakley attribute:
  1094. Jun 27 16:43:46.409312: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1095. Jun 27 16:43:46.409314: | length/value: 1 (0x1)
  1096. Jun 27 16:43:46.409317: | ******parse ISAKMP Oakley attribute:
  1097. Jun 27 16:43:46.409319: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1098. Jun 27 16:43:46.409321: | length/value: 4 (0x4)
  1099. Jun 27 16:43:46.409324: | *****parse ISAKMP Transform Payload (ISAKMP):
  1100. Jun 27 16:43:46.409326: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1101. Jun 27 16:43:46.409328: | length: 36 (0x24)
  1102. Jun 27 16:43:46.409330: | ISAKMP transform number: 18 (0x12)
  1103. Jun 27 16:43:46.409332: | ISAKMP transform ID: KEY_IKE (0x1)
  1104. Jun 27 16:43:46.409335: | ******parse ISAKMP Oakley attribute:
  1105. Jun 27 16:43:46.409337: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1106. Jun 27 16:43:46.409339: | length/value: 1 (0x1)
  1107. Jun 27 16:43:46.409341: | ******parse ISAKMP Oakley attribute:
  1108. Jun 27 16:43:46.409344: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1109. Jun 27 16:43:46.409346: | length/value: 2 (0x2)
  1110. Jun 27 16:43:46.409348: | ******parse ISAKMP Oakley attribute:
  1111. Jun 27 16:43:46.409350: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1112. Jun 27 16:43:46.409352: | length/value: 2 (0x2)
  1113. Jun 27 16:43:46.409355: | ******parse ISAKMP Oakley attribute:
  1114. Jun 27 16:43:46.409357: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1115. Jun 27 16:43:46.409359: | length/value: 65001 (0xfde9)
  1116. Jun 27 16:43:46.409361: | ******parse ISAKMP Oakley attribute:
  1117. Jun 27 16:43:46.409364: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1118. Jun 27 16:43:46.409366: | length/value: 1 (0x1)
  1119. Jun 27 16:43:46.409368: | ******parse ISAKMP Oakley attribute:
  1120. Jun 27 16:43:46.409370: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1121. Jun 27 16:43:46.409373: | length/value: 4 (0x4)
  1122. Jun 27 16:43:46.409377: | find_host_connection me=192.168.1.137:500 him=192.168.1.138:500 policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
  1123. Jun 27 16:43:46.409381: | find_host_pair: comparing ::1:500 to :::500
  1124. Jun 27 16:43:46.409384: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
  1125. Jun 27 16:43:46.409387: | find_next_host_connection policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
  1126. Jun 27 16:43:46.409390: | find_next_host_connection returns empty
  1127. Jun 27 16:43:46.409393: | find_host_connection me=192.168.1.137:500 him=%any:500 policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
  1128. Jun 27 16:43:46.409395: | find_host_pair: comparing ::1:500 to :::500
  1129. Jun 27 16:43:46.409398: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
  1130. Jun 27 16:43:46.409400: | find_next_host_connection policy=PSK+XAUTH+AGGRESSIVE+IKEV1_ALLOW
  1131. Jun 27 16:43:46.409404: | found policy = PSK+ENCRYPT+TUNNEL+SHA2_TRUNCBUG+XAUTH+MODECFG_PULL+AGGRESSIVE+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (xauth-aggr)
  1132. Jun 27 16:43:46.409407: | find_next_host_connection returns xauth-aggr
  1133. Jun 27 16:43:46.409412: | reference addresspool of conn xauth-aggr[1] kind CK_TEMPLATE refcnt 2
  1134. Jun 27 16:43:46.409418: | find_host_pair: comparing 192.168.1.137:500 to 0.0.0.0:500
  1135. Jun 27 16:43:46.409421: | find_host_pair: comparing ::1:500 to :::500
  1136. Jun 27 16:43:46.409424: | connect_to_host_pair: 192.168.1.137:500 192.168.1.138:500 -> hp:none
  1137. Jun 27 16:43:46.409428: | rw_instantiate() instantiated "xauth-aggr"[1] 192.168.1.138 for 192.168.1.138
  1138. Jun 27 16:43:46.409433: packet from 192.168.1.138:500: IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and is cracked on large scale by TLA's
  1139. Jun 27 16:43:46.409437: | creating state object #1 at 0x559b0ece6568
  1140. Jun 27 16:43:46.409440: | parent state #1: new => STATE_UNDEFINED(ignore)
  1141. Jun 27 16:43:46.409447: | processing: start state #1 192.168.1.138:500 (in aggr_inI1_outR1() at ikev1_aggr.c:215)
  1142. Jun 27 16:43:46.409450: | parent state #1: STATE_UNDEFINED(ignore) => STATE_AGGR_R1(open-ike)
  1143. Jun 27 16:43:46.409452: | ignore states: 0
  1144. Jun 27 16:43:46.409455: | half-open-ike states: 0
  1145. Jun 27 16:43:46.409457: | open-ike states: 1
  1146. Jun 27 16:43:46.409459: | established-anonymous-ike states: 0
  1147. Jun 27 16:43:46.409461: | established-authenticated-ike states: 0
  1148. Jun 27 16:43:46.409463: | anonymous-ipsec states: 0
  1149. Jun 27 16:43:46.409465: | authenticated-ipsec states: 0
  1150. Jun 27 16:43:46.409468: | informational states: 0
  1151. Jun 27 16:43:46.409470: | unknown states: 0
  1152. Jun 27 16:43:46.409472: | category states: 1 count states: 1
  1153. Jun 27 16:43:46.409477: "xauth-aggr"[1] 192.168.1.138 #1: Peer ID is ID_FQDN: '@'
  1154. Jun 27 16:43:46.409480: | X509: no CERT payloads to process
  1155. Jun 27 16:43:46.409484: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in aggr_inI1_outR1() at ikev1_aggr.c:246)
  1156. Jun 27 16:43:46.409519: | inserting state object #1
  1157. Jun 27 16:43:46.409524: | serialno list: inserting object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 into list 0x559b0e2fa5c0 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
  1158. Jun 27 16:43:46.409528: | serialno list: inserted object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
  1159. Jun 27 16:43:46.409531: | serialno list: list entry 0x559b0e2fa5c0 is HEAD (older 0x559b0ece6d10 newer 0x559b0ece6d10)
  1160. Jun 27 16:43:46.409534: | serialno table: inserting object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 into list 0x559b0e2ed360 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
  1161. Jun 27 16:43:46.409538: | serialno table: inserted object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
  1162. Jun 27 16:43:46.409541: | serialno table: list entry 0x559b0e2ed360 is HEAD (older 0x559b0ece6d30 newer 0x559b0ece6d30)
  1163. Jun 27 16:43:46.409547: "xauth-aggr"[1] 192.168.1.138 #1: responding to Aggressive Mode, state #1, connection "xauth-aggr"[1] 192.168.1.138 from 192.168.1.138
  1164. Jun 27 16:43:46.409550: | sender checking NAT-T: enabled and 90
  1165. Jun 27 16:43:46.409553: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
  1166. Jun 27 16:43:46.409555: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
  1167. Jun 27 16:43:46.409558: | ****parse IPsec DOI SIT:
  1168. Jun 27 16:43:46.409561: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
  1169. Jun 27 16:43:46.409563: | ****parse ISAKMP Proposal Payload:
  1170. Jun 27 16:43:46.409566: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1171. Jun 27 16:43:46.409568: | length: 704 (0x2c0)
  1172. Jun 27 16:43:46.409570: | proposal number: 1 (0x1)
  1173. Jun 27 16:43:46.409572: | protocol ID: PROTO_ISAKMP (0x1)
  1174. Jun 27 16:43:46.409575: | SPI size: 0 (0x0)
  1175. Jun 27 16:43:46.409577: | number of transforms: 18 (0x12)
  1176. Jun 27 16:43:46.409579: | *****parse ISAKMP Transform Payload (ISAKMP):
  1177. Jun 27 16:43:46.409581: | next payload type: ISAKMP_NEXT_T (0x3)
  1178. Jun 27 16:43:46.409584: | length: 40 (0x28)
  1179. Jun 27 16:43:46.409586: | ISAKMP transform number: 1 (0x1)
  1180. Jun 27 16:43:46.409588: | ISAKMP transform ID: KEY_IKE (0x1)
  1181. Jun 27 16:43:46.409591: | ******parse ISAKMP Oakley attribute:
  1182. Jun 27 16:43:46.409593: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1183. Jun 27 16:43:46.409595: | length/value: 7 (0x7)
  1184. Jun 27 16:43:46.409598: | [7 is OAKLEY_AES_CBC]
  1185. Jun 27 16:43:46.409601: | ******parse ISAKMP Oakley attribute:
  1186. Jun 27 16:43:46.409603: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  1187. Jun 27 16:43:46.409606: | length/value: 256 (0x100)
  1188. Jun 27 16:43:46.409609: | ******parse ISAKMP Oakley attribute:
  1189. Jun 27 16:43:46.409611: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1190. Jun 27 16:43:46.409617: | length/value: 1 (0x1)
  1191. Jun 27 16:43:46.409619: | [1 is OAKLEY_MD5]
  1192. Jun 27 16:43:46.409622: | ******parse ISAKMP Oakley attribute:
  1193. Jun 27 16:43:46.409624: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1194. Jun 27 16:43:46.409626: | length/value: 2 (0x2)
  1195. Jun 27 16:43:46.409629: | [2 is OAKLEY_GROUP_MODP1024]
  1196. Jun 27 16:43:46.409631: | ******parse ISAKMP Oakley attribute:
  1197. Jun 27 16:43:46.409634: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1198. Jun 27 16:43:46.409636: | length/value: 65001 (0xfde9)
  1199. Jun 27 16:43:46.409638: | [65001 is XAUTHInitPreShared]
  1200. Jun 27 16:43:46.409642: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1201. Jun 27 16:43:46.409646: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1202. Jun 27 16:43:46.409649: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
  1203. Jun 27 16:43:46.409652: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
  1204. Jun 27 16:43:46.409654: | line 1: match=9
  1205. Jun 27 16:43:46.409657: | best_match 0>9 best=0x559b0ece4998 (line=1)
  1206. Jun 27 16:43:46.409659: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
  1207. Jun 27 16:43:46.409662: | ******parse ISAKMP Oakley attribute:
  1208. Jun 27 16:43:46.409664: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1209. Jun 27 16:43:46.409666: | length/value: 1 (0x1)
  1210. Jun 27 16:43:46.409669: | [1 is OAKLEY_LIFE_SECONDS]
  1211. Jun 27 16:43:46.409671: | ******parse ISAKMP Oakley attribute:
