Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Mar 30 11:11:11.313765: | *received 408 bytes from 93.46.124.104:500 on ens2 (10.68.154.105:500)
- Mar 30 11:11:11.313822: | f8 3c 21 0c a6 50 d0 ca 00 00 00 00 00 00 00 00
- Mar 30 11:11:11.313828: | 01 10 02 00 00 00 00 00 00 00 01 98 0d 00 00 d4
- Mar 30 11:11:11.313833: | 00 00 00 01 00 00 00 01 00 00 00 c8 01 01 00 05
- Mar 30 11:11:11.313837: | 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
- Mar 30 11:11:11.313842: | 80 02 00 02 80 04 00 14 80 03 00 01 80 0b 00 01
- Mar 30 11:11:11.313846: | 00 0c 00 04 00 00 70 80 03 00 00 28 02 01 00 00
- Mar 30 11:11:11.313850: | 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 13
- Mar 30 11:11:11.313855: | 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
- Mar 30 11:11:11.313859: | 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
- Mar 30 11:11:11.313865: | 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
- Mar 30 11:11:11.313869: | 00 0c 00 04 00 00 70 80 03 00 00 24 04 01 00 00
- Mar 30 11:11:11.313873: | 80 01 00 05 80 02 00 02 80 04 00 0e 80 03 00 01
- Mar 30 11:11:11.313877: | 80 0b 00 01 00 0c 00 04 00 00 70 80 00 00 00 24
- Mar 30 11:11:11.313881: | 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02
- Mar 30 11:11:11.313885: | 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
- Mar 30 11:11:11.313890: | 0d 00 00 18 01 52 8b bb c0 06 96 12 18 49 ab 9a
- Mar 30 11:11:11.313895: | 1c 5b 2a 51 00 00 00 01 0d 00 00 18 1e 2b 51 69
- Mar 30 11:11:11.313899: | 05 99 1c 7d 7c 96 fc bf b5 87 e4 61 00 00 00 09
- Mar 30 11:11:11.313903: | 0d 00 00 14 4a 13 1c 81 07 03 58 45 5c 57 28 f2
- Mar 30 11:11:11.313907: | 0e 95 45 2f 0d 00 00 14 90 cb 80 91 3e bb 69 6e
- Mar 30 11:11:11.313911: | 08 63 81 b5 ec 42 7b 1f 0d 00 00 14 40 48 b7 d5
- Mar 30 11:11:11.313916: | 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14
- Mar 30 11:11:11.313920: | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
- Mar 30 11:11:11.313924: | 0d 00 00 14 26 24 4d 38 ed db 61 b3 17 2a 36 e3
- Mar 30 11:11:11.313928: | d0 cf b8 19 00 00 00 14 e3 a5 96 6a 76 37 9f e7
- Mar 30 11:11:11.313932: | 07 22 82 31 e5 ce 86 52
- Mar 30 11:11:11.313942: | start processing: from 93.46.124.104:500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.313952: | **parse ISAKMP Message:
- Mar 30 11:11:11.313960: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.313968: | responder cookie: 00 00 00 00 00 00 00 00
- Mar 30 11:11:11.313974: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:11.313979: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.313984: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.313990: | flags: none (0x0)
- Mar 30 11:11:11.313997: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.314003: | length: 408 (00 00 01 98)
- Mar 30 11:11:11.314008: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
- Mar 30 11:11:11.314017: | State DB: IKEv1 state not found (find_state_ikev1_init)
- Mar 30 11:11:11.314022: | #null state always idle
- Mar 30 11:11:11.314029: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
- Mar 30 11:11:11.314035: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:11.314039: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314045: | length: 212 (00 d4)
- Mar 30 11:11:11.314049: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.314054: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314059: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314064: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314070: | length: 24 (00 18)
- Mar 30 11:11:11.314074: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314079: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314083: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314089: | length: 24 (00 18)
- Mar 30 11:11:11.314093: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314098: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314103: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314143: | length: 20 (00 14)
- Mar 30 11:11:11.314148: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314152: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314156: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314161: | length: 20 (00 14)
- Mar 30 11:11:11.314165: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314169: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314173: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314178: | length: 20 (00 14)
- Mar 30 11:11:11.314182: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314186: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314191: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314195: | length: 20 (00 14)
- Mar 30 11:11:11.314200: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314204: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314209: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.314214: | length: 20 (00 14)
- Mar 30 11:11:11.314218: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
- Mar 30 11:11:11.314223: | ***parse ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.314227: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.314232: | length: 20 (00 14)
- Mar 30 11:11:11.314237: | message 'main_inI1_outR1' HASH payload not checked early
- Mar 30 11:11:11.314245: | ignoring Vendor ID payload [Windows KEY_MODS (AUTHIP)]
- Mar 30 11:11:11.314250: | ignoring Vendor ID payload [Windows 8, 8.1, 10, Server 2012 R2, Server 2016]
- Mar 30 11:11:11.314258: | quirks.qnat_traversal_vid set to=117 [RFC 3947]
- Mar 30 11:11:11.314263: | received Vendor ID payload [RFC 3947]
- Mar 30 11:11:11.314268: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
- Mar 30 11:11:11.314272: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
- Mar 30 11:11:11.314277: | received Vendor ID payload [FRAGMENTATION]
- Mar 30 11:11:11.314282: | ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
- Mar 30 11:11:11.314288: | ignoring Vendor ID payload [Vid-Initial-Contact]
- Mar 30 11:11:11.314292: | ignoring Vendor ID payload [IKE CGA version 1]
- Mar 30 11:11:11.314297: | in statetime_start() with no state
- Mar 30 11:11:11.314307: | find_host_connection local=10.68.154.105:500 remote=93.46.124.104:500 policy=IKEV1_ALLOW but ignoring ports
- Mar 30 11:11:11.314313: | find_next_host_connection policy=IKEV1_ALLOW
- Mar 30 11:11:11.314317: | find_next_host_connection returns empty
- Mar 30 11:11:11.314323: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.314327: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.314332: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.314336: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.314341: | length: 200 (00 c8)
- Mar 30 11:11:11.314345: | proposal number: 1 (01)
- Mar 30 11:11:11.314369: | protocol ID: PROTO_ISAKMP (0x1)
- Mar 30 11:11:11.314376: | SPI size: 0 (00)
- Mar 30 11:11:11.314381: | number of transforms: 5 (05)
- Mar 30 11:11:11.314386: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.314390: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.314395: | length: 40 (00 28)
- Mar 30 11:11:11.314467: | ISAKMP transform number: 1 (01)
- Mar 30 11:11:11.314476: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.314481: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314486: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.314490: | length/value: 7 (00 07)
- Mar 30 11:11:11.314495: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314499: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.314504: | length/value: 256 (01 00)
- Mar 30 11:11:11.314508: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314512: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.314518: | length/value: 2 (00 02)
- Mar 30 11:11:11.314522: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314526: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.314540: | length/value: 20 (00 14)
- Mar 30 11:11:11.314544: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314566: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.314573: | length/value: 1 (00 01)
- Mar 30 11:11:11.314578: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314582: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.314587: | length/value: 1 (00 01)
- Mar 30 11:11:11.314591: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314596: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.314600: | length/value: 4 (00 04)
- Mar 30 11:11:11.314605: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.314609: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.314614: | length: 40 (00 28)
- Mar 30 11:11:11.314619: | ISAKMP transform number: 2 (02)
- Mar 30 11:11:11.314623: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.314627: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314630: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.314636: | length/value: 7 (00 07)
- Mar 30 11:11:11.314640: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314644: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.314649: | length/value: 128 (00 80)
- Mar 30 11:11:11.314653: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314657: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.314662: | length/value: 2 (00 02)
- Mar 30 11:11:11.314666: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314670: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.314674: | length/value: 19 (00 13)
- Mar 30 11:11:11.314678: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314683: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.314687: | length/value: 1 (00 01)
- Mar 30 11:11:11.314691: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314695: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.314700: | length/value: 1 (00 01)
- Mar 30 11:11:11.314704: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314708: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.314713: | length/value: 4 (00 04)
- Mar 30 11:11:11.314718: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.314722: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.314726: | length: 40 (00 28)
- Mar 30 11:11:11.314731: | ISAKMP transform number: 3 (03)
- Mar 30 11:11:11.314735: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.314740: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314743: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.314748: | length/value: 7 (00 07)
- Mar 30 11:11:11.314752: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314757: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.314761: | length/value: 256 (01 00)
- Mar 30 11:11:11.314765: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314769: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.314773: | length/value: 2 (00 02)
- Mar 30 11:11:11.314777: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314781: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.314787: | length/value: 14 (00 0e)
- Mar 30 11:11:11.314791: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314817: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.314823: | length/value: 1 (00 01)
- Mar 30 11:11:11.314828: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314832: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.314836: | length/value: 1 (00 01)
- Mar 30 11:11:11.314841: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314845: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.314871: | length/value: 4 (00 04)
- Mar 30 11:11:11.314877: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.314881: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.314894: | length: 36 (00 24)
- Mar 30 11:11:11.314899: | ISAKMP transform number: 4 (04)
- Mar 30 11:11:11.314904: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.314908: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314912: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.314917: | length/value: 5 (00 05)
- Mar 30 11:11:11.314981: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.314989: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.314993: | length/value: 2 (00 02)
- Mar 30 11:11:11.314997: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315001: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.315005: | length/value: 14 (00 0e)
- Mar 30 11:11:11.315009: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315013: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.315023: | length/value: 1 (00 01)
- Mar 30 11:11:11.315033: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315041: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.315048: | length/value: 1 (00 01)
- Mar 30 11:11:11.315053: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315057: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.315062: | length/value: 4 (00 04)
- Mar 30 11:11:11.315067: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.315071: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.315076: | length: 36 (00 24)
- Mar 30 11:11:11.315080: | ISAKMP transform number: 5 (05)
- Mar 30 11:11:11.315085: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.315089: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315093: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.315098: | length/value: 5 (00 05)
- Mar 30 11:11:11.315103: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315107: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.315112: | length/value: 2 (00 02)
- Mar 30 11:11:11.315116: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315121: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.315126: | length/value: 2 (00 02)
- Mar 30 11:11:11.315130: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315134: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.315139: | length/value: 1 (00 01)
- Mar 30 11:11:11.315144: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315148: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.315152: | length/value: 1 (00 01)
- Mar 30 11:11:11.315156: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315160: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.315165: | length/value: 4 (00 04)
- Mar 30 11:11:11.315175: | find_host_connection local=10.68.154.105:500 remote=<none:> policy=PSK+IKEV1_ALLOW but ignoring ports
- Mar 30 11:11:11.315184: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:11.315191: | find_next_host_connection policy=PSK+IKEV1_ALLOW
- Mar 30 11:11:11.315197: | found policy = PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (l2tp-psk)
- Mar 30 11:11:11.315202: | find_next_host_connection returns l2tp-psk
- Mar 30 11:11:11.315207: | find_next_host_connection policy=PSK+IKEV1_ALLOW
- Mar 30 11:11:11.315213: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (xauth-psk)
- Mar 30 11:11:11.315218: | find_next_host_connection returns empty
- Mar 30 11:11:11.315224: | instantiating "l2tp-psk" for initial Main Mode message received on 10.68.154.105:500
- Mar 30 11:11:11.315240: | subnet from address 93.46.124.104 (in default_end() at connections.c:378)
- Mar 30 11:11:11.315247: | subnet from endpoint 10.68.154.105:1701 (in default_end() at connections.c:378)
- Mar 30 11:11:11.315271: | connect_to_host_pair: 10.68.154.105:500 93.46.124.104:500 -> hp@(nil): none
- Mar 30 11:11:11.315278: | new hp@0x562b2d550f18
- Mar 30 11:11:11.315286: | rw_instantiate() instantiated "l2tp-psk"[3] 93.46.124.104 for 93.46.124.104
- Mar 30 11:11:11.315354: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:11.315364: | creating state object #3 at 0x562b2d553308
- Mar 30 11:11:11.315371: | State DB: adding IKEv1 state #3 in UNDEFINED
- Mar 30 11:11:11.315383: | pstats #3 ikev1.isakmp started
- Mar 30 11:11:11.315389: | #3 updating local interface from <none> to 10.68.154.105:500 using md->iface (in update_ike_endpoints() at state.c:2627)
- Mar 30 11:11:11.315402: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI1_outR1() at ikev1_main.c:660)
- Mar 30 11:11:11.315409: | parent state #3: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA)
- Mar 30 11:11:11.315415: | sender checking NAT-T: enabled; VID 117
- Mar 30 11:11:11.315420: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
- Mar 30 11:11:11.315424: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
- Mar 30 11:11:11.315429: | ICOOKIE-DUMP:
- Mar 30 11:11:11.315433: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.315442: "l2tp-psk"[3] 93.46.124.104 #3: responding to Main Mode from unknown peer 93.46.124.104:500
- Mar 30 11:11:11.315474: | **emit ISAKMP Message:
- Mar 30 11:11:11.315482: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.315487: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.315492: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:11.315496: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.315501: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.315505: | flags: none (0x0)
- Mar 30 11:11:11.315511: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.315515: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.315520: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
- Mar 30 11:11:11.315524: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:11.315528: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.315532: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.315537: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
- Mar 30 11:11:11.315542: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:11.315547: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.315552: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.315556: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.315561: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.315565: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.315570: | length: 200 (00 c8)
- Mar 30 11:11:11.315575: | proposal number: 1 (01)
- Mar 30 11:11:11.315580: | protocol ID: PROTO_ISAKMP (0x1)
- Mar 30 11:11:11.315584: | SPI size: 0 (00)
- Mar 30 11:11:11.315589: | number of transforms: 5 (05)
- Mar 30 11:11:11.315594: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.315598: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.315602: | length: 40 (00 28)
- Mar 30 11:11:11.315606: | ISAKMP transform number: 1 (01)
- Mar 30 11:11:11.315610: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.315615: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315619: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.315624: | length/value: 7 (00 07)
- Mar 30 11:11:11.315629: | [7 is OAKLEY_AES_CBC]
- Mar 30 11:11:11.315636: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315640: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.315646: | length/value: 256 (01 00)
- Mar 30 11:11:11.315650: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315655: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.315661: | length/value: 2 (00 02)
- Mar 30 11:11:11.315665: | [2 is OAKLEY_SHA1]
- Mar 30 11:11:11.315678: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315683: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.315688: | length/value: 20 (00 14)
- Mar 30 11:11:11.315693: | [20 is OAKLEY_GROUP_ECP_384]
- Mar 30 11:11:11.315698: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315702: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.315707: | length/value: 1 (00 01)
- Mar 30 11:11:11.315712: | [1 is OAKLEY_PRESHARED_KEY]
- Mar 30 11:11:11.315721: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
- Mar 30 11:11:11.315727: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.315734: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.315742: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.315746: | line 1: match=002
- Mar 30 11:11:11.315750: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.315754: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.315759: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315764: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.315770: | length/value: 1 (00 01)
- Mar 30 11:11:11.315774: | [1 is OAKLEY_LIFE_SECONDS]
- Mar 30 11:11:11.315778: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315782: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.315787: | length/value: 4 (00 04)
- Mar 30 11:11:11.315792: | long duration: 28800
- Mar 30 11:11:11.315801: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
- Mar 30 11:11:11.315811: "l2tp-psk"[3] 93.46.124.104 #3: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
- Mar 30 11:11:11.315816: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.315822: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.315827: | length: 40 (00 28)
- Mar 30 11:11:11.315831: | ISAKMP transform number: 2 (02)
- Mar 30 11:11:11.315835: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.315841: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315845: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.315850: | length/value: 7 (00 07)
- Mar 30 11:11:11.315853: | [7 is OAKLEY_AES_CBC]
- Mar 30 11:11:11.315858: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315863: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.315868: | length/value: 128 (00 80)
- Mar 30 11:11:11.315873: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315877: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.315882: | length/value: 2 (00 02)
- Mar 30 11:11:11.315886: | [2 is OAKLEY_SHA1]
- Mar 30 11:11:11.315891: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315896: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.315901: | length/value: 19 (00 13)
- Mar 30 11:11:11.315905: | [19 is OAKLEY_GROUP_ECP_256]
- Mar 30 11:11:11.315909: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315914: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.315919: | length/value: 1 (00 01)
- Mar 30 11:11:11.315924: | [1 is OAKLEY_PRESHARED_KEY]
- Mar 30 11:11:11.315931: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
- Mar 30 11:11:11.315936: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.315944: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.315950: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.315954: | line 1: match=002
- Mar 30 11:11:11.315958: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.315963: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.315967: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.315972: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.315978: | length/value: 1 (00 01)
- Mar 30 11:11:11.315989: | [1 is OAKLEY_LIFE_SECONDS]
- Mar 30 11:11:11.316086: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316094: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.316100: | length/value: 4 (00 04)
- Mar 30 11:11:11.316104: | long duration: 28800
- Mar 30 11:11:11.316112: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
- Mar 30 11:11:11.316119: "l2tp-psk"[3] 93.46.124.104 #3: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
- Mar 30 11:11:11.316124: | *****parse ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.316128: | next payload type: ISAKMP_NEXT_T (0x3)
- Mar 30 11:11:11.316134: | length: 40 (00 28)
- Mar 30 11:11:11.316138: | ISAKMP transform number: 3 (03)
- Mar 30 11:11:11.316142: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.316146: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316151: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Mar 30 11:11:11.316156: | length/value: 7 (00 07)
- Mar 30 11:11:11.316160: | [7 is OAKLEY_AES_CBC]
- Mar 30 11:11:11.316165: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316169: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
- Mar 30 11:11:11.316174: | length/value: 256 (01 00)
- Mar 30 11:11:11.316179: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316183: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
- Mar 30 11:11:11.316188: | length/value: 2 (00 02)
- Mar 30 11:11:11.316193: | [2 is OAKLEY_SHA1]
- Mar 30 11:11:11.316197: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316202: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
- Mar 30 11:11:11.316207: | length/value: 14 (00 0e)
- Mar 30 11:11:11.316212: | [14 is OAKLEY_GROUP_MODP2048]
- Mar 30 11:11:11.316216: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316221: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Mar 30 11:11:11.316226: | length/value: 1 (00 01)
- Mar 30 11:11:11.316230: | [1 is OAKLEY_PRESHARED_KEY]
- Mar 30 11:11:11.316239: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
- Mar 30 11:11:11.316245: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.316251: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.316258: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.316263: | line 1: match=002
- Mar 30 11:11:11.316268: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.316272: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.316277: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316281: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
- Mar 30 11:11:11.316286: | length/value: 1 (00 01)
- Mar 30 11:11:11.316291: | [1 is OAKLEY_LIFE_SECONDS]
- Mar 30 11:11:11.316295: | ******parse ISAKMP Oakley attribute:
- Mar 30 11:11:11.316299: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
- Mar 30 11:11:11.316304: | length/value: 4 (00 04)
- Mar 30 11:11:11.316308: | long duration: 28800
- Mar 30 11:11:11.316316: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
- Mar 30 11:11:11.316321: | OAKLEY proposal verified; matching alg_info found
- Mar 30 11:11:11.316325: | Oakley Transform 3 accepted
- Mar 30 11:11:11.316329: | ****emit IPsec DOI SIT:
- Mar 30 11:11:11.316335: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.316340: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:11.316344: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.316349: | proposal number: 1 (01)
- Mar 30 11:11:11.316354: | protocol ID: PROTO_ISAKMP (0x1)
- Mar 30 11:11:11.316359: | SPI size: 0 (00)
- Mar 30 11:11:11.316363: | number of transforms: 1 (01)
- Mar 30 11:11:11.316367: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:11.316372: | *****emit ISAKMP Transform Payload (ISAKMP):
- Mar 30 11:11:11.316385: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.316389: | ISAKMP transform number: 3 (03)
- Mar 30 11:11:11.316393: | ISAKMP transform ID: KEY_IKE (0x1)
- Mar 30 11:11:11.316398: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
- Mar 30 11:11:11.316403: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
- Mar 30 11:11:11.316407: | attributes:
- Mar 30 11:11:11.316411: | 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
- Mar 30 11:11:11.316415: | 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
- Mar 30 11:11:11.316419: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
- Mar 30 11:11:11.316423: | emitting length of ISAKMP Proposal Payload: 48
- Mar 30 11:11:11.316427: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
- Mar 30 11:11:11.316431: | emitting length of ISAKMP Security Association Payload: 60
- Mar 30 11:11:11.316435: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:11.316443: | out_vid(): sending [FRAGMENTATION]
- Mar 30 11:11:11.316447: | ***emit ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.316452: | next payload type: ISAKMP_NEXT_VID (0xd)
- Mar 30 11:11:11.316456: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
- Mar 30 11:11:11.316461: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
- Mar 30 11:11:11.316489: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.316495: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
- Mar 30 11:11:11.316504: | V_ID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
- Mar 30 11:11:11.316508: | emitting length of ISAKMP Vendor ID Payload: 20
- Mar 30 11:11:11.316512: | out_vid(): sending [Dead Peer Detection]
- Mar 30 11:11:11.316516: | ***emit ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.316520: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.316524: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
- Mar 30 11:11:11.316529: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.316533: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
- Mar 30 11:11:11.316542: | V_ID: af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
- Mar 30 11:11:11.316546: | emitting length of ISAKMP Vendor ID Payload: 20
- Mar 30 11:11:11.316550: | out_vid(): sending [RFC 3947]
- Mar 30 11:11:11.316554: | ***emit ISAKMP Vendor ID Payload:
- Mar 30 11:11:11.316558: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.316562: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
- Mar 30 11:11:11.316566: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.316571: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
- Mar 30 11:11:11.316578: | V_ID: 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
- Mar 30 11:11:11.316583: | emitting length of ISAKMP Vendor ID Payload: 20
- Mar 30 11:11:11.316587: | no IKEv1 message padding required
- Mar 30 11:11:11.316591: | emitting length of ISAKMP Message: 148
- Mar 30 11:11:11.316600: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.316611: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.316616: | #3 is idle
- Mar 30 11:11:11.316620: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.316624: | peer supports fragmentation
- Mar 30 11:11:11.316628: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
- Mar 30 11:11:11.316641: | parent state #3: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA)
- Mar 30 11:11:11.316646: | event_already_set, deleting event
- Mar 30 11:11:11.316657: | sending reply packet to 93.46.124.104:500 (from 10.68.154.105:500)
- Mar 30 11:11:11.316671: | sending 148 bytes for STATE_MAIN_R0 through ens2 from 10.68.154.105:500 to 93.46.124.104:500 (using #3)
- Mar 30 11:11:11.316676: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.316680: | 01 10 02 00 00 00 00 00 00 00 00 94 0d 00 00 3c
- Mar 30 11:11:11.316684: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
- Mar 30 11:11:11.316688: | 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
- Mar 30 11:11:11.316692: | 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
- Mar 30 11:11:11.316696: | 00 0c 00 04 00 00 70 80 0d 00 00 14 40 48 b7 d5
- Mar 30 11:11:11.316700: | 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14
- Mar 30 11:11:11.316704: | af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
- Mar 30 11:11:11.316708: | 00 00 00 14 4a 13 1c 81 07 03 58 45 5c 57 28 f2
- Mar 30 11:11:11.316712: | 0e 95 45 2f
- Mar 30 11:11:11.316816: | !event_already_set at reschedule
- Mar 30 11:11:11.316828: | event_schedule: newref EVENT_SO_DISCARD-pe@0x562b2d551aa8
- Mar 30 11:11:11.316834: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #3
- Mar 30 11:11:11.316843: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
- Mar 30 11:11:11.316855: "l2tp-psk"[3] 93.46.124.104 #3: STATE_MAIN_R1: sent MR1, expecting MI2
- Mar 30 11:11:11.316861: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.316865: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.316873: | stop processing: from 93.46.124.104:500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.316884: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.316889: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.430008: | *received 388 bytes from 93.46.124.104:500 on ens2 (10.68.154.105:500)
- Mar 30 11:11:11.430103: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.430120: | 04 10 02 00 00 00 00 00 00 00 01 84 0a 00 01 04
- Mar 30 11:11:11.430128: | e8 8a f9 af f2 f1 cd 0a 12 45 14 e7 a3 b2 10 30
- Mar 30 11:11:11.430151: | 57 8d 72 fc ba d7 5d 11 12 be 57 1d f9 1d 61 2e
- Mar 30 11:11:11.430162: | 2c a5 46 a6 fa bf 63 1c bb d9 c7 87 05 d5 5d 07
- Mar 30 11:11:11.430169: | 39 91 01 ad ca 9f a8 4e 1f 73 62 95 cd 12 9c 5d
- Mar 30 11:11:11.430177: | 2b 4a a5 77 e0 b3 8d 9f f5 98 38 69 32 12 36 b5
- Mar 30 11:11:11.430184: | 7f 4c 2a fb 56 82 b6 40 5f 1f 68 4d b7 ef 69 2c
- Mar 30 11:11:11.430190: | ef aa d2 49 8f 37 c2 84 5b a7 80 7b 3a a1 65 02
- Mar 30 11:11:11.430195: | 2a ef 45 34 a7 e0 c0 a2 a5 f9 81 73 69 4e ff 43
- Mar 30 11:11:11.430201: | cd 4e b1 4b 45 8c 66 99 c1 cf 82 4e 23 4a c7 f8
- Mar 30 11:11:11.430206: | c4 c8 74 2b 1b a1 8f 60 28 d2 dd 40 51 8d c0 14
- Mar 30 11:11:11.430211: | ea 59 fa 8c 14 7d 7d 9c 04 9f fc 08 10 59 64 9c
- Mar 30 11:11:11.430217: | 0f 8e f0 57 44 0e ec f1 26 fd f4 97 3d 6e ea 8f
- Mar 30 11:11:11.430222: | e5 7d d7 34 4c ac 5d 7b f7 60 6f 83 03 91 7c 05
- Mar 30 11:11:11.430227: | 5e 62 ae 85 94 d0 ed aa 9c 3f 1d 3f cd 96 81 0f
- Mar 30 11:11:11.430232: | 60 51 10 65 d1 32 22 17 dc 92 a9 a1 cc e2 21 c8
- Mar 30 11:11:11.430238: | 2f 41 d8 a1 bd a3 f6 5c 9b 39 0b f9 82 be af 0c
- Mar 30 11:11:11.430243: | 14 00 00 34 5e 80 d6 bb 32 c5 d7 af 99 ea 4b 6d
- Mar 30 11:11:11.430248: | 2b 78 2b 58 ca 49 b4 1b d7 e8 4b 3a 7b 5a 00 f4
- Mar 30 11:11:11.430254: | 71 58 8a e3 51 3c bb 9e 35 92 de e1 66 66 35 ce
- Mar 30 11:11:11.430259: | 99 c5 09 b8 14 00 00 18 4c 8f 29 08 66 b5 b3 ee
- Mar 30 11:11:11.430264: | 62 ea bc 9e 62 4e 3f 51 47 7b 15 64 00 00 00 18
- Mar 30 11:11:11.430270: | 68 78 83 32 6d 1e f4 f9 3b 7c 68 90 8b df cb 48
- Mar 30 11:11:11.430275: | f5 11 0e 2b
- Mar 30 11:11:11.430312: | start processing: from 93.46.124.104:500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.430323: | **parse ISAKMP Message:
- Mar 30 11:11:11.430334: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.430343: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.430350: | next payload type: ISAKMP_NEXT_KE (0x4)
- Mar 30 11:11:11.430357: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.430363: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.430370: | flags: none (0x0)
- Mar 30 11:11:11.430379: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.430387: | length: 388 (00 00 01 84)
- Mar 30 11:11:11.430394: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
- Mar 30 11:11:11.430405: | State DB: found IKEv1 state #3 in MAIN_R1 (find_state_ikev1)
- Mar 30 11:11:11.430420: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_v1_packet() at ikev1.c:1327)
- Mar 30 11:11:11.430428: | #3 is idle
- Mar 30 11:11:11.430434: | #3 idle
- Mar 30 11:11:11.430442: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
- Mar 30 11:11:11.430448: | ***parse ISAKMP Key Exchange Payload:
- Mar 30 11:11:11.430454: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.430461: | length: 260 (01 04)
- Mar 30 11:11:11.430468: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
- Mar 30 11:11:11.430474: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:11.430480: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Mar 30 11:11:11.430487: | length: 52 (00 34)
- Mar 30 11:11:11.430493: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
- Mar 30 11:11:11.430499: | ***parse ISAKMP NAT-D Payload:
- Mar 30 11:11:11.430505: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Mar 30 11:11:11.430512: | length: 24 (00 18)
- Mar 30 11:11:11.430518: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
- Mar 30 11:11:11.430524: | ***parse ISAKMP NAT-D Payload:
- Mar 30 11:11:11.430530: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.430536: | length: 24 (00 18)
- Mar 30 11:11:11.430543: | message 'main_inI2_outR2' HASH payload not checked early
- Mar 30 11:11:11.430558: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal)
- Mar 30 11:11:11.430615: | natd_hash: hasher=0x562b2c356b40(20)
- Mar 30 11:11:11.430622: | natd_hash: icookie=
- Mar 30 11:11:11.430628: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.430633: | natd_hash: rcookie=
- Mar 30 11:11:11.430638: | 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.430643: | natd_hash: ip=
- Mar 30 11:11:11.430649: | 0a 44 9a 69
- Mar 30 11:11:11.430654: | natd_hash: port=
- Mar 30 11:11:11.430659: | 01 f4
- Mar 30 11:11:11.430664: | natd_hash: hash=
- Mar 30 11:11:11.430670: | 2d ee 63 17 d3 cd f7 d0 51 26 3d ae bd c9 b8 42
- Mar 30 11:11:11.430675: | 94 24 7b fe
- Mar 30 11:11:11.430688: | natd_hash: hasher=0x562b2c356b40(20)
- Mar 30 11:11:11.430694: | natd_hash: icookie=
- Mar 30 11:11:11.430699: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.430705: | natd_hash: rcookie=
- Mar 30 11:11:11.430710: | 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.430715: | natd_hash: ip=
- Mar 30 11:11:11.430720: | 5d 2e 7c 68
- Mar 30 11:11:11.430726: | natd_hash: port=
- Mar 30 11:11:11.430731: | 01 f4
- Mar 30 11:11:11.430736: | natd_hash: hash=
- Mar 30 11:11:11.430741: | 20 61 71 b9 b7 e7 df 5c c5 07 ce 75 40 27 72 fb
- Mar 30 11:11:11.430746: | 0e 62 22 08
- Mar 30 11:11:11.430752: | expected NAT-D(local):
- Mar 30 11:11:11.430757: | 2d ee 63 17 d3 cd f7 d0 51 26 3d ae bd c9 b8 42
- Mar 30 11:11:11.430762: | 94 24 7b fe
- Mar 30 11:11:11.430768: | expected NAT-D(remote):
- Mar 30 11:11:11.430773: | 20 61 71 b9 b7 e7 df 5c c5 07 ce 75 40 27 72 fb
- Mar 30 11:11:11.430778: | 0e 62 22 08
- Mar 30 11:11:11.430784: | received NAT-D:
- Mar 30 11:11:11.430789: | 4c 8f 29 08 66 b5 b3 ee 62 ea bc 9e 62 4e 3f 51
- Mar 30 11:11:11.430795: | 47 7b 15 64
- Mar 30 11:11:11.430801: | received NAT-D:
- Mar 30 11:11:11.430806: | 68 78 83 32 6d 1e f4 f9 3b 7c 68 90 8b df cb 48
- Mar 30 11:11:11.430819: | f5 11 0e 2b
- Mar 30 11:11:11.430826: | NAT_TRAVERSAL local policy enforces encapsulation
- Mar 30 11:11:11.430831: | NAT_TRAVERSAL forceencaps enabled
- Mar 30 11:11:11.430839: | NAT_TRAVERSAL nat-keepalive enabled 93.46.124.104
- Mar 30 11:11:11.430846: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT+peer behind NAT
- Mar 30 11:11:11.430852: | NAT_T_WITH_KA detected
- Mar 30 11:11:11.430860: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
- Mar 30 11:11:11.430875: | adding inI2_outR2 KE work-order 4 for state #3
- Mar 30 11:11:11.430882: | state #3 requesting EVENT_SO_DISCARD to be deleted
- Mar 30 11:11:11.430891: | libevent_free: delref ptr-libevent@0x562b2d553ed8
- Mar 30 11:11:11.430898: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x562b2d551aa8
- Mar 30 11:11:11.430905: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
- Mar 30 11:11:11.430914: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
- Mar 30 11:11:11.430999: | libevent_malloc: newref ptr-libevent@0x562b2d5553d8 size 128
- Mar 30 11:11:11.431038: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:11.431053: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:11.431058: | suspending state #3 and saving MD 0x562b2d551f08
- Mar 30 11:11:11.431064: | #3 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:11.431075: | stop processing: from 93.46.124.104:500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.431085: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.431091: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.432073: | crypto helper 0 resuming
- Mar 30 11:11:11.432137: | crypto helper 0 starting work-order 4 for state #3
- Mar 30 11:11:11.432150: | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 4
- Mar 30 11:11:11.433535: | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 4 time elapsed 0.001386 seconds
- Mar 30 11:11:11.433547: | crypto helper 0 sending results from work-order 4 for state #3 to event queue
- Mar 30 11:11:11.433554: | scheduling resume sending helper answer for #3
- Mar 30 11:11:11.433564: | libevent_malloc: newref ptr-libevent@0x7f3a3c00bf98 size 128
- Mar 30 11:11:11.433597: | crypto helper 0 waiting (nothing to do)
- Mar 30 11:11:11.433727: | processing resume sending helper answer for #3
- Mar 30 11:11:11.433801: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:817)
- Mar 30 11:11:11.433823: | unsuspending #3 MD 0x562b2d551f08
- Mar 30 11:11:11.433837: | crypto helper 0 replies to request ID 4
- Mar 30 11:11:11.433847: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:11.433859: | main_inI2_outR2_continue for #3: calculated ke+nonce, sending R2
- Mar 30 11:11:11.433885: | **emit ISAKMP Message:
- Mar 30 11:11:11.433904: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.433918: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.433929: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.433940: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.433951: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.433962: | flags: none (0x0)
- Mar 30 11:11:11.433976: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.433986: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.433998: | ***emit ISAKMP Key Exchange Payload:
- Mar 30 11:11:11.434007: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.434017: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:11.434028: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
- Mar 30 11:11:11.434070: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.434088: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
- Mar 30 11:11:11.434097: | keyex value:
- Mar 30 11:11:11.434106: | 21 99 f4 e1 39 0a ff e3 74 5c 11 18 68 1f bd 7b
- Mar 30 11:11:11.434113: | 6d 1d 18 20 cb bb 95 50 05 f2 a4 86 9d 35 e0 64
- Mar 30 11:11:11.434120: | cd 61 da d2 20 10 8d 51 bd 74 69 b9 56 d9 e2 55
- Mar 30 11:11:11.434127: | 4f 30 a2 d9 ee 5e b7 75 c8 00 54 dd 51 bb c7 87
- Mar 30 11:11:11.434134: | 5b 8e 4d 8e 6d ac e5 a4 59 a5 89 95 28 5a cf 76
- Mar 30 11:11:11.434141: | 42 09 e0 83 8a c4 6c fa 5a dc 1f 96 5f 45 ee dc
- Mar 30 11:11:11.434147: | 25 3f 3a 34 4a 67 6e a3 fd 70 31 61 97 38 41 2d
- Mar 30 11:11:11.434154: | 59 6a ea 10 17 1e f5 d7 4e 50 d6 1b 84 e2 86 7f
- Mar 30 11:11:11.434161: | 2c 97 7e 70 f9 37 7c b9 45 e6 d8 6c 36 5f fb 3c
- Mar 30 11:11:11.434168: | 59 2d 9a 09 cd 07 65 1e 59 10 10 f2 c6 55 76 f0
- Mar 30 11:11:11.434175: | 86 87 71 2c c7 74 78 a4 b9 b1 cb 61 ea 6d 6a e6
- Mar 30 11:11:11.434181: | 35 6f 0d 0b b6 6a b3 f2 87 09 0a c1 4a 59 9d 26
- Mar 30 11:11:11.434188: | 20 f4 50 64 e3 49 bd 5a c0 0e 4e 7c da 28 56 0a
- Mar 30 11:11:11.434195: | 2c cc 4d 3d 88 68 60 1e be 72 7b cc f5 48 20 42
- Mar 30 11:11:11.434202: | db c0 b8 84 3d cb 13 98 b6 33 f6 1c a2 4a 70 3f
- Mar 30 11:11:11.434209: | 48 25 a1 49 a8 1f fb db 78 36 10 7b 48 e1 99 a0
- Mar 30 11:11:11.434217: | emitting length of ISAKMP Key Exchange Payload: 260
- Mar 30 11:11:11.434224: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:11.434232: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.434240: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:11.434248: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.434257: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:11.434264: | Nr:
- Mar 30 11:11:11.434271: | 33 0d c6 27 6e 65 86 90 db f2 b5 9b 73 cd 21 37
- Mar 30 11:11:11.434278: | 20 00 51 59 1a fc d9 39 8a e6 2d 14 5a fc f4 34
- Mar 30 11:11:11.434285: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:11.434294: | sending NAT-D payloads
- Mar 30 11:11:11.434301: | NAT-T: encapsulation=yes, so mangling hash to force NAT-T detection
- Mar 30 11:11:11.434387: | natd_hash: hasher=0x562b2c356b40(20)
- Mar 30 11:11:11.434405: | natd_hash: icookie=
- Mar 30 11:11:11.434415: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.434433: | natd_hash: rcookie=
- Mar 30 11:11:11.434460: | 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.434470: | natd_hash: ip=
- Mar 30 11:11:11.434479: | 5d 2e 7c 68
- Mar 30 11:11:11.434489: | natd_hash: port=
- Mar 30 11:11:11.434497: | 00 00
- Mar 30 11:11:11.434505: | natd_hash: hash=
- Mar 30 11:11:11.434512: | 1f b2 b1 3c 1b a0 26 22 18 65 cd 2f 17 36 d3 6e
- Mar 30 11:11:11.434518: | 33 c6 f4 57
- Mar 30 11:11:11.434526: | ***emit ISAKMP NAT-D Payload:
- Mar 30 11:11:11.434534: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