  1212. Jun 27 16:43:46.409673: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1213. Jun 27 16:43:46.409675: | length/value: 4 (0x4)
  1214. Jun 27 16:43:46.409678: | long duration: 86400
  1215. Jun 27 16:43:46.409682: "xauth-aggr"[1] 192.168.1.138 #1: WARNING: connection xauth-aggr PSK length of 4 bytes is too short for md5 PRF in FIPS mode (8 bytes required)
  1216. Jun 27 16:43:46.409685: | OAKLEY proposal verified unconditionally; no alg_info to check against
  1217. Jun 27 16:43:46.409687: | Oakley Transform 1 accepted
  1218. Jun 27 16:43:46.409693: | adding outI2 KE work-order 1 for state #1
  1219. Jun 27 16:43:46.409696: | state #1 requesting to delete non existing event
  1220. Jun 27 16:43:46.409698: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece6fe8
  1221. Jun 27 16:43:46.409704: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
  1222. Jun 27 16:43:46.409709: | backlog: inserting object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 into list 0x559b0e2fb5e0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1223. Jun 27 16:43:46.409712: | backlog: inserted object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1224. Jun 27 16:43:46.409715: | backlog: list entry 0x559b0e2fb5e0 is HEAD (older 0x559b0ece73c0 newer 0x559b0ece73c0)
  1225. Jun 27 16:43:46.410000: | crypto helper 1 resuming
  1226. Jun 27 16:43:46.410009: | backlog: removing object 0x559b0ece73b8 (work-order 1 state #1) entry 0x559b0ece73c0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1227. Jun 27 16:43:46.410011: | backlog: empty
  1228. Jun 27 16:43:46.410016: | crypto helper 1 starting work-order 1 for state #1
  1229. Jun 27 16:43:46.410019: | crypto helper 1 doing build KE and nonce; request ID 1
  1230. Jun 27 16:43:46.410317: | crypto helper 1 finished build KE and nonce; request ID 1 time elapsed 298 usec
  1231. Jun 27 16:43:46.410324: | crypto helper 1 sending results from work-order 1 for state #1 to event queue
  1232. Jun 27 16:43:46.410327: | scheduling now-event sending helper answer for #1
  1233. Jun 27 16:43:46.410333: | crypto helper 1 waiting (nothing to do)
  1234. Jun 27 16:43:46.410355: | complete v1 state transition with STF_SUSPEND
  1235. Jun 27 16:43:46.410373: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2272)
  1236. Jun 27 16:43:46.410387: | suspending state #1 and saving MD
  1237. Jun 27 16:43:46.410400: | #1 is busy; has a suspended MD
  1238. Jun 27 16:43:46.410414: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1239. Jun 27 16:43:46.410429: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1240. Jun 27 16:43:46.410448: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1241. Jun 27 16:43:46.410469: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1242. Jun 27 16:43:46.410482: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1243. Jun 27 16:43:46.410501: | executing now-event sending helper answer for 1
  1244. Jun 27 16:43:46.410514: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1245. Jun 27 16:43:46.410526: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1246. Jun 27 16:43:46.410540: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:594)
  1247. Jun 27 16:43:46.410553: | crypto helper 1 replies to request ID 1
  1248. Jun 27 16:43:46.410565: | calling continuation function 0x559b0dfb9810
  1249. Jun 27 16:43:46.410577: | aggr inI1_outR1: calculated ke+nonce, calculating DH
  1250. Jun 27 16:43:46.410590: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1251. Jun 27 16:43:46.410603: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1252. Jun 27 16:43:46.410616: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
  1253. Jun 27 16:43:46.410629: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
  1254. Jun 27 16:43:46.410641: | line 1: match=9
  1255. Jun 27 16:43:46.410653: | best_match 0>9 best=0x559b0ece4998 (line=1)
  1256. Jun 27 16:43:46.410665: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
  1257. Jun 27 16:43:46.410681: | adding aggr outR1 DH work-order 2 for state #1
  1258. Jun 27 16:43:46.410694: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
  1259. Jun 27 16:43:46.410708: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece6fe8
  1260. Jun 27 16:43:46.410721: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece45e8
  1261. Jun 27 16:43:46.410734: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
  1262. Jun 27 16:43:46.410748: | backlog: inserting object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 into list 0x559b0e2fb5e0 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1263. Jun 27 16:43:46.410762: | backlog: inserted object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1264. Jun 27 16:43:46.410774: | backlog: list entry 0x559b0e2fb5e0 is HEAD (older 0x559b0ece7f90 newer 0x559b0ece7f90)
  1265. Jun 27 16:43:46.410795: | crypto helper 0 resuming
  1266. Jun 27 16:43:46.410801: | backlog: removing object 0x559b0ece7f88 (work-order 2 state #1) entry 0x559b0ece7f90 (older 0x559b0e2fb5e0 newer 0x559b0e2fb5e0)
  1267. Jun 27 16:43:46.410803: | backlog: empty
  1268. Jun 27 16:43:46.410806: | crypto helper 0 starting work-order 2 for state #1
  1269. Jun 27 16:43:46.410808: | crypto helper 0 doing compute dh+iv (V1 Phase 1); request ID 2
  1270. Jun 27 16:43:46.411227: | crypto helper 0 finished compute dh+iv (V1 Phase 1); request ID 2 time elapsed 418 usec
  1271. Jun 27 16:43:46.411233: | crypto helper 0 sending results from work-order 2 for state #1 to event queue
  1272. Jun 27 16:43:46.411236: | scheduling now-event sending helper answer for #1
  1273. Jun 27 16:43:46.411240: | crypto helper 0 waiting (nothing to do)
  1274. Jun 27 16:43:46.411259: | suspending state #1 and saving MD
  1275. Jun 27 16:43:46.411272: | #1 is busy; has a suspended MD
  1276. Jun 27 16:43:46.411287: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:597)
  1277. Jun 27 16:43:46.411300: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1278. Jun 27 16:43:46.411312: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1279. Jun 27 16:43:46.411328: | executing now-event sending helper answer for 1
  1280. Jun 27 16:43:46.411342: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1281. Jun 27 16:43:46.411355: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1282. Jun 27 16:43:46.411369: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:594)
  1283. Jun 27 16:43:46.411381: | crypto helper 0 replies to request ID 2
  1284. Jun 27 16:43:46.411393: | calling continuation function 0x559b0dfba8c0
  1285. Jun 27 16:43:46.411410: | aggr_inI1_outR1_continue2 for #1: calculated ke+nonce+DH, sending R1
  1286. Jun 27 16:43:46.411423: | thinking about whether to send my certificate:
  1287. Jun 27 16:43:46.411436: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
  1288. Jun 27 16:43:46.411449: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
  1289. Jun 27 16:43:46.411461: | so do not send cert.
  1290. Jun 27 16:43:46.411473: | I did not send a certificate because digital signatures are not being used. (PSK)
  1291. Jun 27 16:43:46.411485: | I am not sending a certificate request
  1292. Jun 27 16:43:46.411518: | **emit ISAKMP Message:
  1293. Jun 27 16:43:46.411531: | initiator cookie:
  1294. Jun 27 16:43:46.411543: | 10 78 8d 8e 71 84 24 7b
  1295. Jun 27 16:43:46.411555: | responder cookie:
  1296. Jun 27 16:43:46.411567: | 9f 03 d1 e8 76 2f 9f cb
  1297. Jun 27 16:43:46.411579: | next payload type: ISAKMP_NEXT_SA (0x1)
  1298. Jun 27 16:43:46.411592: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1299. Jun 27 16:43:46.411604: | exchange type: ISAKMP_XCHG_AGGR (0x4)
  1300. Jun 27 16:43:46.411616: | flags: none (0x0)
  1301. Jun 27 16:43:46.411628: | message ID: 00 00 00 00
  1302. Jun 27 16:43:46.411641: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
  1303. Jun 27 16:43:46.411654: | ***emit ISAKMP Security Association Payload:
  1304. Jun 27 16:43:46.411666: | next payload type: ISAKMP_NEXT_KE (0x4)
  1305. Jun 27 16:43:46.411678: | DOI: ISAKMP_DOI_IPSEC (0x1)
  1306. Jun 27 16:43:46.411692: | ****parse IPsec DOI SIT:
  1307. Jun 27 16:43:46.411704: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
  1308. Jun 27 16:43:46.411717: | ****parse ISAKMP Proposal Payload:
  1309. Jun 27 16:43:46.411729: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1310. Jun 27 16:43:46.411741: | length: 704 (0x2c0)
  1311. Jun 27 16:43:46.411753: | proposal number: 1 (0x1)
  1312. Jun 27 16:43:46.411765: | protocol ID: PROTO_ISAKMP (0x1)
  1313. Jun 27 16:43:46.411777: | SPI size: 0 (0x0)
  1314. Jun 27 16:43:46.411789: | number of transforms: 18 (0x12)
  1315. Jun 27 16:43:46.411802: | *****parse ISAKMP Transform Payload (ISAKMP):
  1316. Jun 27 16:43:46.411814: | next payload type: ISAKMP_NEXT_T (0x3)
  1317. Jun 27 16:43:46.411826: | length: 40 (0x28)
  1318. Jun 27 16:43:46.411838: | ISAKMP transform number: 1 (0x1)
  1319. Jun 27 16:43:46.411850: | ISAKMP transform ID: KEY_IKE (0x1)
  1320. Jun 27 16:43:46.411862: | ******parse ISAKMP Oakley attribute:
  1321. Jun 27 16:43:46.411875: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  1322. Jun 27 16:43:46.411887: | length/value: 7 (0x7)
  1323. Jun 27 16:43:46.411899: | [7 is OAKLEY_AES_CBC]
  1324. Jun 27 16:43:46.411912: | ******parse ISAKMP Oakley attribute:
  1325. Jun 27 16:43:46.411924: | af+type: OAKLEY_KEY_LENGTH (0x800e)
  1326. Jun 27 16:43:46.411936: | length/value: 256 (0x100)
  1327. Jun 27 16:43:46.411948: | ******parse ISAKMP Oakley attribute:
  1328. Jun 27 16:43:46.411960: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  1329. Jun 27 16:43:46.411972: | length/value: 1 (0x1)
  1330. Jun 27 16:43:46.412002: | [1 is OAKLEY_MD5]
  1331. Jun 27 16:43:46.412024: | ******parse ISAKMP Oakley attribute:
  1332. Jun 27 16:43:46.412037: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  1333. Jun 27 16:43:46.412059: | length/value: 2 (0x2)
  1334. Jun 27 16:43:46.412071: | [2 is OAKLEY_GROUP_MODP1024]
  1335. Jun 27 16:43:46.412084: | ******parse ISAKMP Oakley attribute:
  1336. Jun 27 16:43:46.412116: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  1337. Jun 27 16:43:46.412129: | length/value: 65001 (0xfde9)
  1338. Jun 27 16:43:46.412151: | [65001 is XAUTHInitPreShared]
  1339. Jun 27 16:43:46.412164: | started looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1340. Jun 27 16:43:46.412177: | actually looking for secret for 192.168.1.137->192.168.1.138 of kind PKK_PSK
  1341. Jun 27 16:43:46.412190: | line 1: key type PKK_PSK(192.168.1.137) to type PKK_PSK
  1342. Jun 27 16:43:46.412203: | 1: compared key 192.168.1.137 to 192.168.1.137 / 192.168.1.138 -> 8
  1343. Jun 27 16:43:46.412214: | line 1: match=9
  1344. Jun 27 16:43:46.412227: | best_match 0>9 best=0x559b0ece4998 (line=1)
  1345. Jun 27 16:43:46.412239: | concluding with best_match=9 best=0x559b0ece4998 (lineno=1)
  1346. Jun 27 16:43:46.412251: | ******parse ISAKMP Oakley attribute:
  1347. Jun 27 16:43:46.412268: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  1348. Jun 27 16:43:46.412281: | length/value: 1 (0x1)
  1349. Jun 27 16:43:46.412293: | [1 is OAKLEY_LIFE_SECONDS]
  1350. Jun 27 16:43:46.412305: | ******parse ISAKMP Oakley attribute:
  1351. Jun 27 16:43:46.412317: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
  1352. Jun 27 16:43:46.412329: | length/value: 4 (0x4)
  1353. Jun 27 16:43:46.412341: | long duration: 86400
  1354. Jun 27 16:43:46.412355: "xauth-aggr"[1] 192.168.1.138 #1: WARNING: connection xauth-aggr PSK length of 4 bytes is too short for md5 PRF in FIPS mode (8 bytes required)
  1355. Jun 27 16:43:46.412368: | OAKLEY proposal verified unconditionally; no alg_info to check against
  1356. Jun 27 16:43:46.412380: | Oakley Transform 1 accepted
  1357. Jun 27 16:43:46.412392: | ****emit IPsec DOI SIT:
  1358. Jun 27 16:43:46.412404: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
  1359. Jun 27 16:43:46.412416: | ****emit ISAKMP Proposal Payload:
  1360. Jun 27 16:43:46.412429: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1361. Jun 27 16:43:46.412441: | proposal number: 1 (0x1)
  1362. Jun 27 16:43:46.412463: | protocol ID: PROTO_ISAKMP (0x1)
  1363. Jun 27 16:43:46.412475: | SPI size: 0 (0x0)
  1364. Jun 27 16:43:46.412543: | number of transforms: 1 (0x1)
  1365. Jun 27 16:43:46.412559: | *****emit ISAKMP Transform Payload (ISAKMP):
  1366. Jun 27 16:43:46.412573: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1367. Jun 27 16:43:46.412585: | ISAKMP transform number: 1 (0x1)
  1368. Jun 27 16:43:46.412597: | ISAKMP transform ID: KEY_IKE (0x1)
  1369. Jun 27 16:43:46.412610: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
  1370. Jun 27 16:43:46.412623: | attributes 80 01 00 07 80 0e 01 00 80 02 00 01 80 04 00 02
  1371. Jun 27 16:43:46.412635: | attributes 80 03 fd e9 80 0b 00 01 00 0c 00 04 00 01 51 80
  1372. Jun 27 16:43:46.412647: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
  1373. Jun 27 16:43:46.412659: | emitting length of ISAKMP Proposal Payload: 48
  1374. Jun 27 16:43:46.412671: | emitting length of ISAKMP Security Association Payload: 60
  1375. Jun 27 16:43:46.412685: | ***emit ISAKMP Key Exchange Payload:
  1376. Jun 27 16:43:46.412724: | next payload type: ISAKMP_NEXT_NONCE (0xa)
  1377. Jun 27 16:43:46.412738: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
  1378. Jun 27 16:43:46.412750: | keyex value d8 13 b1 7f 08 0e ae 98 88 f2 14 14 42 81 df ef
  1379. Jun 27 16:43:46.412762: | keyex value 03 44 03 53 42 3d ae e3 93 2a af b4 0b 92 33 b7
  1380. Jun 27 16:43:46.412810: | keyex value aa 13 b6 89 b1 ee 81 4c 30 14 9b b0 61 cf a9 70
  1381. Jun 27 16:43:46.412824: | keyex value 2e 20 a3 02 b3 4a 66 d3 7d d2 2a 27 d9 f7 75 40
  1382. Jun 27 16:43:46.412836: | keyex value 07 46 f5 ca 6d 47 b5 08 a5 79 f8 be a8 18 ae 9f
  1383. Jun 27 16:43:46.412848: | keyex value a5 a2 f7 77 d6 4d 28 ec 19 2a f2 59 84 ac 3a 8e
  1384. Jun 27 16:43:46.412860: | keyex value bd 7e a4 66 99 ac 8f 85 17 d2 f3 ab 2e 2c fe 8b
  1385. Jun 27 16:43:46.413170: | keyex value 4e 39 d7 a1 b9 e1 92 a0 ec 0a 35 f8 c0 36 56 f8
  1386. Jun 27 16:43:46.413190: | emitting length of ISAKMP Key Exchange Payload: 132
  1387. Jun 27 16:43:46.413203: | ***emit ISAKMP Nonce Payload:
  1388. Jun 27 16:43:46.413216: | next payload type: ISAKMP_NEXT_ID (0x5)
  1389. Jun 27 16:43:46.413238: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
  1390. Jun 27 16:43:46.413250: | Nr 67 aa 71 bd 16 98 00 d5 7e 7e 3d 40 c7 95 d9 7a
  1391. Jun 27 16:43:46.413262: | Nr f2 80 2b 8c 1c 00 30 be 5a f4 47 51 02 23 d5 09
  1392. Jun 27 16:43:46.413274: | emitting length of ISAKMP Nonce Payload: 36
  1393. Jun 27 16:43:46.413287: | ***emit ISAKMP Identification Payload (IPsec DOI):
  1394. Jun 27 16:43:46.413299: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1395. Jun 27 16:43:46.413311: | ID type: ID_IPV4_ADDR (0x1)
  1396. Jun 27 16:43:46.413323: | Protocol ID: 0 (0x0)
  1397. Jun 27 16:43:46.413335: | port: 0 (0x0)
  1398. Jun 27 16:43:46.413348: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
  1399. Jun 27 16:43:46.413360: | my identity c0 a8 01 89
  1400. Jun 27 16:43:46.413372: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
  1401. Jun 27 16:43:46.413443: | ***emit ISAKMP Hash Payload:
  1402. Jun 27 16:43:46.413460: | next payload type: ISAKMP_NEXT_VID (0xd)
  1403. Jun 27 16:43:46.413477: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload
  1404. Jun 27 16:43:46.413490: | HASH_R c5 ad 5f d7 3a 01 8d b6 97 26 6d 3d 7a 42 cb 22
  1405. Jun 27 16:43:46.413502: | emitting length of ISAKMP Hash Payload: 20
  1406. Jun 27 16:43:46.413515: | out_vid(): sending [Dead Peer Detection]
  1407. Jun 27 16:43:46.413527: | ***emit ISAKMP Vendor ID Payload:
  1408. Jun 27 16:43:46.413540: | next payload type: ISAKMP_NEXT_VID (0xd)
  1409. Jun 27 16:43:46.413552: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
  1410. Jun 27 16:43:46.413564: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
  1411. Jun 27 16:43:46.413577: | emitting length of ISAKMP Vendor ID Payload: 20
  1412. Jun 27 16:43:46.413589: | out_vid(): sending [RFC 3947]
  1413. Jun 27 16:43:46.413601: | ***emit ISAKMP Vendor ID Payload:
  1414. Jun 27 16:43:46.413613: | next payload type: ISAKMP_NEXT_VID (0xd)
  1415. Jun 27 16:43:46.413626: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
  1416. Jun 27 16:43:46.413638: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
  1417. Jun 27 16:43:46.413650: | emitting length of ISAKMP Vendor ID Payload: 20
  1418. Jun 27 16:43:46.413662: | sending NAT-D payloads
  1419. Jun 27 16:43:46.413681: | natd_hash: hasher=0x559b0e2d9400(16)
  1420. Jun 27 16:43:46.413939: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
  1421. Jun 27 16:43:46.413966: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
  1422. Jun 27 16:43:46.413979: | natd_hash: ip= c0 a8 01 8a
  1423. Jun 27 16:43:46.413991: | natd_hash: port=500
  1424. Jun 27 16:43:46.414003: | natd_hash: hash= 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
  1425. Jun 27 16:43:46.414015: | ***emit ISAKMP NAT-D Payload:
  1426. Jun 27 16:43:46.414028: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
  1427. Jun 27 16:43:46.414040: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
  1428. Jun 27 16:43:46.414053: | NAT-D 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
  1429. Jun 27 16:43:46.414065: | emitting length of ISAKMP NAT-D Payload: 20
  1430. Jun 27 16:43:46.414084: | natd_hash: hasher=0x559b0e2d9400(16)
  1431. Jun 27 16:43:46.414098: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
  1432. Jun 27 16:43:46.414110: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
  1433. Jun 27 16:43:46.414122: | natd_hash: ip= c0 a8 01 89
  1434. Jun 27 16:43:46.414134: | natd_hash: port=500
  1435. Jun 27 16:43:46.414146: | natd_hash: hash= 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1436. Jun 27 16:43:46.414158: | ***emit ISAKMP NAT-D Payload:
  1437. Jun 27 16:43:46.414170: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1438. Jun 27 16:43:46.414182: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
  1439. Jun 27 16:43:46.414194: | NAT-D 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1440. Jun 27 16:43:46.414206: | emitting length of ISAKMP NAT-D Payload: 20
  1441. Jun 27 16:43:46.414219: | no IKEv1 message padding required
  1442. Jun 27 16:43:46.414231: | emitting length of ISAKMP Message: 368
  1443. Jun 27 16:43:46.414243: | complete v1 state transition with STF_OK
  1444. Jun 27 16:43:46.414258: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2297)
  1445. Jun 27 16:43:46.414271: | #1 is idle
  1446. Jun 27 16:43:46.414283: | doing_xauth:yes, t_xauth_client_done:no
  1447. Jun 27 16:43:46.414295: | peer supports fragmentation
  1448. Jun 27 16:43:46.414307: | peer supports dpd
  1449. Jun 27 16:43:46.414319: | dpd is active locally
  1450. Jun 27 16:43:46.414331: | IKEv1: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
  1451. Jun 27 16:43:46.414343: | event_already_set, deleting event