- Mar 30 11:11:11.434543: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC
- Mar 30 11:11:11.434553: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
- Mar 30 11:11:11.434564: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.434584: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
- Mar 30 11:11:11.434609: | NAT-D:
- Mar 30 11:11:11.434620: | 1f b2 b1 3c 1b a0 26 22 18 65 cd 2f 17 36 d3 6e
- Mar 30 11:11:11.434629: | 33 c6 f4 57
- Mar 30 11:11:11.434638: | emitting length of ISAKMP NAT-D Payload: 24
- Mar 30 11:11:11.434671: | natd_hash: hasher=0x562b2c356b40(20)
- Mar 30 11:11:11.434680: | natd_hash: icookie=
- Mar 30 11:11:11.434702: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.434710: | natd_hash: rcookie=
- Mar 30 11:11:11.434716: | 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.434723: | natd_hash: ip=
- Mar 30 11:11:11.434730: | 0a 44 9a 69
- Mar 30 11:11:11.434737: | natd_hash: port=
- Mar 30 11:11:11.434743: | 00 00
- Mar 30 11:11:11.434750: | natd_hash: hash=
- Mar 30 11:11:11.434757: | 01 94 f8 7d 27 77 0f d7 55 22 a5 70 68 2d ca 21
- Mar 30 11:11:11.434764: | d2 d1 39 b8
- Mar 30 11:11:11.434771: | ***emit ISAKMP NAT-D Payload:
- Mar 30 11:11:11.434779: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.434787: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
- Mar 30 11:11:11.434795: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.434804: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
- Mar 30 11:11:11.434811: | NAT-D:
- Mar 30 11:11:11.434818: | 01 94 f8 7d 27 77 0f d7 55 22 a5 70 68 2d ca 21
- Mar 30 11:11:11.434824: | d2 d1 39 b8
- Mar 30 11:11:11.434833: | emitting length of ISAKMP NAT-D Payload: 24
- Mar 30 11:11:11.434843: | no IKEv1 message padding required
- Mar 30 11:11:11.434852: | emitting length of ISAKMP Message: 372
- Mar 30 11:11:11.434881: | main inI2_outR2: starting async DH calculation (group=14)
- Mar 30 11:11:11.434908: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
- Mar 30 11:11:11.435014: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.435052: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.435068: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
- Mar 30 11:11:11.435079: | line 1: match=002
- Mar 30 11:11:11.435089: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.435100: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.435134: | adding main_inI2_outR2_tail work-order 5 for state #3
- Mar 30 11:11:11.435144: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:11.435157: | libevent_free: delref ptr-libevent@0x562b2d5553d8
- Mar 30 11:11:11.435166: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
- Mar 30 11:11:11.435176: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
- Mar 30 11:11:11.435191: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
- Mar 30 11:11:11.435206: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
- Mar 30 11:11:11.435274: | crypto helper 1 resuming
- Mar 30 11:11:11.435293: | crypto helper 1 starting work-order 5 for state #3
- Mar 30 11:11:11.435306: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 5
- Mar 30 11:11:11.438385: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 5 time elapsed 0.003068 seconds
- Mar 30 11:11:11.438457: | crypto helper 1 sending results from work-order 5 for state #3 to event queue
- Mar 30 11:11:11.438471: | scheduling resume sending helper answer for #3
- Mar 30 11:11:11.438487: | libevent_malloc: newref ptr-libevent@0x7f3a440058b8 size 128
- Mar 30 11:11:11.438509: | crypto helper 1 waiting (nothing to do)
- Mar 30 11:11:11.438555: | #3 main_inI2_outR2_continue1_tail:1150 st->st_calculating = FALSE;
- Mar 30 11:11:11.438571: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.438600: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.438613: | #3 is idle; has background offloaded task
- Mar 30 11:11:11.438625: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.438635: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
- Mar 30 11:11:11.438648: | parent state #3: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA)
- Mar 30 11:11:11.438660: | event_already_set, deleting event
- Mar 30 11:11:11.438671: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:11.438709: | libevent_free: delref ptr-libevent@0x562b2d553ed8
- Mar 30 11:11:11.438719: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
- Mar 30 11:11:11.438742: | sending reply packet to 93.46.124.104:500 (from 10.68.154.105:500)
- Mar 30 11:11:11.438763: | sending 372 bytes for STATE_MAIN_R1 through ens2 from 10.68.154.105:500 to 93.46.124.104:500 (using #3)
- Mar 30 11:11:11.438772: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.438779: | 04 10 02 00 00 00 00 00 00 00 01 74 0a 00 01 04
- Mar 30 11:11:11.438786: | 21 99 f4 e1 39 0a ff e3 74 5c 11 18 68 1f bd 7b
- Mar 30 11:11:11.438793: | 6d 1d 18 20 cb bb 95 50 05 f2 a4 86 9d 35 e0 64
- Mar 30 11:11:11.438800: | cd 61 da d2 20 10 8d 51 bd 74 69 b9 56 d9 e2 55
- Mar 30 11:11:11.438807: | 4f 30 a2 d9 ee 5e b7 75 c8 00 54 dd 51 bb c7 87
- Mar 30 11:11:11.438813: | 5b 8e 4d 8e 6d ac e5 a4 59 a5 89 95 28 5a cf 76
- Mar 30 11:11:11.438820: | 42 09 e0 83 8a c4 6c fa 5a dc 1f 96 5f 45 ee dc
- Mar 30 11:11:11.438827: | 25 3f 3a 34 4a 67 6e a3 fd 70 31 61 97 38 41 2d
- Mar 30 11:11:11.438834: | 59 6a ea 10 17 1e f5 d7 4e 50 d6 1b 84 e2 86 7f
- Mar 30 11:11:11.438840: | 2c 97 7e 70 f9 37 7c b9 45 e6 d8 6c 36 5f fb 3c
- Mar 30 11:11:11.438847: | 59 2d 9a 09 cd 07 65 1e 59 10 10 f2 c6 55 76 f0
- Mar 30 11:11:11.438854: | 86 87 71 2c c7 74 78 a4 b9 b1 cb 61 ea 6d 6a e6
- Mar 30 11:11:11.438861: | 35 6f 0d 0b b6 6a b3 f2 87 09 0a c1 4a 59 9d 26
- Mar 30 11:11:11.438868: | 20 f4 50 64 e3 49 bd 5a c0 0e 4e 7c da 28 56 0a
- Mar 30 11:11:11.438874: | 2c cc 4d 3d 88 68 60 1e be 72 7b cc f5 48 20 42
- Mar 30 11:11:11.438881: | db c0 b8 84 3d cb 13 98 b6 33 f6 1c a2 4a 70 3f
- Mar 30 11:11:11.438888: | 48 25 a1 49 a8 1f fb db 78 36 10 7b 48 e1 99 a0
- Mar 30 11:11:11.438895: | 14 00 00 24 33 0d c6 27 6e 65 86 90 db f2 b5 9b
- Mar 30 11:11:11.438901: | 73 cd 21 37 20 00 51 59 1a fc d9 39 8a e6 2d 14
- Mar 30 11:11:11.438908: | 5a fc f4 34 14 00 00 18 1f b2 b1 3c 1b a0 26 22
- Mar 30 11:11:11.438915: | 18 65 cd 2f 17 36 d3 6e 33 c6 f4 57 00 00 00 18
- Mar 30 11:11:11.439069: | 01 94 f8 7d 27 77 0f d7 55 22 a5 70 68 2d ca 21
- Mar 30 11:11:11.439167: | d2 d1 39 b8
- Mar 30 11:11:11.439321: | !event_already_set at reschedule
- Mar 30 11:11:11.439362: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d551aa8
- Mar 30 11:11:11.439372: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3
- Mar 30 11:11:11.439397: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
- Mar 30 11:11:11.439409: | #3 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5629.864564
- Mar 30 11:11:11.439421: "l2tp-psk"[3] 93.46.124.104 #3: STATE_MAIN_R2: sent MR2, expecting MI3
- Mar 30 11:11:11.439426: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.439429: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.439441: | resume sending helper answer for #3 suppresed complete_v1_state_transition()
- Mar 30 11:11:11.439471: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:860)
- Mar 30 11:11:11.439485: | libevent_free: delref ptr-libevent@0x7f3a3c00bf98
- Mar 30 11:11:11.439510: | processing resume sending helper answer for #3
- Mar 30 11:11:11.439519: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:817)
- Mar 30 11:11:11.439526: | unsuspending #3 MD (nil)
- Mar 30 11:11:11.439530: | crypto helper 1 replies to request ID 5
- Mar 30 11:11:11.439534: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:11.439539: | main_inI2_outR2_calcdone for #3: calculate DH finished
- Mar 30 11:11:11.439546: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1000)
- Mar 30 11:11:11.439555: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1013)
- Mar 30 11:11:11.439589: | resume sending helper answer for #3 suppresed complete_v1_state_transition()
- Mar 30 11:11:11.439595: | processing: STOP state #0 (in resume_handler() at server.c:860)
- Mar 30 11:11:11.439599: | libevent_free: delref ptr-libevent@0x7f3a440058b8
- Mar 30 11:11:11.532600: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.532658: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.532665: | 05 10 02 01 00 00 00 00 00 00 00 4c 9c e1 00 05
- Mar 30 11:11:11.532671: | 36 35 88 7d eb f5 2b 96 15 f1 54 7b a5 7e 15 fe
- Mar 30 11:11:11.532677: | 9c 8b 9b 80 5b e0 d7 bd 33 d9 2b 07 70 24 f4 50
- Mar 30 11:11:11.532683: | ef 81 b6 d4 19 b4 6f ea 8c 9e e2 27
- Mar 30 11:11:11.532695: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.532706: | **parse ISAKMP Message:
- Mar 30 11:11:11.532717: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.532726: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.532732: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.532739: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.532745: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.532752: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.532761: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.532769: | length: 76 (00 00 00 4c)
- Mar 30 11:11:11.532776: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
- Mar 30 11:11:11.532786: | State DB: found IKEv1 state #3 in MAIN_R2 (find_state_ikev1)
- Mar 30 11:11:11.532801: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_v1_packet() at ikev1.c:1327)
- Mar 30 11:11:11.532809: | #3 is idle
- Mar 30 11:11:11.532815: | #3 idle
- Mar 30 11:11:11.532824: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.532881: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
- Mar 30 11:11:11.532911: | ***parse ISAKMP Identification Payload:
- Mar 30 11:11:11.532918: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.532925: | length: 12 (00 0c)
- Mar 30 11:11:11.532932: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.532941: | DOI specific A: 0 (00)
- Mar 30 11:11:11.532949: | DOI specific B: 0 (00 00)
- Mar 30 11:11:11.532954: | obj:
- Mar 30 11:11:11.532960: | c0 a8 01 65
- Mar 30 11:11:11.532968: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
- Mar 30 11:11:11.532975: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.532981: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.532988: | length: 24 (00 18)
- Mar 30 11:11:11.532994: | removing 12 bytes of padding
- Mar 30 11:11:11.533000: | message 'main_inI3_outR3' HASH payload not checked early
- Mar 30 11:11:11.533012: | parsing 4 raw bytes of ISAKMP Identification Payload into peer ID
- Mar 30 11:11:11.533018: | peer ID
- Mar 30 11:11:11.533023: | c0 a8 01 65
- Mar 30 11:11:11.533037: "l2tp-psk"[3] 93.46.124.104 #3: Peer ID is ID_IPV4_ADDR: '192.168.1.101'
- Mar 30 11:11:11.533046: | X509: no CERT payloads to process
- Mar 30 11:11:11.533055: | refine_host_connection for IKEv1: starting with "l2tp-psk"[3] 93.46.124.104
- Mar 30 11:11:11.533065: | match_id a=192.168.1.101
- Mar 30 11:11:11.533072: | b=93.46.124.104
- Mar 30 11:11:11.533077: | results fail
- Mar 30 11:11:11.533089: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "l2tp-psk"[3] 93.46.124.104, best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0))
- Mar 30 11:11:11.533095: | Warning: not switching back to template of current instance
- Mar 30 11:11:11.533100: | No IDr payload received from peer
- Mar 30 11:11:11.533106: | skipping because peer_id does not match
- Mar 30 11:11:11.533111: | refine going into 2nd loop allowing instantiated conns as well
- Mar 30 11:11:11.533122: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:11.533130: | match_id a=192.168.1.101
- Mar 30 11:11:11.533161: | b=(none)
- Mar 30 11:11:11.533167: | results matched
- Mar 30 11:11:11.533177: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "l2tp-psk", best=(none) with match=1(id=1(15)/ca=1(0)/reqca=1(0))
- Mar 30 11:11:11.533183: | Warning: not switching back to template of current instance
- Mar 30 11:11:11.533188: | No IDr payload received from peer
- Mar 30 11:11:11.533197: | refine_host_connection: checked l2tp-psk[3] 93.46.124.104 against l2tp-psk, now for see if best
- Mar 30 11:11:11.533205: | lsw_get_secret() switching remote roadwarrier ID from (none) to %any (%ANYADDR)
- Mar 30 11:11:11.533214: | lsw_get_secret() using IDs for 51.158.64.201->%any of kind PKK_PSK
- Mar 30 11:11:11.533222: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.533231: | 1: compared key %any to 51.158.64.201 / %any -> 002
- Mar 30 11:11:11.533240: | 2: compared key %any to 51.158.64.201 / %any -> 002
- Mar 30 11:11:11.533245: | line 1: match=002
- Mar 30 11:11:11.533252: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.533258: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.533265: | refine_host_connection: picking new best "l2tp-psk" (wild=15, peer_pathlen=0/our=0)
- Mar 30 11:11:11.533273: | match_id a=192.168.1.101
- Mar 30 11:11:11.533278: | b=(none)
- Mar 30 11:11:11.533283: | results matched
- Mar 30 11:11:11.533293: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "xauth-psk", best=l2tp-psk with match=1(id=1(15)/ca=1(0)/reqca=1(0))
- Mar 30 11:11:11.533298: | Warning: not switching back to template of current instance
- Mar 30 11:11:11.533303: | No IDr payload received from peer
- Mar 30 11:11:11.533309: | skipping because mismatched xauthserver
- Mar 30 11:11:11.533314: | returning since no better match than original best_found
- Mar 30 11:11:11.533320: | offered CA: '%none'
- Mar 30 11:11:11.533331: "l2tp-psk"[3] 93.46.124.104 #3: switched from "l2tp-psk"[3] 93.46.124.104 to "l2tp-psk"
- Mar 30 11:11:11.533340: | match_id a=192.168.1.101
- Mar 30 11:11:11.533346: | b=(none)
- Mar 30 11:11:11.533351: | results matched
- Mar 30 11:11:11.533362: | subnet from address 93.46.124.104 (in default_end() at connections.c:378)
- Mar 30 11:11:11.533371: | subnet from endpoint 10.68.154.105:1701 (in default_end() at connections.c:378)
- Mar 30 11:11:11.533382: | find_host_pair: comparing 10.68.154.105:500 to 93.46.124.104:500 but ignoring ports
- Mar 30 11:11:11.533392: | connect_to_host_pair: 10.68.154.105:500 93.46.124.104:500 -> hp@0x562b2d550f18: l2tp-psk
- Mar 30 11:11:11.533401: | rw_instantiate() instantiated "l2tp-psk"[4] 93.46.124.104 for 93.46.124.104
- Mar 30 11:11:11.533420: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:11.533425: | connection is instance
- Mar 30 11:11:11.533431: | not in pending use
- Mar 30 11:11:11.533437: | State DB: state not found (connection_discard)
- Mar 30 11:11:11.533442: | no states use this connection instance, deleting
- Mar 30 11:11:11.533451: | start processing: connection "l2tp-psk"[3] 93.46.124.104 (BACKGROUND) (in delete_connection() at connections.c:192)
- Mar 30 11:11:11.533464: "l2tp-psk"[4] 93.46.124.104 #3: deleting connection "l2tp-psk"[3] 93.46.124.104 instance with peer 93.46.124.104 {isakmp=#0/ipsec=#0}
- Mar 30 11:11:11.533471: | Deleting states for connection - not including other IPsec SA's
- Mar 30 11:11:11.533476: | pass 0
- Mar 30 11:11:11.533482: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:11.533487: | state #3
- Mar 30 11:11:11.533493: | pass 1
- Mar 30 11:11:11.533498: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:11.533503: | state #3
- Mar 30 11:11:11.533512: | flush revival: connection 'l2tp-psk' wasn't on the list
- Mar 30 11:11:11.533521: | stop processing: connection "l2tp-psk"[3] 93.46.124.104 (BACKGROUND) (in discard_connection() at connections.c:255)
- Mar 30 11:11:11.533530: | retrying ike_decode_peer_id() with new conn
- Mar 30 11:11:11.533536: | parsing 4 raw bytes of ISAKMP Identification Payload into peer ID
- Mar 30 11:11:11.533548: | peer ID
- Mar 30 11:11:11.533554: | c0 a8 01 65
- Mar 30 11:11:11.533564: "l2tp-psk"[4] 93.46.124.104 #3: Peer ID is ID_IPV4_ADDR: '192.168.1.101'
- Mar 30 11:11:11.533569: | X509: no CERT payloads to process
- Mar 30 11:11:11.533577: | refine_host_connection for IKEv1: starting with "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:11.533585: | match_id a=192.168.1.101
- Mar 30 11:11:11.533592: | b=192.168.1.101
- Mar 30 11:11:11.533597: | results matched
- Mar 30 11:11:11.533610: | refine_host_connection: checking "l2tp-psk"[4] 93.46.124.104 against "l2tp-psk"[4] 93.46.124.104, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
- Mar 30 11:11:11.533616: | Warning: not switching back to template of current instance
- Mar 30 11:11:11.533621: | No IDr payload received from peer
- Mar 30 11:11:11.533631: | refine_host_connection: checked l2tp-psk[4] 93.46.124.104 against l2tp-psk[4] 93.46.124.104, now for see if best
- Mar 30 11:11:11.533640: | lsw_get_secret() using IDs for 51.158.64.201->192.168.1.101 of kind PKK_PSK
- Mar 30 11:11:11.533647: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
- Mar 30 11:11:11.533657: | 1: compared key %any to 51.158.64.201 / 192.168.1.101 -> 002
- Mar 30 11:11:11.533666: | 2: compared key %any to 51.158.64.201 / 192.168.1.101 -> 002
- Mar 30 11:11:11.533673: | line 1: match=002
- Mar 30 11:11:11.533680: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
- Mar 30 11:11:11.533686: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
- Mar 30 11:11:11.533692: | returning because exact peer id match
- Mar 30 11:11:11.533698: | offered CA: '%none'
- Mar 30 11:11:11.533761: | received 'Main' message HASH_I data ok
- Mar 30 11:11:11.533768: | thinking about whether to send my certificate:
- Mar 30 11:11:11.533775: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
- Mar 30 11:11:11.533782: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
- Mar 30 11:11:11.533787: | so do not send cert.
- Mar 30 11:11:11.533792: | I did not send a certificate because digital signatures are not being used. (PSK)
- Mar 30 11:11:11.533810: | **emit ISAKMP Message:
- Mar 30 11:11:11.533819: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.533827: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.533833: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.533839: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.533844: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Mar 30 11:11:11.533850: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.533858: | Message ID: 0 (00 00 00 00)
- Mar 30 11:11:11.533864: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.533870: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:11.533877: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.533883: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.533889: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.533895: | Protocol ID: 0 (00)
- Mar 30 11:11:11.533902: | port: 0 (00 00)
- Mar 30 11:11:11.533908: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:11.533914: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.533923: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:11.533933: | my identity: 33 9e 40 c9
- Mar 30 11:11:11.533942: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:11.533982: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:11.533990: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.533997: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:11.534012: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.534019: | emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload
- Mar 30 11:11:11.534025: | HASH_R:
- Mar 30 11:11:11.534031: | 87 3f 92 dd c0 4d 72 b3 93 a1 df eb dd 4c 3b 14
- Mar 30 11:11:11.534036: | e7 e4 81 02
- Mar 30 11:11:11.534042: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:11.534048: | emitting 12 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:11.534054: | no IKEv1 message padding required
- Mar 30 11:11:11.534060: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:11.534076: | uniqueIDs disabled, not contemplating releasing older self
- Mar 30 11:11:11.534084: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.534096: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.534102: | #3 is idle
- Mar 30 11:11:11.534108: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.534114: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
- Mar 30 11:11:11.534121: | parent state #3: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA)
- Mar 30 11:11:11.534127: | event_already_set, deleting event
- Mar 30 11:11:11.534133: | state #3 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:11.534140: | #3 STATE_MAIN_R3: retransmits: cleared
- Mar 30 11:11:11.534150: | libevent_free: delref ptr-libevent@0x562b2d553ed8
- Mar 30 11:11:11.534157: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d551aa8
- Mar 30 11:11:11.534167: | state #3 NAT-T: new mapping 93.46.124.104:4500
- Mar 30 11:11:11.534177: | new NAT mapping for #3, was 93.46.124.104:500, now 93.46.124.104:4500
- Mar 30 11:11:11.534183: | State DB: IKEv1 state not found (nat_traversal_new_mapping)
- Mar 30 11:11:11.534193: | NAT-T: #3 updating local interface from 10.68.154.105:500 to 10.68.154.105:4500 (using md->iface in nat_traversal_change_port_lookup())
- Mar 30 11:11:11.534203: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:11.534219: | sending 80 bytes for STATE_MAIN_R2 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:11.534225: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:11.534231: | 5d 82 98 78 05 10 02 01 00 00 00 00 00 00 00 4c
- Mar 30 11:11:11.534236: | 8b 7e 2c 28 bd fc 4f 55 ed 90 de 66 68 96 75 2e
- Mar 30 11:11:11.534242: | 7a 3c 66 5a 16 75 94 c1 4c 3c 8b d9 66 fd bd 0e
- Mar 30 11:11:11.534247: | 30 93 ad 75 98 3a 81 90 fe 78 0e 57 e8 ac b8 77
- Mar 30 11:11:11.534339: | !event_already_set at reschedule
- Mar 30 11:11:11.534353: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d551aa8
- Mar 30 11:11:11.534361: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #3
- Mar 30 11:11:11.534369: | libevent_malloc: newref ptr-libevent@0x562b2d5553d8 size 128
- Mar 30 11:11:11.534378: | pstats #3 ikev1.isakmp established
- Mar 30 11:11:11.534391: "l2tp-psk"[4] 93.46.124.104 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
- Mar 30 11:11:11.534399: | DPD: dpd_init() called on ISAKMP SA
- Mar 30 11:11:11.534414: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:11.534437: "l2tp-psk"[4] 93.46.124.104 #3: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
- Mar 30 11:11:11.534448: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.534455: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.534462: | unpending state #3
- Mar 30 11:11:11.534472: | releasing #3's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:11.534482: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:11.534501: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.534519: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.534538: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.625234: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.625292: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.625298: | 08 10 20 01 00 00 00 01 00 00 01 bc 3d cb 41 7f
- Mar 30 11:11:11.625304: | 7c 75 85 ca f8 46 ca 46 92 82 09 67 92 f2 c7 d8
- Mar 30 11:11:11.625309: | 75 48 97 b4 be 5b c2 d4 c2 9b e1 d7 f5 00 02 cd
- Mar 30 11:11:11.625315: | b4 7b 8f 73 86 16 d6 de a9 3b 15 34 57 27 d3 34
- Mar 30 11:11:11.625320: | 94 cf fa 05 b7 fc d4 08 24 59 81 74 24 98 2c 20
- Mar 30 11:11:11.625324: | 6b b1 14 7a b7 d5 dc 90 8b 8b 71 b8 2f 70 1a e9
- Mar 30 11:11:11.625329: | 6d f0 f7 73 e7 19 4b d0 fd b6 d2 91 9c 39 e0 38
- Mar 30 11:11:11.625334: | ed 92 1c 70 b6 48 a0 b3 d2 40 dc 5c 3a 6c c1 6b
- Mar 30 11:11:11.625339: | 77 57 07 06 07 24 95 dc 61 60 6d eb d8 4e 09 0e
- Mar 30 11:11:11.625344: | f7 46 ca 63 04 42 47 7a 11 44 51 9d d0 11 84 da
- Mar 30 11:11:11.625348: | f4 c2 56 a6 6b 46 ca f0 13 65 58 27 23 22 7b 8a
- Mar 30 11:11:11.625353: | 19 de fc 26 a7 1c 72 ce 6f 6a 18 fb 75 5e c1 a2
- Mar 30 11:11:11.625358: | 3a b4 da 5a 45 43 e2 35 ed 3e 4f cd af b2 0b 7e
- Mar 30 11:11:11.625363: | 34 0c a5 17 83 7b 28 4c 86 45 2a 61 7b 43 d2 8a
- Mar 30 11:11:11.625368: | 51 e1 86 ff 0b 50 32 3b e5 57 5a 42 b4 76 83 f9
- Mar 30 11:11:11.625372: | 21 f8 bc 14 e6 e3 a1 33 c5 a8 99 8c f2 e4 71 0d
- Mar 30 11:11:11.625377: | 19 96 c8 29 44 aa 16 ab 1b 49 5f 9c 90 86 3c 93
- Mar 30 11:11:11.625406: | 01 00 0e 19 7c 21 d9 d9 19 e3 d4 37 ae 0a 23 d4
- Mar 30 11:11:11.625413: | 71 ed ce 40 ce f9 69 ee 06 67 41 44 1b 60 f7 a7
- Mar 30 11:11:11.625418: | 21 a9 ce ae 00 d9 d1 aa ef af 99 dc e2 5e 46 f7
- Mar 30 11:11:11.625423: | 89 ed d3 be 3c f7 fe fb 65 db b6 18 5b ee 84 1e
- Mar 30 11:11:11.625428: | f8 c4 b1 00 f2 94 47 a2 a8 dd 15 96 82 39 01 58
- Mar 30 11:11:11.625432: | 4e f5 be b0 6f 47 7a 14 92 cf 70 24 08 03 73 c6
- Mar 30 11:11:11.625437: | 7a 11 16 80 58 91 1b 7c c4 03 2a ca 6f f9 79 55
- Mar 30 11:11:11.625442: | 41 16 bb 67 6a 9b 0f 0e 36 70 06 4f 59 21 18 c4
- Mar 30 11:11:11.625447: | b4 aa fc f5 87 69 cf 89 fb 02 58 52 1b 44 bc b6
- Mar 30 11:11:11.625452: | a8 67 f8 81 58 c3 51 ed f2 05 a4 50
- Mar 30 11:11:11.625463: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.625474: | **parse ISAKMP Message:
- Mar 30 11:11:11.625483: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.625491: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.625497: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.625503: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.625509: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.625515: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.625523: | Message ID: 1 (00 00 00 01)
- Mar 30 11:11:11.625531: | length: 444 (00 00 01 bc)
- Mar 30 11:11:11.625539: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:11.625551: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:11.625578: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:11.625601: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:11.625704: | #3 is idle
- Mar 30 11:11:11.625752: | #3 idle
- Mar 30 11:11:11.625764: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.625806: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:11.625815: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.625821: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:11.625829: | length: 24 (00 18)
- Mar 30 11:11:11.625836: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:11.625844: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:11.625882: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.625891: | length: 280 (01 18)
- Mar 30 11:11:11.625897: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.625904: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:11.625911: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:11.625918: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.625933: | length: 52 (00 34)
- Mar 30 11:11:11.625939: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.625947: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.625953: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.625961: | length: 12 (00 0c)
- Mar 30 11:11:11.625967: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.625974: | Protocol ID: 17 (11)
- Mar 30 11:11:11.625983: | port: 1701 (06 a5)
- Mar 30 11:11:11.625989: | obj:
- Mar 30 11:11:11.625995: | c0 a8 01 65
- Mar 30 11:11:11.626002: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.626010: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.626017: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:11.626025: | length: 12 (00 0c)
- Mar 30 11:11:11.626031: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.626039: | Protocol ID: 17 (11)
- Mar 30 11:11:11.626046: | port: 1701 (06 a5)
- Mar 30 11:11:11.626051: | obj:
- Mar 30 11:11:11.626057: | 33 9e 40 c9
- Mar 30 11:11:11.626063: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.626070: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:11.626109: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:11.626123: | length: 12 (00 0c)
- Mar 30 11:11:11.626130: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.626137: | obj:
- Mar 30 11:11:11.626163: | c0 a8 01 65
- Mar 30 11:11:11.626171: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.626179: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:11.626184: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.626192: | length: 12 (00 0c)
- Mar 30 11:11:11.626198: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.626205: | obj:
- Mar 30 11:11:11.626211: | 33 9e 40 c9
- Mar 30 11:11:11.626217: | removing 12 bytes of padding
- Mar 30 11:11:11.626294: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:11.626315: | 91 f9 d2 e9 0d 04 ee 42 79 e4 7e 06 cd 1b 78 6a
- Mar 30 11:11:11.626321: | 43 71 b7 b5
- Mar 30 11:11:11.626328: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:11.626346: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:11.626354: | ID address
- Mar 30 11:11:11.626361: | c0 a8 01 65
- Mar 30 11:11:11.626375: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:11.626386: | peer client is 192.168.1.101/32
- Mar 30 11:11:11.626414: | peer client protocol/port is 17/1701
- Mar 30 11:11:11.626425: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:11.626432: | ID address
- Mar 30 11:11:11.626438: | 33 9e 40 c9
- Mar 30 11:11:11.626448: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:11.626457: | our client is 51.158.64.201/32
- Mar 30 11:11:11.626463: | our client protocol/port is 17/1701
- Mar 30 11:11:11.626482: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/0
- Mar 30 11:11:11.626491: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:11.626505: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:11.626518: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:0
- Mar 30 11:11:11.626530: | match_id a=192.168.1.101
- Mar 30 11:11:11.626540: | b=192.168.1.101
- Mar 30 11:11:11.626546: | results matched
- Mar 30 11:11:11.626566: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/0 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:0:17/0
- Mar 30 11:11:11.626600: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:11.626609: | fc_try concluding with none [0]
- Mar 30 11:11:11.626616: | fc_try l2tp-psk gives none
- Mar 30 11:11:11.626628: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:11.626640: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:0 is found
- Mar 30 11:11:11.626650: | match_id a=192.168.1.101
- Mar 30 11:11:11.626657: | b=(none)
- Mar 30 11:11:11.626662: | results matched
- Mar 30 11:11:11.626676: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/0 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:11.626685: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:11.626692: | match_id a=192.168.1.101
- Mar 30 11:11:11.626697: | b=(none)
- Mar 30 11:11:11.626702: | results matched
- Mar 30 11:11:11.626707: | fc_try concluding with none [0]
- Mar 30 11:11:11.626714: | match_id a=192.168.1.101
- Mar 30 11:11:11.626721: | b=(none)
- Mar 30 11:11:11.626727: | results matched
- Mar 30 11:11:11.626743: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:11.626752: | match_id a=192.168.1.101
- Mar 30 11:11:11.626761: | b=(none)
- Mar 30 11:11:11.626767: | results matched
- Mar 30 11:11:11.626774: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:11.626780: | concluding with d = none
- Mar 30 11:11:11.626790: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:11.626799: | client wildcard: no port wildcard: yes virtual: no
- Mar 30 11:11:11.626808: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:11.626819: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:11.626827: | NAT-OA:
- Mar 30 11:11:11.626833: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:11.626840: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:11.626847: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:11.626853: | c0 a8 01 65
- Mar 30 11:11:11.626862: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:11.626914: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:11.627079: | creating state object #4 at 0x562b2d555bd8
- Mar 30 11:11:11.627089: | State DB: adding IKEv1 state #4 in UNDEFINED
- Mar 30 11:11:11.627107: | pstats #4 ikev1.ipsec started
- Mar 30 11:11:11.627119: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #4 for IPSEC SA
- Mar 30 11:11:11.627131: | #4 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:11.627151: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:11.627166: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:11.627174: | switching MD.ST from #3 to CHILD #4; ulgh
- Mar 30 11:11:11.627183: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:11.627194: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.627200: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.627206: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.627212: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.627219: | length: 56 (00 38)
- Mar 30 11:11:11.627225: | proposal number: 1 (01)
- Mar 30 11:11:11.627230: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.627236: | SPI size: 4 (04)
- Mar 30 11:11:11.627242: | number of transforms: 1 (01)
- Mar 30 11:11:11.627248: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:11.627253: | SPI
- Mar 30 11:11:11.627257: | a3 48 a1 7c
- Mar 30 11:11:11.627318: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.627326: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.627332: | length: 56 (00 38)
- Mar 30 11:11:11.627354: | proposal number: 2 (02)
- Mar 30 11:11:11.627360: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.627387: | SPI size: 4 (04)
- Mar 30 11:11:11.627393: | number of transforms: 1 (01)
- Mar 30 11:11:11.627417: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.627423: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.627429: | length: 44 (00 2c)
- Mar 30 11:11:11.627434: | ESP transform number: 1 (01)
- Mar 30 11:11:11.627439: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.627447: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627453: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:11.627459: | length/value: 4 (00 04)
- Mar 30 11:11:11.627465: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:11.627473: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:11.627478: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627484: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:11.627490: | length/value: 256 (01 00)
- Mar 30 11:11:11.627495: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627501: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:11.627507: | length/value: 2 (00 02)
- Mar 30 11:11:11.627512: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:11.627517: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627523: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.627529: | length/value: 1 (00 01)
- Mar 30 11:11:11.627534: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:11.627539: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627544: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.627550: | length/value: 4 (00 04)
- Mar 30 11:11:11.627556: | long duration: 3600
- Mar 30 11:11:11.627561: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627566: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.627588: | length/value: 2 (00 02)
- Mar 30 11:11:11.627594: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:11.627600: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.627605: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.627611: | length/value: 4 (00 04)
- Mar 30 11:11:11.627616: | long duration: 250000
- Mar 30 11:11:11.627623: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:11.627655: | adding quick_outI1 KE work-order 6 for state #4
- Mar 30 11:11:11.627665: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
- Mar 30 11:11:11.627672: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
- Mar 30 11:11:11.627683: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:11.627716: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:11.627729: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:11.627735: | suspending state #4 and saving MD 0x562b2d551f08
- Mar 30 11:11:11.627741: | #4 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:11.627756: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.627766: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.627773: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.627815: | crypto helper 0 resuming
- Mar 30 11:11:11.627875: | crypto helper 0 starting work-order 6 for state #4
- Mar 30 11:11:11.627891: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 6
- Mar 30 11:11:11.627939: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 6 time elapsed 0.000051 seconds
- Mar 30 11:11:11.627950: | crypto helper 0 sending results from work-order 6 for state #4 to event queue
- Mar 30 11:11:11.628085: | scheduling resume sending helper answer for #4
- Mar 30 11:11:11.628104: | libevent_malloc: newref ptr-libevent@0x7f3a3c0011e8 size 128
- Mar 30 11:11:11.628142: | crypto helper 0 waiting (nothing to do)
- Mar 30 11:11:11.628224: | processing resume sending helper answer for #4
- Mar 30 11:11:11.628254: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:11.628264: | unsuspending #4 MD 0x562b2d551f08
- Mar 30 11:11:11.628270: | crypto helper 0 replies to request ID 6
- Mar 30 11:11:11.628275: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:11.628281: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH
- Mar 30 11:11:11.628300: | **emit ISAKMP Message:
- Mar 30 11:11:11.628333: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.628341: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.628346: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.628352: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.628358: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.628364: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.628378: | Message ID: 1 (00 00 00 01)
- Mar 30 11:11:11.628385: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.628391: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:11.628397: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.628403: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:11.628408: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.628415: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:11.628420: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:11.628426: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:11.628431: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.628436: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.628441: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:11.628447: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:11.628453: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.628459: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.628464: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.628470: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.628475: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.628481: | length: 56 (00 38)
- Mar 30 11:11:11.628487: | proposal number: 1 (01)
- Mar 30 11:11:11.628492: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.628497: | SPI size: 4 (04)
- Mar 30 11:11:11.628503: | number of transforms: 1 (01)
- Mar 30 11:11:11.628509: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:11.628514: | SPI
- Mar 30 11:11:11.628519: | a3 48 a1 7c
- Mar 30 11:11:11.628524: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.628529: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.628535: | length: 56 (00 38)
- Mar 30 11:11:11.628540: | proposal number: 2 (02)
- Mar 30 11:11:11.628545: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.628551: | SPI size: 4 (04)
- Mar 30 11:11:11.628557: | number of transforms: 1 (01)
- Mar 30 11:11:11.628562: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.628568: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.628573: | length: 44 (00 2c)
- Mar 30 11:11:11.628579: | ESP transform number: 1 (01)
- Mar 30 11:11:11.628584: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.628590: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628609: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:11.628615: | length/value: 4 (00 04)
- Mar 30 11:11:11.628621: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:11.628626: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:11.628632: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628637: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:11.628661: | length/value: 256 (01 00)
- Mar 30 11:11:11.628667: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628673: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:11.628679: | length/value: 2 (00 02)
- Mar 30 11:11:11.628684: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:11.628689: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628695: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.628700: | length/value: 1 (00 01)
- Mar 30 11:11:11.628705: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:11.628711: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628716: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.628722: | length/value: 4 (00 04)
- Mar 30 11:11:11.628727: | long duration: 3600
- Mar 30 11:11:11.628732: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628737: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.628743: | length/value: 2 (00 02)
- Mar 30 11:11:11.628748: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:11.628753: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.628758: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.628764: | length/value: 4 (00 04)
- Mar 30 11:11:11.628769: | long duration: 250000
- Mar 30 11:11:11.628775: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:11.628780: | ****emit IPsec DOI SIT:
- Mar 30 11:11:11.628786: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.628791: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:11.628796: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.628802: | proposal number: 1 (01)
- Mar 30 11:11:11.628807: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.628813: | SPI size: 4 (04)
- Mar 30 11:11:11.628818: | number of transforms: 1 (01)
- Mar 30 11:11:11.628824: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:11.628882: | netlink_get_spi: allocated 0x6912e15 for esp.0@10.68.154.105
- Mar 30 11:11:11.628890: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:11.628897: | SPI: 06 91 2e 15
- Mar 30 11:11:11.628902: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.628907: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.628913: | ESP transform number: 1 (01)
- Mar 30 11:11:11.628918: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.628923: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:11.628929: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:11.628935: | attributes:
- Mar 30 11:11:11.628940: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:11.628945: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:11.628950: | 00 03 d0 90
- Mar 30 11:11:11.628955: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:11.628960: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:11.628966: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:11.628971: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:11.628976: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:11.628987: "l2tp-psk"[4] 93.46.124.104 #4: responding to Quick Mode proposal {msgid:00000001}