  1452. Jun 27 16:43:46.414355: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
  1453. Jun 27 16:43:46.414369: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559b0ece45e8
  1454. Jun 27 16:43:46.414385: | sending reply packet to 192.168.1.138:500 (from port 500)
  1455. Jun 27 16:43:46.414648: | sending 368 bytes for STATE_AGGR_R0 through eth0:500 to 192.168.1.138:500 (using #1)
  1456. Jun 27 16:43:46.414666: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1457. Jun 27 16:43:46.414678: | 01 10 04 00 00 00 00 00 00 00 01 70 04 00 00 3c
  1458. Jun 27 16:43:46.414690: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
  1459. Jun 27 16:43:46.414707: | 00 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
  1460. Jun 27 16:43:46.414719: | 80 02 00 01 80 04 00 02 80 03 fd e9 80 0b 00 01
  1461. Jun 27 16:43:46.414731: | 00 0c 00 04 00 01 51 80 0a 00 00 84 d8 13 b1 7f
  1462. Jun 27 16:43:46.414743: | 08 0e ae 98 88 f2 14 14 42 81 df ef 03 44 03 53
  1463. Jun 27 16:43:46.414754: | 42 3d ae e3 93 2a af b4 0b 92 33 b7 aa 13 b6 89
  1464. Jun 27 16:43:46.414766: | b1 ee 81 4c 30 14 9b b0 61 cf a9 70 2e 20 a3 02
  1465. Jun 27 16:43:46.414778: | b3 4a 66 d3 7d d2 2a 27 d9 f7 75 40 07 46 f5 ca
  1466. Jun 27 16:43:46.414790: | 6d 47 b5 08 a5 79 f8 be a8 18 ae 9f a5 a2 f7 77
  1467. Jun 27 16:43:46.414802: | d6 4d 28 ec 19 2a f2 59 84 ac 3a 8e bd 7e a4 66
  1468. Jun 27 16:43:46.414814: | 99 ac 8f 85 17 d2 f3 ab 2e 2c fe 8b 4e 39 d7 a1
  1469. Jun 27 16:43:46.414825: | b9 e1 92 a0 ec 0a 35 f8 c0 36 56 f8 05 00 00 24
  1470. Jun 27 16:43:46.414837: | 67 aa 71 bd 16 98 00 d5 7e 7e 3d 40 c7 95 d9 7a
  1471. Jun 27 16:43:46.414849: | f2 80 2b 8c 1c 00 30 be 5a f4 47 51 02 23 d5 09
  1472. Jun 27 16:43:46.414861: | 08 00 00 0c 01 00 00 00 c0 a8 01 89 0d 00 00 14
  1473. Jun 27 16:43:46.414873: | c5 ad 5f d7 3a 01 8d b6 97 26 6d 3d 7a 42 cb 22
  1474. Jun 27 16:43:46.414885: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
  1475. Jun 27 16:43:46.414897: | 77 57 01 00 14 00 00 14 4a 13 1c 81 07 03 58 45
  1476. Jun 27 16:43:46.414908: | 5c 57 28 f2 0e 95 45 2f 14 00 00 14 91 0f 11 37
  1477. Jun 27 16:43:46.414920: | fe a4 a4 2f 57 46 1a 14 97 56 28 ae 00 00 00 14
  1478. Jun 27 16:43:46.414932: | 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1479. Jun 27 16:43:46.415024: | !event_already_set at reschedule
  1480. Jun 27 16:43:46.415239: | event_schedule: new EVENT_SO_DISCARD-pe@0x559b0ece4788
  1481. Jun 27 16:43:46.415259: | inserting event EVENT_SO_DISCARD, timeout in 60.000 seconds for #1
  1482. Jun 27 16:43:46.415275: "xauth-aggr"[1] 192.168.1.138 #1: STATE_AGGR_R1: sent AR1, expecting AI2
  1483. Jun 27 16:43:46.415289: | modecfg pull: quirk-poll policy:pull not-client
  1484. Jun 27 16:43:46.415301: | phase 1 is done, looking for phase 2 to unpend
  1485. Jun 27 16:43:46.415317: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in schedule_event_now_cb() at server.c:597)
  1486. Jun 27 16:43:46.415330: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1487. Jun 27 16:43:46.415343: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1488. Jun 27 16:43:46.415973: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1489. Jun 27 16:43:46.416010: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1490. Jun 27 16:43:46.416032: | 08 10 04 01 00 00 00 00 00 00 00 5c 8b a1 01 4a
  1491. Jun 27 16:43:46.416044: | ec 4d f6 fd 48 10 7a 85 7e 83 dc 15 ed ee c8 f0
  1492. Jun 27 16:43:46.416057: | 96 b4 1f f3 ac 58 b4 7e 18 2a 13 33 de 46 05 83
  1493. Jun 27 16:43:46.416069: | eb d6 6c ff ce cd fa 16 09 d4 ab 87 f6 bf c4 e4
  1494. Jun 27 16:43:46.416081: | 41 8d 65 77 20 b9 32 50 e5 c1 ec e0
  1495. Jun 27 16:43:46.416095: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1496. Jun 27 16:43:46.416109: | **parse ISAKMP Message:
  1497. Jun 27 16:43:46.416123: | initiator cookie:
  1498. Jun 27 16:43:46.416136: | 10 78 8d 8e 71 84 24 7b
  1499. Jun 27 16:43:46.416149: | responder cookie:
  1500. Jun 27 16:43:46.416161: | 9f 03 d1 e8 76 2f 9f cb
  1501. Jun 27 16:43:46.416175: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1502. Jun 27 16:43:46.416187: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1503. Jun 27 16:43:46.416200: | exchange type: ISAKMP_XCHG_AGGR (0x4)
  1504. Jun 27 16:43:46.416212: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1505. Jun 27 16:43:46.416225: | message ID: 00 00 00 00
  1506. Jun 27 16:43:46.416237: | length: 92 (0x5c)
  1507. Jun 27 16:43:46.416250: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_AGGR (4)
  1508. Jun 27 16:43:46.416267: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1509. Jun 27 16:43:46.416280: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
  1510. Jun 27 16:43:46.416293: | v1 state object #1 found, in STATE_AGGR_R1
  1511. Jun 27 16:43:46.416308: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1117)
  1512. Jun 27 16:43:46.416325: | #1 is idle
  1513. Jun 27 16:43:46.416338: | #1 idle
  1514. Jun 27 16:43:46.416367: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x102000
  1515. Jun 27 16:43:46.416382: | ***parse ISAKMP Hash Payload:
  1516. Jun 27 16:43:46.416395: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
  1517. Jun 27 16:43:46.416408: | length: 20 (0x14)
  1518. Jun 27 16:43:46.416420: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
  1519. Jun 27 16:43:46.416433: | ***parse ISAKMP NAT-D Payload:
  1520. Jun 27 16:43:46.416446: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
  1521. Jun 27 16:43:46.416458: | length: 20 (0x14)
  1522. Jun 27 16:43:46.416470: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
  1523. Jun 27 16:43:46.416483: | ***parse ISAKMP NAT-D Payload:
  1524. Jun 27 16:43:46.416495: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1525. Jun 27 16:43:46.416508: | length: 20 (0x14)
  1526. Jun 27 16:43:46.416520: | removing 4 bytes of padding
  1527. Jun 27 16:43:46.416534: | checking NAT-T: enabled and RFC 3947 (NAT-Traversal)
  1528. Jun 27 16:43:46.416552: | natd_hash: hasher=0x559b0e2d9400(16)
  1529. Jun 27 16:43:46.416566: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
  1530. Jun 27 16:43:46.416579: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
  1531. Jun 27 16:43:46.416591: | natd_hash: ip= c0 a8 01 89
  1532. Jun 27 16:43:46.416604: | natd_hash: port=500
  1533. Jun 27 16:43:46.416616: | natd_hash: hash= 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1534. Jun 27 16:43:46.416632: | natd_hash: hasher=0x559b0e2d9400(16)
  1535. Jun 27 16:43:46.416646: | natd_hash: icookie= 10 78 8d 8e 71 84 24 7b
  1536. Jun 27 16:43:46.416658: | natd_hash: rcookie= 9f 03 d1 e8 76 2f 9f cb
  1537. Jun 27 16:43:46.416671: | natd_hash: ip= c0 a8 01 8a
  1538. Jun 27 16:43:46.416683: | natd_hash: port=500
  1539. Jun 27 16:43:46.416695: | natd_hash: hash= 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
  1540. Jun 27 16:43:46.416708: | expected NAT-D(me): 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1541. Jun 27 16:43:46.416720: | expected NAT-D(him):
  1542. Jun 27 16:43:46.416732: | 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
  1543. Jun 27 16:43:46.416745: | received NAT-D: 34 45 41 ae 6b b7 64 f9 b1 65 ad 70 aa 94 c4 30
  1544. Jun 27 16:43:46.416758: | received NAT-D: 91 0f 11 37 fe a4 a4 2f 57 46 1a 14 97 56 28 ae
  1545. Jun 27 16:43:46.416771: | NAT_TRAVERSAL encaps using auto-detect
  1546. Jun 27 16:43:46.416783: | NAT_TRAVERSAL this end is NOT behind NAT
  1547. Jun 27 16:43:46.416795: | NAT_TRAVERSAL that end is NOT behind NAT
  1548. Jun 27 16:43:46.416808: | NAT_TRAVERSAL nat_keepalive enabled 192.168.1.138
  1549. Jun 27 16:43:46.416821: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
  1550. Jun 27 16:43:46.416833: | NAT_T_WITH_KA detected
  1551. Jun 27 16:43:46.416846: | event_schedule: new EVENT_NAT_T_KEEPALIVE-pe@0x559b0ece5c18
  1552. Jun 27 16:43:46.416860: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20.000 seconds
  1553. Jun 27 16:43:46.416874: | **emit ISAKMP Identification Payload (IPsec DOI):
  1554. Jun 27 16:43:46.416887: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1555. Jun 27 16:43:46.416900: | ID type: ID_IPV4_ADDR (0x1)
  1556. Jun 27 16:43:46.416913: | Protocol ID: 0 (0x0)
  1557. Jun 27 16:43:46.416925: | port: 0 (0x0)
  1558. Jun 27 16:43:46.416938: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
  1559. Jun 27 16:43:46.416950: | my identity c0 a8 01 8a
  1560. Jun 27 16:43:46.416963: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
  1561. Jun 27 16:43:46.416976: | ***parse ISAKMP Identification Payload:
  1562. Jun 27 16:43:46.416988: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1563. Jun 27 16:43:46.417001: | length: 12 (0xc)
  1564. Jun 27 16:43:46.417013: | ID type: ID_IPV4_ADDR (0x1)
  1565. Jun 27 16:43:46.417025: | DOI specific A: 0 (0x0)
  1566. Jun 27 16:43:46.417038: | DOI specific B: 0 (0x0)
  1567. Jun 27 16:43:46.417052: "xauth-aggr"[1] 192.168.1.138 #1: Peer ID is ID_IPV4_ADDR: '192.168.1.138'
  1568. Jun 27 16:43:46.417065: | X509: no CERT payloads to process
  1569. Jun 27 16:43:46.417131: "xauth-aggr"[1] 192.168.1.138 #1: received Hash Payload does not match computed value
  1570. Jun 27 16:43:46.417232: | complete v1 state transition with INVALID_HASH_INFORMATION
  1571. Jun 27 16:43:46.417253: | processing: [RE]START state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in complete_v1_state_transition() at ikev1.c:2297)
  1572. Jun 27 16:43:46.417336: | #1 is idle
  1573. Jun 27 16:43:46.417359: "xauth-aggr"[1] 192.168.1.138 #1: sending encrypted notification INVALID_HASH_INFORMATION to 192.168.1.138:500
  1574. Jun 27 16:43:46.417374: | **emit ISAKMP Message:
  1575. Jun 27 16:43:46.417387: | initiator cookie:
  1576. Jun 27 16:43:46.417399: | 10 78 8d 8e 71 84 24 7b
  1577. Jun 27 16:43:46.417411: | responder cookie:
  1578. Jun 27 16:43:46.417423: | 9f 03 d1 e8 76 2f 9f cb
  1579. Jun 27 16:43:46.417446: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1580. Jun 27 16:43:46.417538: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1581. Jun 27 16:43:46.417555: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1582. Jun 27 16:43:46.417568: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1583. Jun 27 16:43:46.417581: | message ID: fe e7 24 fd
  1584. Jun 27 16:43:46.417594: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
  1585. Jun 27 16:43:46.417607: | ***emit ISAKMP Hash Payload:
  1586. Jun 27 16:43:46.417619: | next payload type: ISAKMP_NEXT_N (0xb)
  1587. Jun 27 16:43:46.417633: | emitting 16 zero bytes of HASH(1) into ISAKMP Hash Payload
  1588. Jun 27 16:43:46.417645: | emitting length of ISAKMP Hash Payload: 20
  1589. Jun 27 16:43:46.417658: | ***emit ISAKMP Notification Payload:
  1590. Jun 27 16:43:46.417670: | next payload type: ISAKMP_NEXT_NONE (0x0)
  1591. Jun 27 16:43:46.417712: | DOI: ISAKMP_DOI_IPSEC (0x1)
  1592. Jun 27 16:43:46.417726: | protocol ID: 1 (0x1)
  1593. Jun 27 16:43:46.417739: | SPI size: 0 (0x0)
  1594. Jun 27 16:43:46.417751: | Notify Message Type: INVALID_HASH_INFORMATION (0x17)
  1595. Jun 27 16:43:46.417836: | emitting length of ISAKMP Notification Payload: 12
  1596. Jun 27 16:43:46.417896: | encrypting: 0b 00 00 14 89 f0 ae a3 3c 05 15 31 a6 0b d0 a6
  1597. Jun 27 16:43:46.417913: | encrypting: 0f 4b 04 d5 00 00 00 0c 00 00 00 01 01 00 00 17
  1598. Jun 27 16:43:46.417956: | IV: 47 42 ae 77 17 99 e5 89 d3 c8 19 ca 61 61 8a ba
  1599. Jun 27 16:43:46.417979: | no IKEv1 message padding required
  1600. Jun 27 16:43:46.418023: | emitting length of ISAKMP Message: 60
  1601. Jun 27 16:43:46.418039: | sending 60 bytes for notification packet through eth0:500 to 192.168.1.138:500 (using #1)
  1602. Jun 27 16:43:46.418052: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1603. Jun 27 16:43:46.418064: | 08 10 05 01 fe e7 24 fd 00 00 00 3c 2f 0a 3b 3d
  1604. Jun 27 16:43:46.418104: | 70 1f b5 f1 e1 ba 72 c0 fb 41 44 ed 29 15 ef c6
  1605. Jun 27 16:43:46.418118: | c2 4d 35 6c 32 d0 dd c9 80 98 08 c9
  1606. Jun 27 16:43:46.418183: | state transition function for STATE_AGGR_R1 failed: INVALID_HASH_INFORMATION
  1607. Jun 27 16:43:46.418276: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1608. Jun 27 16:43:46.418295: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1609. Jun 27 16:43:46.418319: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1610. Jun 27 16:43:46.418341: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1611. Jun 27 16:43:46.418364: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1612. Jun 27 16:43:46.418395: | *received 76 bytes from 192.168.1.138:500 on eth0 (port=500)
  1613. Jun 27 16:43:46.418419: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1614. Jun 27 16:43:46.418444: | 08 10 05 01 ff 6b 06 cc 00 00 00 4c c1 6c 21 a3
  1615. Jun 27 16:43:46.418467: | d2 eb 85 0a ba ac e5 0a 20 2f 88 74 ca a2 42 46
  1616. Jun 27 16:43:46.418488: | ef b3 9a 53 8d eb 16 57 60 be b9 9f b5 72 13 5f
  1617. Jun 27 16:43:46.418511: | e1 98 c8 62 88 a4 c5 b0 d0 fd d7 c7
  1618. Jun 27 16:43:46.418534: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1619. Jun 27 16:43:46.418558: | **parse ISAKMP Message:
  1620. Jun 27 16:43:46.418580: | initiator cookie:
  1621. Jun 27 16:43:46.418601: | 10 78 8d 8e 71 84 24 7b
  1622. Jun 27 16:43:46.418623: | responder cookie:
  1623. Jun 27 16:43:46.418647: | 9f 03 d1 e8 76 2f 9f cb
  1624. Jun 27 16:43:46.418671: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1625. Jun 27 16:43:46.418694: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1626. Jun 27 16:43:46.418707: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1627. Jun 27 16:43:46.418729: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1628. Jun 27 16:43:46.418750: | message ID: ff 6b 06 cc
  1629. Jun 27 16:43:46.418772: | length: 76 (0x4c)
  1630. Jun 27 16:43:46.418794: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1631. Jun 27 16:43:46.418819: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1632. Jun 27 16:43:46.418842: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1633. Jun 27 16:43:46.418864: | p15 state object #1 found, in STATE_AGGR_R1
  1634. Jun 27 16:43:46.418888: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1635. Jun 27 16:43:46.418917: | #1 is idle
  1636. Jun 27 16:43:46.418942: | #1 idle
  1637. Jun 27 16:43:46.418971: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1638. Jun 27 16:43:46.418997: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
  1639. Jun 27 16:43:46.419021: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
  1640. Jun 27 16:43:46.419044: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1641. Jun 27 16:43:46.419070: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1642. Jun 27 16:43:46.419095: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1643. Jun 27 16:43:46.419118: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1644. Jun 27 16:43:46.419140: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1645. Jun 27 16:43:46.419162: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1646. Jun 27 16:43:52.617594: | timer_event_cb: processing event@0x559b0ecdec88
  1647. Jun 27 16:43:52.617849: | handling event EVENT_SHUNT_SCAN
  1648. Jun 27 16:43:52.617879: | expiring aged bare shunts from shunt table
  1649. Jun 27 16:43:52.617899: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ece5dc8
  1650. Jun 27 16:43:52.617918: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
  1651. Jun 27 16:43:52.617939: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ecdec88
  1652. Jun 27 16:44:01.438498: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1653. Jun 27 16:44:01.438572: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1654. Jun 27 16:44:01.438590: | 08 10 05 01 7f 04 30 dc 00 00 00 5c db e5 a8 b2
  1655. Jun 27 16:44:01.438606: | e9 27 65 dd 59 90 7c e9 74 b7 9b 49 71 e6 c5 91
  1656. Jun 27 16:44:01.438621: | 3b 87 cb d4 28 44 48 32 5e 65 a9 00 f7 e8 b2 ae
  1657. Jun 27 16:44:01.438637: | 39 e7 b4 d9 9b cd e5 35 36 2d 5f b7 e4 de cb 00
  1658. Jun 27 16:44:01.438653: | cc 99 18 19 dd 7a 55 5b 47 a5 c3 2c
  1659. Jun 27 16:44:01.438671: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1660. Jun 27 16:44:01.438690: | **parse ISAKMP Message:
  1661. Jun 27 16:44:01.438708: | initiator cookie:
  1662. Jun 27 16:44:01.438723: | 10 78 8d 8e 71 84 24 7b
  1663. Jun 27 16:44:01.438738: | responder cookie:
  1664. Jun 27 16:44:01.438754: | 9f 03 d1 e8 76 2f 9f cb
  1665. Jun 27 16:44:01.438771: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1666. Jun 27 16:44:01.438787: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1667. Jun 27 16:44:01.438804: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1668. Jun 27 16:44:01.438820: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1669. Jun 27 16:44:01.438836: | message ID: 7f 04 30 dc
  1670. Jun 27 16:44:01.438851: | length: 92 (0x5c)
  1671. Jun 27 16:44:01.438868: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1672. Jun 27 16:44:01.438889: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1673. Jun 27 16:44:01.438908: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1674. Jun 27 16:44:01.438936: | p15 state object #1 found, in STATE_AGGR_R1
  1675. Jun 27 16:44:01.438955: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1676. Jun 27 16:44:01.439000: | #1 is idle
  1677. Jun 27 16:44:01.439018: | #1 idle
  1678. Jun 27 16:44:01.439054: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1679. Jun 27 16:44:01.439077: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 220 (0xdc)
  1680. Jun 27 16:44:01.439094: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1681. Jun 27 16:44:01.439117: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1682. Jun 27 16:44:01.439138: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1683. Jun 27 16:44:01.439155: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1684. Jun 27 16:44:01.439170: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1685. Jun 27 16:44:01.439187: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1686. Jun 27 16:44:06.423774: | timer_event_cb: processing event@0x559b0ece5c18
  1687. Jun 27 16:44:06.423851: | handling event EVENT_NAT_T_KEEPALIVE
  1688. Jun 27 16:44:06.423879: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in for_each_state() at state.c:1614)
  1689. Jun 27 16:44:06.423898: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
  1690. Jun 27 16:44:06.423916: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in for_each_state() at state.c:1614)
  1691. Jun 27 16:44:06.423933: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1692. Jun 27 16:44:06.423949: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1693. Jun 27 16:44:06.423969: | free_event_entry: release EVENT_NAT_T_KEEPALIVE-pe@0x559b0ece5c18
  1694. Jun 27 16:44:12.624893: | timer_event_cb: processing event@0x559b0ece5dc8
  1695. Jun 27 16:44:12.625034: | handling event EVENT_SHUNT_SCAN
  1696. Jun 27 16:44:12.625061: | expiring aged bare shunts from shunt table