- Mar 30 11:11:11.629002: "l2tp-psk"[4] 93.46.124.104 #4: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:11.629022: "l2tp-psk"[4] 93.46.124.104 #4: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:11.629028: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:11.629033: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.629039: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:11.629044: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:11.629049: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.629055: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:11.629060: | Nr:
- Mar 30 11:11:11.629065: | c4 0e 12 43 2d 5e 9e c6 a5 19 d1 da ab cb 18 4f
- Mar 30 11:11:11.629070: | 36 a9 1f b7 e4 50 63 7f 99 dc b6 33 0c c2 28 1f
- Mar 30 11:11:11.629075: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:11.629081: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.629086: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.629091: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.629097: | Protocol ID: 17 (11)
- Mar 30 11:11:11.629103: | port: 1701 (06 a5)
- Mar 30 11:11:11.629108: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:11.629114: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:11.629119: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.629125: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:11.629132: | ID body: c0 a8 01 65
- Mar 30 11:11:11.629137: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:11.629142: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.629147: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.629152: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.629158: | Protocol ID: 17 (11)
- Mar 30 11:11:11.629164: | port: 1701 (06 a5)
- Mar 30 11:11:11.629169: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:11.629174: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.629180: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:11.629186: | ID body: 33 9e 40 c9
- Mar 30 11:11:11.629191: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:11.629268: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:11.629275: | a0 a7 b6 eb c3 a6 e6 a9 0c cd cc dc 0f d0 2c 24
- Mar 30 11:11:11.629280: | 9b 3b 0e ff
- Mar 30 11:11:11.629286: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:11.629291: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:11.629412: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:11.629420: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:11.629426: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.629432: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.629438: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.629444: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.629449: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.629455: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.629460: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.629470: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
- Mar 30 11:11:11.629476: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:11.629488: | checking if this is a replacement state
- Mar 30 11:11:11.629494: | st=0x562b2d555bd8 ost=(nil) st->serialno=#4 ost->serialno=#0
- Mar 30 11:11:11.629499: | installing outgoing SA now as refhim=0
- Mar 30 11:11:11.629506: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:11.629512: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:11.629518: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:11.629525: | setting IPsec SA replay-window to 32
- Mar 30 11:11:11.629531: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:11.629538: | netlink: enabling transport mode
- Mar 30 11:11:11.629546: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:11.629552: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:11.629557: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:11.629564: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:11.629707: | netlink response for Add SA esp.a348a17c@93.46.124.104 included non-error error
- Mar 30 11:11:11.629717: | outgoing SA has refhim=0
- Mar 30 11:11:11.629723: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:11.629729: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:11.629734: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:11.629741: | setting IPsec SA replay-window to 32
- Mar 30 11:11:11.629746: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:11.629752: | netlink: enabling transport mode
- Mar 30 11:11:11.629759: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:11.629764: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:11.629769: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:11.629774: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:11.629833: | netlink response for Add SA esp.6912e15@10.68.154.105 included non-error error
- Mar 30 11:11:11.629843: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:11.629857: | add inbound eroute 93.46.124.104/32:1701 --17-> 10.68.154.105/32:1701 => esp.10000@10.68.154.105 using reqid 16409 (raw_eroute)
- Mar 30 11:11:11.629865: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
- Mar 30 11:11:11.629871: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:11.629877: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:11.629893: | raw_eroute result=success
- Mar 30 11:11:11.629901: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:11.629907: | no IKEv1 message padding required
- Mar 30 11:11:11.629912: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:11.629937: | finished processing quick inI1
- Mar 30 11:11:11.629944: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.629954: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.629959: | #4 is idle
- Mar 30 11:11:11.629965: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.629972: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:11.629979: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:11.629984: | event_already_set, deleting event
- Mar 30 11:11:11.629990: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:11.629999: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:11.630008: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
- Mar 30 11:11:11.630021: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:11.630040: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #4)
- Mar 30 11:11:11.630062: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:11.630069: | 5d 82 98 78 08 10 20 01 00 00 00 01 00 00 00 bc
- Mar 30 11:11:11.630075: | 9a 91 e6 97 7d 9b 20 69 e9 fb 1c 8f 3e 9f 8d 21
- Mar 30 11:11:11.630081: | 55 6d ea b2 e5 1c 21 2a 63 a4 86 05 ad 3f 5f 2a
- Mar 30 11:11:11.630088: | 28 eb 6f a7 b8 4e 7e e1 1a a0 98 9d f6 df 6e da
- Mar 30 11:11:11.630095: | 51 69 8b 7b 6b 2e e6 29 71 14 47 10 33 27 ba 58
- Mar 30 11:11:11.630100: | 4b 47 9c 86 fd cb 70 5a 31 95 82 75 b0 b5 0f 38
- Mar 30 11:11:11.630106: | 8e af a1 93 4b 92 f9 09 28 d9 dd 25 1b e9 ee 3e
- Mar 30 11:11:11.630112: | a8 75 a0 a6 40 a7 31 86 60 e9 76 b5 5a 62 6e 9a
- Mar 30 11:11:11.630118: | 03 6e 74 01 5f 7c 03 45 8c c5 c2 eb d4 5d 90 bf
- Mar 30 11:11:11.630147: | ba 44 73 6b cd f1 91 c4 a6 af 36 d4 e2 eb 40 0b
- Mar 30 11:11:11.630159: | b8 2d b3 f4 d3 26 23 41 47 c7 e0 04 ea 2f 5f 8c
- Mar 30 11:11:11.630276: | !event_already_set at reschedule
- Mar 30 11:11:11.630295: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d555938
- Mar 30 11:11:11.630305: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4
- Mar 30 11:11:11.630315: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
- Mar 30 11:11:11.630330: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5630.055523
- Mar 30 11:11:11.630338: | pstats #4 ikev1.ipsec established
- Mar 30 11:11:11.630352: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:11.630360: | NAT-T: encaps is 'yes'
- Mar 30 11:11:11.630376: "l2tp-psk"[4] 93.46.124.104 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa348a17c <0x06912e15 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:11.630385: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.630392: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.630399: | releasing #4's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:11.630407: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:11.630421: | resume sending helper answer for #4 suppresed complete_v1_state_transition()
- Mar 30 11:11:11.630443: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:11.630452: | libevent_free: delref ptr-libevent@0x7f3a3c0011e8
- Mar 30 11:11:11.692795: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.692855: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.692872: | 08 10 20 01 00 00 00 01 00 00 00 3c ca ad 3d ef
- Mar 30 11:11:11.692885: | 15 51 1a 52 4a 8e b7 1b 4a f6 d4 99 e6 a8 d9 e0
- Mar 30 11:11:11.692895: | 10 7d c4 1e 88 b5 b3 ea 7a 7a b0 a7
- Mar 30 11:11:11.692913: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.692927: | **parse ISAKMP Message:
- Mar 30 11:11:11.692940: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.692951: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.692960: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.692968: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.692976: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.692985: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.692995: | Message ID: 1 (00 00 00 01)
- Mar 30 11:11:11.693005: | length: 60 (00 00 00 3c)
- Mar 30 11:11:11.693014: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:11.693027: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:11.693059: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:11.693087: | #4 is idle
- Mar 30 11:11:11.693096: | #4 idle
- Mar 30 11:11:11.693109: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.693196: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:11.693210: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.693219: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.693228: | length: 24 (00 18)
- Mar 30 11:11:11.693236: | removing 8 bytes of padding
- Mar 30 11:11:11.693296: | quick_inI2 HASH(3):
- Mar 30 11:11:11.693304: | 42 33 a9 51 63 ad 34 2b 65 7c e5 66 5c 7c 50 84
- Mar 30 11:11:11.693312: | 7d be 69 9a
- Mar 30 11:11:11.693319: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:11.693335: | install_ipsec_sa() for #4: outbound only
- Mar 30 11:11:11.693343: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:11.693352: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.693360: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693368: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693376: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693384: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693392: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693399: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693413: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
- Mar 30 11:11:11.693421: | sr for #4: unrouted
- Mar 30 11:11:11.693430: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:11.693437: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.693444: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693452: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693459: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693467: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693474: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.693482: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.693493: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
- Mar 30 11:11:11.693503: | route_and_eroute with c: l2tp-psk (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #4
- Mar 30 11:11:11.693513: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:11.693534: | eroute_connection add eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.a348a17c@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:11.693547: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:11.693555: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:11.693564: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:11.693609: | raw_eroute result=success
- Mar 30 11:11:11.693618: | running updown command "ipsec _updown" for verb up
- Mar 30 11:11:11.693626: | command executing up-host
- Mar 30 11:11:11.693684: | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL...
- Mar 30 11:11:11.693695: | popen cmd is 1122 chars long
- Mar 30 11:11:11.693703: | cmd( 0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_:
- Mar 30 11:11:11.693729: | cmd( 80):INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.:
- Mar 30 11:11:11.693737: | cmd( 160):68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT:
- Mar 30 11:11:11.693744: | cmd( 240):='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='25:
- Mar 30 11:11:11.693751: | cmd( 320):5.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408:
- Mar 30 11:11:11.693759: | cmd( 400):' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' P:
- Mar 30 11:11:11.693766: | cmd( 480):LUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_:
- Mar 30 11:11:11.693773: | cmd( 560):PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='1:
- Mar 30 11:11:11.693780: | cmd( 640):7' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS:
- Mar 30 11:11:11.693787: | cmd( 720):K+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K:
- Mar 30 11:11:11.693794: | cmd( 800):IND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC:
- Mar 30 11:11:11.693802: | cmd( 880):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT:
- Mar 30 11:11:11.693809: | cmd( 960):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R:
- Mar 30 11:11:11.693816: | cmd(1040):OUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updown 2>:
- Mar 30 11:11:11.693823: | cmd(1120):&1:
- Mar 30 11:11:11.703279: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:11.703314: | running updown command "ipsec _updown" for verb prepare
- Mar 30 11:11:11.703323: | command executing prepare-host
- Mar 30 11:11:11.703371: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI...
- Mar 30 11:11:11.703378: | popen cmd is 1127 chars long
- Mar 30 11:11:11.703383: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_:
- Mar 30 11:11:11.703387: | cmd( 80):VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP:
- Mar 30 11:11:11.703391: | cmd( 160):='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_C:
- Mar 30 11:11:11.703395: | cmd( 240):LIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MAS:
- Mar 30 11:11:11.703400: | cmd( 320):K='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID=':
- Mar 30 11:11:11.703404: | cmd( 400):16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.1:
- Mar 30 11:11:11.703408: | cmd( 480):01' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' P:
- Mar 30 11:11:11.703412: | cmd( 560):LUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOC:
- Mar 30 11:11:11.703416: | cmd( 640):OL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC:
- Mar 30 11:11:11.703419: | cmd( 720):Y='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C:
- Mar 30 11:11:11.703436: | cmd( 800):ONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER:
- Mar 30 11:11:11.703440: | cmd( 880):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='':
- Mar 30 11:11:11.703444: | cmd( 960): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' :
- Mar 30 11:11:11.703448: | cmd(1040):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updo:
- Mar 30 11:11:11.703452: | cmd(1120):wn 2>&1:
- Mar 30 11:11:11.709071: | running updown command "ipsec _updown" for verb route
- Mar 30 11:11:11.709105: | command executing route-host
- Mar 30 11:11:11.709150: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=...
- Mar 30 11:11:11.709158: | popen cmd is 1125 chars long
- Mar 30 11:11:11.709164: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VI:
- Mar 30 11:11:11.709169: | cmd( 80):RT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP=':
- Mar 30 11:11:11.709174: | cmd( 160):10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLI:
- Mar 30 11:11:11.709179: | cmd( 240):ENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK=:
- Mar 30 11:11:11.709183: | cmd( 320):'255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16:
- Mar 30 11:11:11.709187: | cmd( 400):408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101:
- Mar 30 11:11:11.709191: | cmd( 480):' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLU:
- Mar 30 11:11:11.709195: | cmd( 560):TO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL:
- Mar 30 11:11:11.709199: | cmd( 640):='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=:
- Mar 30 11:11:11.709203: | cmd( 720):'PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON:
- Mar 30 11:11:11.709207: | cmd( 800):N_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C:
- Mar 30 11:11:11.709211: | cmd( 880):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P:
- Mar 30 11:11:11.709215: | cmd( 960):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT:
- Mar 30 11:11:11.709219: | cmd(1040):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updown:
- Mar 30 11:11:11.709223: | cmd(1120): 2>&1:
- Mar 30 11:11:11.725911: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #4 (was #0) (newest_ipsec_sa=#0)
- Mar 30 11:11:11.725948: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #3
- Mar 30 11:11:11.725954: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:11.725958: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:11.725964: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.725973: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.725988: | #4 is idle
- Mar 30 11:11:11.725993: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.725996: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:11.726002: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:11.726006: | event_already_set, deleting event
- Mar 30 11:11:11.726011: | state #4 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:11.726015: | #4 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:11.726027: | libevent_free: delref ptr-libevent@0x562b2d553ed8
- Mar 30 11:11:11.726034: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d555938
- Mar 30 11:11:11.726040: | !event_already_set at reschedule
- Mar 30 11:11:11.726045: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d5566a8
- Mar 30 11:11:11.726051: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #4
- Mar 30 11:11:11.726056: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:11.726061: | pstats #4 ikev1.ipsec established
- Mar 30 11:11:11.726069: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:11.726072: | NAT-T: encaps is 'yes'
- Mar 30 11:11:11.726081: "l2tp-psk"[4] 93.46.124.104 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa348a17c <0x06912e15 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:11.726085: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.726088: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.726093: | releasing #4's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:11.726096: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:11.726104: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.726114: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.726118: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.726157: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.726162: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.726166: | 08 10 20 01 00 00 00 02 00 00 01 bc fc fe 21 66
- Mar 30 11:11:11.726169: | 45 e4 40 d0 73 c4 fb af 57 cd 6a b7 aa c6 4b de
- Mar 30 11:11:11.726172: | 4d f5 e5 bc 8b b8 cf 68 b6 8e 30 28 38 f3 8e 4c
- Mar 30 11:11:11.726175: | 6c af 67 59 02 13 cd 85 51 fc a4 4b 73 a7 83 0c
- Mar 30 11:11:11.726178: | d4 12 80 d9 99 73 ca ea 80 f1 35 a4 d1 e9 27 55
- Mar 30 11:11:11.726181: | 3d a1 e3 62 08 c7 b2 1f 06 dc 44 56 f8 4b ba 56
- Mar 30 11:11:11.726184: | 6b 02 2a e1 f3 e3 05 cf 0e a0 92 c8 df 14 83 dc
- Mar 30 11:11:11.726187: | fd 92 39 28 2f 21 8a 60 ed f5 26 4f 09 ed b6 11
- Mar 30 11:11:11.726190: | c2 e1 2d 24 e4 92 3d 98 ae a7 32 f5 24 82 59 b4
- Mar 30 11:11:11.726193: | c6 3b 00 c7 9f 28 77 cd 6b 12 7d d4 37 9e 4c cc
- Mar 30 11:11:11.726196: | e1 fc 37 5b 96 75 60 f4 1a 8d 0f 67 08 95 82 f1
- Mar 30 11:11:11.726199: | 04 e8 9d 79 f7 f3 04 b5 1d b7 b8 42 2f f4 17 d2
- Mar 30 11:11:11.726297: | bb 80 ff ca 36 50 c0 5d 27 65 0d 36 cd f9 bc 95
- Mar 30 11:11:11.726302: | a8 45 8e 65 27 76 06 75 4a f5 68 1a 4b e5 d1 44
- Mar 30 11:11:11.726305: | 19 b3 c8 e9 ea 33 bc 46 2c 31 69 51 b6 30 5a 8e
- Mar 30 11:11:11.726308: | 3a 33 47 e9 86 68 ef 7d 3c cf ac 6e 3c 3b c0 38
- Mar 30 11:11:11.726311: | 39 15 89 5b 4f 27 cc 5e f4 2f 0e 9e 91 01 60 22
- Mar 30 11:11:11.726314: | 80 58 37 f1 20 3f 21 19 e5 56 ec 4b 35 48 b5 e3
- Mar 30 11:11:11.726317: | b5 8b 03 8d e3 bc c3 52 46 19 9e 81 d6 f6 02 02
- Mar 30 11:11:11.726320: | 68 62 2e 4b 67 d2 df 50 9b 83 79 a1 df 7c 35 71
- Mar 30 11:11:11.726323: | b8 b4 ee c5 eb 50 be 70 2c d5 61 37 ba 36 92 9a
- Mar 30 11:11:11.726326: | dd cf 70 fb 10 58 95 92 29 77 87 7a 1e 2f a0 8f
- Mar 30 11:11:11.726329: | 39 f5 84 e5 0c dd 05 ea 60 30 c5 61 b2 06 92 50
- Mar 30 11:11:11.726338: | 5c db 71 d3 04 7a 83 1e ae 59 2e ff cf 82 60 9d
- Mar 30 11:11:11.726341: | 93 31 47 e7 8d 7b e4 37 1f a6 c5 a5 75 0a dc 56
- Mar 30 11:11:11.726344: | d4 eb a8 64 7e 8a 85 12 66 dd 24 4a 58 5b 31 d4
- Mar 30 11:11:11.726347: | 7d d9 0d fa 00 8d e3 ee bb 8d e1 9a
- Mar 30 11:11:11.726353: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.726360: | **parse ISAKMP Message:
- Mar 30 11:11:11.726365: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.726370: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.726374: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.726378: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.726381: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.726385: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.726390: | Message ID: 2 (00 00 00 02)
- Mar 30 11:11:11.726394: | length: 444 (00 00 01 bc)
- Mar 30 11:11:11.726398: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:11.726403: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:11.726407: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:11.726414: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:11.726456: | #3 is idle
- Mar 30 11:11:11.726460: | #3 idle
- Mar 30 11:11:11.726465: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.726490: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:11.726494: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.726498: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:11.726502: | length: 24 (00 18)
- Mar 30 11:11:11.726506: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:11.726509: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:11.726513: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.726517: | length: 280 (01 18)
- Mar 30 11:11:11.726520: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.726523: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:11.726527: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:11.726530: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.726534: | length: 52 (00 34)
- Mar 30 11:11:11.726537: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.726541: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.726545: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.726548: | length: 12 (00 0c)
- Mar 30 11:11:11.726552: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.726555: | Protocol ID: 17 (11)
- Mar 30 11:11:11.726559: | port: 1701 (06 a5)
- Mar 30 11:11:11.726562: | obj:
- Mar 30 11:11:11.726565: | c0 a8 01 65
- Mar 30 11:11:11.726569: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.726572: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.726575: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:11.726579: | length: 12 (00 0c)
- Mar 30 11:11:11.726582: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.726586: | Protocol ID: 17 (11)
- Mar 30 11:11:11.726589: | port: 1701 (06 a5)
- Mar 30 11:11:11.726701: | obj:
- Mar 30 11:11:11.726708: | 33 9e 40 c9
- Mar 30 11:11:11.726712: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.726716: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:11.726719: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:11.726724: | length: 12 (00 0c)
- Mar 30 11:11:11.726727: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.726730: | obj:
- Mar 30 11:11:11.726733: | c0 a8 01 65
- Mar 30 11:11:11.726736: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:11.726740: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:11.726743: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.726753: | length: 12 (00 0c)
- Mar 30 11:11:11.726757: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.726760: | obj:
- Mar 30 11:11:11.726763: | 33 9e 40 c9
- Mar 30 11:11:11.726766: | removing 12 bytes of padding
- Mar 30 11:11:11.726844: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:11.726856: | 32 0f a0 9c c7 a3 c7 df 4c a1 44 85 ec c4 88 eb
- Mar 30 11:11:11.726859: | 2c 16 d8 8a
- Mar 30 11:11:11.726863: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:11.726870: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:11.726873: | ID address
- Mar 30 11:11:11.726876: | c0 a8 01 65
- Mar 30 11:11:11.726882: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:11.726887: | peer client is 192.168.1.101/32
- Mar 30 11:11:11.726891: | peer client protocol/port is 17/1701
- Mar 30 11:11:11.726894: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:11.726897: | ID address
- Mar 30 11:11:11.726900: | 33 9e 40 c9
- Mar 30 11:11:11.726905: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:11.726909: | our client is 51.158.64.201/32
- Mar 30 11:11:11.726912: | our client protocol/port is 17/1701
- Mar 30 11:11:11.726920: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
- Mar 30 11:11:11.727001: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:11.727007: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:11.727013: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
- Mar 30 11:11:11.727018: | match_id a=192.168.1.101
- Mar 30 11:11:11.727022: | b=192.168.1.101
- Mar 30 11:11:11.727026: | results matched
- Mar 30 11:11:11.727035: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
- Mar 30 11:11:11.727041: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:11.727044: | fc_try concluding with none [0]
- Mar 30 11:11:11.727047: | fc_try l2tp-psk gives none
- Mar 30 11:11:11.727054: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:11.727060: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
- Mar 30 11:11:11.727064: | match_id a=192.168.1.101
- Mar 30 11:11:11.727067: | b=(none)
- Mar 30 11:11:11.727070: | results matched
- Mar 30 11:11:11.727079: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:11.727085: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:11.727089: | match_id a=192.168.1.101
- Mar 30 11:11:11.727092: | b=(none)
- Mar 30 11:11:11.727095: | results matched
- Mar 30 11:11:11.727098: | fc_try concluding with none [0]
- Mar 30 11:11:11.727103: | match_id a=192.168.1.101
- Mar 30 11:11:11.727106: | b=(none)
- Mar 30 11:11:11.727109: | results matched
- Mar 30 11:11:11.727116: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:11.727120: | match_id a=192.168.1.101
- Mar 30 11:11:11.727124: | b=(none)
- Mar 30 11:11:11.727127: | results matched
- Mar 30 11:11:11.727130: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:11.727133: | concluding with d = none
- Mar 30 11:11:11.727138: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:11.727141: | client wildcard: no port wildcard: no virtual: no
- Mar 30 11:11:11.727145: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:11.727150: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:11.727161: | NAT-OA:
- Mar 30 11:11:11.727164: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:11.727167: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:11.727171: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:11.727173: | c0 a8 01 65
- Mar 30 11:11:11.727178: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:11.727188: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:11.727192: | creating state object #5 at 0x562b2d5567b8
- Mar 30 11:11:11.727196: | State DB: adding IKEv1 state #5 in UNDEFINED
- Mar 30 11:11:11.727206: | pstats #5 ikev1.ipsec started
- Mar 30 11:11:11.727211: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #5 for IPSEC SA
- Mar 30 11:11:11.727218: | #5 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:11.727228: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:11.727234: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:11.727238: | switching MD.ST from #3 to CHILD #5; ulgh
- Mar 30 11:11:11.727242: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:11.727247: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.727253: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.727256: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.727260: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.727264: | length: 56 (00 38)
- Mar 30 11:11:11.727267: | proposal number: 1 (01)
- Mar 30 11:11:11.727271: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.727274: | SPI size: 4 (04)
- Mar 30 11:11:11.727278: | number of transforms: 1 (01)
- Mar 30 11:11:11.727281: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:11.727284: | SPI
- Mar 30 11:11:11.727287: | 7d 0c 02 4c
- Mar 30 11:11:11.727291: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.727294: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.727298: | length: 56 (00 38)
- Mar 30 11:11:11.727301: | proposal number: 2 (02)
- Mar 30 11:11:11.727304: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.727308: | SPI size: 4 (04)
- Mar 30 11:11:11.727311: | number of transforms: 1 (01)
- Mar 30 11:11:11.727315: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.727319: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.727322: | length: 44 (00 2c)
- Mar 30 11:11:11.727326: | ESP transform number: 1 (01)
- Mar 30 11:11:11.727329: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.727334: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727337: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:11.727341: | length/value: 4 (00 04)
- Mar 30 11:11:11.727344: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:11.727349: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:11.727352: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727356: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:11.727360: | length/value: 256 (01 00)
- Mar 30 11:11:11.727363: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727366: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:11.727370: | length/value: 2 (00 02)
- Mar 30 11:11:11.727373: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:11.727377: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727380: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.727384: | length/value: 1 (00 01)
- Mar 30 11:11:11.727387: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:11.727390: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727394: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.727397: | length/value: 4 (00 04)
- Mar 30 11:11:11.727401: | long duration: 3600
- Mar 30 11:11:11.727404: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727411: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.727415: | length/value: 2 (00 02)
- Mar 30 11:11:11.727418: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:11.727421: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727425: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.727428: | length/value: 4 (00 04)
- Mar 30 11:11:11.727431: | long duration: 250000
- Mar 30 11:11:11.727436: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:11.727445: | adding quick_outI1 KE work-order 7 for state #5
- Mar 30 11:11:11.727449: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d553ed8
- Mar 30 11:11:11.727454: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5
- Mar 30 11:11:11.727458: | libevent_malloc: newref ptr-libevent@0x562b2d5546a8 size 128
- Mar 30 11:11:11.727469: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:11.727476: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:11.727480: | suspending state #5 and saving MD 0x562b2d551f08
- Mar 30 11:11:11.727483: | #5 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:11.727490: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.727496: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.727500: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.727510: | processing signal PLUTO_SIGCHLD
- Mar 30 11:11:11.727516: | waitpid returned ECHILD (no child processes left)
- Mar 30 11:11:11.727520: | processing signal PLUTO_SIGCHLD
- Mar 30 11:11:11.727523: | waitpid returned ECHILD (no child processes left)
- Mar 30 11:11:11.727527: | processing signal PLUTO_SIGCHLD
- Mar 30 11:11:11.727531: | waitpid returned ECHILD (no child processes left)
- Mar 30 11:11:11.727559: | crypto helper 1 resuming
- Mar 30 11:11:11.727564: | crypto helper 1 starting work-order 7 for state #5
- Mar 30 11:11:11.727569: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 7
- Mar 30 11:11:11.727590: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 7 time elapsed 0.000021 seconds
- Mar 30 11:11:11.727594: | crypto helper 1 sending results from work-order 7 for state #5 to event queue
- Mar 30 11:11:11.727600: | scheduling resume sending helper answer for #5
- Mar 30 11:11:11.727604: | libevent_malloc: newref ptr-libevent@0x7f3a440014b8 size 128
- Mar 30 11:11:11.727612: | crypto helper 1 waiting (nothing to do)
- Mar 30 11:11:11.727622: | processing resume sending helper answer for #5
- Mar 30 11:11:11.727629: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:11.727633: | unsuspending #5 MD 0x562b2d551f08
- Mar 30 11:11:11.727637: | crypto helper 1 replies to request ID 7
- Mar 30 11:11:11.727640: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:11.727644: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH
- Mar 30 11:11:11.727668: | **emit ISAKMP Message:
- Mar 30 11:11:11.727673: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.727677: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.727680: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.727684: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.727687: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.727690: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.727695: | Message ID: 2 (00 00 00 02)
- Mar 30 11:11:11.727698: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.727702: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:11.727705: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.727709: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:11.727717: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.727722: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:11.727725: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:11.727728: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:11.727731: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:11.727735: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.727738: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:11.727742: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:11.727745: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.727749: | ****parse IPsec DOI SIT:
- Mar 30 11:11:11.727752: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.727756: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.727759: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.727763: | length: 56 (00 38)
- Mar 30 11:11:11.727766: | proposal number: 1 (01)
- Mar 30 11:11:11.727769: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.727773: | SPI size: 4 (04)
- Mar 30 11:11:11.727776: | number of transforms: 1 (01)
- Mar 30 11:11:11.727779: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:11.727782: | SPI
- Mar 30 11:11:11.727786: | 7d 0c 02 4c
- Mar 30 11:11:11.727789: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:11.727792: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:11.727796: | length: 56 (00 38)
- Mar 30 11:11:11.727799: | proposal number: 2 (02)
- Mar 30 11:11:11.727802: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.727806: | SPI size: 4 (04)
- Mar 30 11:11:11.727809: | number of transforms: 1 (01)
- Mar 30 11:11:11.727813: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.727816: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.727820: | length: 44 (00 2c)
- Mar 30 11:11:11.727823: | ESP transform number: 1 (01)
- Mar 30 11:11:11.727826: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.727830: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727833: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:11.727837: | length/value: 4 (00 04)
- Mar 30 11:11:11.727840: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:11.727844: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:11.727847: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727850: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:11.727854: | length/value: 256 (01 00)
- Mar 30 11:11:11.727857: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727861: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:11.727864: | length/value: 2 (00 02)
- Mar 30 11:11:11.727868: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:11.727871: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727874: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.727878: | length/value: 1 (00 01)
- Mar 30 11:11:11.727881: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:11.727884: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727887: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.727891: | length/value: 4 (00 04)
- Mar 30 11:11:11.727894: | long duration: 3600
- Mar 30 11:11:11.727898: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727901: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:11.727904: | length/value: 2 (00 02)
- Mar 30 11:11:11.727908: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:11.727911: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:11.727914: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:11.727921: | length/value: 4 (00 04)
- Mar 30 11:11:11.727924: | long duration: 250000
- Mar 30 11:11:11.727928: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:11.727931: | ****emit IPsec DOI SIT:
- Mar 30 11:11:11.727934: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:11.727938: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:11.727941: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.727945: | proposal number: 1 (01)
- Mar 30 11:11:11.727948: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:11.727951: | SPI size: 4 (04)
- Mar 30 11:11:11.727955: | number of transforms: 1 (01)
- Mar 30 11:11:11.727958: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:11.728032: | netlink_get_spi: allocated 0x36fdd548 for esp.0@10.68.154.105
- Mar 30 11:11:11.728054: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:11.728059: | SPI: 36 fd d5 48
- Mar 30 11:11:11.728062: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:11.728066: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.728069: | ESP transform number: 1 (01)
- Mar 30 11:11:11.728073: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:11.728076: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:11.728080: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:11.728084: | attributes:
- Mar 30 11:11:11.728087: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:11.728090: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:11.728093: | 00 03 d0 90
- Mar 30 11:11:11.728096: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:11.728099: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:11.728103: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:11.728106: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:11.728109: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:11.728116: "l2tp-psk"[4] 93.46.124.104 #5: responding to Quick Mode proposal {msgid:00000002}
- Mar 30 11:11:11.728125: "l2tp-psk"[4] 93.46.124.104 #5: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:11.728131: "l2tp-psk"[4] 93.46.124.104 #5: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:11.728135: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:11.728138: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.728142: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:11.728145: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:11.728149: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.728153: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:11.728156: | Nr:
- Mar 30 11:11:11.728159: | 94 9f cf 88 e5 2f 7c da ca 9f 77 4a b4 84 32 43
- Mar 30 11:11:11.728162: | 53 fe 29 b6 20 33 43 92 47 f4 ba 3b 68 73 81 a2
- Mar 30 11:11:11.728165: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:11.728169: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.728172: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:11.728175: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.728179: | Protocol ID: 17 (11)
- Mar 30 11:11:11.728182: | port: 1701 (06 a5)
- Mar 30 11:11:11.728186: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:11.728189: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:11.728199: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.728203: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:11.728207: | ID body: c0 a8 01 65
- Mar 30 11:11:11.728210: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:11.728214: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:11.728217: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.728220: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:11.728224: | Protocol ID: 17 (11)
- Mar 30 11:11:11.728227: | port: 1701 (06 a5)
- Mar 30 11:11:11.728231: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:11.728234: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:11.728238: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:11.728242: | ID body: 33 9e 40 c9
- Mar 30 11:11:11.728245: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:11.728273: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:11.728277: | b6 ea 86 b1 47 d8 46 9e cf 78 82 13 4b ad 98 93
- Mar 30 11:11:11.728280: | b1 98 ee 47
- Mar 30 11:11:11.728283: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:11.728286: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:11.728366: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:11.728371: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:11.728375: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.728379: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.728383: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.728386: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.728389: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.728393: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.728396: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.728402: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:11.728405: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:11.728409: | checking if this is a replacement state
- Mar 30 11:11:11.728412: | st=0x562b2d5567b8 ost=0x562b2d555bd8 st->serialno=#5 ost->serialno=#4
- Mar 30 11:11:11.728417: "l2tp-psk"[4] 93.46.124.104 #5: keeping refhim=0 during rekey
- Mar 30 11:11:11.728420: | installing outgoing SA now as refhim=0