  1697. Jun 27 16:44:12.625085: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x559b0ece5c18
  1698. Jun 27 16:44:12.625108: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
  1699. Jun 27 16:44:12.625140: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ece5dc8
  1700. Jun 27 16:44:16.469843: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1701. Jun 27 16:44:16.469881: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1702. Jun 27 16:44:16.469886: | 08 10 05 01 df 97 4f ad 00 00 00 5c 6e 91 3f 08
  1703. Jun 27 16:44:16.469889: | 2e aa e5 a2 1e 0b c7 03 f5 b6 85 67 31 0a 06 a7
  1704. Jun 27 16:44:16.469892: | 09 d0 a9 eb 10 f8 d3 ee 16 3e b9 0f f3 0d 2d 92
  1705. Jun 27 16:44:16.469896: | ec ed 88 f0 fc 1a e4 ec 46 81 61 ef 64 47 a0 95
  1706. Jun 27 16:44:16.469899: | 1f d3 29 59 2a 31 78 6f f4 af 7d 16
  1707. Jun 27 16:44:16.469906: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1708. Jun 27 16:44:16.469912: | **parse ISAKMP Message:
  1709. Jun 27 16:44:16.469917: | initiator cookie:
  1710. Jun 27 16:44:16.469920: | 10 78 8d 8e 71 84 24 7b
  1711. Jun 27 16:44:16.469924: | responder cookie:
  1712. Jun 27 16:44:16.469927: | 9f 03 d1 e8 76 2f 9f cb
  1713. Jun 27 16:44:16.469931: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1714. Jun 27 16:44:16.469935: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1715. Jun 27 16:44:16.469939: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1716. Jun 27 16:44:16.469943: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1717. Jun 27 16:44:16.469946: | message ID: df 97 4f ad
  1718. Jun 27 16:44:16.469950: | length: 92 (0x5c)
  1719. Jun 27 16:44:16.469954: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1720. Jun 27 16:44:16.469964: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1721. Jun 27 16:44:16.469970: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1722. Jun 27 16:44:16.469974: | p15 state object #1 found, in STATE_AGGR_R1
  1723. Jun 27 16:44:16.469994: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1724. Jun 27 16:44:16.470027: | #1 is idle
  1725. Jun 27 16:44:16.470031: | #1 idle
  1726. Jun 27 16:44:16.470049: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1727. Jun 27 16:44:16.470056: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 157 (0x9d)
  1728. Jun 27 16:44:16.470060: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1729. Jun 27 16:44:16.470074: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1730. Jun 27 16:44:16.470080: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1731. Jun 27 16:44:16.470084: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1732. Jun 27 16:44:16.470087: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1733. Jun 27 16:44:16.470091: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1734. Jun 27 16:44:20.469924: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1735. Jun 27 16:44:20.469959: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1736. Jun 27 16:44:20.469963: | 08 10 05 01 b2 84 d2 f6 00 00 00 5c b3 e0 02 1f
  1737. Jun 27 16:44:20.469966: | 75 cc 68 99 01 9f 44 3e 1f e6 72 57 29 0c 55 79
  1738. Jun 27 16:44:20.469969: | 48 bb 0f 44 0d 81 65 d5 8d 10 03 23 d4 df 5f 61
  1739. Jun 27 16:44:20.469971: | 5d 7a 3b 83 4b ce 21 e9 e6 5a 2c f2 1b f7 8b 9f
  1740. Jun 27 16:44:20.469974: | a0 15 02 6d 57 80 45 26 0f cc a5 c1
  1741. Jun 27 16:44:20.469980: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1742. Jun 27 16:44:20.469986: | **parse ISAKMP Message:
  1743. Jun 27 16:44:20.469990: | initiator cookie:
  1744. Jun 27 16:44:20.469993: | 10 78 8d 8e 71 84 24 7b
  1745. Jun 27 16:44:20.469996: | responder cookie:
  1746. Jun 27 16:44:20.469998: | 9f 03 d1 e8 76 2f 9f cb
  1747. Jun 27 16:44:20.470002: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1748. Jun 27 16:44:20.470005: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1749. Jun 27 16:44:20.470009: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1750. Jun 27 16:44:20.470012: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1751. Jun 27 16:44:20.470015: | message ID: b2 84 d2 f6
  1752. Jun 27 16:44:20.470019: | length: 92 (0x5c)
  1753. Jun 27 16:44:20.470022: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1754. Jun 27 16:44:20.470032: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1755. Jun 27 16:44:20.470037: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1756. Jun 27 16:44:20.470041: | p15 state object #1 found, in STATE_AGGR_R1
  1757. Jun 27 16:44:20.470048: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1758. Jun 27 16:44:20.470079: | #1 is idle
  1759. Jun 27 16:44:20.470082: | #1 idle
  1760. Jun 27 16:44:20.470100: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1761. Jun 27 16:44:20.470106: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
  1762. Jun 27 16:44:20.470110: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
  1763. Jun 27 16:44:20.470114: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1764. Jun 27 16:44:20.470123: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1765. Jun 27 16:44:20.470129: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1766. Jun 27 16:44:20.470133: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1767. Jun 27 16:44:20.470136: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1768. Jun 27 16:44:20.470140: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1769. Jun 27 16:44:23.501182: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1770. Jun 27 16:44:23.501254: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1771. Jun 27 16:44:23.501295: | 08 10 05 01 a0 a0 32 42 00 00 00 5c c7 50 0e b3
  1772. Jun 27 16:44:23.501299: | 28 a5 2a fc 79 76 91 86 27 f7 53 91 b9 cf 8f 0f
  1773. Jun 27 16:44:23.501302: | e8 64 ec a3 f8 50 4c 0c 01 c8 56 8f 9b e1 0d d0
  1774. Jun 27 16:44:23.501305: | b1 b9 5f 83 36 56 1e 6e 7c 96 de 86 bd c2 4e 29
  1775. Jun 27 16:44:23.501308: | 4f 59 33 e6 2a 64 78 45 7e be b7 39
  1776. Jun 27 16:44:23.501317: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1777. Jun 27 16:44:23.501328: | **parse ISAKMP Message:
  1778. Jun 27 16:44:23.501333: | initiator cookie:
  1779. Jun 27 16:44:23.501336: | 10 78 8d 8e 71 84 24 7b
  1780. Jun 27 16:44:23.501339: | responder cookie:
  1781. Jun 27 16:44:23.501341: | 9f 03 d1 e8 76 2f 9f cb
  1782. Jun 27 16:44:23.501346: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1783. Jun 27 16:44:23.501350: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1784. Jun 27 16:44:23.501353: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1785. Jun 27 16:44:23.501358: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1786. Jun 27 16:44:23.501361: | message ID: a0 a0 32 42
  1787. Jun 27 16:44:23.501364: | length: 92 (0x5c)
  1788. Jun 27 16:44:23.501369: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1789. Jun 27 16:44:23.501379: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1790. Jun 27 16:44:23.501388: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1791. Jun 27 16:44:23.501391: | p15 state object #1 found, in STATE_AGGR_R1
  1792. Jun 27 16:44:23.501403: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1793. Jun 27 16:44:23.501483: | #1 is idle
  1794. Jun 27 16:44:23.501488: | #1 idle
  1795. Jun 27 16:44:23.501529: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1796. Jun 27 16:44:23.501539: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 160 (0xa0)
  1797. Jun 27 16:44:23.501544: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1798. Jun 27 16:44:23.501561: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1799. Jun 27 16:44:23.501567: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1800. Jun 27 16:44:23.501572: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1801. Jun 27 16:44:23.501577: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1802. Jun 27 16:44:23.501581: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1803. Jun 27 16:44:25.501070: | *received 92 bytes from 192.168.1.138:500 on eth0 (port=500)
  1804. Jun 27 16:44:25.501104: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1805. Jun 27 16:44:25.501108: | 08 10 05 01 40 bc a2 4a 00 00 00 5c be 5b 23 e2
  1806. Jun 27 16:44:25.501110: | d5 82 22 f5 75 fc c5 1c ec a2 64 49 24 99 b8 98
  1807. Jun 27 16:44:25.501113: | 97 1d e8 4b 65 83 3b bc 7f c9 aa 75 4d 65 91 27
  1808. Jun 27 16:44:25.501116: | 0e be 3c 91 2c ea ff 98 8f 72 9b 9d f8 56 6c a9
  1809. Jun 27 16:44:25.501119: | a5 c4 f9 5b 20 15 f0 cd fe 24 9a 57
  1810. Jun 27 16:44:25.501125: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1811. Jun 27 16:44:25.501131: | **parse ISAKMP Message:
  1812. Jun 27 16:44:25.501135: | initiator cookie:
  1813. Jun 27 16:44:25.501137: | 10 78 8d 8e 71 84 24 7b
  1814. Jun 27 16:44:25.501140: | responder cookie:
  1815. Jun 27 16:44:25.501143: | 9f 03 d1 e8 76 2f 9f cb
  1816. Jun 27 16:44:25.501147: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1817. Jun 27 16:44:25.501150: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1818. Jun 27 16:44:25.501153: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1819. Jun 27 16:44:25.501157: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1820. Jun 27 16:44:25.501160: | message ID: 40 bc a2 4a
  1821. Jun 27 16:44:25.501164: | length: 92 (0x5c)
  1822. Jun 27 16:44:25.501168: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1823. Jun 27 16:44:25.501177: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1824. Jun 27 16:44:25.501195: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1825. Jun 27 16:44:25.501199: | p15 state object #1 found, in STATE_AGGR_R1
  1826. Jun 27 16:44:25.501206: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1827. Jun 27 16:44:25.501237: | #1 is idle
  1828. Jun 27 16:44:25.501240: | #1 idle
  1829. Jun 27 16:44:25.501257: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1830. Jun 27 16:44:25.501263: "xauth-aggr"[1] 192.168.1.138 #1: byte 2 of ISAKMP Hash Payload should have been zero, but was not (ignored)
  1831. Jun 27 16:44:25.501268: "xauth-aggr"[1] 192.168.1.138 #1: length of ISAKMP Hash Payload is larger than can fit
  1832. Jun 27 16:44:25.501272: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1833. Jun 27 16:44:25.501281: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1834. Jun 27 16:44:25.501287: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1835. Jun 27 16:44:25.501291: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1836. Jun 27 16:44:25.501294: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1837. Jun 27 16:44:25.501298: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1838. Jun 27 16:44:26.519465: | *received 76 bytes from 192.168.1.138:500 on eth0 (port=500)
  1839. Jun 27 16:44:26.519495: | 10 78 8d 8e 71 84 24 7b 9f 03 d1 e8 76 2f 9f cb
  1840. Jun 27 16:44:26.519497: | 08 10 05 01 20 63 f2 3d 00 00 00 4c ec 77 df f9
  1841. Jun 27 16:44:26.519500: | 50 03 98 ba a9 cc 33 63 cc 78 23 7b 52 fa 5e 95
  1842. Jun 27 16:44:26.519502: | fb 2c 80 2e 30 05 52 35 2c be d9 a7 c6 c5 03 f9
  1843. Jun 27 16:44:26.519504: | b5 1a 45 22 5e e6 41 91 6f ab 63 66
  1844. Jun 27 16:44:26.519509: | processing: start from 192.168.1.138:500 (in process_md() at demux.c:392)
  1845. Jun 27 16:44:26.519513: | **parse ISAKMP Message:
  1846. Jun 27 16:44:26.519517: | initiator cookie:
  1847. Jun 27 16:44:26.519519: | 10 78 8d 8e 71 84 24 7b
  1848. Jun 27 16:44:26.519521: | responder cookie:
  1849. Jun 27 16:44:26.519523: | 9f 03 d1 e8 76 2f 9f cb
  1850. Jun 27 16:44:26.519526: | next payload type: ISAKMP_NEXT_HASH (0x8)
  1851. Jun 27 16:44:26.519529: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  1852. Jun 27 16:44:26.519531: | exchange type: ISAKMP_XCHG_INFO (0x5)
  1853. Jun 27 16:44:26.519534: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
  1854. Jun 27 16:44:26.519537: | message ID: 20 63 f2 3d
  1855. Jun 27 16:44:26.519539: | length: 76 (0x4c)
  1856. Jun 27 16:44:26.519542: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
  1857. Jun 27 16:44:26.519550: | cookies table: hash icookie 10 78 8d 8e 71 84 24 7b rcookie 9f 03 d1 e8 76 2f 9f cb to 13404059529810691815 slot 0x559b0e2e8ae0
  1858. Jun 27 16:44:26.519554: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
  1859. Jun 27 16:44:26.519556: | p15 state object #1 found, in STATE_AGGR_R1
  1860. Jun 27 16:44:26.519563: | processing: start state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_v1_packet() at ikev1.c:1137)
  1861. Jun 27 16:44:26.519590: | #1 is idle
  1862. Jun 27 16:44:26.519593: | #1 idle
  1863. Jun 27 16:44:26.519614: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
  1864. Jun 27 16:44:26.519620: "xauth-aggr"[1] 192.168.1.138 #1: next payload type of ISAKMP Hash Payload has an unknown value: 77 (0x4d)
  1865. Jun 27 16:44:26.519623: "xauth-aggr"[1] 192.168.1.138 #1: malformed payload in packet
  1866. Jun 27 16:44:26.519630: | processing: stop from 192.168.1.138:500 (BACKGROUND) (in process_md() at demux.c:394)
  1867. Jun 27 16:44:26.519635: | processing: stop state #1 connection "xauth-aggr"[1] 192.168.1.138 192.168.1.138:500 (in process_md() at demux.c:396)
  1868. Jun 27 16:44:26.519638: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1869. Jun 27 16:44:26.519640: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1870. Jun 27 16:44:26.519644: | processing: STOP connection NULL (in process_md() at demux.c:397)
  1871. Jun 27 16:44:28.097817: shutting down
  1872. Jun 27 16:44:28.097843: | processing: RESET whack log_fd (was 15) (in exit_pluto() at plutomain.c:1784)
  1873. Jun 27 16:44:28.097848: | pluto_sd: executing action action: stopping(6), status 0
  1874. Jun 27 16:44:28.097866: | certs and keys locked by 'free_preshared_secrets'
  1875. Jun 27 16:44:28.097869: forgetting secrets
  1876. Jun 27 16:44:28.097873: | certs and keys unlocked by 'free_preshard_secrets'
  1877. Jun 27 16:44:28.097880: | processing: start connection "xauth-aggr"[1] 192.168.1.138 (in delete_connection() at connections.c:264)
  1878. Jun 27 16:44:28.097884: "xauth-aggr"[1] 192.168.1.138: deleting connection "xauth-aggr"[1] 192.168.1.138 instance with peer 192.168.1.138 {isakmp=#0/ipsec=#0}
  1879. Jun 27 16:44:28.097887: | Deleting states for connection - including all other IPsec SA's of this IKE SA
  1880. Jun 27 16:44:28.097890: | pass 0
  1881. Jun 27 16:44:28.097892: | state #1
  1882. Jun 27 16:44:28.097896: | processing: suspend connection "xauth-aggr" (in foreach_state_by_connection_func_delete() at state.c:1335)
  1883. Jun 27 16:44:28.097900: | processing: start state #1 connection "xauth-aggr" 192.168.1.138:500 (in foreach_state_by_connection_func_delete() at state.c:1335)
  1884. Jun 27 16:44:28.097904: | processing: [RE]START state #1 connection "xauth-aggr" 192.168.1.138:500 (in delete_state() at state.c:980)
  1885. Jun 27 16:44:28.097908: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1886. Jun 27 16:44:28.097910: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1887. Jun 27 16:44:28.097913: "xauth-aggr" #1: deleting state (STATE_AGGR_R1) and NOT sending notification
  1888. Jun 27 16:44:28.097917: | parent state #1: STATE_AGGR_R1(open-ike) => delete
  1889. Jun 27 16:44:28.097920: | state #1 requesting N/A-pe@(nil) be deleted
  1890. Jun 27 16:44:28.097923: | delete_pluto_event cannot delete NULL event
  1891. Jun 27 16:44:28.097925: | state #1 requesting N/A-pe@(nil) be deleted
  1892. Jun 27 16:44:28.097927: | delete_pluto_event cannot delete NULL event
  1893. Jun 27 16:44:28.097929: | state #1 requesting N/A-pe@(nil) be deleted
  1894. Jun 27 16:44:28.097931: | delete_pluto_event cannot delete NULL event
  1895. Jun 27 16:44:28.097934: | state #1 requesting EVENT_SO_DISCARD to be deleted
  1896. Jun 27 16:44:28.097939: | free_event_entry: release EVENT_SO_DISCARD-pe@0x559b0ece4788
  1897. Jun 27 16:44:28.097944: | serialno list: removing object 0x559b0ece6568 (state #1) entry 0x559b0ece6d10 (older 0x559b0e2fa5c0 newer 0x559b0e2fa5c0)
  1898. Jun 27 16:44:28.097946: | serialno list: empty
  1899. Jun 27 16:44:28.097949: | serialno table: removing object 0x559b0ece6568 (state #1) entry 0x559b0ece6d30 (older 0x559b0e2ed360 newer 0x559b0e2ed360)
  1900. Jun 27 16:44:28.097951: | serialno table: empty
  1901. Jun 27 16:44:28.097962: | in connection_discard for connection xauth-aggr
  1902. Jun 27 16:44:28.097965: | parent state #1: STATE_AGGR_R1(open-ike) => STATE_UNDEFINED(ignore)
  1903. Jun 27 16:44:28.097968: | ignore states: 0
  1904. Jun 27 16:44:28.097979: | half-open-ike states: 0
  1905. Jun 27 16:44:28.097981: | open-ike states: 0
  1906. Jun 27 16:44:28.097983: | established-anonymous-ike states: 0
  1907. Jun 27 16:44:28.097985: | established-authenticated-ike states: 0
  1908. Jun 27 16:44:28.097987: | anonymous-ipsec states: 0
  1909. Jun 27 16:44:28.097989: | authenticated-ipsec states: 0
  1910. Jun 27 16:44:28.097991: | informational states: 0
  1911. Jun 27 16:44:28.097993: | unknown states: 0
  1912. Jun 27 16:44:28.097995: | category states: 0 count states: 0
  1913. Jun 27 16:44:28.098020: | processing: stop state #1 192.168.1.138:500 (in delete_state() at state.c:1198)
  1914. Jun 27 16:44:28.098023: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1915. Jun 27 16:44:28.098025: | serialno table: hash serialno #1 to head 0x559b0e2ed360
  1916. Jun 27 16:44:28.098028: | processing: resume connection "xauth-aggr" (in delete_state() at state.c:1198)
  1917. Jun 27 16:44:28.098045: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1335)
  1918. Jun 27 16:44:28.098048: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1919. Jun 27 16:44:28.098050: | serialno table: hash serialno #0 to head 0x559b0e2ed340
  1920. Jun 27 16:44:28.098053: | processing: resume connection "xauth-aggr" (in foreach_state_by_connection_func_delete() at state.c:1335)
  1921. Jun 27 16:44:28.098058: | pass 1
  1922. Jun 27 16:44:28.098061: | unreference addresspool of conn xauth-aggr[1] kind CK_GOING_AWAY refcnt 3
  1923. Jun 27 16:44:28.098065: | processing: stop connection "xauth-aggr" (in delete_connection() at connections.c:314)
  1924. Jun 27 16:44:28.098070: | processing: start connection "v6neighbor-hole-out" (in delete_connection() at connections.c:264)
  1925. Jun 27 16:44:28.098073: "v6neighbor-hole-out": deleting non-instance connection
  1926. Jun 27 16:44:28.098075: | Deleting states for connection - including all other IPsec SA's of this IKE SA
  1927. Jun 27 16:44:28.098077: | pass 0
  1928. Jun 27 16:44:28.098079: | pass 1
  1929. Jun 27 16:44:28.098083: | shunt_eroute() called for connection 'v6neighbor-hole-out' to 'delete' for rt_kind 'unrouted' using protoports 58--34816->-34560
  1930. Jun 27 16:44:28.098096: | netlink_shunt_eroute for proto 58, and source port 34816 dest port 34560
  1931. Jun 27 16:44:28.098100: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
  1932. Jun 27 16:44:28.098128: | priority calculation of connection "v6neighbor-hole-out" overruled by connection specification of 0x1