- Mar 30 11:11:11.728424: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:11.728428: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:11.728432: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:11.728437: | setting IPsec SA replay-window to 32
- Mar 30 11:11:11.728440: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:11.728445: | netlink: enabling transport mode
- Mar 30 11:11:11.728450: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:11.728453: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:11.728457: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:11.728461: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:11.728554: | netlink response for Add SA esp.7d0c024c@93.46.124.104 included non-error error
- Mar 30 11:11:11.728560: | outgoing SA has refhim=0
- Mar 30 11:11:11.728564: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:11.728568: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:11.728571: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:11.728575: | setting IPsec SA replay-window to 32
- Mar 30 11:11:11.728584: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:11.728587: | netlink: enabling transport mode
- Mar 30 11:11:11.728592: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:11.728595: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:11.728598: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:11.728602: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:11.728662: | netlink response for Add SA esp.36fdd548@10.68.154.105 included non-error error
- Mar 30 11:11:11.728671: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:11.728674: | no IKEv1 message padding required
- Mar 30 11:11:11.728677: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:11.728692: | finished processing quick inI1
- Mar 30 11:11:11.728696: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.728703: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.728706: | #5 is idle
- Mar 30 11:11:11.728710: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.728714: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:11.728718: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:11.728721: | event_already_set, deleting event
- Mar 30 11:11:11.728725: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:11.728729: | libevent_free: delref ptr-libevent@0x562b2d5546a8
- Mar 30 11:11:11.728733: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d553ed8
- Mar 30 11:11:11.728739: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:11.728747: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #5)
- Mar 30 11:11:11.728751: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:11.728754: | 5d 82 98 78 08 10 20 01 00 00 00 02 00 00 00 bc
- Mar 30 11:11:11.728757: | 2f 1c 35 9a 71 dc 5c df a8 34 6b 98 87 2b 74 ed
- Mar 30 11:11:11.728760: | 69 49 17 cd 9e 9a 66 13 0f bc c2 73 c7 a6 66 e9
- Mar 30 11:11:11.728763: | 2a 6e 10 f8 76 80 64 15 25 9b 8e ee 3f 54 99 8d
- Mar 30 11:11:11.728766: | c4 71 3a be 67 ca 67 24 59 3a 9f 9a 32 8c 0f 51
- Mar 30 11:11:11.728769: | 25 42 d2 a3 33 61 11 ba 76 3b 84 3b 82 da 63 b4
- Mar 30 11:11:11.728772: | 39 93 34 a0 9c 1e 9c be 91 01 12 fa 6b 28 6d 0c
- Mar 30 11:11:11.728775: | 0c 3c c8 47 1d 98 26 f3 49 0f b0 88 f6 ec e1 df
- Mar 30 11:11:11.728778: | 11 d9 ed ae 38 54 dd b3 a0 8d 2f 18 14 f8 9e df
- Mar 30 11:11:11.728782: | 6b 53 91 70 26 b7 a2 39 7e b5 16 ff cc 57 0c f5
- Mar 30 11:11:11.728785: | 7b 37 b2 5f 18 eb 42 52 9b b7 96 cc 42 3e 07 78
- Mar 30 11:11:11.728851: | !event_already_set at reschedule
- Mar 30 11:11:11.728858: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d553ed8
- Mar 30 11:11:11.728863: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5
- Mar 30 11:11:11.728867: | libevent_malloc: newref ptr-libevent@0x562b2d554758 size 128
- Mar 30 11:11:11.728873: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5630.154088
- Mar 30 11:11:11.728876: | pstats #5 ikev1.ipsec established
- Mar 30 11:11:11.728882: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:11.728885: | NAT-T: encaps is 'yes'
- Mar 30 11:11:11.728893: "l2tp-psk"[4] 93.46.124.104 #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x7d0c024c <0x36fdd548 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:11.728897: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.728900: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.728903: | releasing #5's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:11.728912: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:11.728917: | resume sending helper answer for #5 suppresed complete_v1_state_transition()
- Mar 30 11:11:11.728926: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:11.728930: | libevent_free: delref ptr-libevent@0x7f3a440014b8
- Mar 30 11:11:11.768700: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.768737: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.768741: | 08 10 20 01 00 00 00 02 00 00 00 3c 5b a0 9f 34
- Mar 30 11:11:11.768744: | 7b 0a 2c 45 bc 47 e0 91 d3 5f ef b9 f0 78 74 3e
- Mar 30 11:11:11.768747: | ac 28 dc 3a 73 d4 43 7b 5b 9f 07 0c
- Mar 30 11:11:11.768754: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.768762: | **parse ISAKMP Message:
- Mar 30 11:11:11.768768: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.768773: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.768777: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.768781: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.768784: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:11.768788: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.768794: | Message ID: 2 (00 00 00 02)
- Mar 30 11:11:11.768798: | length: 60 (00 00 00 3c)
- Mar 30 11:11:11.768802: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:11.768809: | State DB: found IKEv1 state #5 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:11.768818: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:11.768823: | #5 is idle
- Mar 30 11:11:11.768826: | #5 idle
- Mar 30 11:11:11.768831: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.768882: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:11.768887: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.768891: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.768895: | length: 24 (00 18)
- Mar 30 11:11:11.768898: | removing 8 bytes of padding
- Mar 30 11:11:11.768932: | quick_inI2 HASH(3):
- Mar 30 11:11:11.768936: | b6 58 ae 95 7d b7 0e 49 05 5e 17 2d c7 b4 6f 70
- Mar 30 11:11:11.768939: | 4b 1f 36 6a
- Mar 30 11:11:11.768943: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:11.768949: | install_ipsec_sa() for #5: outbound only
- Mar 30 11:11:11.768954: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:11.768958: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.768961: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.768965: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.768968: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.768972: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.768976: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.768979: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.768985: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:11.768990: | sr for #5: erouted
- Mar 30 11:11:11.768994: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:11.768997: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:11.769000: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.769004: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.769007: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.769010: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.769014: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:11.769017: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:11.769034: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:11.769042: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #5
- Mar 30 11:11:11.769067: | we are replacing an eroute
- Mar 30 11:11:11.769074: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:11.769088: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.7d0c024c@93.46.124.104>esp.7d0c024c@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:11.769098: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:11.769104: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:11.769109: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:11.769143: | raw_eroute result=success
- Mar 30 11:11:11.769149: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:11.769156: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #5 (was #4) (newest_ipsec_sa=#4)
- Mar 30 11:11:11.769164: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #5 (was #4) (spd.eroute=#5) cloned from #3
- Mar 30 11:11:11.769169: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:11.769174: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:11.769178: | complete v1 state transition with STF_OK
- Mar 30 11:11:11.769187: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:11.769191: | #5 is idle
- Mar 30 11:11:11.769196: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:11.769200: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:11.769207: | child state #5: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:11.769211: | event_already_set, deleting event
- Mar 30 11:11:11.769216: | state #5 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:11.769221: | #5 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:11.769238: | libevent_free: delref ptr-libevent@0x562b2d554758
- Mar 30 11:11:11.769253: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d553ed8
- Mar 30 11:11:11.769266: | !event_already_set at reschedule
- Mar 30 11:11:11.769278: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554928
- Mar 30 11:11:11.769290: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #5
- Mar 30 11:11:11.769303: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
- Mar 30 11:11:11.769317: | pstats #5 ikev1.ipsec established
- Mar 30 11:11:11.769340: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:11.769351: | NAT-T: encaps is 'yes'
- Mar 30 11:11:11.769375: "l2tp-psk"[4] 93.46.124.104 #5: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x7d0c024c <0x36fdd548 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:11.769383: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:11.769387: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:11.769392: | releasing #5's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:11.769397: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:11.769406: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.769415: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.769420: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:11.769454: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:11.769463: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.769471: | 08 10 05 01 13 c9 90 86 00 00 00 4c f8 ba ae 16
- Mar 30 11:11:11.769482: | f5 09 a2 34 34 16 25 cf ba 0e 59 ef 65 87 4d 4c
- Mar 30 11:11:11.769486: | 94 f1 cc 9f d2 23 a1 ac ba bc c8 b9 e5 ab c0 10
- Mar 30 11:11:11.769490: | e9 30 49 86 a9 be 21 8f e8 a7 64 a2
- Mar 30 11:11:11.769498: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:11.769516: | **parse ISAKMP Message:
- Mar 30 11:11:11.769529: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.769541: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.769547: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:11.769552: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.769557: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:11.769562: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.769568: | Message ID: 331976838 (13 c9 90 86)
- Mar 30 11:11:11.769575: | length: 76 (00 00 00 4c)
- Mar 30 11:11:11.769584: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:11.769596: | peer and cookies match on #5; msgid=00000000 st_msgid=00000002 st_v1_msgid.phase15=00000000
- Mar 30 11:11:11.769604: | peer and cookies match on #4; msgid=00000000 st_msgid=00000001 st_v1_msgid.phase15=00000000
- Mar 30 11:11:11.769612: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:11.769620: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:11.769629: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:11.769640: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:11.769668: | #3 is idle
- Mar 30 11:11:11.769672: | #3 idle
- Mar 30 11:11:11.769677: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:11.769693: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:11.769697: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:11.769700: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:11.769704: | length: 24 (00 18)
- Mar 30 11:11:11.769708: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:11.769712: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:11.769715: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.769719: | length: 16 (00 10)
- Mar 30 11:11:11.769722: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.769726: | protocol ID: 3 (03)
- Mar 30 11:11:11.769729: | SPI size: 4 (04)
- Mar 30 11:11:11.769733: | number of SPIs: 1 (00 01)
- Mar 30 11:11:11.769736: | removing 8 bytes of padding
- Mar 30 11:11:11.769762: | informational HASH(1):
- Mar 30 11:11:11.769768: | 60 dd 2f 84 c3 5b 6e 34 ad bf a7 4a f9 91 71 2f
- Mar 30 11:11:11.769772: | d9 9a c8 67
- Mar 30 11:11:11.769777: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:11.769782: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:11.769787: | SPI
- Mar 30 11:11:11.769792: | a3 48 a1 7c
- Mar 30 11:11:11.769796: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:11.769805: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:11.769813: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0xa348a17c) payload: deleting IPsec State #4
- Mar 30 11:11:11.769819: | pstats #4 ikev1.ipsec deleted completed
- Mar 30 11:11:11.769828: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:11.769835: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:11.769842: "l2tp-psk"[4] 93.46.124.104 #4: deleting other state #4 (STATE_QUICK_R2) aged 0.142s and sending notification
- Mar 30 11:11:11.769846: | child state #4: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:11.769852: | get_sa_info esp.a348a17c@93.46.124.104
- Mar 30 11:11:11.769874: | get_sa_info esp.6912e15@10.68.154.105
- Mar 30 11:11:11.769885: "l2tp-psk"[4] 93.46.124.104 #4: ESP traffic information: in=0B out=0B
- Mar 30 11:11:11.769891: | unsuspending #4 MD (nil)
- Mar 30 11:11:11.769896: | #4 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:11.769901: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:11.769919: | **emit ISAKMP Message:
- Mar 30 11:11:11.769936: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:11.769943: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:11.769947: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.769952: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:11.769957: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:11.769961: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:11.769967: | Message ID: 1948207599 (74 1f 49 ef)
- Mar 30 11:11:11.769972: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:11.769977: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:11.769989: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.769998: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:11.770003: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:11.770008: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:11.770013: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:11.770018: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:11.770023: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:11.770027: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:11.770035: | protocol ID: 3 (03)
- Mar 30 11:11:11.770048: | SPI size: 4 (04)
- Mar 30 11:11:11.770054: | number of SPIs: 1 (00 01)
- Mar 30 11:11:11.770059: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:11.770063: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:11.770069: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:11.770073: | delete payload: 06 91 2e 15
- Mar 30 11:11:11.770078: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:11.770108: | send delete HASH(1):
- Mar 30 11:11:11.770115: | 27 3b bc 59 6f 6e 4c 0f 44 e5 56 53 c6 19 b6 92
- Mar 30 11:11:11.770118: | db 1b d3 15
- Mar 30 11:11:11.770130: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:11.770135: | no IKEv1 message padding required
- Mar 30 11:11:11.770139: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:11.770163: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:11.770170: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:11.770175: | 5d 82 98 78 08 10 05 01 74 1f 49 ef 00 00 00 4c
- Mar 30 11:11:11.770179: | 28 f4 5b f1 26 b6 7d 03 33 01 a3 9c 75 b2 00 d7
- Mar 30 11:11:11.770183: | 83 15 79 74 8d 2d d0 b6 be 04 bd 31 05 bd d8 92
- Mar 30 11:11:11.770187: | bb ee bf 56 ae 7b e2 05 84 7d b5 de 99 c3 09 ca
- Mar 30 11:11:11.770275: | state #4 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:11.770289: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:11.770295: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d5566a8
- Mar 30 11:11:11.770304: | delete esp.a348a17c@93.46.124.104
- Mar 30 11:11:11.770310: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:11.770351: | netlink response for Del SA esp.a348a17c@93.46.124.104 included non-error error
- Mar 30 11:11:11.770362: | delete esp.6912e15@10.68.154.105
- Mar 30 11:11:11.770367: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:11.770386: | netlink response for Del SA esp.6912e15@10.68.154.105 included non-error error
- Mar 30 11:11:11.770399: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:11.770404: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:11.770409: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:11.770413: | connection is instance
- Mar 30 11:11:11.770418: | not in pending use
- Mar 30 11:11:11.770423: | State DB: found state #5 in QUICK_R2 (connection_discard)
- Mar 30 11:11:11.770437: | states still using this connection instance, retaining
- Mar 30 11:11:11.770442: | State DB: deleting IKEv1 state #4 in QUICK_R2
- Mar 30 11:11:11.770453: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:11.770459: | releasing #4's fd-fd@(nil) because deleting state
- Mar 30 11:11:11.770464: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:11.770473: | stop processing: state #4 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:11.770482: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:11.770495: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:11.770500: | del:
- Mar 30 11:11:11.770505: |
- Mar 30 11:11:11.770513: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:11.770522: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:11.770532: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:11.770537: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:14.693743: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:14.693858: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.693874: | 08 10 20 01 00 00 00 03 00 00 01 bc 55 78 c2 45
- Mar 30 11:11:14.693883: | 9c 23 55 75 5b a7 da ef 2a 26 9a 18 2d cc d2 92
- Mar 30 11:11:14.693891: | 46 25 e7 48 16 67 ac e8 cd 89 c8 3a 57 19 f1 71
- Mar 30 11:11:14.693898: | 70 25 44 73 18 97 98 75 9d a9 4f 31 f5 f3 59 e6
- Mar 30 11:11:14.693907: | 28 8c f4 da 21 9c d2 84 b3 7d 30 9a 0d d4 6c 48
- Mar 30 11:11:14.693914: | 0f 4a 77 ed 7f ed 80 9a ad 77 1e 52 ec c7 ed d5
- Mar 30 11:11:14.693921: | 65 6f b5 12 69 30 23 60 20 22 c2 67 b4 88 80 95
- Mar 30 11:11:14.693929: | bf 49 9c 8b c6 87 85 41 f6 eb 55 f5 c5 f2 8b 2b
- Mar 30 11:11:14.693936: | d5 e7 de 61 13 c9 7b 0c 2b 29 e1 0d 58 ee 4f 14
- Mar 30 11:11:14.693943: | 75 fe a0 14 36 25 34 ee ba 85 81 e1 34 41 d3 e4
- Mar 30 11:11:14.693951: | bc f2 6f 2d ac 37 0d 30 9e 9b fd 6e 73 68 9c ed
- Mar 30 11:11:14.693958: | 7a c6 00 38 93 12 8d 0e 35 c7 24 3b 42 9d 37 98
- Mar 30 11:11:14.693966: | 07 a3 cc f8 5b d6 c5 ac c8 da b4 6e dc 80 44 99
- Mar 30 11:11:14.693973: | 29 4c 44 6b e3 0d 79 4f db fd 4b 97 ff 3a f1 e4
- Mar 30 11:11:14.693980: | 12 b5 75 2e 45 ea 31 ac 66 1e ba ff e7 4f 0d 4d
- Mar 30 11:11:14.693988: | 97 a2 c4 9e 74 e0 50 be df d1 2a 7a ef 48 df 95
- Mar 30 11:11:14.693995: | 86 83 25 c5 6d 66 69 a2 f2 2f aa 73 40 05 f8 2a
- Mar 30 11:11:14.694001: | 9a f5 d4 bd 53 77 65 95 07 af 9b ea aa a4 d8 4b
- Mar 30 11:11:14.694009: | 5b 79 e8 c0 6a a3 30 90 46 55 40 33 6a 9b ec 1b
- Mar 30 11:11:14.694017: | b4 be 37 4b 11 92 d7 62 07 c4 50 8a 3e 64 6a a9
- Mar 30 11:11:14.694024: | 9f 83 2f 2b 35 d6 97 f3 e6 5d 58 11 e6 e4 f7 9f
- Mar 30 11:11:14.694031: | cf 02 6e f5 f6 84 34 07 05 8c fa 24 bf 8a ae 6b
- Mar 30 11:11:14.694038: | 38 7d ee 54 5b 50 22 40 6c 68 4c 5d 54 66 2e d1
- Mar 30 11:11:14.694045: | b8 fa ca 63 f7 e8 54 05 f2 82 7d 72 38 0d fc fc
- Mar 30 11:11:14.694052: | ea 5f 4a 5d 41 57 93 a3 e2 a8 75 19 fb 9e c9 a5
- Mar 30 11:11:14.694059: | 56 d7 61 71 d9 8f 7b 80 5f b4 c5 27 86 d9 a6 81
- Mar 30 11:11:14.694066: | 33 c3 b9 0d 5b 25 df 2a c7 f6 9c 41
- Mar 30 11:11:14.694081: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:14.694096: | **parse ISAKMP Message:
- Mar 30 11:11:14.694110: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:14.694122: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.694131: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:14.694140: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:14.694163: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:14.694206: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:14.694225: | Message ID: 3 (00 00 00 03)
- Mar 30 11:11:14.694245: | length: 444 (00 00 01 bc)
- Mar 30 11:11:14.694254: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:14.694267: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:14.694276: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:14.694294: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:14.694387: | #3 is idle
- Mar 30 11:11:14.694410: | #3 idle
- Mar 30 11:11:14.694423: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:14.694465: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:14.694489: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:14.694504: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:14.694513: | length: 24 (00 18)
- Mar 30 11:11:14.694521: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:14.694530: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:14.694537: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:14.694562: | length: 280 (01 18)
- Mar 30 11:11:14.694580: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:14.694597: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:14.694606: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:14.694612: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:14.694670: | length: 52 (00 34)
- Mar 30 11:11:14.694678: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:14.694685: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:14.694690: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:14.694696: | length: 12 (00 0c)
- Mar 30 11:11:14.694702: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.694707: | Protocol ID: 17 (11)
- Mar 30 11:11:14.694713: | port: 1701 (06 a5)
- Mar 30 11:11:14.694719: | obj:
- Mar 30 11:11:14.694724: | c0 a8 01 65
- Mar 30 11:11:14.694729: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:14.694735: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:14.694740: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:14.694746: | length: 12 (00 0c)
- Mar 30 11:11:14.694751: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.694756: | Protocol ID: 17 (11)
- Mar 30 11:11:14.694763: | port: 1701 (06 a5)
- Mar 30 11:11:14.694768: | obj:
- Mar 30 11:11:14.694773: | 33 9e 40 c9
- Mar 30 11:11:14.694778: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:14.694784: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:14.694789: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:14.694795: | length: 12 (00 0c)
- Mar 30 11:11:14.694800: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.694805: | obj:
- Mar 30 11:11:14.694809: | c0 a8 01 65
- Mar 30 11:11:14.694815: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:14.694820: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:14.694825: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.694831: | length: 12 (00 0c)
- Mar 30 11:11:14.694836: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.694841: | obj:
- Mar 30 11:11:14.694846: | 33 9e 40 c9
- Mar 30 11:11:14.694851: | removing 12 bytes of padding
- Mar 30 11:11:14.694908: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:14.694914: | 17 de d3 45 8a 31 6d 1e 0e c6 de a6 12 61 77 b2
- Mar 30 11:11:14.694919: | fa 56 3c 1c
- Mar 30 11:11:14.695045: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:14.695063: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:14.695068: | ID address
- Mar 30 11:11:14.695073: | c0 a8 01 65
- Mar 30 11:11:14.695083: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:14.695092: | peer client is 192.168.1.101/32
- Mar 30 11:11:14.695115: | peer client protocol/port is 17/1701
- Mar 30 11:11:14.695121: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:14.695126: | ID address
- Mar 30 11:11:14.695130: | 33 9e 40 c9
- Mar 30 11:11:14.695137: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:14.695144: | our client is 51.158.64.201/32
- Mar 30 11:11:14.695149: | our client protocol/port is 17/1701
- Mar 30 11:11:14.695194: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
- Mar 30 11:11:14.695273: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:14.695291: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:14.695302: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
- Mar 30 11:11:14.695315: | match_id a=192.168.1.101
- Mar 30 11:11:14.695323: | b=192.168.1.101
- Mar 30 11:11:14.695329: | results matched
- Mar 30 11:11:14.695349: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
- Mar 30 11:11:14.695358: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:14.695364: | fc_try concluding with none [0]
- Mar 30 11:11:14.695369: | fc_try l2tp-psk gives none
- Mar 30 11:11:14.695380: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:14.695389: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
- Mar 30 11:11:14.695396: | match_id a=192.168.1.101
- Mar 30 11:11:14.695402: | b=(none)
- Mar 30 11:11:14.695407: | results matched
- Mar 30 11:11:14.695423: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:14.695433: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:14.695442: | match_id a=192.168.1.101
- Mar 30 11:11:14.695448: | b=(none)
- Mar 30 11:11:14.695455: | results matched
- Mar 30 11:11:14.695462: | fc_try concluding with none [0]
- Mar 30 11:11:14.695473: | match_id a=192.168.1.101
- Mar 30 11:11:14.695479: | b=(none)
- Mar 30 11:11:14.695484: | results matched
- Mar 30 11:11:14.695501: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:14.695511: | match_id a=192.168.1.101
- Mar 30 11:11:14.695518: | b=(none)
- Mar 30 11:11:14.695524: | results matched
- Mar 30 11:11:14.695530: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:14.695535: | concluding with d = none
- Mar 30 11:11:14.695543: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:14.695549: | client wildcard: no port wildcard: no virtual: no
- Mar 30 11:11:14.695556: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:14.695564: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:14.695570: | NAT-OA:
- Mar 30 11:11:14.695575: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:14.695580: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:14.695585: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:14.695590: | c0 a8 01 65
- Mar 30 11:11:14.695597: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:14.695609: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:14.695615: | creating state object #6 at 0x562b2d555bd8
- Mar 30 11:11:14.695622: | State DB: adding IKEv1 state #6 in UNDEFINED
- Mar 30 11:11:14.695644: | pstats #6 ikev1.ipsec started
- Mar 30 11:11:14.695655: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #6 for IPSEC SA
- Mar 30 11:11:14.695667: | #6 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:14.695696: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:14.695708: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:14.695714: | switching MD.ST from #3 to CHILD #6; ulgh
- Mar 30 11:11:14.695721: | child state #6: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:14.695728: | ****parse IPsec DOI SIT:
- Mar 30 11:11:14.695734: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:14.695741: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:14.695747: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:14.695756: | length: 56 (00 38)
- Mar 30 11:11:14.695762: | proposal number: 1 (01)
- Mar 30 11:11:14.695767: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:14.695773: | SPI size: 4 (04)
- Mar 30 11:11:14.695778: | number of transforms: 1 (01)
- Mar 30 11:11:14.695784: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:14.695815: | SPI
- Mar 30 11:11:14.695821: | 02 7c 20 b8
- Mar 30 11:11:14.695827: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:14.695834: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:14.695840: | length: 56 (00 38)
- Mar 30 11:11:14.695846: | proposal number: 2 (02)
- Mar 30 11:11:14.695851: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:14.695857: | SPI size: 4 (04)
- Mar 30 11:11:14.695862: | number of transforms: 1 (01)
- Mar 30 11:11:14.695869: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:14.695874: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.695880: | length: 44 (00 2c)
- Mar 30 11:11:14.695885: | ESP transform number: 1 (01)
- Mar 30 11:11:14.695891: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:14.695898: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.695904: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:14.695910: | length/value: 4 (00 04)
- Mar 30 11:11:14.695916: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:14.695923: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:14.695928: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.695934: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:14.695940: | length/value: 256 (01 00)
- Mar 30 11:11:14.695945: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.695950: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:14.695956: | length/value: 2 (00 02)
- Mar 30 11:11:14.695962: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:14.695968: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.695973: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:14.695979: | length/value: 1 (00 01)
- Mar 30 11:11:14.695984: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:14.695989: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696120: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:14.696132: | length/value: 4 (00 04)
- Mar 30 11:11:14.696138: | long duration: 3600
- Mar 30 11:11:14.696143: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696149: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:14.696155: | length/value: 2 (00 02)
- Mar 30 11:11:14.696160: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:14.696165: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696170: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:14.696176: | length/value: 4 (00 04)
- Mar 30 11:11:14.696181: | long duration: 250000
- Mar 30 11:11:14.696188: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:14.696202: | adding quick_outI1 KE work-order 8 for state #6
- Mar 30 11:11:14.696209: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5566a8
- Mar 30 11:11:14.696216: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6
- Mar 30 11:11:14.696226: | libevent_malloc: newref ptr-libevent@0x562b2d554758 size 128
- Mar 30 11:11:14.696279: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:14.696295: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:14.696302: | suspending state #6 and saving MD 0x562b2d551f08
- Mar 30 11:11:14.696307: | #6 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:14.696321: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:14.696334: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:14.696344: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:14.696345: | crypto helper 0 resuming
- Mar 30 11:11:14.696373: | crypto helper 0 starting work-order 8 for state #6
- Mar 30 11:11:14.696384: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 8
- Mar 30 11:11:14.696418: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 8 time elapsed 0.000036 seconds
- Mar 30 11:11:14.696426: | crypto helper 0 sending results from work-order 8 for state #6 to event queue
- Mar 30 11:11:14.696433: | scheduling resume sending helper answer for #6
- Mar 30 11:11:14.696443: | libevent_malloc: newref ptr-libevent@0x7f3a3c002f08 size 128
- Mar 30 11:11:14.696469: | crypto helper 0 waiting (nothing to do)
- Mar 30 11:11:14.696493: | processing resume sending helper answer for #6
- Mar 30 11:11:14.696511: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:14.696519: | unsuspending #6 MD 0x562b2d551f08
- Mar 30 11:11:14.696525: | crypto helper 0 replies to request ID 8
- Mar 30 11:11:14.696530: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:14.696536: | quick_inI1_outR1_cryptocontinue1 for #6: calculated ke+nonce, calculating DH
- Mar 30 11:11:14.696556: | **emit ISAKMP Message:
- Mar 30 11:11:14.696564: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:14.696572: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.696579: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.696585: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:14.696590: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:14.696596: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:14.696603: | Message ID: 3 (00 00 00 03)
- Mar 30 11:11:14.696609: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:14.696615: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:14.696620: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.696626: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:14.696632: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:14.696638: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:14.696644: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:14.696649: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:14.696654: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:14.696659: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:14.696665: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:14.696671: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:14.696676: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:14.696682: | ****parse IPsec DOI SIT:
- Mar 30 11:11:14.696687: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:14.696693: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:14.696698: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:14.696715: | length: 56 (00 38)
- Mar 30 11:11:14.696721: | proposal number: 1 (01)
- Mar 30 11:11:14.696726: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:14.696731: | SPI size: 4 (04)
- Mar 30 11:11:14.696737: | number of transforms: 1 (01)
- Mar 30 11:11:14.696742: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:14.696747: | SPI
- Mar 30 11:11:14.696752: | 02 7c 20 b8
- Mar 30 11:11:14.696757: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:14.696763: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:14.696769: | length: 56 (00 38)
- Mar 30 11:11:14.696774: | proposal number: 2 (02)
- Mar 30 11:11:14.696779: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:14.696785: | SPI size: 4 (04)
- Mar 30 11:11:14.696790: | number of transforms: 1 (01)
- Mar 30 11:11:14.696796: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:14.696801: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.696807: | length: 44 (00 2c)
- Mar 30 11:11:14.696812: | ESP transform number: 1 (01)
- Mar 30 11:11:14.696817: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:14.696823: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696829: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:14.696834: | length/value: 4 (00 04)
- Mar 30 11:11:14.696840: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:14.696846: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:14.696851: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696856: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:14.696862: | length/value: 256 (01 00)
- Mar 30 11:11:14.696868: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696873: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:14.696879: | length/value: 2 (00 02)
- Mar 30 11:11:14.696884: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:14.696889: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696895: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:14.696900: | length/value: 1 (00 01)
- Mar 30 11:11:14.696905: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:14.696911: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696916: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:14.696922: | length/value: 4 (00 04)
- Mar 30 11:11:14.696927: | long duration: 3600
- Mar 30 11:11:14.696932: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696937: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:14.696943: | length/value: 2 (00 02)
- Mar 30 11:11:14.696982: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:14.696988: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:14.696993: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:14.696999: | length/value: 4 (00 04)
- Mar 30 11:11:14.697004: | long duration: 250000
- Mar 30 11:11:14.697010: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:14.697015: | ****emit IPsec DOI SIT:
- Mar 30 11:11:14.697020: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:14.697026: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:14.697031: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.697037: | proposal number: 1 (01)
- Mar 30 11:11:14.697042: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:14.697047: | SPI size: 4 (04)
- Mar 30 11:11:14.697053: | number of transforms: 1 (01)
- Mar 30 11:11:14.697058: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:14.697133: | netlink_get_spi: allocated 0xd887d60a for esp.0@10.68.154.105
- Mar 30 11:11:14.697142: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:14.697149: | SPI: d8 87 d6 0a
- Mar 30 11:11:14.697154: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:14.697159: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.697165: | ESP transform number: 1 (01)
- Mar 30 11:11:14.697171: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:14.697185: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:14.697201: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:14.697212: | attributes:
- Mar 30 11:11:14.697217: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:14.697222: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:14.697227: | 00 03 d0 90
- Mar 30 11:11:14.697232: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:14.697244: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:14.697250: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:14.697256: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:14.697261: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:14.697271: "l2tp-psk"[4] 93.46.124.104 #6: responding to Quick Mode proposal {msgid:00000003}
- Mar 30 11:11:14.697286: "l2tp-psk"[4] 93.46.124.104 #6: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:14.697297: "l2tp-psk"[4] 93.46.124.104 #6: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:14.697303: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:14.697308: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:14.697314: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:14.697319: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:14.697325: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:14.697330: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:14.697335: | Nr:
- Mar 30 11:11:14.697341: | b3 ba ab 0b 9a 20 53 3c e2 32 e4 49 04 d8 40 23
- Mar 30 11:11:14.697345: | 8a a4 52 32 75 09 ab d5 c6 1a 37 a7 a1 27 ab 75
- Mar 30 11:11:14.697351: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:14.697356: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:14.697361: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:14.697366: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.697372: | Protocol ID: 17 (11)
- Mar 30 11:11:14.697378: | port: 1701 (06 a5)
- Mar 30 11:11:14.697384: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:14.697390: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:14.697395: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:14.697401: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:14.697407: | ID body: c0 a8 01 65
- Mar 30 11:11:14.697412: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:14.697418: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:14.697423: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.697428: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:14.697433: | Protocol ID: 17 (11)
- Mar 30 11:11:14.697439: | port: 1701 (06 a5)
- Mar 30 11:11:14.697444: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:14.697450: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:14.697456: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:14.697462: | ID body: 33 9e 40 c9
- Mar 30 11:11:14.697467: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:14.697534: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:14.697542: | f6 5a 92 55 b1 12 76 86 3b 98 fd c9 e6 f0 17 c1
- Mar 30 11:11:14.697546: | 66 7e 92 6a
- Mar 30 11:11:14.697552: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:14.697557: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:14.697684: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:14.697693: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:14.697700: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:14.697706: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.697711: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.697717: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.697722: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.697728: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.697733: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.697743: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:14.697749: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:14.697754: | checking if this is a replacement state
- Mar 30 11:11:14.697760: | st=0x562b2d555bd8 ost=0x562b2d5567b8 st->serialno=#6 ost->serialno=#5
- Mar 30 11:11:14.697768: "l2tp-psk"[4] 93.46.124.104 #6: keeping refhim=0 during rekey
- Mar 30 11:11:14.697773: | installing outgoing SA now as refhim=0
- Mar 30 11:11:14.697780: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:14.697786: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:14.697793: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:14.697800: | setting IPsec SA replay-window to 32
- Mar 30 11:11:14.697806: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:14.697813: | netlink: enabling transport mode
- Mar 30 11:11:14.697821: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:14.697827: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:14.697833: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:14.697840: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:14.697982: | netlink response for Add SA esp.27c20b8@93.46.124.104 included non-error error
- Mar 30 11:11:14.697994: | outgoing SA has refhim=0
- Mar 30 11:11:14.698003: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:14.698010: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:14.698018: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:14.698027: | setting IPsec SA replay-window to 32
- Mar 30 11:11:14.698034: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:14.698041: | netlink: enabling transport mode
- Mar 30 11:11:14.698050: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:14.698092: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:14.698100: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:14.698121: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:14.698197: | netlink response for Add SA esp.d887d60a@10.68.154.105 included non-error error
- Mar 30 11:11:14.698208: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:14.698214: | no IKEv1 message padding required
- Mar 30 11:11:14.698219: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:14.698249: | finished processing quick inI1
- Mar 30 11:11:14.698255: | complete v1 state transition with STF_OK
- Mar 30 11:11:14.698267: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:14.698273: | #6 is idle
- Mar 30 11:11:14.698279: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:14.698310: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:14.698346: | child state #6: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:14.698353: | event_already_set, deleting event
- Mar 30 11:11:14.698359: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:14.698368: | libevent_free: delref ptr-libevent@0x562b2d554758
- Mar 30 11:11:14.698375: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5566a8
- Mar 30 11:11:14.698387: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:14.698413: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #6)
- Mar 30 11:11:14.698432: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:14.698439: | 5d 82 98 78 08 10 20 01 00 00 00 03 00 00 00 bc
- Mar 30 11:11:14.698445: | 07 5c e7 d3 7f 48 dc f4 e6 30 27 53 be f8 89 78
- Mar 30 11:11:14.698452: | c9 a2 82 13 48 96 a6 82 8c 18 9f b0 27 ba e9 0e
- Mar 30 11:11:14.698462: | d2 cd 86 25 31 b0 ef 3f 42 a8 d0 b5 0b 02 cc 82
- Mar 30 11:11:14.698485: | 7a 83 32 f0 90 c2 d2 5e df 3c 35 22 ad 3b 9f cf
- Mar 30 11:11:14.698491: | ad a3 ff b4 3c e6 67 55 ff 3f 40 48 dc f6 6d 2d
- Mar 30 11:11:14.698498: | 4a fe 16 4b c8 38 23 cb ce 2f c1 69 a1 4a c5 92
- Mar 30 11:11:14.698505: | 5f a9 f4 bb 48 e0 aa e5 46 41 48 60 b9 5a 46 3b
- Mar 30 11:11:14.698510: | 05 0e b8 7f 20 ad 2c 2a ad 1e 36 99 a7 07 b3 f3
- Mar 30 11:11:14.698529: | 62 06 8c 60 8d 5c a9 92 12 f3 bd 2e a6 a8 4b e9
- Mar 30 11:11:14.698537: | a9 60 7b 01 93 06 61 74 95 b4 33 de 9a 89 05 97
- Mar 30 11:11:14.698655: | !event_already_set at reschedule
- Mar 30 11:11:14.698679: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d5566a8
- Mar 30 11:11:14.698687: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6
- Mar 30 11:11:14.698694: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:14.698706: | #6 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5633.123906
- Mar 30 11:11:14.698714: | pstats #6 ikev1.ipsec established
- Mar 30 11:11:14.698728: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:14.698738: | NAT-T: encaps is 'yes'
- Mar 30 11:11:14.698753: "l2tp-psk"[4] 93.46.124.104 #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x027c20b8 <0xd887d60a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:14.698762: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:14.698768: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:14.698774: | releasing #6's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:14.698780: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:14.698790: | resume sending helper answer for #6 suppresed complete_v1_state_transition()
- Mar 30 11:11:14.698807: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:14.698814: | libevent_free: delref ptr-libevent@0x7f3a3c002f08
- Mar 30 11:11:14.739188: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:14.739247: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.739252: | 08 10 20 01 00 00 00 03 00 00 00 3c 71 43 bd d7
- Mar 30 11:11:14.739258: | 5f 81 01 7d 14 63 a6 a6 3e 5b c5 9a ce 18 3a 23
- Mar 30 11:11:14.739263: | e3 d9 72 a6 80 4e 5b 21 85 e5 33 b6
- Mar 30 11:11:14.739274: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:14.739284: | **parse ISAKMP Message:
- Mar 30 11:11:14.739294: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:14.739302: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.739308: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:14.739314: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:14.739346: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:14.739353: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:14.739361: | Message ID: 3 (00 00 00 03)
- Mar 30 11:11:14.739368: | length: 60 (00 00 00 3c)
- Mar 30 11:11:14.739375: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:14.739386: | State DB: found IKEv1 state #6 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:14.739400: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:14.739409: | #6 is idle
- Mar 30 11:11:14.739416: | #6 idle
- Mar 30 11:11:14.739426: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:14.739497: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:14.739509: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:14.739516: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.739554: | length: 24 (00 18)
- Mar 30 11:11:14.739562: | removing 8 bytes of padding
- Mar 30 11:11:14.739630: | quick_inI2 HASH(3):
- Mar 30 11:11:14.739642: | d9 4e f8 02 72 ef 9f 6e 8b 10 dc 1f 6f b4 a9 ea
- Mar 30 11:11:14.739649: | 81 98 8c 00
- Mar 30 11:11:14.739658: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:14.739674: | install_ipsec_sa() for #6: outbound only
- Mar 30 11:11:14.739683: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:14.739691: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:14.739699: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739706: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739712: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739721: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739728: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739769: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739785: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:14.739810: | sr for #6: erouted
- Mar 30 11:11:14.739820: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:14.739829: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:14.739836: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739844: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739863: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739873: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739880: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:14.739887: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:14.739898: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:14.739924: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #6
- Mar 30 11:11:14.739934: | we are replacing an eroute
- Mar 30 11:11:14.739942: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:14.739966: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.27c20b8@93.46.124.104>esp.27c20b8@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:14.739992: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:14.740084: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:14.740100: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:14.740169: | raw_eroute result=success
- Mar 30 11:11:14.740182: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:14.740195: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #6 (was #5) (newest_ipsec_sa=#5)
- Mar 30 11:11:14.740214: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #6 (was #5) (spd.eroute=#6) cloned from #3
- Mar 30 11:11:14.740224: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:14.740231: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:14.740239: | complete v1 state transition with STF_OK
- Mar 30 11:11:14.740343: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:14.740359: | #6 is idle
- Mar 30 11:11:14.740377: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:14.740397: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:14.740441: | child state #6: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:14.740454: | event_already_set, deleting event
- Mar 30 11:11:14.740462: | state #6 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:14.740470: | #6 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:14.740490: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:14.740501: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d5566a8
- Mar 30 11:11:14.740509: | !event_already_set at reschedule
- Mar 30 11:11:14.740519: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554998
- Mar 30 11:11:14.740530: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #6
- Mar 30 11:11:14.740542: | libevent_malloc: newref ptr-libevent@0x562b2d554878 size 128
- Mar 30 11:11:14.740552: | pstats #6 ikev1.ipsec established
- Mar 30 11:11:14.740567: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:14.740574: | NAT-T: encaps is 'yes'
- Mar 30 11:11:14.740591: "l2tp-psk"[4] 93.46.124.104 #6: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x027c20b8 <0xd887d60a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:14.740601: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:14.740609: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:14.740616: | releasing #6's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:14.740624: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:14.740660: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:14.740681: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:14.740692: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:14.740760: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:14.740777: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.740784: | 08 10 05 01 29 3d 26 c9 00 00 00 4c 70 ab 38 56
- Mar 30 11:11:14.740790: | 0e b7 e1 d8 80 37 0d 18 99 d0 8a b7 0d 58 80 d6
- Mar 30 11:11:14.740797: | c1 91 c4 f5 9e 77 c7 da 12 22 08 bd 19 96 39 c3
- Mar 30 11:11:14.740804: | ca 96 4f c1 43 5e 06 4d 80 1a 22 87
- Mar 30 11:11:14.740816: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:14.740828: | **parse ISAKMP Message:
- Mar 30 11:11:14.740840: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:14.740850: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.740858: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:14.740865: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:14.740872: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:14.740879: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:14.740889: | Message ID: 691873481 (29 3d 26 c9)
- Mar 30 11:11:14.740899: | length: 76 (00 00 00 4c)
- Mar 30 11:11:14.740907: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:14.740919: | peer and cookies match on #6; msgid=00000000 st_msgid=00000003 st_v1_msgid.phase15=00000000
- Mar 30 11:11:14.740927: | peer and cookies match on #5; msgid=00000000 st_msgid=00000002 st_v1_msgid.phase15=00000000
- Mar 30 11:11:14.740935: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:14.740942: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:14.740951: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:14.740986: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:14.741048: | #3 is idle
- Mar 30 11:11:14.741060: | #3 idle
- Mar 30 11:11:14.741070: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:14.741107: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:14.741118: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:14.741125: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:14.741133: | length: 24 (00 18)
- Mar 30 11:11:14.741141: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:14.741149: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:14.741157: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.741166: | length: 16 (00 10)
- Mar 30 11:11:14.741173: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:14.741180: | protocol ID: 3 (03)
- Mar 30 11:11:14.741187: | SPI size: 4 (04)
- Mar 30 11:11:14.741194: | number of SPIs: 1 (00 01)
- Mar 30 11:11:14.741200: | removing 8 bytes of padding
- Mar 30 11:11:14.741257: | informational HASH(1):
- Mar 30 11:11:14.741267: | 91 b9 90 c7 fb ce 48 c4 bd bf c0 b2 95 55 7c 2f
- Mar 30 11:11:14.741273: | f9 ff f1 a5
- Mar 30 11:11:14.741280: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:14.741288: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:14.741296: | SPI
- Mar 30 11:11:14.741302: | 7d 0c 02 4c
- Mar 30 11:11:14.741309: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:14.741325: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:14.741339: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x7d0c024c) payload: deleting IPsec State #5
- Mar 30 11:11:14.741350: | pstats #5 ikev1.ipsec deleted completed
- Mar 30 11:11:14.741364: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:14.741377: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:14.741392: "l2tp-psk"[4] 93.46.124.104 #5: deleting other state #5 (STATE_QUICK_R2) aged 3.014s and sending notification
- Mar 30 11:11:14.741401: | child state #5: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:14.741415: | get_sa_info esp.7d0c024c@93.46.124.104
- Mar 30 11:11:14.741475: | get_sa_info esp.36fdd548@10.68.154.105
- Mar 30 11:11:14.741505: "l2tp-psk"[4] 93.46.124.104 #5: ESP traffic information: in=0B out=0B
- Mar 30 11:11:14.741517: | unsuspending #5 MD (nil)
- Mar 30 11:11:14.741527: | #5 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:14.741536: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:14.741555: | **emit ISAKMP Message:
- Mar 30 11:11:14.741568: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:14.741578: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:14.741585: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.741592: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:14.741600: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:14.741608: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:14.741618: | Message ID: 1248724098 (4a 6e 04 82)
- Mar 30 11:11:14.741625: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:14.741634: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:14.741641: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.741648: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:14.741656: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:14.741665: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:14.741672: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:14.741680: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:14.741687: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:14.741712: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:14.741722: | protocol ID: 3 (03)
- Mar 30 11:11:14.741729: | SPI size: 4 (04)
- Mar 30 11:11:14.741738: | number of SPIs: 1 (00 01)
- Mar 30 11:11:14.741777: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:14.741790: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:14.741800: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:14.741809: | delete payload: 36 fd d5 48
- Mar 30 11:11:14.741817: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:14.741872: | send delete HASH(1):
- Mar 30 11:11:14.741886: | 44 2b 94 5d a0 62 38 37 3a 74 6c ed ba f3 f9 04
- Mar 30 11:11:14.741893: | 60 10 68 01
- Mar 30 11:11:14.741915: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:14.741926: | no IKEv1 message padding required
- Mar 30 11:11:14.741933: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:14.741969: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:14.741982: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:14.742031: | 5d 82 98 78 08 10 05 01 4a 6e 04 82 00 00 00 4c
- Mar 30 11:11:14.742044: | 91 62 77 30 0f f8 fd bd 31 c4 95 d0 c8 77 b4 ae
- Mar 30 11:11:14.742050: | 98 1d 96 25 b4 20 34 e0 00 92 4f ee e3 f3 9c 5a
- Mar 30 11:11:14.742056: | 53 94 15 d5 b1 45 ff bd c5 bd a0 cb 6b 8e a0 d7
- Mar 30 11:11:14.742217: | state #5 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:14.742242: | libevent_free: delref ptr-libevent@0x562b2d5545b8
- Mar 30 11:11:14.742250: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554928
- Mar 30 11:11:14.742263: | delete esp.7d0c024c@93.46.124.104
- Mar 30 11:11:14.742271: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:14.742343: | netlink response for Del SA esp.7d0c024c@93.46.124.104 included non-error error
- Mar 30 11:11:14.742369: | delete esp.36fdd548@10.68.154.105
- Mar 30 11:11:14.742377: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:14.742413: | netlink response for Del SA esp.36fdd548@10.68.154.105 included non-error error
- Mar 30 11:11:14.742436: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:14.742444: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:14.742450: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:14.742454: | connection is instance
- Mar 30 11:11:14.742460: | not in pending use
- Mar 30 11:11:14.742466: | State DB: found state #6 in QUICK_R2 (connection_discard)
- Mar 30 11:11:14.742471: | states still using this connection instance, retaining
- Mar 30 11:11:14.742477: | State DB: deleting IKEv1 state #5 in QUICK_R2
- Mar 30 11:11:14.742488: | child state #5: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:14.742495: | releasing #5's fd-fd@(nil) because deleting state
- Mar 30 11:11:14.742501: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:14.742511: | stop processing: state #5 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:14.742522: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:14.742537: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:14.742543: | del:
- Mar 30 11:11:14.742548: |
- Mar 30 11:11:14.742559: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:14.742570: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:14.742582: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:14.742588: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:18.713508: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:18.713554: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.713561: | 08 10 20 01 00 00 00 04 00 00 01 bc 32 0f f1 79
- Mar 30 11:11:18.713567: | 46 4e b6 7e 6e 6e 16 c0 95 b7 d1 63 da 74 cf a3
- Mar 30 11:11:18.713573: | ec 5c d6 78 a1 4f f8 a9 50 20 15 ed f1 86 09 62
- Mar 30 11:11:18.713579: | d6 5a 45 59 8f 60 57 07 d5 5a 97 17 b9 98 fb d8
- Mar 30 11:11:18.713584: | f5 dc 6c 04 30 00 fe 92 73 b2 6e 9e 71 73 9b ad
- Mar 30 11:11:18.713590: | 6f f2 66 72 74 41 73 e7 f6 02 ec f5 4a 04 8d 89
- Mar 30 11:11:18.713595: | 4a 3f 89 15 2b ac e1 ae 39 fb 4f 30 1f c4 5e 46
- Mar 30 11:11:18.713601: | df b2 b1 cd 62 7b a0 48 6e 07 8c c3 2d e7 62 ed
- Mar 30 11:11:18.713606: | 48 93 6d 09 97 65 9e 2f c4 1d bf 93 9f 65 12 73
- Mar 30 11:11:18.713611: | c6 2a b1 e5 5c 60 f8 3a 03 87 ad 79 4e 30 21 ff
- Mar 30 11:11:18.713617: | 8e b3 1b 66 e1 02 f3 9e a8 14 27 2b 95 51 9d e9
- Mar 30 11:11:18.713622: | 6b b3 e4 f9 e5 47 11 ac f8 b3 85 7f cc 46 5a 1c
- Mar 30 11:11:18.713628: | 1e 0d 96 5b c4 24 4f 9f 38 18 68 09 1a 5b ab 98
- Mar 30 11:11:18.713633: | ea d8 cb 63 38 96 79 85 bb ee 56 a9 50 43 af 06
- Mar 30 11:11:18.713638: | 67 e2 cf f9 5e 0c cc 15 05 24 1d 59 c1 c6 14 fa
- Mar 30 11:11:18.713643: | fb b1 58 cf 7c 2c b0 2b 94 15 64 3e 79 27 70 0d
- Mar 30 11:11:18.713649: | f4 81 8e fa 4c e6 05 f4 e7 1b e6 13 5a 0a 2c 87
- Mar 30 11:11:18.713654: | 79 3c b3 a9 91 6c f2 9b 54 29 7f 57 e3 62 62 eb
- Mar 30 11:11:18.713659: | ea e7 d3 74 28 7c 5c ab d8 c2 bc 25 14 b0 8e 70
- Mar 30 11:11:18.713665: | c1 5d 8a ed 7c 3b 7c e7 07 9d c8 ef 19 c8 9b 9f
- Mar 30 11:11:18.713670: | 3a 84 f5 40 7b b4 f7 21 96 ff 50 47 7f d4 7e 7d
- Mar 30 11:11:18.713675: | 42 0c 05 81 5a 75 3b 4e 9d 29 df ce 3c 56 84 2b
- Mar 30 11:11:18.713680: | 27 47 a1 b7 0f 8e 8f f1 b5 83 c3 a9 f5 30 b9 59
- Mar 30 11:11:18.713686: | bd f6 f2 6c a3 ac 6d 41 af 58 aa 1f 26 4f 6c 8b
- Mar 30 11:11:18.713691: | 89 a3 7a 8d 5f 58 52 22 51 70 51 f3 fc 5f 10 48
- Mar 30 11:11:18.713696: | 95 b2 7c d3 c2 9f cd 17 34 c4 7e ad aa 52 ad 23
- Mar 30 11:11:18.713701: | 7e e3 a0 02 f5 5e 59 ef 7d c6 bb 94
- Mar 30 11:11:18.713713: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:18.713723: | **parse ISAKMP Message:
- Mar 30 11:11:18.713733: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:18.713742: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.713748: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:18.713754: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:18.713761: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:18.713768: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:18.713776: | Message ID: 4 (00 00 00 04)
- Mar 30 11:11:18.713784: | length: 444 (00 00 01 bc)
- Mar 30 11:11:18.713791: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:18.713819: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:18.713828: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:18.713842: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:18.713889: | #3 is idle
- Mar 30 11:11:18.713895: | #3 idle
- Mar 30 11:11:18.713907: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:18.713948: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:18.713971: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:18.713980: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:18.713991: | length: 24 (00 18)
- Mar 30 11:11:18.713999: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:18.714009: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:18.714021: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:18.714060: | length: 280 (01 18)
- Mar 30 11:11:18.714071: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:18.714080: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:18.714089: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:18.714097: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:18.714114: | length: 52 (00 34)
- Mar 30 11:11:18.714122: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:18.714132: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:18.714140: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:18.714148: | length: 12 (00 0c)
- Mar 30 11:11:18.714154: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.714160: | Protocol ID: 17 (11)
- Mar 30 11:11:18.714167: | port: 1701 (06 a5)
- Mar 30 11:11:18.714172: | obj:
- Mar 30 11:11:18.714178: | c0 a8 01 65
- Mar 30 11:11:18.714184: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:18.714190: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:18.714196: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:18.714202: | length: 12 (00 0c)
- Mar 30 11:11:18.714208: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.714214: | Protocol ID: 17 (11)
- Mar 30 11:11:18.714220: | port: 1701 (06 a5)
- Mar 30 11:11:18.714226: | obj:
- Mar 30 11:11:18.714231: | 33 9e 40 c9
- Mar 30 11:11:18.714237: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:18.714244: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:18.714249: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:18.714256: | length: 12 (00 0c)
- Mar 30 11:11:18.714261: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.714267: | obj:
- Mar 30 11:11:18.714272: | c0 a8 01 65
- Mar 30 11:11:18.714278: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:18.714284: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:18.714290: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.714296: | length: 12 (00 0c)
- Mar 30 11:11:18.714302: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.714307: | obj:
- Mar 30 11:11:18.714313: | 33 9e 40 c9
- Mar 30 11:11:18.714318: | removing 12 bytes of padding
- Mar 30 11:11:18.714373: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:18.714379: | a6 ad 83 48 bf 32 ea 94 71 f8 ba a7 7f 22 d5 1d
- Mar 30 11:11:18.714385: | 0f e6 99 84
- Mar 30 11:11:18.714391: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:18.714403: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:18.714409: | ID address
- Mar 30 11:11:18.714414: | c0 a8 01 65
- Mar 30 11:11:18.714424: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:18.714433: | peer client is 192.168.1.101/32
- Mar 30 11:11:18.714439: | peer client protocol/port is 17/1701
- Mar 30 11:11:18.714445: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:18.714450: | ID address
- Mar 30 11:11:18.714455: | 33 9e 40 c9
- Mar 30 11:11:18.714463: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:18.714470: | our client is 51.158.64.201/32
- Mar 30 11:11:18.714476: | our client protocol/port is 17/1701
- Mar 30 11:11:18.714490: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
- Mar 30 11:11:18.714498: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:18.714508: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:18.714518: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
- Mar 30 11:11:18.714527: | match_id a=192.168.1.101
- Mar 30 11:11:18.714534: | b=192.168.1.101
- Mar 30 11:11:18.714539: | results matched
- Mar 30 11:11:18.714555: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
- Mar 30 11:11:18.714582: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:18.714588: | fc_try concluding with none [0]
- Mar 30 11:11:18.714594: | fc_try l2tp-psk gives none
- Mar 30 11:11:18.714605: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:18.714615: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
- Mar 30 11:11:18.714623: | match_id a=192.168.1.101
- Mar 30 11:11:18.714629: | b=(none)
- Mar 30 11:11:18.714634: | results matched
- Mar 30 11:11:18.714649: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:18.714658: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:18.714666: | match_id a=192.168.1.101
- Mar 30 11:11:18.714671: | b=(none)
- Mar 30 11:11:18.714676: | results matched
- Mar 30 11:11:18.714682: | fc_try concluding with none [0]
- Mar 30 11:11:18.714689: | match_id a=192.168.1.101
- Mar 30 11:11:18.714694: | b=(none)
- Mar 30 11:11:18.714699: | results matched
- Mar 30 11:11:18.714713: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:18.714720: | match_id a=192.168.1.101
- Mar 30 11:11:18.714726: | b=(none)
- Mar 30 11:11:18.714731: | results matched
- Mar 30 11:11:18.714736: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:18.714742: | concluding with d = none
- Mar 30 11:11:18.714750: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:18.714756: | client wildcard: no port wildcard: no virtual: no
- Mar 30 11:11:18.714763: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:18.714771: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:18.714777: | NAT-OA:
- Mar 30 11:11:18.714782: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:18.714788: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:18.714794: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:18.714799: | c0 a8 01 65
- Mar 30 11:11:18.714806: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:18.714817: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:18.714823: | creating state object #7 at 0x562b2d556758
- Mar 30 11:11:18.714830: | State DB: adding IKEv1 state #7 in UNDEFINED
- Mar 30 11:11:18.714839: | pstats #7 ikev1.ipsec started
- Mar 30 11:11:18.714847: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #7 for IPSEC SA
- Mar 30 11:11:18.714857: | #7 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:18.714870: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:18.714881: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:18.714887: | switching MD.ST from #3 to CHILD #7; ulgh
- Mar 30 11:11:18.714894: | child state #7: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:18.714901: | ****parse IPsec DOI SIT:
- Mar 30 11:11:18.714908: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:18.714915: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:18.714920: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:18.715030: | length: 56 (00 38)
- Mar 30 11:11:18.715040: | proposal number: 1 (01)
- Mar 30 11:11:18.715046: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:18.715052: | SPI size: 4 (04)
- Mar 30 11:11:18.715058: | number of transforms: 1 (01)
- Mar 30 11:11:18.715065: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:18.715070: | SPI
- Mar 30 11:11:18.715075: | 5a ad 8c 94
- Mar 30 11:11:18.715081: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:18.715096: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:18.715103: | length: 56 (00 38)
- Mar 30 11:11:18.715109: | proposal number: 2 (02)
- Mar 30 11:11:18.715115: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:18.715121: | SPI size: 4 (04)
- Mar 30 11:11:18.715127: | number of transforms: 1 (01)
- Mar 30 11:11:18.715133: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:18.715139: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.715146: | length: 44 (00 2c)
- Mar 30 11:11:18.715152: | ESP transform number: 1 (01)
- Mar 30 11:11:18.715157: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:18.715165: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715171: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:18.715177: | length/value: 4 (00 04)
- Mar 30 11:11:18.715184: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:18.715191: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:18.715197: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715203: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:18.715210: | length/value: 256 (01 00)
- Mar 30 11:11:18.715216: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715221: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:18.715228: | length/value: 2 (00 02)
- Mar 30 11:11:18.715234: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:18.715240: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715246: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:18.715252: | length/value: 1 (00 01)
- Mar 30 11:11:18.715258: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:18.715264: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715270: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:18.715276: | length/value: 4 (00 04)
- Mar 30 11:11:18.715282: | long duration: 3600
- Mar 30 11:11:18.715288: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715294: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:18.715300: | length/value: 2 (00 02)
- Mar 30 11:11:18.715306: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:18.715311: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715317: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:18.715323: | length/value: 4 (00 04)
- Mar 30 11:11:18.715329: | long duration: 250000
- Mar 30 11:11:18.715336: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:18.715349: | adding quick_outI1 KE work-order 9 for state #7
- Mar 30 11:11:18.715357: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
- Mar 30 11:11:18.715364: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7
- Mar 30 11:11:18.715373: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
- Mar 30 11:11:18.715391: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:18.715403: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:18.715409: | suspending state #7 and saving MD 0x562b2d551f08
- Mar 30 11:11:18.715415: | #7 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:18.715427: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:18.715437: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:18.715444: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:18.715467: | crypto helper 1 resuming
- Mar 30 11:11:18.715476: | crypto helper 1 starting work-order 9 for state #7
- Mar 30 11:11:18.715483: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 9
- Mar 30 11:11:18.715516: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 9 time elapsed 0.000024 seconds
- Mar 30 11:11:18.715547: | crypto helper 1 sending results from work-order 9 for state #7 to event queue
- Mar 30 11:11:18.715556: | scheduling resume sending helper answer for #7
- Mar 30 11:11:18.715585: | libevent_malloc: newref ptr-libevent@0x7f3a440020b8 size 128
- Mar 30 11:11:18.715602: | crypto helper 1 waiting (nothing to do)
- Mar 30 11:11:18.715622: | processing resume sending helper answer for #7
- Mar 30 11:11:18.715635: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:18.715643: | unsuspending #7 MD 0x562b2d551f08
- Mar 30 11:11:18.715649: | crypto helper 1 replies to request ID 9
- Mar 30 11:11:18.715654: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:18.715660: | quick_inI1_outR1_cryptocontinue1 for #7: calculated ke+nonce, calculating DH
- Mar 30 11:11:18.715678: | **emit ISAKMP Message:
- Mar 30 11:11:18.715687: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:18.715695: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.715701: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.715706: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:18.715712: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:18.715718: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:18.715726: | Message ID: 4 (00 00 00 04)
- Mar 30 11:11:18.715732: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:18.715739: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:18.715744: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.715751: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:18.715757: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:18.715764: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:18.715769: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:18.715775: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:18.715781: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:18.715787: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:18.715793: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:18.715799: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:18.715805: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:18.715811: | ****parse IPsec DOI SIT:
- Mar 30 11:11:18.715817: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:18.715824: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:18.715829: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:18.715836: | length: 56 (00 38)
- Mar 30 11:11:18.715842: | proposal number: 1 (01)
- Mar 30 11:11:18.715847: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:18.715854: | SPI size: 4 (04)
- Mar 30 11:11:18.715860: | number of transforms: 1 (01)
- Mar 30 11:11:18.715866: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:18.715871: | SPI
- Mar 30 11:11:18.715876: | 5a ad 8c 94
- Mar 30 11:11:18.715882: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:18.715888: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:18.715894: | length: 56 (00 38)
- Mar 30 11:11:18.715901: | proposal number: 2 (02)
- Mar 30 11:11:18.715906: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:18.715912: | SPI size: 4 (04)
- Mar 30 11:11:18.715918: | number of transforms: 1 (01)
- Mar 30 11:11:18.715925: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:18.715930: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.715937: | length: 44 (00 2c)
- Mar 30 11:11:18.715943: | ESP transform number: 1 (01)
- Mar 30 11:11:18.715948: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:18.715955: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.715960: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:18.715974: | length/value: 4 (00 04)
- Mar 30 11:11:18.715981: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:18.715987: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:18.716058: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716070: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:18.716076: | length/value: 256 (01 00)
- Mar 30 11:11:18.716082: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716088: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:18.716094: | length/value: 2 (00 02)
- Mar 30 11:11:18.716100: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:18.716106: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716112: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:18.716118: | length/value: 1 (00 01)
- Mar 30 11:11:18.716124: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:18.716130: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716135: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:18.716142: | length/value: 4 (00 04)
- Mar 30 11:11:18.716148: | long duration: 3600
- Mar 30 11:11:18.716153: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716159: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:18.716165: | length/value: 2 (00 02)
- Mar 30 11:11:18.716171: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:18.716177: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:18.716182: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:18.716189: | length/value: 4 (00 04)
- Mar 30 11:11:18.716228: | long duration: 250000
- Mar 30 11:11:18.716245: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:18.716254: | ****emit IPsec DOI SIT:
- Mar 30 11:11:18.716263: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:18.716278: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:18.716298: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.716308: | proposal number: 1 (01)
- Mar 30 11:11:18.716317: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:18.716327: | SPI size: 4 (04)
- Mar 30 11:11:18.716338: | number of transforms: 1 (01)
- Mar 30 11:11:18.716348: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:18.716399: | netlink_get_spi: allocated 0xff264c8d for esp.0@10.68.154.105
- Mar 30 11:11:18.716409: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:18.716416: | SPI: ff 26 4c 8d
- Mar 30 11:11:18.716422: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:18.716427: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.716434: | ESP transform number: 1 (01)
- Mar 30 11:11:18.716439: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:18.716445: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:18.716452: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:18.716458: | attributes:
- Mar 30 11:11:18.716464: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:18.716470: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:18.716475: | 00 03 d0 90
- Mar 30 11:11:18.716481: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:18.716486: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:18.716492: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:18.716498: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:18.716504: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:18.716516: "l2tp-psk"[4] 93.46.124.104 #7: responding to Quick Mode proposal {msgid:00000004}
- Mar 30 11:11:18.716531: "l2tp-psk"[4] 93.46.124.104 #7: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:18.716543: "l2tp-psk"[4] 93.46.124.104 #7: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:18.716560: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:18.716566: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:18.716573: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:18.716579: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:18.716613: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:18.716636: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:18.716644: | Nr:
- Mar 30 11:11:18.716651: | a7 fa 3a 8d 65 06 12 c7 e7 61 d8 ab 97 0c eb 11
- Mar 30 11:11:18.716675: | 7f 3a 03 f5 77 ab 71 f7 de a9 2d 6d 55 ed 59 04
- Mar 30 11:11:18.716682: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:18.716690: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:18.716699: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:18.716708: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.716717: | Protocol ID: 17 (11)
- Mar 30 11:11:18.716728: | port: 1701 (06 a5)
- Mar 30 11:11:18.716735: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:18.716743: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:18.716765: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:18.716780: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:18.716812: | ID body: c0 a8 01 65
- Mar 30 11:11:18.716819: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:18.716826: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:18.716835: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.716842: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:18.716852: | Protocol ID: 17 (11)
- Mar 30 11:11:18.716862: | port: 1701 (06 a5)
- Mar 30 11:11:18.716871: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:18.716878: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:18.716889: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:18.716897: | ID body: 33 9e 40 c9
- Mar 30 11:11:18.716904: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:18.716977: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:18.716991: | ed b1 3a 1d 81 1d 7f 64 d2 7f 14 57 6a c6 5e bb
- Mar 30 11:11:18.716997: | 4d 07 cf b5
- Mar 30 11:11:18.717005: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:18.717012: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:18.717182: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:18.717202: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:18.717212: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:18.717221: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.717229: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.717237: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.717245: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.717252: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.717258: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.717271: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:18.717277: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:18.717284: | checking if this is a replacement state
- Mar 30 11:11:18.717305: | st=0x562b2d556758 ost=0x562b2d555bd8 st->serialno=#7 ost->serialno=#6
- Mar 30 11:11:18.717314: "l2tp-psk"[4] 93.46.124.104 #7: keeping refhim=0 during rekey
- Mar 30 11:11:18.717320: | installing outgoing SA now as refhim=0
- Mar 30 11:11:18.717328: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:18.717335: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:18.717341: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:18.717350: | setting IPsec SA replay-window to 32
- Mar 30 11:11:18.717356: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:18.717364: | netlink: enabling transport mode
- Mar 30 11:11:18.717373: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:18.717380: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:18.717386: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:18.717392: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:18.717519: | netlink response for Add SA esp.5aad8c94@93.46.124.104 included non-error error
- Mar 30 11:11:18.717530: | outgoing SA has refhim=0
- Mar 30 11:11:18.717536: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:18.717542: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:18.717548: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:18.717556: | setting IPsec SA replay-window to 32