  1933. Jun 27 16:44:28.098150: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  1934. Jun 27 16:44:28.098152: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000
  1935. Jun 27 16:44:28.098155: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  1936. Jun 27 16:44:28.098157: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  1937. Jun 27 16:44:28.098160: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  1938. Jun 27 16:44:28.098162: | conn xauth mark 0/00000000, 0/00000000
  1939. Jun 27 16:44:28.098165: | conn v6neighbor-hole-out mark 0/00000000, 0/00000000 vs
  1940. Jun 27 16:44:28.098167: | conn xauth-aggr mark 0/00000000, 0/00000000
  1941. Jun 27 16:44:28.098170: | route owner of "v6neighbor-hole-out" unrouted: NULL
  1942. Jun 27 16:44:28.098173: | running updown command "ipsec _updown" for verb unroute
  1943. Jun 27 16:44:28.098175: | command executing unroute-client-v6
  1944. Jun 27 16:44:28.098194: | executing unroute-client-v6: PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  1945. Jun 27 16:44:28.098197: | popen cmd is 903 chars long
  1946. Jun 27 16:44:28.098200: | cmd( 0):PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
  1947. Jun 27 16:44:28.098202: | cmd( 80):hole-out' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=:
  1948. Jun 27 16:44:28.098204: | cmd( 160):'::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34816' :
  1949. Jun 27 16:44:28.098207: | cmd( 240):PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='::
  1950. Jun 27 16:44:28.098209: | cmd( 320)::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUT:
  1951. Jun 27 16:44:28.098211: | cmd( 400):O_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34560' PLUTO_PEER_PROTOCOL='58' PLUTO_P:
  1952. Jun 27 16:44:28.098213: | cmd( 480):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+P:
  1953. Jun 27 16:44:28.098215: | cmd( 560):ASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6':
  1954. Jun 27 16:44:28.098217: | cmd( 640): XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN:
  1955. Jun 27 16:44:28.098220: | cmd( 720):_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM:
  1956. Jun 27 16:44:28.098225: | cmd( 800):_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT:
  1957. Jun 27 16:44:28.098227: | cmd( 880):=0x0 ipsec _updown 2>&1:
  1958. Jun 27 16:44:28.101596: | processing: stop connection "v6neighbor-hole-out" (in delete_connection() at connections.c:314)
  1959. Jun 27 16:44:28.101610: | processing: start connection "v6neighbor-hole-in" (in delete_connection() at connections.c:264)
  1960. Jun 27 16:44:28.101613: "v6neighbor-hole-in": deleting non-instance connection
  1961. Jun 27 16:44:28.101616: | Deleting states for connection - including all other IPsec SA's of this IKE SA
  1962. Jun 27 16:44:28.101618: | pass 0
  1963. Jun 27 16:44:28.101620: | pass 1
  1964. Jun 27 16:44:28.101623: | shunt_eroute() called for connection 'v6neighbor-hole-in' to 'delete' for rt_kind 'unrouted' using protoports 58--34560->-34816
  1965. Jun 27 16:44:28.101626: | netlink_shunt_eroute for proto 58, and source port 34560 dest port 34816
  1966. Jun 27 16:44:28.101629: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
  1967. Jun 27 16:44:28.101646: | priority calculation of connection "v6neighbor-hole-in" overruled by connection specification of 0x1
  1968. Jun 27 16:44:28.101657: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  1969. Jun 27 16:44:28.101660: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000
  1970. Jun 27 16:44:28.101662: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  1971. Jun 27 16:44:28.101664: | conn xauth mark 0/00000000, 0/00000000
  1972. Jun 27 16:44:28.101666: | conn v6neighbor-hole-in mark 0/00000000, 0/00000000 vs
  1973. Jun 27 16:44:28.101669: | conn xauth-aggr mark 0/00000000, 0/00000000
  1974. Jun 27 16:44:28.101672: | route owner of "v6neighbor-hole-in" unrouted: NULL
  1975. Jun 27 16:44:28.101674: | running updown command "ipsec _updown" for verb unroute
  1976. Jun 27 16:44:28.101676: | command executing unroute-client-v6
  1977. Jun 27 16:44:28.101693: | executing unroute-client-v6: PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT='::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' PLUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='::' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PASS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1
  1978. Jun 27 16:44:28.101696: | popen cmd is 902 chars long
  1979. Jun 27 16:44:28.101699: | cmd( 0):PLUTO_VERB='unroute-client-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='v6neighbor-:
  1980. Jun 27 16:44:28.101701: | cmd( 80):hole-in' PLUTO_INTERFACE='lo' PLUTO_ME='::1' PLUTO_MY_ID='::1' PLUTO_MY_CLIENT=':
  1981. Jun 27 16:44:28.101704: | cmd( 160):::/0' PLUTO_MY_CLIENT_NET='::' PLUTO_MY_CLIENT_MASK='::' PLUTO_MY_PORT='34560' P:
  1982. Jun 27 16:44:28.101706: | cmd( 240):LUTO_MY_PROTOCOL='58' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER=':::
  1983. Jun 27 16:44:28.101708: | cmd( 320):' PLUTO_PEER_ID='%any' PLUTO_PEER_CLIENT='::/0' PLUTO_PEER_CLIENT_NET='::' PLUTO:
  1984. Jun 27 16:44:28.101710: | cmd( 400):_PEER_CLIENT_MASK='::' PLUTO_PEER_PORT='34816' PLUTO_PEER_PROTOCOL='58' PLUTO_PE:
  1985. Jun 27 16:44:28.101712: | cmd( 480):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='AUTH_NEVER+PA:
  1986. Jun 27 16:44:28.101714: | cmd( 560):SS+NEVER_NEGOTIATE' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv6' :
  1987. Jun 27 16:44:28.101716: | cmd( 640):XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_:
  1988. Jun 27 16:44:28.101719: | cmd( 720):INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_:
  1989. Jun 27 16:44:28.101725: | cmd( 800):CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=:
  1990. Jun 27 16:44:28.101727: | cmd( 880):0x0 ipsec _updown 2>&1:
  1991. Jun 27 16:44:28.103944: | processing: stop connection "v6neighbor-hole-in" (in delete_connection() at connections.c:314)
  1992. Jun 27 16:44:28.103957: | processing: start connection "xauth" (in delete_connection() at connections.c:264)
  1993. Jun 27 16:44:28.103960: "xauth": deleting non-instance connection
  1994. Jun 27 16:44:28.103962: | Deleting states for connection - including all other IPsec SA's of this IKE SA
  1995. Jun 27 16:44:28.103964: | pass 0
  1996. Jun 27 16:44:28.103966: | pass 1
  1997. Jun 27 16:44:28.103969: | unreference addresspool of conn xauth[0] kind CK_TEMPLATE refcnt 2
  1998. Jun 27 16:44:28.103972: | processing: stop connection "xauth" (in delete_connection() at connections.c:314)
  1999. Jun 27 16:44:28.103976: | processing: start connection "xauth-aggr" (in delete_connection() at connections.c:264)
  2000. Jun 27 16:44:28.103978: "xauth-aggr": deleting non-instance connection
  2001. Jun 27 16:44:28.103980: | Deleting states for connection - including all other IPsec SA's of this IKE SA
  2002. Jun 27 16:44:28.103982: | pass 0
  2003. Jun 27 16:44:28.103984: | pass 1
  2004. Jun 27 16:44:28.103986: | unreference addresspool of conn xauth-aggr[1] kind CK_TEMPLATE refcnt 1
  2005. Jun 27 16:44:28.103989: | freeing memory for addresspool ptr 0x559b0ece3158
  2006. Jun 27 16:44:28.103992: | free_lease_list: addresspool free the lease list ptr (nil)
  2007. Jun 27 16:44:28.103995: | processing: stop connection "xauth-aggr" (in delete_connection() at connections.c:314)
  2008. Jun 27 16:44:28.103998: | crl fetch request list locked by 'free_crl_fetch'
  2009. Jun 27 16:44:28.104001: | crl fetch request list unlocked by 'free_crl_fetch'
  2010. Jun 27 16:44:28.104008: shutting down interface lo/lo ::1:500
  2011. Jun 27 16:44:28.104011: shutting down interface lo/lo 127.0.0.1:4500
  2012. Jun 27 16:44:28.104013: shutting down interface lo/lo 127.0.0.1:500
  2013. Jun 27 16:44:28.104015: shutting down interface eth0/eth0 192.168.1.137:4500
  2014. Jun 27 16:44:28.104017: shutting down interface eth0/eth0 192.168.1.137:500
  2015. Jun 27 16:44:28.104027: | free_event_entry: release EVENT_NULL-pe@0x559b0ece3f18
  2016. Jun 27 16:44:28.104038: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4018
  2017. Jun 27 16:44:28.104045: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4118
  2018. Jun 27 16:44:28.104052: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4218
  2019. Jun 27 16:44:28.104057: | free_event_entry: release EVENT_NULL-pe@0x559b0ece4418
  2020. Jun 27 16:44:28.104188: | free_event_entry: release EVENT_SHUNT_SCAN-pe@0x559b0ece5c18
  2021. Jun 27 16:44:28.104194: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1d38
  2022. Jun 27 16:44:28.104197: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1b98
  2023. Jun 27 16:44:28.104201: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1848
  2024. Jun 27 16:44:28.104215: | free_event_entry: release EVENT_NULL-pe@0x559b0ece1748
  2025. Jun 27 16:44:28.104219: | free_event_entry: release EVENT_SD_WATCHDOG-pe@0x559b0ecdef88
  2026. Jun 27 16:44:28.104223: | free_event_entry: release EVENT_NULL-pe@0x559b0ecdee88
  2027. Jun 27 16:44:28.104227: | free_event_entry: release EVENT_NULL-pe@0x559b0ecded88
  2028. Jun 27 16:44:28.104230: | free_event_entry: release EVENT_PENDING_PHASE2-pe@0x559b0ecd1f08
  2029. Jun 27 16:44:28.104233: | free_event_entry: release EVENT_PENDING_DDNS-pe@0x559b0ecd1e08
  2030. Jun 27 16:44:28.104235: | free_event_entry: release EVENT_REINIT_SECRET-pe@0x559b0ecd1cb8
  2031. Jun 27 16:44:28.104270: leak detective found no leaks
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!