- Mar 30 11:11:18.717562: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:18.717568: | netlink: enabling transport mode
- Mar 30 11:11:18.717576: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:18.717582: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:18.717588: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:18.717593: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:18.717657: | netlink response for Add SA esp.ff264c8d@10.68.154.105 included non-error error
- Mar 30 11:11:18.717668: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:18.717675: | no IKEv1 message padding required
- Mar 30 11:11:18.717680: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:18.717708: | finished processing quick inI1
- Mar 30 11:11:18.717716: | complete v1 state transition with STF_OK
- Mar 30 11:11:18.717729: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:18.717735: | #7 is idle
- Mar 30 11:11:18.717742: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:18.717749: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:18.717757: | child state #7: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:18.717763: | event_already_set, deleting event
- Mar 30 11:11:18.717769: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:18.717778: | libevent_free: delref ptr-libevent@0x562b2d5545b8
- Mar 30 11:11:18.717785: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
- Mar 30 11:11:18.717795: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:18.717810: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #7)
- Mar 30 11:11:18.717816: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:18.717822: | 5d 82 98 78 08 10 20 01 00 00 00 04 00 00 00 bc
- Mar 30 11:11:18.717827: | 97 c5 5f a8 dc 88 3a 87 1c 46 f8 60 e0 93 4e 9c
- Mar 30 11:11:18.717832: | f1 d7 a8 c2 9e 7d 11 46 be 12 ff a9 cb 30 a2 f7
- Mar 30 11:11:18.717837: | ed 9e d7 65 bb 5a 87 0a e7 0b 54 a9 70 5c cc c4
- Mar 30 11:11:18.717843: | 1b 42 fe 1c f6 81 2f 91 29 45 10 42 b7 4a 26 05
- Mar 30 11:11:18.717848: | 0e 1f 18 4d bf 2c ba 36 39 1b 01 02 c8 4d f9 b9
- Mar 30 11:11:18.717865: | 1b 98 a1 5c f5 fd c4 94 82 e8 6f 58 7e 91 0d d6
- Mar 30 11:11:18.717871: | 71 fc 13 6e 6f 4b 0a 01 26 57 f9 89 61 49 a9 6b
- Mar 30 11:11:18.717876: | ae 8f f4 37 23 53 d7 42 c8 bc 09 86 4e 97 09 93
- Mar 30 11:11:18.717881: | d9 b4 40 d0 f1 cc c7 8a 11 b1 84 9d 55 0b 9e b7
- Mar 30 11:11:18.717887: | 32 10 70 58 62 75 b3 76 4d cf 77 a7 5d b0 f9 7a
- Mar 30 11:11:18.717977: | !event_already_set at reschedule
- Mar 30 11:11:18.717990: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d555938
- Mar 30 11:11:18.717998: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7
- Mar 30 11:11:18.718025: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:18.718060: | #7 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5637.143219
- Mar 30 11:11:18.718074: | pstats #7 ikev1.ipsec established
- Mar 30 11:11:18.718095: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:18.718104: | NAT-T: encaps is 'yes'
- Mar 30 11:11:18.718119: "l2tp-psk"[4] 93.46.124.104 #7: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x5aad8c94 <0xff264c8d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:18.718126: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:18.718132: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:18.718138: | releasing #7's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:18.718144: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:18.718153: | resume sending helper answer for #7 suppresed complete_v1_state_transition()
- Mar 30 11:11:18.718170: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:18.718178: | libevent_free: delref ptr-libevent@0x7f3a440020b8
- Mar 30 11:11:18.792225: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:18.792272: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.792281: | 08 10 20 01 00 00 00 04 00 00 00 3c cb d5 3a e9
- Mar 30 11:11:18.792288: | 52 c6 37 1a 2d 44 27 d6 b3 b4 7e c3 35 14 5c 70
- Mar 30 11:11:18.792295: | a7 64 e4 9c fc 53 3e d9 ba 14 ea 3e
- Mar 30 11:11:18.792307: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:18.792319: | **parse ISAKMP Message:
- Mar 30 11:11:18.792330: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:18.792340: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.792348: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:18.792356: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:18.792363: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:18.792371: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:18.792381: | Message ID: 4 (00 00 00 04)
- Mar 30 11:11:18.792390: | length: 60 (00 00 00 3c)
- Mar 30 11:11:18.792398: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:18.792409: | State DB: found IKEv1 state #7 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:18.792425: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:18.792433: | #7 is idle
- Mar 30 11:11:18.792439: | #7 idle
- Mar 30 11:11:18.792448: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:18.792503: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:18.792513: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:18.792520: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.792528: | length: 24 (00 18)
- Mar 30 11:11:18.792534: | removing 8 bytes of padding
- Mar 30 11:11:18.792590: | quick_inI2 HASH(3):
- Mar 30 11:11:18.792599: | cb ad 1f 73 37 1b 91 1c 9b 8a 57 97 9f 94 63 84
- Mar 30 11:11:18.792605: | f4 3e 40 32
- Mar 30 11:11:18.792612: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:18.792644: | install_ipsec_sa() for #7: outbound only
- Mar 30 11:11:18.792653: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:18.792661: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:18.792669: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792676: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792683: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792690: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792698: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792705: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792718: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:18.792726: | sr for #7: erouted
- Mar 30 11:11:18.792733: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:18.792739: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:18.792746: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792753: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792760: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792766: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792773: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:18.792780: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:18.792791: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:18.792799: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #7
- Mar 30 11:11:18.792805: | we are replacing an eroute
- Mar 30 11:11:18.792813: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:18.792835: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.5aad8c94@93.46.124.104>esp.5aad8c94@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:18.792846: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:18.792854: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:18.792861: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:18.792923: | raw_eroute result=success
- Mar 30 11:11:18.792934: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:18.792945: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #7 (was #6) (newest_ipsec_sa=#6)
- Mar 30 11:11:18.792957: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #7 (was #6) (spd.eroute=#7) cloned from #3
- Mar 30 11:11:18.792964: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:18.792970: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:18.792977: | complete v1 state transition with STF_OK
- Mar 30 11:11:18.792990: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:18.793015: | #7 is idle
- Mar 30 11:11:18.793022: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:18.793028: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:18.793036: | child state #7: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:18.793043: | event_already_set, deleting event
- Mar 30 11:11:18.793050: | state #7 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:18.793057: | #7 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:18.793068: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:18.793076: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d555938
- Mar 30 11:11:18.793084: | !event_already_set at reschedule
- Mar 30 11:11:18.793092: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d54f5c8
- Mar 30 11:11:18.793101: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #7
- Mar 30 11:11:18.793109: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
- Mar 30 11:11:18.793118: | pstats #7 ikev1.ipsec established
- Mar 30 11:11:18.793140: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:18.793147: | NAT-T: encaps is 'yes'
- Mar 30 11:11:18.793162: "l2tp-psk"[4] 93.46.124.104 #7: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x5aad8c94 <0xff264c8d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:18.793170: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:18.793176: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:18.793183: | releasing #7's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:18.793189: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:18.793202: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:18.793216: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:18.793224: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:18.793259: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:18.793268: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.793274: | 08 10 05 01 a6 cb d9 0b 00 00 00 4c 17 30 27 45
- Mar 30 11:11:18.793280: | be 0a 02 21 06 18 80 57 74 fb 6f 66 0c 5d 3b 3f
- Mar 30 11:11:18.793286: | 32 2f 11 10 ff 5b 0a 84 17 11 68 26 1f 74 87 6b
- Mar 30 11:11:18.793292: | 7f 8a 7b f7 5c c1 d4 84 fe 6d 83 8b
- Mar 30 11:11:18.793301: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:18.793308: | **parse ISAKMP Message:
- Mar 30 11:11:18.793318: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:18.793327: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.793333: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:18.793340: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:18.793346: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:18.793353: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:18.793361: | Message ID: 2798377227 (a6 cb d9 0b)
- Mar 30 11:11:18.793368: | length: 76 (00 00 00 4c)
- Mar 30 11:11:18.793376: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:18.793384: | peer and cookies match on #7; msgid=00000000 st_msgid=00000004 st_v1_msgid.phase15=00000000
- Mar 30 11:11:18.793391: | peer and cookies match on #6; msgid=00000000 st_msgid=00000003 st_v1_msgid.phase15=00000000
- Mar 30 11:11:18.793398: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:18.793404: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:18.793411: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:18.793425: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:18.793456: | #3 is idle
- Mar 30 11:11:18.793464: | #3 idle
- Mar 30 11:11:18.793474: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:18.793495: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:18.793502: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:18.793509: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:18.793517: | length: 24 (00 18)
- Mar 30 11:11:18.793524: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:18.793532: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:18.793539: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.793549: | length: 16 (00 10)
- Mar 30 11:11:18.793556: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:18.793563: | protocol ID: 3 (03)
- Mar 30 11:11:18.793571: | SPI size: 4 (04)
- Mar 30 11:11:18.793580: | number of SPIs: 1 (00 01)
- Mar 30 11:11:18.793587: | removing 8 bytes of padding
- Mar 30 11:11:18.793651: | informational HASH(1):
- Mar 30 11:11:18.793664: | 37 db aa 77 7e d9 94 8e 19 f4 01 3d 08 97 6d 6d
- Mar 30 11:11:18.793672: | 94 b9 b1 ea
- Mar 30 11:11:18.793693: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:18.793702: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:18.793709: | SPI
- Mar 30 11:11:18.793716: | 02 7c 20 b8
- Mar 30 11:11:18.793723: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:18.793738: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:18.793751: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x027c20b8) payload: deleting IPsec State #6
- Mar 30 11:11:18.793760: | pstats #6 ikev1.ipsec deleted completed
- Mar 30 11:11:18.793774: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:18.793785: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:18.793798: "l2tp-psk"[4] 93.46.124.104 #6: deleting other state #6 (STATE_QUICK_R2) aged 4.098s and sending notification
- Mar 30 11:11:18.793807: | child state #6: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:18.793821: | get_sa_info esp.27c20b8@93.46.124.104
- Mar 30 11:11:18.793866: | get_sa_info esp.d887d60a@10.68.154.105
- Mar 30 11:11:18.793895: "l2tp-psk"[4] 93.46.124.104 #6: ESP traffic information: in=0B out=0B
- Mar 30 11:11:18.793905: | unsuspending #6 MD (nil)
- Mar 30 11:11:18.793914: | #6 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:18.793922: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:18.793941: | **emit ISAKMP Message:
- Mar 30 11:11:18.793951: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:18.793960: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:18.793969: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.793976: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:18.793983: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:18.793994: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:18.794005: | Message ID: 3210271158 (bf 58 d9 b6)
- Mar 30 11:11:18.794014: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:18.794024: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:18.794031: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.794039: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:18.794046: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:18.794054: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:18.794062: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:18.794069: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:18.794078: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:18.794084: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:18.794091: | protocol ID: 3 (03)
- Mar 30 11:11:18.794099: | SPI size: 4 (04)
- Mar 30 11:11:18.794107: | number of SPIs: 1 (00 01)
- Mar 30 11:11:18.794114: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:18.794121: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:18.794129: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:18.794137: | delete payload: d8 87 d6 0a
- Mar 30 11:11:18.794144: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:18.794207: | send delete HASH(1):
- Mar 30 11:11:18.794221: | c0 3d 20 02 3e f5 b8 4e 49 10 7d 76 14 de fb 78
- Mar 30 11:11:18.794228: | 18 97 4a 5f
- Mar 30 11:11:18.794252: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:18.794260: | no IKEv1 message padding required
- Mar 30 11:11:18.794267: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:18.794298: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:18.794320: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:18.794327: | 5d 82 98 78 08 10 05 01 bf 58 d9 b6 00 00 00 4c
- Mar 30 11:11:18.794333: | 74 02 01 a1 ce da b7 d1 9c 9d c4 3c a1 c6 9b 88
- Mar 30 11:11:18.794340: | 16 0f ba 56 bc bb 0d f5 76 ea f2 a9 54 bc 0e f7
- Mar 30 11:11:18.794346: | e9 9f 5b f2 be 5b 14 96 f7 8f 45 89 e6 2d 9b cf
- Mar 30 11:11:18.794459: | state #6 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:18.794478: | libevent_free: delref ptr-libevent@0x562b2d554878
- Mar 30 11:11:18.794486: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554998
- Mar 30 11:11:18.794500: | delete esp.27c20b8@93.46.124.104
- Mar 30 11:11:18.794509: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:18.794564: | netlink response for Del SA esp.27c20b8@93.46.124.104 included non-error error
- Mar 30 11:11:18.794577: | delete esp.d887d60a@10.68.154.105
- Mar 30 11:11:18.794585: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:18.794610: | netlink response for Del SA esp.d887d60a@10.68.154.105 included non-error error
- Mar 30 11:11:18.794627: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:18.794634: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:18.794641: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:18.794648: | connection is instance
- Mar 30 11:11:18.794655: | not in pending use
- Mar 30 11:11:18.794663: | State DB: found state #7 in QUICK_R2 (connection_discard)
- Mar 30 11:11:18.794670: | states still using this connection instance, retaining
- Mar 30 11:11:18.794678: | State DB: deleting IKEv1 state #6 in QUICK_R2
- Mar 30 11:11:18.794690: | child state #6: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:18.794700: | releasing #6's fd-fd@(nil) because deleting state
- Mar 30 11:11:18.794707: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:18.794719: | stop processing: state #6 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:18.794730: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:18.794743: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:18.794749: | del:
- Mar 30 11:11:18.794753: |
- Mar 30 11:11:18.794763: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:18.794773: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:18.794782: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:18.794787: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:23.347436: | processing global timer EVENT_SHUNT_SCAN
- Mar 30 11:11:23.347493: | checking for aged bare shunts from shunt table to expire
- Mar 30 11:11:26.728628: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:26.728676: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.728683: | 08 10 20 01 00 00 00 05 00 00 01 bc 8a 5f bd f9
- Mar 30 11:11:26.728689: | c7 fe 01 a8 bd 66 fd 94 d0 50 27 55 26 3d 15 7d
- Mar 30 11:11:26.728695: | 9d f9 92 ec c8 dc e7 42 ca 4b d5 cc 14 77 59 4d
- Mar 30 11:11:26.728701: | 6c 74 42 1f 32 ba b0 68 e1 21 05 df 97 1f b7 fe
- Mar 30 11:11:26.728706: | 85 a0 70 8c 2c 9c 28 2f 96 c0 a1 07 eb 34 6a 0a
- Mar 30 11:11:26.728711: | ad 83 55 f8 8f 3b 8c f3 9d a1 d6 1e e7 09 b1 4e
- Mar 30 11:11:26.728717: | 6c b2 de d7 8b fa 06 09 ac 8a 70 59 c0 d6 a9 55
- Mar 30 11:11:26.728722: | c4 06 a6 e4 86 57 04 71 b3 1c f0 84 bf de 0e 7e
- Mar 30 11:11:26.728728: | 9a 5c 76 ed a1 a5 05 11 f0 f7 64 c3 b9 10 e5 ee
- Mar 30 11:11:26.728733: | 6c 1f 67 e0 4c 93 0e 1b 6b df e8 ab af 53 b4 f3
- Mar 30 11:11:26.728738: | 99 aa d8 ae 07 ed e1 2d e3 28 ba e8 fb 01 6f 18
- Mar 30 11:11:26.728744: | 47 c3 17 90 ef 1e bc 7c b3 14 15 90 d5 ec 46 56
- Mar 30 11:11:26.728771: | 78 76 e0 7e f8 c7 5c 51 e5 e9 f4 57 96 25 40 97
- Mar 30 11:11:26.728777: | 2c eb 08 5d 72 38 09 0a a6 41 54 36 e7 98 d2 cb
- Mar 30 11:11:26.728783: | 1f 39 e4 3b af 78 97 2f b1 1b 77 85 0f 2c 9d 08
- Mar 30 11:11:26.728788: | 22 4b 28 c8 25 a5 4a e6 bc e1 8c df 4d 21 b4 88
- Mar 30 11:11:26.728793: | 8c fa 1c aa 2b 92 b3 c9 34 c3 0f a9 25 a3 10 f3
- Mar 30 11:11:26.728799: | 59 00 40 7f ed 19 a3 4b 8f 08 5d 43 1a 55 ee 36
- Mar 30 11:11:26.728804: | ac 6a 4a 34 d7 18 c2 51 d4 35 5e 56 2a 3c 51 ca
- Mar 30 11:11:26.728809: | ce de 27 85 dc e2 86 ca d8 09 ac 69 c3 bf c8 06
- Mar 30 11:11:26.728815: | 7b d8 d5 47 f9 6c bb 5b 11 bc 77 95 19 60 60 74
- Mar 30 11:11:26.728820: | 94 a0 be db 80 45 c7 cb e4 1b 24 95 b8 09 db 96
- Mar 30 11:11:26.728825: | b7 d7 19 d3 8e 3b a6 b6 ac 8a 5a d4 be db bb 70
- Mar 30 11:11:26.728831: | 21 18 0a 76 83 f8 8c ee 8d 99 4d 85 b0 9c fb a4
- Mar 30 11:11:26.728836: | 18 c7 76 e3 fe 6e f8 a4 0c 89 c2 40 36 af 49 a8
- Mar 30 11:11:26.728841: | 37 18 85 ba 42 bd 58 a8 c2 0c fa bd aa 2c ba 6f
- Mar 30 11:11:26.728847: | 93 aa 99 2e 68 50 03 3f 3a 27 ae d9
- Mar 30 11:11:26.728858: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:26.728868: | **parse ISAKMP Message:
- Mar 30 11:11:26.728879: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:26.728887: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.728894: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:26.728901: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:26.728907: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:26.728913: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:26.728922: | Message ID: 5 (00 00 00 05)
- Mar 30 11:11:26.728930: | length: 444 (00 00 01 bc)
- Mar 30 11:11:26.728937: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:26.728946: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:26.728953: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:26.728968: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:26.729015: | #3 is idle
- Mar 30 11:11:26.729021: | #3 idle
- Mar 30 11:11:26.729030: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:26.729057: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:26.729085: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:26.729093: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:26.729100: | length: 24 (00 18)
- Mar 30 11:11:26.729106: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:26.729112: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:26.729119: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:26.729125: | length: 280 (01 18)
- Mar 30 11:11:26.729131: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:26.729137: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:26.729143: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:26.729149: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:26.729156: | length: 52 (00 34)
- Mar 30 11:11:26.729162: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:26.729169: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:26.729175: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:26.729181: | length: 12 (00 0c)
- Mar 30 11:11:26.729187: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.729194: | Protocol ID: 17 (11)
- Mar 30 11:11:26.729200: | port: 1701 (06 a5)
- Mar 30 11:11:26.729206: | obj:
- Mar 30 11:11:26.729211: | c0 a8 01 65
- Mar 30 11:11:26.729217: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:26.729223: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:26.729229: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:26.729243: | length: 12 (00 0c)
- Mar 30 11:11:26.729249: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.729271: | Protocol ID: 17 (11)
- Mar 30 11:11:26.729296: | port: 1701 (06 a5)
- Mar 30 11:11:26.729308: | obj:
- Mar 30 11:11:26.729316: | 33 9e 40 c9
- Mar 30 11:11:26.729324: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:26.729333: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:26.729340: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:26.729349: | length: 12 (00 0c)
- Mar 30 11:11:26.729356: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.729363: | obj:
- Mar 30 11:11:26.729369: | c0 a8 01 65
- Mar 30 11:11:26.729375: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:26.729382: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:26.729389: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.729397: | length: 12 (00 0c)
- Mar 30 11:11:26.729404: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.729411: | obj:
- Mar 30 11:11:26.729418: | 33 9e 40 c9
- Mar 30 11:11:26.729428: | removing 12 bytes of padding
- Mar 30 11:11:26.729500: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:26.729511: | 95 b7 5c 7b d0 18 af ad 0a d5 da e1 e8 08 8d 31
- Mar 30 11:11:26.729532: | c8 36 0b f6
- Mar 30 11:11:26.729548: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:26.729563: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:26.729571: | ID address
- Mar 30 11:11:26.729578: | c0 a8 01 65
- Mar 30 11:11:26.729590: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:26.729600: | peer client is 192.168.1.101/32
- Mar 30 11:11:26.729608: | peer client protocol/port is 17/1701
- Mar 30 11:11:26.729615: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:26.729622: | ID address
- Mar 30 11:11:26.729628: | 33 9e 40 c9
- Mar 30 11:11:26.729638: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:26.729647: | our client is 51.158.64.201/32
- Mar 30 11:11:26.729655: | our client protocol/port is 17/1701
- Mar 30 11:11:26.729672: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
- Mar 30 11:11:26.729679: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:26.729689: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:26.729699: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
- Mar 30 11:11:26.729708: | match_id a=192.168.1.101
- Mar 30 11:11:26.729715: | b=192.168.1.101
- Mar 30 11:11:26.729721: | results matched
- Mar 30 11:11:26.729738: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
- Mar 30 11:11:26.729752: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:26.729777: | fc_try concluding with none [0]
- Mar 30 11:11:26.729788: | fc_try l2tp-psk gives none
- Mar 30 11:11:26.729802: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:26.729816: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
- Mar 30 11:11:26.729827: | match_id a=192.168.1.101
- Mar 30 11:11:26.729834: | b=(none)
- Mar 30 11:11:26.729841: | results matched
- Mar 30 11:11:26.729859: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:26.729872: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:26.729882: | match_id a=192.168.1.101
- Mar 30 11:11:26.729890: | b=(none)
- Mar 30 11:11:26.729896: | results matched
- Mar 30 11:11:26.729901: | fc_try concluding with none [0]
- Mar 30 11:11:26.729909: | match_id a=192.168.1.101
- Mar 30 11:11:26.729929: | b=(none)
- Mar 30 11:11:26.729936: | results matched
- Mar 30 11:11:26.729952: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:26.729965: | match_id a=192.168.1.101
- Mar 30 11:11:26.729971: | b=(none)
- Mar 30 11:11:26.729976: | results matched
- Mar 30 11:11:26.729982: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:26.729987: | concluding with d = none
- Mar 30 11:11:26.729996: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:26.730003: | client wildcard: no port wildcard: no virtual: no
- Mar 30 11:11:26.730009: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:26.730018: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:26.730024: | NAT-OA:
- Mar 30 11:11:26.730030: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:26.730036: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:26.730042: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:26.730047: | c0 a8 01 65
- Mar 30 11:11:26.730054: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:26.730066: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:26.730073: | creating state object #8 at 0x562b2d555bd8
- Mar 30 11:11:26.730080: | State DB: adding IKEv1 state #8 in UNDEFINED
- Mar 30 11:11:26.730098: | pstats #8 ikev1.ipsec started
- Mar 30 11:11:26.730106: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #8 for IPSEC SA
- Mar 30 11:11:26.730116: | #8 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:26.730131: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:26.730142: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:26.730148: | switching MD.ST from #3 to CHILD #8; ulgh
- Mar 30 11:11:26.730155: | child state #8: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:26.730163: | ****parse IPsec DOI SIT:
- Mar 30 11:11:26.730169: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:26.730176: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:26.730182: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:26.730190: | length: 56 (00 38)
- Mar 30 11:11:26.730196: | proposal number: 1 (01)
- Mar 30 11:11:26.730202: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:26.730208: | SPI size: 4 (04)
- Mar 30 11:11:26.730214: | number of transforms: 1 (01)
- Mar 30 11:11:26.730220: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:26.730225: | SPI
- Mar 30 11:11:26.730231: | 87 4d 05 0a
- Mar 30 11:11:26.730237: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:26.730243: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:26.730249: | length: 56 (00 38)
- Mar 30 11:11:26.730255: | proposal number: 2 (02)
- Mar 30 11:11:26.730261: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:26.730267: | SPI size: 4 (04)
- Mar 30 11:11:26.730273: | number of transforms: 1 (01)
- Mar 30 11:11:26.730280: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:26.730285: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.730292: | length: 44 (00 2c)
- Mar 30 11:11:26.730298: | ESP transform number: 1 (01)
- Mar 30 11:11:26.730303: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:26.730311: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730317: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:26.730324: | length/value: 4 (00 04)
- Mar 30 11:11:26.730330: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:26.730337: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:26.730343: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730366: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:26.730391: | length/value: 256 (01 00)
- Mar 30 11:11:26.730400: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730408: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:26.730416: | length/value: 2 (00 02)
- Mar 30 11:11:26.730422: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:26.730429: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730436: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:26.730444: | length/value: 1 (00 01)
- Mar 30 11:11:26.730451: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:26.730458: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730467: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:26.730475: | length/value: 4 (00 04)
- Mar 30 11:11:26.730482: | long duration: 3600
- Mar 30 11:11:26.730490: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730497: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:26.730505: | length/value: 2 (00 02)
- Mar 30 11:11:26.730511: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:26.730519: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.730526: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:26.730534: | length/value: 4 (00 04)
- Mar 30 11:11:26.730542: | long duration: 250000
- Mar 30 11:11:26.730551: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:26.730567: | adding quick_outI1 KE work-order 10 for state #8
- Mar 30 11:11:26.730576: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5546a8
- Mar 30 11:11:26.730583: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8
- Mar 30 11:11:26.730592: | libevent_malloc: newref ptr-libevent@0x562b2d554878 size 128
- Mar 30 11:11:26.730622: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:26.730635: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:26.730642: | suspending state #8 and saving MD 0x562b2d551f08
- Mar 30 11:11:26.730648: | #8 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:26.730661: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:26.730672: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:26.730679: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:26.730686: | crypto helper 0 resuming
- Mar 30 11:11:26.730737: | crypto helper 0 starting work-order 10 for state #8
- Mar 30 11:11:26.730750: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 10
- Mar 30 11:11:26.730806: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 10 time elapsed 0.000059 seconds
- Mar 30 11:11:26.730814: | crypto helper 0 sending results from work-order 10 for state #8 to event queue
- Mar 30 11:11:26.730821: | scheduling resume sending helper answer for #8
- Mar 30 11:11:26.730830: | libevent_malloc: newref ptr-libevent@0x7f3a3c002e58 size 128
- Mar 30 11:11:26.730861: | crypto helper 0 waiting (nothing to do)
- Mar 30 11:11:26.730988: | processing resume sending helper answer for #8
- Mar 30 11:11:26.731017: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:26.731025: | unsuspending #8 MD 0x562b2d551f08
- Mar 30 11:11:26.731031: | crypto helper 0 replies to request ID 10
- Mar 30 11:11:26.731035: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:26.731041: | quick_inI1_outR1_cryptocontinue1 for #8: calculated ke+nonce, calculating DH
- Mar 30 11:11:26.731058: | **emit ISAKMP Message:
- Mar 30 11:11:26.731067: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:26.731074: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.731079: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731085: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:26.731108: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:26.731115: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:26.731122: | Message ID: 5 (00 00 00 05)
- Mar 30 11:11:26.731128: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:26.731134: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:26.731138: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731144: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:26.731149: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:26.731155: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:26.731160: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:26.731164: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:26.731169: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:26.731174: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:26.731179: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:26.731184: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:26.731188: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:26.731206: | ****parse IPsec DOI SIT:
- Mar 30 11:11:26.731213: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:26.731219: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:26.731224: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:26.731230: | length: 56 (00 38)
- Mar 30 11:11:26.731235: | proposal number: 1 (01)
- Mar 30 11:11:26.731240: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:26.731245: | SPI size: 4 (04)
- Mar 30 11:11:26.731250: | number of transforms: 1 (01)
- Mar 30 11:11:26.731255: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:26.731260: | SPI
- Mar 30 11:11:26.731264: | 87 4d 05 0a
- Mar 30 11:11:26.731270: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:26.731274: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:26.731280: | length: 56 (00 38)
- Mar 30 11:11:26.731285: | proposal number: 2 (02)
- Mar 30 11:11:26.731289: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:26.731294: | SPI size: 4 (04)
- Mar 30 11:11:26.731299: | number of transforms: 1 (01)
- Mar 30 11:11:26.731305: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:26.731310: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731316: | length: 44 (00 2c)
- Mar 30 11:11:26.731321: | ESP transform number: 1 (01)
- Mar 30 11:11:26.731325: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:26.731332: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731337: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:26.731342: | length/value: 4 (00 04)
- Mar 30 11:11:26.731348: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:26.731354: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:26.731359: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731364: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:26.731369: | length/value: 256 (01 00)
- Mar 30 11:11:26.731374: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731379: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:26.731384: | length/value: 2 (00 02)
- Mar 30 11:11:26.731389: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:26.731395: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731400: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:26.731405: | length/value: 1 (00 01)
- Mar 30 11:11:26.731410: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:26.731414: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731419: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:26.731431: | length/value: 4 (00 04)
- Mar 30 11:11:26.731436: | long duration: 3600
- Mar 30 11:11:26.731441: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731446: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:26.731452: | length/value: 2 (00 02)
- Mar 30 11:11:26.731456: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:26.731461: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:26.731466: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:26.731472: | length/value: 4 (00 04)
- Mar 30 11:11:26.731476: | long duration: 250000
- Mar 30 11:11:26.731483: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:26.731487: | ****emit IPsec DOI SIT:
- Mar 30 11:11:26.731492: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:26.731497: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:26.731502: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731507: | proposal number: 1 (01)
- Mar 30 11:11:26.731512: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:26.731517: | SPI size: 4 (04)
- Mar 30 11:11:26.731522: | number of transforms: 1 (01)
- Mar 30 11:11:26.731527: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:26.731569: | netlink_get_spi: allocated 0x2c43b193 for esp.0@10.68.154.105
- Mar 30 11:11:26.731576: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:26.731582: | SPI: 2c 43 b1 93
- Mar 30 11:11:26.731586: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:26.731591: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731596: | ESP transform number: 1 (01)
- Mar 30 11:11:26.731600: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:26.731605: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:26.731611: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:26.731615: | attributes:
- Mar 30 11:11:26.731620: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:26.731624: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:26.731629: | 00 03 d0 90
- Mar 30 11:11:26.731634: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:26.731638: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:26.731643: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:26.731648: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:26.731653: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:26.731663: "l2tp-psk"[4] 93.46.124.104 #8: responding to Quick Mode proposal {msgid:00000005}
- Mar 30 11:11:26.731676: "l2tp-psk"[4] 93.46.124.104 #8: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:26.731687: "l2tp-psk"[4] 93.46.124.104 #8: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:26.731692: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:26.731696: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:26.731701: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:26.731707: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:26.731712: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:26.731717: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:26.731721: | Nr:
- Mar 30 11:11:26.731726: | cc 64 cb 63 a9 dd 53 98 46 b3 41 24 ad 32 22 fa
- Mar 30 11:11:26.731731: | 78 30 e5 8d 65 b5 38 98 9c 83 37 ba 38 ca 5a d6
- Mar 30 11:11:26.731735: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:26.731740: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:26.731761: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:26.731773: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.731779: | Protocol ID: 17 (11)
- Mar 30 11:11:26.731784: | port: 1701 (06 a5)
- Mar 30 11:11:26.731789: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:26.731794: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:26.731799: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:26.731804: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:26.731810: | ID body: c0 a8 01 65
- Mar 30 11:11:26.731815: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:26.731819: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:26.731824: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.731828: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:26.731833: | Protocol ID: 17 (11)
- Mar 30 11:11:26.731839: | port: 1701 (06 a5)
- Mar 30 11:11:26.731843: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:26.731848: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:26.731853: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:26.731859: | ID body: 33 9e 40 c9
- Mar 30 11:11:26.731863: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:26.731928: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:26.731935: | a2 97 55 e6 90 8d 72 9f 4b 72 b9 40 47 ee c6 00
- Mar 30 11:11:26.731939: | 16 74 82 33
- Mar 30 11:11:26.731944: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:26.731949: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:26.732133: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:26.732147: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:26.732153: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:26.732159: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.732164: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.732169: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.732174: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.732179: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.732185: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.732194: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:26.732199: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:26.732204: | checking if this is a replacement state
- Mar 30 11:11:26.732209: | st=0x562b2d555bd8 ost=0x562b2d556758 st->serialno=#8 ost->serialno=#7
- Mar 30 11:11:26.732216: "l2tp-psk"[4] 93.46.124.104 #8: keeping refhim=0 during rekey
- Mar 30 11:11:26.732221: | installing outgoing SA now as refhim=0
- Mar 30 11:11:26.732227: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:26.732232: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:26.732237: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:26.732244: | setting IPsec SA replay-window to 32
- Mar 30 11:11:26.732250: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:26.732256: | netlink: enabling transport mode
- Mar 30 11:11:26.732264: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:26.732269: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:26.732274: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:26.732280: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:26.732386: | netlink response for Add SA esp.874d050a@93.46.124.104 included non-error error
- Mar 30 11:11:26.732394: | outgoing SA has refhim=0
- Mar 30 11:11:26.732399: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:26.732405: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:26.732410: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:26.732416: | setting IPsec SA replay-window to 32
- Mar 30 11:11:26.732421: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:26.732427: | netlink: enabling transport mode
- Mar 30 11:11:26.732433: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:26.732438: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:26.732443: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:26.732448: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:26.732492: | netlink response for Add SA esp.2c43b193@10.68.154.105 included non-error error
- Mar 30 11:11:26.732502: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:26.732507: | no IKEv1 message padding required
- Mar 30 11:11:26.732512: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:26.732531: | finished processing quick inI1
- Mar 30 11:11:26.732537: | complete v1 state transition with STF_OK
- Mar 30 11:11:26.732549: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:26.732554: | #8 is idle
- Mar 30 11:11:26.732559: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:26.732566: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:26.732573: | child state #8: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:26.732577: | event_already_set, deleting event
- Mar 30 11:11:26.732583: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:26.732591: | libevent_free: delref ptr-libevent@0x562b2d554878
- Mar 30 11:11:26.732597: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5546a8
- Mar 30 11:11:26.732606: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:26.732619: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #8)
- Mar 30 11:11:26.732624: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:26.732628: | 5d 82 98 78 08 10 20 01 00 00 00 05 00 00 00 bc
- Mar 30 11:11:26.732633: | 64 0f 4a 62 d1 d2 11 e5 98 2d 61 3a 16 30 a8 a2
- Mar 30 11:11:26.732637: | 25 58 22 74 6c 61 e8 ad 98 5c 5f 7c ce 19 09 41
- Mar 30 11:11:26.732642: | e7 e7 8f fd 4f de 96 71 9c 06 cf f8 ec f9 81 c7
- Mar 30 11:11:26.732646: | cc 8b 0f 44 6b 57 96 b9 3e 03 fc 9e fa c1 43 2c
- Mar 30 11:11:26.732650: | a4 de ae e8 db de 28 15 69 ae 08 5e 2c 9f b3 c7
- Mar 30 11:11:26.732655: | 70 72 ac 29 d7 91 dd 6c 5f 2a 61 04 25 cc 34 ce
- Mar 30 11:11:26.732659: | 8f 27 0d 42 fe 59 51 12 08 61 7f b6 9b 5f 1a ec
- Mar 30 11:11:26.732664: | 13 12 21 20 af 0d 74 ec f4 45 e0 01 8a 0b 5b 59
- Mar 30 11:11:26.732668: | 79 16 d0 2e 2e 73 01 f1 d8 5e 78 be 26 42 76 f7
- Mar 30 11:11:26.732672: | f6 3a 2e 0f c6 21 4e 88 4b 93 61 e8 ef 5f 23 09
- Mar 30 11:11:26.732746: | !event_already_set at reschedule
- Mar 30 11:11:26.732756: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d5546a8
- Mar 30 11:11:26.732763: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8
- Mar 30 11:11:26.732769: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:26.732778: | #8 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5645.157985
- Mar 30 11:11:26.732784: | pstats #8 ikev1.ipsec established
- Mar 30 11:11:26.732792: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:26.732797: | NAT-T: encaps is 'yes'
- Mar 30 11:11:26.732816: "l2tp-psk"[4] 93.46.124.104 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x874d050a <0x2c43b193 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:26.732822: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:26.732827: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:26.732832: | releasing #8's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:26.732837: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:26.732844: | resume sending helper answer for #8 suppresed complete_v1_state_transition()
- Mar 30 11:11:26.732859: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:26.732865: | libevent_free: delref ptr-libevent@0x7f3a3c002e58
- Mar 30 11:11:26.882022: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:26.882060: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.882064: | 08 10 20 01 00 00 00 05 00 00 00 3c 53 12 fc 63
- Mar 30 11:11:26.882068: | 8d 11 7a 5a fe 34 a6 29 01 9d 9f e8 72 eb 14 ed
- Mar 30 11:11:26.882071: | 24 f4 4d f5 19 df c5 f7 b1 89 cd 10
- Mar 30 11:11:26.882079: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:26.882086: | **parse ISAKMP Message:
- Mar 30 11:11:26.882092: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:26.882097: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.882101: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:26.882105: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:26.882108: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:26.882113: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:26.882118: | Message ID: 5 (00 00 00 05)
- Mar 30 11:11:26.882122: | length: 60 (00 00 00 3c)
- Mar 30 11:11:26.882126: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:26.882133: | State DB: found IKEv1 state #8 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:26.882142: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:26.882147: | #8 is idle
- Mar 30 11:11:26.882150: | #8 idle
- Mar 30 11:11:26.882156: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:26.882196: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:26.882201: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:26.882204: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.882208: | length: 24 (00 18)
- Mar 30 11:11:26.882212: | removing 8 bytes of padding
- Mar 30 11:11:26.882246: | quick_inI2 HASH(3):
- Mar 30 11:11:26.882250: | 59 7f 68 f7 aa d5 49 e5 1e 23 f2 3a 1d 07 02 65
- Mar 30 11:11:26.882253: | f4 f4 be 76
- Mar 30 11:11:26.882257: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:26.882263: | install_ipsec_sa() for #8: outbound only
- Mar 30 11:11:26.882268: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:26.882272: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:26.882276: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882280: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882284: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882288: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882291: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882295: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882302: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:26.882306: | sr for #8: erouted
- Mar 30 11:11:26.882310: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:26.882313: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:26.882316: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882320: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882339: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882343: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882346: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:26.882350: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:26.882355: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:26.882359: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #8
- Mar 30 11:11:26.882362: | we are replacing an eroute
- Mar 30 11:11:26.882367: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:26.882379: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.874d050a@93.46.124.104>esp.874d050a@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:26.882386: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:26.882390: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:26.882394: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:26.882423: | raw_eroute result=success
- Mar 30 11:11:26.882428: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:26.882433: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #8 (was #7) (newest_ipsec_sa=#7)
- Mar 30 11:11:26.882439: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #8 (was #7) (spd.eroute=#8) cloned from #3
- Mar 30 11:11:26.882443: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:26.882446: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:26.882450: | complete v1 state transition with STF_OK
- Mar 30 11:11:26.882457: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:26.882460: | #8 is idle
- Mar 30 11:11:26.882464: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:26.882467: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:26.882471: | child state #8: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:26.882475: | event_already_set, deleting event
- Mar 30 11:11:26.882479: | state #8 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:26.882483: | #8 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:26.882489: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:26.882493: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d5546a8
- Mar 30 11:11:26.882498: | !event_already_set at reschedule
- Mar 30 11:11:26.882502: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554a08
- Mar 30 11:11:26.882507: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #8
- Mar 30 11:11:26.882511: | libevent_malloc: newref ptr-libevent@0x562b2d5547c8 size 128
- Mar 30 11:11:26.882516: | pstats #8 ikev1.ipsec established
- Mar 30 11:11:26.882524: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:26.882527: | NAT-T: encaps is 'yes'
- Mar 30 11:11:26.882535: "l2tp-psk"[4] 93.46.124.104 #8: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x874d050a <0x2c43b193 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:26.882539: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:26.882542: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:26.882546: | releasing #8's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:26.882549: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:26.882556: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:26.882562: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:26.882567: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:26.883403: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:26.883422: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.883425: | 08 10 05 01 2b 99 66 a2 00 00 00 4c 4a c3 c3 a2
- Mar 30 11:11:26.883428: | 07 6b a8 74 d1 33 39 4f ed 30 35 01 50 bf 73 52
- Mar 30 11:11:26.883431: | d9 e1 12 98 33 72 a1 e6 e8 ca 1a c2 57 2d 64 a5
- Mar 30 11:11:26.883433: | 32 d1 1c 3b 97 52 23 14 3d 98 4b 3b
- Mar 30 11:11:26.883438: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:26.883442: | **parse ISAKMP Message:
- Mar 30 11:11:26.883447: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:26.883451: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.883454: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:26.883457: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:26.883460: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:26.883463: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:26.883468: | Message ID: 731473570 (2b 99 66 a2)
- Mar 30 11:11:26.883471: | length: 76 (00 00 00 4c)
- Mar 30 11:11:26.883475: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:26.883479: | peer and cookies match on #8; msgid=00000000 st_msgid=00000005 st_v1_msgid.phase15=00000000
- Mar 30 11:11:26.883482: | peer and cookies match on #7; msgid=00000000 st_msgid=00000004 st_v1_msgid.phase15=00000000
- Mar 30 11:11:26.883486: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:26.883489: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:26.883492: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:26.883498: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:26.883520: | #3 is idle
- Mar 30 11:11:26.883523: | #3 idle
- Mar 30 11:11:26.883527: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:26.883541: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:26.883545: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:26.883548: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:26.883552: | length: 24 (00 18)
- Mar 30 11:11:26.883555: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:26.883559: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:26.883561: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.883565: | length: 16 (00 10)
- Mar 30 11:11:26.883568: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:26.883571: | protocol ID: 3 (03)
- Mar 30 11:11:26.883574: | SPI size: 4 (04)
- Mar 30 11:11:26.883577: | number of SPIs: 1 (00 01)
- Mar 30 11:11:26.883580: | removing 8 bytes of padding
- Mar 30 11:11:26.883601: | informational HASH(1):
- Mar 30 11:11:26.883605: | d1 4b ef cd ae 70 58 a8 82 22 10 df 73 a8 ce 95
- Mar 30 11:11:26.883608: | d9 6a e4 1f
- Mar 30 11:11:26.883611: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:26.883615: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:26.883618: | SPI
- Mar 30 11:11:26.883620: | 5a ad 8c 94
- Mar 30 11:11:26.883623: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:26.883629: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:26.883635: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x5aad8c94) payload: deleting IPsec State #7
- Mar 30 11:11:26.883639: | pstats #7 ikev1.ipsec deleted completed
- Mar 30 11:11:26.883645: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:26.883650: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:26.883656: "l2tp-psk"[4] 93.46.124.104 #7: deleting other state #7 (STATE_QUICK_R2) aged 8.168s and sending notification
- Mar 30 11:11:26.883660: | child state #7: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:26.883702: | get_sa_info esp.5aad8c94@93.46.124.104
- Mar 30 11:11:26.883723: | get_sa_info esp.ff264c8d@10.68.154.105
- Mar 30 11:11:26.883733: "l2tp-psk"[4] 93.46.124.104 #7: ESP traffic information: in=0B out=0B
- Mar 30 11:11:26.883737: | unsuspending #7 MD (nil)
- Mar 30 11:11:26.883741: | #7 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:26.883744: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:26.883753: | **emit ISAKMP Message:
- Mar 30 11:11:26.883757: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:26.883762: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:26.883764: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.883767: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:26.883770: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:26.883773: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:26.883777: | Message ID: 540693301 (20 3a 53 35)
- Mar 30 11:11:26.883780: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:26.883784: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:26.883787: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.883790: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:26.883793: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:26.883797: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:26.883800: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:26.883803: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:26.883806: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:26.883808: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:26.883812: | protocol ID: 3 (03)
- Mar 30 11:11:26.883815: | SPI size: 4 (04)
- Mar 30 11:11:26.883818: | number of SPIs: 1 (00 01)
- Mar 30 11:11:26.883821: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:26.883824: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:26.883828: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:26.883831: | delete payload: ff 26 4c 8d
- Mar 30 11:11:26.883834: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:26.883853: | send delete HASH(1):
- Mar 30 11:11:26.883857: | 58 eb e5 37 8e 91 31 d4 69 12 aa 08 37 a7 db cd
- Mar 30 11:11:26.883860: | 6a 59 2e e1
- Mar 30 11:11:26.883874: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:26.883878: | no IKEv1 message padding required
- Mar 30 11:11:26.883880: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:26.883893: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:26.883896: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:26.883899: | 5d 82 98 78 08 10 05 01 20 3a 53 35 00 00 00 4c
- Mar 30 11:11:26.883902: | 4e 28 8b 71 e8 f9 91 ca 8d e3 db d1 59 8e d9 24
- Mar 30 11:11:26.883904: | 2f 7a f2 28 e3 59 50 ed 99 f6 9f 4c cb c8 98 80
- Mar 30 11:11:26.883907: | f0 90 58 1b f1 50 08 ac 17 94 e7 4f e4 bd 12 58
- Mar 30 11:11:26.883954: | state #7 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:26.883962: | libevent_free: delref ptr-libevent@0x562b2d5545b8
- Mar 30 11:11:26.883965: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d54f5c8
- Mar 30 11:11:26.883971: | delete esp.5aad8c94@93.46.124.104
- Mar 30 11:11:26.883975: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:26.884062: | netlink response for Del SA esp.5aad8c94@93.46.124.104 included non-error error
- Mar 30 11:11:26.884086: | delete esp.ff264c8d@10.68.154.105
- Mar 30 11:11:26.884092: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:26.884112: | netlink response for Del SA esp.ff264c8d@10.68.154.105 included non-error error
- Mar 30 11:11:26.884128: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:26.884132: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:26.884135: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:26.884138: | connection is instance
- Mar 30 11:11:26.884141: | not in pending use
- Mar 30 11:11:26.884144: | State DB: found state #8 in QUICK_R2 (connection_discard)
- Mar 30 11:11:26.884147: | states still using this connection instance, retaining
- Mar 30 11:11:26.884150: | State DB: deleting IKEv1 state #7 in QUICK_R2
- Mar 30 11:11:26.884155: | child state #7: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:26.884159: | releasing #7's fd-fd@(nil) because deleting state
- Mar 30 11:11:26.884162: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:26.884168: | stop processing: state #7 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:26.884173: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:26.884181: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:26.884184: | del:
- Mar 30 11:11:26.884187: |
- Mar 30 11:11:26.884192: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:26.884197: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:26.884203: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:26.884207: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:31.436852: | processing global timer EVENT_NAT_T_KEEPALIVE
- Mar 30 11:11:31.436911: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
- Mar 30 11:11:31.436930: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1642)
- Mar 30 11:11:31.436940: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in nat_traversal_send_ka() at nat_traversal.c:760)
- Mar 30 11:11:31.436947: | ka_event: send NAT-KA to 93.46.124.104:4500 (state=#8)
- Mar 30 11:11:31.436952: | sending NAT-T Keep Alive
- Mar 30 11:11:31.436963: | sending 1 bytes for NAT-T Keep Alive through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #8)
- Mar 30 11:11:31.436968: | ff
- Mar 30 11:11:31.437064: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in nat_traversal_send_ka() at nat_traversal.c:769)
- Mar 30 11:11:31.437076: | processing: STOP state #0 (in for_each_state() at state.c:1644)
- Mar 30 11:11:31.437085: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1642)
- Mar 30 11:11:31.437093: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1644)
- Mar 30 11:11:31.437110: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
- Mar 30 11:11:36.729139: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:36.729196: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.729208: | 08 10 20 01 00 00 00 06 00 00 01 bc 29 35 0a 66
- Mar 30 11:11:36.729219: | b5 30 66 37 5e cc fe 3a 4c de 59 ef 62 2d 0d 3c
- Mar 30 11:11:36.729228: | 91 2d 64 5c ad e1 ba 14 4f e8 c7 a6 ee 33 65 da
- Mar 30 11:11:36.729235: | 0e db 8f 33 c1 51 f9 15 95 ba 02 ed 54 c1 74 72
- Mar 30 11:11:36.729243: | 3a 86 4f 19 0d 41 fc 49 cb 61 9b 41 83 0f 89 b1
- Mar 30 11:11:36.729251: | 04 c0 2a cf 25 49 59 a1 79 aa f9 da c5 7e 02 ad
- Mar 30 11:11:36.729258: | 95 52 14 3e 43 9a 5a 7f ce 68 ce 48 c4 f3 58 bb
- Mar 30 11:11:36.729266: | dd 56 98 b0 47 5e 70 fc 7e 15 71 2b e3 13 b5 3d
- Mar 30 11:11:36.729276: | 58 e9 7a 83 57 10 c8 47 5f e7 47 cd 7d ad 40 06
- Mar 30 11:11:36.729312: | 6c d6 92 6f 77 24 43 4d 65 47 16 ed be 69 4a 28
- Mar 30 11:11:36.729323: | dc 38 73 45 e7 1b 57 97 4d b4 a9 d3 f0 33 c2 f5
- Mar 30 11:11:36.729331: | 99 38 7a d3 84 ce f8 c7 ed bc 4c cc 25 27 36 f8
- Mar 30 11:11:36.729338: | dd e4 b3 d3 9b f0 8f 5b ab ed 91 e4 83 c4 88 24
- Mar 30 11:11:36.729345: | 71 4d 8c 63 b6 f9 46 41 cf 67 1f 37 40 2b 9a 43
- Mar 30 11:11:36.729351: | ca d8 f1 05 7e 1f 01 f9 38 f5 c1 0f b1 d3 d3 cd
- Mar 30 11:11:36.729359: | ec ab 7f 8c ae 56 7a 65 0a ff 90 04 62 fe 40 0a
- Mar 30 11:11:36.729365: | 43 81 b4 43 29 5d 8a 04 d9 74 04 77 4f 54 5d dd
- Mar 30 11:11:36.729372: | 31 e2 e4 5c e7 a4 ec ed 2e d2 34 eb 8c 8f ed 87
- Mar 30 11:11:36.729381: | ce d6 c3 6e 0e c7 7f d9 d2 2c e1 6c dc 5c ca 43
- Mar 30 11:11:36.729389: | 38 90 2c ba aa 38 52 2d a4 1b 7f de 29 bc c4 84
- Mar 30 11:11:36.729396: | 54 ac ae a8 ba c7 17 94 e8 81 f9 9d 03 a0 ef 07
- Mar 30 11:11:36.729403: | e1 3d a0 02 bf 55 81 7f 87 a6 aa 15 a9 e9 17 46
- Mar 30 11:11:36.729410: | b9 b2 79 cb 49 7d c8 73 62 0c 1d 7d b8 50 9b 02
- Mar 30 11:11:36.729417: | 24 01 63 3c 3e 3f 09 d3 6c b8 46 e2 ca 26 72 7a
- Mar 30 11:11:36.729424: | 9c ed 9a 6e 97 4e 2e 9d 77 8d 5c 1c 00 09 1f 00
- Mar 30 11:11:36.729431: | f7 72 0d 45 2c 50 5c 00 74 70 4c 19 aa 7f b1 cb
- Mar 30 11:11:36.729438: | ca 95 77 ca d8 7e cd dd 0d 84 39 41
- Mar 30 11:11:36.729453: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:36.729466: | **parse ISAKMP Message:
- Mar 30 11:11:36.729479: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:36.729491: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.729500: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:36.729508: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:36.729516: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:36.729526: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:36.729540: | Message ID: 6 (00 00 00 06)
- Mar 30 11:11:36.729553: | length: 444 (00 00 01 bc)
- Mar 30 11:11:36.729564: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:36.729576: | State DB: IKEv1 state not found (find_state_ikev1)
- Mar 30 11:11:36.729587: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
- Mar 30 11:11:36.729606: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
- Mar 30 11:11:36.729660: | #3 is idle
- Mar 30 11:11:36.729672: | #3 idle
- Mar 30 11:11:36.729686: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:36.729720: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
- Mar 30 11:11:36.729730: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:36.729737: | next payload type: ISAKMP_NEXT_SA (0x1)
- Mar 30 11:11:36.729746: | length: 24 (00 18)
- Mar 30 11:11:36.729753: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
- Mar 30 11:11:36.729761: | ***parse ISAKMP Security Association Payload:
- Mar 30 11:11:36.729769: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:36.729781: | length: 280 (01 18)
- Mar 30 11:11:36.729789: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:36.729798: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
- Mar 30 11:11:36.729806: | ***parse ISAKMP Nonce Payload:
- Mar 30 11:11:36.729814: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:36.729823: | length: 52 (00 34)
- Mar 30 11:11:36.729830: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:36.729850: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:36.729869: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:36.729879: | length: 12 (00 0c)
- Mar 30 11:11:36.729886: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.729893: | Protocol ID: 17 (11)
- Mar 30 11:11:36.729901: | port: 1701 (06 a5)
- Mar 30 11:11:36.729910: | obj:
- Mar 30 11:11:36.729917: | c0 a8 01 65
- Mar 30 11:11:36.729924: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
- Mar 30 11:11:36.729948: | ***parse ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:36.729956: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:36.729965: | length: 12 (00 0c)
- Mar 30 11:11:36.729972: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.729980: | Protocol ID: 17 (11)
- Mar 30 11:11:36.729987: | port: 1701 (06 a5)
- Mar 30 11:11:36.729994: | obj:
- Mar 30 11:11:36.730000: | 33 9e 40 c9
- Mar 30 11:11:36.730007: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:36.730015: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:36.730021: | next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
- Mar 30 11:11:36.730029: | length: 12 (00 0c)
- Mar 30 11:11:36.730035: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.730042: | obj:
- Mar 30 11:11:36.730048: | c0 a8 01 65
- Mar 30 11:11:36.730056: | got payload 0x200000 (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
- Mar 30 11:11:36.730064: | ***parse ISAKMP NAT-OA Payload:
- Mar 30 11:11:36.730071: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.730080: | length: 12 (00 0c)
- Mar 30 11:11:36.730089: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.730099: | obj:
- Mar 30 11:11:36.730106: | 33 9e 40 c9
- Mar 30 11:11:36.730113: | removing 12 bytes of padding
- Mar 30 11:11:36.730172: | quick_inI1_outR1 HASH(1):
- Mar 30 11:11:36.730180: | cb 9b f0 c9 c2 b9 9e cf 4a db 2f bc 4b 01 3c ac
- Mar 30 11:11:36.730185: | ab 1d 17 31
- Mar 30 11:11:36.730192: | received 'quick_inI1_outR1' message HASH(1) data ok
- Mar 30 11:11:36.730204: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:36.730210: | ID address
- Mar 30 11:11:36.730215: | c0 a8 01 65
- Mar 30 11:11:36.730226: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:36.730235: | peer client is 192.168.1.101/32
- Mar 30 11:11:36.730241: | peer client protocol/port is 17/1701
- Mar 30 11:11:36.730247: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
- Mar 30 11:11:36.730253: | ID address
- Mar 30 11:11:36.730258: | 33 9e 40 c9
- Mar 30 11:11:36.730266: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
- Mar 30 11:11:36.730273: | our client is 51.158.64.201/32
- Mar 30 11:11:36.730279: | our client protocol/port is 17/1701
- Mar 30 11:11:36.730293: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
- Mar 30 11:11:36.730300: | find_client_connection starting with l2tp-psk
- Mar 30 11:11:36.730310: | looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
- Mar 30 11:11:36.730320: | concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
- Mar 30 11:11:36.730329: | match_id a=192.168.1.101
- Mar 30 11:11:36.730336: | b=192.168.1.101
- Mar 30 11:11:36.730341: | results matched
- Mar 30 11:11:36.730357: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
- Mar 30 11:11:36.730367: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:36.730373: | fc_try concluding with none [0]
- Mar 30 11:11:36.730378: | fc_try l2tp-psk gives none
- Mar 30 11:11:36.730389: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
- Mar 30 11:11:36.730399: | checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
- Mar 30 11:11:36.730407: | match_id a=192.168.1.101
- Mar 30 11:11:36.730412: | b=(none)
- Mar 30 11:11:36.730418: | results matched
- Mar 30 11:11:36.730433: | fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
- Mar 30 11:11:36.730442: | our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
- Mar 30 11:11:36.730450: | match_id a=192.168.1.101
- Mar 30 11:11:36.730466: | b=(none)
- Mar 30 11:11:36.730471: | results matched
- Mar 30 11:11:36.730477: | fc_try concluding with none [0]
- Mar 30 11:11:36.730484: | match_id a=192.168.1.101
- Mar 30 11:11:36.730490: | b=(none)
- Mar 30 11:11:36.730495: | results matched
- Mar 30 11:11:36.730508: | fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
- Mar 30 11:11:36.730515: | match_id a=192.168.1.101
- Mar 30 11:11:36.730521: | b=(none)
- Mar 30 11:11:36.730526: | results matched
- Mar 30 11:11:36.730532: | fc_try_oppo concluding with none [0]
- Mar 30 11:11:36.730537: | concluding with d = none
- Mar 30 11:11:36.730545: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
- Mar 30 11:11:36.730551: | client wildcard: no port wildcard: no virtual: no
- Mar 30 11:11:36.730558: | NAT-Traversal: received 2 NAT-OA.
- Mar 30 11:11:36.730567: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
- Mar 30 11:11:36.730572: | NAT-OA:
- Mar 30 11:11:36.730578: | 15 00 00 0c 01 00 00 00 c0 a8 01 65
- Mar 30 11:11:36.730584: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
- Mar 30 11:11:36.730589: | NAT-Traversal: NAT-OA IP
- Mar 30 11:11:36.730594: | c0 a8 01 65
- Mar 30 11:11:36.730601: | received NAT-OA: 192.168.1.101
- Mar 30 11:11:36.730612: | addref fd@NULL (in new_state() at state.c:555)
- Mar 30 11:11:36.730619: | creating state object #9 at 0x562b2d556758
- Mar 30 11:11:36.730625: | State DB: adding IKEv1 state #9 in UNDEFINED
- Mar 30 11:11:36.730635: | pstats #9 ikev1.ipsec started
- Mar 30 11:11:36.730643: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #9 for IPSEC SA
- Mar 30 11:11:36.730653: | #9 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
- Mar 30 11:11:36.730666: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:36.730677: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
- Mar 30 11:11:36.730683: | switching MD.ST from #3 to CHILD #9; ulgh
- Mar 30 11:11:36.730690: | child state #9: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
- Mar 30 11:11:36.730698: | ****parse IPsec DOI SIT:
- Mar 30 11:11:36.730705: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:36.730711: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:36.730717: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:36.730724: | length: 56 (00 38)
- Mar 30 11:11:36.730730: | proposal number: 1 (01)
- Mar 30 11:11:36.730736: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:36.730742: | SPI size: 4 (04)
- Mar 30 11:11:36.730748: | number of transforms: 1 (01)
- Mar 30 11:11:36.730754: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:36.730759: | SPI
- Mar 30 11:11:36.730765: | 37 1a 89 1a
- Mar 30 11:11:36.730772: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:36.730798: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:36.730810: | length: 56 (00 38)
- Mar 30 11:11:36.730819: | proposal number: 2 (02)
- Mar 30 11:11:36.730827: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:36.730835: | SPI size: 4 (04)
- Mar 30 11:11:36.730842: | number of transforms: 1 (01)
- Mar 30 11:11:36.730851: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:36.730858: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.730865: | length: 44 (00 2c)
- Mar 30 11:11:36.730871: | ESP transform number: 1 (01)
- Mar 30 11:11:36.730877: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:36.730885: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.730892: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:36.730901: | length/value: 4 (00 04)
- Mar 30 11:11:36.730909: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:36.731046: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:36.731062: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731070: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:36.731090: | length/value: 256 (01 00)
- Mar 30 11:11:36.731107: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731117: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:36.731125: | length/value: 2 (00 02)
- Mar 30 11:11:36.731133: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:36.731142: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731149: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:36.731158: | length/value: 1 (00 01)
- Mar 30 11:11:36.731166: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:36.731174: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731181: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:36.731190: | length/value: 4 (00 04)
- Mar 30 11:11:36.731197: | long duration: 3600
- Mar 30 11:11:36.731204: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731211: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:36.731219: | length/value: 2 (00 02)
- Mar 30 11:11:36.731226: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:36.731233: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.731240: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:36.731248: | length/value: 4 (00 04)
- Mar 30 11:11:36.731255: | long duration: 250000
- Mar 30 11:11:36.731263: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:36.731280: | adding quick_outI1 KE work-order 11 for state #9
- Mar 30 11:11:36.731289: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d554758
- Mar 30 11:11:36.731299: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9
- Mar 30 11:11:36.731310: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
- Mar 30 11:11:36.731355: | crypto helper 1 resuming
- Mar 30 11:11:36.731369: | crypto helper 1 starting work-order 11 for state #9
- Mar 30 11:11:36.731380: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 11
- Mar 30 11:11:36.731410: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 11 time elapsed 0.000031 seconds
- Mar 30 11:11:36.731419: | crypto helper 1 sending results from work-order 11 for state #9 to event queue
- Mar 30 11:11:36.731427: | scheduling resume sending helper answer for #9
- Mar 30 11:11:36.731443: | libevent_malloc: newref ptr-libevent@0x7f3a44003828 size 128
- Mar 30 11:11:36.731457: | crypto helper 1 waiting (nothing to do)
- Mar 30 11:11:36.731470: | complete v1 state transition with STF_SUSPEND
- Mar 30 11:11:36.731488: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
- Mar 30 11:11:36.731496: | suspending state #9 and saving MD 0x562b2d551f08
- Mar 30 11:11:36.731504: | #9 is busy; has suspended MD 0x562b2d551f08
- Mar 30 11:11:36.731520: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:36.731535: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:36.731544: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:36.731569: | processing resume sending helper answer for #9
- Mar 30 11:11:36.731583: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
- Mar 30 11:11:36.731592: | unsuspending #9 MD 0x562b2d551f08
- Mar 30 11:11:36.731599: | crypto helper 1 replies to request ID 11
- Mar 30 11:11:36.731606: | calling continuation function 0x562b2c27c390
- Mar 30 11:11:36.731613: | quick_inI1_outR1_cryptocontinue1 for #9: calculated ke+nonce, calculating DH
- Mar 30 11:11:36.731631: | **emit ISAKMP Message:
- Mar 30 11:11:36.731642: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:36.731652: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.731675: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.731683: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:36.731691: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:36.731700: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:36.731710: | Message ID: 6 (00 00 00 06)
- Mar 30 11:11:36.731719: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:36.731728: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:36.731735: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.731743: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:36.731750: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:36.731759: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:36.731766: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:36.731773: | ***emit ISAKMP Security Association Payload:
- Mar 30 11:11:36.731780: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Mar 30 11:11:36.731787: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:36.731794: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
- Mar 30 11:11:36.731802: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
- Mar 30 11:11:36.731809: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:36.731817: | ****parse IPsec DOI SIT:
- Mar 30 11:11:36.731824: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:36.731832: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:36.731838: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:36.731847: | length: 56 (00 38)
- Mar 30 11:11:36.731854: | proposal number: 1 (01)
- Mar 30 11:11:36.731862: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:36.731870: | SPI size: 4 (04)
- Mar 30 11:11:36.731878: | number of transforms: 1 (01)
- Mar 30 11:11:36.731887: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
- Mar 30 11:11:36.731894: | SPI
- Mar 30 11:11:36.731901: | 37 1a 89 1a
- Mar 30 11:11:36.731909: | ****parse ISAKMP Proposal Payload:
- Mar 30 11:11:36.731916: | next payload type: ISAKMP_NEXT_P (0x2)
- Mar 30 11:11:36.731924: | length: 56 (00 38)
- Mar 30 11:11:36.731932: | proposal number: 2 (02)
- Mar 30 11:11:36.731938: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:36.731946: | SPI size: 4 (04)
- Mar 30 11:11:36.731953: | number of transforms: 1 (01)
- Mar 30 11:11:36.731961: | *****parse ISAKMP Transform Payload (ESP):
- Mar 30 11:11:36.731968: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.731976: | length: 44 (00 2c)
- Mar 30 11:11:36.731984: | ESP transform number: 1 (01)
- Mar 30 11:11:36.731991: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:36.732088: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732098: | af+type: AF+ENCAPSULATION_MODE (0x8004)
- Mar 30 11:11:36.732107: | length/value: 4 (00 04)
- Mar 30 11:11:36.732114: | [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
- Mar 30 11:11:36.732122: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
- Mar 30 11:11:36.732130: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732137: | af+type: AF+KEY_LENGTH (0x8006)
- Mar 30 11:11:36.732145: | length/value: 256 (01 00)
- Mar 30 11:11:36.732152: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732160: | af+type: AF+AUTH_ALGORITHM (0x8005)
- Mar 30 11:11:36.732167: | length/value: 2 (00 02)
- Mar 30 11:11:36.732174: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
- Mar 30 11:11:36.732182: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732189: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:36.732197: | length/value: 1 (00 01)
- Mar 30 11:11:36.732215: | [1 is SA_LIFE_TYPE_SECONDS]
- Mar 30 11:11:36.732224: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732232: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:36.732241: | length/value: 4 (00 04)
- Mar 30 11:11:36.732249: | long duration: 3600
- Mar 30 11:11:36.732257: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732264: | af+type: AF+SA_LIFE_TYPE (0x8001)
- Mar 30 11:11:36.732273: | length/value: 2 (00 02)
- Mar 30 11:11:36.732280: | [2 is SA_LIFE_TYPE_KBYTES]
- Mar 30 11:11:36.732287: | ******parse ISAKMP IPsec DOI attribute:
- Mar 30 11:11:36.732294: | af+type: SA_LIFE_DURATION (variable length) (0x2)
- Mar 30 11:11:36.732302: | length/value: 4 (00 04)
- Mar 30 11:11:36.732309: | long duration: 250000
- Mar 30 11:11:36.732317: | ESP IPsec Transform verified; matches alg_info entry
- Mar 30 11:11:36.732324: | ****emit IPsec DOI SIT:
- Mar 30 11:11:36.732331: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Mar 30 11:11:36.732338: | ****emit ISAKMP Proposal Payload:
- Mar 30 11:11:36.732345: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.732353: | proposal number: 1 (01)
- Mar 30 11:11:36.732360: | protocol ID: PROTO_IPSEC_ESP (0x3)
- Mar 30 11:11:36.732368: | SPI size: 4 (04)
- Mar 30 11:11:36.732375: | number of transforms: 1 (01)
- Mar 30 11:11:36.732382: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
- Mar 30 11:11:36.732436: | netlink_get_spi: allocated 0xf7240e32 for esp.0@10.68.154.105
- Mar 30 11:11:36.732450: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
- Mar 30 11:11:36.732460: | SPI: f7 24 0e 32
- Mar 30 11:11:36.732466: | *****emit ISAKMP Transform Payload (ESP):
- Mar 30 11:11:36.732474: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.732481: | ESP transform number: 1 (01)
- Mar 30 11:11:36.732488: | ESP transform ID: ESP_AES (0xc)
- Mar 30 11:11:36.732495: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
- Mar 30 11:11:36.732503: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
- Mar 30 11:11:36.732510: | attributes:
- Mar 30 11:11:36.732517: | 80 04 00 04 80 06 01 00 80 05 00 02 80 01 00 01
- Mar 30 11:11:36.732524: | 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
- Mar 30 11:11:36.732530: | 00 03 d0 90
- Mar 30 11:11:36.732537: | emitting length of ISAKMP Transform Payload (ESP): 44
- Mar 30 11:11:36.732544: | emitting length of ISAKMP Proposal Payload: 56
- Mar 30 11:11:36.732551: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
- Mar 30 11:11:36.732559: | emitting length of ISAKMP Security Association Payload: 68
- Mar 30 11:11:36.732566: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
- Mar 30 11:11:36.732580: "l2tp-psk"[4] 93.46.124.104 #9: responding to Quick Mode proposal {msgid:00000006}
- Mar 30 11:11:36.732601: "l2tp-psk"[4] 93.46.124.104 #9: us: 10.68.154.105[51.158.64.201]:17/1701
- Mar 30 11:11:36.732619: "l2tp-psk"[4] 93.46.124.104 #9: them: 93.46.124.104[192.168.1.101]:17/1701
- Mar 30 11:11:36.732627: | ***emit ISAKMP Nonce Payload:
- Mar 30 11:11:36.732634: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:36.732641: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:36.732649: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
- Mar 30 11:11:36.732657: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
- Mar 30 11:11:36.732665: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
- Mar 30 11:11:36.732672: | Nr:
- Mar 30 11:11:36.732678: | 4c 08 f3 ee 69 e8 3b ee 5d ac 7a 6a 3c 63 34 65
- Mar 30 11:11:36.732685: | c6 c1 4c 90 d8 72 7c 5c ed c2 88 ed 79 ab 98 e0
- Mar 30 11:11:36.732702: | emitting length of ISAKMP Nonce Payload: 36
- Mar 30 11:11:36.732710: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:36.732717: | next payload type: ISAKMP_NEXT_ID (0x5)
- Mar 30 11:11:36.732724: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.732732: | Protocol ID: 17 (11)
- Mar 30 11:11:36.732740: | port: 1701 (06 a5)
- Mar 30 11:11:36.732748: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
- Mar 30 11:11:36.732756: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:36.732764: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:36.732773: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:36.732783: | ID body: c0 a8 01 65
- Mar 30 11:11:36.732790: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:36.732797: | ***emit ISAKMP Identification Payload (IPsec DOI):
- Mar 30 11:11:36.732804: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.732811: | ID type: ID_IPV4_ADDR (0x1)
- Mar 30 11:11:36.732819: | Protocol ID: 17 (11)
- Mar 30 11:11:36.732827: | port: 1701 (06 a5)
- Mar 30 11:11:36.732835: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
- Mar 30 11:11:36.732842: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
- Mar 30 11:11:36.732850: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
- Mar 30 11:11:36.732859: | ID body: 33 9e 40 c9
- Mar 30 11:11:36.732866: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
- Mar 30 11:11:36.732941: | quick inR1 outI2 HASH(2):
- Mar 30 11:11:36.732953: | bd 5a 73 c0 19 df d3 52 e5 a3 56 9d c8 6a 91 35
- Mar 30 11:11:36.732960: | d7 30 3d dd
- Mar 30 11:11:36.732968: | compute_proto_keymat: needed_len (after ESP enc)=32
- Mar 30 11:11:36.732975: | compute_proto_keymat: needed_len (after ESP auth)=52
- Mar 30 11:11:36.733142: | install_inbound_ipsec_sa() checking if we can route
- Mar 30 11:11:36.733158: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:36.733165: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:36.733173: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.733181: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.733188: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.733196: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.733203: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.733211: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.733224: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:36.733231: | routing is easy, or has resolvable near-conflict
- Mar 30 11:11:36.733239: | checking if this is a replacement state
- Mar 30 11:11:36.733246: | st=0x562b2d556758 ost=0x562b2d555bd8 st->serialno=#9 ost->serialno=#8
- Mar 30 11:11:36.733257: "l2tp-psk"[4] 93.46.124.104 #9: keeping refhim=0 during rekey
- Mar 30 11:11:36.733264: | installing outgoing SA now as refhim=0
- Mar 30 11:11:36.733272: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:36.733280: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:36.733288: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:36.733298: | setting IPsec SA replay-window to 32
- Mar 30 11:11:36.733307: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:36.733316: | netlink: enabling transport mode
- Mar 30 11:11:36.733329: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
- Mar 30 11:11:36.733337: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:36.733355: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:36.733364: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:36.733488: | netlink response for Add SA esp.371a891a@93.46.124.104 included non-error error
- Mar 30 11:11:36.733504: | outgoing SA has refhim=0
- Mar 30 11:11:36.733514: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
- Mar 30 11:11:36.733522: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
- Mar 30 11:11:36.733529: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
- Mar 30 11:11:36.733539: | setting IPsec SA replay-window to 32
- Mar 30 11:11:36.733546: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
- Mar 30 11:11:36.733555: | netlink: enabling transport mode
- Mar 30 11:11:36.733566: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
- Mar 30 11:11:36.733575: | XFRM: adding IPsec SA with reqid 16409
- Mar 30 11:11:36.733581: | netlink: setting IPsec SA replay-window to 32 using old-style req
- Mar 30 11:11:36.733588: | netlink: esp-hw-offload not set for IPsec SA
- Mar 30 11:11:36.733663: | netlink response for Add SA esp.f7240e32@10.68.154.105 included non-error error
- Mar 30 11:11:36.733680: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:36.733689: | no IKEv1 message padding required
- Mar 30 11:11:36.733697: | emitting length of ISAKMP Message: 188
- Mar 30 11:11:36.733727: | finished processing quick inI1
- Mar 30 11:11:36.733735: | complete v1 state transition with STF_OK
- Mar 30 11:11:36.733751: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:36.733758: | #9 is idle
- Mar 30 11:11:36.733766: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:36.733775: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- Mar 30 11:11:36.733784: | child state #9: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
- Mar 30 11:11:36.733791: | event_already_set, deleting event
- Mar 30 11:11:36.733799: | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Mar 30 11:11:36.733809: | libevent_free: delref ptr-libevent@0x562b2d5545b8
- Mar 30 11:11:36.733817: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d554758
- Mar 30 11:11:36.733830: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
- Mar 30 11:11:36.733848: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #9)
- Mar 30 11:11:36.733858: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:36.733865: | 5d 82 98 78 08 10 20 01 00 00 00 06 00 00 00 bc
- Mar 30 11:11:36.733873: | 19 df ec 48 3b 5f 4b f6 28 f2 0b 97 18 81 b9 0b
- Mar 30 11:11:36.733880: | b9 25 3d af b3 7a e2 5a 78 96 8d 1e 2c c2 2b ba
- Mar 30 11:11:36.733887: | 70 99 94 f1 67 5f 7b ed bf a6 68 f3 45 38 0c 80
- Mar 30 11:11:36.733894: | c4 42 75 1c 57 a4 13 f0 4e 83 5c 81 be c4 28 f6
- Mar 30 11:11:36.733900: | 13 24 98 7d 55 d4 03 77 1a 50 7d 85 75 2f 8a 2e
- Mar 30 11:11:36.733907: | c3 99 5c 50 ae 4f 42 c0 bc 24 03 0c 84 fd 68 fc
- Mar 30 11:11:36.733913: | a3 41 43 76 4e 99 8e a1 2a e4 4b ac ff f8 04 43
- Mar 30 11:11:36.733920: | b2 39 16 3b 77 ef 50 6e 15 54 4f 66 79 31 60 5f
- Mar 30 11:11:36.733926: | b3 b1 ad 35 30 e2 29 4e 8b 19 18 af 01 87 9d 21
- Mar 30 11:11:36.733933: | 0d 80 25 ea 0e 38 cd d9 7f 4b 5a 33 5c 24 54 19
- Mar 30 11:11:36.734034: | !event_already_set at reschedule
- Mar 30 11:11:36.734054: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d554758
- Mar 30 11:11:36.734066: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9
- Mar 30 11:11:36.734075: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
- Mar 30 11:11:36.734088: | #9 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5655.159281
- Mar 30 11:11:36.734110: | pstats #9 ikev1.ipsec established
- Mar 30 11:11:36.734125: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:36.734132: | NAT-T: encaps is 'yes'
- Mar 30 11:11:36.734148: "l2tp-psk"[4] 93.46.124.104 #9: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x371a891a <0xf7240e32 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:36.734156: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:36.734163: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:36.734171: | releasing #9's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:36.734178: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:36.734188: | resume sending helper answer for #9 suppresed complete_v1_state_transition()
- Mar 30 11:11:36.734208: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
- Mar 30 11:11:36.734218: | libevent_free: delref ptr-libevent@0x7f3a44003828
- Mar 30 11:11:36.814763: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:36.814805: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.814811: | 08 10 20 01 00 00 00 06 00 00 00 3c 23 38 24 77
- Mar 30 11:11:36.814815: | 40 12 02 4d f1 c5 d7 23 93 23 d9 32 55 b4 4b 4d
- Mar 30 11:11:36.814820: | 1b 60 e8 cf 56 3e eb 28 3e 35 28 95
- Mar 30 11:11:36.814830: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:36.814838: | **parse ISAKMP Message:
- Mar 30 11:11:36.814847: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:36.814854: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.814859: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:36.814865: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:36.814870: | exchange type: ISAKMP_XCHG_QUICK (0x20)
- Mar 30 11:11:36.814875: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:36.814882: | Message ID: 6 (00 00 00 06)
- Mar 30 11:11:36.814889: | length: 60 (00 00 00 3c)
- Mar 30 11:11:36.814894: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
- Mar 30 11:11:36.814902: | State DB: found IKEv1 state #9 in QUICK_R1 (find_state_ikev1)
- Mar 30 11:11:36.814914: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
- Mar 30 11:11:36.814920: | #9 is idle
- Mar 30 11:11:36.814924: | #9 idle
- Mar 30 11:11:36.815100: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:36.815152: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:36.815160: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:36.815165: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.815171: | length: 24 (00 18)
- Mar 30 11:11:36.815176: | removing 8 bytes of padding
- Mar 30 11:11:36.815217: | quick_inI2 HASH(3):
- Mar 30 11:11:36.815224: | 70 4d c0 57 e5 81 8c f8 44 12 31 54 ca ed 97 41
- Mar 30 11:11:36.815229: | da df bb 2c
- Mar 30 11:11:36.815234: | received 'quick_inI2' message HASH(3) data ok
- Mar 30 11:11:36.815243: | install_ipsec_sa() for #9: outbound only
- Mar 30 11:11:36.815249: | could_route called for l2tp-psk (kind=CK_INSTANCE)
- Mar 30 11:11:36.815254: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:36.815260: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815264: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815270: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815275: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815280: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815284: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815294: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:36.815300: | sr for #9: erouted
- Mar 30 11:11:36.815305: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
- Mar 30 11:11:36.815328: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:36.815334: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815338: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815343: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815347: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815352: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:36.815357: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:36.815364: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
- Mar 30 11:11:36.815370: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #9
- Mar 30 11:11:36.815374: | we are replacing an eroute
- Mar 30 11:11:36.815380: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:36.815396: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.371a891a@93.46.124.104>esp.371a891a@93.46.124.104 using reqid 16409 (raw_eroute)
- Mar 30 11:11:36.815404: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:36.815410: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:36.815415: | IPsec Sa SPD priority set to 1425343
- Mar 30 11:11:36.815450: | raw_eroute result=success
- Mar 30 11:11:36.815456: | route_and_eroute: firewall_notified: true
- Mar 30 11:11:36.815463: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #9 (was #8) (newest_ipsec_sa=#8)
- Mar 30 11:11:36.815471: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #9 (was #8) (spd.eroute=#9) cloned from #3
- Mar 30 11:11:36.815477: | DPD: dpd_init() called on IPsec SA
- Mar 30 11:11:36.815481: | DPD: Peer does not support Dead Peer Detection
- Mar 30 11:11:36.815486: | complete v1 state transition with STF_OK
- Mar 30 11:11:36.815495: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
- Mar 30 11:11:36.815500: | #9 is idle
- Mar 30 11:11:36.815505: | doing_xauth:no, t_xauth_client_done:no
- Mar 30 11:11:36.815510: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- Mar 30 11:11:36.815515: | child state #9: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
- Mar 30 11:11:36.815521: | event_already_set, deleting event
- Mar 30 11:11:36.815526: | state #9 requesting EVENT_RETRANSMIT to be deleted
- Mar 30 11:11:36.815531: | #9 STATE_QUICK_R2: retransmits: cleared
- Mar 30 11:11:36.815540: | libevent_free: delref ptr-libevent@0x562b2d551528
- Mar 30 11:11:36.815545: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d554758
- Mar 30 11:11:36.815551: | !event_already_set at reschedule
- Mar 30 11:11:36.815556: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d551528
- Mar 30 11:11:36.815563: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #9
- Mar 30 11:11:36.815569: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
- Mar 30 11:11:36.815576: | pstats #9 ikev1.ipsec established
- Mar 30 11:11:36.815585: | NAT-T: NAT Traversal detected - their IKE port is '500'
- Mar 30 11:11:36.815590: | NAT-T: encaps is 'yes'
- Mar 30 11:11:36.815600: "l2tp-psk"[4] 93.46.124.104 #9: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x371a891a <0xf7240e32 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
- Mar 30 11:11:36.815606: | modecfg pull: noquirk policy:push not-client
- Mar 30 11:11:36.815611: | phase 1 is done, looking for phase 2 to unpend
- Mar 30 11:11:36.815616: | releasing #9's fd-fd@(nil) because IKEv1 transitions finished
- Mar 30 11:11:36.815620: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
- Mar 30 11:11:36.815630: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:36.815639: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:36.815652: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:36.815681: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:36.815688: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.815692: | 08 10 05 01 a9 9b cb d3 00 00 00 4c 8f 89 8a 18
- Mar 30 11:11:36.815697: | 77 68 7d c5 5e f6 b8 d1 6b eb 86 cc 58 33 4f 82
- Mar 30 11:11:36.815701: | 3b 59 18 ab d1 ef 3b 26 6b 37 13 c6 7a 8e 50 28
- Mar 30 11:11:36.815705: | f7 b7 db f5 4b 44 b7 4b 4b 15 c9 6b
- Mar 30 11:11:36.815712: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:36.815717: | **parse ISAKMP Message:
- Mar 30 11:11:36.815724: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:36.815730: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.815735: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:36.815740: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:36.815744: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:36.815749: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:36.815755: | Message ID: 2845559763 (a9 9b cb d3)
- Mar 30 11:11:36.815761: | length: 76 (00 00 00 4c)
- Mar 30 11:11:36.815766: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:36.815771: | peer and cookies match on #9; msgid=00000000 st_msgid=00000006 st_v1_msgid.phase15=00000000
- Mar 30 11:11:36.815776: | peer and cookies match on #8; msgid=00000000 st_msgid=00000005 st_v1_msgid.phase15=00000000
- Mar 30 11:11:36.815781: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:36.815786: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:36.815791: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:36.815800: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:36.815819: | #3 is idle
- Mar 30 11:11:36.815824: | #3 idle
- Mar 30 11:11:36.815830: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:36.815843: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:36.815849: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:36.815854: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:36.815859: | length: 24 (00 18)
- Mar 30 11:11:36.815865: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:36.815870: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:36.815875: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.815880: | length: 16 (00 10)
- Mar 30 11:11:36.815885: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:36.815889: | protocol ID: 3 (03)
- Mar 30 11:11:36.815894: | SPI size: 4 (04)
- Mar 30 11:11:36.815899: | number of SPIs: 1 (00 01)
- Mar 30 11:11:36.815904: | removing 8 bytes of padding
- Mar 30 11:11:36.815930: | informational HASH(1):
- Mar 30 11:11:36.815937: | 6a ad 5f 2b 45 32 01 7a f7 83 91 2d 9b d2 3f 3c
- Mar 30 11:11:36.815941: | 3c 22 11 ce
- Mar 30 11:11:36.815945: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:36.815951: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:36.815955: | SPI
- Mar 30 11:11:36.815959: | 87 4d 05 0a
- Mar 30 11:11:36.815963: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:36.815972: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:36.815979: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x874d050a) payload: deleting IPsec State #8
- Mar 30 11:11:36.815984: | pstats #8 ikev1.ipsec deleted completed
- Mar 30 11:11:36.816045: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:36.816060: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:36.816076: "l2tp-psk"[4] 93.46.124.104 #8: deleting other state #8 (STATE_QUICK_R2) aged 10.086s and sending notification
- Mar 30 11:11:36.816082: | child state #8: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:36.816090: | get_sa_info esp.874d050a@93.46.124.104
- Mar 30 11:11:36.816111: | get_sa_info esp.2c43b193@10.68.154.105
- Mar 30 11:11:36.816125: "l2tp-psk"[4] 93.46.124.104 #8: ESP traffic information: in=0B out=0B
- Mar 30 11:11:36.816131: | unsuspending #8 MD (nil)
- Mar 30 11:11:36.816136: | #8 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:36.816140: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:36.816152: | **emit ISAKMP Message:
- Mar 30 11:11:36.816160: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:36.816187: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:36.816192: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.816196: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:36.816201: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:36.816206: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:36.816212: | Message ID: 3568206273 (d4 ae 81 c1)
- Mar 30 11:11:36.816216: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:36.816221: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:36.816225: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.816229: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:36.816235: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:36.816240: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:36.816244: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:36.816249: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:36.816252: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:36.816256: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:36.816260: | protocol ID: 3 (03)
- Mar 30 11:11:36.816264: | SPI size: 4 (04)
- Mar 30 11:11:36.816270: | number of SPIs: 1 (00 01)
- Mar 30 11:11:36.816274: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:36.816279: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:36.816283: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:36.816288: | delete payload: 2c 43 b1 93
- Mar 30 11:11:36.816292: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:36.816330: | send delete HASH(1):
- Mar 30 11:11:36.816337: | e8 94 b4 6d 55 fd e1 c7 2a 06 ef 7f 30 e8 7d bc
- Mar 30 11:11:36.816341: | 9a 11 39 55
- Mar 30 11:11:36.816354: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:36.816359: | no IKEv1 message padding required
- Mar 30 11:11:36.816363: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:36.816384: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:36.816390: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:36.816395: | 5d 82 98 78 08 10 05 01 d4 ae 81 c1 00 00 00 4c
- Mar 30 11:11:36.816399: | 66 f2 5e 6a 3e 57 2d 7a 33 52 f9 e1 80 42 bd ad
- Mar 30 11:11:36.816403: | 46 58 bb 9d cc 44 fe c3 e2 84 24 f3 02 fb a6 1a
- Mar 30 11:11:36.816409: | 16 88 d4 50 e8 9d b6 53 14 88 39 d9 0b fb 5e 7f
- Mar 30 11:11:36.816505: | state #8 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:36.816522: | libevent_free: delref ptr-libevent@0x562b2d5547c8
- Mar 30 11:11:36.816528: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554a08
- Mar 30 11:11:36.816537: | delete esp.874d050a@93.46.124.104
- Mar 30 11:11:36.816543: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:36.816604: | netlink response for Del SA esp.874d050a@93.46.124.104 included non-error error
- Mar 30 11:11:36.816634: | delete esp.2c43b193@10.68.154.105
- Mar 30 11:11:36.816641: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:36.816664: | netlink response for Del SA esp.2c43b193@10.68.154.105 included non-error error
- Mar 30 11:11:36.816678: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:36.816684: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:36.816688: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:36.816693: | connection is instance
- Mar 30 11:11:36.816698: | not in pending use
- Mar 30 11:11:36.816703: | State DB: found state #9 in QUICK_R2 (connection_discard)
- Mar 30 11:11:36.816707: | states still using this connection instance, retaining
- Mar 30 11:11:36.816712: | State DB: deleting IKEv1 state #8 in QUICK_R2
- Mar 30 11:11:36.816719: | child state #8: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:36.816726: | releasing #8's fd-fd@(nil) because deleting state
- Mar 30 11:11:36.816731: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:36.816740: | stop processing: state #8 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:36.816749: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:36.816759: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:36.816765: | del:
- Mar 30 11:11:36.816787: |
- Mar 30 11:11:36.816796: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:36.816805: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
- Mar 30 11:11:36.816815: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
- Mar 30 11:11:36.816819: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:43.347473: | processing global timer EVENT_SHUNT_SCAN
- Mar 30 11:11:43.347540: | checking for aged bare shunts from shunt table to expire
- Mar 30 11:11:46.737295: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:46.737358: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.737367: | 08 10 05 01 8c 2f db 7e 00 00 00 4c 87 4c e6 8c
- Mar 30 11:11:46.737375: | 00 60 42 8e 4e f6 d5 69 40 ae 3c 3b 65 44 e2 4f
- Mar 30 11:11:46.737383: | bf 70 bc 6f 15 c5 4c bf 60 48 8b a9 c8 d6 fe 93
- Mar 30 11:11:46.737390: | 38 d9 4a 43 31 98 72 66 34 c5 9b 68
- Mar 30 11:11:46.737405: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:46.737418: | **parse ISAKMP Message:
- Mar 30 11:11:46.737432: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.737444: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.737452: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:46.737460: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:46.737468: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:46.737477: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:46.737488: | Message ID: 2351946622 (8c 2f db 7e)
- Mar 30 11:11:46.737498: | length: 76 (00 00 00 4c)
- Mar 30 11:11:46.737509: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:46.737532: | peer and cookies match on #9; msgid=00000000 st_msgid=00000006 st_v1_msgid.phase15=00000000
- Mar 30 11:11:46.737561: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
- Mar 30 11:11:46.737573: | p15 state object #3 found, in STATE_MAIN_R3
- Mar 30 11:11:46.737587: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
- Mar 30 11:11:46.737610: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
- Mar 30 11:11:46.737685: | #3 is idle
- Mar 30 11:11:46.737702: | #3 idle
- Mar 30 11:11:46.737719: | received encrypted packet from 93.46.124.104:4500
- Mar 30 11:11:46.737808: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
- Mar 30 11:11:46.737909: | ***parse ISAKMP Hash Payload:
- Mar 30 11:11:46.737922: | next payload type: ISAKMP_NEXT_D (0xc)
- Mar 30 11:11:46.737934: | length: 24 (00 18)
- Mar 30 11:11:46.737947: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
- Mar 30 11:11:46.737959: | ***parse ISAKMP Delete Payload:
- Mar 30 11:11:46.737970: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.737982: | length: 16 (00 10)
- Mar 30 11:11:46.737993: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:46.738004: | protocol ID: 3 (03)
- Mar 30 11:11:46.738015: | SPI size: 4 (04)
- Mar 30 11:11:46.738027: | number of SPIs: 1 (00 01)
- Mar 30 11:11:46.738036: | removing 8 bytes of padding
- Mar 30 11:11:46.738133: | informational HASH(1):
- Mar 30 11:11:46.738172: | 27 41 1e 27 26 18 aa 52 aa bc fa 1b f2 53 34 31
- Mar 30 11:11:46.738193: | f4 10 78 9a
- Mar 30 11:11:46.738205: | received 'informational' message HASH(1) data ok
- Mar 30 11:11:46.738217: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
- Mar 30 11:11:46.738237: | SPI
- Mar 30 11:11:46.738246: | 37 1a 89 1a
- Mar 30 11:11:46.738257: | FOR_EACH_STATE_... in find_phase2_state_to_delete
- Mar 30 11:11:46.738286: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
- Mar 30 11:11:46.738312: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x371a891a) payload: deleting IPsec State #9
- Mar 30 11:11:46.738326: | pstats #9 ikev1.ipsec deleted completed
- Mar 30 11:11:46.738344: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:46.738371: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:46.738410: "l2tp-psk"[4] 93.46.124.104 #9: deleting other state #9 (STATE_QUICK_R2) aged 10.007s and sending notification
- Mar 30 11:11:46.738423: | child state #9: QUICK_R2(established CHILD SA) => delete
- Mar 30 11:11:46.738442: | get_sa_info esp.371a891a@93.46.124.104
- Mar 30 11:11:46.738518: | get_sa_info esp.f7240e32@10.68.154.105
- Mar 30 11:11:46.738575: "l2tp-psk"[4] 93.46.124.104 #9: ESP traffic information: in=0B out=0B
- Mar 30 11:11:46.738594: | unsuspending #9 MD (nil)
- Mar 30 11:11:46.738607: | #9 send IKEv1 delete notification for STATE_QUICK_R2
- Mar 30 11:11:46.738618: | FOR_EACH_STATE_... in find_phase1_state
- Mar 30 11:11:46.738648: | **emit ISAKMP Message:
- Mar 30 11:11:46.738667: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.738684: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.738693: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.738702: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:46.738710: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:46.738719: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:46.738729: | Message ID: 790460060 (2f 1d 76 9c)
- Mar 30 11:11:46.738737: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:46.738746: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:46.738754: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.738762: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:46.738770: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:46.738780: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:46.738787: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:46.738795: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:46.738802: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.738810: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:46.738818: | protocol ID: 3 (03)
- Mar 30 11:11:46.738826: | SPI size: 4 (04)
- Mar 30 11:11:46.738835: | number of SPIs: 1 (00 01)
- Mar 30 11:11:46.738843: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:46.738906: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:46.739020: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
- Mar 30 11:11:46.739044: | delete payload: f7 24 0e 32
- Mar 30 11:11:46.739057: | emitting length of ISAKMP Delete Payload: 16
- Mar 30 11:11:46.739140: | send delete HASH(1):
- Mar 30 11:11:46.739160: | e6 3a ba 40 bd 8c 88 ed 66 92 35 a6 84 78 57 ed
- Mar 30 11:11:46.739169: | ac c0 c0 46
- Mar 30 11:11:46.739203: | emitting 8 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:46.739218: | no IKEv1 message padding required
- Mar 30 11:11:46.739229: | emitting length of ISAKMP Message: 76
- Mar 30 11:11:46.739277: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:46.739292: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:46.739302: | 5d 82 98 78 08 10 05 01 2f 1d 76 9c 00 00 00 4c
- Mar 30 11:11:46.739311: | 50 90 ba 67 e2 d8 f2 62 9f 54 cf 45 4c 5a c3 9e
- Mar 30 11:11:46.739319: | 8c df e0 f1 cf f0 8c 10 66 c7 75 22 ea a6 d4 5d
- Mar 30 11:11:46.739328: | 36 e0 b1 f6 17 60 d8 4b 6b 3e bb 30 a1 da 76 02
- Mar 30 11:11:46.739479: | state #9 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:46.739510: | libevent_free: delref ptr-libevent@0x562b2d5545b8
- Mar 30 11:11:46.739524: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d551528
- Mar 30 11:11:46.739538: | running updown command "ipsec _updown" for verb down
- Mar 30 11:11:46.739551: | command executing down-host
- Mar 30 11:11:46.739632: | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1585566696' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_...
- Mar 30 11:11:46.739652: | popen cmd is 1134 chars long
- Mar 30 11:11:46.739662: | cmd( 0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIR:
- Mar 30 11:11:46.739672: | cmd( 80):T_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='1:
- Mar 30 11:11:46.739681: | cmd( 160):0.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIE:
- Mar 30 11:11:46.739690: | cmd( 240):NT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK=':
- Mar 30 11:11:46.739698: | cmd( 320):255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='164:
- Mar 30 11:11:46.739705: | cmd( 400):08' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101':
- Mar 30 11:11:46.739712: | cmd( 480): PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUT:
- Mar 30 11:11:46.739719: | cmd( 560):O_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL=:
- Mar 30 11:11:46.739726: | cmd( 640):'17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1585566696' PLUTO_CONN:
- Mar 30 11:11:46.739733: | cmd( 720):_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P:
- Mar 30 11:11:46.739740: | cmd( 800):LUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I:
- Mar 30 11:11:46.739766: | cmd( 880):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN:
- Mar 30 11:11:46.739774: | cmd( 960):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA:
- Mar 30 11:11:46.739781: | cmd(1040):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x371a891a SPI_OUT=0xf7240e32 ipse:
- Mar 30 11:11:46.739788: | cmd(1120):c _updown 2>&1:
- Mar 30 11:11:46.748052: | shunt_eroute() called for connection 'l2tp-psk' to 'delete' for rt_kind 'unrouted' using protoports 10.68.154.105/32:1701 --17->- 93.46.124.104/32:1701
- Mar 30 11:11:46.748106: | netlink_shunt_eroute for proto 17, and source 10.68.154.105/32:1701 dest 93.46.124.104/32:1701
- Mar 30 11:11:46.748119: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:46.748138: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
- Mar 30 11:11:46.748146: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:46.748206: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:46.748240: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
- Mar 30 11:11:46.748250: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:46.748274: | FOR_EACH_CONNECTION_... in route_owner
- Mar 30 11:11:46.748282: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:46.748288: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:46.748293: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:46.748299: | conn xauth-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:46.748305: | conn l2tp-psk mark 0/00000000, 0/00000000 vs
- Mar 30 11:11:46.748310: | conn l2tp-psk mark 0/00000000, 0/00000000
- Mar 30 11:11:46.748326: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL
- Mar 30 11:11:46.748332: | running updown command "ipsec _updown" for verb unroute
- Mar 30 11:11:46.748338: | command executing unroute-host
- Mar 30 11:11:46.748385: | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='none' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CL...
- Mar 30 11:11:46.748393: | popen cmd is 1115 chars long
- Mar 30 11:11:46.748398: | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_:
- Mar 30 11:11:46.748404: | cmd( 80):VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP:
- Mar 30 11:11:46.748409: | cmd( 160):='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_C:
- Mar 30 11:11:46.748414: | cmd( 240):LIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MAS:
- Mar 30 11:11:46.748419: | cmd( 320):K='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID=':
- Mar 30 11:11:46.748424: | cmd( 400):16408' PLUTO_SA_TYPE='none' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.:
- Mar 30 11:11:46.748429: | cmd( 480):101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' :
- Mar 30 11:11:46.748434: | cmd( 560):PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTO:
- Mar 30 11:11:46.748455: | cmd( 640):COL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI:
- Mar 30 11:11:46.748461: | cmd( 720):CY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_:
- Mar 30 11:11:46.748466: | cmd( 800):CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE:
- Mar 30 11:11:46.748471: | cmd( 880):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=':
- Mar 30 11:11:46.748476: | cmd( 960):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='':
- Mar 30 11:11:46.748481: | cmd(1040): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
- Mar 30 11:11:46.759381: | delete esp.371a891a@93.46.124.104
- Mar 30 11:11:46.759415: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:46.759450: | netlink response for Del SA esp.371a891a@93.46.124.104 included non-error error
- Mar 30 11:11:46.759457: | priority calculation of connection "l2tp-psk" is 0x15bfbf
- Mar 30 11:11:46.759467: | delete inbound eroute 93.46.124.104/32:1701 --17-> 10.68.154.105/32:1701 => esp.10000@10.68.154.105 using reqid 0 (raw_eroute)
- Mar 30 11:11:46.759474: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
- Mar 30 11:11:46.759478: | netlink_raw_eroute: using host address instead of client subnet
- Mar 30 11:11:46.759491: | raw_eroute result=success
- Mar 30 11:11:46.759496: | delete esp.f7240e32@10.68.154.105
- Mar 30 11:11:46.759500: | XFRM: deleting IPsec SA with reqid 0
- Mar 30 11:11:46.759508: | netlink response for Del SA esp.f7240e32@10.68.154.105 included non-error error
- Mar 30 11:11:46.759525: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
- Mar 30 11:11:46.759529: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
- Mar 30 11:11:46.759532: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:46.759535: | connection is instance
- Mar 30 11:11:46.759539: | not in pending use
- Mar 30 11:11:46.759543: | State DB: found state #3 in MAIN_R3 (connection_discard)
- Mar 30 11:11:46.759547: | states still using this connection instance, retaining
- Mar 30 11:11:46.759552: | State DB: deleting IKEv1 state #9 in QUICK_R2
- Mar 30 11:11:46.759563: | child state #9: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
- Mar 30 11:11:46.759567: | releasing #9's fd-fd@(nil) because deleting state
- Mar 30 11:11:46.759571: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:46.759578: | stop processing: state #9 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:46.759585: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:46.759605: | connection 'l2tp-psk' -POLICY_UP
- Mar 30 11:11:46.759609: | FOR_EACH_STATE_... in shared_phase1_connection
- Mar 30 11:11:46.759613: | Deleting states for connection - not including other IPsec SA's
- Mar 30 11:11:46.759616: | pass 0
- Mar 30 11:11:46.759619: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:46.759622: | state #3
- Mar 30 11:11:46.759625: | pass 1
- Mar 30 11:11:46.759628: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:46.759631: | state #3
- Mar 30 11:11:46.759638: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in foreach_state_by_connection_func_delete() at state.c:1376)
- Mar 30 11:11:46.759642: | pstats #3 ikev1.isakmp deleted completed
- Mar 30 11:11:46.759650: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
- Mar 30 11:11:46.759657: "l2tp-psk"[4] 93.46.124.104 #3: deleting state (STATE_MAIN_R3) aged 35.444s and sending notification
- Mar 30 11:11:46.759661: | parent state #3: MAIN_R3(established IKE SA) => delete
- Mar 30 11:11:46.759665: | unsuspending #3 MD (nil)
- Mar 30 11:11:46.759669: | #3 send IKEv1 delete notification for STATE_MAIN_R3
- Mar 30 11:11:46.759703: | **emit ISAKMP Message:
- Mar 30 11:11:46.759710: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.759714: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.759719: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.759722: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:46.759726: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:46.759730: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:46.759735: | Message ID: 618241470 (24 d9 9d be)
- Mar 30 11:11:46.759739: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
- Mar 30 11:11:46.759743: | ***emit ISAKMP Hash Payload:
- Mar 30 11:11:46.759746: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.759750: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
- Mar 30 11:11:46.759754: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:46.759758: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
- Mar 30 11:11:46.759762: | emitting length of ISAKMP Hash Payload: 24
- Mar 30 11:11:46.759765: | ***emit ISAKMP Delete Payload:
- Mar 30 11:11:46.759769: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Mar 30 11:11:46.759772: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Mar 30 11:11:46.759776: | protocol ID: 1 (01)
- Mar 30 11:11:46.759780: | SPI size: 16 (10)
- Mar 30 11:11:46.759783: | number of SPIs: 1 (00 01)
- Mar 30 11:11:46.759787: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
- Mar 30 11:11:46.759790: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
- Mar 30 11:11:46.759794: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload
- Mar 30 11:11:46.759799: | initiator SPI: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.759802: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload
- Mar 30 11:11:46.759807: | responder SPI: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.759810: | emitting length of ISAKMP Delete Payload: 28
- Mar 30 11:11:46.759868: | send delete HASH(1):
- Mar 30 11:11:46.759873: | 9e a3 ed af c4 4c 43 d4 a6 ee bb d5 70 22 a5 d8
- Mar 30 11:11:46.759876: | 1b 8f 41 ac
- Mar 30 11:11:46.759891: | emitting 12 zero bytes of encryption padding into ISAKMP Message
- Mar 30 11:11:46.759894: | no IKEv1 message padding required
- Mar 30 11:11:46.759898: | emitting length of ISAKMP Message: 92
- Mar 30 11:11:46.759922: | sending 96 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
- Mar 30 11:11:46.759926: | 00 00 00 00 f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a
- Mar 30 11:11:46.759930: | 5d 82 98 78 08 10 05 01 24 d9 9d be 00 00 00 5c
- Mar 30 11:11:46.759933: | 83 62 f6 7d 6b 2e 19 2a 52 25 0e 2f 4d cb 58 e6
- Mar 30 11:11:46.759936: | 28 76 8e 84 e1 d3 4c 6e 70 37 d0 6f be 62 96 ac
- Mar 30 11:11:46.759939: | 17 c6 4d 71 76 11 ad b4 9e 6c 96 76 be 61 22 71
- Mar 30 11:11:46.759943: | a5 05 88 aa b6 fa 09 1d 82 95 e2 29 07 94 c2 23
- Mar 30 11:11:46.760053: | state #3 requesting EVENT_SA_EXPIRE to be deleted
- Mar 30 11:11:46.760070: | libevent_free: delref ptr-libevent@0x562b2d5553d8
- Mar 30 11:11:46.760075: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d551aa8
- Mar 30 11:11:46.760081: | State DB: IKEv1 state not found (flush_incomplete_children)
- Mar 30 11:11:46.760085: | in connection_discard for connection l2tp-psk
- Mar 30 11:11:46.760089: | State DB: deleting IKEv1 state #3 in MAIN_R3
- Mar 30 11:11:46.760094: | parent state #3: MAIN_R3(established IKE SA) => UNDEFINED(ignore)
- Mar 30 11:11:46.760098: | releasing #3's fd-fd@(nil) because deleting state
- Mar 30 11:11:46.760101: | delref fdp@NULL (in delete_state() at state.c:1185)
- Mar 30 11:11:46.760129: | stop processing: state #3 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
- Mar 30 11:11:46.760157: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1378)
- Mar 30 11:11:46.760170: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (in delete_connection() at connections.c:192)
- Mar 30 11:11:46.760178: "l2tp-psk"[4] 93.46.124.104: deleting connection "l2tp-psk"[4] 93.46.124.104 instance with peer 93.46.124.104 {isakmp=#0/ipsec=#0}
- Mar 30 11:11:46.760181: | Deleting states for connection - not including other IPsec SA's
- Mar 30 11:11:46.760184: | pass 0
- Mar 30 11:11:46.760187: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:46.760190: | pass 1
- Mar 30 11:11:46.760193: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
- Mar 30 11:11:46.760200: | free hp@0x562b2d550f18
- Mar 30 11:11:46.760203: | flush revival: connection 'l2tp-psk' wasn't on the list
- Mar 30 11:11:46.760208: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (in discard_connection() at connections.c:255)
- Mar 30 11:11:46.760216: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2533)
- Mar 30 11:11:46.760219: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
- Mar 30 11:11:46.760223: | del:
- Mar 30 11:11:46.760226: |
- Mar 30 11:11:46.760229: | in statetime_start() with no state
- Mar 30 11:11:46.760234: | complete v1 state transition with STF_IGNORE
- Mar 30 11:11:46.760240: | stop processing: from 93.46.124.104:4500 (in process_md() at demux.c:381)
- Mar 30 11:11:46.760246: | processing: STOP state #0 (in process_md() at demux.c:383)
- Mar 30 11:11:46.760249: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:46.760285: | *received 92 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
- Mar 30 11:11:46.760289: | f8 3c 21 0c a6 50 d0 ca 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.760292: | 08 10 05 01 4d 21 e2 08 00 00 00 5c 12 46 88 29
- Mar 30 11:11:46.760295: | 97 e7 7a 75 dd 8e a4 88 dc 4d cd 55 74 6c 69 1c
- Mar 30 11:11:46.760298: | d8 4e f8 db 9a bf a1 12 11 8b c0 14 1e de 5a fb
- Mar 30 11:11:46.760301: | a2 9d 10 d4 59 69 9d d4 a2 d4 64 c3 8e 73 07 5e
- Mar 30 11:11:46.760304: | a0 b6 31 8b 1e 8d 53 63 fa 29 d2 c3
- Mar 30 11:11:46.760309: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
- Mar 30 11:11:46.760313: | **parse ISAKMP Message:
- Mar 30 11:11:46.760318: | initiator cookie: f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.760323: | responder cookie: 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.760326: | next payload type: ISAKMP_NEXT_HASH (0x8)
- Mar 30 11:11:46.760329: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Mar 30 11:11:46.760333: | exchange type: ISAKMP_XCHG_INFO (0x5)
- Mar 30 11:11:46.760336: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
- Mar 30 11:11:46.760340: | Message ID: 1294066184 (4d 21 e2 08)
- Mar 30 11:11:46.760345: | length: 92 (00 00 00 5c)
- Mar 30 11:11:46.760348: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
- Mar 30 11:11:46.760352: | State DB: IKEv1 state not found (find_v1_info_state)
- Mar 30 11:11:46.760355: | State DB: IKEv1 state not found (find_state_ikev1_init)
- Mar 30 11:11:46.760359: | Informational Exchange is for an unknown (expired?) SA with MSGID:0x4d21e208
- Mar 30 11:11:46.760362: | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes:
- Mar 30 11:11:46.760365: | f8 3c 21 0c a6 50 d0 ca
- Mar 30 11:11:46.760368: | - unknown SA's md->hdr.isa_ike_responder_spi.bytes:
- Mar 30 11:11:46.760371: | 6c 9a 42 2a 5d 82 98 78
- Mar 30 11:11:46.760376: | stop processing: from 93.46.124.104:4500 (in process_md() at demux.c:381)
- Mar 30 11:11:46.760380: | processing: STOP state #0 (in process_md() at demux.c:383)
- Mar 30 11:11:46.760383: | processing: STOP connection NULL (in process_md() at demux.c:384)
- Mar 30 11:11:46.760392: | processing signal PLUTO_SIGCHLD
- Mar 30 11:11:46.760397: | waitpid returned ECHILD (no child processes left)
- Mar 30 11:11:46.760401: | processing signal PLUTO_SIGCHLD
- Mar 30 11:11:46.760404: | waitpid returned ECHILD (no child processes left)
- Mar 30 11:11:51.445201: | processing global timer EVENT_NAT_T_KEEPALIVE
- Mar 30 11:11:51.445295: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
- Mar 30 11:12:03.341580: | processing global timer EVENT_PENDING_DDNS
- Mar 30 11:12:03.341651: | FOR_EACH_CONNECTION_... in connection_check_ddns
- Mar 30 11:12:03.341661: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
- Mar 30 11:12:03.341689: | elapsed time in connection_check_ddns for hostname lookup 0.000037
- Mar 30 11:12:03.341698: | processing global timer EVENT_SHUNT_SCAN
- Mar 30 11:12:03.341707: | checking for aged bare shunts from shunt table to expire
- Mar 30 11:12:23.357806: | processing global timer EVENT_SD_WATCHDOG
- Mar 30 11:12:23.357863: | pluto_sd: executing action action: watchdog(3), status 0
- Mar 30 11:12:23.357951: | processing global timer EVENT_SHUNT_SCAN
- Mar 30 11:12:23.357962: | checking for aged bare shunts from shunt table to expire
- Mar 30 11:12:43.358059: | processing global timer EVENT_SHUNT_SCAN
- Mar 30 11:12:43.358124: | checking for aged bare shunts from shunt table to expire
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement