libreswan 3.31 log

1.  
2. Mar 30 11:11:11.313765: | *received 408 bytes from 93.46.124.104:500 on ens2 (10.68.154.105:500)
3. Mar 30 11:11:11.313822: |   f8 3c 21 0c  a6 50 d0 ca  00 00 00 00  00 00 00 00
4. Mar 30 11:11:11.313828: |   01 10 02 00  00 00 00 00  00 00 01 98  0d 00 00 d4
5. Mar 30 11:11:11.313833: |   00 00 00 01  00 00 00 01  00 00 00 c8  01 01 00 05
6. Mar 30 11:11:11.313837: |   03 00 00 28  01 01 00 00  80 01 00 07  80 0e 01 00
7. Mar 30 11:11:11.313842: |   80 02 00 02  80 04 00 14  80 03 00 01  80 0b 00 01
8. Mar 30 11:11:11.313846: |   00 0c 00 04  00 00 70 80  03 00 00 28  02 01 00 00
9. Mar 30 11:11:11.313850: |   80 01 00 07  80 0e 00 80  80 02 00 02  80 04 00 13
10. Mar 30 11:11:11.313855: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
11. Mar 30 11:11:11.313859: |   03 00 00 28  03 01 00 00  80 01 00 07  80 0e 01 00
12. Mar 30 11:11:11.313865: |   80 02 00 02  80 04 00 0e  80 03 00 01  80 0b 00 01
13. Mar 30 11:11:11.313869: |   00 0c 00 04  00 00 70 80  03 00 00 24  04 01 00 00
14. Mar 30 11:11:11.313873: |   80 01 00 05  80 02 00 02  80 04 00 0e  80 03 00 01
15. Mar 30 11:11:11.313877: |   80 0b 00 01  00 0c 00 04  00 00 70 80  00 00 00 24
16. Mar 30 11:11:11.313881: |   05 01 00 00  80 01 00 05  80 02 00 02  80 04 00 02
17. Mar 30 11:11:11.313885: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
18. Mar 30 11:11:11.313890: |   0d 00 00 18  01 52 8b bb  c0 06 96 12  18 49 ab 9a
19. Mar 30 11:11:11.313895: |   1c 5b 2a 51  00 00 00 01  0d 00 00 18  1e 2b 51 69
20. Mar 30 11:11:11.313899: |   05 99 1c 7d  7c 96 fc bf  b5 87 e4 61  00 00 00 09
21. Mar 30 11:11:11.313903: |   0d 00 00 14  4a 13 1c 81  07 03 58 45  5c 57 28 f2
22. Mar 30 11:11:11.313907: |   0e 95 45 2f  0d 00 00 14  90 cb 80 91  3e bb 69 6e
23. Mar 30 11:11:11.313911: |   08 63 81 b5  ec 42 7b 1f  0d 00 00 14  40 48 b7 d5
24. Mar 30 11:11:11.313916: |   6e bc e8 85  25 e7 de 7f  00 d6 c2 d3  0d 00 00 14
25. Mar 30 11:11:11.313920: |   fb 1d e3 cd  f3 41 b7 ea  16 b7 e5 be  08 55 f1 20
26. Mar 30 11:11:11.313924: |   0d 00 00 14  26 24 4d 38  ed db 61 b3  17 2a 36 e3
27. Mar 30 11:11:11.313928: |   d0 cf b8 19  00 00 00 14  e3 a5 96 6a  76 37 9f e7
28. Mar 30 11:11:11.313932: |   07 22 82 31  e5 ce 86 52
29. Mar 30 11:11:11.313942: | start processing: from 93.46.124.104:500 (in process_md() at demux.c:379)
30. Mar 30 11:11:11.313952: | **parse ISAKMP Message:
31. Mar 30 11:11:11.313960: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
32. Mar 30 11:11:11.313968: |    responder cookie: 00 00 00 00  00 00 00 00
33. Mar 30 11:11:11.313974: |    next payload type: ISAKMP_NEXT_SA (0x1)
34. Mar 30 11:11:11.313979: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
35. Mar 30 11:11:11.313984: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
36. Mar 30 11:11:11.313990: |    flags: none (0x0)
37. Mar 30 11:11:11.313997: |    Message ID: 0 (00 00 00 00)
38. Mar 30 11:11:11.314003: |    length: 408 (00 00 01 98)
39. Mar 30 11:11:11.314008: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
40. Mar 30 11:11:11.314017: | State DB: IKEv1 state not found (find_state_ikev1_init)
41. Mar 30 11:11:11.314022: | #null state always idle
42. Mar 30 11:11:11.314029: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
43. Mar 30 11:11:11.314035: | ***parse ISAKMP Security Association Payload:
44. Mar 30 11:11:11.314039: |    next payload type: ISAKMP_NEXT_VID (0xd)
45. Mar 30 11:11:11.314045: |    length: 212 (00 d4)
46. Mar 30 11:11:11.314049: |    DOI: ISAKMP_DOI_IPSEC (0x1)
47. Mar 30 11:11:11.314054: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
48. Mar 30 11:11:11.314059: | ***parse ISAKMP Vendor ID Payload:
49. Mar 30 11:11:11.314064: |    next payload type: ISAKMP_NEXT_VID (0xd)
50. Mar 30 11:11:11.314070: |    length: 24 (00 18)
51. Mar 30 11:11:11.314074: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
52. Mar 30 11:11:11.314079: | ***parse ISAKMP Vendor ID Payload:
53. Mar 30 11:11:11.314083: |    next payload type: ISAKMP_NEXT_VID (0xd)
54. Mar 30 11:11:11.314089: |    length: 24 (00 18)
55. Mar 30 11:11:11.314093: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
56. Mar 30 11:11:11.314098: | ***parse ISAKMP Vendor ID Payload:
57. Mar 30 11:11:11.314103: |    next payload type: ISAKMP_NEXT_VID (0xd)
58. Mar 30 11:11:11.314143: |    length: 20 (00 14)
59. Mar 30 11:11:11.314148: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
60. Mar 30 11:11:11.314152: | ***parse ISAKMP Vendor ID Payload:
61. Mar 30 11:11:11.314156: |    next payload type: ISAKMP_NEXT_VID (0xd)
62. Mar 30 11:11:11.314161: |    length: 20 (00 14)
63. Mar 30 11:11:11.314165: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
64. Mar 30 11:11:11.314169: | ***parse ISAKMP Vendor ID Payload:
65. Mar 30 11:11:11.314173: |    next payload type: ISAKMP_NEXT_VID (0xd)
66. Mar 30 11:11:11.314178: |    length: 20 (00 14)
67. Mar 30 11:11:11.314182: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
68. Mar 30 11:11:11.314186: | ***parse ISAKMP Vendor ID Payload:
69. Mar 30 11:11:11.314191: |    next payload type: ISAKMP_NEXT_VID (0xd)
70. Mar 30 11:11:11.314195: |    length: 20 (00 14)
71. Mar 30 11:11:11.314200: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
72. Mar 30 11:11:11.314204: | ***parse ISAKMP Vendor ID Payload:
73. Mar 30 11:11:11.314209: |    next payload type: ISAKMP_NEXT_VID (0xd)
74. Mar 30 11:11:11.314214: |    length: 20 (00 14)
75. Mar 30 11:11:11.314218: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
76. Mar 30 11:11:11.314223: | ***parse ISAKMP Vendor ID Payload:
77. Mar 30 11:11:11.314227: |    next payload type: ISAKMP_NEXT_NONE (0x0)
78. Mar 30 11:11:11.314232: |    length: 20 (00 14)
79. Mar 30 11:11:11.314237: | message 'main_inI1_outR1' HASH payload not checked early
80. Mar 30 11:11:11.314245: | ignoring Vendor ID payload [Windows KEY_MODS (AUTHIP)]
81. Mar 30 11:11:11.314250: | ignoring Vendor ID payload [Windows 8, 8.1, 10, Server 2012 R2, Server 2016]
82. Mar 30 11:11:11.314258: |  quirks.qnat_traversal_vid set to=117 [RFC 3947]
83. Mar 30 11:11:11.314263: | received Vendor ID payload [RFC 3947]
84. Mar 30 11:11:11.314268: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
85. Mar 30 11:11:11.314272: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
86. Mar 30 11:11:11.314277: | received Vendor ID payload [FRAGMENTATION]
87. Mar 30 11:11:11.314282: | ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
88. Mar 30 11:11:11.314288: | ignoring Vendor ID payload [Vid-Initial-Contact]
89. Mar 30 11:11:11.314292: | ignoring Vendor ID payload [IKE CGA version 1]
90. Mar 30 11:11:11.314297: | in statetime_start() with no state
91. Mar 30 11:11:11.314307: | find_host_connection local=10.68.154.105:500 remote=93.46.124.104:500 policy=IKEV1_ALLOW but ignoring ports
92. Mar 30 11:11:11.314313: | find_next_host_connection policy=IKEV1_ALLOW
93. Mar 30 11:11:11.314317: | find_next_host_connection returns empty
94. Mar 30 11:11:11.314323: | ****parse IPsec DOI SIT:
95. Mar 30 11:11:11.314327: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
96. Mar 30 11:11:11.314332: | ****parse ISAKMP Proposal Payload:
97. Mar 30 11:11:11.314336: |    next payload type: ISAKMP_NEXT_NONE (0x0)
98. Mar 30 11:11:11.314341: |    length: 200 (00 c8)
99. Mar 30 11:11:11.314345: |    proposal number: 1 (01)
100. Mar 30 11:11:11.314369: |    protocol ID: PROTO_ISAKMP (0x1)
101. Mar 30 11:11:11.314376: |    SPI size: 0 (00)
102. Mar 30 11:11:11.314381: |    number of transforms: 5 (05)
103. Mar 30 11:11:11.314386: | *****parse ISAKMP Transform Payload (ISAKMP):
104. Mar 30 11:11:11.314390: |    next payload type: ISAKMP_NEXT_T (0x3)
105. Mar 30 11:11:11.314395: |    length: 40 (00 28)
106. Mar 30 11:11:11.314467: |    ISAKMP transform number: 1 (01)
107. Mar 30 11:11:11.314476: |    ISAKMP transform ID: KEY_IKE (0x1)
108. Mar 30 11:11:11.314481: | ******parse ISAKMP Oakley attribute:
109. Mar 30 11:11:11.314486: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
110. Mar 30 11:11:11.314490: |    length/value: 7 (00 07)
111. Mar 30 11:11:11.314495: | ******parse ISAKMP Oakley attribute:
112. Mar 30 11:11:11.314499: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
113. Mar 30 11:11:11.314504: |    length/value: 256 (01 00)
114. Mar 30 11:11:11.314508: | ******parse ISAKMP Oakley attribute:
115. Mar 30 11:11:11.314512: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
116. Mar 30 11:11:11.314518: |    length/value: 2 (00 02)
117. Mar 30 11:11:11.314522: | ******parse ISAKMP Oakley attribute:
118. Mar 30 11:11:11.314526: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
119. Mar 30 11:11:11.314540: |    length/value: 20 (00 14)
120. Mar 30 11:11:11.314544: | ******parse ISAKMP Oakley attribute:
121. Mar 30 11:11:11.314566: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
122. Mar 30 11:11:11.314573: |    length/value: 1 (00 01)
123. Mar 30 11:11:11.314578: | ******parse ISAKMP Oakley attribute:
124. Mar 30 11:11:11.314582: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
125. Mar 30 11:11:11.314587: |    length/value: 1 (00 01)
126. Mar 30 11:11:11.314591: | ******parse ISAKMP Oakley attribute:
127. Mar 30 11:11:11.314596: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
128. Mar 30 11:11:11.314600: |    length/value: 4 (00 04)
129. Mar 30 11:11:11.314605: | *****parse ISAKMP Transform Payload (ISAKMP):
130. Mar 30 11:11:11.314609: |    next payload type: ISAKMP_NEXT_T (0x3)
131. Mar 30 11:11:11.314614: |    length: 40 (00 28)
132. Mar 30 11:11:11.314619: |    ISAKMP transform number: 2 (02)
133. Mar 30 11:11:11.314623: |    ISAKMP transform ID: KEY_IKE (0x1)
134. Mar 30 11:11:11.314627: | ******parse ISAKMP Oakley attribute:
135. Mar 30 11:11:11.314630: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
136. Mar 30 11:11:11.314636: |    length/value: 7 (00 07)
137. Mar 30 11:11:11.314640: | ******parse ISAKMP Oakley attribute:
138. Mar 30 11:11:11.314644: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
139. Mar 30 11:11:11.314649: |    length/value: 128 (00 80)
140. Mar 30 11:11:11.314653: | ******parse ISAKMP Oakley attribute:
141. Mar 30 11:11:11.314657: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
142. Mar 30 11:11:11.314662: |    length/value: 2 (00 02)
143. Mar 30 11:11:11.314666: | ******parse ISAKMP Oakley attribute:
144. Mar 30 11:11:11.314670: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
145. Mar 30 11:11:11.314674: |    length/value: 19 (00 13)
146. Mar 30 11:11:11.314678: | ******parse ISAKMP Oakley attribute:
147. Mar 30 11:11:11.314683: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
148. Mar 30 11:11:11.314687: |    length/value: 1 (00 01)
149. Mar 30 11:11:11.314691: | ******parse ISAKMP Oakley attribute:
150. Mar 30 11:11:11.314695: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
151. Mar 30 11:11:11.314700: |    length/value: 1 (00 01)
152. Mar 30 11:11:11.314704: | ******parse ISAKMP Oakley attribute:
153. Mar 30 11:11:11.314708: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
154. Mar 30 11:11:11.314713: |    length/value: 4 (00 04)
155. Mar 30 11:11:11.314718: | *****parse ISAKMP Transform Payload (ISAKMP):
156. Mar 30 11:11:11.314722: |    next payload type: ISAKMP_NEXT_T (0x3)
157. Mar 30 11:11:11.314726: |    length: 40 (00 28)
158. Mar 30 11:11:11.314731: |    ISAKMP transform number: 3 (03)
159. Mar 30 11:11:11.314735: |    ISAKMP transform ID: KEY_IKE (0x1)
160. Mar 30 11:11:11.314740: | ******parse ISAKMP Oakley attribute:
161. Mar 30 11:11:11.314743: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
162. Mar 30 11:11:11.314748: |    length/value: 7 (00 07)
163. Mar 30 11:11:11.314752: | ******parse ISAKMP Oakley attribute:
164. Mar 30 11:11:11.314757: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
165. Mar 30 11:11:11.314761: |    length/value: 256 (01 00)
166. Mar 30 11:11:11.314765: | ******parse ISAKMP Oakley attribute:
167. Mar 30 11:11:11.314769: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
168. Mar 30 11:11:11.314773: |    length/value: 2 (00 02)
169. Mar 30 11:11:11.314777: | ******parse ISAKMP Oakley attribute:
170. Mar 30 11:11:11.314781: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
171. Mar 30 11:11:11.314787: |    length/value: 14 (00 0e)
172. Mar 30 11:11:11.314791: | ******parse ISAKMP Oakley attribute:
173. Mar 30 11:11:11.314817: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
174. Mar 30 11:11:11.314823: |    length/value: 1 (00 01)
175. Mar 30 11:11:11.314828: | ******parse ISAKMP Oakley attribute:
176. Mar 30 11:11:11.314832: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
177. Mar 30 11:11:11.314836: |    length/value: 1 (00 01)
178. Mar 30 11:11:11.314841: | ******parse ISAKMP Oakley attribute:
179. Mar 30 11:11:11.314845: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
180. Mar 30 11:11:11.314871: |    length/value: 4 (00 04)
181. Mar 30 11:11:11.314877: | *****parse ISAKMP Transform Payload (ISAKMP):
182. Mar 30 11:11:11.314881: |    next payload type: ISAKMP_NEXT_T (0x3)
183. Mar 30 11:11:11.314894: |    length: 36 (00 24)
184. Mar 30 11:11:11.314899: |    ISAKMP transform number: 4 (04)
185. Mar 30 11:11:11.314904: |    ISAKMP transform ID: KEY_IKE (0x1)
186. Mar 30 11:11:11.314908: | ******parse ISAKMP Oakley attribute:
187. Mar 30 11:11:11.314912: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
188. Mar 30 11:11:11.314917: |    length/value: 5 (00 05)
189. Mar 30 11:11:11.314981: | ******parse ISAKMP Oakley attribute:
190. Mar 30 11:11:11.314989: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
191. Mar 30 11:11:11.314993: |    length/value: 2 (00 02)
192. Mar 30 11:11:11.314997: | ******parse ISAKMP Oakley attribute:
193. Mar 30 11:11:11.315001: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
194. Mar 30 11:11:11.315005: |    length/value: 14 (00 0e)
195. Mar 30 11:11:11.315009: | ******parse ISAKMP Oakley attribute:
196. Mar 30 11:11:11.315013: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
197. Mar 30 11:11:11.315023: |    length/value: 1 (00 01)
198. Mar 30 11:11:11.315033: | ******parse ISAKMP Oakley attribute:
199. Mar 30 11:11:11.315041: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
200. Mar 30 11:11:11.315048: |    length/value: 1 (00 01)
201. Mar 30 11:11:11.315053: | ******parse ISAKMP Oakley attribute:
202. Mar 30 11:11:11.315057: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
203. Mar 30 11:11:11.315062: |    length/value: 4 (00 04)
204. Mar 30 11:11:11.315067: | *****parse ISAKMP Transform Payload (ISAKMP):
205. Mar 30 11:11:11.315071: |    next payload type: ISAKMP_NEXT_NONE (0x0)
206. Mar 30 11:11:11.315076: |    length: 36 (00 24)
207. Mar 30 11:11:11.315080: |    ISAKMP transform number: 5 (05)
208. Mar 30 11:11:11.315085: |    ISAKMP transform ID: KEY_IKE (0x1)
209. Mar 30 11:11:11.315089: | ******parse ISAKMP Oakley attribute:
210. Mar 30 11:11:11.315093: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
211. Mar 30 11:11:11.315098: |    length/value: 5 (00 05)
212. Mar 30 11:11:11.315103: | ******parse ISAKMP Oakley attribute:
213. Mar 30 11:11:11.315107: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
214. Mar 30 11:11:11.315112: |    length/value: 2 (00 02)
215. Mar 30 11:11:11.315116: | ******parse ISAKMP Oakley attribute:
216. Mar 30 11:11:11.315121: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
217. Mar 30 11:11:11.315126: |    length/value: 2 (00 02)
218. Mar 30 11:11:11.315130: | ******parse ISAKMP Oakley attribute:
219. Mar 30 11:11:11.315134: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
220. Mar 30 11:11:11.315139: |    length/value: 1 (00 01)
221. Mar 30 11:11:11.315144: | ******parse ISAKMP Oakley attribute:
222. Mar 30 11:11:11.315148: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
223. Mar 30 11:11:11.315152: |    length/value: 1 (00 01)
224. Mar 30 11:11:11.315156: | ******parse ISAKMP Oakley attribute:
225. Mar 30 11:11:11.315160: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
226. Mar 30 11:11:11.315165: |    length/value: 4 (00 04)
227. Mar 30 11:11:11.315175: | find_host_connection local=10.68.154.105:500 remote=<none:> policy=PSK+IKEV1_ALLOW but ignoring ports
228. Mar 30 11:11:11.315184: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
229. Mar 30 11:11:11.315191: | find_next_host_connection policy=PSK+IKEV1_ALLOW
230. Mar 30 11:11:11.315197: | found policy = PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (l2tp-psk)
231. Mar 30 11:11:11.315202: | find_next_host_connection returns l2tp-psk
232. Mar 30 11:11:11.315207: | find_next_host_connection policy=PSK+IKEV1_ALLOW
233. Mar 30 11:11:11.315213: | found policy = PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (xauth-psk)
234. Mar 30 11:11:11.315218: | find_next_host_connection returns empty
235. Mar 30 11:11:11.315224: | instantiating "l2tp-psk" for initial Main Mode message received on 10.68.154.105:500
236. Mar 30 11:11:11.315240: | subnet from address 93.46.124.104 (in default_end() at connections.c:378)
237. Mar 30 11:11:11.315247: | subnet from endpoint 10.68.154.105:1701 (in default_end() at connections.c:378)
238. Mar 30 11:11:11.315271: | connect_to_host_pair: 10.68.154.105:500 93.46.124.104:500 -> hp@(nil): none
239. Mar 30 11:11:11.315278: | new hp@0x562b2d550f18
240. Mar 30 11:11:11.315286: | rw_instantiate() instantiated "l2tp-psk"[3] 93.46.124.104 for 93.46.124.104
241. Mar 30 11:11:11.315354: | addref fd@NULL (in new_state() at state.c:555)
242. Mar 30 11:11:11.315364: | creating state object #3 at 0x562b2d553308
243. Mar 30 11:11:11.315371: | State DB: adding IKEv1 state #3 in UNDEFINED
244. Mar 30 11:11:11.315383: | pstats #3 ikev1.isakmp started
245. Mar 30 11:11:11.315389: | #3 updating local interface from <none> to 10.68.154.105:500 using md->iface (in update_ike_endpoints() at state.c:2627)
246. Mar 30 11:11:11.315402: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI1_outR1() at ikev1_main.c:660)
247. Mar 30 11:11:11.315409: | parent state #3: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA)
248. Mar 30 11:11:11.315415: | sender checking NAT-T: enabled; VID 117
249. Mar 30 11:11:11.315420: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
250. Mar 30 11:11:11.315424: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
251. Mar 30 11:11:11.315429: |   ICOOKIE-DUMP:
252. Mar 30 11:11:11.315433: |   f8 3c 21 0c  a6 50 d0 ca
253. Mar 30 11:11:11.315442: "l2tp-psk"[3] 93.46.124.104 #3: responding to Main Mode from unknown peer 93.46.124.104:500
254. Mar 30 11:11:11.315474: | **emit ISAKMP Message:
255. Mar 30 11:11:11.315482: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
256. Mar 30 11:11:11.315487: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
257. Mar 30 11:11:11.315492: |    next payload type: ISAKMP_NEXT_SA (0x1)
258. Mar 30 11:11:11.315496: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
259. Mar 30 11:11:11.315501: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
260. Mar 30 11:11:11.315505: |    flags: none (0x0)
261. Mar 30 11:11:11.315511: |    Message ID: 0 (00 00 00 00)
262. Mar 30 11:11:11.315515: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
263. Mar 30 11:11:11.315520: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
264. Mar 30 11:11:11.315524: | ***emit ISAKMP Security Association Payload:
265. Mar 30 11:11:11.315528: |    next payload type: ISAKMP_NEXT_VID (0xd)
266. Mar 30 11:11:11.315532: |    DOI: ISAKMP_DOI_IPSEC (0x1)
267. Mar 30 11:11:11.315537: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
268. Mar 30 11:11:11.315542: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
269. Mar 30 11:11:11.315547: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
270. Mar 30 11:11:11.315552: | ****parse IPsec DOI SIT:
271. Mar 30 11:11:11.315556: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
272. Mar 30 11:11:11.315561: | ****parse ISAKMP Proposal Payload:
273. Mar 30 11:11:11.315565: |    next payload type: ISAKMP_NEXT_NONE (0x0)
274. Mar 30 11:11:11.315570: |    length: 200 (00 c8)
275. Mar 30 11:11:11.315575: |    proposal number: 1 (01)
276. Mar 30 11:11:11.315580: |    protocol ID: PROTO_ISAKMP (0x1)
277. Mar 30 11:11:11.315584: |    SPI size: 0 (00)
278. Mar 30 11:11:11.315589: |    number of transforms: 5 (05)
279. Mar 30 11:11:11.315594: | *****parse ISAKMP Transform Payload (ISAKMP):
280. Mar 30 11:11:11.315598: |    next payload type: ISAKMP_NEXT_T (0x3)
281. Mar 30 11:11:11.315602: |    length: 40 (00 28)
282. Mar 30 11:11:11.315606: |    ISAKMP transform number: 1 (01)
283. Mar 30 11:11:11.315610: |    ISAKMP transform ID: KEY_IKE (0x1)
284. Mar 30 11:11:11.315615: | ******parse ISAKMP Oakley attribute:
285. Mar 30 11:11:11.315619: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
286. Mar 30 11:11:11.315624: |    length/value: 7 (00 07)
287. Mar 30 11:11:11.315629: |    [7 is OAKLEY_AES_CBC]
288. Mar 30 11:11:11.315636: | ******parse ISAKMP Oakley attribute:
289. Mar 30 11:11:11.315640: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
290. Mar 30 11:11:11.315646: |    length/value: 256 (01 00)
291. Mar 30 11:11:11.315650: | ******parse ISAKMP Oakley attribute:
292. Mar 30 11:11:11.315655: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
293. Mar 30 11:11:11.315661: |    length/value: 2 (00 02)
294. Mar 30 11:11:11.315665: |    [2 is OAKLEY_SHA1]
295. Mar 30 11:11:11.315678: | ******parse ISAKMP Oakley attribute:
296. Mar 30 11:11:11.315683: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
297. Mar 30 11:11:11.315688: |    length/value: 20 (00 14)
298. Mar 30 11:11:11.315693: |    [20 is OAKLEY_GROUP_ECP_384]
299. Mar 30 11:11:11.315698: | ******parse ISAKMP Oakley attribute:
300. Mar 30 11:11:11.315702: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
301. Mar 30 11:11:11.315707: |    length/value: 1 (00 01)
302. Mar 30 11:11:11.315712: |    [1 is OAKLEY_PRESHARED_KEY]
303. Mar 30 11:11:11.315721: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
304. Mar 30 11:11:11.315727: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
305. Mar 30 11:11:11.315734: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
306. Mar 30 11:11:11.315742: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
307. Mar 30 11:11:11.315746: | line 1: match=002
308. Mar 30 11:11:11.315750: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
309. Mar 30 11:11:11.315754: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
310. Mar 30 11:11:11.315759: | ******parse ISAKMP Oakley attribute:
311. Mar 30 11:11:11.315764: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
312. Mar 30 11:11:11.315770: |    length/value: 1 (00 01)
313. Mar 30 11:11:11.315774: |    [1 is OAKLEY_LIFE_SECONDS]
314. Mar 30 11:11:11.315778: | ******parse ISAKMP Oakley attribute:
315. Mar 30 11:11:11.315782: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
316. Mar 30 11:11:11.315787: |    length/value: 4 (00 04)
317. Mar 30 11:11:11.315792: |    long duration: 28800
318. Mar 30 11:11:11.315801: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
319. Mar 30 11:11:11.315811: "l2tp-psk"[3] 93.46.124.104 #3: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
320. Mar 30 11:11:11.315816: | *****parse ISAKMP Transform Payload (ISAKMP):
321. Mar 30 11:11:11.315822: |    next payload type: ISAKMP_NEXT_T (0x3)
322. Mar 30 11:11:11.315827: |    length: 40 (00 28)
323. Mar 30 11:11:11.315831: |    ISAKMP transform number: 2 (02)
324. Mar 30 11:11:11.315835: |    ISAKMP transform ID: KEY_IKE (0x1)
325. Mar 30 11:11:11.315841: | ******parse ISAKMP Oakley attribute:
326. Mar 30 11:11:11.315845: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
327. Mar 30 11:11:11.315850: |    length/value: 7 (00 07)
328. Mar 30 11:11:11.315853: |    [7 is OAKLEY_AES_CBC]
329. Mar 30 11:11:11.315858: | ******parse ISAKMP Oakley attribute:
330. Mar 30 11:11:11.315863: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
331. Mar 30 11:11:11.315868: |    length/value: 128 (00 80)
332. Mar 30 11:11:11.315873: | ******parse ISAKMP Oakley attribute:
333. Mar 30 11:11:11.315877: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
334. Mar 30 11:11:11.315882: |    length/value: 2 (00 02)
335. Mar 30 11:11:11.315886: |    [2 is OAKLEY_SHA1]
336. Mar 30 11:11:11.315891: | ******parse ISAKMP Oakley attribute:
337. Mar 30 11:11:11.315896: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
338. Mar 30 11:11:11.315901: |    length/value: 19 (00 13)
339. Mar 30 11:11:11.315905: |    [19 is OAKLEY_GROUP_ECP_256]
340. Mar 30 11:11:11.315909: | ******parse ISAKMP Oakley attribute:
341. Mar 30 11:11:11.315914: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
342. Mar 30 11:11:11.315919: |    length/value: 1 (00 01)
343. Mar 30 11:11:11.315924: |    [1 is OAKLEY_PRESHARED_KEY]
344. Mar 30 11:11:11.315931: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
345. Mar 30 11:11:11.315936: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
346. Mar 30 11:11:11.315944: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
347. Mar 30 11:11:11.315950: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
348. Mar 30 11:11:11.315954: | line 1: match=002
349. Mar 30 11:11:11.315958: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
350. Mar 30 11:11:11.315963: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
351. Mar 30 11:11:11.315967: | ******parse ISAKMP Oakley attribute:
352. Mar 30 11:11:11.315972: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
353. Mar 30 11:11:11.315978: |    length/value: 1 (00 01)
354. Mar 30 11:11:11.315989: |    [1 is OAKLEY_LIFE_SECONDS]
355. Mar 30 11:11:11.316086: | ******parse ISAKMP Oakley attribute:
356. Mar 30 11:11:11.316094: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
357. Mar 30 11:11:11.316100: |    length/value: 4 (00 04)
358. Mar 30 11:11:11.316104: |    long duration: 28800
359. Mar 30 11:11:11.316112: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
360. Mar 30 11:11:11.316119: "l2tp-psk"[3] 93.46.124.104 #3: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
361. Mar 30 11:11:11.316124: | *****parse ISAKMP Transform Payload (ISAKMP):
362. Mar 30 11:11:11.316128: |    next payload type: ISAKMP_NEXT_T (0x3)
363. Mar 30 11:11:11.316134: |    length: 40 (00 28)
364. Mar 30 11:11:11.316138: |    ISAKMP transform number: 3 (03)
365. Mar 30 11:11:11.316142: |    ISAKMP transform ID: KEY_IKE (0x1)
366. Mar 30 11:11:11.316146: | ******parse ISAKMP Oakley attribute:
367. Mar 30 11:11:11.316151: |    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
368. Mar 30 11:11:11.316156: |    length/value: 7 (00 07)
369. Mar 30 11:11:11.316160: |    [7 is OAKLEY_AES_CBC]
370. Mar 30 11:11:11.316165: | ******parse ISAKMP Oakley attribute:
371. Mar 30 11:11:11.316169: |    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
372. Mar 30 11:11:11.316174: |    length/value: 256 (01 00)
373. Mar 30 11:11:11.316179: | ******parse ISAKMP Oakley attribute:
374. Mar 30 11:11:11.316183: |    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
375. Mar 30 11:11:11.316188: |    length/value: 2 (00 02)
376. Mar 30 11:11:11.316193: |    [2 is OAKLEY_SHA1]
377. Mar 30 11:11:11.316197: | ******parse ISAKMP Oakley attribute:
378. Mar 30 11:11:11.316202: |    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
379. Mar 30 11:11:11.316207: |    length/value: 14 (00 0e)
380. Mar 30 11:11:11.316212: |    [14 is OAKLEY_GROUP_MODP2048]
381. Mar 30 11:11:11.316216: | ******parse ISAKMP Oakley attribute:
382. Mar 30 11:11:11.316221: |    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
383. Mar 30 11:11:11.316226: |    length/value: 1 (00 01)
384. Mar 30 11:11:11.316230: |    [1 is OAKLEY_PRESHARED_KEY]
385. Mar 30 11:11:11.316239: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
386. Mar 30 11:11:11.316245: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
387. Mar 30 11:11:11.316251: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
388. Mar 30 11:11:11.316258: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
389. Mar 30 11:11:11.316263: | line 1: match=002
390. Mar 30 11:11:11.316268: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
391. Mar 30 11:11:11.316272: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
392. Mar 30 11:11:11.316277: | ******parse ISAKMP Oakley attribute:
393. Mar 30 11:11:11.316281: |    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
394. Mar 30 11:11:11.316286: |    length/value: 1 (00 01)
395. Mar 30 11:11:11.316291: |    [1 is OAKLEY_LIFE_SECONDS]
396. Mar 30 11:11:11.316295: | ******parse ISAKMP Oakley attribute:
397. Mar 30 11:11:11.316299: |    af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
398. Mar 30 11:11:11.316304: |    length/value: 4 (00 04)
399. Mar 30 11:11:11.316308: |    long duration: 28800
400. Mar 30 11:11:11.316316: "l2tp-psk"[3] 93.46.124.104 #3: WARNING: connection l2tp-psk PSK length of 3 bytes is too short for sha PRF in FIPS mode (10 bytes required)
401. Mar 30 11:11:11.316321: | OAKLEY proposal verified; matching alg_info found
402. Mar 30 11:11:11.316325: | Oakley Transform 3 accepted
403. Mar 30 11:11:11.316329: | ****emit IPsec DOI SIT:
404. Mar 30 11:11:11.316335: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
405. Mar 30 11:11:11.316340: | ****emit ISAKMP Proposal Payload:
406. Mar 30 11:11:11.316344: |    next payload type: ISAKMP_NEXT_NONE (0x0)
407. Mar 30 11:11:11.316349: |    proposal number: 1 (01)
408. Mar 30 11:11:11.316354: |    protocol ID: PROTO_ISAKMP (0x1)
409. Mar 30 11:11:11.316359: |    SPI size: 0 (00)
410. Mar 30 11:11:11.316363: |    number of transforms: 1 (01)
411. Mar 30 11:11:11.316367: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
412. Mar 30 11:11:11.316372: | *****emit ISAKMP Transform Payload (ISAKMP):
413. Mar 30 11:11:11.316385: |    next payload type: ISAKMP_NEXT_NONE (0x0)
414. Mar 30 11:11:11.316389: |    ISAKMP transform number: 3 (03)
415. Mar 30 11:11:11.316393: |    ISAKMP transform ID: KEY_IKE (0x1)
416. Mar 30 11:11:11.316398: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
417. Mar 30 11:11:11.316403: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
418. Mar 30 11:11:11.316407: | attributes:
419. Mar 30 11:11:11.316411: |   80 01 00 07  80 0e 01 00  80 02 00 02  80 04 00 0e
420. Mar 30 11:11:11.316415: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
421. Mar 30 11:11:11.316419: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
422. Mar 30 11:11:11.316423: | emitting length of ISAKMP Proposal Payload: 48
423. Mar 30 11:11:11.316427: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
424. Mar 30 11:11:11.316431: | emitting length of ISAKMP Security Association Payload: 60
425. Mar 30 11:11:11.316435: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
426. Mar 30 11:11:11.316443: | out_vid(): sending [FRAGMENTATION]
427. Mar 30 11:11:11.316447: | ***emit ISAKMP Vendor ID Payload:
428. Mar 30 11:11:11.316452: |    next payload type: ISAKMP_NEXT_VID (0xd)
429. Mar 30 11:11:11.316456: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
430. Mar 30 11:11:11.316461: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
431. Mar 30 11:11:11.316489: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
432. Mar 30 11:11:11.316495: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
433. Mar 30 11:11:11.316504: | V_ID: 40 48 b7 d5  6e bc e8 85  25 e7 de 7f  00 d6 c2 d3
434. Mar 30 11:11:11.316508: | emitting length of ISAKMP Vendor ID Payload: 20
435. Mar 30 11:11:11.316512: | out_vid(): sending [Dead Peer Detection]
436. Mar 30 11:11:11.316516: | ***emit ISAKMP Vendor ID Payload:
437. Mar 30 11:11:11.316520: |    next payload type: ISAKMP_NEXT_NONE (0x0)
438. Mar 30 11:11:11.316524: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
439. Mar 30 11:11:11.316529: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
440. Mar 30 11:11:11.316533: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
441. Mar 30 11:11:11.316542: | V_ID: af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
442. Mar 30 11:11:11.316546: | emitting length of ISAKMP Vendor ID Payload: 20
443. Mar 30 11:11:11.316550: | out_vid(): sending [RFC 3947]
444. Mar 30 11:11:11.316554: | ***emit ISAKMP Vendor ID Payload:
445. Mar 30 11:11:11.316558: |    next payload type: ISAKMP_NEXT_NONE (0x0)
446. Mar 30 11:11:11.316562: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
447. Mar 30 11:11:11.316566: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
448. Mar 30 11:11:11.316571: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
449. Mar 30 11:11:11.316578: | V_ID: 4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
450. Mar 30 11:11:11.316583: | emitting length of ISAKMP Vendor ID Payload: 20
451. Mar 30 11:11:11.316587: | no IKEv1 message padding required
452. Mar 30 11:11:11.316591: | emitting length of ISAKMP Message: 148
453. Mar 30 11:11:11.316600: | complete v1 state transition with STF_OK
454. Mar 30 11:11:11.316611: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
455. Mar 30 11:11:11.316616: | #3 is idle
456. Mar 30 11:11:11.316620: | doing_xauth:no, t_xauth_client_done:no
457. Mar 30 11:11:11.316624: | peer supports fragmentation
458. Mar 30 11:11:11.316628: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
459. Mar 30 11:11:11.316641: | parent state #3: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA)
460. Mar 30 11:11:11.316646: | event_already_set, deleting event
461. Mar 30 11:11:11.316657: | sending reply packet to 93.46.124.104:500 (from 10.68.154.105:500)
462. Mar 30 11:11:11.316671: | sending 148 bytes for STATE_MAIN_R0 through ens2 from 10.68.154.105:500 to 93.46.124.104:500 (using #3)
463. Mar 30 11:11:11.316676: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
464. Mar 30 11:11:11.316680: |   01 10 02 00  00 00 00 00  00 00 00 94  0d 00 00 3c
465. Mar 30 11:11:11.316684: |   00 00 00 01  00 00 00 01  00 00 00 30  01 01 00 01
466. Mar 30 11:11:11.316688: |   00 00 00 28  03 01 00 00  80 01 00 07  80 0e 01 00
467. Mar 30 11:11:11.316692: |   80 02 00 02  80 04 00 0e  80 03 00 01  80 0b 00 01
468. Mar 30 11:11:11.316696: |   00 0c 00 04  00 00 70 80  0d 00 00 14  40 48 b7 d5
469. Mar 30 11:11:11.316700: |   6e bc e8 85  25 e7 de 7f  00 d6 c2 d3  0d 00 00 14
470. Mar 30 11:11:11.316704: |   af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
471. Mar 30 11:11:11.316708: |   00 00 00 14  4a 13 1c 81  07 03 58 45  5c 57 28 f2
472. Mar 30 11:11:11.316712: |   0e 95 45 2f
473. Mar 30 11:11:11.316816: | !event_already_set at reschedule
474. Mar 30 11:11:11.316828: | event_schedule: newref EVENT_SO_DISCARD-pe@0x562b2d551aa8
475. Mar 30 11:11:11.316834: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #3
476. Mar 30 11:11:11.316843: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
477. Mar 30 11:11:11.316855: "l2tp-psk"[3] 93.46.124.104 #3: STATE_MAIN_R1: sent MR1, expecting MI2
478. Mar 30 11:11:11.316861: | modecfg pull: noquirk policy:push not-client
479. Mar 30 11:11:11.316865: | phase 1 is done, looking for phase 2 to unpend
480. Mar 30 11:11:11.316873: | stop processing: from 93.46.124.104:500 (BACKGROUND) (in process_md() at demux.c:381)
481. Mar 30 11:11:11.316884: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_md() at demux.c:383)
482. Mar 30 11:11:11.316889: | processing: STOP connection NULL (in process_md() at demux.c:384)
483. Mar 30 11:11:11.430008: | *received 388 bytes from 93.46.124.104:500 on ens2 (10.68.154.105:500)
484. Mar 30 11:11:11.430103: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
485. Mar 30 11:11:11.430120: |   04 10 02 00  00 00 00 00  00 00 01 84  0a 00 01 04
486. Mar 30 11:11:11.430128: |   e8 8a f9 af  f2 f1 cd 0a  12 45 14 e7  a3 b2 10 30
487. Mar 30 11:11:11.430151: |   57 8d 72 fc  ba d7 5d 11  12 be 57 1d  f9 1d 61 2e
488. Mar 30 11:11:11.430162: |   2c a5 46 a6  fa bf 63 1c  bb d9 c7 87  05 d5 5d 07
489. Mar 30 11:11:11.430169: |   39 91 01 ad  ca 9f a8 4e  1f 73 62 95  cd 12 9c 5d
490. Mar 30 11:11:11.430177: |   2b 4a a5 77  e0 b3 8d 9f  f5 98 38 69  32 12 36 b5
491. Mar 30 11:11:11.430184: |   7f 4c 2a fb  56 82 b6 40  5f 1f 68 4d  b7 ef 69 2c
492. Mar 30 11:11:11.430190: |   ef aa d2 49  8f 37 c2 84  5b a7 80 7b  3a a1 65 02
493. Mar 30 11:11:11.430195: |   2a ef 45 34  a7 e0 c0 a2  a5 f9 81 73  69 4e ff 43
494. Mar 30 11:11:11.430201: |   cd 4e b1 4b  45 8c 66 99  c1 cf 82 4e  23 4a c7 f8
495. Mar 30 11:11:11.430206: |   c4 c8 74 2b  1b a1 8f 60  28 d2 dd 40  51 8d c0 14
496. Mar 30 11:11:11.430211: |   ea 59 fa 8c  14 7d 7d 9c  04 9f fc 08  10 59 64 9c
497. Mar 30 11:11:11.430217: |   0f 8e f0 57  44 0e ec f1  26 fd f4 97  3d 6e ea 8f
498. Mar 30 11:11:11.430222: |   e5 7d d7 34  4c ac 5d 7b  f7 60 6f 83  03 91 7c 05
499. Mar 30 11:11:11.430227: |   5e 62 ae 85  94 d0 ed aa  9c 3f 1d 3f  cd 96 81 0f
500. Mar 30 11:11:11.430232: |   60 51 10 65  d1 32 22 17  dc 92 a9 a1  cc e2 21 c8
501. Mar 30 11:11:11.430238: |   2f 41 d8 a1  bd a3 f6 5c  9b 39 0b f9  82 be af 0c
502. Mar 30 11:11:11.430243: |   14 00 00 34  5e 80 d6 bb  32 c5 d7 af  99 ea 4b 6d
503. Mar 30 11:11:11.430248: |   2b 78 2b 58  ca 49 b4 1b  d7 e8 4b 3a  7b 5a 00 f4
504. Mar 30 11:11:11.430254: |   71 58 8a e3  51 3c bb 9e  35 92 de e1  66 66 35 ce
505. Mar 30 11:11:11.430259: |   99 c5 09 b8  14 00 00 18  4c 8f 29 08  66 b5 b3 ee
506. Mar 30 11:11:11.430264: |   62 ea bc 9e  62 4e 3f 51  47 7b 15 64  00 00 00 18
507. Mar 30 11:11:11.430270: |   68 78 83 32  6d 1e f4 f9  3b 7c 68 90  8b df cb 48
508. Mar 30 11:11:11.430275: |   f5 11 0e 2b
509. Mar 30 11:11:11.430312: | start processing: from 93.46.124.104:500 (in process_md() at demux.c:379)
510. Mar 30 11:11:11.430323: | **parse ISAKMP Message:
511. Mar 30 11:11:11.430334: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
512. Mar 30 11:11:11.430343: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
513. Mar 30 11:11:11.430350: |    next payload type: ISAKMP_NEXT_KE (0x4)
514. Mar 30 11:11:11.430357: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
515. Mar 30 11:11:11.430363: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
516. Mar 30 11:11:11.430370: |    flags: none (0x0)
517. Mar 30 11:11:11.430379: |    Message ID: 0 (00 00 00 00)
518. Mar 30 11:11:11.430387: |    length: 388 (00 00 01 84)
519. Mar 30 11:11:11.430394: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
520. Mar 30 11:11:11.430405: | State DB: found IKEv1 state #3 in MAIN_R1 (find_state_ikev1)
521. Mar 30 11:11:11.430420: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_v1_packet() at ikev1.c:1327)
522. Mar 30 11:11:11.430428: | #3 is idle
523. Mar 30 11:11:11.430434: | #3 idle
524. Mar 30 11:11:11.430442: | got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
525. Mar 30 11:11:11.430448: | ***parse ISAKMP Key Exchange Payload:
526. Mar 30 11:11:11.430454: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
527. Mar 30 11:11:11.430461: |    length: 260 (01 04)
528. Mar 30 11:11:11.430468: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
529. Mar 30 11:11:11.430474: | ***parse ISAKMP Nonce Payload:
530. Mar 30 11:11:11.430480: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
531. Mar 30 11:11:11.430487: |    length: 52 (00 34)
532. Mar 30 11:11:11.430493: | got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
533. Mar 30 11:11:11.430499: | ***parse ISAKMP NAT-D Payload:
534. Mar 30 11:11:11.430505: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
535. Mar 30 11:11:11.430512: |    length: 24 (00 18)
536. Mar 30 11:11:11.430518: | got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
537. Mar 30 11:11:11.430524: | ***parse ISAKMP NAT-D Payload:
538. Mar 30 11:11:11.430530: |    next payload type: ISAKMP_NEXT_NONE (0x0)
539. Mar 30 11:11:11.430536: |    length: 24 (00 18)
540. Mar 30 11:11:11.430543: | message 'main_inI2_outR2' HASH payload not checked early
541. Mar 30 11:11:11.430558: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal)
542. Mar 30 11:11:11.430615: | natd_hash: hasher=0x562b2c356b40(20)
543. Mar 30 11:11:11.430622: | natd_hash: icookie=
544. Mar 30 11:11:11.430628: |   f8 3c 21 0c  a6 50 d0 ca
545. Mar 30 11:11:11.430633: | natd_hash: rcookie=
546. Mar 30 11:11:11.430638: |   6c 9a 42 2a  5d 82 98 78
547. Mar 30 11:11:11.430643: | natd_hash: ip=
548. Mar 30 11:11:11.430649: |   0a 44 9a 69
549. Mar 30 11:11:11.430654: | natd_hash: port=
550. Mar 30 11:11:11.430659: |   01 f4
551. Mar 30 11:11:11.430664: | natd_hash: hash=
552. Mar 30 11:11:11.430670: |   2d ee 63 17  d3 cd f7 d0  51 26 3d ae  bd c9 b8 42
553. Mar 30 11:11:11.430675: |   94 24 7b fe
554. Mar 30 11:11:11.430688: | natd_hash: hasher=0x562b2c356b40(20)
555. Mar 30 11:11:11.430694: | natd_hash: icookie=
556. Mar 30 11:11:11.430699: |   f8 3c 21 0c  a6 50 d0 ca
557. Mar 30 11:11:11.430705: | natd_hash: rcookie=
558. Mar 30 11:11:11.430710: |   6c 9a 42 2a  5d 82 98 78
559. Mar 30 11:11:11.430715: | natd_hash: ip=
560. Mar 30 11:11:11.430720: |   5d 2e 7c 68
561. Mar 30 11:11:11.430726: | natd_hash: port=
562. Mar 30 11:11:11.430731: |   01 f4
563. Mar 30 11:11:11.430736: | natd_hash: hash=
564. Mar 30 11:11:11.430741: |   20 61 71 b9  b7 e7 df 5c  c5 07 ce 75  40 27 72 fb
565. Mar 30 11:11:11.430746: |   0e 62 22 08
566. Mar 30 11:11:11.430752: | expected NAT-D(local):
567. Mar 30 11:11:11.430757: |   2d ee 63 17  d3 cd f7 d0  51 26 3d ae  bd c9 b8 42
568. Mar 30 11:11:11.430762: |   94 24 7b fe
569. Mar 30 11:11:11.430768: | expected NAT-D(remote):
570. Mar 30 11:11:11.430773: |   20 61 71 b9  b7 e7 df 5c  c5 07 ce 75  40 27 72 fb
571. Mar 30 11:11:11.430778: |   0e 62 22 08
572. Mar 30 11:11:11.430784: | received NAT-D:
573. Mar 30 11:11:11.430789: |   4c 8f 29 08  66 b5 b3 ee  62 ea bc 9e  62 4e 3f 51
574. Mar 30 11:11:11.430795: |   47 7b 15 64
575. Mar 30 11:11:11.430801: | received NAT-D:
576. Mar 30 11:11:11.430806: |   68 78 83 32  6d 1e f4 f9  3b 7c 68 90  8b df cb 48
577. Mar 30 11:11:11.430819: |   f5 11 0e 2b
578. Mar 30 11:11:11.430826: | NAT_TRAVERSAL local policy enforces encapsulation
579. Mar 30 11:11:11.430831: | NAT_TRAVERSAL forceencaps enabled
580. Mar 30 11:11:11.430839: | NAT_TRAVERSAL nat-keepalive enabled 93.46.124.104
581. Mar 30 11:11:11.430846: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT+peer behind NAT
582. Mar 30 11:11:11.430852: |  NAT_T_WITH_KA detected
583. Mar 30 11:11:11.430860: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
584. Mar 30 11:11:11.430875: | adding inI2_outR2 KE work-order 4 for state #3
585. Mar 30 11:11:11.430882: | state #3 requesting EVENT_SO_DISCARD to be deleted
586. Mar 30 11:11:11.430891: | libevent_free: delref ptr-libevent@0x562b2d553ed8
587. Mar 30 11:11:11.430898: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x562b2d551aa8
588. Mar 30 11:11:11.430905: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
589. Mar 30 11:11:11.430914: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
590. Mar 30 11:11:11.430999: | libevent_malloc: newref ptr-libevent@0x562b2d5553d8 size 128
591. Mar 30 11:11:11.431038: | complete v1 state transition with STF_SUSPEND
592. Mar 30 11:11:11.431053: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2514)
593. Mar 30 11:11:11.431058: | suspending state #3 and saving MD 0x562b2d551f08
594. Mar 30 11:11:11.431064: | #3 is busy; has suspended MD 0x562b2d551f08
595. Mar 30 11:11:11.431075: | stop processing: from 93.46.124.104:500 (BACKGROUND) (in process_md() at demux.c:381)
596. Mar 30 11:11:11.431085: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_md() at demux.c:383)
597. Mar 30 11:11:11.431091: | processing: STOP connection NULL (in process_md() at demux.c:384)
598. Mar 30 11:11:11.432073: | crypto helper 0 resuming
599. Mar 30 11:11:11.432137: | crypto helper 0 starting work-order 4 for state #3
600. Mar 30 11:11:11.432150: | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 4
601. Mar 30 11:11:11.433535: | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 4 time elapsed 0.001386 seconds
602. Mar 30 11:11:11.433547: | crypto helper 0 sending results from work-order 4 for state #3 to event queue
603. Mar 30 11:11:11.433554: | scheduling resume sending helper answer for #3
604. Mar 30 11:11:11.433564: | libevent_malloc: newref ptr-libevent@0x7f3a3c00bf98 size 128
605. Mar 30 11:11:11.433597: | crypto helper 0 waiting (nothing to do)
606. Mar 30 11:11:11.433727: | processing resume sending helper answer for #3
607. Mar 30 11:11:11.433801: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:817)
608. Mar 30 11:11:11.433823: | unsuspending #3 MD 0x562b2d551f08
609. Mar 30 11:11:11.433837: | crypto helper 0 replies to request ID 4
610. Mar 30 11:11:11.433847: | calling continuation function 0x562b2c27c390
611. Mar 30 11:11:11.433859: | main_inI2_outR2_continue for #3: calculated ke+nonce, sending R2
612. Mar 30 11:11:11.433885: | **emit ISAKMP Message:
613. Mar 30 11:11:11.433904: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
614. Mar 30 11:11:11.433918: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
615. Mar 30 11:11:11.433929: |    next payload type: ISAKMP_NEXT_NONE (0x0)
616. Mar 30 11:11:11.433940: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
617. Mar 30 11:11:11.433951: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
618. Mar 30 11:11:11.433962: |    flags: none (0x0)
619. Mar 30 11:11:11.433976: |    Message ID: 0 (00 00 00 00)
620. Mar 30 11:11:11.433986: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
621. Mar 30 11:11:11.433998: | ***emit ISAKMP Key Exchange Payload:
622. Mar 30 11:11:11.434007: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
623. Mar 30 11:11:11.434017: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
624. Mar 30 11:11:11.434028: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
625. Mar 30 11:11:11.434070: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
626. Mar 30 11:11:11.434088: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
627. Mar 30 11:11:11.434097: | keyex value:
628. Mar 30 11:11:11.434106: |   21 99 f4 e1  39 0a ff e3  74 5c 11 18  68 1f bd 7b
629. Mar 30 11:11:11.434113: |   6d 1d 18 20  cb bb 95 50  05 f2 a4 86  9d 35 e0 64
630. Mar 30 11:11:11.434120: |   cd 61 da d2  20 10 8d 51  bd 74 69 b9  56 d9 e2 55
631. Mar 30 11:11:11.434127: |   4f 30 a2 d9  ee 5e b7 75  c8 00 54 dd  51 bb c7 87
632. Mar 30 11:11:11.434134: |   5b 8e 4d 8e  6d ac e5 a4  59 a5 89 95  28 5a cf 76
633. Mar 30 11:11:11.434141: |   42 09 e0 83  8a c4 6c fa  5a dc 1f 96  5f 45 ee dc
634. Mar 30 11:11:11.434147: |   25 3f 3a 34  4a 67 6e a3  fd 70 31 61  97 38 41 2d
635. Mar 30 11:11:11.434154: |   59 6a ea 10  17 1e f5 d7  4e 50 d6 1b  84 e2 86 7f
636. Mar 30 11:11:11.434161: |   2c 97 7e 70  f9 37 7c b9  45 e6 d8 6c  36 5f fb 3c
637. Mar 30 11:11:11.434168: |   59 2d 9a 09  cd 07 65 1e  59 10 10 f2  c6 55 76 f0
638. Mar 30 11:11:11.434175: |   86 87 71 2c  c7 74 78 a4  b9 b1 cb 61  ea 6d 6a e6
639. Mar 30 11:11:11.434181: |   35 6f 0d 0b  b6 6a b3 f2  87 09 0a c1  4a 59 9d 26
640. Mar 30 11:11:11.434188: |   20 f4 50 64  e3 49 bd 5a  c0 0e 4e 7c  da 28 56 0a
641. Mar 30 11:11:11.434195: |   2c cc 4d 3d  88 68 60 1e  be 72 7b cc  f5 48 20 42
642. Mar 30 11:11:11.434202: |   db c0 b8 84  3d cb 13 98  b6 33 f6 1c  a2 4a 70 3f
643. Mar 30 11:11:11.434209: |   48 25 a1 49  a8 1f fb db  78 36 10 7b  48 e1 99 a0
644. Mar 30 11:11:11.434217: | emitting length of ISAKMP Key Exchange Payload: 260
645. Mar 30 11:11:11.434224: | ***emit ISAKMP Nonce Payload:
646. Mar 30 11:11:11.434232: |    next payload type: ISAKMP_NEXT_NONE (0x0)
647. Mar 30 11:11:11.434240: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
648. Mar 30 11:11:11.434248: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
649. Mar 30 11:11:11.434257: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
650. Mar 30 11:11:11.434264: | Nr:
651. Mar 30 11:11:11.434271: |   33 0d c6 27  6e 65 86 90  db f2 b5 9b  73 cd 21 37
652. Mar 30 11:11:11.434278: |   20 00 51 59  1a fc d9 39  8a e6 2d 14  5a fc f4 34
653. Mar 30 11:11:11.434285: | emitting length of ISAKMP Nonce Payload: 36
654. Mar 30 11:11:11.434294: | sending NAT-D payloads
655. Mar 30 11:11:11.434301: | NAT-T: encapsulation=yes, so mangling hash to force NAT-T detection
656. Mar 30 11:11:11.434387: | natd_hash: hasher=0x562b2c356b40(20)
657. Mar 30 11:11:11.434405: | natd_hash: icookie=
658. Mar 30 11:11:11.434415: |   f8 3c 21 0c  a6 50 d0 ca
659. Mar 30 11:11:11.434433: | natd_hash: rcookie=
660. Mar 30 11:11:11.434460: |   6c 9a 42 2a  5d 82 98 78
661. Mar 30 11:11:11.434470: | natd_hash: ip=
662. Mar 30 11:11:11.434479: |   5d 2e 7c 68
663. Mar 30 11:11:11.434489: | natd_hash: port=
664. Mar 30 11:11:11.434497: |   00 00
665. Mar 30 11:11:11.434505: | natd_hash: hash=
666. Mar 30 11:11:11.434512: |   1f b2 b1 3c  1b a0 26 22  18 65 cd 2f  17 36 d3 6e
667. Mar 30 11:11:11.434518: |   33 c6 f4 57
668. Mar 30 11:11:11.434526: | ***emit ISAKMP NAT-D Payload:
669. Mar 30 11:11:11.434534: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
670. Mar 30 11:11:11.434543: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC
671. Mar 30 11:11:11.434553: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
672. Mar 30 11:11:11.434564: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
673. Mar 30 11:11:11.434584: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
674. Mar 30 11:11:11.434609: | NAT-D:
675. Mar 30 11:11:11.434620: |   1f b2 b1 3c  1b a0 26 22  18 65 cd 2f  17 36 d3 6e
676. Mar 30 11:11:11.434629: |   33 c6 f4 57
677. Mar 30 11:11:11.434638: | emitting length of ISAKMP NAT-D Payload: 24
678. Mar 30 11:11:11.434671: | natd_hash: hasher=0x562b2c356b40(20)
679. Mar 30 11:11:11.434680: | natd_hash: icookie=
680. Mar 30 11:11:11.434702: |   f8 3c 21 0c  a6 50 d0 ca
681. Mar 30 11:11:11.434710: | natd_hash: rcookie=
682. Mar 30 11:11:11.434716: |   6c 9a 42 2a  5d 82 98 78
683. Mar 30 11:11:11.434723: | natd_hash: ip=
684. Mar 30 11:11:11.434730: |   0a 44 9a 69
685. Mar 30 11:11:11.434737: | natd_hash: port=
686. Mar 30 11:11:11.434743: |   00 00
687. Mar 30 11:11:11.434750: | natd_hash: hash=
688. Mar 30 11:11:11.434757: |   01 94 f8 7d  27 77 0f d7  55 22 a5 70  68 2d ca 21
689. Mar 30 11:11:11.434764: |   d2 d1 39 b8
690. Mar 30 11:11:11.434771: | ***emit ISAKMP NAT-D Payload:
691. Mar 30 11:11:11.434779: |    next payload type: ISAKMP_NEXT_NONE (0x0)
692. Mar 30 11:11:11.434787: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
693. Mar 30 11:11:11.434795: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
694. Mar 30 11:11:11.434804: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
695. Mar 30 11:11:11.434811: | NAT-D:
696. Mar 30 11:11:11.434818: |   01 94 f8 7d  27 77 0f d7  55 22 a5 70  68 2d ca 21
697. Mar 30 11:11:11.434824: |   d2 d1 39 b8
698. Mar 30 11:11:11.434833: | emitting length of ISAKMP NAT-D Payload: 24
699. Mar 30 11:11:11.434843: | no IKEv1 message padding required
700. Mar 30 11:11:11.434852: | emitting length of ISAKMP Message: 372
701. Mar 30 11:11:11.434881: | main inI2_outR2: starting async DH calculation (group=14)
702. Mar 30 11:11:11.434908: | lsw_get_secret() using IDs for 51.158.64.201->93.46.124.104 of kind PKK_PSK
703. Mar 30 11:11:11.435014: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
704. Mar 30 11:11:11.435052: | 1: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
705. Mar 30 11:11:11.435068: | 2: compared key %any to 51.158.64.201 / 93.46.124.104 -> 002
706. Mar 30 11:11:11.435079: | line 1: match=002
707. Mar 30 11:11:11.435089: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
708. Mar 30 11:11:11.435100: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
709. Mar 30 11:11:11.435134: | adding main_inI2_outR2_tail work-order 5 for state #3
710. Mar 30 11:11:11.435144: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
711. Mar 30 11:11:11.435157: | libevent_free: delref ptr-libevent@0x562b2d5553d8
712. Mar 30 11:11:11.435166: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
713. Mar 30 11:11:11.435176: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
714. Mar 30 11:11:11.435191: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
715. Mar 30 11:11:11.435206: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
716. Mar 30 11:11:11.435274: | crypto helper 1 resuming
717. Mar 30 11:11:11.435293: | crypto helper 1 starting work-order 5 for state #3
718. Mar 30 11:11:11.435306: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 5
719. Mar 30 11:11:11.438385: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 5 time elapsed 0.003068 seconds
720. Mar 30 11:11:11.438457: | crypto helper 1 sending results from work-order 5 for state #3 to event queue
721. Mar 30 11:11:11.438471: | scheduling resume sending helper answer for #3
722. Mar 30 11:11:11.438487: | libevent_malloc: newref ptr-libevent@0x7f3a440058b8 size 128
723. Mar 30 11:11:11.438509: | crypto helper 1 waiting (nothing to do)
724. Mar 30 11:11:11.438555: | #3 main_inI2_outR2_continue1_tail:1150 st->st_calculating = FALSE;
725. Mar 30 11:11:11.438571: | complete v1 state transition with STF_OK
726. Mar 30 11:11:11.438600: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
727. Mar 30 11:11:11.438613: | #3 is idle; has background offloaded task
728. Mar 30 11:11:11.438625: | doing_xauth:no, t_xauth_client_done:no
729. Mar 30 11:11:11.438635: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
730. Mar 30 11:11:11.438648: | parent state #3: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA)
731. Mar 30 11:11:11.438660: | event_already_set, deleting event
732. Mar 30 11:11:11.438671: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
733. Mar 30 11:11:11.438709: | libevent_free: delref ptr-libevent@0x562b2d553ed8
734. Mar 30 11:11:11.438719: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d551aa8
735. Mar 30 11:11:11.438742: | sending reply packet to 93.46.124.104:500 (from 10.68.154.105:500)
736. Mar 30 11:11:11.438763: | sending 372 bytes for STATE_MAIN_R1 through ens2 from 10.68.154.105:500 to 93.46.124.104:500 (using #3)
737. Mar 30 11:11:11.438772: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
738. Mar 30 11:11:11.438779: |   04 10 02 00  00 00 00 00  00 00 01 74  0a 00 01 04
739. Mar 30 11:11:11.438786: |   21 99 f4 e1  39 0a ff e3  74 5c 11 18  68 1f bd 7b
740. Mar 30 11:11:11.438793: |   6d 1d 18 20  cb bb 95 50  05 f2 a4 86  9d 35 e0 64
741. Mar 30 11:11:11.438800: |   cd 61 da d2  20 10 8d 51  bd 74 69 b9  56 d9 e2 55
742. Mar 30 11:11:11.438807: |   4f 30 a2 d9  ee 5e b7 75  c8 00 54 dd  51 bb c7 87
743. Mar 30 11:11:11.438813: |   5b 8e 4d 8e  6d ac e5 a4  59 a5 89 95  28 5a cf 76
744. Mar 30 11:11:11.438820: |   42 09 e0 83  8a c4 6c fa  5a dc 1f 96  5f 45 ee dc
745. Mar 30 11:11:11.438827: |   25 3f 3a 34  4a 67 6e a3  fd 70 31 61  97 38 41 2d
746. Mar 30 11:11:11.438834: |   59 6a ea 10  17 1e f5 d7  4e 50 d6 1b  84 e2 86 7f
747. Mar 30 11:11:11.438840: |   2c 97 7e 70  f9 37 7c b9  45 e6 d8 6c  36 5f fb 3c
748. Mar 30 11:11:11.438847: |   59 2d 9a 09  cd 07 65 1e  59 10 10 f2  c6 55 76 f0
749. Mar 30 11:11:11.438854: |   86 87 71 2c  c7 74 78 a4  b9 b1 cb 61  ea 6d 6a e6
750. Mar 30 11:11:11.438861: |   35 6f 0d 0b  b6 6a b3 f2  87 09 0a c1  4a 59 9d 26
751. Mar 30 11:11:11.438868: |   20 f4 50 64  e3 49 bd 5a  c0 0e 4e 7c  da 28 56 0a
752. Mar 30 11:11:11.438874: |   2c cc 4d 3d  88 68 60 1e  be 72 7b cc  f5 48 20 42
753. Mar 30 11:11:11.438881: |   db c0 b8 84  3d cb 13 98  b6 33 f6 1c  a2 4a 70 3f
754. Mar 30 11:11:11.438888: |   48 25 a1 49  a8 1f fb db  78 36 10 7b  48 e1 99 a0
755. Mar 30 11:11:11.438895: |   14 00 00 24  33 0d c6 27  6e 65 86 90  db f2 b5 9b
756. Mar 30 11:11:11.438901: |   73 cd 21 37  20 00 51 59  1a fc d9 39  8a e6 2d 14
757. Mar 30 11:11:11.438908: |   5a fc f4 34  14 00 00 18  1f b2 b1 3c  1b a0 26 22
758. Mar 30 11:11:11.438915: |   18 65 cd 2f  17 36 d3 6e  33 c6 f4 57  00 00 00 18
759. Mar 30 11:11:11.439069: |   01 94 f8 7d  27 77 0f d7  55 22 a5 70  68 2d ca 21
760. Mar 30 11:11:11.439167: |   d2 d1 39 b8
761. Mar 30 11:11:11.439321: | !event_already_set at reschedule
762. Mar 30 11:11:11.439362: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d551aa8
763. Mar 30 11:11:11.439372: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3
764. Mar 30 11:11:11.439397: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
765. Mar 30 11:11:11.439409: | #3 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5629.864564
766. Mar 30 11:11:11.439421: "l2tp-psk"[3] 93.46.124.104 #3: STATE_MAIN_R2: sent MR2, expecting MI3
767. Mar 30 11:11:11.439426: | modecfg pull: noquirk policy:push not-client
768. Mar 30 11:11:11.439429: | phase 1 is done, looking for phase 2 to unpend
769. Mar 30 11:11:11.439441: | resume sending helper answer for #3 suppresed complete_v1_state_transition()
770. Mar 30 11:11:11.439471: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:860)
771. Mar 30 11:11:11.439485: | libevent_free: delref ptr-libevent@0x7f3a3c00bf98
772. Mar 30 11:11:11.439510: | processing resume sending helper answer for #3
773. Mar 30 11:11:11.439519: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in resume_handler() at server.c:817)
774. Mar 30 11:11:11.439526: | unsuspending #3 MD (nil)
775. Mar 30 11:11:11.439530: | crypto helper 1 replies to request ID 5
776. Mar 30 11:11:11.439534: | calling continuation function 0x562b2c27c390
777. Mar 30 11:11:11.439539: | main_inI2_outR2_calcdone for #3: calculate DH finished
778. Mar 30 11:11:11.439546: | [RE]START processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1000)
779. Mar 30 11:11:11.439555: | stop processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1013)
780. Mar 30 11:11:11.439589: | resume sending helper answer for #3 suppresed complete_v1_state_transition()
781. Mar 30 11:11:11.439595: | processing: STOP state #0 (in resume_handler() at server.c:860)
782. Mar 30 11:11:11.439599: | libevent_free: delref ptr-libevent@0x7f3a440058b8
783. Mar 30 11:11:11.532600: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
784. Mar 30 11:11:11.532658: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
785. Mar 30 11:11:11.532665: |   05 10 02 01  00 00 00 00  00 00 00 4c  9c e1 00 05
786. Mar 30 11:11:11.532671: |   36 35 88 7d  eb f5 2b 96  15 f1 54 7b  a5 7e 15 fe
787. Mar 30 11:11:11.532677: |   9c 8b 9b 80  5b e0 d7 bd  33 d9 2b 07  70 24 f4 50
788. Mar 30 11:11:11.532683: |   ef 81 b6 d4  19 b4 6f ea  8c 9e e2 27
789. Mar 30 11:11:11.532695: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
790. Mar 30 11:11:11.532706: | **parse ISAKMP Message:
791. Mar 30 11:11:11.532717: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
792. Mar 30 11:11:11.532726: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
793. Mar 30 11:11:11.532732: |    next payload type: ISAKMP_NEXT_ID (0x5)
794. Mar 30 11:11:11.532739: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
795. Mar 30 11:11:11.532745: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
796. Mar 30 11:11:11.532752: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
797. Mar 30 11:11:11.532761: |    Message ID: 0 (00 00 00 00)
798. Mar 30 11:11:11.532769: |    length: 76 (00 00 00 4c)
799. Mar 30 11:11:11.532776: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
800. Mar 30 11:11:11.532786: | State DB: found IKEv1 state #3 in MAIN_R2 (find_state_ikev1)
801. Mar 30 11:11:11.532801: | start processing: state #3 connection "l2tp-psk"[3] 93.46.124.104 from 93.46.124.104:500 (in process_v1_packet() at ikev1.c:1327)
802. Mar 30 11:11:11.532809: | #3 is idle
803. Mar 30 11:11:11.532815: | #3 idle
804. Mar 30 11:11:11.532824: | received encrypted packet from 93.46.124.104:4500
805. Mar 30 11:11:11.532881: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
806. Mar 30 11:11:11.532911: | ***parse ISAKMP Identification Payload:
807. Mar 30 11:11:11.532918: |    next payload type: ISAKMP_NEXT_HASH (0x8)
808. Mar 30 11:11:11.532925: |    length: 12 (00 0c)
809. Mar 30 11:11:11.532932: |    ID type: ID_IPV4_ADDR (0x1)
810. Mar 30 11:11:11.532941: |    DOI specific A: 0 (00)
811. Mar 30 11:11:11.532949: |    DOI specific B: 0 (00 00)
812. Mar 30 11:11:11.532954: |      obj:
813. Mar 30 11:11:11.532960: |   c0 a8 01 65
814. Mar 30 11:11:11.532968: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
815. Mar 30 11:11:11.532975: | ***parse ISAKMP Hash Payload:
816. Mar 30 11:11:11.532981: |    next payload type: ISAKMP_NEXT_NONE (0x0)
817. Mar 30 11:11:11.532988: |    length: 24 (00 18)
818. Mar 30 11:11:11.532994: | removing 12 bytes of padding
819. Mar 30 11:11:11.533000: | message 'main_inI3_outR3' HASH payload not checked early
820. Mar 30 11:11:11.533012: | parsing 4 raw bytes of ISAKMP Identification Payload into peer ID
821. Mar 30 11:11:11.533018: | peer ID
822. Mar 30 11:11:11.533023: |   c0 a8 01 65
823. Mar 30 11:11:11.533037: "l2tp-psk"[3] 93.46.124.104 #3: Peer ID is ID_IPV4_ADDR: '192.168.1.101'
824. Mar 30 11:11:11.533046: | X509: no CERT payloads to process
825. Mar 30 11:11:11.533055: | refine_host_connection for IKEv1: starting with "l2tp-psk"[3] 93.46.124.104
826. Mar 30 11:11:11.533065: |    match_id a=192.168.1.101
827. Mar 30 11:11:11.533072: |             b=93.46.124.104
828. Mar 30 11:11:11.533077: |    results  fail
829. Mar 30 11:11:11.533089: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "l2tp-psk"[3] 93.46.124.104, best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0))
830. Mar 30 11:11:11.533095: | Warning: not switching back to template of current instance
831. Mar 30 11:11:11.533100: | No IDr payload received from peer
832. Mar 30 11:11:11.533106: | skipping because peer_id does not match
833. Mar 30 11:11:11.533111: | refine going into 2nd loop allowing instantiated conns as well
834. Mar 30 11:11:11.533122: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
835. Mar 30 11:11:11.533130: |    match_id a=192.168.1.101
836. Mar 30 11:11:11.533161: |             b=(none)
837. Mar 30 11:11:11.533167: |    results  matched
838. Mar 30 11:11:11.533177: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "l2tp-psk", best=(none) with match=1(id=1(15)/ca=1(0)/reqca=1(0))
839. Mar 30 11:11:11.533183: | Warning: not switching back to template of current instance
840. Mar 30 11:11:11.533188: | No IDr payload received from peer
841. Mar 30 11:11:11.533197: | refine_host_connection: checked l2tp-psk[3] 93.46.124.104 against l2tp-psk, now for see if best
842. Mar 30 11:11:11.533205: | lsw_get_secret() switching remote roadwarrier ID from (none) to %any (%ANYADDR)
843. Mar 30 11:11:11.533214: | lsw_get_secret() using IDs for 51.158.64.201->%any of kind PKK_PSK
844. Mar 30 11:11:11.533222: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
845. Mar 30 11:11:11.533231: | 1: compared key %any to 51.158.64.201 / %any -> 002
846. Mar 30 11:11:11.533240: | 2: compared key %any to 51.158.64.201 / %any -> 002
847. Mar 30 11:11:11.533245: | line 1: match=002
848. Mar 30 11:11:11.533252: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
849. Mar 30 11:11:11.533258: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
850. Mar 30 11:11:11.533265: | refine_host_connection: picking new best "l2tp-psk" (wild=15, peer_pathlen=0/our=0)
851. Mar 30 11:11:11.533273: |    match_id a=192.168.1.101
852. Mar 30 11:11:11.533278: |             b=(none)
853. Mar 30 11:11:11.533283: |    results  matched
854. Mar 30 11:11:11.533293: | refine_host_connection: checking "l2tp-psk"[3] 93.46.124.104 against "xauth-psk", best=l2tp-psk with match=1(id=1(15)/ca=1(0)/reqca=1(0))
855. Mar 30 11:11:11.533298: | Warning: not switching back to template of current instance
856. Mar 30 11:11:11.533303: | No IDr payload received from peer
857. Mar 30 11:11:11.533309: | skipping because mismatched xauthserver
858. Mar 30 11:11:11.533314: | returning since no better match than original best_found
859. Mar 30 11:11:11.533320: | offered CA: '%none'
860. Mar 30 11:11:11.533331: "l2tp-psk"[3] 93.46.124.104 #3: switched from "l2tp-psk"[3] 93.46.124.104 to "l2tp-psk"
861. Mar 30 11:11:11.533340: |    match_id a=192.168.1.101
862. Mar 30 11:11:11.533346: |             b=(none)
863. Mar 30 11:11:11.533351: |    results  matched
864. Mar 30 11:11:11.533362: | subnet from address 93.46.124.104 (in default_end() at connections.c:378)
865. Mar 30 11:11:11.533371: | subnet from endpoint 10.68.154.105:1701 (in default_end() at connections.c:378)
866. Mar 30 11:11:11.533382: | find_host_pair: comparing 10.68.154.105:500 to 93.46.124.104:500 but ignoring ports
867. Mar 30 11:11:11.533392: | connect_to_host_pair: 10.68.154.105:500 93.46.124.104:500 -> hp@0x562b2d550f18: l2tp-psk
868. Mar 30 11:11:11.533401: | rw_instantiate() instantiated "l2tp-psk"[4] 93.46.124.104 for 93.46.124.104
869. Mar 30 11:11:11.533420: | in connection_discard for connection l2tp-psk
870. Mar 30 11:11:11.533425: | connection is instance
871. Mar 30 11:11:11.533431: | not in pending use
872. Mar 30 11:11:11.533437: | State DB: state not found (connection_discard)
873. Mar 30 11:11:11.533442: | no states use this connection instance, deleting
874. Mar 30 11:11:11.533451: | start processing: connection "l2tp-psk"[3] 93.46.124.104 (BACKGROUND) (in delete_connection() at connections.c:192)
875. Mar 30 11:11:11.533464: "l2tp-psk"[4] 93.46.124.104 #3: deleting connection "l2tp-psk"[3] 93.46.124.104 instance with peer 93.46.124.104 {isakmp=#0/ipsec=#0}
876. Mar 30 11:11:11.533471: | Deleting states for connection - not including other IPsec SA's
877. Mar 30 11:11:11.533476: | pass 0
878. Mar 30 11:11:11.533482: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
879. Mar 30 11:11:11.533487: | state #3
880. Mar 30 11:11:11.533493: | pass 1
881. Mar 30 11:11:11.533498: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
882. Mar 30 11:11:11.533503: | state #3
883. Mar 30 11:11:11.533512: | flush revival: connection 'l2tp-psk' wasn't on the list
884. Mar 30 11:11:11.533521: | stop processing: connection "l2tp-psk"[3] 93.46.124.104 (BACKGROUND) (in discard_connection() at connections.c:255)
885. Mar 30 11:11:11.533530: | retrying ike_decode_peer_id() with new conn
886. Mar 30 11:11:11.533536: | parsing 4 raw bytes of ISAKMP Identification Payload into peer ID
887. Mar 30 11:11:11.533548: | peer ID
888. Mar 30 11:11:11.533554: |   c0 a8 01 65
889. Mar 30 11:11:11.533564: "l2tp-psk"[4] 93.46.124.104 #3: Peer ID is ID_IPV4_ADDR: '192.168.1.101'
890. Mar 30 11:11:11.533569: | X509: no CERT payloads to process
891. Mar 30 11:11:11.533577: | refine_host_connection for IKEv1: starting with "l2tp-psk"[4] 93.46.124.104
892. Mar 30 11:11:11.533585: |    match_id a=192.168.1.101
893. Mar 30 11:11:11.533592: |             b=192.168.1.101
894. Mar 30 11:11:11.533597: |    results  matched
895. Mar 30 11:11:11.533610: | refine_host_connection: checking "l2tp-psk"[4] 93.46.124.104 against "l2tp-psk"[4] 93.46.124.104, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
896. Mar 30 11:11:11.533616: | Warning: not switching back to template of current instance
897. Mar 30 11:11:11.533621: | No IDr payload received from peer
898. Mar 30 11:11:11.533631: | refine_host_connection: checked l2tp-psk[4] 93.46.124.104 against l2tp-psk[4] 93.46.124.104, now for see if best
899. Mar 30 11:11:11.533640: | lsw_get_secret() using IDs for 51.158.64.201->192.168.1.101 of kind PKK_PSK
900. Mar 30 11:11:11.533647: | line 1: key type PKK_PSK(51.158.64.201) to type PKK_PSK
901. Mar 30 11:11:11.533657: | 1: compared key %any to 51.158.64.201 / 192.168.1.101 -> 002
902. Mar 30 11:11:11.533666: | 2: compared key %any to 51.158.64.201 / 192.168.1.101 -> 002
903. Mar 30 11:11:11.533673: | line 1: match=002
904. Mar 30 11:11:11.533680: | match 002 beats previous best_match 000 match=0x562b2d551d38 (line=1)
905. Mar 30 11:11:11.533686: | concluding with best_match=002 best=0x562b2d551d38 (lineno=1)
906. Mar 30 11:11:11.533692: | returning because exact peer id match
907. Mar 30 11:11:11.533698: | offered CA: '%none'
908. Mar 30 11:11:11.533761: | received 'Main' message HASH_I data ok
909. Mar 30 11:11:11.533768: | thinking about whether to send my certificate:
910. Mar 30 11:11:11.533775: |   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
911. Mar 30 11:11:11.533782: |   sendcert: CERT_ALWAYSSEND and I did not get a certificate request
912. Mar 30 11:11:11.533787: |   so do not send cert.
913. Mar 30 11:11:11.533792: | I did not send a certificate because digital signatures are not being used. (PSK)
914. Mar 30 11:11:11.533810: | **emit ISAKMP Message:
915. Mar 30 11:11:11.533819: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
916. Mar 30 11:11:11.533827: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
917. Mar 30 11:11:11.533833: |    next payload type: ISAKMP_NEXT_ID (0x5)
918. Mar 30 11:11:11.533839: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
919. Mar 30 11:11:11.533844: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
920. Mar 30 11:11:11.533850: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
921. Mar 30 11:11:11.533858: |    Message ID: 0 (00 00 00 00)
922. Mar 30 11:11:11.533864: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
923. Mar 30 11:11:11.533870: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID
924. Mar 30 11:11:11.533877: | ***emit ISAKMP Identification Payload (IPsec DOI):
925. Mar 30 11:11:11.533883: |    next payload type: ISAKMP_NEXT_NONE (0x0)
926. Mar 30 11:11:11.533889: |    ID type: ID_IPV4_ADDR (0x1)
927. Mar 30 11:11:11.533895: |    Protocol ID: 0 (00)
928. Mar 30 11:11:11.533902: |    port: 0 (00 00)
929. Mar 30 11:11:11.533908: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
930. Mar 30 11:11:11.533914: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
931. Mar 30 11:11:11.533923: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
932. Mar 30 11:11:11.533933: | my identity: 33 9e 40 c9
933. Mar 30 11:11:11.533942: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
934. Mar 30 11:11:11.533982: | ***emit ISAKMP Hash Payload:
935. Mar 30 11:11:11.533990: |    next payload type: ISAKMP_NEXT_NONE (0x0)
936. Mar 30 11:11:11.533997: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
937. Mar 30 11:11:11.534012: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
938. Mar 30 11:11:11.534019: | emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload
939. Mar 30 11:11:11.534025: | HASH_R:
940. Mar 30 11:11:11.534031: |   87 3f 92 dd  c0 4d 72 b3  93 a1 df eb  dd 4c 3b 14
941. Mar 30 11:11:11.534036: |   e7 e4 81 02
942. Mar 30 11:11:11.534042: | emitting length of ISAKMP Hash Payload: 24
943. Mar 30 11:11:11.534048: | emitting 12 zero bytes of encryption padding into ISAKMP Message
944. Mar 30 11:11:11.534054: | no IKEv1 message padding required
945. Mar 30 11:11:11.534060: | emitting length of ISAKMP Message: 76
946. Mar 30 11:11:11.534076: | uniqueIDs disabled, not contemplating releasing older self
947. Mar 30 11:11:11.534084: | complete v1 state transition with STF_OK
948. Mar 30 11:11:11.534096: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:500 (in complete_v1_state_transition() at ikev1.c:2539)
949. Mar 30 11:11:11.534102: | #3 is idle
950. Mar 30 11:11:11.534108: | doing_xauth:no, t_xauth_client_done:no
951. Mar 30 11:11:11.534114: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
952. Mar 30 11:11:11.534121: | parent state #3: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA)
953. Mar 30 11:11:11.534127: | event_already_set, deleting event
954. Mar 30 11:11:11.534133: | state #3 requesting EVENT_RETRANSMIT to be deleted
955. Mar 30 11:11:11.534140: | #3 STATE_MAIN_R3: retransmits: cleared
956. Mar 30 11:11:11.534150: | libevent_free: delref ptr-libevent@0x562b2d553ed8
957. Mar 30 11:11:11.534157: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d551aa8
958. Mar 30 11:11:11.534167: | state #3 NAT-T: new mapping 93.46.124.104:4500
959. Mar 30 11:11:11.534177: | new NAT mapping for #3, was 93.46.124.104:500, now 93.46.124.104:4500
960. Mar 30 11:11:11.534183: | State DB: IKEv1 state not found (nat_traversal_new_mapping)
961. Mar 30 11:11:11.534193: | NAT-T: #3 updating local interface from 10.68.154.105:500 to 10.68.154.105:4500 (using md->iface in nat_traversal_change_port_lookup())
962. Mar 30 11:11:11.534203: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
963. Mar 30 11:11:11.534219: | sending 80 bytes for STATE_MAIN_R2 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
964. Mar 30 11:11:11.534225: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
965. Mar 30 11:11:11.534231: |   5d 82 98 78  05 10 02 01  00 00 00 00  00 00 00 4c
966. Mar 30 11:11:11.534236: |   8b 7e 2c 28  bd fc 4f 55  ed 90 de 66  68 96 75 2e
967. Mar 30 11:11:11.534242: |   7a 3c 66 5a  16 75 94 c1  4c 3c 8b d9  66 fd bd 0e
968. Mar 30 11:11:11.534247: |   30 93 ad 75  98 3a 81 90  fe 78 0e 57  e8 ac b8 77
969. Mar 30 11:11:11.534339: | !event_already_set at reschedule
970. Mar 30 11:11:11.534353: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d551aa8
971. Mar 30 11:11:11.534361: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #3
972. Mar 30 11:11:11.534369: | libevent_malloc: newref ptr-libevent@0x562b2d5553d8 size 128
973. Mar 30 11:11:11.534378: | pstats #3 ikev1.isakmp established
974. Mar 30 11:11:11.534391: "l2tp-psk"[4] 93.46.124.104 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
975. Mar 30 11:11:11.534399: | DPD: dpd_init() called on ISAKMP SA
976. Mar 30 11:11:11.534414: | DPD: Peer does not support Dead Peer Detection
977. Mar 30 11:11:11.534437: "l2tp-psk"[4] 93.46.124.104 #3: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
978. Mar 30 11:11:11.534448: | modecfg pull: noquirk policy:push not-client
979. Mar 30 11:11:11.534455: | phase 1 is done, looking for phase 2 to unpend
980. Mar 30 11:11:11.534462: | unpending state #3
981. Mar 30 11:11:11.534472: | releasing #3's fd-fd@(nil) because IKEv1 transitions finished
982. Mar 30 11:11:11.534482: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
983. Mar 30 11:11:11.534501: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
984. Mar 30 11:11:11.534519: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
985. Mar 30 11:11:11.534538: | processing: STOP connection NULL (in process_md() at demux.c:384)
986. Mar 30 11:11:11.625234: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
987. Mar 30 11:11:11.625292: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
988. Mar 30 11:11:11.625298: |   08 10 20 01  00 00 00 01  00 00 01 bc  3d cb 41 7f
989. Mar 30 11:11:11.625304: |   7c 75 85 ca  f8 46 ca 46  92 82 09 67  92 f2 c7 d8
990. Mar 30 11:11:11.625309: |   75 48 97 b4  be 5b c2 d4  c2 9b e1 d7  f5 00 02 cd
991. Mar 30 11:11:11.625315: |   b4 7b 8f 73  86 16 d6 de  a9 3b 15 34  57 27 d3 34
992. Mar 30 11:11:11.625320: |   94 cf fa 05  b7 fc d4 08  24 59 81 74  24 98 2c 20
993. Mar 30 11:11:11.625324: |   6b b1 14 7a  b7 d5 dc 90  8b 8b 71 b8  2f 70 1a e9
994. Mar 30 11:11:11.625329: |   6d f0 f7 73  e7 19 4b d0  fd b6 d2 91  9c 39 e0 38
995. Mar 30 11:11:11.625334: |   ed 92 1c 70  b6 48 a0 b3  d2 40 dc 5c  3a 6c c1 6b
996. Mar 30 11:11:11.625339: |   77 57 07 06  07 24 95 dc  61 60 6d eb  d8 4e 09 0e
997. Mar 30 11:11:11.625344: |   f7 46 ca 63  04 42 47 7a  11 44 51 9d  d0 11 84 da
998. Mar 30 11:11:11.625348: |   f4 c2 56 a6  6b 46 ca f0  13 65 58 27  23 22 7b 8a
999. Mar 30 11:11:11.625353: |   19 de fc 26  a7 1c 72 ce  6f 6a 18 fb  75 5e c1 a2
1000. Mar 30 11:11:11.625358: |   3a b4 da 5a  45 43 e2 35  ed 3e 4f cd  af b2 0b 7e
1001. Mar 30 11:11:11.625363: |   34 0c a5 17  83 7b 28 4c  86 45 2a 61  7b 43 d2 8a
1002. Mar 30 11:11:11.625368: |   51 e1 86 ff  0b 50 32 3b  e5 57 5a 42  b4 76 83 f9
1003. Mar 30 11:11:11.625372: |   21 f8 bc 14  e6 e3 a1 33  c5 a8 99 8c  f2 e4 71 0d
1004. Mar 30 11:11:11.625377: |   19 96 c8 29  44 aa 16 ab  1b 49 5f 9c  90 86 3c 93
1005. Mar 30 11:11:11.625406: |   01 00 0e 19  7c 21 d9 d9  19 e3 d4 37  ae 0a 23 d4
1006. Mar 30 11:11:11.625413: |   71 ed ce 40  ce f9 69 ee  06 67 41 44  1b 60 f7 a7
1007. Mar 30 11:11:11.625418: |   21 a9 ce ae  00 d9 d1 aa  ef af 99 dc  e2 5e 46 f7
1008. Mar 30 11:11:11.625423: |   89 ed d3 be  3c f7 fe fb  65 db b6 18  5b ee 84 1e
1009. Mar 30 11:11:11.625428: |   f8 c4 b1 00  f2 94 47 a2  a8 dd 15 96  82 39 01 58
1010. Mar 30 11:11:11.625432: |   4e f5 be b0  6f 47 7a 14  92 cf 70 24  08 03 73 c6
1011. Mar 30 11:11:11.625437: |   7a 11 16 80  58 91 1b 7c  c4 03 2a ca  6f f9 79 55
1012. Mar 30 11:11:11.625442: |   41 16 bb 67  6a 9b 0f 0e  36 70 06 4f  59 21 18 c4
1013. Mar 30 11:11:11.625447: |   b4 aa fc f5  87 69 cf 89  fb 02 58 52  1b 44 bc b6
1014. Mar 30 11:11:11.625452: |   a8 67 f8 81  58 c3 51 ed  f2 05 a4 50
1015. Mar 30 11:11:11.625463: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
1016. Mar 30 11:11:11.625474: | **parse ISAKMP Message:
1017. Mar 30 11:11:11.625483: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
1018. Mar 30 11:11:11.625491: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
1019. Mar 30 11:11:11.625497: |    next payload type: ISAKMP_NEXT_HASH (0x8)
1020. Mar 30 11:11:11.625503: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
1021. Mar 30 11:11:11.625509: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
1022. Mar 30 11:11:11.625515: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
1023. Mar 30 11:11:11.625523: |    Message ID: 1 (00 00 00 01)
1024. Mar 30 11:11:11.625531: |    length: 444 (00 00 01 bc)
1025. Mar 30 11:11:11.625539: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
1026. Mar 30 11:11:11.625551: | State DB: IKEv1 state not found (find_state_ikev1)
1027. Mar 30 11:11:11.625578: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
1028. Mar 30 11:11:11.625601: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
1029. Mar 30 11:11:11.625704: | #3 is idle
1030. Mar 30 11:11:11.625752: | #3 idle
1031. Mar 30 11:11:11.625764: | received encrypted packet from 93.46.124.104:4500
1032. Mar 30 11:11:11.625806: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
1033. Mar 30 11:11:11.625815: | ***parse ISAKMP Hash Payload:
1034. Mar 30 11:11:11.625821: |    next payload type: ISAKMP_NEXT_SA (0x1)
1035. Mar 30 11:11:11.625829: |    length: 24 (00 18)
1036. Mar 30 11:11:11.625836: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
1037. Mar 30 11:11:11.625844: | ***parse ISAKMP Security Association Payload:
1038. Mar 30 11:11:11.625882: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
1039. Mar 30 11:11:11.625891: |    length: 280 (01 18)
1040. Mar 30 11:11:11.625897: |    DOI: ISAKMP_DOI_IPSEC (0x1)
1041. Mar 30 11:11:11.625904: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
1042. Mar 30 11:11:11.625911: | ***parse ISAKMP Nonce Payload:
1043. Mar 30 11:11:11.625918: |    next payload type: ISAKMP_NEXT_ID (0x5)
1044. Mar 30 11:11:11.625933: |    length: 52 (00 34)
1045. Mar 30 11:11:11.625939: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
1046. Mar 30 11:11:11.625947: | ***parse ISAKMP Identification Payload (IPsec DOI):
1047. Mar 30 11:11:11.625953: |    next payload type: ISAKMP_NEXT_ID (0x5)
1048. Mar 30 11:11:11.625961: |    length: 12 (00 0c)
1049. Mar 30 11:11:11.625967: |    ID type: ID_IPV4_ADDR (0x1)
1050. Mar 30 11:11:11.625974: |    Protocol ID: 17 (11)
1051. Mar 30 11:11:11.625983: |    port: 1701 (06 a5)
1052. Mar 30 11:11:11.625989: |      obj:
1053. Mar 30 11:11:11.625995: |   c0 a8 01 65
1054. Mar 30 11:11:11.626002: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
1055. Mar 30 11:11:11.626010: | ***parse ISAKMP Identification Payload (IPsec DOI):
1056. Mar 30 11:11:11.626017: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
1057. Mar 30 11:11:11.626025: |    length: 12 (00 0c)
1058. Mar 30 11:11:11.626031: |    ID type: ID_IPV4_ADDR (0x1)
1059. Mar 30 11:11:11.626039: |    Protocol ID: 17 (11)
1060. Mar 30 11:11:11.626046: |    port: 1701 (06 a5)
1061. Mar 30 11:11:11.626051: |      obj:
1062. Mar 30 11:11:11.626057: |   33 9e 40 c9
1063. Mar 30 11:11:11.626063: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
1064. Mar 30 11:11:11.626070: | ***parse ISAKMP NAT-OA Payload:
1065. Mar 30 11:11:11.626109: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
1066. Mar 30 11:11:11.626123: |    length: 12 (00 0c)
1067. Mar 30 11:11:11.626130: |    ID type: ID_IPV4_ADDR (0x1)
1068. Mar 30 11:11:11.626137: |      obj:
1069. Mar 30 11:11:11.626163: |   c0 a8 01 65
1070. Mar 30 11:11:11.626171: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
1071. Mar 30 11:11:11.626179: | ***parse ISAKMP NAT-OA Payload:
1072. Mar 30 11:11:11.626184: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1073. Mar 30 11:11:11.626192: |    length: 12 (00 0c)
1074. Mar 30 11:11:11.626198: |    ID type: ID_IPV4_ADDR (0x1)
1075. Mar 30 11:11:11.626205: |      obj:
1076. Mar 30 11:11:11.626211: |   33 9e 40 c9
1077. Mar 30 11:11:11.626217: | removing 12 bytes of padding
1078. Mar 30 11:11:11.626294: | quick_inI1_outR1 HASH(1):
1079. Mar 30 11:11:11.626315: |   91 f9 d2 e9  0d 04 ee 42  79 e4 7e 06  cd 1b 78 6a
1080. Mar 30 11:11:11.626321: |   43 71 b7 b5
1081. Mar 30 11:11:11.626328: | received 'quick_inI1_outR1' message HASH(1) data ok
1082. Mar 30 11:11:11.626346: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
1083. Mar 30 11:11:11.626354: | ID address
1084. Mar 30 11:11:11.626361: |   c0 a8 01 65
1085. Mar 30 11:11:11.626375: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
1086. Mar 30 11:11:11.626386: | peer client is 192.168.1.101/32
1087. Mar 30 11:11:11.626414: | peer client protocol/port is 17/1701
1088. Mar 30 11:11:11.626425: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
1089. Mar 30 11:11:11.626432: | ID address
1090. Mar 30 11:11:11.626438: |   33 9e 40 c9
1091. Mar 30 11:11:11.626448: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
1092. Mar 30 11:11:11.626457: | our client is 51.158.64.201/32
1093. Mar 30 11:11:11.626463: | our client protocol/port is 17/1701
1094. Mar 30 11:11:11.626482: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/0
1095. Mar 30 11:11:11.626491: | find_client_connection starting with l2tp-psk
1096. Mar 30 11:11:11.626505: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
1097. Mar 30 11:11:11.626518: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:0
1098. Mar 30 11:11:11.626530: |    match_id a=192.168.1.101
1099. Mar 30 11:11:11.626540: |             b=192.168.1.101
1100. Mar 30 11:11:11.626546: |    results  matched
1101. Mar 30 11:11:11.626566: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/0 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:0:17/0
1102. Mar 30 11:11:11.626600: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
1103. Mar 30 11:11:11.626609: |   fc_try concluding with none [0]
1104. Mar 30 11:11:11.626616: |   fc_try l2tp-psk gives none
1105. Mar 30 11:11:11.626628: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
1106. Mar 30 11:11:11.626640: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:0 is found
1107. Mar 30 11:11:11.626650: |    match_id a=192.168.1.101
1108. Mar 30 11:11:11.626657: |             b=(none)
1109. Mar 30 11:11:11.626662: |    results  matched
1110. Mar 30 11:11:11.626676: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/0 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
1111. Mar 30 11:11:11.626685: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
1112. Mar 30 11:11:11.626692: |    match_id a=192.168.1.101
1113. Mar 30 11:11:11.626697: |             b=(none)
1114. Mar 30 11:11:11.626702: |    results  matched
1115. Mar 30 11:11:11.626707: |   fc_try concluding with none [0]
1116. Mar 30 11:11:11.626714: |    match_id a=192.168.1.101
1117. Mar 30 11:11:11.626721: |             b=(none)
1118. Mar 30 11:11:11.626727: |    results  matched
1119. Mar 30 11:11:11.626743: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
1120. Mar 30 11:11:11.626752: |    match_id a=192.168.1.101
1121. Mar 30 11:11:11.626761: |             b=(none)
1122. Mar 30 11:11:11.626767: |    results  matched
1123. Mar 30 11:11:11.626774: |   fc_try_oppo concluding with none [0]
1124. Mar 30 11:11:11.626780: |   concluding with d = none
1125. Mar 30 11:11:11.626790: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
1126. Mar 30 11:11:11.626799: | client wildcard: no  port wildcard: yes  virtual: no
1127. Mar 30 11:11:11.626808: | NAT-Traversal: received 2 NAT-OA.
1128. Mar 30 11:11:11.626819: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
1129. Mar 30 11:11:11.626827: | NAT-OA:
1130. Mar 30 11:11:11.626833: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
1131. Mar 30 11:11:11.626840: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
1132. Mar 30 11:11:11.626847: | NAT-Traversal: NAT-OA IP
1133. Mar 30 11:11:11.626853: |   c0 a8 01 65
1134. Mar 30 11:11:11.626862: | received NAT-OA: 192.168.1.101
1135. Mar 30 11:11:11.626914: | addref fd@NULL (in new_state() at state.c:555)
1136. Mar 30 11:11:11.627079: | creating state object #4 at 0x562b2d555bd8
1137. Mar 30 11:11:11.627089: | State DB: adding IKEv1 state #4 in UNDEFINED
1138. Mar 30 11:11:11.627107: | pstats #4 ikev1.ipsec started
1139. Mar 30 11:11:11.627119: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #4 for IPSEC SA
1140. Mar 30 11:11:11.627131: | #4 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
1141. Mar 30 11:11:11.627151: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
1142. Mar 30 11:11:11.627166: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
1143. Mar 30 11:11:11.627174: | switching MD.ST from #3 to CHILD #4; ulgh
1144. Mar 30 11:11:11.627183: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
1145. Mar 30 11:11:11.627194: | ****parse IPsec DOI SIT:
1146. Mar 30 11:11:11.627200: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1147. Mar 30 11:11:11.627206: | ****parse ISAKMP Proposal Payload:
1148. Mar 30 11:11:11.627212: |    next payload type: ISAKMP_NEXT_P (0x2)
1149. Mar 30 11:11:11.627219: |    length: 56 (00 38)
1150. Mar 30 11:11:11.627225: |    proposal number: 1 (01)
1151. Mar 30 11:11:11.627230: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1152. Mar 30 11:11:11.627236: |    SPI size: 4 (04)
1153. Mar 30 11:11:11.627242: |    number of transforms: 1 (01)
1154. Mar 30 11:11:11.627248: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
1155. Mar 30 11:11:11.627253: | SPI
1156. Mar 30 11:11:11.627257: |   a3 48 a1 7c
1157. Mar 30 11:11:11.627318: | ****parse ISAKMP Proposal Payload:
1158. Mar 30 11:11:11.627326: |    next payload type: ISAKMP_NEXT_P (0x2)
1159. Mar 30 11:11:11.627332: |    length: 56 (00 38)
1160. Mar 30 11:11:11.627354: |    proposal number: 2 (02)
1161. Mar 30 11:11:11.627360: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1162. Mar 30 11:11:11.627387: |    SPI size: 4 (04)
1163. Mar 30 11:11:11.627393: |    number of transforms: 1 (01)
1164. Mar 30 11:11:11.627417: | *****parse ISAKMP Transform Payload (ESP):
1165. Mar 30 11:11:11.627423: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1166. Mar 30 11:11:11.627429: |    length: 44 (00 2c)
1167. Mar 30 11:11:11.627434: |    ESP transform number: 1 (01)
1168. Mar 30 11:11:11.627439: |    ESP transform ID: ESP_AES (0xc)
1169. Mar 30 11:11:11.627447: | ******parse ISAKMP IPsec DOI attribute:
1170. Mar 30 11:11:11.627453: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
1171. Mar 30 11:11:11.627459: |    length/value: 4 (00 04)
1172. Mar 30 11:11:11.627465: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
1173. Mar 30 11:11:11.627473: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
1174. Mar 30 11:11:11.627478: | ******parse ISAKMP IPsec DOI attribute:
1175. Mar 30 11:11:11.627484: |    af+type: AF+KEY_LENGTH (0x8006)
1176. Mar 30 11:11:11.627490: |    length/value: 256 (01 00)
1177. Mar 30 11:11:11.627495: | ******parse ISAKMP IPsec DOI attribute:
1178. Mar 30 11:11:11.627501: |    af+type: AF+AUTH_ALGORITHM (0x8005)
1179. Mar 30 11:11:11.627507: |    length/value: 2 (00 02)
1180. Mar 30 11:11:11.627512: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
1181. Mar 30 11:11:11.627517: | ******parse ISAKMP IPsec DOI attribute:
1182. Mar 30 11:11:11.627523: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1183. Mar 30 11:11:11.627529: |    length/value: 1 (00 01)
1184. Mar 30 11:11:11.627534: |    [1 is SA_LIFE_TYPE_SECONDS]
1185. Mar 30 11:11:11.627539: | ******parse ISAKMP IPsec DOI attribute:
1186. Mar 30 11:11:11.627544: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1187. Mar 30 11:11:11.627550: |    length/value: 4 (00 04)
1188. Mar 30 11:11:11.627556: |    long duration: 3600
1189. Mar 30 11:11:11.627561: | ******parse ISAKMP IPsec DOI attribute:
1190. Mar 30 11:11:11.627566: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1191. Mar 30 11:11:11.627588: |    length/value: 2 (00 02)
1192. Mar 30 11:11:11.627594: |    [2 is SA_LIFE_TYPE_KBYTES]
1193. Mar 30 11:11:11.627600: | ******parse ISAKMP IPsec DOI attribute:
1194. Mar 30 11:11:11.627605: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1195. Mar 30 11:11:11.627611: |    length/value: 4 (00 04)
1196. Mar 30 11:11:11.627616: |    long duration: 250000
1197. Mar 30 11:11:11.627623: | ESP IPsec Transform verified; matches alg_info entry
1198. Mar 30 11:11:11.627655: | adding quick_outI1 KE work-order 6 for state #4
1199. Mar 30 11:11:11.627665: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
1200. Mar 30 11:11:11.627672: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
1201. Mar 30 11:11:11.627683: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
1202. Mar 30 11:11:11.627716: | complete v1 state transition with STF_SUSPEND
1203. Mar 30 11:11:11.627729: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
1204. Mar 30 11:11:11.627735: | suspending state #4 and saving MD 0x562b2d551f08
1205. Mar 30 11:11:11.627741: | #4 is busy; has suspended MD 0x562b2d551f08
1206. Mar 30 11:11:11.627756: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
1207. Mar 30 11:11:11.627766: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
1208. Mar 30 11:11:11.627773: | processing: STOP connection NULL (in process_md() at demux.c:384)
1209. Mar 30 11:11:11.627815: | crypto helper 0 resuming
1210. Mar 30 11:11:11.627875: | crypto helper 0 starting work-order 6 for state #4
1211. Mar 30 11:11:11.627891: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 6
1212. Mar 30 11:11:11.627939: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 6 time elapsed 0.000051 seconds
1213. Mar 30 11:11:11.627950: | crypto helper 0 sending results from work-order 6 for state #4 to event queue
1214. Mar 30 11:11:11.628085: | scheduling resume sending helper answer for #4
1215. Mar 30 11:11:11.628104: | libevent_malloc: newref ptr-libevent@0x7f3a3c0011e8 size 128
1216. Mar 30 11:11:11.628142: | crypto helper 0 waiting (nothing to do)
1217. Mar 30 11:11:11.628224: | processing resume sending helper answer for #4
1218. Mar 30 11:11:11.628254: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
1219. Mar 30 11:11:11.628264: | unsuspending #4 MD 0x562b2d551f08
1220. Mar 30 11:11:11.628270: | crypto helper 0 replies to request ID 6
1221. Mar 30 11:11:11.628275: | calling continuation function 0x562b2c27c390
1222. Mar 30 11:11:11.628281: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH
1223. Mar 30 11:11:11.628300: | **emit ISAKMP Message:
1224. Mar 30 11:11:11.628333: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
1225. Mar 30 11:11:11.628341: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
1226. Mar 30 11:11:11.628346: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1227. Mar 30 11:11:11.628352: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
1228. Mar 30 11:11:11.628358: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
1229. Mar 30 11:11:11.628364: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
1230. Mar 30 11:11:11.628378: |    Message ID: 1 (00 00 00 01)
1231. Mar 30 11:11:11.628385: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
1232. Mar 30 11:11:11.628391: | ***emit ISAKMP Hash Payload:
1233. Mar 30 11:11:11.628397: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1234. Mar 30 11:11:11.628403: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
1235. Mar 30 11:11:11.628408: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
1236. Mar 30 11:11:11.628415: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
1237. Mar 30 11:11:11.628420: | emitting length of ISAKMP Hash Payload: 24
1238. Mar 30 11:11:11.628426: | ***emit ISAKMP Security Association Payload:
1239. Mar 30 11:11:11.628431: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
1240. Mar 30 11:11:11.628436: |    DOI: ISAKMP_DOI_IPSEC (0x1)
1241. Mar 30 11:11:11.628441: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
1242. Mar 30 11:11:11.628447: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
1243. Mar 30 11:11:11.628453: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
1244. Mar 30 11:11:11.628459: | ****parse IPsec DOI SIT:
1245. Mar 30 11:11:11.628464: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1246. Mar 30 11:11:11.628470: | ****parse ISAKMP Proposal Payload:
1247. Mar 30 11:11:11.628475: |    next payload type: ISAKMP_NEXT_P (0x2)
1248. Mar 30 11:11:11.628481: |    length: 56 (00 38)
1249. Mar 30 11:11:11.628487: |    proposal number: 1 (01)
1250. Mar 30 11:11:11.628492: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1251. Mar 30 11:11:11.628497: |    SPI size: 4 (04)
1252. Mar 30 11:11:11.628503: |    number of transforms: 1 (01)
1253. Mar 30 11:11:11.628509: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
1254. Mar 30 11:11:11.628514: | SPI
1255. Mar 30 11:11:11.628519: |   a3 48 a1 7c
1256. Mar 30 11:11:11.628524: | ****parse ISAKMP Proposal Payload:
1257. Mar 30 11:11:11.628529: |    next payload type: ISAKMP_NEXT_P (0x2)
1258. Mar 30 11:11:11.628535: |    length: 56 (00 38)
1259. Mar 30 11:11:11.628540: |    proposal number: 2 (02)
1260. Mar 30 11:11:11.628545: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1261. Mar 30 11:11:11.628551: |    SPI size: 4 (04)
1262. Mar 30 11:11:11.628557: |    number of transforms: 1 (01)
1263. Mar 30 11:11:11.628562: | *****parse ISAKMP Transform Payload (ESP):
1264. Mar 30 11:11:11.628568: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1265. Mar 30 11:11:11.628573: |    length: 44 (00 2c)
1266. Mar 30 11:11:11.628579: |    ESP transform number: 1 (01)
1267. Mar 30 11:11:11.628584: |    ESP transform ID: ESP_AES (0xc)
1268. Mar 30 11:11:11.628590: | ******parse ISAKMP IPsec DOI attribute:
1269. Mar 30 11:11:11.628609: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
1270. Mar 30 11:11:11.628615: |    length/value: 4 (00 04)
1271. Mar 30 11:11:11.628621: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
1272. Mar 30 11:11:11.628626: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
1273. Mar 30 11:11:11.628632: | ******parse ISAKMP IPsec DOI attribute:
1274. Mar 30 11:11:11.628637: |    af+type: AF+KEY_LENGTH (0x8006)
1275. Mar 30 11:11:11.628661: |    length/value: 256 (01 00)
1276. Mar 30 11:11:11.628667: | ******parse ISAKMP IPsec DOI attribute:
1277. Mar 30 11:11:11.628673: |    af+type: AF+AUTH_ALGORITHM (0x8005)
1278. Mar 30 11:11:11.628679: |    length/value: 2 (00 02)
1279. Mar 30 11:11:11.628684: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
1280. Mar 30 11:11:11.628689: | ******parse ISAKMP IPsec DOI attribute:
1281. Mar 30 11:11:11.628695: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1282. Mar 30 11:11:11.628700: |    length/value: 1 (00 01)
1283. Mar 30 11:11:11.628705: |    [1 is SA_LIFE_TYPE_SECONDS]
1284. Mar 30 11:11:11.628711: | ******parse ISAKMP IPsec DOI attribute:
1285. Mar 30 11:11:11.628716: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1286. Mar 30 11:11:11.628722: |    length/value: 4 (00 04)
1287. Mar 30 11:11:11.628727: |    long duration: 3600
1288. Mar 30 11:11:11.628732: | ******parse ISAKMP IPsec DOI attribute:
1289. Mar 30 11:11:11.628737: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1290. Mar 30 11:11:11.628743: |    length/value: 2 (00 02)
1291. Mar 30 11:11:11.628748: |    [2 is SA_LIFE_TYPE_KBYTES]
1292. Mar 30 11:11:11.628753: | ******parse ISAKMP IPsec DOI attribute:
1293. Mar 30 11:11:11.628758: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1294. Mar 30 11:11:11.628764: |    length/value: 4 (00 04)
1295. Mar 30 11:11:11.628769: |    long duration: 250000
1296. Mar 30 11:11:11.628775: | ESP IPsec Transform verified; matches alg_info entry
1297. Mar 30 11:11:11.628780: | ****emit IPsec DOI SIT:
1298. Mar 30 11:11:11.628786: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1299. Mar 30 11:11:11.628791: | ****emit ISAKMP Proposal Payload:
1300. Mar 30 11:11:11.628796: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1301. Mar 30 11:11:11.628802: |    proposal number: 1 (01)
1302. Mar 30 11:11:11.628807: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1303. Mar 30 11:11:11.628813: |    SPI size: 4 (04)
1304. Mar 30 11:11:11.628818: |    number of transforms: 1 (01)
1305. Mar 30 11:11:11.628824: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
1306. Mar 30 11:11:11.628882: | netlink_get_spi: allocated 0x6912e15 for esp.0@10.68.154.105
1307. Mar 30 11:11:11.628890: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
1308. Mar 30 11:11:11.628897: | SPI: 06 91 2e 15
1309. Mar 30 11:11:11.628902: | *****emit ISAKMP Transform Payload (ESP):
1310. Mar 30 11:11:11.628907: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1311. Mar 30 11:11:11.628913: |    ESP transform number: 1 (01)
1312. Mar 30 11:11:11.628918: |    ESP transform ID: ESP_AES (0xc)
1313. Mar 30 11:11:11.628923: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
1314. Mar 30 11:11:11.628929: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
1315. Mar 30 11:11:11.628935: | attributes:
1316. Mar 30 11:11:11.628940: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
1317. Mar 30 11:11:11.628945: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
1318. Mar 30 11:11:11.628950: |   00 03 d0 90
1319. Mar 30 11:11:11.628955: | emitting length of ISAKMP Transform Payload (ESP): 44
1320. Mar 30 11:11:11.628960: | emitting length of ISAKMP Proposal Payload: 56
1321. Mar 30 11:11:11.628966: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
1322. Mar 30 11:11:11.628971: | emitting length of ISAKMP Security Association Payload: 68
1323. Mar 30 11:11:11.628976: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
1324. Mar 30 11:11:11.628987: "l2tp-psk"[4] 93.46.124.104 #4: responding to Quick Mode proposal {msgid:00000001}
1325. Mar 30 11:11:11.629002: "l2tp-psk"[4] 93.46.124.104 #4:     us: 10.68.154.105[51.158.64.201]:17/1701
1326. Mar 30 11:11:11.629022: "l2tp-psk"[4] 93.46.124.104 #4:   them: 93.46.124.104[192.168.1.101]:17/1701
1327. Mar 30 11:11:11.629028: | ***emit ISAKMP Nonce Payload:
1328. Mar 30 11:11:11.629033: |    next payload type: ISAKMP_NEXT_ID (0x5)
1329. Mar 30 11:11:11.629039: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
1330. Mar 30 11:11:11.629044: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
1331. Mar 30 11:11:11.629049: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
1332. Mar 30 11:11:11.629055: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
1333. Mar 30 11:11:11.629060: | Nr:
1334. Mar 30 11:11:11.629065: |   c4 0e 12 43  2d 5e 9e c6  a5 19 d1 da  ab cb 18 4f
1335. Mar 30 11:11:11.629070: |   36 a9 1f b7  e4 50 63 7f  99 dc b6 33  0c c2 28 1f
1336. Mar 30 11:11:11.629075: | emitting length of ISAKMP Nonce Payload: 36
1337. Mar 30 11:11:11.629081: | ***emit ISAKMP Identification Payload (IPsec DOI):
1338. Mar 30 11:11:11.629086: |    next payload type: ISAKMP_NEXT_ID (0x5)
1339. Mar 30 11:11:11.629091: |    ID type: ID_IPV4_ADDR (0x1)
1340. Mar 30 11:11:11.629097: |    Protocol ID: 17 (11)
1341. Mar 30 11:11:11.629103: |    port: 1701 (06 a5)
1342. Mar 30 11:11:11.629108: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
1343. Mar 30 11:11:11.629114: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
1344. Mar 30 11:11:11.629119: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
1345. Mar 30 11:11:11.629125: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
1346. Mar 30 11:11:11.629132: | ID body: c0 a8 01 65
1347. Mar 30 11:11:11.629137: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
1348. Mar 30 11:11:11.629142: | ***emit ISAKMP Identification Payload (IPsec DOI):
1349. Mar 30 11:11:11.629147: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1350. Mar 30 11:11:11.629152: |    ID type: ID_IPV4_ADDR (0x1)
1351. Mar 30 11:11:11.629158: |    Protocol ID: 17 (11)
1352. Mar 30 11:11:11.629164: |    port: 1701 (06 a5)
1353. Mar 30 11:11:11.629169: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
1354. Mar 30 11:11:11.629174: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
1355. Mar 30 11:11:11.629180: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
1356. Mar 30 11:11:11.629186: | ID body: 33 9e 40 c9
1357. Mar 30 11:11:11.629191: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
1358. Mar 30 11:11:11.629268: | quick inR1 outI2 HASH(2):
1359. Mar 30 11:11:11.629275: |   a0 a7 b6 eb  c3 a6 e6 a9  0c cd cc dc  0f d0 2c 24
1360. Mar 30 11:11:11.629280: |   9b 3b 0e ff
1361. Mar 30 11:11:11.629286: | compute_proto_keymat: needed_len (after ESP enc)=32
1362. Mar 30 11:11:11.629291: | compute_proto_keymat: needed_len (after ESP auth)=52
1363. Mar 30 11:11:11.629412: | install_inbound_ipsec_sa() checking if we can route
1364. Mar 30 11:11:11.629420: | could_route called for l2tp-psk (kind=CK_INSTANCE)
1365. Mar 30 11:11:11.629426: | FOR_EACH_CONNECTION_... in route_owner
1366. Mar 30 11:11:11.629432: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1367. Mar 30 11:11:11.629438: |  conn l2tp-psk mark 0/00000000, 0/00000000
1368. Mar 30 11:11:11.629444: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1369. Mar 30 11:11:11.629449: |  conn xauth-psk mark 0/00000000, 0/00000000
1370. Mar 30 11:11:11.629455: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1371. Mar 30 11:11:11.629460: |  conn l2tp-psk mark 0/00000000, 0/00000000
1372. Mar 30 11:11:11.629470: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
1373. Mar 30 11:11:11.629476: |    routing is easy, or has resolvable near-conflict
1374. Mar 30 11:11:11.629488: | checking if this is a replacement state
1375. Mar 30 11:11:11.629494: |   st=0x562b2d555bd8 ost=(nil) st->serialno=#4 ost->serialno=#0
1376. Mar 30 11:11:11.629499: | installing outgoing SA now as refhim=0
1377. Mar 30 11:11:11.629506: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
1378. Mar 30 11:11:11.629512: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
1379. Mar 30 11:11:11.629518: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
1380. Mar 30 11:11:11.629525: | setting IPsec SA replay-window to 32
1381. Mar 30 11:11:11.629531: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
1382. Mar 30 11:11:11.629538: | netlink: enabling transport mode
1383. Mar 30 11:11:11.629546: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
1384. Mar 30 11:11:11.629552: | XFRM: adding IPsec SA with reqid 16409
1385. Mar 30 11:11:11.629557: | netlink: setting IPsec SA replay-window to 32 using old-style req
1386. Mar 30 11:11:11.629564: | netlink: esp-hw-offload not set for IPsec SA
1387. Mar 30 11:11:11.629707: | netlink response for Add SA esp.a348a17c@93.46.124.104 included non-error error
1388. Mar 30 11:11:11.629717: | outgoing SA has refhim=0
1389. Mar 30 11:11:11.629723: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
1390. Mar 30 11:11:11.629729: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
1391. Mar 30 11:11:11.629734: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
1392. Mar 30 11:11:11.629741: | setting IPsec SA replay-window to 32
1393. Mar 30 11:11:11.629746: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
1394. Mar 30 11:11:11.629752: | netlink: enabling transport mode
1395. Mar 30 11:11:11.629759: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
1396. Mar 30 11:11:11.629764: | XFRM: adding IPsec SA with reqid 16409
1397. Mar 30 11:11:11.629769: | netlink: setting IPsec SA replay-window to 32 using old-style req
1398. Mar 30 11:11:11.629774: | netlink: esp-hw-offload not set for IPsec SA
1399. Mar 30 11:11:11.629833: | netlink response for Add SA esp.6912e15@10.68.154.105 included non-error error
1400. Mar 30 11:11:11.629843: | priority calculation of connection "l2tp-psk" is 0x15bfbf
1401. Mar 30 11:11:11.629857: | add inbound eroute 93.46.124.104/32:1701 --17-> 10.68.154.105/32:1701 => esp.10000@10.68.154.105 using reqid 16409 (raw_eroute)
1402. Mar 30 11:11:11.629865: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
1403. Mar 30 11:11:11.629871: | netlink_raw_eroute: using host address instead of client subnet
1404. Mar 30 11:11:11.629877: | IPsec Sa SPD priority set to 1425343
1405. Mar 30 11:11:11.629893: | raw_eroute result=success
1406. Mar 30 11:11:11.629901: | emitting 8 zero bytes of encryption padding into ISAKMP Message
1407. Mar 30 11:11:11.629907: | no IKEv1 message padding required
1408. Mar 30 11:11:11.629912: | emitting length of ISAKMP Message: 188
1409. Mar 30 11:11:11.629937: | finished processing quick inI1
1410. Mar 30 11:11:11.629944: | complete v1 state transition with STF_OK
1411. Mar 30 11:11:11.629954: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
1412. Mar 30 11:11:11.629959: | #4 is idle
1413. Mar 30 11:11:11.629965: | doing_xauth:no, t_xauth_client_done:no
1414. Mar 30 11:11:11.629972: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
1415. Mar 30 11:11:11.629979: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
1416. Mar 30 11:11:11.629984: | event_already_set, deleting event
1417. Mar 30 11:11:11.629990: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted
1418. Mar 30 11:11:11.629999: | libevent_free: delref ptr-libevent@0x562b2d551528
1419. Mar 30 11:11:11.630008: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
1420. Mar 30 11:11:11.630021: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
1421. Mar 30 11:11:11.630040: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #4)
1422. Mar 30 11:11:11.630062: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
1423. Mar 30 11:11:11.630069: |   5d 82 98 78  08 10 20 01  00 00 00 01  00 00 00 bc
1424. Mar 30 11:11:11.630075: |   9a 91 e6 97  7d 9b 20 69  e9 fb 1c 8f  3e 9f 8d 21
1425. Mar 30 11:11:11.630081: |   55 6d ea b2  e5 1c 21 2a  63 a4 86 05  ad 3f 5f 2a
1426. Mar 30 11:11:11.630088: |   28 eb 6f a7  b8 4e 7e e1  1a a0 98 9d  f6 df 6e da
1427. Mar 30 11:11:11.630095: |   51 69 8b 7b  6b 2e e6 29  71 14 47 10  33 27 ba 58
1428. Mar 30 11:11:11.630100: |   4b 47 9c 86  fd cb 70 5a  31 95 82 75  b0 b5 0f 38
1429. Mar 30 11:11:11.630106: |   8e af a1 93  4b 92 f9 09  28 d9 dd 25  1b e9 ee 3e
1430. Mar 30 11:11:11.630112: |   a8 75 a0 a6  40 a7 31 86  60 e9 76 b5  5a 62 6e 9a
1431. Mar 30 11:11:11.630118: |   03 6e 74 01  5f 7c 03 45  8c c5 c2 eb  d4 5d 90 bf
1432. Mar 30 11:11:11.630147: |   ba 44 73 6b  cd f1 91 c4  a6 af 36 d4  e2 eb 40 0b
1433. Mar 30 11:11:11.630159: |   b8 2d b3 f4  d3 26 23 41  47 c7 e0 04  ea 2f 5f 8c
1434. Mar 30 11:11:11.630276: | !event_already_set at reschedule
1435. Mar 30 11:11:11.630295: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d555938
1436. Mar 30 11:11:11.630305: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4
1437. Mar 30 11:11:11.630315: | libevent_malloc: newref ptr-libevent@0x562b2d553ed8 size 128
1438. Mar 30 11:11:11.630330: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5630.055523
1439. Mar 30 11:11:11.630338: | pstats #4 ikev1.ipsec established
1440. Mar 30 11:11:11.630352: | NAT-T: NAT Traversal detected - their IKE port is '500'
1441. Mar 30 11:11:11.630360: | NAT-T: encaps is 'yes'
1442. Mar 30 11:11:11.630376: "l2tp-psk"[4] 93.46.124.104 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xa348a17c <0x06912e15 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
1443. Mar 30 11:11:11.630385: | modecfg pull: noquirk policy:push not-client
1444. Mar 30 11:11:11.630392: | phase 1 is done, looking for phase 2 to unpend
1445. Mar 30 11:11:11.630399: | releasing #4's fd-fd@(nil) because IKEv1 transitions finished
1446. Mar 30 11:11:11.630407: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
1447. Mar 30 11:11:11.630421: | resume sending helper answer for #4 suppresed complete_v1_state_transition()
1448. Mar 30 11:11:11.630443: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
1449. Mar 30 11:11:11.630452: | libevent_free: delref ptr-libevent@0x7f3a3c0011e8
1450. Mar 30 11:11:11.692795: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
1451. Mar 30 11:11:11.692855: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
1452. Mar 30 11:11:11.692872: |   08 10 20 01  00 00 00 01  00 00 00 3c  ca ad 3d ef
1453. Mar 30 11:11:11.692885: |   15 51 1a 52  4a 8e b7 1b  4a f6 d4 99  e6 a8 d9 e0
1454. Mar 30 11:11:11.692895: |   10 7d c4 1e  88 b5 b3 ea  7a 7a b0 a7
1455. Mar 30 11:11:11.692913: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
1456. Mar 30 11:11:11.692927: | **parse ISAKMP Message:
1457. Mar 30 11:11:11.692940: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
1458. Mar 30 11:11:11.692951: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
1459. Mar 30 11:11:11.692960: |    next payload type: ISAKMP_NEXT_HASH (0x8)
1460. Mar 30 11:11:11.692968: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
1461. Mar 30 11:11:11.692976: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
1462. Mar 30 11:11:11.692985: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
1463. Mar 30 11:11:11.692995: |    Message ID: 1 (00 00 00 01)
1464. Mar 30 11:11:11.693005: |    length: 60 (00 00 00 3c)
1465. Mar 30 11:11:11.693014: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
1466. Mar 30 11:11:11.693027: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1)
1467. Mar 30 11:11:11.693059: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
1468. Mar 30 11:11:11.693087: | #4 is idle
1469. Mar 30 11:11:11.693096: | #4 idle
1470. Mar 30 11:11:11.693109: | received encrypted packet from 93.46.124.104:4500
1471. Mar 30 11:11:11.693196: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
1472. Mar 30 11:11:11.693210: | ***parse ISAKMP Hash Payload:
1473. Mar 30 11:11:11.693219: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1474. Mar 30 11:11:11.693228: |    length: 24 (00 18)
1475. Mar 30 11:11:11.693236: | removing 8 bytes of padding
1476. Mar 30 11:11:11.693296: | quick_inI2 HASH(3):
1477. Mar 30 11:11:11.693304: |   42 33 a9 51  63 ad 34 2b  65 7c e5 66  5c 7c 50 84
1478. Mar 30 11:11:11.693312: |   7d be 69 9a
1479. Mar 30 11:11:11.693319: | received 'quick_inI2' message HASH(3) data ok
1480. Mar 30 11:11:11.693335: | install_ipsec_sa() for #4: outbound only
1481. Mar 30 11:11:11.693343: | could_route called for l2tp-psk (kind=CK_INSTANCE)
1482. Mar 30 11:11:11.693352: | FOR_EACH_CONNECTION_... in route_owner
1483. Mar 30 11:11:11.693360: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1484. Mar 30 11:11:11.693368: |  conn l2tp-psk mark 0/00000000, 0/00000000
1485. Mar 30 11:11:11.693376: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1486. Mar 30 11:11:11.693384: |  conn xauth-psk mark 0/00000000, 0/00000000
1487. Mar 30 11:11:11.693392: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1488. Mar 30 11:11:11.693399: |  conn l2tp-psk mark 0/00000000, 0/00000000
1489. Mar 30 11:11:11.693413: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
1490. Mar 30 11:11:11.693421: | sr for #4: unrouted
1491. Mar 30 11:11:11.693430: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
1492. Mar 30 11:11:11.693437: | FOR_EACH_CONNECTION_... in route_owner
1493. Mar 30 11:11:11.693444: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1494. Mar 30 11:11:11.693452: |  conn l2tp-psk mark 0/00000000, 0/00000000
1495. Mar 30 11:11:11.693459: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1496. Mar 30 11:11:11.693467: |  conn xauth-psk mark 0/00000000, 0/00000000
1497. Mar 30 11:11:11.693474: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1498. Mar 30 11:11:11.693482: |  conn l2tp-psk mark 0/00000000, 0/00000000
1499. Mar 30 11:11:11.693493: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL; eroute owner: NULL
1500. Mar 30 11:11:11.693503: | route_and_eroute with c: l2tp-psk (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #4
1501. Mar 30 11:11:11.693513: | priority calculation of connection "l2tp-psk" is 0x15bfbf
1502. Mar 30 11:11:11.693534: | eroute_connection add eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.a348a17c@93.46.124.104 using reqid 16409 (raw_eroute)
1503. Mar 30 11:11:11.693547: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
1504. Mar 30 11:11:11.693555: | netlink_raw_eroute: using host address instead of client subnet
1505. Mar 30 11:11:11.693564: | IPsec Sa SPD priority set to 1425343
1506. Mar 30 11:11:11.693609: | raw_eroute result=success
1507. Mar 30 11:11:11.693618: | running updown command "ipsec _updown" for verb up
1508. Mar 30 11:11:11.693626: | command executing up-host
1509. Mar 30 11:11:11.693684: | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL...
1510. Mar 30 11:11:11.693695: | popen cmd is 1122 chars long
1511. Mar 30 11:11:11.693703: | cmd(   0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_:
1512. Mar 30 11:11:11.693729: | cmd(  80):INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.:
1513. Mar 30 11:11:11.693737: | cmd( 160):68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT:
1514. Mar 30 11:11:11.693744: | cmd( 240):='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='25:
1515. Mar 30 11:11:11.693751: | cmd( 320):5.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408:
1516. Mar 30 11:11:11.693759: | cmd( 400):' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' P:
1517. Mar 30 11:11:11.693766: | cmd( 480):LUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_:
1518. Mar 30 11:11:11.693773: | cmd( 560):PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='1:
1519. Mar 30 11:11:11.693780: | cmd( 640):7' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS:
1520. Mar 30 11:11:11.693787: | cmd( 720):K+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K:
1521. Mar 30 11:11:11.693794: | cmd( 800):IND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC:
1522. Mar 30 11:11:11.693802: | cmd( 880):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT:
1523. Mar 30 11:11:11.693809: | cmd( 960):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R:
1524. Mar 30 11:11:11.693816: | cmd(1040):OUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updown 2>:
1525. Mar 30 11:11:11.693823: | cmd(1120):&1:
1526. Mar 30 11:11:11.703279: | route_and_eroute: firewall_notified: true
1527. Mar 30 11:11:11.703314: | running updown command "ipsec _updown" for verb prepare
1528. Mar 30 11:11:11.703323: | command executing prepare-host
1529. Mar 30 11:11:11.703371: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI...
1530. Mar 30 11:11:11.703378: | popen cmd is 1127 chars long
1531. Mar 30 11:11:11.703383: | cmd(   0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_:
1532. Mar 30 11:11:11.703387: | cmd(  80):VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP:
1533. Mar 30 11:11:11.703391: | cmd( 160):='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_C:
1534. Mar 30 11:11:11.703395: | cmd( 240):LIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MAS:
1535. Mar 30 11:11:11.703400: | cmd( 320):K='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID=':
1536. Mar 30 11:11:11.703404: | cmd( 400):16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.1:
1537. Mar 30 11:11:11.703408: | cmd( 480):01' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' P:
1538. Mar 30 11:11:11.703412: | cmd( 560):LUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOC:
1539. Mar 30 11:11:11.703416: | cmd( 640):OL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC:
1540. Mar 30 11:11:11.703419: | cmd( 720):Y='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C:
1541. Mar 30 11:11:11.703436: | cmd( 800):ONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER:
1542. Mar 30 11:11:11.703440: | cmd( 880):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='':
1543. Mar 30 11:11:11.703444: | cmd( 960): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' :
1544. Mar 30 11:11:11.703448: | cmd(1040):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updo:
1545. Mar 30 11:11:11.703452: | cmd(1120):wn 2>&1:
1546. Mar 30 11:11:11.709071: | running updown command "ipsec _updown" for verb route
1547. Mar 30 11:11:11.709105: | command executing route-host
1548. Mar 30 11:11:11.709150: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=...
1549. Mar 30 11:11:11.709158: | popen cmd is 1125 chars long
1550. Mar 30 11:11:11.709164: | cmd(   0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VI:
1551. Mar 30 11:11:11.709169: | cmd(  80):RT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP=':
1552. Mar 30 11:11:11.709174: | cmd( 160):10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLI:
1553. Mar 30 11:11:11.709179: | cmd( 240):ENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK=:
1554. Mar 30 11:11:11.709183: | cmd( 320):'255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16:
1555. Mar 30 11:11:11.709187: | cmd( 400):408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101:
1556. Mar 30 11:11:11.709191: | cmd( 480):' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLU:
1557. Mar 30 11:11:11.709195: | cmd( 560):TO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL:
1558. Mar 30 11:11:11.709199: | cmd( 640):='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=:
1559. Mar 30 11:11:11.709203: | cmd( 720):'PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON:
1560. Mar 30 11:11:11.709207: | cmd( 800):N_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C:
1561. Mar 30 11:11:11.709211: | cmd( 880):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P:
1562. Mar 30 11:11:11.709215: | cmd( 960):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT:
1563. Mar 30 11:11:11.709219: | cmd(1040):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa348a17c SPI_OUT=0x6912e15 ipsec _updown:
1564. Mar 30 11:11:11.709223: | cmd(1120): 2>&1:
1565. Mar 30 11:11:11.725911: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #4 (was #0) (newest_ipsec_sa=#0)
1566. Mar 30 11:11:11.725948: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #3
1567. Mar 30 11:11:11.725954: | DPD: dpd_init() called on IPsec SA
1568. Mar 30 11:11:11.725958: | DPD: Peer does not support Dead Peer Detection
1569. Mar 30 11:11:11.725964: | complete v1 state transition with STF_OK
1570. Mar 30 11:11:11.725973: | [RE]START processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
1571. Mar 30 11:11:11.725988: | #4 is idle
1572. Mar 30 11:11:11.725993: | doing_xauth:no, t_xauth_client_done:no
1573. Mar 30 11:11:11.725996: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
1574. Mar 30 11:11:11.726002: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
1575. Mar 30 11:11:11.726006: | event_already_set, deleting event
1576. Mar 30 11:11:11.726011: | state #4 requesting EVENT_RETRANSMIT to be deleted
1577. Mar 30 11:11:11.726015: | #4 STATE_QUICK_R2: retransmits: cleared
1578. Mar 30 11:11:11.726027: | libevent_free: delref ptr-libevent@0x562b2d553ed8
1579. Mar 30 11:11:11.726034: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d555938
1580. Mar 30 11:11:11.726040: | !event_already_set at reschedule
1581. Mar 30 11:11:11.726045: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d5566a8
1582. Mar 30 11:11:11.726051: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #4
1583. Mar 30 11:11:11.726056: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
1584. Mar 30 11:11:11.726061: | pstats #4 ikev1.ipsec established
1585. Mar 30 11:11:11.726069: | NAT-T: NAT Traversal detected - their IKE port is '500'
1586. Mar 30 11:11:11.726072: | NAT-T: encaps is 'yes'
1587. Mar 30 11:11:11.726081: "l2tp-psk"[4] 93.46.124.104 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xa348a17c <0x06912e15 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
1588. Mar 30 11:11:11.726085: | modecfg pull: noquirk policy:push not-client
1589. Mar 30 11:11:11.726088: | phase 1 is done, looking for phase 2 to unpend
1590. Mar 30 11:11:11.726093: | releasing #4's fd-fd@(nil) because IKEv1 transitions finished
1591. Mar 30 11:11:11.726096: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
1592. Mar 30 11:11:11.726104: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
1593. Mar 30 11:11:11.726114: | stop processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
1594. Mar 30 11:11:11.726118: | processing: STOP connection NULL (in process_md() at demux.c:384)
1595. Mar 30 11:11:11.726157: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
1596. Mar 30 11:11:11.726162: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
1597. Mar 30 11:11:11.726166: |   08 10 20 01  00 00 00 02  00 00 01 bc  fc fe 21 66
1598. Mar 30 11:11:11.726169: |   45 e4 40 d0  73 c4 fb af  57 cd 6a b7  aa c6 4b de
1599. Mar 30 11:11:11.726172: |   4d f5 e5 bc  8b b8 cf 68  b6 8e 30 28  38 f3 8e 4c
1600. Mar 30 11:11:11.726175: |   6c af 67 59  02 13 cd 85  51 fc a4 4b  73 a7 83 0c
1601. Mar 30 11:11:11.726178: |   d4 12 80 d9  99 73 ca ea  80 f1 35 a4  d1 e9 27 55
1602. Mar 30 11:11:11.726181: |   3d a1 e3 62  08 c7 b2 1f  06 dc 44 56  f8 4b ba 56
1603. Mar 30 11:11:11.726184: |   6b 02 2a e1  f3 e3 05 cf  0e a0 92 c8  df 14 83 dc
1604. Mar 30 11:11:11.726187: |   fd 92 39 28  2f 21 8a 60  ed f5 26 4f  09 ed b6 11
1605. Mar 30 11:11:11.726190: |   c2 e1 2d 24  e4 92 3d 98  ae a7 32 f5  24 82 59 b4
1606. Mar 30 11:11:11.726193: |   c6 3b 00 c7  9f 28 77 cd  6b 12 7d d4  37 9e 4c cc
1607. Mar 30 11:11:11.726196: |   e1 fc 37 5b  96 75 60 f4  1a 8d 0f 67  08 95 82 f1
1608. Mar 30 11:11:11.726199: |   04 e8 9d 79  f7 f3 04 b5  1d b7 b8 42  2f f4 17 d2
1609. Mar 30 11:11:11.726297: |   bb 80 ff ca  36 50 c0 5d  27 65 0d 36  cd f9 bc 95
1610. Mar 30 11:11:11.726302: |   a8 45 8e 65  27 76 06 75  4a f5 68 1a  4b e5 d1 44
1611. Mar 30 11:11:11.726305: |   19 b3 c8 e9  ea 33 bc 46  2c 31 69 51  b6 30 5a 8e
1612. Mar 30 11:11:11.726308: |   3a 33 47 e9  86 68 ef 7d  3c cf ac 6e  3c 3b c0 38
1613. Mar 30 11:11:11.726311: |   39 15 89 5b  4f 27 cc 5e  f4 2f 0e 9e  91 01 60 22
1614. Mar 30 11:11:11.726314: |   80 58 37 f1  20 3f 21 19  e5 56 ec 4b  35 48 b5 e3
1615. Mar 30 11:11:11.726317: |   b5 8b 03 8d  e3 bc c3 52  46 19 9e 81  d6 f6 02 02
1616. Mar 30 11:11:11.726320: |   68 62 2e 4b  67 d2 df 50  9b 83 79 a1  df 7c 35 71
1617. Mar 30 11:11:11.726323: |   b8 b4 ee c5  eb 50 be 70  2c d5 61 37  ba 36 92 9a
1618. Mar 30 11:11:11.726326: |   dd cf 70 fb  10 58 95 92  29 77 87 7a  1e 2f a0 8f
1619. Mar 30 11:11:11.726329: |   39 f5 84 e5  0c dd 05 ea  60 30 c5 61  b2 06 92 50
1620. Mar 30 11:11:11.726338: |   5c db 71 d3  04 7a 83 1e  ae 59 2e ff  cf 82 60 9d
1621. Mar 30 11:11:11.726341: |   93 31 47 e7  8d 7b e4 37  1f a6 c5 a5  75 0a dc 56
1622. Mar 30 11:11:11.726344: |   d4 eb a8 64  7e 8a 85 12  66 dd 24 4a  58 5b 31 d4
1623. Mar 30 11:11:11.726347: |   7d d9 0d fa  00 8d e3 ee  bb 8d e1 9a
1624. Mar 30 11:11:11.726353: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
1625. Mar 30 11:11:11.726360: | **parse ISAKMP Message:
1626. Mar 30 11:11:11.726365: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
1627. Mar 30 11:11:11.726370: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
1628. Mar 30 11:11:11.726374: |    next payload type: ISAKMP_NEXT_HASH (0x8)
1629. Mar 30 11:11:11.726378: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
1630. Mar 30 11:11:11.726381: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
1631. Mar 30 11:11:11.726385: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
1632. Mar 30 11:11:11.726390: |    Message ID: 2 (00 00 00 02)
1633. Mar 30 11:11:11.726394: |    length: 444 (00 00 01 bc)
1634. Mar 30 11:11:11.726398: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
1635. Mar 30 11:11:11.726403: | State DB: IKEv1 state not found (find_state_ikev1)
1636. Mar 30 11:11:11.726407: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
1637. Mar 30 11:11:11.726414: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
1638. Mar 30 11:11:11.726456: | #3 is idle
1639. Mar 30 11:11:11.726460: | #3 idle
1640. Mar 30 11:11:11.726465: | received encrypted packet from 93.46.124.104:4500
1641. Mar 30 11:11:11.726490: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
1642. Mar 30 11:11:11.726494: | ***parse ISAKMP Hash Payload:
1643. Mar 30 11:11:11.726498: |    next payload type: ISAKMP_NEXT_SA (0x1)
1644. Mar 30 11:11:11.726502: |    length: 24 (00 18)
1645. Mar 30 11:11:11.726506: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
1646. Mar 30 11:11:11.726509: | ***parse ISAKMP Security Association Payload:
1647. Mar 30 11:11:11.726513: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
1648. Mar 30 11:11:11.726517: |    length: 280 (01 18)
1649. Mar 30 11:11:11.726520: |    DOI: ISAKMP_DOI_IPSEC (0x1)
1650. Mar 30 11:11:11.726523: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
1651. Mar 30 11:11:11.726527: | ***parse ISAKMP Nonce Payload:
1652. Mar 30 11:11:11.726530: |    next payload type: ISAKMP_NEXT_ID (0x5)
1653. Mar 30 11:11:11.726534: |    length: 52 (00 34)
1654. Mar 30 11:11:11.726537: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
1655. Mar 30 11:11:11.726541: | ***parse ISAKMP Identification Payload (IPsec DOI):
1656. Mar 30 11:11:11.726545: |    next payload type: ISAKMP_NEXT_ID (0x5)
1657. Mar 30 11:11:11.726548: |    length: 12 (00 0c)
1658. Mar 30 11:11:11.726552: |    ID type: ID_IPV4_ADDR (0x1)
1659. Mar 30 11:11:11.726555: |    Protocol ID: 17 (11)
1660. Mar 30 11:11:11.726559: |    port: 1701 (06 a5)
1661. Mar 30 11:11:11.726562: |      obj:
1662. Mar 30 11:11:11.726565: |   c0 a8 01 65
1663. Mar 30 11:11:11.726569: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
1664. Mar 30 11:11:11.726572: | ***parse ISAKMP Identification Payload (IPsec DOI):
1665. Mar 30 11:11:11.726575: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
1666. Mar 30 11:11:11.726579: |    length: 12 (00 0c)
1667. Mar 30 11:11:11.726582: |    ID type: ID_IPV4_ADDR (0x1)
1668. Mar 30 11:11:11.726586: |    Protocol ID: 17 (11)
1669. Mar 30 11:11:11.726589: |    port: 1701 (06 a5)
1670. Mar 30 11:11:11.726701: |      obj:
1671. Mar 30 11:11:11.726708: |   33 9e 40 c9
1672. Mar 30 11:11:11.726712: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
1673. Mar 30 11:11:11.726716: | ***parse ISAKMP NAT-OA Payload:
1674. Mar 30 11:11:11.726719: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
1675. Mar 30 11:11:11.726724: |    length: 12 (00 0c)
1676. Mar 30 11:11:11.726727: |    ID type: ID_IPV4_ADDR (0x1)
1677. Mar 30 11:11:11.726730: |      obj:
1678. Mar 30 11:11:11.726733: |   c0 a8 01 65
1679. Mar 30 11:11:11.726736: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
1680. Mar 30 11:11:11.726740: | ***parse ISAKMP NAT-OA Payload:
1681. Mar 30 11:11:11.726743: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1682. Mar 30 11:11:11.726753: |    length: 12 (00 0c)
1683. Mar 30 11:11:11.726757: |    ID type: ID_IPV4_ADDR (0x1)
1684. Mar 30 11:11:11.726760: |      obj:
1685. Mar 30 11:11:11.726763: |   33 9e 40 c9
1686. Mar 30 11:11:11.726766: | removing 12 bytes of padding
1687. Mar 30 11:11:11.726844: | quick_inI1_outR1 HASH(1):
1688. Mar 30 11:11:11.726856: |   32 0f a0 9c  c7 a3 c7 df  4c a1 44 85  ec c4 88 eb
1689. Mar 30 11:11:11.726859: |   2c 16 d8 8a
1690. Mar 30 11:11:11.726863: | received 'quick_inI1_outR1' message HASH(1) data ok
1691. Mar 30 11:11:11.726870: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
1692. Mar 30 11:11:11.726873: | ID address
1693. Mar 30 11:11:11.726876: |   c0 a8 01 65
1694. Mar 30 11:11:11.726882: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
1695. Mar 30 11:11:11.726887: | peer client is 192.168.1.101/32
1696. Mar 30 11:11:11.726891: | peer client protocol/port is 17/1701
1697. Mar 30 11:11:11.726894: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
1698. Mar 30 11:11:11.726897: | ID address
1699. Mar 30 11:11:11.726900: |   33 9e 40 c9
1700. Mar 30 11:11:11.726905: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
1701. Mar 30 11:11:11.726909: | our client is 51.158.64.201/32
1702. Mar 30 11:11:11.726912: | our client protocol/port is 17/1701
1703. Mar 30 11:11:11.726920: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
1704. Mar 30 11:11:11.727001: | find_client_connection starting with l2tp-psk
1705. Mar 30 11:11:11.727007: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
1706. Mar 30 11:11:11.727013: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
1707. Mar 30 11:11:11.727018: |    match_id a=192.168.1.101
1708. Mar 30 11:11:11.727022: |             b=192.168.1.101
1709. Mar 30 11:11:11.727026: |    results  matched
1710. Mar 30 11:11:11.727035: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
1711. Mar 30 11:11:11.727041: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
1712. Mar 30 11:11:11.727044: |   fc_try concluding with none [0]
1713. Mar 30 11:11:11.727047: |   fc_try l2tp-psk gives none
1714. Mar 30 11:11:11.727054: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
1715. Mar 30 11:11:11.727060: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
1716. Mar 30 11:11:11.727064: |    match_id a=192.168.1.101
1717. Mar 30 11:11:11.727067: |             b=(none)
1718. Mar 30 11:11:11.727070: |    results  matched
1719. Mar 30 11:11:11.727079: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
1720. Mar 30 11:11:11.727085: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
1721. Mar 30 11:11:11.727089: |    match_id a=192.168.1.101
1722. Mar 30 11:11:11.727092: |             b=(none)
1723. Mar 30 11:11:11.727095: |    results  matched
1724. Mar 30 11:11:11.727098: |   fc_try concluding with none [0]
1725. Mar 30 11:11:11.727103: |    match_id a=192.168.1.101
1726. Mar 30 11:11:11.727106: |             b=(none)
1727. Mar 30 11:11:11.727109: |    results  matched
1728. Mar 30 11:11:11.727116: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
1729. Mar 30 11:11:11.727120: |    match_id a=192.168.1.101
1730. Mar 30 11:11:11.727124: |             b=(none)
1731. Mar 30 11:11:11.727127: |    results  matched
1732. Mar 30 11:11:11.727130: |   fc_try_oppo concluding with none [0]
1733. Mar 30 11:11:11.727133: |   concluding with d = none
1734. Mar 30 11:11:11.727138: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
1735. Mar 30 11:11:11.727141: | client wildcard: no  port wildcard: no  virtual: no
1736. Mar 30 11:11:11.727145: | NAT-Traversal: received 2 NAT-OA.
1737. Mar 30 11:11:11.727150: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
1738. Mar 30 11:11:11.727161: | NAT-OA:
1739. Mar 30 11:11:11.727164: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
1740. Mar 30 11:11:11.727167: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
1741. Mar 30 11:11:11.727171: | NAT-Traversal: NAT-OA IP
1742. Mar 30 11:11:11.727173: |   c0 a8 01 65
1743. Mar 30 11:11:11.727178: | received NAT-OA: 192.168.1.101
1744. Mar 30 11:11:11.727188: | addref fd@NULL (in new_state() at state.c:555)
1745. Mar 30 11:11:11.727192: | creating state object #5 at 0x562b2d5567b8
1746. Mar 30 11:11:11.727196: | State DB: adding IKEv1 state #5 in UNDEFINED
1747. Mar 30 11:11:11.727206: | pstats #5 ikev1.ipsec started
1748. Mar 30 11:11:11.727211: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #5 for IPSEC SA
1749. Mar 30 11:11:11.727218: | #5 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
1750. Mar 30 11:11:11.727228: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
1751. Mar 30 11:11:11.727234: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
1752. Mar 30 11:11:11.727238: | switching MD.ST from #3 to CHILD #5; ulgh
1753. Mar 30 11:11:11.727242: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
1754. Mar 30 11:11:11.727247: | ****parse IPsec DOI SIT:
1755. Mar 30 11:11:11.727253: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1756. Mar 30 11:11:11.727256: | ****parse ISAKMP Proposal Payload:
1757. Mar 30 11:11:11.727260: |    next payload type: ISAKMP_NEXT_P (0x2)
1758. Mar 30 11:11:11.727264: |    length: 56 (00 38)
1759. Mar 30 11:11:11.727267: |    proposal number: 1 (01)
1760. Mar 30 11:11:11.727271: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1761. Mar 30 11:11:11.727274: |    SPI size: 4 (04)
1762. Mar 30 11:11:11.727278: |    number of transforms: 1 (01)
1763. Mar 30 11:11:11.727281: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
1764. Mar 30 11:11:11.727284: | SPI
1765. Mar 30 11:11:11.727287: |   7d 0c 02 4c
1766. Mar 30 11:11:11.727291: | ****parse ISAKMP Proposal Payload:
1767. Mar 30 11:11:11.727294: |    next payload type: ISAKMP_NEXT_P (0x2)
1768. Mar 30 11:11:11.727298: |    length: 56 (00 38)
1769. Mar 30 11:11:11.727301: |    proposal number: 2 (02)
1770. Mar 30 11:11:11.727304: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1771. Mar 30 11:11:11.727308: |    SPI size: 4 (04)
1772. Mar 30 11:11:11.727311: |    number of transforms: 1 (01)
1773. Mar 30 11:11:11.727315: | *****parse ISAKMP Transform Payload (ESP):
1774. Mar 30 11:11:11.727319: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1775. Mar 30 11:11:11.727322: |    length: 44 (00 2c)
1776. Mar 30 11:11:11.727326: |    ESP transform number: 1 (01)
1777. Mar 30 11:11:11.727329: |    ESP transform ID: ESP_AES (0xc)
1778. Mar 30 11:11:11.727334: | ******parse ISAKMP IPsec DOI attribute:
1779. Mar 30 11:11:11.727337: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
1780. Mar 30 11:11:11.727341: |    length/value: 4 (00 04)
1781. Mar 30 11:11:11.727344: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
1782. Mar 30 11:11:11.727349: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
1783. Mar 30 11:11:11.727352: | ******parse ISAKMP IPsec DOI attribute:
1784. Mar 30 11:11:11.727356: |    af+type: AF+KEY_LENGTH (0x8006)
1785. Mar 30 11:11:11.727360: |    length/value: 256 (01 00)
1786. Mar 30 11:11:11.727363: | ******parse ISAKMP IPsec DOI attribute:
1787. Mar 30 11:11:11.727366: |    af+type: AF+AUTH_ALGORITHM (0x8005)
1788. Mar 30 11:11:11.727370: |    length/value: 2 (00 02)
1789. Mar 30 11:11:11.727373: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
1790. Mar 30 11:11:11.727377: | ******parse ISAKMP IPsec DOI attribute:
1791. Mar 30 11:11:11.727380: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1792. Mar 30 11:11:11.727384: |    length/value: 1 (00 01)
1793. Mar 30 11:11:11.727387: |    [1 is SA_LIFE_TYPE_SECONDS]
1794. Mar 30 11:11:11.727390: | ******parse ISAKMP IPsec DOI attribute:
1795. Mar 30 11:11:11.727394: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1796. Mar 30 11:11:11.727397: |    length/value: 4 (00 04)
1797. Mar 30 11:11:11.727401: |    long duration: 3600
1798. Mar 30 11:11:11.727404: | ******parse ISAKMP IPsec DOI attribute:
1799. Mar 30 11:11:11.727411: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1800. Mar 30 11:11:11.727415: |    length/value: 2 (00 02)
1801. Mar 30 11:11:11.727418: |    [2 is SA_LIFE_TYPE_KBYTES]
1802. Mar 30 11:11:11.727421: | ******parse ISAKMP IPsec DOI attribute:
1803. Mar 30 11:11:11.727425: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1804. Mar 30 11:11:11.727428: |    length/value: 4 (00 04)
1805. Mar 30 11:11:11.727431: |    long duration: 250000
1806. Mar 30 11:11:11.727436: | ESP IPsec Transform verified; matches alg_info entry
1807. Mar 30 11:11:11.727445: | adding quick_outI1 KE work-order 7 for state #5
1808. Mar 30 11:11:11.727449: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d553ed8
1809. Mar 30 11:11:11.727454: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5
1810. Mar 30 11:11:11.727458: | libevent_malloc: newref ptr-libevent@0x562b2d5546a8 size 128
1811. Mar 30 11:11:11.727469: | complete v1 state transition with STF_SUSPEND
1812. Mar 30 11:11:11.727476: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
1813. Mar 30 11:11:11.727480: | suspending state #5 and saving MD 0x562b2d551f08
1814. Mar 30 11:11:11.727483: | #5 is busy; has suspended MD 0x562b2d551f08
1815. Mar 30 11:11:11.727490: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
1816. Mar 30 11:11:11.727496: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
1817. Mar 30 11:11:11.727500: | processing: STOP connection NULL (in process_md() at demux.c:384)
1818. Mar 30 11:11:11.727510: | processing signal PLUTO_SIGCHLD
1819. Mar 30 11:11:11.727516: | waitpid returned ECHILD (no child processes left)
1820. Mar 30 11:11:11.727520: | processing signal PLUTO_SIGCHLD
1821. Mar 30 11:11:11.727523: | waitpid returned ECHILD (no child processes left)
1822. Mar 30 11:11:11.727527: | processing signal PLUTO_SIGCHLD
1823. Mar 30 11:11:11.727531: | waitpid returned ECHILD (no child processes left)
1824. Mar 30 11:11:11.727559: | crypto helper 1 resuming
1825. Mar 30 11:11:11.727564: | crypto helper 1 starting work-order 7 for state #5
1826. Mar 30 11:11:11.727569: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 7
1827. Mar 30 11:11:11.727590: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 7 time elapsed 0.000021 seconds
1828. Mar 30 11:11:11.727594: | crypto helper 1 sending results from work-order 7 for state #5 to event queue
1829. Mar 30 11:11:11.727600: | scheduling resume sending helper answer for #5
1830. Mar 30 11:11:11.727604: | libevent_malloc: newref ptr-libevent@0x7f3a440014b8 size 128
1831. Mar 30 11:11:11.727612: | crypto helper 1 waiting (nothing to do)
1832. Mar 30 11:11:11.727622: | processing resume sending helper answer for #5
1833. Mar 30 11:11:11.727629: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
1834. Mar 30 11:11:11.727633: | unsuspending #5 MD 0x562b2d551f08
1835. Mar 30 11:11:11.727637: | crypto helper 1 replies to request ID 7
1836. Mar 30 11:11:11.727640: | calling continuation function 0x562b2c27c390
1837. Mar 30 11:11:11.727644: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH
1838. Mar 30 11:11:11.727668: | **emit ISAKMP Message:
1839. Mar 30 11:11:11.727673: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
1840. Mar 30 11:11:11.727677: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
1841. Mar 30 11:11:11.727680: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1842. Mar 30 11:11:11.727684: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
1843. Mar 30 11:11:11.727687: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
1844. Mar 30 11:11:11.727690: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
1845. Mar 30 11:11:11.727695: |    Message ID: 2 (00 00 00 02)
1846. Mar 30 11:11:11.727698: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
1847. Mar 30 11:11:11.727702: | ***emit ISAKMP Hash Payload:
1848. Mar 30 11:11:11.727705: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1849. Mar 30 11:11:11.727709: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
1850. Mar 30 11:11:11.727717: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
1851. Mar 30 11:11:11.727722: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
1852. Mar 30 11:11:11.727725: | emitting length of ISAKMP Hash Payload: 24
1853. Mar 30 11:11:11.727728: | ***emit ISAKMP Security Association Payload:
1854. Mar 30 11:11:11.727731: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
1855. Mar 30 11:11:11.727735: |    DOI: ISAKMP_DOI_IPSEC (0x1)
1856. Mar 30 11:11:11.727738: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
1857. Mar 30 11:11:11.727742: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
1858. Mar 30 11:11:11.727745: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
1859. Mar 30 11:11:11.727749: | ****parse IPsec DOI SIT:
1860. Mar 30 11:11:11.727752: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1861. Mar 30 11:11:11.727756: | ****parse ISAKMP Proposal Payload:
1862. Mar 30 11:11:11.727759: |    next payload type: ISAKMP_NEXT_P (0x2)
1863. Mar 30 11:11:11.727763: |    length: 56 (00 38)
1864. Mar 30 11:11:11.727766: |    proposal number: 1 (01)
1865. Mar 30 11:11:11.727769: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1866. Mar 30 11:11:11.727773: |    SPI size: 4 (04)
1867. Mar 30 11:11:11.727776: |    number of transforms: 1 (01)
1868. Mar 30 11:11:11.727779: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
1869. Mar 30 11:11:11.727782: | SPI
1870. Mar 30 11:11:11.727786: |   7d 0c 02 4c
1871. Mar 30 11:11:11.727789: | ****parse ISAKMP Proposal Payload:
1872. Mar 30 11:11:11.727792: |    next payload type: ISAKMP_NEXT_P (0x2)
1873. Mar 30 11:11:11.727796: |    length: 56 (00 38)
1874. Mar 30 11:11:11.727799: |    proposal number: 2 (02)
1875. Mar 30 11:11:11.727802: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1876. Mar 30 11:11:11.727806: |    SPI size: 4 (04)
1877. Mar 30 11:11:11.727809: |    number of transforms: 1 (01)
1878. Mar 30 11:11:11.727813: | *****parse ISAKMP Transform Payload (ESP):
1879. Mar 30 11:11:11.727816: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1880. Mar 30 11:11:11.727820: |    length: 44 (00 2c)
1881. Mar 30 11:11:11.727823: |    ESP transform number: 1 (01)
1882. Mar 30 11:11:11.727826: |    ESP transform ID: ESP_AES (0xc)
1883. Mar 30 11:11:11.727830: | ******parse ISAKMP IPsec DOI attribute:
1884. Mar 30 11:11:11.727833: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
1885. Mar 30 11:11:11.727837: |    length/value: 4 (00 04)
1886. Mar 30 11:11:11.727840: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
1887. Mar 30 11:11:11.727844: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
1888. Mar 30 11:11:11.727847: | ******parse ISAKMP IPsec DOI attribute:
1889. Mar 30 11:11:11.727850: |    af+type: AF+KEY_LENGTH (0x8006)
1890. Mar 30 11:11:11.727854: |    length/value: 256 (01 00)
1891. Mar 30 11:11:11.727857: | ******parse ISAKMP IPsec DOI attribute:
1892. Mar 30 11:11:11.727861: |    af+type: AF+AUTH_ALGORITHM (0x8005)
1893. Mar 30 11:11:11.727864: |    length/value: 2 (00 02)
1894. Mar 30 11:11:11.727868: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
1895. Mar 30 11:11:11.727871: | ******parse ISAKMP IPsec DOI attribute:
1896. Mar 30 11:11:11.727874: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1897. Mar 30 11:11:11.727878: |    length/value: 1 (00 01)
1898. Mar 30 11:11:11.727881: |    [1 is SA_LIFE_TYPE_SECONDS]
1899. Mar 30 11:11:11.727884: | ******parse ISAKMP IPsec DOI attribute:
1900. Mar 30 11:11:11.727887: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1901. Mar 30 11:11:11.727891: |    length/value: 4 (00 04)
1902. Mar 30 11:11:11.727894: |    long duration: 3600
1903. Mar 30 11:11:11.727898: | ******parse ISAKMP IPsec DOI attribute:
1904. Mar 30 11:11:11.727901: |    af+type: AF+SA_LIFE_TYPE (0x8001)
1905. Mar 30 11:11:11.727904: |    length/value: 2 (00 02)
1906. Mar 30 11:11:11.727908: |    [2 is SA_LIFE_TYPE_KBYTES]
1907. Mar 30 11:11:11.727911: | ******parse ISAKMP IPsec DOI attribute:
1908. Mar 30 11:11:11.727914: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
1909. Mar 30 11:11:11.727921: |    length/value: 4 (00 04)
1910. Mar 30 11:11:11.727924: |    long duration: 250000
1911. Mar 30 11:11:11.727928: | ESP IPsec Transform verified; matches alg_info entry
1912. Mar 30 11:11:11.727931: | ****emit IPsec DOI SIT:
1913. Mar 30 11:11:11.727934: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
1914. Mar 30 11:11:11.727938: | ****emit ISAKMP Proposal Payload:
1915. Mar 30 11:11:11.727941: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1916. Mar 30 11:11:11.727945: |    proposal number: 1 (01)
1917. Mar 30 11:11:11.727948: |    protocol ID: PROTO_IPSEC_ESP (0x3)
1918. Mar 30 11:11:11.727951: |    SPI size: 4 (04)
1919. Mar 30 11:11:11.727955: |    number of transforms: 1 (01)
1920. Mar 30 11:11:11.727958: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
1921. Mar 30 11:11:11.728032: | netlink_get_spi: allocated 0x36fdd548 for esp.0@10.68.154.105
1922. Mar 30 11:11:11.728054: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
1923. Mar 30 11:11:11.728059: | SPI: 36 fd d5 48
1924. Mar 30 11:11:11.728062: | *****emit ISAKMP Transform Payload (ESP):
1925. Mar 30 11:11:11.728066: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1926. Mar 30 11:11:11.728069: |    ESP transform number: 1 (01)
1927. Mar 30 11:11:11.728073: |    ESP transform ID: ESP_AES (0xc)
1928. Mar 30 11:11:11.728076: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
1929. Mar 30 11:11:11.728080: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
1930. Mar 30 11:11:11.728084: | attributes:
1931. Mar 30 11:11:11.728087: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
1932. Mar 30 11:11:11.728090: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
1933. Mar 30 11:11:11.728093: |   00 03 d0 90
1934. Mar 30 11:11:11.728096: | emitting length of ISAKMP Transform Payload (ESP): 44
1935. Mar 30 11:11:11.728099: | emitting length of ISAKMP Proposal Payload: 56
1936. Mar 30 11:11:11.728103: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
1937. Mar 30 11:11:11.728106: | emitting length of ISAKMP Security Association Payload: 68
1938. Mar 30 11:11:11.728109: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
1939. Mar 30 11:11:11.728116: "l2tp-psk"[4] 93.46.124.104 #5: responding to Quick Mode proposal {msgid:00000002}
1940. Mar 30 11:11:11.728125: "l2tp-psk"[4] 93.46.124.104 #5:     us: 10.68.154.105[51.158.64.201]:17/1701
1941. Mar 30 11:11:11.728131: "l2tp-psk"[4] 93.46.124.104 #5:   them: 93.46.124.104[192.168.1.101]:17/1701
1942. Mar 30 11:11:11.728135: | ***emit ISAKMP Nonce Payload:
1943. Mar 30 11:11:11.728138: |    next payload type: ISAKMP_NEXT_ID (0x5)
1944. Mar 30 11:11:11.728142: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
1945. Mar 30 11:11:11.728145: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
1946. Mar 30 11:11:11.728149: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
1947. Mar 30 11:11:11.728153: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
1948. Mar 30 11:11:11.728156: | Nr:
1949. Mar 30 11:11:11.728159: |   94 9f cf 88  e5 2f 7c da  ca 9f 77 4a  b4 84 32 43
1950. Mar 30 11:11:11.728162: |   53 fe 29 b6  20 33 43 92  47 f4 ba 3b  68 73 81 a2
1951. Mar 30 11:11:11.728165: | emitting length of ISAKMP Nonce Payload: 36
1952. Mar 30 11:11:11.728169: | ***emit ISAKMP Identification Payload (IPsec DOI):
1953. Mar 30 11:11:11.728172: |    next payload type: ISAKMP_NEXT_ID (0x5)
1954. Mar 30 11:11:11.728175: |    ID type: ID_IPV4_ADDR (0x1)
1955. Mar 30 11:11:11.728179: |    Protocol ID: 17 (11)
1956. Mar 30 11:11:11.728182: |    port: 1701 (06 a5)
1957. Mar 30 11:11:11.728186: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
1958. Mar 30 11:11:11.728189: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
1959. Mar 30 11:11:11.728199: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
1960. Mar 30 11:11:11.728203: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
1961. Mar 30 11:11:11.728207: | ID body: c0 a8 01 65
1962. Mar 30 11:11:11.728210: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
1963. Mar 30 11:11:11.728214: | ***emit ISAKMP Identification Payload (IPsec DOI):
1964. Mar 30 11:11:11.728217: |    next payload type: ISAKMP_NEXT_NONE (0x0)
1965. Mar 30 11:11:11.728220: |    ID type: ID_IPV4_ADDR (0x1)
1966. Mar 30 11:11:11.728224: |    Protocol ID: 17 (11)
1967. Mar 30 11:11:11.728227: |    port: 1701 (06 a5)
1968. Mar 30 11:11:11.728231: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
1969. Mar 30 11:11:11.728234: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
1970. Mar 30 11:11:11.728238: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
1971. Mar 30 11:11:11.728242: | ID body: 33 9e 40 c9
1972. Mar 30 11:11:11.728245: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
1973. Mar 30 11:11:11.728273: | quick inR1 outI2 HASH(2):
1974. Mar 30 11:11:11.728277: |   b6 ea 86 b1  47 d8 46 9e  cf 78 82 13  4b ad 98 93
1975. Mar 30 11:11:11.728280: |   b1 98 ee 47
1976. Mar 30 11:11:11.728283: | compute_proto_keymat: needed_len (after ESP enc)=32
1977. Mar 30 11:11:11.728286: | compute_proto_keymat: needed_len (after ESP auth)=52
1978. Mar 30 11:11:11.728366: | install_inbound_ipsec_sa() checking if we can route
1979. Mar 30 11:11:11.728371: | could_route called for l2tp-psk (kind=CK_INSTANCE)
1980. Mar 30 11:11:11.728375: | FOR_EACH_CONNECTION_... in route_owner
1981. Mar 30 11:11:11.728379: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1982. Mar 30 11:11:11.728383: |  conn l2tp-psk mark 0/00000000, 0/00000000
1983. Mar 30 11:11:11.728386: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1984. Mar 30 11:11:11.728389: |  conn xauth-psk mark 0/00000000, 0/00000000
1985. Mar 30 11:11:11.728393: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
1986. Mar 30 11:11:11.728396: |  conn l2tp-psk mark 0/00000000, 0/00000000
1987. Mar 30 11:11:11.728402: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
1988. Mar 30 11:11:11.728405: |    routing is easy, or has resolvable near-conflict
1989. Mar 30 11:11:11.728409: | checking if this is a replacement state
1990. Mar 30 11:11:11.728412: |   st=0x562b2d5567b8 ost=0x562b2d555bd8 st->serialno=#5 ost->serialno=#4
1991. Mar 30 11:11:11.728417: "l2tp-psk"[4] 93.46.124.104 #5: keeping refhim=0 during rekey
1992. Mar 30 11:11:11.728420: | installing outgoing SA now as refhim=0
1993. Mar 30 11:11:11.728424: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
1994. Mar 30 11:11:11.728428: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
1995. Mar 30 11:11:11.728432: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
1996. Mar 30 11:11:11.728437: | setting IPsec SA replay-window to 32
1997. Mar 30 11:11:11.728440: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
1998. Mar 30 11:11:11.728445: | netlink: enabling transport mode
1999. Mar 30 11:11:11.728450: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
2000. Mar 30 11:11:11.728453: | XFRM: adding IPsec SA with reqid 16409
2001. Mar 30 11:11:11.728457: | netlink: setting IPsec SA replay-window to 32 using old-style req
2002. Mar 30 11:11:11.728461: | netlink: esp-hw-offload not set for IPsec SA
2003. Mar 30 11:11:11.728554: | netlink response for Add SA esp.7d0c024c@93.46.124.104 included non-error error
2004. Mar 30 11:11:11.728560: | outgoing SA has refhim=0
2005. Mar 30 11:11:11.728564: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
2006. Mar 30 11:11:11.728568: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
2007. Mar 30 11:11:11.728571: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
2008. Mar 30 11:11:11.728575: | setting IPsec SA replay-window to 32
2009. Mar 30 11:11:11.728584: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
2010. Mar 30 11:11:11.728587: | netlink: enabling transport mode
2011. Mar 30 11:11:11.728592: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
2012. Mar 30 11:11:11.728595: | XFRM: adding IPsec SA with reqid 16409
2013. Mar 30 11:11:11.728598: | netlink: setting IPsec SA replay-window to 32 using old-style req
2014. Mar 30 11:11:11.728602: | netlink: esp-hw-offload not set for IPsec SA
2015. Mar 30 11:11:11.728662: | netlink response for Add SA esp.36fdd548@10.68.154.105 included non-error error
2016. Mar 30 11:11:11.728671: | emitting 8 zero bytes of encryption padding into ISAKMP Message
2017. Mar 30 11:11:11.728674: | no IKEv1 message padding required
2018. Mar 30 11:11:11.728677: | emitting length of ISAKMP Message: 188
2019. Mar 30 11:11:11.728692: | finished processing quick inI1
2020. Mar 30 11:11:11.728696: | complete v1 state transition with STF_OK
2021. Mar 30 11:11:11.728703: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
2022. Mar 30 11:11:11.728706: | #5 is idle
2023. Mar 30 11:11:11.728710: | doing_xauth:no, t_xauth_client_done:no
2024. Mar 30 11:11:11.728714: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
2025. Mar 30 11:11:11.728718: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
2026. Mar 30 11:11:11.728721: | event_already_set, deleting event
2027. Mar 30 11:11:11.728725: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted
2028. Mar 30 11:11:11.728729: | libevent_free: delref ptr-libevent@0x562b2d5546a8
2029. Mar 30 11:11:11.728733: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d553ed8
2030. Mar 30 11:11:11.728739: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
2031. Mar 30 11:11:11.728747: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #5)
2032. Mar 30 11:11:11.728751: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
2033. Mar 30 11:11:11.728754: |   5d 82 98 78  08 10 20 01  00 00 00 02  00 00 00 bc
2034. Mar 30 11:11:11.728757: |   2f 1c 35 9a  71 dc 5c df  a8 34 6b 98  87 2b 74 ed
2035. Mar 30 11:11:11.728760: |   69 49 17 cd  9e 9a 66 13  0f bc c2 73  c7 a6 66 e9
2036. Mar 30 11:11:11.728763: |   2a 6e 10 f8  76 80 64 15  25 9b 8e ee  3f 54 99 8d
2037. Mar 30 11:11:11.728766: |   c4 71 3a be  67 ca 67 24  59 3a 9f 9a  32 8c 0f 51
2038. Mar 30 11:11:11.728769: |   25 42 d2 a3  33 61 11 ba  76 3b 84 3b  82 da 63 b4
2039. Mar 30 11:11:11.728772: |   39 93 34 a0  9c 1e 9c be  91 01 12 fa  6b 28 6d 0c
2040. Mar 30 11:11:11.728775: |   0c 3c c8 47  1d 98 26 f3  49 0f b0 88  f6 ec e1 df
2041. Mar 30 11:11:11.728778: |   11 d9 ed ae  38 54 dd b3  a0 8d 2f 18  14 f8 9e df
2042. Mar 30 11:11:11.728782: |   6b 53 91 70  26 b7 a2 39  7e b5 16 ff  cc 57 0c f5
2043. Mar 30 11:11:11.728785: |   7b 37 b2 5f  18 eb 42 52  9b b7 96 cc  42 3e 07 78
2044. Mar 30 11:11:11.728851: | !event_already_set at reschedule
2045. Mar 30 11:11:11.728858: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d553ed8
2046. Mar 30 11:11:11.728863: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5
2047. Mar 30 11:11:11.728867: | libevent_malloc: newref ptr-libevent@0x562b2d554758 size 128
2048. Mar 30 11:11:11.728873: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5630.154088
2049. Mar 30 11:11:11.728876: | pstats #5 ikev1.ipsec established
2050. Mar 30 11:11:11.728882: | NAT-T: NAT Traversal detected - their IKE port is '500'
2051. Mar 30 11:11:11.728885: | NAT-T: encaps is 'yes'
2052. Mar 30 11:11:11.728893: "l2tp-psk"[4] 93.46.124.104 #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x7d0c024c <0x36fdd548 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
2053. Mar 30 11:11:11.728897: | modecfg pull: noquirk policy:push not-client
2054. Mar 30 11:11:11.728900: | phase 1 is done, looking for phase 2 to unpend
2055. Mar 30 11:11:11.728903: | releasing #5's fd-fd@(nil) because IKEv1 transitions finished
2056. Mar 30 11:11:11.728912: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
2057. Mar 30 11:11:11.728917: | resume sending helper answer for #5 suppresed complete_v1_state_transition()
2058. Mar 30 11:11:11.728926: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
2059. Mar 30 11:11:11.728930: | libevent_free: delref ptr-libevent@0x7f3a440014b8
2060. Mar 30 11:11:11.768700: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2061. Mar 30 11:11:11.768737: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2062. Mar 30 11:11:11.768741: |   08 10 20 01  00 00 00 02  00 00 00 3c  5b a0 9f 34
2063. Mar 30 11:11:11.768744: |   7b 0a 2c 45  bc 47 e0 91  d3 5f ef b9  f0 78 74 3e
2064. Mar 30 11:11:11.768747: |   ac 28 dc 3a  73 d4 43 7b  5b 9f 07 0c
2065. Mar 30 11:11:11.768754: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2066. Mar 30 11:11:11.768762: | **parse ISAKMP Message:
2067. Mar 30 11:11:11.768768: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2068. Mar 30 11:11:11.768773: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2069. Mar 30 11:11:11.768777: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2070. Mar 30 11:11:11.768781: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2071. Mar 30 11:11:11.768784: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
2072. Mar 30 11:11:11.768788: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2073. Mar 30 11:11:11.768794: |    Message ID: 2 (00 00 00 02)
2074. Mar 30 11:11:11.768798: |    length: 60 (00 00 00 3c)
2075. Mar 30 11:11:11.768802: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
2076. Mar 30 11:11:11.768809: | State DB: found IKEv1 state #5 in QUICK_R1 (find_state_ikev1)
2077. Mar 30 11:11:11.768818: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
2078. Mar 30 11:11:11.768823: | #5 is idle
2079. Mar 30 11:11:11.768826: | #5 idle
2080. Mar 30 11:11:11.768831: | received encrypted packet from 93.46.124.104:4500
2081. Mar 30 11:11:11.768882: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
2082. Mar 30 11:11:11.768887: | ***parse ISAKMP Hash Payload:
2083. Mar 30 11:11:11.768891: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2084. Mar 30 11:11:11.768895: |    length: 24 (00 18)
2085. Mar 30 11:11:11.768898: | removing 8 bytes of padding
2086. Mar 30 11:11:11.768932: | quick_inI2 HASH(3):
2087. Mar 30 11:11:11.768936: |   b6 58 ae 95  7d b7 0e 49  05 5e 17 2d  c7 b4 6f 70
2088. Mar 30 11:11:11.768939: |   4b 1f 36 6a
2089. Mar 30 11:11:11.768943: | received 'quick_inI2' message HASH(3) data ok
2090. Mar 30 11:11:11.768949: | install_ipsec_sa() for #5: outbound only
2091. Mar 30 11:11:11.768954: | could_route called for l2tp-psk (kind=CK_INSTANCE)
2092. Mar 30 11:11:11.768958: | FOR_EACH_CONNECTION_... in route_owner
2093. Mar 30 11:11:11.768961: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2094. Mar 30 11:11:11.768965: |  conn l2tp-psk mark 0/00000000, 0/00000000
2095. Mar 30 11:11:11.768968: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2096. Mar 30 11:11:11.768972: |  conn xauth-psk mark 0/00000000, 0/00000000
2097. Mar 30 11:11:11.768976: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2098. Mar 30 11:11:11.768979: |  conn l2tp-psk mark 0/00000000, 0/00000000
2099. Mar 30 11:11:11.768985: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
2100. Mar 30 11:11:11.768990: | sr for #5: erouted
2101. Mar 30 11:11:11.768994: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
2102. Mar 30 11:11:11.768997: | FOR_EACH_CONNECTION_... in route_owner
2103. Mar 30 11:11:11.769000: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2104. Mar 30 11:11:11.769004: |  conn l2tp-psk mark 0/00000000, 0/00000000
2105. Mar 30 11:11:11.769007: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2106. Mar 30 11:11:11.769010: |  conn xauth-psk mark 0/00000000, 0/00000000
2107. Mar 30 11:11:11.769014: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2108. Mar 30 11:11:11.769017: |  conn l2tp-psk mark 0/00000000, 0/00000000
2109. Mar 30 11:11:11.769034: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
2110. Mar 30 11:11:11.769042: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #5
2111. Mar 30 11:11:11.769067: | we are replacing an eroute
2112. Mar 30 11:11:11.769074: | priority calculation of connection "l2tp-psk" is 0x15bfbf
2113. Mar 30 11:11:11.769088: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.7d0c024c@93.46.124.104>esp.7d0c024c@93.46.124.104 using reqid 16409 (raw_eroute)
2114. Mar 30 11:11:11.769098: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
2115. Mar 30 11:11:11.769104: | netlink_raw_eroute: using host address instead of client subnet
2116. Mar 30 11:11:11.769109: | IPsec Sa SPD priority set to 1425343
2117. Mar 30 11:11:11.769143: | raw_eroute result=success
2118. Mar 30 11:11:11.769149: | route_and_eroute: firewall_notified: true
2119. Mar 30 11:11:11.769156: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #5 (was #4) (newest_ipsec_sa=#4)
2120. Mar 30 11:11:11.769164: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #5 (was #4) (spd.eroute=#5) cloned from #3
2121. Mar 30 11:11:11.769169: | DPD: dpd_init() called on IPsec SA
2122. Mar 30 11:11:11.769174: | DPD: Peer does not support Dead Peer Detection
2123. Mar 30 11:11:11.769178: | complete v1 state transition with STF_OK
2124. Mar 30 11:11:11.769187: | [RE]START processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
2125. Mar 30 11:11:11.769191: | #5 is idle
2126. Mar 30 11:11:11.769196: | doing_xauth:no, t_xauth_client_done:no
2127. Mar 30 11:11:11.769200: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
2128. Mar 30 11:11:11.769207: | child state #5: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
2129. Mar 30 11:11:11.769211: | event_already_set, deleting event
2130. Mar 30 11:11:11.769216: | state #5 requesting EVENT_RETRANSMIT to be deleted
2131. Mar 30 11:11:11.769221: | #5 STATE_QUICK_R2: retransmits: cleared
2132. Mar 30 11:11:11.769238: | libevent_free: delref ptr-libevent@0x562b2d554758
2133. Mar 30 11:11:11.769253: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d553ed8
2134. Mar 30 11:11:11.769266: | !event_already_set at reschedule
2135. Mar 30 11:11:11.769278: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554928
2136. Mar 30 11:11:11.769290: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #5
2137. Mar 30 11:11:11.769303: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
2138. Mar 30 11:11:11.769317: | pstats #5 ikev1.ipsec established
2139. Mar 30 11:11:11.769340: | NAT-T: NAT Traversal detected - their IKE port is '500'
2140. Mar 30 11:11:11.769351: | NAT-T: encaps is 'yes'
2141. Mar 30 11:11:11.769375: "l2tp-psk"[4] 93.46.124.104 #5: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x7d0c024c <0x36fdd548 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
2142. Mar 30 11:11:11.769383: | modecfg pull: noquirk policy:push not-client
2143. Mar 30 11:11:11.769387: | phase 1 is done, looking for phase 2 to unpend
2144. Mar 30 11:11:11.769392: | releasing #5's fd-fd@(nil) because IKEv1 transitions finished
2145. Mar 30 11:11:11.769397: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
2146. Mar 30 11:11:11.769406: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
2147. Mar 30 11:11:11.769415: | stop processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
2148. Mar 30 11:11:11.769420: | processing: STOP connection NULL (in process_md() at demux.c:384)
2149. Mar 30 11:11:11.769454: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2150. Mar 30 11:11:11.769463: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2151. Mar 30 11:11:11.769471: |   08 10 05 01  13 c9 90 86  00 00 00 4c  f8 ba ae 16
2152. Mar 30 11:11:11.769482: |   f5 09 a2 34  34 16 25 cf  ba 0e 59 ef  65 87 4d 4c
2153. Mar 30 11:11:11.769486: |   94 f1 cc 9f  d2 23 a1 ac  ba bc c8 b9  e5 ab c0 10
2154. Mar 30 11:11:11.769490: |   e9 30 49 86  a9 be 21 8f  e8 a7 64 a2
2155. Mar 30 11:11:11.769498: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2156. Mar 30 11:11:11.769516: | **parse ISAKMP Message:
2157. Mar 30 11:11:11.769529: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2158. Mar 30 11:11:11.769541: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2159. Mar 30 11:11:11.769547: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2160. Mar 30 11:11:11.769552: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2161. Mar 30 11:11:11.769557: |    exchange type: ISAKMP_XCHG_INFO (0x5)
2162. Mar 30 11:11:11.769562: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2163. Mar 30 11:11:11.769568: |    Message ID: 331976838 (13 c9 90 86)
2164. Mar 30 11:11:11.769575: |    length: 76 (00 00 00 4c)
2165. Mar 30 11:11:11.769584: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
2166. Mar 30 11:11:11.769596: | peer and cookies match on #5; msgid=00000000 st_msgid=00000002 st_v1_msgid.phase15=00000000
2167. Mar 30 11:11:11.769604: | peer and cookies match on #4; msgid=00000000 st_msgid=00000001 st_v1_msgid.phase15=00000000
2168. Mar 30 11:11:11.769612: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
2169. Mar 30 11:11:11.769620: | p15 state object #3 found, in STATE_MAIN_R3
2170. Mar 30 11:11:11.769629: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
2171. Mar 30 11:11:11.769640: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
2172. Mar 30 11:11:11.769668: | #3 is idle
2173. Mar 30 11:11:11.769672: | #3 idle
2174. Mar 30 11:11:11.769677: | received encrypted packet from 93.46.124.104:4500
2175. Mar 30 11:11:11.769693: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
2176. Mar 30 11:11:11.769697: | ***parse ISAKMP Hash Payload:
2177. Mar 30 11:11:11.769700: |    next payload type: ISAKMP_NEXT_D (0xc)
2178. Mar 30 11:11:11.769704: |    length: 24 (00 18)
2179. Mar 30 11:11:11.769708: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
2180. Mar 30 11:11:11.769712: | ***parse ISAKMP Delete Payload:
2181. Mar 30 11:11:11.769715: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2182. Mar 30 11:11:11.769719: |    length: 16 (00 10)
2183. Mar 30 11:11:11.769722: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2184. Mar 30 11:11:11.769726: |    protocol ID: 3 (03)
2185. Mar 30 11:11:11.769729: |    SPI size: 4 (04)
2186. Mar 30 11:11:11.769733: |    number of SPIs: 1 (00 01)
2187. Mar 30 11:11:11.769736: | removing 8 bytes of padding
2188. Mar 30 11:11:11.769762: | informational HASH(1):
2189. Mar 30 11:11:11.769768: |   60 dd 2f 84  c3 5b 6e 34  ad bf a7 4a  f9 91 71 2f
2190. Mar 30 11:11:11.769772: |   d9 9a c8 67
2191. Mar 30 11:11:11.769777: | received 'informational' message HASH(1) data ok
2192. Mar 30 11:11:11.769782: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
2193. Mar 30 11:11:11.769787: | SPI
2194. Mar 30 11:11:11.769792: |   a3 48 a1 7c
2195. Mar 30 11:11:11.769796: | FOR_EACH_STATE_... in find_phase2_state_to_delete
2196. Mar 30 11:11:11.769805: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
2197. Mar 30 11:11:11.769813: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0xa348a17c) payload: deleting IPsec State #4
2198. Mar 30 11:11:11.769819: | pstats #4 ikev1.ipsec deleted completed
2199. Mar 30 11:11:11.769828: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
2200. Mar 30 11:11:11.769835: | start processing: state #4 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
2201. Mar 30 11:11:11.769842: "l2tp-psk"[4] 93.46.124.104 #4: deleting other state #4 (STATE_QUICK_R2) aged 0.142s and sending notification
2202. Mar 30 11:11:11.769846: | child state #4: QUICK_R2(established CHILD SA) => delete
2203. Mar 30 11:11:11.769852: | get_sa_info esp.a348a17c@93.46.124.104
2204. Mar 30 11:11:11.769874: | get_sa_info esp.6912e15@10.68.154.105
2205. Mar 30 11:11:11.769885: "l2tp-psk"[4] 93.46.124.104 #4: ESP traffic information: in=0B out=0B
2206. Mar 30 11:11:11.769891: | unsuspending #4 MD (nil)
2207. Mar 30 11:11:11.769896: | #4 send IKEv1 delete notification for STATE_QUICK_R2
2208. Mar 30 11:11:11.769901: | FOR_EACH_STATE_... in find_phase1_state
2209. Mar 30 11:11:11.769919: | **emit ISAKMP Message:
2210. Mar 30 11:11:11.769936: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2211. Mar 30 11:11:11.769943: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2212. Mar 30 11:11:11.769947: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2213. Mar 30 11:11:11.769952: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2214. Mar 30 11:11:11.769957: |    exchange type: ISAKMP_XCHG_INFO (0x5)
2215. Mar 30 11:11:11.769961: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2216. Mar 30 11:11:11.769967: |    Message ID: 1948207599 (74 1f 49 ef)
2217. Mar 30 11:11:11.769972: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
2218. Mar 30 11:11:11.769977: | ***emit ISAKMP Hash Payload:
2219. Mar 30 11:11:11.769989: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2220. Mar 30 11:11:11.769998: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
2221. Mar 30 11:11:11.770003: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
2222. Mar 30 11:11:11.770008: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
2223. Mar 30 11:11:11.770013: | emitting length of ISAKMP Hash Payload: 24
2224. Mar 30 11:11:11.770018: | ***emit ISAKMP Delete Payload:
2225. Mar 30 11:11:11.770023: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2226. Mar 30 11:11:11.770027: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2227. Mar 30 11:11:11.770035: |    protocol ID: 3 (03)
2228. Mar 30 11:11:11.770048: |    SPI size: 4 (04)
2229. Mar 30 11:11:11.770054: |    number of SPIs: 1 (00 01)
2230. Mar 30 11:11:11.770059: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
2231. Mar 30 11:11:11.770063: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
2232. Mar 30 11:11:11.770069: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
2233. Mar 30 11:11:11.770073: | delete payload: 06 91 2e 15
2234. Mar 30 11:11:11.770078: | emitting length of ISAKMP Delete Payload: 16
2235. Mar 30 11:11:11.770108: | send delete HASH(1):
2236. Mar 30 11:11:11.770115: |   27 3b bc 59  6f 6e 4c 0f  44 e5 56 53  c6 19 b6 92
2237. Mar 30 11:11:11.770118: |   db 1b d3 15
2238. Mar 30 11:11:11.770130: | emitting 8 zero bytes of encryption padding into ISAKMP Message
2239. Mar 30 11:11:11.770135: | no IKEv1 message padding required
2240. Mar 30 11:11:11.770139: | emitting length of ISAKMP Message: 76
2241. Mar 30 11:11:11.770163: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
2242. Mar 30 11:11:11.770170: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
2243. Mar 30 11:11:11.770175: |   5d 82 98 78  08 10 05 01  74 1f 49 ef  00 00 00 4c
2244. Mar 30 11:11:11.770179: |   28 f4 5b f1  26 b6 7d 03  33 01 a3 9c  75 b2 00 d7
2245. Mar 30 11:11:11.770183: |   83 15 79 74  8d 2d d0 b6  be 04 bd 31  05 bd d8 92
2246. Mar 30 11:11:11.770187: |   bb ee bf 56  ae 7b e2 05  84 7d b5 de  99 c3 09 ca
2247. Mar 30 11:11:11.770275: | state #4 requesting EVENT_SA_EXPIRE to be deleted
2248. Mar 30 11:11:11.770289: | libevent_free: delref ptr-libevent@0x562b2d551528
2249. Mar 30 11:11:11.770295: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d5566a8
2250. Mar 30 11:11:11.770304: | delete esp.a348a17c@93.46.124.104
2251. Mar 30 11:11:11.770310: | XFRM: deleting IPsec SA with reqid 0
2252. Mar 30 11:11:11.770351: | netlink response for Del SA esp.a348a17c@93.46.124.104 included non-error error
2253. Mar 30 11:11:11.770362: | delete esp.6912e15@10.68.154.105
2254. Mar 30 11:11:11.770367: | XFRM: deleting IPsec SA with reqid 0
2255. Mar 30 11:11:11.770386: | netlink response for Del SA esp.6912e15@10.68.154.105 included non-error error
2256. Mar 30 11:11:11.770399: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
2257. Mar 30 11:11:11.770404: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
2258. Mar 30 11:11:11.770409: | in connection_discard for connection l2tp-psk
2259. Mar 30 11:11:11.770413: | connection is instance
2260. Mar 30 11:11:11.770418: | not in pending use
2261. Mar 30 11:11:11.770423: | State DB: found state #5 in QUICK_R2 (connection_discard)
2262. Mar 30 11:11:11.770437: | states still using this connection instance, retaining
2263. Mar 30 11:11:11.770442: | State DB: deleting IKEv1 state #4 in QUICK_R2
2264. Mar 30 11:11:11.770453: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
2265. Mar 30 11:11:11.770459: | releasing #4's fd-fd@(nil) because deleting state
2266. Mar 30 11:11:11.770464: | delref fdp@NULL (in delete_state() at state.c:1185)
2267. Mar 30 11:11:11.770473: | stop processing: state #4 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
2268. Mar 30 11:11:11.770482: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
2269. Mar 30 11:11:11.770495: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
2270. Mar 30 11:11:11.770500: | del:
2271. Mar 30 11:11:11.770505: |
2272. Mar 30 11:11:11.770513: | complete v1 state transition with STF_IGNORE
2273. Mar 30 11:11:11.770522: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
2274. Mar 30 11:11:11.770532: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
2275. Mar 30 11:11:11.770537: | processing: STOP connection NULL (in process_md() at demux.c:384)
2276. Mar 30 11:11:14.693743: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2277. Mar 30 11:11:14.693858: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2278. Mar 30 11:11:14.693874: |   08 10 20 01  00 00 00 03  00 00 01 bc  55 78 c2 45
2279. Mar 30 11:11:14.693883: |   9c 23 55 75  5b a7 da ef  2a 26 9a 18  2d cc d2 92
2280. Mar 30 11:11:14.693891: |   46 25 e7 48  16 67 ac e8  cd 89 c8 3a  57 19 f1 71
2281. Mar 30 11:11:14.693898: |   70 25 44 73  18 97 98 75  9d a9 4f 31  f5 f3 59 e6
2282. Mar 30 11:11:14.693907: |   28 8c f4 da  21 9c d2 84  b3 7d 30 9a  0d d4 6c 48
2283. Mar 30 11:11:14.693914: |   0f 4a 77 ed  7f ed 80 9a  ad 77 1e 52  ec c7 ed d5
2284. Mar 30 11:11:14.693921: |   65 6f b5 12  69 30 23 60  20 22 c2 67  b4 88 80 95
2285. Mar 30 11:11:14.693929: |   bf 49 9c 8b  c6 87 85 41  f6 eb 55 f5  c5 f2 8b 2b
2286. Mar 30 11:11:14.693936: |   d5 e7 de 61  13 c9 7b 0c  2b 29 e1 0d  58 ee 4f 14
2287. Mar 30 11:11:14.693943: |   75 fe a0 14  36 25 34 ee  ba 85 81 e1  34 41 d3 e4
2288. Mar 30 11:11:14.693951: |   bc f2 6f 2d  ac 37 0d 30  9e 9b fd 6e  73 68 9c ed
2289. Mar 30 11:11:14.693958: |   7a c6 00 38  93 12 8d 0e  35 c7 24 3b  42 9d 37 98
2290. Mar 30 11:11:14.693966: |   07 a3 cc f8  5b d6 c5 ac  c8 da b4 6e  dc 80 44 99
2291. Mar 30 11:11:14.693973: |   29 4c 44 6b  e3 0d 79 4f  db fd 4b 97  ff 3a f1 e4
2292. Mar 30 11:11:14.693980: |   12 b5 75 2e  45 ea 31 ac  66 1e ba ff  e7 4f 0d 4d
2293. Mar 30 11:11:14.693988: |   97 a2 c4 9e  74 e0 50 be  df d1 2a 7a  ef 48 df 95
2294. Mar 30 11:11:14.693995: |   86 83 25 c5  6d 66 69 a2  f2 2f aa 73  40 05 f8 2a
2295. Mar 30 11:11:14.694001: |   9a f5 d4 bd  53 77 65 95  07 af 9b ea  aa a4 d8 4b
2296. Mar 30 11:11:14.694009: |   5b 79 e8 c0  6a a3 30 90  46 55 40 33  6a 9b ec 1b
2297. Mar 30 11:11:14.694017: |   b4 be 37 4b  11 92 d7 62  07 c4 50 8a  3e 64 6a a9
2298. Mar 30 11:11:14.694024: |   9f 83 2f 2b  35 d6 97 f3  e6 5d 58 11  e6 e4 f7 9f
2299. Mar 30 11:11:14.694031: |   cf 02 6e f5  f6 84 34 07  05 8c fa 24  bf 8a ae 6b
2300. Mar 30 11:11:14.694038: |   38 7d ee 54  5b 50 22 40  6c 68 4c 5d  54 66 2e d1
2301. Mar 30 11:11:14.694045: |   b8 fa ca 63  f7 e8 54 05  f2 82 7d 72  38 0d fc fc
2302. Mar 30 11:11:14.694052: |   ea 5f 4a 5d  41 57 93 a3  e2 a8 75 19  fb 9e c9 a5
2303. Mar 30 11:11:14.694059: |   56 d7 61 71  d9 8f 7b 80  5f b4 c5 27  86 d9 a6 81
2304. Mar 30 11:11:14.694066: |   33 c3 b9 0d  5b 25 df 2a  c7 f6 9c 41
2305. Mar 30 11:11:14.694081: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2306. Mar 30 11:11:14.694096: | **parse ISAKMP Message:
2307. Mar 30 11:11:14.694110: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2308. Mar 30 11:11:14.694122: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2309. Mar 30 11:11:14.694131: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2310. Mar 30 11:11:14.694140: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2311. Mar 30 11:11:14.694163: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
2312. Mar 30 11:11:14.694206: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2313. Mar 30 11:11:14.694225: |    Message ID: 3 (00 00 00 03)
2314. Mar 30 11:11:14.694245: |    length: 444 (00 00 01 bc)
2315. Mar 30 11:11:14.694254: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
2316. Mar 30 11:11:14.694267: | State DB: IKEv1 state not found (find_state_ikev1)
2317. Mar 30 11:11:14.694276: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
2318. Mar 30 11:11:14.694294: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
2319. Mar 30 11:11:14.694387: | #3 is idle
2320. Mar 30 11:11:14.694410: | #3 idle
2321. Mar 30 11:11:14.694423: | received encrypted packet from 93.46.124.104:4500
2322. Mar 30 11:11:14.694465: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
2323. Mar 30 11:11:14.694489: | ***parse ISAKMP Hash Payload:
2324. Mar 30 11:11:14.694504: |    next payload type: ISAKMP_NEXT_SA (0x1)
2325. Mar 30 11:11:14.694513: |    length: 24 (00 18)
2326. Mar 30 11:11:14.694521: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
2327. Mar 30 11:11:14.694530: | ***parse ISAKMP Security Association Payload:
2328. Mar 30 11:11:14.694537: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
2329. Mar 30 11:11:14.694562: |    length: 280 (01 18)
2330. Mar 30 11:11:14.694580: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2331. Mar 30 11:11:14.694597: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
2332. Mar 30 11:11:14.694606: | ***parse ISAKMP Nonce Payload:
2333. Mar 30 11:11:14.694612: |    next payload type: ISAKMP_NEXT_ID (0x5)
2334. Mar 30 11:11:14.694670: |    length: 52 (00 34)
2335. Mar 30 11:11:14.694678: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
2336. Mar 30 11:11:14.694685: | ***parse ISAKMP Identification Payload (IPsec DOI):
2337. Mar 30 11:11:14.694690: |    next payload type: ISAKMP_NEXT_ID (0x5)
2338. Mar 30 11:11:14.694696: |    length: 12 (00 0c)
2339. Mar 30 11:11:14.694702: |    ID type: ID_IPV4_ADDR (0x1)
2340. Mar 30 11:11:14.694707: |    Protocol ID: 17 (11)
2341. Mar 30 11:11:14.694713: |    port: 1701 (06 a5)
2342. Mar 30 11:11:14.694719: |      obj:
2343. Mar 30 11:11:14.694724: |   c0 a8 01 65
2344. Mar 30 11:11:14.694729: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
2345. Mar 30 11:11:14.694735: | ***parse ISAKMP Identification Payload (IPsec DOI):
2346. Mar 30 11:11:14.694740: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
2347. Mar 30 11:11:14.694746: |    length: 12 (00 0c)
2348. Mar 30 11:11:14.694751: |    ID type: ID_IPV4_ADDR (0x1)
2349. Mar 30 11:11:14.694756: |    Protocol ID: 17 (11)
2350. Mar 30 11:11:14.694763: |    port: 1701 (06 a5)
2351. Mar 30 11:11:14.694768: |      obj:
2352. Mar 30 11:11:14.694773: |   33 9e 40 c9
2353. Mar 30 11:11:14.694778: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
2354. Mar 30 11:11:14.694784: | ***parse ISAKMP NAT-OA Payload:
2355. Mar 30 11:11:14.694789: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
2356. Mar 30 11:11:14.694795: |    length: 12 (00 0c)
2357. Mar 30 11:11:14.694800: |    ID type: ID_IPV4_ADDR (0x1)
2358. Mar 30 11:11:14.694805: |      obj:
2359. Mar 30 11:11:14.694809: |   c0 a8 01 65
2360. Mar 30 11:11:14.694815: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
2361. Mar 30 11:11:14.694820: | ***parse ISAKMP NAT-OA Payload:
2362. Mar 30 11:11:14.694825: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2363. Mar 30 11:11:14.694831: |    length: 12 (00 0c)
2364. Mar 30 11:11:14.694836: |    ID type: ID_IPV4_ADDR (0x1)
2365. Mar 30 11:11:14.694841: |      obj:
2366. Mar 30 11:11:14.694846: |   33 9e 40 c9
2367. Mar 30 11:11:14.694851: | removing 12 bytes of padding
2368. Mar 30 11:11:14.694908: | quick_inI1_outR1 HASH(1):
2369. Mar 30 11:11:14.694914: |   17 de d3 45  8a 31 6d 1e  0e c6 de a6  12 61 77 b2
2370. Mar 30 11:11:14.694919: |   fa 56 3c 1c
2371. Mar 30 11:11:14.695045: | received 'quick_inI1_outR1' message HASH(1) data ok
2372. Mar 30 11:11:14.695063: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
2373. Mar 30 11:11:14.695068: | ID address
2374. Mar 30 11:11:14.695073: |   c0 a8 01 65
2375. Mar 30 11:11:14.695083: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
2376. Mar 30 11:11:14.695092: | peer client is 192.168.1.101/32
2377. Mar 30 11:11:14.695115: | peer client protocol/port is 17/1701
2378. Mar 30 11:11:14.695121: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
2379. Mar 30 11:11:14.695126: | ID address
2380. Mar 30 11:11:14.695130: |   33 9e 40 c9
2381. Mar 30 11:11:14.695137: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
2382. Mar 30 11:11:14.695144: | our client is 51.158.64.201/32
2383. Mar 30 11:11:14.695149: | our client protocol/port is 17/1701
2384. Mar 30 11:11:14.695194: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
2385. Mar 30 11:11:14.695273: | find_client_connection starting with l2tp-psk
2386. Mar 30 11:11:14.695291: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
2387. Mar 30 11:11:14.695302: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
2388. Mar 30 11:11:14.695315: |    match_id a=192.168.1.101
2389. Mar 30 11:11:14.695323: |             b=192.168.1.101
2390. Mar 30 11:11:14.695329: |    results  matched
2391. Mar 30 11:11:14.695349: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
2392. Mar 30 11:11:14.695358: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
2393. Mar 30 11:11:14.695364: |   fc_try concluding with none [0]
2394. Mar 30 11:11:14.695369: |   fc_try l2tp-psk gives none
2395. Mar 30 11:11:14.695380: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
2396. Mar 30 11:11:14.695389: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
2397. Mar 30 11:11:14.695396: |    match_id a=192.168.1.101
2398. Mar 30 11:11:14.695402: |             b=(none)
2399. Mar 30 11:11:14.695407: |    results  matched
2400. Mar 30 11:11:14.695423: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
2401. Mar 30 11:11:14.695433: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
2402. Mar 30 11:11:14.695442: |    match_id a=192.168.1.101
2403. Mar 30 11:11:14.695448: |             b=(none)
2404. Mar 30 11:11:14.695455: |    results  matched
2405. Mar 30 11:11:14.695462: |   fc_try concluding with none [0]
2406. Mar 30 11:11:14.695473: |    match_id a=192.168.1.101
2407. Mar 30 11:11:14.695479: |             b=(none)
2408. Mar 30 11:11:14.695484: |    results  matched
2409. Mar 30 11:11:14.695501: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
2410. Mar 30 11:11:14.695511: |    match_id a=192.168.1.101
2411. Mar 30 11:11:14.695518: |             b=(none)
2412. Mar 30 11:11:14.695524: |    results  matched
2413. Mar 30 11:11:14.695530: |   fc_try_oppo concluding with none [0]
2414. Mar 30 11:11:14.695535: |   concluding with d = none
2415. Mar 30 11:11:14.695543: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
2416. Mar 30 11:11:14.695549: | client wildcard: no  port wildcard: no  virtual: no
2417. Mar 30 11:11:14.695556: | NAT-Traversal: received 2 NAT-OA.
2418. Mar 30 11:11:14.695564: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
2419. Mar 30 11:11:14.695570: | NAT-OA:
2420. Mar 30 11:11:14.695575: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
2421. Mar 30 11:11:14.695580: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
2422. Mar 30 11:11:14.695585: | NAT-Traversal: NAT-OA IP
2423. Mar 30 11:11:14.695590: |   c0 a8 01 65
2424. Mar 30 11:11:14.695597: | received NAT-OA: 192.168.1.101
2425. Mar 30 11:11:14.695609: | addref fd@NULL (in new_state() at state.c:555)
2426. Mar 30 11:11:14.695615: | creating state object #6 at 0x562b2d555bd8
2427. Mar 30 11:11:14.695622: | State DB: adding IKEv1 state #6 in UNDEFINED
2428. Mar 30 11:11:14.695644: | pstats #6 ikev1.ipsec started
2429. Mar 30 11:11:14.695655: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #6 for IPSEC SA
2430. Mar 30 11:11:14.695667: | #6 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
2431. Mar 30 11:11:14.695696: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
2432. Mar 30 11:11:14.695708: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
2433. Mar 30 11:11:14.695714: | switching MD.ST from #3 to CHILD #6; ulgh
2434. Mar 30 11:11:14.695721: | child state #6: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
2435. Mar 30 11:11:14.695728: | ****parse IPsec DOI SIT:
2436. Mar 30 11:11:14.695734: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
2437. Mar 30 11:11:14.695741: | ****parse ISAKMP Proposal Payload:
2438. Mar 30 11:11:14.695747: |    next payload type: ISAKMP_NEXT_P (0x2)
2439. Mar 30 11:11:14.695756: |    length: 56 (00 38)
2440. Mar 30 11:11:14.695762: |    proposal number: 1 (01)
2441. Mar 30 11:11:14.695767: |    protocol ID: PROTO_IPSEC_ESP (0x3)
2442. Mar 30 11:11:14.695773: |    SPI size: 4 (04)
2443. Mar 30 11:11:14.695778: |    number of transforms: 1 (01)
2444. Mar 30 11:11:14.695784: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
2445. Mar 30 11:11:14.695815: | SPI
2446. Mar 30 11:11:14.695821: |   02 7c 20 b8
2447. Mar 30 11:11:14.695827: | ****parse ISAKMP Proposal Payload:
2448. Mar 30 11:11:14.695834: |    next payload type: ISAKMP_NEXT_P (0x2)
2449. Mar 30 11:11:14.695840: |    length: 56 (00 38)
2450. Mar 30 11:11:14.695846: |    proposal number: 2 (02)
2451. Mar 30 11:11:14.695851: |    protocol ID: PROTO_IPSEC_ESP (0x3)
2452. Mar 30 11:11:14.695857: |    SPI size: 4 (04)
2453. Mar 30 11:11:14.695862: |    number of transforms: 1 (01)
2454. Mar 30 11:11:14.695869: | *****parse ISAKMP Transform Payload (ESP):
2455. Mar 30 11:11:14.695874: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2456. Mar 30 11:11:14.695880: |    length: 44 (00 2c)
2457. Mar 30 11:11:14.695885: |    ESP transform number: 1 (01)
2458. Mar 30 11:11:14.695891: |    ESP transform ID: ESP_AES (0xc)
2459. Mar 30 11:11:14.695898: | ******parse ISAKMP IPsec DOI attribute:
2460. Mar 30 11:11:14.695904: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
2461. Mar 30 11:11:14.695910: |    length/value: 4 (00 04)
2462. Mar 30 11:11:14.695916: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
2463. Mar 30 11:11:14.695923: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
2464. Mar 30 11:11:14.695928: | ******parse ISAKMP IPsec DOI attribute:
2465. Mar 30 11:11:14.695934: |    af+type: AF+KEY_LENGTH (0x8006)
2466. Mar 30 11:11:14.695940: |    length/value: 256 (01 00)
2467. Mar 30 11:11:14.695945: | ******parse ISAKMP IPsec DOI attribute:
2468. Mar 30 11:11:14.695950: |    af+type: AF+AUTH_ALGORITHM (0x8005)
2469. Mar 30 11:11:14.695956: |    length/value: 2 (00 02)
2470. Mar 30 11:11:14.695962: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
2471. Mar 30 11:11:14.695968: | ******parse ISAKMP IPsec DOI attribute:
2472. Mar 30 11:11:14.695973: |    af+type: AF+SA_LIFE_TYPE (0x8001)
2473. Mar 30 11:11:14.695979: |    length/value: 1 (00 01)
2474. Mar 30 11:11:14.695984: |    [1 is SA_LIFE_TYPE_SECONDS]
2475. Mar 30 11:11:14.695989: | ******parse ISAKMP IPsec DOI attribute:
2476. Mar 30 11:11:14.696120: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
2477. Mar 30 11:11:14.696132: |    length/value: 4 (00 04)
2478. Mar 30 11:11:14.696138: |    long duration: 3600
2479. Mar 30 11:11:14.696143: | ******parse ISAKMP IPsec DOI attribute:
2480. Mar 30 11:11:14.696149: |    af+type: AF+SA_LIFE_TYPE (0x8001)
2481. Mar 30 11:11:14.696155: |    length/value: 2 (00 02)
2482. Mar 30 11:11:14.696160: |    [2 is SA_LIFE_TYPE_KBYTES]
2483. Mar 30 11:11:14.696165: | ******parse ISAKMP IPsec DOI attribute:
2484. Mar 30 11:11:14.696170: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
2485. Mar 30 11:11:14.696176: |    length/value: 4 (00 04)
2486. Mar 30 11:11:14.696181: |    long duration: 250000
2487. Mar 30 11:11:14.696188: | ESP IPsec Transform verified; matches alg_info entry
2488. Mar 30 11:11:14.696202: | adding quick_outI1 KE work-order 8 for state #6
2489. Mar 30 11:11:14.696209: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5566a8
2490. Mar 30 11:11:14.696216: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6
2491. Mar 30 11:11:14.696226: | libevent_malloc: newref ptr-libevent@0x562b2d554758 size 128
2492. Mar 30 11:11:14.696279: | complete v1 state transition with STF_SUSPEND
2493. Mar 30 11:11:14.696295: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
2494. Mar 30 11:11:14.696302: | suspending state #6 and saving MD 0x562b2d551f08
2495. Mar 30 11:11:14.696307: | #6 is busy; has suspended MD 0x562b2d551f08
2496. Mar 30 11:11:14.696321: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
2497. Mar 30 11:11:14.696334: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
2498. Mar 30 11:11:14.696344: | processing: STOP connection NULL (in process_md() at demux.c:384)
2499. Mar 30 11:11:14.696345: | crypto helper 0 resuming
2500. Mar 30 11:11:14.696373: | crypto helper 0 starting work-order 8 for state #6
2501. Mar 30 11:11:14.696384: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 8
2502. Mar 30 11:11:14.696418: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 8 time elapsed 0.000036 seconds
2503. Mar 30 11:11:14.696426: | crypto helper 0 sending results from work-order 8 for state #6 to event queue
2504. Mar 30 11:11:14.696433: | scheduling resume sending helper answer for #6
2505. Mar 30 11:11:14.696443: | libevent_malloc: newref ptr-libevent@0x7f3a3c002f08 size 128
2506. Mar 30 11:11:14.696469: | crypto helper 0 waiting (nothing to do)
2507. Mar 30 11:11:14.696493: | processing resume sending helper answer for #6
2508. Mar 30 11:11:14.696511: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
2509. Mar 30 11:11:14.696519: | unsuspending #6 MD 0x562b2d551f08
2510. Mar 30 11:11:14.696525: | crypto helper 0 replies to request ID 8
2511. Mar 30 11:11:14.696530: | calling continuation function 0x562b2c27c390
2512. Mar 30 11:11:14.696536: | quick_inI1_outR1_cryptocontinue1 for #6: calculated ke+nonce, calculating DH
2513. Mar 30 11:11:14.696556: | **emit ISAKMP Message:
2514. Mar 30 11:11:14.696564: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2515. Mar 30 11:11:14.696572: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2516. Mar 30 11:11:14.696579: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2517. Mar 30 11:11:14.696585: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2518. Mar 30 11:11:14.696590: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
2519. Mar 30 11:11:14.696596: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2520. Mar 30 11:11:14.696603: |    Message ID: 3 (00 00 00 03)
2521. Mar 30 11:11:14.696609: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
2522. Mar 30 11:11:14.696615: | ***emit ISAKMP Hash Payload:
2523. Mar 30 11:11:14.696620: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2524. Mar 30 11:11:14.696626: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
2525. Mar 30 11:11:14.696632: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
2526. Mar 30 11:11:14.696638: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
2527. Mar 30 11:11:14.696644: | emitting length of ISAKMP Hash Payload: 24
2528. Mar 30 11:11:14.696649: | ***emit ISAKMP Security Association Payload:
2529. Mar 30 11:11:14.696654: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
2530. Mar 30 11:11:14.696659: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2531. Mar 30 11:11:14.696665: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
2532. Mar 30 11:11:14.696671: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
2533. Mar 30 11:11:14.696676: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
2534. Mar 30 11:11:14.696682: | ****parse IPsec DOI SIT:
2535. Mar 30 11:11:14.696687: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
2536. Mar 30 11:11:14.696693: | ****parse ISAKMP Proposal Payload:
2537. Mar 30 11:11:14.696698: |    next payload type: ISAKMP_NEXT_P (0x2)
2538. Mar 30 11:11:14.696715: |    length: 56 (00 38)
2539. Mar 30 11:11:14.696721: |    proposal number: 1 (01)
2540. Mar 30 11:11:14.696726: |    protocol ID: PROTO_IPSEC_ESP (0x3)
2541. Mar 30 11:11:14.696731: |    SPI size: 4 (04)
2542. Mar 30 11:11:14.696737: |    number of transforms: 1 (01)
2543. Mar 30 11:11:14.696742: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
2544. Mar 30 11:11:14.696747: | SPI
2545. Mar 30 11:11:14.696752: |   02 7c 20 b8
2546. Mar 30 11:11:14.696757: | ****parse ISAKMP Proposal Payload:
2547. Mar 30 11:11:14.696763: |    next payload type: ISAKMP_NEXT_P (0x2)
2548. Mar 30 11:11:14.696769: |    length: 56 (00 38)
2549. Mar 30 11:11:14.696774: |    proposal number: 2 (02)
2550. Mar 30 11:11:14.696779: |    protocol ID: PROTO_IPSEC_ESP (0x3)
2551. Mar 30 11:11:14.696785: |    SPI size: 4 (04)
2552. Mar 30 11:11:14.696790: |    number of transforms: 1 (01)
2553. Mar 30 11:11:14.696796: | *****parse ISAKMP Transform Payload (ESP):
2554. Mar 30 11:11:14.696801: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2555. Mar 30 11:11:14.696807: |    length: 44 (00 2c)
2556. Mar 30 11:11:14.696812: |    ESP transform number: 1 (01)
2557. Mar 30 11:11:14.696817: |    ESP transform ID: ESP_AES (0xc)
2558. Mar 30 11:11:14.696823: | ******parse ISAKMP IPsec DOI attribute:
2559. Mar 30 11:11:14.696829: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
2560. Mar 30 11:11:14.696834: |    length/value: 4 (00 04)
2561. Mar 30 11:11:14.696840: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
2562. Mar 30 11:11:14.696846: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
2563. Mar 30 11:11:14.696851: | ******parse ISAKMP IPsec DOI attribute:
2564. Mar 30 11:11:14.696856: |    af+type: AF+KEY_LENGTH (0x8006)
2565. Mar 30 11:11:14.696862: |    length/value: 256 (01 00)
2566. Mar 30 11:11:14.696868: | ******parse ISAKMP IPsec DOI attribute:
2567. Mar 30 11:11:14.696873: |    af+type: AF+AUTH_ALGORITHM (0x8005)
2568. Mar 30 11:11:14.696879: |    length/value: 2 (00 02)
2569. Mar 30 11:11:14.696884: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
2570. Mar 30 11:11:14.696889: | ******parse ISAKMP IPsec DOI attribute:
2571. Mar 30 11:11:14.696895: |    af+type: AF+SA_LIFE_TYPE (0x8001)
2572. Mar 30 11:11:14.696900: |    length/value: 1 (00 01)
2573. Mar 30 11:11:14.696905: |    [1 is SA_LIFE_TYPE_SECONDS]
2574. Mar 30 11:11:14.696911: | ******parse ISAKMP IPsec DOI attribute:
2575. Mar 30 11:11:14.696916: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
2576. Mar 30 11:11:14.696922: |    length/value: 4 (00 04)
2577. Mar 30 11:11:14.696927: |    long duration: 3600
2578. Mar 30 11:11:14.696932: | ******parse ISAKMP IPsec DOI attribute:
2579. Mar 30 11:11:14.696937: |    af+type: AF+SA_LIFE_TYPE (0x8001)
2580. Mar 30 11:11:14.696943: |    length/value: 2 (00 02)
2581. Mar 30 11:11:14.696982: |    [2 is SA_LIFE_TYPE_KBYTES]
2582. Mar 30 11:11:14.696988: | ******parse ISAKMP IPsec DOI attribute:
2583. Mar 30 11:11:14.696993: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
2584. Mar 30 11:11:14.696999: |    length/value: 4 (00 04)
2585. Mar 30 11:11:14.697004: |    long duration: 250000
2586. Mar 30 11:11:14.697010: | ESP IPsec Transform verified; matches alg_info entry
2587. Mar 30 11:11:14.697015: | ****emit IPsec DOI SIT:
2588. Mar 30 11:11:14.697020: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
2589. Mar 30 11:11:14.697026: | ****emit ISAKMP Proposal Payload:
2590. Mar 30 11:11:14.697031: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2591. Mar 30 11:11:14.697037: |    proposal number: 1 (01)
2592. Mar 30 11:11:14.697042: |    protocol ID: PROTO_IPSEC_ESP (0x3)
2593. Mar 30 11:11:14.697047: |    SPI size: 4 (04)
2594. Mar 30 11:11:14.697053: |    number of transforms: 1 (01)
2595. Mar 30 11:11:14.697058: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
2596. Mar 30 11:11:14.697133: | netlink_get_spi: allocated 0xd887d60a for esp.0@10.68.154.105
2597. Mar 30 11:11:14.697142: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
2598. Mar 30 11:11:14.697149: | SPI: d8 87 d6 0a
2599. Mar 30 11:11:14.697154: | *****emit ISAKMP Transform Payload (ESP):
2600. Mar 30 11:11:14.697159: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2601. Mar 30 11:11:14.697165: |    ESP transform number: 1 (01)
2602. Mar 30 11:11:14.697171: |    ESP transform ID: ESP_AES (0xc)
2603. Mar 30 11:11:14.697185: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
2604. Mar 30 11:11:14.697201: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
2605. Mar 30 11:11:14.697212: | attributes:
2606. Mar 30 11:11:14.697217: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
2607. Mar 30 11:11:14.697222: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
2608. Mar 30 11:11:14.697227: |   00 03 d0 90
2609. Mar 30 11:11:14.697232: | emitting length of ISAKMP Transform Payload (ESP): 44
2610. Mar 30 11:11:14.697244: | emitting length of ISAKMP Proposal Payload: 56
2611. Mar 30 11:11:14.697250: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
2612. Mar 30 11:11:14.697256: | emitting length of ISAKMP Security Association Payload: 68
2613. Mar 30 11:11:14.697261: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
2614. Mar 30 11:11:14.697271: "l2tp-psk"[4] 93.46.124.104 #6: responding to Quick Mode proposal {msgid:00000003}
2615. Mar 30 11:11:14.697286: "l2tp-psk"[4] 93.46.124.104 #6:     us: 10.68.154.105[51.158.64.201]:17/1701
2616. Mar 30 11:11:14.697297: "l2tp-psk"[4] 93.46.124.104 #6:   them: 93.46.124.104[192.168.1.101]:17/1701
2617. Mar 30 11:11:14.697303: | ***emit ISAKMP Nonce Payload:
2618. Mar 30 11:11:14.697308: |    next payload type: ISAKMP_NEXT_ID (0x5)
2619. Mar 30 11:11:14.697314: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
2620. Mar 30 11:11:14.697319: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
2621. Mar 30 11:11:14.697325: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
2622. Mar 30 11:11:14.697330: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
2623. Mar 30 11:11:14.697335: | Nr:
2624. Mar 30 11:11:14.697341: |   b3 ba ab 0b  9a 20 53 3c  e2 32 e4 49  04 d8 40 23
2625. Mar 30 11:11:14.697345: |   8a a4 52 32  75 09 ab d5  c6 1a 37 a7  a1 27 ab 75
2626. Mar 30 11:11:14.697351: | emitting length of ISAKMP Nonce Payload: 36
2627. Mar 30 11:11:14.697356: | ***emit ISAKMP Identification Payload (IPsec DOI):
2628. Mar 30 11:11:14.697361: |    next payload type: ISAKMP_NEXT_ID (0x5)
2629. Mar 30 11:11:14.697366: |    ID type: ID_IPV4_ADDR (0x1)
2630. Mar 30 11:11:14.697372: |    Protocol ID: 17 (11)
2631. Mar 30 11:11:14.697378: |    port: 1701 (06 a5)
2632. Mar 30 11:11:14.697384: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
2633. Mar 30 11:11:14.697390: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
2634. Mar 30 11:11:14.697395: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
2635. Mar 30 11:11:14.697401: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
2636. Mar 30 11:11:14.697407: | ID body: c0 a8 01 65
2637. Mar 30 11:11:14.697412: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
2638. Mar 30 11:11:14.697418: | ***emit ISAKMP Identification Payload (IPsec DOI):
2639. Mar 30 11:11:14.697423: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2640. Mar 30 11:11:14.697428: |    ID type: ID_IPV4_ADDR (0x1)
2641. Mar 30 11:11:14.697433: |    Protocol ID: 17 (11)
2642. Mar 30 11:11:14.697439: |    port: 1701 (06 a5)
2643. Mar 30 11:11:14.697444: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
2644. Mar 30 11:11:14.697450: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
2645. Mar 30 11:11:14.697456: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
2646. Mar 30 11:11:14.697462: | ID body: 33 9e 40 c9
2647. Mar 30 11:11:14.697467: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
2648. Mar 30 11:11:14.697534: | quick inR1 outI2 HASH(2):
2649. Mar 30 11:11:14.697542: |   f6 5a 92 55  b1 12 76 86  3b 98 fd c9  e6 f0 17 c1
2650. Mar 30 11:11:14.697546: |   66 7e 92 6a
2651. Mar 30 11:11:14.697552: | compute_proto_keymat: needed_len (after ESP enc)=32
2652. Mar 30 11:11:14.697557: | compute_proto_keymat: needed_len (after ESP auth)=52
2653. Mar 30 11:11:14.697684: | install_inbound_ipsec_sa() checking if we can route
2654. Mar 30 11:11:14.697693: | could_route called for l2tp-psk (kind=CK_INSTANCE)
2655. Mar 30 11:11:14.697700: | FOR_EACH_CONNECTION_... in route_owner
2656. Mar 30 11:11:14.697706: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2657. Mar 30 11:11:14.697711: |  conn l2tp-psk mark 0/00000000, 0/00000000
2658. Mar 30 11:11:14.697717: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2659. Mar 30 11:11:14.697722: |  conn xauth-psk mark 0/00000000, 0/00000000
2660. Mar 30 11:11:14.697728: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2661. Mar 30 11:11:14.697733: |  conn l2tp-psk mark 0/00000000, 0/00000000
2662. Mar 30 11:11:14.697743: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
2663. Mar 30 11:11:14.697749: |    routing is easy, or has resolvable near-conflict
2664. Mar 30 11:11:14.697754: | checking if this is a replacement state
2665. Mar 30 11:11:14.697760: |   st=0x562b2d555bd8 ost=0x562b2d5567b8 st->serialno=#6 ost->serialno=#5
2666. Mar 30 11:11:14.697768: "l2tp-psk"[4] 93.46.124.104 #6: keeping refhim=0 during rekey
2667. Mar 30 11:11:14.697773: | installing outgoing SA now as refhim=0
2668. Mar 30 11:11:14.697780: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
2669. Mar 30 11:11:14.697786: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
2670. Mar 30 11:11:14.697793: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
2671. Mar 30 11:11:14.697800: | setting IPsec SA replay-window to 32
2672. Mar 30 11:11:14.697806: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
2673. Mar 30 11:11:14.697813: | netlink: enabling transport mode
2674. Mar 30 11:11:14.697821: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
2675. Mar 30 11:11:14.697827: | XFRM: adding IPsec SA with reqid 16409
2676. Mar 30 11:11:14.697833: | netlink: setting IPsec SA replay-window to 32 using old-style req
2677. Mar 30 11:11:14.697840: | netlink: esp-hw-offload not set for IPsec SA
2678. Mar 30 11:11:14.697982: | netlink response for Add SA esp.27c20b8@93.46.124.104 included non-error error
2679. Mar 30 11:11:14.697994: | outgoing SA has refhim=0
2680. Mar 30 11:11:14.698003: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
2681. Mar 30 11:11:14.698010: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
2682. Mar 30 11:11:14.698018: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
2683. Mar 30 11:11:14.698027: | setting IPsec SA replay-window to 32
2684. Mar 30 11:11:14.698034: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
2685. Mar 30 11:11:14.698041: | netlink: enabling transport mode
2686. Mar 30 11:11:14.698050: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
2687. Mar 30 11:11:14.698092: | XFRM: adding IPsec SA with reqid 16409
2688. Mar 30 11:11:14.698100: | netlink: setting IPsec SA replay-window to 32 using old-style req
2689. Mar 30 11:11:14.698121: | netlink: esp-hw-offload not set for IPsec SA
2690. Mar 30 11:11:14.698197: | netlink response for Add SA esp.d887d60a@10.68.154.105 included non-error error
2691. Mar 30 11:11:14.698208: | emitting 8 zero bytes of encryption padding into ISAKMP Message
2692. Mar 30 11:11:14.698214: | no IKEv1 message padding required
2693. Mar 30 11:11:14.698219: | emitting length of ISAKMP Message: 188
2694. Mar 30 11:11:14.698249: | finished processing quick inI1
2695. Mar 30 11:11:14.698255: | complete v1 state transition with STF_OK
2696. Mar 30 11:11:14.698267: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
2697. Mar 30 11:11:14.698273: | #6 is idle
2698. Mar 30 11:11:14.698279: | doing_xauth:no, t_xauth_client_done:no
2699. Mar 30 11:11:14.698310: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
2700. Mar 30 11:11:14.698346: | child state #6: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
2701. Mar 30 11:11:14.698353: | event_already_set, deleting event
2702. Mar 30 11:11:14.698359: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted
2703. Mar 30 11:11:14.698368: | libevent_free: delref ptr-libevent@0x562b2d554758
2704. Mar 30 11:11:14.698375: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5566a8
2705. Mar 30 11:11:14.698387: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
2706. Mar 30 11:11:14.698413: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #6)
2707. Mar 30 11:11:14.698432: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
2708. Mar 30 11:11:14.698439: |   5d 82 98 78  08 10 20 01  00 00 00 03  00 00 00 bc
2709. Mar 30 11:11:14.698445: |   07 5c e7 d3  7f 48 dc f4  e6 30 27 53  be f8 89 78
2710. Mar 30 11:11:14.698452: |   c9 a2 82 13  48 96 a6 82  8c 18 9f b0  27 ba e9 0e
2711. Mar 30 11:11:14.698462: |   d2 cd 86 25  31 b0 ef 3f  42 a8 d0 b5  0b 02 cc 82
2712. Mar 30 11:11:14.698485: |   7a 83 32 f0  90 c2 d2 5e  df 3c 35 22  ad 3b 9f cf
2713. Mar 30 11:11:14.698491: |   ad a3 ff b4  3c e6 67 55  ff 3f 40 48  dc f6 6d 2d
2714. Mar 30 11:11:14.698498: |   4a fe 16 4b  c8 38 23 cb  ce 2f c1 69  a1 4a c5 92
2715. Mar 30 11:11:14.698505: |   5f a9 f4 bb  48 e0 aa e5  46 41 48 60  b9 5a 46 3b
2716. Mar 30 11:11:14.698510: |   05 0e b8 7f  20 ad 2c 2a  ad 1e 36 99  a7 07 b3 f3
2717. Mar 30 11:11:14.698529: |   62 06 8c 60  8d 5c a9 92  12 f3 bd 2e  a6 a8 4b e9
2718. Mar 30 11:11:14.698537: |   a9 60 7b 01  93 06 61 74  95 b4 33 de  9a 89 05 97
2719. Mar 30 11:11:14.698655: | !event_already_set at reschedule
2720. Mar 30 11:11:14.698679: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d5566a8
2721. Mar 30 11:11:14.698687: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6
2722. Mar 30 11:11:14.698694: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
2723. Mar 30 11:11:14.698706: | #6 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5633.123906
2724. Mar 30 11:11:14.698714: | pstats #6 ikev1.ipsec established
2725. Mar 30 11:11:14.698728: | NAT-T: NAT Traversal detected - their IKE port is '500'
2726. Mar 30 11:11:14.698738: | NAT-T: encaps is 'yes'
2727. Mar 30 11:11:14.698753: "l2tp-psk"[4] 93.46.124.104 #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x027c20b8 <0xd887d60a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
2728. Mar 30 11:11:14.698762: | modecfg pull: noquirk policy:push not-client
2729. Mar 30 11:11:14.698768: | phase 1 is done, looking for phase 2 to unpend
2730. Mar 30 11:11:14.698774: | releasing #6's fd-fd@(nil) because IKEv1 transitions finished
2731. Mar 30 11:11:14.698780: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
2732. Mar 30 11:11:14.698790: | resume sending helper answer for #6 suppresed complete_v1_state_transition()
2733. Mar 30 11:11:14.698807: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
2734. Mar 30 11:11:14.698814: | libevent_free: delref ptr-libevent@0x7f3a3c002f08
2735. Mar 30 11:11:14.739188: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2736. Mar 30 11:11:14.739247: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2737. Mar 30 11:11:14.739252: |   08 10 20 01  00 00 00 03  00 00 00 3c  71 43 bd d7
2738. Mar 30 11:11:14.739258: |   5f 81 01 7d  14 63 a6 a6  3e 5b c5 9a  ce 18 3a 23
2739. Mar 30 11:11:14.739263: |   e3 d9 72 a6  80 4e 5b 21  85 e5 33 b6
2740. Mar 30 11:11:14.739274: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2741. Mar 30 11:11:14.739284: | **parse ISAKMP Message:
2742. Mar 30 11:11:14.739294: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2743. Mar 30 11:11:14.739302: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2744. Mar 30 11:11:14.739308: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2745. Mar 30 11:11:14.739314: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2746. Mar 30 11:11:14.739346: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
2747. Mar 30 11:11:14.739353: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2748. Mar 30 11:11:14.739361: |    Message ID: 3 (00 00 00 03)
2749. Mar 30 11:11:14.739368: |    length: 60 (00 00 00 3c)
2750. Mar 30 11:11:14.739375: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
2751. Mar 30 11:11:14.739386: | State DB: found IKEv1 state #6 in QUICK_R1 (find_state_ikev1)
2752. Mar 30 11:11:14.739400: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
2753. Mar 30 11:11:14.739409: | #6 is idle
2754. Mar 30 11:11:14.739416: | #6 idle
2755. Mar 30 11:11:14.739426: | received encrypted packet from 93.46.124.104:4500
2756. Mar 30 11:11:14.739497: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
2757. Mar 30 11:11:14.739509: | ***parse ISAKMP Hash Payload:
2758. Mar 30 11:11:14.739516: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2759. Mar 30 11:11:14.739554: |    length: 24 (00 18)
2760. Mar 30 11:11:14.739562: | removing 8 bytes of padding
2761. Mar 30 11:11:14.739630: | quick_inI2 HASH(3):
2762. Mar 30 11:11:14.739642: |   d9 4e f8 02  72 ef 9f 6e  8b 10 dc 1f  6f b4 a9 ea
2763. Mar 30 11:11:14.739649: |   81 98 8c 00
2764. Mar 30 11:11:14.739658: | received 'quick_inI2' message HASH(3) data ok
2765. Mar 30 11:11:14.739674: | install_ipsec_sa() for #6: outbound only
2766. Mar 30 11:11:14.739683: | could_route called for l2tp-psk (kind=CK_INSTANCE)
2767. Mar 30 11:11:14.739691: | FOR_EACH_CONNECTION_... in route_owner
2768. Mar 30 11:11:14.739699: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2769. Mar 30 11:11:14.739706: |  conn l2tp-psk mark 0/00000000, 0/00000000
2770. Mar 30 11:11:14.739712: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2771. Mar 30 11:11:14.739721: |  conn xauth-psk mark 0/00000000, 0/00000000
2772. Mar 30 11:11:14.739728: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2773. Mar 30 11:11:14.739769: |  conn l2tp-psk mark 0/00000000, 0/00000000
2774. Mar 30 11:11:14.739785: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
2775. Mar 30 11:11:14.739810: | sr for #6: erouted
2776. Mar 30 11:11:14.739820: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
2777. Mar 30 11:11:14.739829: | FOR_EACH_CONNECTION_... in route_owner
2778. Mar 30 11:11:14.739836: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2779. Mar 30 11:11:14.739844: |  conn l2tp-psk mark 0/00000000, 0/00000000
2780. Mar 30 11:11:14.739863: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2781. Mar 30 11:11:14.739873: |  conn xauth-psk mark 0/00000000, 0/00000000
2782. Mar 30 11:11:14.739880: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
2783. Mar 30 11:11:14.739887: |  conn l2tp-psk mark 0/00000000, 0/00000000
2784. Mar 30 11:11:14.739898: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
2785. Mar 30 11:11:14.739924: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #6
2786. Mar 30 11:11:14.739934: | we are replacing an eroute
2787. Mar 30 11:11:14.739942: | priority calculation of connection "l2tp-psk" is 0x15bfbf
2788. Mar 30 11:11:14.739966: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.27c20b8@93.46.124.104>esp.27c20b8@93.46.124.104 using reqid 16409 (raw_eroute)
2789. Mar 30 11:11:14.739992: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
2790. Mar 30 11:11:14.740084: | netlink_raw_eroute: using host address instead of client subnet
2791. Mar 30 11:11:14.740100: | IPsec Sa SPD priority set to 1425343
2792. Mar 30 11:11:14.740169: | raw_eroute result=success
2793. Mar 30 11:11:14.740182: | route_and_eroute: firewall_notified: true
2794. Mar 30 11:11:14.740195: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #6 (was #5) (newest_ipsec_sa=#5)
2795. Mar 30 11:11:14.740214: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #6 (was #5) (spd.eroute=#6) cloned from #3
2796. Mar 30 11:11:14.740224: | DPD: dpd_init() called on IPsec SA
2797. Mar 30 11:11:14.740231: | DPD: Peer does not support Dead Peer Detection
2798. Mar 30 11:11:14.740239: | complete v1 state transition with STF_OK
2799. Mar 30 11:11:14.740343: | [RE]START processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
2800. Mar 30 11:11:14.740359: | #6 is idle
2801. Mar 30 11:11:14.740377: | doing_xauth:no, t_xauth_client_done:no
2802. Mar 30 11:11:14.740397: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
2803. Mar 30 11:11:14.740441: | child state #6: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
2804. Mar 30 11:11:14.740454: | event_already_set, deleting event
2805. Mar 30 11:11:14.740462: | state #6 requesting EVENT_RETRANSMIT to be deleted
2806. Mar 30 11:11:14.740470: | #6 STATE_QUICK_R2: retransmits: cleared
2807. Mar 30 11:11:14.740490: | libevent_free: delref ptr-libevent@0x562b2d551528
2808. Mar 30 11:11:14.740501: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d5566a8
2809. Mar 30 11:11:14.740509: | !event_already_set at reschedule
2810. Mar 30 11:11:14.740519: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554998
2811. Mar 30 11:11:14.740530: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #6
2812. Mar 30 11:11:14.740542: | libevent_malloc: newref ptr-libevent@0x562b2d554878 size 128
2813. Mar 30 11:11:14.740552: | pstats #6 ikev1.ipsec established
2814. Mar 30 11:11:14.740567: | NAT-T: NAT Traversal detected - their IKE port is '500'
2815. Mar 30 11:11:14.740574: | NAT-T: encaps is 'yes'
2816. Mar 30 11:11:14.740591: "l2tp-psk"[4] 93.46.124.104 #6: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x027c20b8 <0xd887d60a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
2817. Mar 30 11:11:14.740601: | modecfg pull: noquirk policy:push not-client
2818. Mar 30 11:11:14.740609: | phase 1 is done, looking for phase 2 to unpend
2819. Mar 30 11:11:14.740616: | releasing #6's fd-fd@(nil) because IKEv1 transitions finished
2820. Mar 30 11:11:14.740624: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
2821. Mar 30 11:11:14.740660: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
2822. Mar 30 11:11:14.740681: | stop processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
2823. Mar 30 11:11:14.740692: | processing: STOP connection NULL (in process_md() at demux.c:384)
2824. Mar 30 11:11:14.740760: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2825. Mar 30 11:11:14.740777: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2826. Mar 30 11:11:14.740784: |   08 10 05 01  29 3d 26 c9  00 00 00 4c  70 ab 38 56
2827. Mar 30 11:11:14.740790: |   0e b7 e1 d8  80 37 0d 18  99 d0 8a b7  0d 58 80 d6
2828. Mar 30 11:11:14.740797: |   c1 91 c4 f5  9e 77 c7 da  12 22 08 bd  19 96 39 c3
2829. Mar 30 11:11:14.740804: |   ca 96 4f c1  43 5e 06 4d  80 1a 22 87
2830. Mar 30 11:11:14.740816: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2831. Mar 30 11:11:14.740828: | **parse ISAKMP Message:
2832. Mar 30 11:11:14.740840: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2833. Mar 30 11:11:14.740850: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2834. Mar 30 11:11:14.740858: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2835. Mar 30 11:11:14.740865: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2836. Mar 30 11:11:14.740872: |    exchange type: ISAKMP_XCHG_INFO (0x5)
2837. Mar 30 11:11:14.740879: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2838. Mar 30 11:11:14.740889: |    Message ID: 691873481 (29 3d 26 c9)
2839. Mar 30 11:11:14.740899: |    length: 76 (00 00 00 4c)
2840. Mar 30 11:11:14.740907: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
2841. Mar 30 11:11:14.740919: | peer and cookies match on #6; msgid=00000000 st_msgid=00000003 st_v1_msgid.phase15=00000000
2842. Mar 30 11:11:14.740927: | peer and cookies match on #5; msgid=00000000 st_msgid=00000002 st_v1_msgid.phase15=00000000
2843. Mar 30 11:11:14.740935: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
2844. Mar 30 11:11:14.740942: | p15 state object #3 found, in STATE_MAIN_R3
2845. Mar 30 11:11:14.740951: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
2846. Mar 30 11:11:14.740986: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
2847. Mar 30 11:11:14.741048: | #3 is idle
2848. Mar 30 11:11:14.741060: | #3 idle
2849. Mar 30 11:11:14.741070: | received encrypted packet from 93.46.124.104:4500
2850. Mar 30 11:11:14.741107: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
2851. Mar 30 11:11:14.741118: | ***parse ISAKMP Hash Payload:
2852. Mar 30 11:11:14.741125: |    next payload type: ISAKMP_NEXT_D (0xc)
2853. Mar 30 11:11:14.741133: |    length: 24 (00 18)
2854. Mar 30 11:11:14.741141: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
2855. Mar 30 11:11:14.741149: | ***parse ISAKMP Delete Payload:
2856. Mar 30 11:11:14.741157: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2857. Mar 30 11:11:14.741166: |    length: 16 (00 10)
2858. Mar 30 11:11:14.741173: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2859. Mar 30 11:11:14.741180: |    protocol ID: 3 (03)
2860. Mar 30 11:11:14.741187: |    SPI size: 4 (04)
2861. Mar 30 11:11:14.741194: |    number of SPIs: 1 (00 01)
2862. Mar 30 11:11:14.741200: | removing 8 bytes of padding
2863. Mar 30 11:11:14.741257: | informational HASH(1):
2864. Mar 30 11:11:14.741267: |   91 b9 90 c7  fb ce 48 c4  bd bf c0 b2  95 55 7c 2f
2865. Mar 30 11:11:14.741273: |   f9 ff f1 a5
2866. Mar 30 11:11:14.741280: | received 'informational' message HASH(1) data ok
2867. Mar 30 11:11:14.741288: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
2868. Mar 30 11:11:14.741296: | SPI
2869. Mar 30 11:11:14.741302: |   7d 0c 02 4c
2870. Mar 30 11:11:14.741309: | FOR_EACH_STATE_... in find_phase2_state_to_delete
2871. Mar 30 11:11:14.741325: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
2872. Mar 30 11:11:14.741339: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x7d0c024c) payload: deleting IPsec State #5
2873. Mar 30 11:11:14.741350: | pstats #5 ikev1.ipsec deleted completed
2874. Mar 30 11:11:14.741364: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
2875. Mar 30 11:11:14.741377: | start processing: state #5 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
2876. Mar 30 11:11:14.741392: "l2tp-psk"[4] 93.46.124.104 #5: deleting other state #5 (STATE_QUICK_R2) aged 3.014s and sending notification
2877. Mar 30 11:11:14.741401: | child state #5: QUICK_R2(established CHILD SA) => delete
2878. Mar 30 11:11:14.741415: | get_sa_info esp.7d0c024c@93.46.124.104
2879. Mar 30 11:11:14.741475: | get_sa_info esp.36fdd548@10.68.154.105
2880. Mar 30 11:11:14.741505: "l2tp-psk"[4] 93.46.124.104 #5: ESP traffic information: in=0B out=0B
2881. Mar 30 11:11:14.741517: | unsuspending #5 MD (nil)
2882. Mar 30 11:11:14.741527: | #5 send IKEv1 delete notification for STATE_QUICK_R2
2883. Mar 30 11:11:14.741536: | FOR_EACH_STATE_... in find_phase1_state
2884. Mar 30 11:11:14.741555: | **emit ISAKMP Message:
2885. Mar 30 11:11:14.741568: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2886. Mar 30 11:11:14.741578: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2887. Mar 30 11:11:14.741585: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2888. Mar 30 11:11:14.741592: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2889. Mar 30 11:11:14.741600: |    exchange type: ISAKMP_XCHG_INFO (0x5)
2890. Mar 30 11:11:14.741608: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2891. Mar 30 11:11:14.741618: |    Message ID: 1248724098 (4a 6e 04 82)
2892. Mar 30 11:11:14.741625: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
2893. Mar 30 11:11:14.741634: | ***emit ISAKMP Hash Payload:
2894. Mar 30 11:11:14.741641: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2895. Mar 30 11:11:14.741648: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
2896. Mar 30 11:11:14.741656: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
2897. Mar 30 11:11:14.741665: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
2898. Mar 30 11:11:14.741672: | emitting length of ISAKMP Hash Payload: 24
2899. Mar 30 11:11:14.741680: | ***emit ISAKMP Delete Payload:
2900. Mar 30 11:11:14.741687: |    next payload type: ISAKMP_NEXT_NONE (0x0)
2901. Mar 30 11:11:14.741712: |    DOI: ISAKMP_DOI_IPSEC (0x1)
2902. Mar 30 11:11:14.741722: |    protocol ID: 3 (03)
2903. Mar 30 11:11:14.741729: |    SPI size: 4 (04)
2904. Mar 30 11:11:14.741738: |    number of SPIs: 1 (00 01)
2905. Mar 30 11:11:14.741777: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
2906. Mar 30 11:11:14.741790: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
2907. Mar 30 11:11:14.741800: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
2908. Mar 30 11:11:14.741809: | delete payload: 36 fd d5 48
2909. Mar 30 11:11:14.741817: | emitting length of ISAKMP Delete Payload: 16
2910. Mar 30 11:11:14.741872: | send delete HASH(1):
2911. Mar 30 11:11:14.741886: |   44 2b 94 5d  a0 62 38 37  3a 74 6c ed  ba f3 f9 04
2912. Mar 30 11:11:14.741893: |   60 10 68 01
2913. Mar 30 11:11:14.741915: | emitting 8 zero bytes of encryption padding into ISAKMP Message
2914. Mar 30 11:11:14.741926: | no IKEv1 message padding required
2915. Mar 30 11:11:14.741933: | emitting length of ISAKMP Message: 76
2916. Mar 30 11:11:14.741969: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
2917. Mar 30 11:11:14.741982: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
2918. Mar 30 11:11:14.742031: |   5d 82 98 78  08 10 05 01  4a 6e 04 82  00 00 00 4c
2919. Mar 30 11:11:14.742044: |   91 62 77 30  0f f8 fd bd  31 c4 95 d0  c8 77 b4 ae
2920. Mar 30 11:11:14.742050: |   98 1d 96 25  b4 20 34 e0  00 92 4f ee  e3 f3 9c 5a
2921. Mar 30 11:11:14.742056: |   53 94 15 d5  b1 45 ff bd  c5 bd a0 cb  6b 8e a0 d7
2922. Mar 30 11:11:14.742217: | state #5 requesting EVENT_SA_EXPIRE to be deleted
2923. Mar 30 11:11:14.742242: | libevent_free: delref ptr-libevent@0x562b2d5545b8
2924. Mar 30 11:11:14.742250: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554928
2925. Mar 30 11:11:14.742263: | delete esp.7d0c024c@93.46.124.104
2926. Mar 30 11:11:14.742271: | XFRM: deleting IPsec SA with reqid 0
2927. Mar 30 11:11:14.742343: | netlink response for Del SA esp.7d0c024c@93.46.124.104 included non-error error
2928. Mar 30 11:11:14.742369: | delete esp.36fdd548@10.68.154.105
2929. Mar 30 11:11:14.742377: | XFRM: deleting IPsec SA with reqid 0
2930. Mar 30 11:11:14.742413: | netlink response for Del SA esp.36fdd548@10.68.154.105 included non-error error
2931. Mar 30 11:11:14.742436: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
2932. Mar 30 11:11:14.742444: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
2933. Mar 30 11:11:14.742450: | in connection_discard for connection l2tp-psk
2934. Mar 30 11:11:14.742454: | connection is instance
2935. Mar 30 11:11:14.742460: | not in pending use
2936. Mar 30 11:11:14.742466: | State DB: found state #6 in QUICK_R2 (connection_discard)
2937. Mar 30 11:11:14.742471: | states still using this connection instance, retaining
2938. Mar 30 11:11:14.742477: | State DB: deleting IKEv1 state #5 in QUICK_R2
2939. Mar 30 11:11:14.742488: | child state #5: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
2940. Mar 30 11:11:14.742495: | releasing #5's fd-fd@(nil) because deleting state
2941. Mar 30 11:11:14.742501: | delref fdp@NULL (in delete_state() at state.c:1185)
2942. Mar 30 11:11:14.742511: | stop processing: state #5 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
2943. Mar 30 11:11:14.742522: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
2944. Mar 30 11:11:14.742537: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
2945. Mar 30 11:11:14.742543: | del:
2946. Mar 30 11:11:14.742548: |
2947. Mar 30 11:11:14.742559: | complete v1 state transition with STF_IGNORE
2948. Mar 30 11:11:14.742570: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
2949. Mar 30 11:11:14.742582: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
2950. Mar 30 11:11:14.742588: | processing: STOP connection NULL (in process_md() at demux.c:384)
2951. Mar 30 11:11:18.713508: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
2952. Mar 30 11:11:18.713554: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
2953. Mar 30 11:11:18.713561: |   08 10 20 01  00 00 00 04  00 00 01 bc  32 0f f1 79
2954. Mar 30 11:11:18.713567: |   46 4e b6 7e  6e 6e 16 c0  95 b7 d1 63  da 74 cf a3
2955. Mar 30 11:11:18.713573: |   ec 5c d6 78  a1 4f f8 a9  50 20 15 ed  f1 86 09 62
2956. Mar 30 11:11:18.713579: |   d6 5a 45 59  8f 60 57 07  d5 5a 97 17  b9 98 fb d8
2957. Mar 30 11:11:18.713584: |   f5 dc 6c 04  30 00 fe 92  73 b2 6e 9e  71 73 9b ad
2958. Mar 30 11:11:18.713590: |   6f f2 66 72  74 41 73 e7  f6 02 ec f5  4a 04 8d 89
2959. Mar 30 11:11:18.713595: |   4a 3f 89 15  2b ac e1 ae  39 fb 4f 30  1f c4 5e 46
2960. Mar 30 11:11:18.713601: |   df b2 b1 cd  62 7b a0 48  6e 07 8c c3  2d e7 62 ed
2961. Mar 30 11:11:18.713606: |   48 93 6d 09  97 65 9e 2f  c4 1d bf 93  9f 65 12 73
2962. Mar 30 11:11:18.713611: |   c6 2a b1 e5  5c 60 f8 3a  03 87 ad 79  4e 30 21 ff
2963. Mar 30 11:11:18.713617: |   8e b3 1b 66  e1 02 f3 9e  a8 14 27 2b  95 51 9d e9
2964. Mar 30 11:11:18.713622: |   6b b3 e4 f9  e5 47 11 ac  f8 b3 85 7f  cc 46 5a 1c
2965. Mar 30 11:11:18.713628: |   1e 0d 96 5b  c4 24 4f 9f  38 18 68 09  1a 5b ab 98
2966. Mar 30 11:11:18.713633: |   ea d8 cb 63  38 96 79 85  bb ee 56 a9  50 43 af 06
2967. Mar 30 11:11:18.713638: |   67 e2 cf f9  5e 0c cc 15  05 24 1d 59  c1 c6 14 fa
2968. Mar 30 11:11:18.713643: |   fb b1 58 cf  7c 2c b0 2b  94 15 64 3e  79 27 70 0d
2969. Mar 30 11:11:18.713649: |   f4 81 8e fa  4c e6 05 f4  e7 1b e6 13  5a 0a 2c 87
2970. Mar 30 11:11:18.713654: |   79 3c b3 a9  91 6c f2 9b  54 29 7f 57  e3 62 62 eb
2971. Mar 30 11:11:18.713659: |   ea e7 d3 74  28 7c 5c ab  d8 c2 bc 25  14 b0 8e 70
2972. Mar 30 11:11:18.713665: |   c1 5d 8a ed  7c 3b 7c e7  07 9d c8 ef  19 c8 9b 9f
2973. Mar 30 11:11:18.713670: |   3a 84 f5 40  7b b4 f7 21  96 ff 50 47  7f d4 7e 7d
2974. Mar 30 11:11:18.713675: |   42 0c 05 81  5a 75 3b 4e  9d 29 df ce  3c 56 84 2b
2975. Mar 30 11:11:18.713680: |   27 47 a1 b7  0f 8e 8f f1  b5 83 c3 a9  f5 30 b9 59
2976. Mar 30 11:11:18.713686: |   bd f6 f2 6c  a3 ac 6d 41  af 58 aa 1f  26 4f 6c 8b
2977. Mar 30 11:11:18.713691: |   89 a3 7a 8d  5f 58 52 22  51 70 51 f3  fc 5f 10 48
2978. Mar 30 11:11:18.713696: |   95 b2 7c d3  c2 9f cd 17  34 c4 7e ad  aa 52 ad 23
2979. Mar 30 11:11:18.713701: |   7e e3 a0 02  f5 5e 59 ef  7d c6 bb 94
2980. Mar 30 11:11:18.713713: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
2981. Mar 30 11:11:18.713723: | **parse ISAKMP Message:
2982. Mar 30 11:11:18.713733: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
2983. Mar 30 11:11:18.713742: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
2984. Mar 30 11:11:18.713748: |    next payload type: ISAKMP_NEXT_HASH (0x8)
2985. Mar 30 11:11:18.713754: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
2986. Mar 30 11:11:18.713761: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
2987. Mar 30 11:11:18.713768: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
2988. Mar 30 11:11:18.713776: |    Message ID: 4 (00 00 00 04)
2989. Mar 30 11:11:18.713784: |    length: 444 (00 00 01 bc)
2990. Mar 30 11:11:18.713791: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
2991. Mar 30 11:11:18.713819: | State DB: IKEv1 state not found (find_state_ikev1)
2992. Mar 30 11:11:18.713828: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
2993. Mar 30 11:11:18.713842: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
2994. Mar 30 11:11:18.713889: | #3 is idle
2995. Mar 30 11:11:18.713895: | #3 idle
2996. Mar 30 11:11:18.713907: | received encrypted packet from 93.46.124.104:4500
2997. Mar 30 11:11:18.713948: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
2998. Mar 30 11:11:18.713971: | ***parse ISAKMP Hash Payload:
2999. Mar 30 11:11:18.713980: |    next payload type: ISAKMP_NEXT_SA (0x1)
3000. Mar 30 11:11:18.713991: |    length: 24 (00 18)
3001. Mar 30 11:11:18.713999: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
3002. Mar 30 11:11:18.714009: | ***parse ISAKMP Security Association Payload:
3003. Mar 30 11:11:18.714021: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
3004. Mar 30 11:11:18.714060: |    length: 280 (01 18)
3005. Mar 30 11:11:18.714071: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3006. Mar 30 11:11:18.714080: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
3007. Mar 30 11:11:18.714089: | ***parse ISAKMP Nonce Payload:
3008. Mar 30 11:11:18.714097: |    next payload type: ISAKMP_NEXT_ID (0x5)
3009. Mar 30 11:11:18.714114: |    length: 52 (00 34)
3010. Mar 30 11:11:18.714122: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
3011. Mar 30 11:11:18.714132: | ***parse ISAKMP Identification Payload (IPsec DOI):
3012. Mar 30 11:11:18.714140: |    next payload type: ISAKMP_NEXT_ID (0x5)
3013. Mar 30 11:11:18.714148: |    length: 12 (00 0c)
3014. Mar 30 11:11:18.714154: |    ID type: ID_IPV4_ADDR (0x1)
3015. Mar 30 11:11:18.714160: |    Protocol ID: 17 (11)
3016. Mar 30 11:11:18.714167: |    port: 1701 (06 a5)
3017. Mar 30 11:11:18.714172: |      obj:
3018. Mar 30 11:11:18.714178: |   c0 a8 01 65
3019. Mar 30 11:11:18.714184: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
3020. Mar 30 11:11:18.714190: | ***parse ISAKMP Identification Payload (IPsec DOI):
3021. Mar 30 11:11:18.714196: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
3022. Mar 30 11:11:18.714202: |    length: 12 (00 0c)
3023. Mar 30 11:11:18.714208: |    ID type: ID_IPV4_ADDR (0x1)
3024. Mar 30 11:11:18.714214: |    Protocol ID: 17 (11)
3025. Mar 30 11:11:18.714220: |    port: 1701 (06 a5)
3026. Mar 30 11:11:18.714226: |      obj:
3027. Mar 30 11:11:18.714231: |   33 9e 40 c9
3028. Mar 30 11:11:18.714237: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
3029. Mar 30 11:11:18.714244: | ***parse ISAKMP NAT-OA Payload:
3030. Mar 30 11:11:18.714249: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
3031. Mar 30 11:11:18.714256: |    length: 12 (00 0c)
3032. Mar 30 11:11:18.714261: |    ID type: ID_IPV4_ADDR (0x1)
3033. Mar 30 11:11:18.714267: |      obj:
3034. Mar 30 11:11:18.714272: |   c0 a8 01 65
3035. Mar 30 11:11:18.714278: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
3036. Mar 30 11:11:18.714284: | ***parse ISAKMP NAT-OA Payload:
3037. Mar 30 11:11:18.714290: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3038. Mar 30 11:11:18.714296: |    length: 12 (00 0c)
3039. Mar 30 11:11:18.714302: |    ID type: ID_IPV4_ADDR (0x1)
3040. Mar 30 11:11:18.714307: |      obj:
3041. Mar 30 11:11:18.714313: |   33 9e 40 c9
3042. Mar 30 11:11:18.714318: | removing 12 bytes of padding
3043. Mar 30 11:11:18.714373: | quick_inI1_outR1 HASH(1):
3044. Mar 30 11:11:18.714379: |   a6 ad 83 48  bf 32 ea 94  71 f8 ba a7  7f 22 d5 1d
3045. Mar 30 11:11:18.714385: |   0f e6 99 84
3046. Mar 30 11:11:18.714391: | received 'quick_inI1_outR1' message HASH(1) data ok
3047. Mar 30 11:11:18.714403: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
3048. Mar 30 11:11:18.714409: | ID address
3049. Mar 30 11:11:18.714414: |   c0 a8 01 65
3050. Mar 30 11:11:18.714424: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
3051. Mar 30 11:11:18.714433: | peer client is 192.168.1.101/32
3052. Mar 30 11:11:18.714439: | peer client protocol/port is 17/1701
3053. Mar 30 11:11:18.714445: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
3054. Mar 30 11:11:18.714450: | ID address
3055. Mar 30 11:11:18.714455: |   33 9e 40 c9
3056. Mar 30 11:11:18.714463: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
3057. Mar 30 11:11:18.714470: | our client is 51.158.64.201/32
3058. Mar 30 11:11:18.714476: | our client protocol/port is 17/1701
3059. Mar 30 11:11:18.714490: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
3060. Mar 30 11:11:18.714498: | find_client_connection starting with l2tp-psk
3061. Mar 30 11:11:18.714508: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
3062. Mar 30 11:11:18.714518: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
3063. Mar 30 11:11:18.714527: |    match_id a=192.168.1.101
3064. Mar 30 11:11:18.714534: |             b=192.168.1.101
3065. Mar 30 11:11:18.714539: |    results  matched
3066. Mar 30 11:11:18.714555: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
3067. Mar 30 11:11:18.714582: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
3068. Mar 30 11:11:18.714588: |   fc_try concluding with none [0]
3069. Mar 30 11:11:18.714594: |   fc_try l2tp-psk gives none
3070. Mar 30 11:11:18.714605: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
3071. Mar 30 11:11:18.714615: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
3072. Mar 30 11:11:18.714623: |    match_id a=192.168.1.101
3073. Mar 30 11:11:18.714629: |             b=(none)
3074. Mar 30 11:11:18.714634: |    results  matched
3075. Mar 30 11:11:18.714649: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
3076. Mar 30 11:11:18.714658: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
3077. Mar 30 11:11:18.714666: |    match_id a=192.168.1.101
3078. Mar 30 11:11:18.714671: |             b=(none)
3079. Mar 30 11:11:18.714676: |    results  matched
3080. Mar 30 11:11:18.714682: |   fc_try concluding with none [0]
3081. Mar 30 11:11:18.714689: |    match_id a=192.168.1.101
3082. Mar 30 11:11:18.714694: |             b=(none)
3083. Mar 30 11:11:18.714699: |    results  matched
3084. Mar 30 11:11:18.714713: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
3085. Mar 30 11:11:18.714720: |    match_id a=192.168.1.101
3086. Mar 30 11:11:18.714726: |             b=(none)
3087. Mar 30 11:11:18.714731: |    results  matched
3088. Mar 30 11:11:18.714736: |   fc_try_oppo concluding with none [0]
3089. Mar 30 11:11:18.714742: |   concluding with d = none
3090. Mar 30 11:11:18.714750: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
3091. Mar 30 11:11:18.714756: | client wildcard: no  port wildcard: no  virtual: no
3092. Mar 30 11:11:18.714763: | NAT-Traversal: received 2 NAT-OA.
3093. Mar 30 11:11:18.714771: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
3094. Mar 30 11:11:18.714777: | NAT-OA:
3095. Mar 30 11:11:18.714782: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
3096. Mar 30 11:11:18.714788: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
3097. Mar 30 11:11:18.714794: | NAT-Traversal: NAT-OA IP
3098. Mar 30 11:11:18.714799: |   c0 a8 01 65
3099. Mar 30 11:11:18.714806: | received NAT-OA: 192.168.1.101
3100. Mar 30 11:11:18.714817: | addref fd@NULL (in new_state() at state.c:555)
3101. Mar 30 11:11:18.714823: | creating state object #7 at 0x562b2d556758
3102. Mar 30 11:11:18.714830: | State DB: adding IKEv1 state #7 in UNDEFINED
3103. Mar 30 11:11:18.714839: | pstats #7 ikev1.ipsec started
3104. Mar 30 11:11:18.714847: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #7 for IPSEC SA
3105. Mar 30 11:11:18.714857: | #7 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
3106. Mar 30 11:11:18.714870: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
3107. Mar 30 11:11:18.714881: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
3108. Mar 30 11:11:18.714887: | switching MD.ST from #3 to CHILD #7; ulgh
3109. Mar 30 11:11:18.714894: | child state #7: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
3110. Mar 30 11:11:18.714901: | ****parse IPsec DOI SIT:
3111. Mar 30 11:11:18.714908: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3112. Mar 30 11:11:18.714915: | ****parse ISAKMP Proposal Payload:
3113. Mar 30 11:11:18.714920: |    next payload type: ISAKMP_NEXT_P (0x2)
3114. Mar 30 11:11:18.715030: |    length: 56 (00 38)
3115. Mar 30 11:11:18.715040: |    proposal number: 1 (01)
3116. Mar 30 11:11:18.715046: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3117. Mar 30 11:11:18.715052: |    SPI size: 4 (04)
3118. Mar 30 11:11:18.715058: |    number of transforms: 1 (01)
3119. Mar 30 11:11:18.715065: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
3120. Mar 30 11:11:18.715070: | SPI
3121. Mar 30 11:11:18.715075: |   5a ad 8c 94
3122. Mar 30 11:11:18.715081: | ****parse ISAKMP Proposal Payload:
3123. Mar 30 11:11:18.715096: |    next payload type: ISAKMP_NEXT_P (0x2)
3124. Mar 30 11:11:18.715103: |    length: 56 (00 38)
3125. Mar 30 11:11:18.715109: |    proposal number: 2 (02)
3126. Mar 30 11:11:18.715115: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3127. Mar 30 11:11:18.715121: |    SPI size: 4 (04)
3128. Mar 30 11:11:18.715127: |    number of transforms: 1 (01)
3129. Mar 30 11:11:18.715133: | *****parse ISAKMP Transform Payload (ESP):
3130. Mar 30 11:11:18.715139: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3131. Mar 30 11:11:18.715146: |    length: 44 (00 2c)
3132. Mar 30 11:11:18.715152: |    ESP transform number: 1 (01)
3133. Mar 30 11:11:18.715157: |    ESP transform ID: ESP_AES (0xc)
3134. Mar 30 11:11:18.715165: | ******parse ISAKMP IPsec DOI attribute:
3135. Mar 30 11:11:18.715171: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
3136. Mar 30 11:11:18.715177: |    length/value: 4 (00 04)
3137. Mar 30 11:11:18.715184: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
3138. Mar 30 11:11:18.715191: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
3139. Mar 30 11:11:18.715197: | ******parse ISAKMP IPsec DOI attribute:
3140. Mar 30 11:11:18.715203: |    af+type: AF+KEY_LENGTH (0x8006)
3141. Mar 30 11:11:18.715210: |    length/value: 256 (01 00)
3142. Mar 30 11:11:18.715216: | ******parse ISAKMP IPsec DOI attribute:
3143. Mar 30 11:11:18.715221: |    af+type: AF+AUTH_ALGORITHM (0x8005)
3144. Mar 30 11:11:18.715228: |    length/value: 2 (00 02)
3145. Mar 30 11:11:18.715234: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
3146. Mar 30 11:11:18.715240: | ******parse ISAKMP IPsec DOI attribute:
3147. Mar 30 11:11:18.715246: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3148. Mar 30 11:11:18.715252: |    length/value: 1 (00 01)
3149. Mar 30 11:11:18.715258: |    [1 is SA_LIFE_TYPE_SECONDS]
3150. Mar 30 11:11:18.715264: | ******parse ISAKMP IPsec DOI attribute:
3151. Mar 30 11:11:18.715270: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3152. Mar 30 11:11:18.715276: |    length/value: 4 (00 04)
3153. Mar 30 11:11:18.715282: |    long duration: 3600
3154. Mar 30 11:11:18.715288: | ******parse ISAKMP IPsec DOI attribute:
3155. Mar 30 11:11:18.715294: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3156. Mar 30 11:11:18.715300: |    length/value: 2 (00 02)
3157. Mar 30 11:11:18.715306: |    [2 is SA_LIFE_TYPE_KBYTES]
3158. Mar 30 11:11:18.715311: | ******parse ISAKMP IPsec DOI attribute:
3159. Mar 30 11:11:18.715317: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3160. Mar 30 11:11:18.715323: |    length/value: 4 (00 04)
3161. Mar 30 11:11:18.715329: |    long duration: 250000
3162. Mar 30 11:11:18.715336: | ESP IPsec Transform verified; matches alg_info entry
3163. Mar 30 11:11:18.715349: | adding quick_outI1 KE work-order 9 for state #7
3164. Mar 30 11:11:18.715357: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
3165. Mar 30 11:11:18.715364: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7
3166. Mar 30 11:11:18.715373: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
3167. Mar 30 11:11:18.715391: | complete v1 state transition with STF_SUSPEND
3168. Mar 30 11:11:18.715403: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
3169. Mar 30 11:11:18.715409: | suspending state #7 and saving MD 0x562b2d551f08
3170. Mar 30 11:11:18.715415: | #7 is busy; has suspended MD 0x562b2d551f08
3171. Mar 30 11:11:18.715427: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
3172. Mar 30 11:11:18.715437: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
3173. Mar 30 11:11:18.715444: | processing: STOP connection NULL (in process_md() at demux.c:384)
3174. Mar 30 11:11:18.715467: | crypto helper 1 resuming
3175. Mar 30 11:11:18.715476: | crypto helper 1 starting work-order 9 for state #7
3176. Mar 30 11:11:18.715483: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 9
3177. Mar 30 11:11:18.715516: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 9 time elapsed 0.000024 seconds
3178. Mar 30 11:11:18.715547: | crypto helper 1 sending results from work-order 9 for state #7 to event queue
3179. Mar 30 11:11:18.715556: | scheduling resume sending helper answer for #7
3180. Mar 30 11:11:18.715585: | libevent_malloc: newref ptr-libevent@0x7f3a440020b8 size 128
3181. Mar 30 11:11:18.715602: | crypto helper 1 waiting (nothing to do)
3182. Mar 30 11:11:18.715622: | processing resume sending helper answer for #7
3183. Mar 30 11:11:18.715635: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
3184. Mar 30 11:11:18.715643: | unsuspending #7 MD 0x562b2d551f08
3185. Mar 30 11:11:18.715649: | crypto helper 1 replies to request ID 9
3186. Mar 30 11:11:18.715654: | calling continuation function 0x562b2c27c390
3187. Mar 30 11:11:18.715660: | quick_inI1_outR1_cryptocontinue1 for #7: calculated ke+nonce, calculating DH
3188. Mar 30 11:11:18.715678: | **emit ISAKMP Message:
3189. Mar 30 11:11:18.715687: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3190. Mar 30 11:11:18.715695: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3191. Mar 30 11:11:18.715701: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3192. Mar 30 11:11:18.715706: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3193. Mar 30 11:11:18.715712: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
3194. Mar 30 11:11:18.715718: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3195. Mar 30 11:11:18.715726: |    Message ID: 4 (00 00 00 04)
3196. Mar 30 11:11:18.715732: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
3197. Mar 30 11:11:18.715739: | ***emit ISAKMP Hash Payload:
3198. Mar 30 11:11:18.715744: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3199. Mar 30 11:11:18.715751: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
3200. Mar 30 11:11:18.715757: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
3201. Mar 30 11:11:18.715764: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
3202. Mar 30 11:11:18.715769: | emitting length of ISAKMP Hash Payload: 24
3203. Mar 30 11:11:18.715775: | ***emit ISAKMP Security Association Payload:
3204. Mar 30 11:11:18.715781: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
3205. Mar 30 11:11:18.715787: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3206. Mar 30 11:11:18.715793: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
3207. Mar 30 11:11:18.715799: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
3208. Mar 30 11:11:18.715805: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
3209. Mar 30 11:11:18.715811: | ****parse IPsec DOI SIT:
3210. Mar 30 11:11:18.715817: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3211. Mar 30 11:11:18.715824: | ****parse ISAKMP Proposal Payload:
3212. Mar 30 11:11:18.715829: |    next payload type: ISAKMP_NEXT_P (0x2)
3213. Mar 30 11:11:18.715836: |    length: 56 (00 38)
3214. Mar 30 11:11:18.715842: |    proposal number: 1 (01)
3215. Mar 30 11:11:18.715847: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3216. Mar 30 11:11:18.715854: |    SPI size: 4 (04)
3217. Mar 30 11:11:18.715860: |    number of transforms: 1 (01)
3218. Mar 30 11:11:18.715866: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
3219. Mar 30 11:11:18.715871: | SPI
3220. Mar 30 11:11:18.715876: |   5a ad 8c 94
3221. Mar 30 11:11:18.715882: | ****parse ISAKMP Proposal Payload:
3222. Mar 30 11:11:18.715888: |    next payload type: ISAKMP_NEXT_P (0x2)
3223. Mar 30 11:11:18.715894: |    length: 56 (00 38)
3224. Mar 30 11:11:18.715901: |    proposal number: 2 (02)
3225. Mar 30 11:11:18.715906: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3226. Mar 30 11:11:18.715912: |    SPI size: 4 (04)
3227. Mar 30 11:11:18.715918: |    number of transforms: 1 (01)
3228. Mar 30 11:11:18.715925: | *****parse ISAKMP Transform Payload (ESP):
3229. Mar 30 11:11:18.715930: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3230. Mar 30 11:11:18.715937: |    length: 44 (00 2c)
3231. Mar 30 11:11:18.715943: |    ESP transform number: 1 (01)
3232. Mar 30 11:11:18.715948: |    ESP transform ID: ESP_AES (0xc)
3233. Mar 30 11:11:18.715955: | ******parse ISAKMP IPsec DOI attribute:
3234. Mar 30 11:11:18.715960: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
3235. Mar 30 11:11:18.715974: |    length/value: 4 (00 04)
3236. Mar 30 11:11:18.715981: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
3237. Mar 30 11:11:18.715987: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
3238. Mar 30 11:11:18.716058: | ******parse ISAKMP IPsec DOI attribute:
3239. Mar 30 11:11:18.716070: |    af+type: AF+KEY_LENGTH (0x8006)
3240. Mar 30 11:11:18.716076: |    length/value: 256 (01 00)
3241. Mar 30 11:11:18.716082: | ******parse ISAKMP IPsec DOI attribute:
3242. Mar 30 11:11:18.716088: |    af+type: AF+AUTH_ALGORITHM (0x8005)
3243. Mar 30 11:11:18.716094: |    length/value: 2 (00 02)
3244. Mar 30 11:11:18.716100: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
3245. Mar 30 11:11:18.716106: | ******parse ISAKMP IPsec DOI attribute:
3246. Mar 30 11:11:18.716112: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3247. Mar 30 11:11:18.716118: |    length/value: 1 (00 01)
3248. Mar 30 11:11:18.716124: |    [1 is SA_LIFE_TYPE_SECONDS]
3249. Mar 30 11:11:18.716130: | ******parse ISAKMP IPsec DOI attribute:
3250. Mar 30 11:11:18.716135: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3251. Mar 30 11:11:18.716142: |    length/value: 4 (00 04)
3252. Mar 30 11:11:18.716148: |    long duration: 3600
3253. Mar 30 11:11:18.716153: | ******parse ISAKMP IPsec DOI attribute:
3254. Mar 30 11:11:18.716159: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3255. Mar 30 11:11:18.716165: |    length/value: 2 (00 02)
3256. Mar 30 11:11:18.716171: |    [2 is SA_LIFE_TYPE_KBYTES]
3257. Mar 30 11:11:18.716177: | ******parse ISAKMP IPsec DOI attribute:
3258. Mar 30 11:11:18.716182: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3259. Mar 30 11:11:18.716189: |    length/value: 4 (00 04)
3260. Mar 30 11:11:18.716228: |    long duration: 250000
3261. Mar 30 11:11:18.716245: | ESP IPsec Transform verified; matches alg_info entry
3262. Mar 30 11:11:18.716254: | ****emit IPsec DOI SIT:
3263. Mar 30 11:11:18.716263: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3264. Mar 30 11:11:18.716278: | ****emit ISAKMP Proposal Payload:
3265. Mar 30 11:11:18.716298: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3266. Mar 30 11:11:18.716308: |    proposal number: 1 (01)
3267. Mar 30 11:11:18.716317: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3268. Mar 30 11:11:18.716327: |    SPI size: 4 (04)
3269. Mar 30 11:11:18.716338: |    number of transforms: 1 (01)
3270. Mar 30 11:11:18.716348: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
3271. Mar 30 11:11:18.716399: | netlink_get_spi: allocated 0xff264c8d for esp.0@10.68.154.105
3272. Mar 30 11:11:18.716409: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
3273. Mar 30 11:11:18.716416: | SPI: ff 26 4c 8d
3274. Mar 30 11:11:18.716422: | *****emit ISAKMP Transform Payload (ESP):
3275. Mar 30 11:11:18.716427: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3276. Mar 30 11:11:18.716434: |    ESP transform number: 1 (01)
3277. Mar 30 11:11:18.716439: |    ESP transform ID: ESP_AES (0xc)
3278. Mar 30 11:11:18.716445: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
3279. Mar 30 11:11:18.716452: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
3280. Mar 30 11:11:18.716458: | attributes:
3281. Mar 30 11:11:18.716464: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
3282. Mar 30 11:11:18.716470: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
3283. Mar 30 11:11:18.716475: |   00 03 d0 90
3284. Mar 30 11:11:18.716481: | emitting length of ISAKMP Transform Payload (ESP): 44
3285. Mar 30 11:11:18.716486: | emitting length of ISAKMP Proposal Payload: 56
3286. Mar 30 11:11:18.716492: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
3287. Mar 30 11:11:18.716498: | emitting length of ISAKMP Security Association Payload: 68
3288. Mar 30 11:11:18.716504: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
3289. Mar 30 11:11:18.716516: "l2tp-psk"[4] 93.46.124.104 #7: responding to Quick Mode proposal {msgid:00000004}
3290. Mar 30 11:11:18.716531: "l2tp-psk"[4] 93.46.124.104 #7:     us: 10.68.154.105[51.158.64.201]:17/1701
3291. Mar 30 11:11:18.716543: "l2tp-psk"[4] 93.46.124.104 #7:   them: 93.46.124.104[192.168.1.101]:17/1701
3292. Mar 30 11:11:18.716560: | ***emit ISAKMP Nonce Payload:
3293. Mar 30 11:11:18.716566: |    next payload type: ISAKMP_NEXT_ID (0x5)
3294. Mar 30 11:11:18.716573: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
3295. Mar 30 11:11:18.716579: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
3296. Mar 30 11:11:18.716613: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
3297. Mar 30 11:11:18.716636: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
3298. Mar 30 11:11:18.716644: | Nr:
3299. Mar 30 11:11:18.716651: |   a7 fa 3a 8d  65 06 12 c7  e7 61 d8 ab  97 0c eb 11
3300. Mar 30 11:11:18.716675: |   7f 3a 03 f5  77 ab 71 f7  de a9 2d 6d  55 ed 59 04
3301. Mar 30 11:11:18.716682: | emitting length of ISAKMP Nonce Payload: 36
3302. Mar 30 11:11:18.716690: | ***emit ISAKMP Identification Payload (IPsec DOI):
3303. Mar 30 11:11:18.716699: |    next payload type: ISAKMP_NEXT_ID (0x5)
3304. Mar 30 11:11:18.716708: |    ID type: ID_IPV4_ADDR (0x1)
3305. Mar 30 11:11:18.716717: |    Protocol ID: 17 (11)
3306. Mar 30 11:11:18.716728: |    port: 1701 (06 a5)
3307. Mar 30 11:11:18.716735: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
3308. Mar 30 11:11:18.716743: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
3309. Mar 30 11:11:18.716765: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
3310. Mar 30 11:11:18.716780: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
3311. Mar 30 11:11:18.716812: | ID body: c0 a8 01 65
3312. Mar 30 11:11:18.716819: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
3313. Mar 30 11:11:18.716826: | ***emit ISAKMP Identification Payload (IPsec DOI):
3314. Mar 30 11:11:18.716835: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3315. Mar 30 11:11:18.716842: |    ID type: ID_IPV4_ADDR (0x1)
3316. Mar 30 11:11:18.716852: |    Protocol ID: 17 (11)
3317. Mar 30 11:11:18.716862: |    port: 1701 (06 a5)
3318. Mar 30 11:11:18.716871: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
3319. Mar 30 11:11:18.716878: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
3320. Mar 30 11:11:18.716889: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
3321. Mar 30 11:11:18.716897: | ID body: 33 9e 40 c9
3322. Mar 30 11:11:18.716904: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
3323. Mar 30 11:11:18.716977: | quick inR1 outI2 HASH(2):
3324. Mar 30 11:11:18.716991: |   ed b1 3a 1d  81 1d 7f 64  d2 7f 14 57  6a c6 5e bb
3325. Mar 30 11:11:18.716997: |   4d 07 cf b5
3326. Mar 30 11:11:18.717005: | compute_proto_keymat: needed_len (after ESP enc)=32
3327. Mar 30 11:11:18.717012: | compute_proto_keymat: needed_len (after ESP auth)=52
3328. Mar 30 11:11:18.717182: | install_inbound_ipsec_sa() checking if we can route
3329. Mar 30 11:11:18.717202: | could_route called for l2tp-psk (kind=CK_INSTANCE)
3330. Mar 30 11:11:18.717212: | FOR_EACH_CONNECTION_... in route_owner
3331. Mar 30 11:11:18.717221: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3332. Mar 30 11:11:18.717229: |  conn l2tp-psk mark 0/00000000, 0/00000000
3333. Mar 30 11:11:18.717237: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3334. Mar 30 11:11:18.717245: |  conn xauth-psk mark 0/00000000, 0/00000000
3335. Mar 30 11:11:18.717252: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3336. Mar 30 11:11:18.717258: |  conn l2tp-psk mark 0/00000000, 0/00000000
3337. Mar 30 11:11:18.717271: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
3338. Mar 30 11:11:18.717277: |    routing is easy, or has resolvable near-conflict
3339. Mar 30 11:11:18.717284: | checking if this is a replacement state
3340. Mar 30 11:11:18.717305: |   st=0x562b2d556758 ost=0x562b2d555bd8 st->serialno=#7 ost->serialno=#6
3341. Mar 30 11:11:18.717314: "l2tp-psk"[4] 93.46.124.104 #7: keeping refhim=0 during rekey
3342. Mar 30 11:11:18.717320: | installing outgoing SA now as refhim=0
3343. Mar 30 11:11:18.717328: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
3344. Mar 30 11:11:18.717335: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
3345. Mar 30 11:11:18.717341: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
3346. Mar 30 11:11:18.717350: | setting IPsec SA replay-window to 32
3347. Mar 30 11:11:18.717356: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
3348. Mar 30 11:11:18.717364: | netlink: enabling transport mode
3349. Mar 30 11:11:18.717373: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
3350. Mar 30 11:11:18.717380: | XFRM: adding IPsec SA with reqid 16409
3351. Mar 30 11:11:18.717386: | netlink: setting IPsec SA replay-window to 32 using old-style req
3352. Mar 30 11:11:18.717392: | netlink: esp-hw-offload not set for IPsec SA
3353. Mar 30 11:11:18.717519: | netlink response for Add SA esp.5aad8c94@93.46.124.104 included non-error error
3354. Mar 30 11:11:18.717530: | outgoing SA has refhim=0
3355. Mar 30 11:11:18.717536: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
3356. Mar 30 11:11:18.717542: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
3357. Mar 30 11:11:18.717548: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
3358. Mar 30 11:11:18.717556: | setting IPsec SA replay-window to 32
3359. Mar 30 11:11:18.717562: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
3360. Mar 30 11:11:18.717568: | netlink: enabling transport mode
3361. Mar 30 11:11:18.717576: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
3362. Mar 30 11:11:18.717582: | XFRM: adding IPsec SA with reqid 16409
3363. Mar 30 11:11:18.717588: | netlink: setting IPsec SA replay-window to 32 using old-style req
3364. Mar 30 11:11:18.717593: | netlink: esp-hw-offload not set for IPsec SA
3365. Mar 30 11:11:18.717657: | netlink response for Add SA esp.ff264c8d@10.68.154.105 included non-error error
3366. Mar 30 11:11:18.717668: | emitting 8 zero bytes of encryption padding into ISAKMP Message
3367. Mar 30 11:11:18.717675: | no IKEv1 message padding required
3368. Mar 30 11:11:18.717680: | emitting length of ISAKMP Message: 188
3369. Mar 30 11:11:18.717708: | finished processing quick inI1
3370. Mar 30 11:11:18.717716: | complete v1 state transition with STF_OK
3371. Mar 30 11:11:18.717729: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
3372. Mar 30 11:11:18.717735: | #7 is idle
3373. Mar 30 11:11:18.717742: | doing_xauth:no, t_xauth_client_done:no
3374. Mar 30 11:11:18.717749: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
3375. Mar 30 11:11:18.717757: | child state #7: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
3376. Mar 30 11:11:18.717763: | event_already_set, deleting event
3377. Mar 30 11:11:18.717769: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted
3378. Mar 30 11:11:18.717778: | libevent_free: delref ptr-libevent@0x562b2d5545b8
3379. Mar 30 11:11:18.717785: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d555938
3380. Mar 30 11:11:18.717795: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
3381. Mar 30 11:11:18.717810: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #7)
3382. Mar 30 11:11:18.717816: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
3383. Mar 30 11:11:18.717822: |   5d 82 98 78  08 10 20 01  00 00 00 04  00 00 00 bc
3384. Mar 30 11:11:18.717827: |   97 c5 5f a8  dc 88 3a 87  1c 46 f8 60  e0 93 4e 9c
3385. Mar 30 11:11:18.717832: |   f1 d7 a8 c2  9e 7d 11 46  be 12 ff a9  cb 30 a2 f7
3386. Mar 30 11:11:18.717837: |   ed 9e d7 65  bb 5a 87 0a  e7 0b 54 a9  70 5c cc c4
3387. Mar 30 11:11:18.717843: |   1b 42 fe 1c  f6 81 2f 91  29 45 10 42  b7 4a 26 05
3388. Mar 30 11:11:18.717848: |   0e 1f 18 4d  bf 2c ba 36  39 1b 01 02  c8 4d f9 b9
3389. Mar 30 11:11:18.717865: |   1b 98 a1 5c  f5 fd c4 94  82 e8 6f 58  7e 91 0d d6
3390. Mar 30 11:11:18.717871: |   71 fc 13 6e  6f 4b 0a 01  26 57 f9 89  61 49 a9 6b
3391. Mar 30 11:11:18.717876: |   ae 8f f4 37  23 53 d7 42  c8 bc 09 86  4e 97 09 93
3392. Mar 30 11:11:18.717881: |   d9 b4 40 d0  f1 cc c7 8a  11 b1 84 9d  55 0b 9e b7
3393. Mar 30 11:11:18.717887: |   32 10 70 58  62 75 b3 76  4d cf 77 a7  5d b0 f9 7a
3394. Mar 30 11:11:18.717977: | !event_already_set at reschedule
3395. Mar 30 11:11:18.717990: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d555938
3396. Mar 30 11:11:18.717998: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7
3397. Mar 30 11:11:18.718025: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
3398. Mar 30 11:11:18.718060: | #7 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5637.143219
3399. Mar 30 11:11:18.718074: | pstats #7 ikev1.ipsec established
3400. Mar 30 11:11:18.718095: | NAT-T: NAT Traversal detected - their IKE port is '500'
3401. Mar 30 11:11:18.718104: | NAT-T: encaps is 'yes'
3402. Mar 30 11:11:18.718119: "l2tp-psk"[4] 93.46.124.104 #7: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x5aad8c94 <0xff264c8d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
3403. Mar 30 11:11:18.718126: | modecfg pull: noquirk policy:push not-client
3404. Mar 30 11:11:18.718132: | phase 1 is done, looking for phase 2 to unpend
3405. Mar 30 11:11:18.718138: | releasing #7's fd-fd@(nil) because IKEv1 transitions finished
3406. Mar 30 11:11:18.718144: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
3407. Mar 30 11:11:18.718153: | resume sending helper answer for #7 suppresed complete_v1_state_transition()
3408. Mar 30 11:11:18.718170: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
3409. Mar 30 11:11:18.718178: | libevent_free: delref ptr-libevent@0x7f3a440020b8
3410. Mar 30 11:11:18.792225: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
3411. Mar 30 11:11:18.792272: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
3412. Mar 30 11:11:18.792281: |   08 10 20 01  00 00 00 04  00 00 00 3c  cb d5 3a e9
3413. Mar 30 11:11:18.792288: |   52 c6 37 1a  2d 44 27 d6  b3 b4 7e c3  35 14 5c 70
3414. Mar 30 11:11:18.792295: |   a7 64 e4 9c  fc 53 3e d9  ba 14 ea 3e
3415. Mar 30 11:11:18.792307: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
3416. Mar 30 11:11:18.792319: | **parse ISAKMP Message:
3417. Mar 30 11:11:18.792330: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3418. Mar 30 11:11:18.792340: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3419. Mar 30 11:11:18.792348: |    next payload type: ISAKMP_NEXT_HASH (0x8)
3420. Mar 30 11:11:18.792356: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3421. Mar 30 11:11:18.792363: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
3422. Mar 30 11:11:18.792371: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3423. Mar 30 11:11:18.792381: |    Message ID: 4 (00 00 00 04)
3424. Mar 30 11:11:18.792390: |    length: 60 (00 00 00 3c)
3425. Mar 30 11:11:18.792398: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
3426. Mar 30 11:11:18.792409: | State DB: found IKEv1 state #7 in QUICK_R1 (find_state_ikev1)
3427. Mar 30 11:11:18.792425: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
3428. Mar 30 11:11:18.792433: | #7 is idle
3429. Mar 30 11:11:18.792439: | #7 idle
3430. Mar 30 11:11:18.792448: | received encrypted packet from 93.46.124.104:4500
3431. Mar 30 11:11:18.792503: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
3432. Mar 30 11:11:18.792513: | ***parse ISAKMP Hash Payload:
3433. Mar 30 11:11:18.792520: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3434. Mar 30 11:11:18.792528: |    length: 24 (00 18)
3435. Mar 30 11:11:18.792534: | removing 8 bytes of padding
3436. Mar 30 11:11:18.792590: | quick_inI2 HASH(3):
3437. Mar 30 11:11:18.792599: |   cb ad 1f 73  37 1b 91 1c  9b 8a 57 97  9f 94 63 84
3438. Mar 30 11:11:18.792605: |   f4 3e 40 32
3439. Mar 30 11:11:18.792612: | received 'quick_inI2' message HASH(3) data ok
3440. Mar 30 11:11:18.792644: | install_ipsec_sa() for #7: outbound only
3441. Mar 30 11:11:18.792653: | could_route called for l2tp-psk (kind=CK_INSTANCE)
3442. Mar 30 11:11:18.792661: | FOR_EACH_CONNECTION_... in route_owner
3443. Mar 30 11:11:18.792669: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3444. Mar 30 11:11:18.792676: |  conn l2tp-psk mark 0/00000000, 0/00000000
3445. Mar 30 11:11:18.792683: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3446. Mar 30 11:11:18.792690: |  conn xauth-psk mark 0/00000000, 0/00000000
3447. Mar 30 11:11:18.792698: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3448. Mar 30 11:11:18.792705: |  conn l2tp-psk mark 0/00000000, 0/00000000
3449. Mar 30 11:11:18.792718: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
3450. Mar 30 11:11:18.792726: | sr for #7: erouted
3451. Mar 30 11:11:18.792733: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
3452. Mar 30 11:11:18.792739: | FOR_EACH_CONNECTION_... in route_owner
3453. Mar 30 11:11:18.792746: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3454. Mar 30 11:11:18.792753: |  conn l2tp-psk mark 0/00000000, 0/00000000
3455. Mar 30 11:11:18.792760: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3456. Mar 30 11:11:18.792766: |  conn xauth-psk mark 0/00000000, 0/00000000
3457. Mar 30 11:11:18.792773: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
3458. Mar 30 11:11:18.792780: |  conn l2tp-psk mark 0/00000000, 0/00000000
3459. Mar 30 11:11:18.792791: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
3460. Mar 30 11:11:18.792799: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #7
3461. Mar 30 11:11:18.792805: | we are replacing an eroute
3462. Mar 30 11:11:18.792813: | priority calculation of connection "l2tp-psk" is 0x15bfbf
3463. Mar 30 11:11:18.792835: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.5aad8c94@93.46.124.104>esp.5aad8c94@93.46.124.104 using reqid 16409 (raw_eroute)
3464. Mar 30 11:11:18.792846: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
3465. Mar 30 11:11:18.792854: | netlink_raw_eroute: using host address instead of client subnet
3466. Mar 30 11:11:18.792861: | IPsec Sa SPD priority set to 1425343
3467. Mar 30 11:11:18.792923: | raw_eroute result=success
3468. Mar 30 11:11:18.792934: | route_and_eroute: firewall_notified: true
3469. Mar 30 11:11:18.792945: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #7 (was #6) (newest_ipsec_sa=#6)
3470. Mar 30 11:11:18.792957: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #7 (was #6) (spd.eroute=#7) cloned from #3
3471. Mar 30 11:11:18.792964: | DPD: dpd_init() called on IPsec SA
3472. Mar 30 11:11:18.792970: | DPD: Peer does not support Dead Peer Detection
3473. Mar 30 11:11:18.792977: | complete v1 state transition with STF_OK
3474. Mar 30 11:11:18.792990: | [RE]START processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
3475. Mar 30 11:11:18.793015: | #7 is idle
3476. Mar 30 11:11:18.793022: | doing_xauth:no, t_xauth_client_done:no
3477. Mar 30 11:11:18.793028: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
3478. Mar 30 11:11:18.793036: | child state #7: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
3479. Mar 30 11:11:18.793043: | event_already_set, deleting event
3480. Mar 30 11:11:18.793050: | state #7 requesting EVENT_RETRANSMIT to be deleted
3481. Mar 30 11:11:18.793057: | #7 STATE_QUICK_R2: retransmits: cleared
3482. Mar 30 11:11:18.793068: | libevent_free: delref ptr-libevent@0x562b2d551528
3483. Mar 30 11:11:18.793076: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d555938
3484. Mar 30 11:11:18.793084: | !event_already_set at reschedule
3485. Mar 30 11:11:18.793092: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d54f5c8
3486. Mar 30 11:11:18.793101: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #7
3487. Mar 30 11:11:18.793109: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
3488. Mar 30 11:11:18.793118: | pstats #7 ikev1.ipsec established
3489. Mar 30 11:11:18.793140: | NAT-T: NAT Traversal detected - their IKE port is '500'
3490. Mar 30 11:11:18.793147: | NAT-T: encaps is 'yes'
3491. Mar 30 11:11:18.793162: "l2tp-psk"[4] 93.46.124.104 #7: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x5aad8c94 <0xff264c8d xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
3492. Mar 30 11:11:18.793170: | modecfg pull: noquirk policy:push not-client
3493. Mar 30 11:11:18.793176: | phase 1 is done, looking for phase 2 to unpend
3494. Mar 30 11:11:18.793183: | releasing #7's fd-fd@(nil) because IKEv1 transitions finished
3495. Mar 30 11:11:18.793189: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
3496. Mar 30 11:11:18.793202: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
3497. Mar 30 11:11:18.793216: | stop processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
3498. Mar 30 11:11:18.793224: | processing: STOP connection NULL (in process_md() at demux.c:384)
3499. Mar 30 11:11:18.793259: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
3500. Mar 30 11:11:18.793268: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
3501. Mar 30 11:11:18.793274: |   08 10 05 01  a6 cb d9 0b  00 00 00 4c  17 30 27 45
3502. Mar 30 11:11:18.793280: |   be 0a 02 21  06 18 80 57  74 fb 6f 66  0c 5d 3b 3f
3503. Mar 30 11:11:18.793286: |   32 2f 11 10  ff 5b 0a 84  17 11 68 26  1f 74 87 6b
3504. Mar 30 11:11:18.793292: |   7f 8a 7b f7  5c c1 d4 84  fe 6d 83 8b
3505. Mar 30 11:11:18.793301: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
3506. Mar 30 11:11:18.793308: | **parse ISAKMP Message:
3507. Mar 30 11:11:18.793318: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3508. Mar 30 11:11:18.793327: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3509. Mar 30 11:11:18.793333: |    next payload type: ISAKMP_NEXT_HASH (0x8)
3510. Mar 30 11:11:18.793340: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3511. Mar 30 11:11:18.793346: |    exchange type: ISAKMP_XCHG_INFO (0x5)
3512. Mar 30 11:11:18.793353: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3513. Mar 30 11:11:18.793361: |    Message ID: 2798377227 (a6 cb d9 0b)
3514. Mar 30 11:11:18.793368: |    length: 76 (00 00 00 4c)
3515. Mar 30 11:11:18.793376: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
3516. Mar 30 11:11:18.793384: | peer and cookies match on #7; msgid=00000000 st_msgid=00000004 st_v1_msgid.phase15=00000000
3517. Mar 30 11:11:18.793391: | peer and cookies match on #6; msgid=00000000 st_msgid=00000003 st_v1_msgid.phase15=00000000
3518. Mar 30 11:11:18.793398: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
3519. Mar 30 11:11:18.793404: | p15 state object #3 found, in STATE_MAIN_R3
3520. Mar 30 11:11:18.793411: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
3521. Mar 30 11:11:18.793425: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
3522. Mar 30 11:11:18.793456: | #3 is idle
3523. Mar 30 11:11:18.793464: | #3 idle
3524. Mar 30 11:11:18.793474: | received encrypted packet from 93.46.124.104:4500
3525. Mar 30 11:11:18.793495: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
3526. Mar 30 11:11:18.793502: | ***parse ISAKMP Hash Payload:
3527. Mar 30 11:11:18.793509: |    next payload type: ISAKMP_NEXT_D (0xc)
3528. Mar 30 11:11:18.793517: |    length: 24 (00 18)
3529. Mar 30 11:11:18.793524: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
3530. Mar 30 11:11:18.793532: | ***parse ISAKMP Delete Payload:
3531. Mar 30 11:11:18.793539: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3532. Mar 30 11:11:18.793549: |    length: 16 (00 10)
3533. Mar 30 11:11:18.793556: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3534. Mar 30 11:11:18.793563: |    protocol ID: 3 (03)
3535. Mar 30 11:11:18.793571: |    SPI size: 4 (04)
3536. Mar 30 11:11:18.793580: |    number of SPIs: 1 (00 01)
3537. Mar 30 11:11:18.793587: | removing 8 bytes of padding
3538. Mar 30 11:11:18.793651: | informational HASH(1):
3539. Mar 30 11:11:18.793664: |   37 db aa 77  7e d9 94 8e  19 f4 01 3d  08 97 6d 6d
3540. Mar 30 11:11:18.793672: |   94 b9 b1 ea
3541. Mar 30 11:11:18.793693: | received 'informational' message HASH(1) data ok
3542. Mar 30 11:11:18.793702: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
3543. Mar 30 11:11:18.793709: | SPI
3544. Mar 30 11:11:18.793716: |   02 7c 20 b8
3545. Mar 30 11:11:18.793723: | FOR_EACH_STATE_... in find_phase2_state_to_delete
3546. Mar 30 11:11:18.793738: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
3547. Mar 30 11:11:18.793751: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x027c20b8) payload: deleting IPsec State #6
3548. Mar 30 11:11:18.793760: | pstats #6 ikev1.ipsec deleted completed
3549. Mar 30 11:11:18.793774: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
3550. Mar 30 11:11:18.793785: | start processing: state #6 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
3551. Mar 30 11:11:18.793798: "l2tp-psk"[4] 93.46.124.104 #6: deleting other state #6 (STATE_QUICK_R2) aged 4.098s and sending notification
3552. Mar 30 11:11:18.793807: | child state #6: QUICK_R2(established CHILD SA) => delete
3553. Mar 30 11:11:18.793821: | get_sa_info esp.27c20b8@93.46.124.104
3554. Mar 30 11:11:18.793866: | get_sa_info esp.d887d60a@10.68.154.105
3555. Mar 30 11:11:18.793895: "l2tp-psk"[4] 93.46.124.104 #6: ESP traffic information: in=0B out=0B
3556. Mar 30 11:11:18.793905: | unsuspending #6 MD (nil)
3557. Mar 30 11:11:18.793914: | #6 send IKEv1 delete notification for STATE_QUICK_R2
3558. Mar 30 11:11:18.793922: | FOR_EACH_STATE_... in find_phase1_state
3559. Mar 30 11:11:18.793941: | **emit ISAKMP Message:
3560. Mar 30 11:11:18.793951: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3561. Mar 30 11:11:18.793960: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3562. Mar 30 11:11:18.793969: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3563. Mar 30 11:11:18.793976: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3564. Mar 30 11:11:18.793983: |    exchange type: ISAKMP_XCHG_INFO (0x5)
3565. Mar 30 11:11:18.793994: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3566. Mar 30 11:11:18.794005: |    Message ID: 3210271158 (bf 58 d9 b6)
3567. Mar 30 11:11:18.794014: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
3568. Mar 30 11:11:18.794024: | ***emit ISAKMP Hash Payload:
3569. Mar 30 11:11:18.794031: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3570. Mar 30 11:11:18.794039: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
3571. Mar 30 11:11:18.794046: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
3572. Mar 30 11:11:18.794054: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
3573. Mar 30 11:11:18.794062: | emitting length of ISAKMP Hash Payload: 24
3574. Mar 30 11:11:18.794069: | ***emit ISAKMP Delete Payload:
3575. Mar 30 11:11:18.794078: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3576. Mar 30 11:11:18.794084: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3577. Mar 30 11:11:18.794091: |    protocol ID: 3 (03)
3578. Mar 30 11:11:18.794099: |    SPI size: 4 (04)
3579. Mar 30 11:11:18.794107: |    number of SPIs: 1 (00 01)
3580. Mar 30 11:11:18.794114: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
3581. Mar 30 11:11:18.794121: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
3582. Mar 30 11:11:18.794129: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
3583. Mar 30 11:11:18.794137: | delete payload: d8 87 d6 0a
3584. Mar 30 11:11:18.794144: | emitting length of ISAKMP Delete Payload: 16
3585. Mar 30 11:11:18.794207: | send delete HASH(1):
3586. Mar 30 11:11:18.794221: |   c0 3d 20 02  3e f5 b8 4e  49 10 7d 76  14 de fb 78
3587. Mar 30 11:11:18.794228: |   18 97 4a 5f
3588. Mar 30 11:11:18.794252: | emitting 8 zero bytes of encryption padding into ISAKMP Message
3589. Mar 30 11:11:18.794260: | no IKEv1 message padding required
3590. Mar 30 11:11:18.794267: | emitting length of ISAKMP Message: 76
3591. Mar 30 11:11:18.794298: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
3592. Mar 30 11:11:18.794320: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
3593. Mar 30 11:11:18.794327: |   5d 82 98 78  08 10 05 01  bf 58 d9 b6  00 00 00 4c
3594. Mar 30 11:11:18.794333: |   74 02 01 a1  ce da b7 d1  9c 9d c4 3c  a1 c6 9b 88
3595. Mar 30 11:11:18.794340: |   16 0f ba 56  bc bb 0d f5  76 ea f2 a9  54 bc 0e f7
3596. Mar 30 11:11:18.794346: |   e9 9f 5b f2  be 5b 14 96  f7 8f 45 89  e6 2d 9b cf
3597. Mar 30 11:11:18.794459: | state #6 requesting EVENT_SA_EXPIRE to be deleted
3598. Mar 30 11:11:18.794478: | libevent_free: delref ptr-libevent@0x562b2d554878
3599. Mar 30 11:11:18.794486: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554998
3600. Mar 30 11:11:18.794500: | delete esp.27c20b8@93.46.124.104
3601. Mar 30 11:11:18.794509: | XFRM: deleting IPsec SA with reqid 0
3602. Mar 30 11:11:18.794564: | netlink response for Del SA esp.27c20b8@93.46.124.104 included non-error error
3603. Mar 30 11:11:18.794577: | delete esp.d887d60a@10.68.154.105
3604. Mar 30 11:11:18.794585: | XFRM: deleting IPsec SA with reqid 0
3605. Mar 30 11:11:18.794610: | netlink response for Del SA esp.d887d60a@10.68.154.105 included non-error error
3606. Mar 30 11:11:18.794627: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
3607. Mar 30 11:11:18.794634: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
3608. Mar 30 11:11:18.794641: | in connection_discard for connection l2tp-psk
3609. Mar 30 11:11:18.794648: | connection is instance
3610. Mar 30 11:11:18.794655: | not in pending use
3611. Mar 30 11:11:18.794663: | State DB: found state #7 in QUICK_R2 (connection_discard)
3612. Mar 30 11:11:18.794670: | states still using this connection instance, retaining
3613. Mar 30 11:11:18.794678: | State DB: deleting IKEv1 state #6 in QUICK_R2
3614. Mar 30 11:11:18.794690: | child state #6: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
3615. Mar 30 11:11:18.794700: | releasing #6's fd-fd@(nil) because deleting state
3616. Mar 30 11:11:18.794707: | delref fdp@NULL (in delete_state() at state.c:1185)
3617. Mar 30 11:11:18.794719: | stop processing: state #6 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
3618. Mar 30 11:11:18.794730: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
3619. Mar 30 11:11:18.794743: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
3620. Mar 30 11:11:18.794749: | del:
3621. Mar 30 11:11:18.794753: |
3622. Mar 30 11:11:18.794763: | complete v1 state transition with STF_IGNORE
3623. Mar 30 11:11:18.794773: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
3624. Mar 30 11:11:18.794782: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
3625. Mar 30 11:11:18.794787: | processing: STOP connection NULL (in process_md() at demux.c:384)
3626. Mar 30 11:11:23.347436: | processing global timer EVENT_SHUNT_SCAN
3627. Mar 30 11:11:23.347493: | checking for aged bare shunts from shunt table to expire
3628. Mar 30 11:11:26.728628: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
3629. Mar 30 11:11:26.728676: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
3630. Mar 30 11:11:26.728683: |   08 10 20 01  00 00 00 05  00 00 01 bc  8a 5f bd f9
3631. Mar 30 11:11:26.728689: |   c7 fe 01 a8  bd 66 fd 94  d0 50 27 55  26 3d 15 7d
3632. Mar 30 11:11:26.728695: |   9d f9 92 ec  c8 dc e7 42  ca 4b d5 cc  14 77 59 4d
3633. Mar 30 11:11:26.728701: |   6c 74 42 1f  32 ba b0 68  e1 21 05 df  97 1f b7 fe
3634. Mar 30 11:11:26.728706: |   85 a0 70 8c  2c 9c 28 2f  96 c0 a1 07  eb 34 6a 0a
3635. Mar 30 11:11:26.728711: |   ad 83 55 f8  8f 3b 8c f3  9d a1 d6 1e  e7 09 b1 4e
3636. Mar 30 11:11:26.728717: |   6c b2 de d7  8b fa 06 09  ac 8a 70 59  c0 d6 a9 55
3637. Mar 30 11:11:26.728722: |   c4 06 a6 e4  86 57 04 71  b3 1c f0 84  bf de 0e 7e
3638. Mar 30 11:11:26.728728: |   9a 5c 76 ed  a1 a5 05 11  f0 f7 64 c3  b9 10 e5 ee
3639. Mar 30 11:11:26.728733: |   6c 1f 67 e0  4c 93 0e 1b  6b df e8 ab  af 53 b4 f3
3640. Mar 30 11:11:26.728738: |   99 aa d8 ae  07 ed e1 2d  e3 28 ba e8  fb 01 6f 18
3641. Mar 30 11:11:26.728744: |   47 c3 17 90  ef 1e bc 7c  b3 14 15 90  d5 ec 46 56
3642. Mar 30 11:11:26.728771: |   78 76 e0 7e  f8 c7 5c 51  e5 e9 f4 57  96 25 40 97
3643. Mar 30 11:11:26.728777: |   2c eb 08 5d  72 38 09 0a  a6 41 54 36  e7 98 d2 cb
3644. Mar 30 11:11:26.728783: |   1f 39 e4 3b  af 78 97 2f  b1 1b 77 85  0f 2c 9d 08
3645. Mar 30 11:11:26.728788: |   22 4b 28 c8  25 a5 4a e6  bc e1 8c df  4d 21 b4 88
3646. Mar 30 11:11:26.728793: |   8c fa 1c aa  2b 92 b3 c9  34 c3 0f a9  25 a3 10 f3
3647. Mar 30 11:11:26.728799: |   59 00 40 7f  ed 19 a3 4b  8f 08 5d 43  1a 55 ee 36
3648. Mar 30 11:11:26.728804: |   ac 6a 4a 34  d7 18 c2 51  d4 35 5e 56  2a 3c 51 ca
3649. Mar 30 11:11:26.728809: |   ce de 27 85  dc e2 86 ca  d8 09 ac 69  c3 bf c8 06
3650. Mar 30 11:11:26.728815: |   7b d8 d5 47  f9 6c bb 5b  11 bc 77 95  19 60 60 74
3651. Mar 30 11:11:26.728820: |   94 a0 be db  80 45 c7 cb  e4 1b 24 95  b8 09 db 96
3652. Mar 30 11:11:26.728825: |   b7 d7 19 d3  8e 3b a6 b6  ac 8a 5a d4  be db bb 70
3653. Mar 30 11:11:26.728831: |   21 18 0a 76  83 f8 8c ee  8d 99 4d 85  b0 9c fb a4
3654. Mar 30 11:11:26.728836: |   18 c7 76 e3  fe 6e f8 a4  0c 89 c2 40  36 af 49 a8
3655. Mar 30 11:11:26.728841: |   37 18 85 ba  42 bd 58 a8  c2 0c fa bd  aa 2c ba 6f
3656. Mar 30 11:11:26.728847: |   93 aa 99 2e  68 50 03 3f  3a 27 ae d9
3657. Mar 30 11:11:26.728858: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
3658. Mar 30 11:11:26.728868: | **parse ISAKMP Message:
3659. Mar 30 11:11:26.728879: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3660. Mar 30 11:11:26.728887: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3661. Mar 30 11:11:26.728894: |    next payload type: ISAKMP_NEXT_HASH (0x8)
3662. Mar 30 11:11:26.728901: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3663. Mar 30 11:11:26.728907: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
3664. Mar 30 11:11:26.728913: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3665. Mar 30 11:11:26.728922: |    Message ID: 5 (00 00 00 05)
3666. Mar 30 11:11:26.728930: |    length: 444 (00 00 01 bc)
3667. Mar 30 11:11:26.728937: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
3668. Mar 30 11:11:26.728946: | State DB: IKEv1 state not found (find_state_ikev1)
3669. Mar 30 11:11:26.728953: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
3670. Mar 30 11:11:26.728968: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
3671. Mar 30 11:11:26.729015: | #3 is idle
3672. Mar 30 11:11:26.729021: | #3 idle
3673. Mar 30 11:11:26.729030: | received encrypted packet from 93.46.124.104:4500
3674. Mar 30 11:11:26.729057: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
3675. Mar 30 11:11:26.729085: | ***parse ISAKMP Hash Payload:
3676. Mar 30 11:11:26.729093: |    next payload type: ISAKMP_NEXT_SA (0x1)
3677. Mar 30 11:11:26.729100: |    length: 24 (00 18)
3678. Mar 30 11:11:26.729106: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
3679. Mar 30 11:11:26.729112: | ***parse ISAKMP Security Association Payload:
3680. Mar 30 11:11:26.729119: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
3681. Mar 30 11:11:26.729125: |    length: 280 (01 18)
3682. Mar 30 11:11:26.729131: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3683. Mar 30 11:11:26.729137: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
3684. Mar 30 11:11:26.729143: | ***parse ISAKMP Nonce Payload:
3685. Mar 30 11:11:26.729149: |    next payload type: ISAKMP_NEXT_ID (0x5)
3686. Mar 30 11:11:26.729156: |    length: 52 (00 34)
3687. Mar 30 11:11:26.729162: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
3688. Mar 30 11:11:26.729169: | ***parse ISAKMP Identification Payload (IPsec DOI):
3689. Mar 30 11:11:26.729175: |    next payload type: ISAKMP_NEXT_ID (0x5)
3690. Mar 30 11:11:26.729181: |    length: 12 (00 0c)
3691. Mar 30 11:11:26.729187: |    ID type: ID_IPV4_ADDR (0x1)
3692. Mar 30 11:11:26.729194: |    Protocol ID: 17 (11)
3693. Mar 30 11:11:26.729200: |    port: 1701 (06 a5)
3694. Mar 30 11:11:26.729206: |      obj:
3695. Mar 30 11:11:26.729211: |   c0 a8 01 65
3696. Mar 30 11:11:26.729217: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
3697. Mar 30 11:11:26.729223: | ***parse ISAKMP Identification Payload (IPsec DOI):
3698. Mar 30 11:11:26.729229: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
3699. Mar 30 11:11:26.729243: |    length: 12 (00 0c)
3700. Mar 30 11:11:26.729249: |    ID type: ID_IPV4_ADDR (0x1)
3701. Mar 30 11:11:26.729271: |    Protocol ID: 17 (11)
3702. Mar 30 11:11:26.729296: |    port: 1701 (06 a5)
3703. Mar 30 11:11:26.729308: |      obj:
3704. Mar 30 11:11:26.729316: |   33 9e 40 c9
3705. Mar 30 11:11:26.729324: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
3706. Mar 30 11:11:26.729333: | ***parse ISAKMP NAT-OA Payload:
3707. Mar 30 11:11:26.729340: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
3708. Mar 30 11:11:26.729349: |    length: 12 (00 0c)
3709. Mar 30 11:11:26.729356: |    ID type: ID_IPV4_ADDR (0x1)
3710. Mar 30 11:11:26.729363: |      obj:
3711. Mar 30 11:11:26.729369: |   c0 a8 01 65
3712. Mar 30 11:11:26.729375: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
3713. Mar 30 11:11:26.729382: | ***parse ISAKMP NAT-OA Payload:
3714. Mar 30 11:11:26.729389: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3715. Mar 30 11:11:26.729397: |    length: 12 (00 0c)
3716. Mar 30 11:11:26.729404: |    ID type: ID_IPV4_ADDR (0x1)
3717. Mar 30 11:11:26.729411: |      obj:
3718. Mar 30 11:11:26.729418: |   33 9e 40 c9
3719. Mar 30 11:11:26.729428: | removing 12 bytes of padding
3720. Mar 30 11:11:26.729500: | quick_inI1_outR1 HASH(1):
3721. Mar 30 11:11:26.729511: |   95 b7 5c 7b  d0 18 af ad  0a d5 da e1  e8 08 8d 31
3722. Mar 30 11:11:26.729532: |   c8 36 0b f6
3723. Mar 30 11:11:26.729548: | received 'quick_inI1_outR1' message HASH(1) data ok
3724. Mar 30 11:11:26.729563: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
3725. Mar 30 11:11:26.729571: | ID address
3726. Mar 30 11:11:26.729578: |   c0 a8 01 65
3727. Mar 30 11:11:26.729590: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
3728. Mar 30 11:11:26.729600: | peer client is 192.168.1.101/32
3729. Mar 30 11:11:26.729608: | peer client protocol/port is 17/1701
3730. Mar 30 11:11:26.729615: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
3731. Mar 30 11:11:26.729622: | ID address
3732. Mar 30 11:11:26.729628: |   33 9e 40 c9
3733. Mar 30 11:11:26.729638: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
3734. Mar 30 11:11:26.729647: | our client is 51.158.64.201/32
3735. Mar 30 11:11:26.729655: | our client protocol/port is 17/1701
3736. Mar 30 11:11:26.729672: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
3737. Mar 30 11:11:26.729679: | find_client_connection starting with l2tp-psk
3738. Mar 30 11:11:26.729689: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
3739. Mar 30 11:11:26.729699: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
3740. Mar 30 11:11:26.729708: |    match_id a=192.168.1.101
3741. Mar 30 11:11:26.729715: |             b=192.168.1.101
3742. Mar 30 11:11:26.729721: |    results  matched
3743. Mar 30 11:11:26.729738: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
3744. Mar 30 11:11:26.729752: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
3745. Mar 30 11:11:26.729777: |   fc_try concluding with none [0]
3746. Mar 30 11:11:26.729788: |   fc_try l2tp-psk gives none
3747. Mar 30 11:11:26.729802: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
3748. Mar 30 11:11:26.729816: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
3749. Mar 30 11:11:26.729827: |    match_id a=192.168.1.101
3750. Mar 30 11:11:26.729834: |             b=(none)
3751. Mar 30 11:11:26.729841: |    results  matched
3752. Mar 30 11:11:26.729859: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
3753. Mar 30 11:11:26.729872: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
3754. Mar 30 11:11:26.729882: |    match_id a=192.168.1.101
3755. Mar 30 11:11:26.729890: |             b=(none)
3756. Mar 30 11:11:26.729896: |    results  matched
3757. Mar 30 11:11:26.729901: |   fc_try concluding with none [0]
3758. Mar 30 11:11:26.729909: |    match_id a=192.168.1.101
3759. Mar 30 11:11:26.729929: |             b=(none)
3760. Mar 30 11:11:26.729936: |    results  matched
3761. Mar 30 11:11:26.729952: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
3762. Mar 30 11:11:26.729965: |    match_id a=192.168.1.101
3763. Mar 30 11:11:26.729971: |             b=(none)
3764. Mar 30 11:11:26.729976: |    results  matched
3765. Mar 30 11:11:26.729982: |   fc_try_oppo concluding with none [0]
3766. Mar 30 11:11:26.729987: |   concluding with d = none
3767. Mar 30 11:11:26.729996: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
3768. Mar 30 11:11:26.730003: | client wildcard: no  port wildcard: no  virtual: no
3769. Mar 30 11:11:26.730009: | NAT-Traversal: received 2 NAT-OA.
3770. Mar 30 11:11:26.730018: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
3771. Mar 30 11:11:26.730024: | NAT-OA:
3772. Mar 30 11:11:26.730030: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
3773. Mar 30 11:11:26.730036: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
3774. Mar 30 11:11:26.730042: | NAT-Traversal: NAT-OA IP
3775. Mar 30 11:11:26.730047: |   c0 a8 01 65
3776. Mar 30 11:11:26.730054: | received NAT-OA: 192.168.1.101
3777. Mar 30 11:11:26.730066: | addref fd@NULL (in new_state() at state.c:555)
3778. Mar 30 11:11:26.730073: | creating state object #8 at 0x562b2d555bd8
3779. Mar 30 11:11:26.730080: | State DB: adding IKEv1 state #8 in UNDEFINED
3780. Mar 30 11:11:26.730098: | pstats #8 ikev1.ipsec started
3781. Mar 30 11:11:26.730106: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #8 for IPSEC SA
3782. Mar 30 11:11:26.730116: | #8 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
3783. Mar 30 11:11:26.730131: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
3784. Mar 30 11:11:26.730142: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
3785. Mar 30 11:11:26.730148: | switching MD.ST from #3 to CHILD #8; ulgh
3786. Mar 30 11:11:26.730155: | child state #8: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
3787. Mar 30 11:11:26.730163: | ****parse IPsec DOI SIT:
3788. Mar 30 11:11:26.730169: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3789. Mar 30 11:11:26.730176: | ****parse ISAKMP Proposal Payload:
3790. Mar 30 11:11:26.730182: |    next payload type: ISAKMP_NEXT_P (0x2)
3791. Mar 30 11:11:26.730190: |    length: 56 (00 38)
3792. Mar 30 11:11:26.730196: |    proposal number: 1 (01)
3793. Mar 30 11:11:26.730202: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3794. Mar 30 11:11:26.730208: |    SPI size: 4 (04)
3795. Mar 30 11:11:26.730214: |    number of transforms: 1 (01)
3796. Mar 30 11:11:26.730220: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
3797. Mar 30 11:11:26.730225: | SPI
3798. Mar 30 11:11:26.730231: |   87 4d 05 0a
3799. Mar 30 11:11:26.730237: | ****parse ISAKMP Proposal Payload:
3800. Mar 30 11:11:26.730243: |    next payload type: ISAKMP_NEXT_P (0x2)
3801. Mar 30 11:11:26.730249: |    length: 56 (00 38)
3802. Mar 30 11:11:26.730255: |    proposal number: 2 (02)
3803. Mar 30 11:11:26.730261: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3804. Mar 30 11:11:26.730267: |    SPI size: 4 (04)
3805. Mar 30 11:11:26.730273: |    number of transforms: 1 (01)
3806. Mar 30 11:11:26.730280: | *****parse ISAKMP Transform Payload (ESP):
3807. Mar 30 11:11:26.730285: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3808. Mar 30 11:11:26.730292: |    length: 44 (00 2c)
3809. Mar 30 11:11:26.730298: |    ESP transform number: 1 (01)
3810. Mar 30 11:11:26.730303: |    ESP transform ID: ESP_AES (0xc)
3811. Mar 30 11:11:26.730311: | ******parse ISAKMP IPsec DOI attribute:
3812. Mar 30 11:11:26.730317: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
3813. Mar 30 11:11:26.730324: |    length/value: 4 (00 04)
3814. Mar 30 11:11:26.730330: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
3815. Mar 30 11:11:26.730337: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
3816. Mar 30 11:11:26.730343: | ******parse ISAKMP IPsec DOI attribute:
3817. Mar 30 11:11:26.730366: |    af+type: AF+KEY_LENGTH (0x8006)
3818. Mar 30 11:11:26.730391: |    length/value: 256 (01 00)
3819. Mar 30 11:11:26.730400: | ******parse ISAKMP IPsec DOI attribute:
3820. Mar 30 11:11:26.730408: |    af+type: AF+AUTH_ALGORITHM (0x8005)
3821. Mar 30 11:11:26.730416: |    length/value: 2 (00 02)
3822. Mar 30 11:11:26.730422: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
3823. Mar 30 11:11:26.730429: | ******parse ISAKMP IPsec DOI attribute:
3824. Mar 30 11:11:26.730436: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3825. Mar 30 11:11:26.730444: |    length/value: 1 (00 01)
3826. Mar 30 11:11:26.730451: |    [1 is SA_LIFE_TYPE_SECONDS]
3827. Mar 30 11:11:26.730458: | ******parse ISAKMP IPsec DOI attribute:
3828. Mar 30 11:11:26.730467: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3829. Mar 30 11:11:26.730475: |    length/value: 4 (00 04)
3830. Mar 30 11:11:26.730482: |    long duration: 3600
3831. Mar 30 11:11:26.730490: | ******parse ISAKMP IPsec DOI attribute:
3832. Mar 30 11:11:26.730497: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3833. Mar 30 11:11:26.730505: |    length/value: 2 (00 02)
3834. Mar 30 11:11:26.730511: |    [2 is SA_LIFE_TYPE_KBYTES]
3835. Mar 30 11:11:26.730519: | ******parse ISAKMP IPsec DOI attribute:
3836. Mar 30 11:11:26.730526: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3837. Mar 30 11:11:26.730534: |    length/value: 4 (00 04)
3838. Mar 30 11:11:26.730542: |    long duration: 250000
3839. Mar 30 11:11:26.730551: | ESP IPsec Transform verified; matches alg_info entry
3840. Mar 30 11:11:26.730567: | adding quick_outI1 KE work-order 10 for state #8
3841. Mar 30 11:11:26.730576: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5546a8
3842. Mar 30 11:11:26.730583: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8
3843. Mar 30 11:11:26.730592: | libevent_malloc: newref ptr-libevent@0x562b2d554878 size 128
3844. Mar 30 11:11:26.730622: | complete v1 state transition with STF_SUSPEND
3845. Mar 30 11:11:26.730635: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
3846. Mar 30 11:11:26.730642: | suspending state #8 and saving MD 0x562b2d551f08
3847. Mar 30 11:11:26.730648: | #8 is busy; has suspended MD 0x562b2d551f08
3848. Mar 30 11:11:26.730661: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
3849. Mar 30 11:11:26.730672: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
3850. Mar 30 11:11:26.730679: | processing: STOP connection NULL (in process_md() at demux.c:384)
3851. Mar 30 11:11:26.730686: | crypto helper 0 resuming
3852. Mar 30 11:11:26.730737: | crypto helper 0 starting work-order 10 for state #8
3853. Mar 30 11:11:26.730750: | crypto helper 0 doing build nonce (quick_outI1 KE); request ID 10
3854. Mar 30 11:11:26.730806: | crypto helper 0 finished build nonce (quick_outI1 KE); request ID 10 time elapsed 0.000059 seconds
3855. Mar 30 11:11:26.730814: | crypto helper 0 sending results from work-order 10 for state #8 to event queue
3856. Mar 30 11:11:26.730821: | scheduling resume sending helper answer for #8
3857. Mar 30 11:11:26.730830: | libevent_malloc: newref ptr-libevent@0x7f3a3c002e58 size 128
3858. Mar 30 11:11:26.730861: | crypto helper 0 waiting (nothing to do)
3859. Mar 30 11:11:26.730988: | processing resume sending helper answer for #8
3860. Mar 30 11:11:26.731017: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
3861. Mar 30 11:11:26.731025: | unsuspending #8 MD 0x562b2d551f08
3862. Mar 30 11:11:26.731031: | crypto helper 0 replies to request ID 10
3863. Mar 30 11:11:26.731035: | calling continuation function 0x562b2c27c390
3864. Mar 30 11:11:26.731041: | quick_inI1_outR1_cryptocontinue1 for #8: calculated ke+nonce, calculating DH
3865. Mar 30 11:11:26.731058: | **emit ISAKMP Message:
3866. Mar 30 11:11:26.731067: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
3867. Mar 30 11:11:26.731074: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
3868. Mar 30 11:11:26.731079: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3869. Mar 30 11:11:26.731085: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
3870. Mar 30 11:11:26.731108: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
3871. Mar 30 11:11:26.731115: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
3872. Mar 30 11:11:26.731122: |    Message ID: 5 (00 00 00 05)
3873. Mar 30 11:11:26.731128: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
3874. Mar 30 11:11:26.731134: | ***emit ISAKMP Hash Payload:
3875. Mar 30 11:11:26.731138: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3876. Mar 30 11:11:26.731144: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
3877. Mar 30 11:11:26.731149: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
3878. Mar 30 11:11:26.731155: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
3879. Mar 30 11:11:26.731160: | emitting length of ISAKMP Hash Payload: 24
3880. Mar 30 11:11:26.731164: | ***emit ISAKMP Security Association Payload:
3881. Mar 30 11:11:26.731169: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
3882. Mar 30 11:11:26.731174: |    DOI: ISAKMP_DOI_IPSEC (0x1)
3883. Mar 30 11:11:26.731179: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
3884. Mar 30 11:11:26.731184: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
3885. Mar 30 11:11:26.731188: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
3886. Mar 30 11:11:26.731206: | ****parse IPsec DOI SIT:
3887. Mar 30 11:11:26.731213: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3888. Mar 30 11:11:26.731219: | ****parse ISAKMP Proposal Payload:
3889. Mar 30 11:11:26.731224: |    next payload type: ISAKMP_NEXT_P (0x2)
3890. Mar 30 11:11:26.731230: |    length: 56 (00 38)
3891. Mar 30 11:11:26.731235: |    proposal number: 1 (01)
3892. Mar 30 11:11:26.731240: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3893. Mar 30 11:11:26.731245: |    SPI size: 4 (04)
3894. Mar 30 11:11:26.731250: |    number of transforms: 1 (01)
3895. Mar 30 11:11:26.731255: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
3896. Mar 30 11:11:26.731260: | SPI
3897. Mar 30 11:11:26.731264: |   87 4d 05 0a
3898. Mar 30 11:11:26.731270: | ****parse ISAKMP Proposal Payload:
3899. Mar 30 11:11:26.731274: |    next payload type: ISAKMP_NEXT_P (0x2)
3900. Mar 30 11:11:26.731280: |    length: 56 (00 38)
3901. Mar 30 11:11:26.731285: |    proposal number: 2 (02)
3902. Mar 30 11:11:26.731289: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3903. Mar 30 11:11:26.731294: |    SPI size: 4 (04)
3904. Mar 30 11:11:26.731299: |    number of transforms: 1 (01)
3905. Mar 30 11:11:26.731305: | *****parse ISAKMP Transform Payload (ESP):
3906. Mar 30 11:11:26.731310: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3907. Mar 30 11:11:26.731316: |    length: 44 (00 2c)
3908. Mar 30 11:11:26.731321: |    ESP transform number: 1 (01)
3909. Mar 30 11:11:26.731325: |    ESP transform ID: ESP_AES (0xc)
3910. Mar 30 11:11:26.731332: | ******parse ISAKMP IPsec DOI attribute:
3911. Mar 30 11:11:26.731337: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
3912. Mar 30 11:11:26.731342: |    length/value: 4 (00 04)
3913. Mar 30 11:11:26.731348: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
3914. Mar 30 11:11:26.731354: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
3915. Mar 30 11:11:26.731359: | ******parse ISAKMP IPsec DOI attribute:
3916. Mar 30 11:11:26.731364: |    af+type: AF+KEY_LENGTH (0x8006)
3917. Mar 30 11:11:26.731369: |    length/value: 256 (01 00)
3918. Mar 30 11:11:26.731374: | ******parse ISAKMP IPsec DOI attribute:
3919. Mar 30 11:11:26.731379: |    af+type: AF+AUTH_ALGORITHM (0x8005)
3920. Mar 30 11:11:26.731384: |    length/value: 2 (00 02)
3921. Mar 30 11:11:26.731389: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
3922. Mar 30 11:11:26.731395: | ******parse ISAKMP IPsec DOI attribute:
3923. Mar 30 11:11:26.731400: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3924. Mar 30 11:11:26.731405: |    length/value: 1 (00 01)
3925. Mar 30 11:11:26.731410: |    [1 is SA_LIFE_TYPE_SECONDS]
3926. Mar 30 11:11:26.731414: | ******parse ISAKMP IPsec DOI attribute:
3927. Mar 30 11:11:26.731419: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3928. Mar 30 11:11:26.731431: |    length/value: 4 (00 04)
3929. Mar 30 11:11:26.731436: |    long duration: 3600
3930. Mar 30 11:11:26.731441: | ******parse ISAKMP IPsec DOI attribute:
3931. Mar 30 11:11:26.731446: |    af+type: AF+SA_LIFE_TYPE (0x8001)
3932. Mar 30 11:11:26.731452: |    length/value: 2 (00 02)
3933. Mar 30 11:11:26.731456: |    [2 is SA_LIFE_TYPE_KBYTES]
3934. Mar 30 11:11:26.731461: | ******parse ISAKMP IPsec DOI attribute:
3935. Mar 30 11:11:26.731466: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
3936. Mar 30 11:11:26.731472: |    length/value: 4 (00 04)
3937. Mar 30 11:11:26.731476: |    long duration: 250000
3938. Mar 30 11:11:26.731483: | ESP IPsec Transform verified; matches alg_info entry
3939. Mar 30 11:11:26.731487: | ****emit IPsec DOI SIT:
3940. Mar 30 11:11:26.731492: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
3941. Mar 30 11:11:26.731497: | ****emit ISAKMP Proposal Payload:
3942. Mar 30 11:11:26.731502: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3943. Mar 30 11:11:26.731507: |    proposal number: 1 (01)
3944. Mar 30 11:11:26.731512: |    protocol ID: PROTO_IPSEC_ESP (0x3)
3945. Mar 30 11:11:26.731517: |    SPI size: 4 (04)
3946. Mar 30 11:11:26.731522: |    number of transforms: 1 (01)
3947. Mar 30 11:11:26.731527: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
3948. Mar 30 11:11:26.731569: | netlink_get_spi: allocated 0x2c43b193 for esp.0@10.68.154.105
3949. Mar 30 11:11:26.731576: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
3950. Mar 30 11:11:26.731582: | SPI: 2c 43 b1 93
3951. Mar 30 11:11:26.731586: | *****emit ISAKMP Transform Payload (ESP):
3952. Mar 30 11:11:26.731591: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3953. Mar 30 11:11:26.731596: |    ESP transform number: 1 (01)
3954. Mar 30 11:11:26.731600: |    ESP transform ID: ESP_AES (0xc)
3955. Mar 30 11:11:26.731605: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
3956. Mar 30 11:11:26.731611: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
3957. Mar 30 11:11:26.731615: | attributes:
3958. Mar 30 11:11:26.731620: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
3959. Mar 30 11:11:26.731624: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
3960. Mar 30 11:11:26.731629: |   00 03 d0 90
3961. Mar 30 11:11:26.731634: | emitting length of ISAKMP Transform Payload (ESP): 44
3962. Mar 30 11:11:26.731638: | emitting length of ISAKMP Proposal Payload: 56
3963. Mar 30 11:11:26.731643: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
3964. Mar 30 11:11:26.731648: | emitting length of ISAKMP Security Association Payload: 68
3965. Mar 30 11:11:26.731653: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
3966. Mar 30 11:11:26.731663: "l2tp-psk"[4] 93.46.124.104 #8: responding to Quick Mode proposal {msgid:00000005}
3967. Mar 30 11:11:26.731676: "l2tp-psk"[4] 93.46.124.104 #8:     us: 10.68.154.105[51.158.64.201]:17/1701
3968. Mar 30 11:11:26.731687: "l2tp-psk"[4] 93.46.124.104 #8:   them: 93.46.124.104[192.168.1.101]:17/1701
3969. Mar 30 11:11:26.731692: | ***emit ISAKMP Nonce Payload:
3970. Mar 30 11:11:26.731696: |    next payload type: ISAKMP_NEXT_ID (0x5)
3971. Mar 30 11:11:26.731701: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
3972. Mar 30 11:11:26.731707: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
3973. Mar 30 11:11:26.731712: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
3974. Mar 30 11:11:26.731717: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
3975. Mar 30 11:11:26.731721: | Nr:
3976. Mar 30 11:11:26.731726: |   cc 64 cb 63  a9 dd 53 98  46 b3 41 24  ad 32 22 fa
3977. Mar 30 11:11:26.731731: |   78 30 e5 8d  65 b5 38 98  9c 83 37 ba  38 ca 5a d6
3978. Mar 30 11:11:26.731735: | emitting length of ISAKMP Nonce Payload: 36
3979. Mar 30 11:11:26.731740: | ***emit ISAKMP Identification Payload (IPsec DOI):
3980. Mar 30 11:11:26.731761: |    next payload type: ISAKMP_NEXT_ID (0x5)
3981. Mar 30 11:11:26.731773: |    ID type: ID_IPV4_ADDR (0x1)
3982. Mar 30 11:11:26.731779: |    Protocol ID: 17 (11)
3983. Mar 30 11:11:26.731784: |    port: 1701 (06 a5)
3984. Mar 30 11:11:26.731789: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
3985. Mar 30 11:11:26.731794: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
3986. Mar 30 11:11:26.731799: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
3987. Mar 30 11:11:26.731804: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
3988. Mar 30 11:11:26.731810: | ID body: c0 a8 01 65
3989. Mar 30 11:11:26.731815: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
3990. Mar 30 11:11:26.731819: | ***emit ISAKMP Identification Payload (IPsec DOI):
3991. Mar 30 11:11:26.731824: |    next payload type: ISAKMP_NEXT_NONE (0x0)
3992. Mar 30 11:11:26.731828: |    ID type: ID_IPV4_ADDR (0x1)
3993. Mar 30 11:11:26.731833: |    Protocol ID: 17 (11)
3994. Mar 30 11:11:26.731839: |    port: 1701 (06 a5)
3995. Mar 30 11:11:26.731843: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
3996. Mar 30 11:11:26.731848: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
3997. Mar 30 11:11:26.731853: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
3998. Mar 30 11:11:26.731859: | ID body: 33 9e 40 c9
3999. Mar 30 11:11:26.731863: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
4000. Mar 30 11:11:26.731928: | quick inR1 outI2 HASH(2):
4001. Mar 30 11:11:26.731935: |   a2 97 55 e6  90 8d 72 9f  4b 72 b9 40  47 ee c6 00
4002. Mar 30 11:11:26.731939: |   16 74 82 33
4003. Mar 30 11:11:26.731944: | compute_proto_keymat: needed_len (after ESP enc)=32
4004. Mar 30 11:11:26.731949: | compute_proto_keymat: needed_len (after ESP auth)=52
4005. Mar 30 11:11:26.732133: | install_inbound_ipsec_sa() checking if we can route
4006. Mar 30 11:11:26.732147: | could_route called for l2tp-psk (kind=CK_INSTANCE)
4007. Mar 30 11:11:26.732153: | FOR_EACH_CONNECTION_... in route_owner
4008. Mar 30 11:11:26.732159: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4009. Mar 30 11:11:26.732164: |  conn l2tp-psk mark 0/00000000, 0/00000000
4010. Mar 30 11:11:26.732169: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4011. Mar 30 11:11:26.732174: |  conn xauth-psk mark 0/00000000, 0/00000000
4012. Mar 30 11:11:26.732179: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4013. Mar 30 11:11:26.732185: |  conn l2tp-psk mark 0/00000000, 0/00000000
4014. Mar 30 11:11:26.732194: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4015. Mar 30 11:11:26.732199: |    routing is easy, or has resolvable near-conflict
4016. Mar 30 11:11:26.732204: | checking if this is a replacement state
4017. Mar 30 11:11:26.732209: |   st=0x562b2d555bd8 ost=0x562b2d556758 st->serialno=#8 ost->serialno=#7
4018. Mar 30 11:11:26.732216: "l2tp-psk"[4] 93.46.124.104 #8: keeping refhim=0 during rekey
4019. Mar 30 11:11:26.732221: | installing outgoing SA now as refhim=0
4020. Mar 30 11:11:26.732227: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
4021. Mar 30 11:11:26.732232: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
4022. Mar 30 11:11:26.732237: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
4023. Mar 30 11:11:26.732244: | setting IPsec SA replay-window to 32
4024. Mar 30 11:11:26.732250: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
4025. Mar 30 11:11:26.732256: | netlink: enabling transport mode
4026. Mar 30 11:11:26.732264: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
4027. Mar 30 11:11:26.732269: | XFRM: adding IPsec SA with reqid 16409
4028. Mar 30 11:11:26.732274: | netlink: setting IPsec SA replay-window to 32 using old-style req
4029. Mar 30 11:11:26.732280: | netlink: esp-hw-offload not set for IPsec SA
4030. Mar 30 11:11:26.732386: | netlink response for Add SA esp.874d050a@93.46.124.104 included non-error error
4031. Mar 30 11:11:26.732394: | outgoing SA has refhim=0
4032. Mar 30 11:11:26.732399: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
4033. Mar 30 11:11:26.732405: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
4034. Mar 30 11:11:26.732410: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
4035. Mar 30 11:11:26.732416: | setting IPsec SA replay-window to 32
4036. Mar 30 11:11:26.732421: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
4037. Mar 30 11:11:26.732427: | netlink: enabling transport mode
4038. Mar 30 11:11:26.732433: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
4039. Mar 30 11:11:26.732438: | XFRM: adding IPsec SA with reqid 16409
4040. Mar 30 11:11:26.732443: | netlink: setting IPsec SA replay-window to 32 using old-style req
4041. Mar 30 11:11:26.732448: | netlink: esp-hw-offload not set for IPsec SA
4042. Mar 30 11:11:26.732492: | netlink response for Add SA esp.2c43b193@10.68.154.105 included non-error error
4043. Mar 30 11:11:26.732502: | emitting 8 zero bytes of encryption padding into ISAKMP Message
4044. Mar 30 11:11:26.732507: | no IKEv1 message padding required
4045. Mar 30 11:11:26.732512: | emitting length of ISAKMP Message: 188
4046. Mar 30 11:11:26.732531: | finished processing quick inI1
4047. Mar 30 11:11:26.732537: | complete v1 state transition with STF_OK
4048. Mar 30 11:11:26.732549: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
4049. Mar 30 11:11:26.732554: | #8 is idle
4050. Mar 30 11:11:26.732559: | doing_xauth:no, t_xauth_client_done:no
4051. Mar 30 11:11:26.732566: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
4052. Mar 30 11:11:26.732573: | child state #8: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
4053. Mar 30 11:11:26.732577: | event_already_set, deleting event
4054. Mar 30 11:11:26.732583: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted
4055. Mar 30 11:11:26.732591: | libevent_free: delref ptr-libevent@0x562b2d554878
4056. Mar 30 11:11:26.732597: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d5546a8
4057. Mar 30 11:11:26.732606: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
4058. Mar 30 11:11:26.732619: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #8)
4059. Mar 30 11:11:26.732624: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
4060. Mar 30 11:11:26.732628: |   5d 82 98 78  08 10 20 01  00 00 00 05  00 00 00 bc
4061. Mar 30 11:11:26.732633: |   64 0f 4a 62  d1 d2 11 e5  98 2d 61 3a  16 30 a8 a2
4062. Mar 30 11:11:26.732637: |   25 58 22 74  6c 61 e8 ad  98 5c 5f 7c  ce 19 09 41
4063. Mar 30 11:11:26.732642: |   e7 e7 8f fd  4f de 96 71  9c 06 cf f8  ec f9 81 c7
4064. Mar 30 11:11:26.732646: |   cc 8b 0f 44  6b 57 96 b9  3e 03 fc 9e  fa c1 43 2c
4065. Mar 30 11:11:26.732650: |   a4 de ae e8  db de 28 15  69 ae 08 5e  2c 9f b3 c7
4066. Mar 30 11:11:26.732655: |   70 72 ac 29  d7 91 dd 6c  5f 2a 61 04  25 cc 34 ce
4067. Mar 30 11:11:26.732659: |   8f 27 0d 42  fe 59 51 12  08 61 7f b6  9b 5f 1a ec
4068. Mar 30 11:11:26.732664: |   13 12 21 20  af 0d 74 ec  f4 45 e0 01  8a 0b 5b 59
4069. Mar 30 11:11:26.732668: |   79 16 d0 2e  2e 73 01 f1  d8 5e 78 be  26 42 76 f7
4070. Mar 30 11:11:26.732672: |   f6 3a 2e 0f  c6 21 4e 88  4b 93 61 e8  ef 5f 23 09
4071. Mar 30 11:11:26.732746: | !event_already_set at reschedule
4072. Mar 30 11:11:26.732756: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d5546a8
4073. Mar 30 11:11:26.732763: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8
4074. Mar 30 11:11:26.732769: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
4075. Mar 30 11:11:26.732778: | #8 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5645.157985
4076. Mar 30 11:11:26.732784: | pstats #8 ikev1.ipsec established
4077. Mar 30 11:11:26.732792: | NAT-T: NAT Traversal detected - their IKE port is '500'
4078. Mar 30 11:11:26.732797: | NAT-T: encaps is 'yes'
4079. Mar 30 11:11:26.732816: "l2tp-psk"[4] 93.46.124.104 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x874d050a <0x2c43b193 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
4080. Mar 30 11:11:26.732822: | modecfg pull: noquirk policy:push not-client
4081. Mar 30 11:11:26.732827: | phase 1 is done, looking for phase 2 to unpend
4082. Mar 30 11:11:26.732832: | releasing #8's fd-fd@(nil) because IKEv1 transitions finished
4083. Mar 30 11:11:26.732837: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
4084. Mar 30 11:11:26.732844: | resume sending helper answer for #8 suppresed complete_v1_state_transition()
4085. Mar 30 11:11:26.732859: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
4086. Mar 30 11:11:26.732865: | libevent_free: delref ptr-libevent@0x7f3a3c002e58
4087. Mar 30 11:11:26.882022: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4088. Mar 30 11:11:26.882060: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4089. Mar 30 11:11:26.882064: |   08 10 20 01  00 00 00 05  00 00 00 3c  53 12 fc 63
4090. Mar 30 11:11:26.882068: |   8d 11 7a 5a  fe 34 a6 29  01 9d 9f e8  72 eb 14 ed
4091. Mar 30 11:11:26.882071: |   24 f4 4d f5  19 df c5 f7  b1 89 cd 10
4092. Mar 30 11:11:26.882079: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
4093. Mar 30 11:11:26.882086: | **parse ISAKMP Message:
4094. Mar 30 11:11:26.882092: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4095. Mar 30 11:11:26.882097: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4096. Mar 30 11:11:26.882101: |    next payload type: ISAKMP_NEXT_HASH (0x8)
4097. Mar 30 11:11:26.882105: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4098. Mar 30 11:11:26.882108: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
4099. Mar 30 11:11:26.882113: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4100. Mar 30 11:11:26.882118: |    Message ID: 5 (00 00 00 05)
4101. Mar 30 11:11:26.882122: |    length: 60 (00 00 00 3c)
4102. Mar 30 11:11:26.882126: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
4103. Mar 30 11:11:26.882133: | State DB: found IKEv1 state #8 in QUICK_R1 (find_state_ikev1)
4104. Mar 30 11:11:26.882142: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
4105. Mar 30 11:11:26.882147: | #8 is idle
4106. Mar 30 11:11:26.882150: | #8 idle
4107. Mar 30 11:11:26.882156: | received encrypted packet from 93.46.124.104:4500
4108. Mar 30 11:11:26.882196: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
4109. Mar 30 11:11:26.882201: | ***parse ISAKMP Hash Payload:
4110. Mar 30 11:11:26.882204: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4111. Mar 30 11:11:26.882208: |    length: 24 (00 18)
4112. Mar 30 11:11:26.882212: | removing 8 bytes of padding
4113. Mar 30 11:11:26.882246: | quick_inI2 HASH(3):
4114. Mar 30 11:11:26.882250: |   59 7f 68 f7  aa d5 49 e5  1e 23 f2 3a  1d 07 02 65
4115. Mar 30 11:11:26.882253: |   f4 f4 be 76
4116. Mar 30 11:11:26.882257: | received 'quick_inI2' message HASH(3) data ok
4117. Mar 30 11:11:26.882263: | install_ipsec_sa() for #8: outbound only
4118. Mar 30 11:11:26.882268: | could_route called for l2tp-psk (kind=CK_INSTANCE)
4119. Mar 30 11:11:26.882272: | FOR_EACH_CONNECTION_... in route_owner
4120. Mar 30 11:11:26.882276: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4121. Mar 30 11:11:26.882280: |  conn l2tp-psk mark 0/00000000, 0/00000000
4122. Mar 30 11:11:26.882284: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4123. Mar 30 11:11:26.882288: |  conn xauth-psk mark 0/00000000, 0/00000000
4124. Mar 30 11:11:26.882291: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4125. Mar 30 11:11:26.882295: |  conn l2tp-psk mark 0/00000000, 0/00000000
4126. Mar 30 11:11:26.882302: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4127. Mar 30 11:11:26.882306: | sr for #8: erouted
4128. Mar 30 11:11:26.882310: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
4129. Mar 30 11:11:26.882313: | FOR_EACH_CONNECTION_... in route_owner
4130. Mar 30 11:11:26.882316: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4131. Mar 30 11:11:26.882320: |  conn l2tp-psk mark 0/00000000, 0/00000000
4132. Mar 30 11:11:26.882339: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4133. Mar 30 11:11:26.882343: |  conn xauth-psk mark 0/00000000, 0/00000000
4134. Mar 30 11:11:26.882346: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4135. Mar 30 11:11:26.882350: |  conn l2tp-psk mark 0/00000000, 0/00000000
4136. Mar 30 11:11:26.882355: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4137. Mar 30 11:11:26.882359: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #8
4138. Mar 30 11:11:26.882362: | we are replacing an eroute
4139. Mar 30 11:11:26.882367: | priority calculation of connection "l2tp-psk" is 0x15bfbf
4140. Mar 30 11:11:26.882379: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.874d050a@93.46.124.104>esp.874d050a@93.46.124.104 using reqid 16409 (raw_eroute)
4141. Mar 30 11:11:26.882386: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
4142. Mar 30 11:11:26.882390: | netlink_raw_eroute: using host address instead of client subnet
4143. Mar 30 11:11:26.882394: | IPsec Sa SPD priority set to 1425343
4144. Mar 30 11:11:26.882423: | raw_eroute result=success
4145. Mar 30 11:11:26.882428: | route_and_eroute: firewall_notified: true
4146. Mar 30 11:11:26.882433: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #8 (was #7) (newest_ipsec_sa=#7)
4147. Mar 30 11:11:26.882439: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #8 (was #7) (spd.eroute=#8) cloned from #3
4148. Mar 30 11:11:26.882443: | DPD: dpd_init() called on IPsec SA
4149. Mar 30 11:11:26.882446: | DPD: Peer does not support Dead Peer Detection
4150. Mar 30 11:11:26.882450: | complete v1 state transition with STF_OK
4151. Mar 30 11:11:26.882457: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
4152. Mar 30 11:11:26.882460: | #8 is idle
4153. Mar 30 11:11:26.882464: | doing_xauth:no, t_xauth_client_done:no
4154. Mar 30 11:11:26.882467: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
4155. Mar 30 11:11:26.882471: | child state #8: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
4156. Mar 30 11:11:26.882475: | event_already_set, deleting event
4157. Mar 30 11:11:26.882479: | state #8 requesting EVENT_RETRANSMIT to be deleted
4158. Mar 30 11:11:26.882483: | #8 STATE_QUICK_R2: retransmits: cleared
4159. Mar 30 11:11:26.882489: | libevent_free: delref ptr-libevent@0x562b2d551528
4160. Mar 30 11:11:26.882493: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d5546a8
4161. Mar 30 11:11:26.882498: | !event_already_set at reschedule
4162. Mar 30 11:11:26.882502: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d554a08
4163. Mar 30 11:11:26.882507: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #8
4164. Mar 30 11:11:26.882511: | libevent_malloc: newref ptr-libevent@0x562b2d5547c8 size 128
4165. Mar 30 11:11:26.882516: | pstats #8 ikev1.ipsec established
4166. Mar 30 11:11:26.882524: | NAT-T: NAT Traversal detected - their IKE port is '500'
4167. Mar 30 11:11:26.882527: | NAT-T: encaps is 'yes'
4168. Mar 30 11:11:26.882535: "l2tp-psk"[4] 93.46.124.104 #8: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x874d050a <0x2c43b193 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
4169. Mar 30 11:11:26.882539: | modecfg pull: noquirk policy:push not-client
4170. Mar 30 11:11:26.882542: | phase 1 is done, looking for phase 2 to unpend
4171. Mar 30 11:11:26.882546: | releasing #8's fd-fd@(nil) because IKEv1 transitions finished
4172. Mar 30 11:11:26.882549: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
4173. Mar 30 11:11:26.882556: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
4174. Mar 30 11:11:26.882562: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
4175. Mar 30 11:11:26.882567: | processing: STOP connection NULL (in process_md() at demux.c:384)
4176. Mar 30 11:11:26.883403: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4177. Mar 30 11:11:26.883422: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4178. Mar 30 11:11:26.883425: |   08 10 05 01  2b 99 66 a2  00 00 00 4c  4a c3 c3 a2
4179. Mar 30 11:11:26.883428: |   07 6b a8 74  d1 33 39 4f  ed 30 35 01  50 bf 73 52
4180. Mar 30 11:11:26.883431: |   d9 e1 12 98  33 72 a1 e6  e8 ca 1a c2  57 2d 64 a5
4181. Mar 30 11:11:26.883433: |   32 d1 1c 3b  97 52 23 14  3d 98 4b 3b
4182. Mar 30 11:11:26.883438: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
4183. Mar 30 11:11:26.883442: | **parse ISAKMP Message:
4184. Mar 30 11:11:26.883447: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4185. Mar 30 11:11:26.883451: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4186. Mar 30 11:11:26.883454: |    next payload type: ISAKMP_NEXT_HASH (0x8)
4187. Mar 30 11:11:26.883457: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4188. Mar 30 11:11:26.883460: |    exchange type: ISAKMP_XCHG_INFO (0x5)
4189. Mar 30 11:11:26.883463: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4190. Mar 30 11:11:26.883468: |    Message ID: 731473570 (2b 99 66 a2)
4191. Mar 30 11:11:26.883471: |    length: 76 (00 00 00 4c)
4192. Mar 30 11:11:26.883475: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
4193. Mar 30 11:11:26.883479: | peer and cookies match on #8; msgid=00000000 st_msgid=00000005 st_v1_msgid.phase15=00000000
4194. Mar 30 11:11:26.883482: | peer and cookies match on #7; msgid=00000000 st_msgid=00000004 st_v1_msgid.phase15=00000000
4195. Mar 30 11:11:26.883486: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
4196. Mar 30 11:11:26.883489: | p15 state object #3 found, in STATE_MAIN_R3
4197. Mar 30 11:11:26.883492: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
4198. Mar 30 11:11:26.883498: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
4199. Mar 30 11:11:26.883520: | #3 is idle
4200. Mar 30 11:11:26.883523: | #3 idle
4201. Mar 30 11:11:26.883527: | received encrypted packet from 93.46.124.104:4500
4202. Mar 30 11:11:26.883541: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
4203. Mar 30 11:11:26.883545: | ***parse ISAKMP Hash Payload:
4204. Mar 30 11:11:26.883548: |    next payload type: ISAKMP_NEXT_D (0xc)
4205. Mar 30 11:11:26.883552: |    length: 24 (00 18)
4206. Mar 30 11:11:26.883555: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
4207. Mar 30 11:11:26.883559: | ***parse ISAKMP Delete Payload:
4208. Mar 30 11:11:26.883561: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4209. Mar 30 11:11:26.883565: |    length: 16 (00 10)
4210. Mar 30 11:11:26.883568: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4211. Mar 30 11:11:26.883571: |    protocol ID: 3 (03)
4212. Mar 30 11:11:26.883574: |    SPI size: 4 (04)
4213. Mar 30 11:11:26.883577: |    number of SPIs: 1 (00 01)
4214. Mar 30 11:11:26.883580: | removing 8 bytes of padding
4215. Mar 30 11:11:26.883601: | informational HASH(1):
4216. Mar 30 11:11:26.883605: |   d1 4b ef cd  ae 70 58 a8  82 22 10 df  73 a8 ce 95
4217. Mar 30 11:11:26.883608: |   d9 6a e4 1f
4218. Mar 30 11:11:26.883611: | received 'informational' message HASH(1) data ok
4219. Mar 30 11:11:26.883615: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
4220. Mar 30 11:11:26.883618: | SPI
4221. Mar 30 11:11:26.883620: |   5a ad 8c 94
4222. Mar 30 11:11:26.883623: | FOR_EACH_STATE_... in find_phase2_state_to_delete
4223. Mar 30 11:11:26.883629: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
4224. Mar 30 11:11:26.883635: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x5aad8c94) payload: deleting IPsec State #7
4225. Mar 30 11:11:26.883639: | pstats #7 ikev1.ipsec deleted completed
4226. Mar 30 11:11:26.883645: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
4227. Mar 30 11:11:26.883650: | start processing: state #7 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
4228. Mar 30 11:11:26.883656: "l2tp-psk"[4] 93.46.124.104 #7: deleting other state #7 (STATE_QUICK_R2) aged 8.168s and sending notification
4229. Mar 30 11:11:26.883660: | child state #7: QUICK_R2(established CHILD SA) => delete
4230. Mar 30 11:11:26.883702: | get_sa_info esp.5aad8c94@93.46.124.104
4231. Mar 30 11:11:26.883723: | get_sa_info esp.ff264c8d@10.68.154.105
4232. Mar 30 11:11:26.883733: "l2tp-psk"[4] 93.46.124.104 #7: ESP traffic information: in=0B out=0B
4233. Mar 30 11:11:26.883737: | unsuspending #7 MD (nil)
4234. Mar 30 11:11:26.883741: | #7 send IKEv1 delete notification for STATE_QUICK_R2
4235. Mar 30 11:11:26.883744: | FOR_EACH_STATE_... in find_phase1_state
4236. Mar 30 11:11:26.883753: | **emit ISAKMP Message:
4237. Mar 30 11:11:26.883757: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4238. Mar 30 11:11:26.883762: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4239. Mar 30 11:11:26.883764: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4240. Mar 30 11:11:26.883767: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4241. Mar 30 11:11:26.883770: |    exchange type: ISAKMP_XCHG_INFO (0x5)
4242. Mar 30 11:11:26.883773: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4243. Mar 30 11:11:26.883777: |    Message ID: 540693301 (20 3a 53 35)
4244. Mar 30 11:11:26.883780: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
4245. Mar 30 11:11:26.883784: | ***emit ISAKMP Hash Payload:
4246. Mar 30 11:11:26.883787: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4247. Mar 30 11:11:26.883790: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
4248. Mar 30 11:11:26.883793: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
4249. Mar 30 11:11:26.883797: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
4250. Mar 30 11:11:26.883800: | emitting length of ISAKMP Hash Payload: 24
4251. Mar 30 11:11:26.883803: | ***emit ISAKMP Delete Payload:
4252. Mar 30 11:11:26.883806: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4253. Mar 30 11:11:26.883808: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4254. Mar 30 11:11:26.883812: |    protocol ID: 3 (03)
4255. Mar 30 11:11:26.883815: |    SPI size: 4 (04)
4256. Mar 30 11:11:26.883818: |    number of SPIs: 1 (00 01)
4257. Mar 30 11:11:26.883821: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
4258. Mar 30 11:11:26.883824: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
4259. Mar 30 11:11:26.883828: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
4260. Mar 30 11:11:26.883831: | delete payload: ff 26 4c 8d
4261. Mar 30 11:11:26.883834: | emitting length of ISAKMP Delete Payload: 16
4262. Mar 30 11:11:26.883853: | send delete HASH(1):
4263. Mar 30 11:11:26.883857: |   58 eb e5 37  8e 91 31 d4  69 12 aa 08  37 a7 db cd
4264. Mar 30 11:11:26.883860: |   6a 59 2e e1
4265. Mar 30 11:11:26.883874: | emitting 8 zero bytes of encryption padding into ISAKMP Message
4266. Mar 30 11:11:26.883878: | no IKEv1 message padding required
4267. Mar 30 11:11:26.883880: | emitting length of ISAKMP Message: 76
4268. Mar 30 11:11:26.883893: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
4269. Mar 30 11:11:26.883896: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
4270. Mar 30 11:11:26.883899: |   5d 82 98 78  08 10 05 01  20 3a 53 35  00 00 00 4c
4271. Mar 30 11:11:26.883902: |   4e 28 8b 71  e8 f9 91 ca  8d e3 db d1  59 8e d9 24
4272. Mar 30 11:11:26.883904: |   2f 7a f2 28  e3 59 50 ed  99 f6 9f 4c  cb c8 98 80
4273. Mar 30 11:11:26.883907: |   f0 90 58 1b  f1 50 08 ac  17 94 e7 4f  e4 bd 12 58
4274. Mar 30 11:11:26.883954: | state #7 requesting EVENT_SA_EXPIRE to be deleted
4275. Mar 30 11:11:26.883962: | libevent_free: delref ptr-libevent@0x562b2d5545b8
4276. Mar 30 11:11:26.883965: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d54f5c8
4277. Mar 30 11:11:26.883971: | delete esp.5aad8c94@93.46.124.104
4278. Mar 30 11:11:26.883975: | XFRM: deleting IPsec SA with reqid 0
4279. Mar 30 11:11:26.884062: | netlink response for Del SA esp.5aad8c94@93.46.124.104 included non-error error
4280. Mar 30 11:11:26.884086: | delete esp.ff264c8d@10.68.154.105
4281. Mar 30 11:11:26.884092: | XFRM: deleting IPsec SA with reqid 0
4282. Mar 30 11:11:26.884112: | netlink response for Del SA esp.ff264c8d@10.68.154.105 included non-error error
4283. Mar 30 11:11:26.884128: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
4284. Mar 30 11:11:26.884132: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
4285. Mar 30 11:11:26.884135: | in connection_discard for connection l2tp-psk
4286. Mar 30 11:11:26.884138: | connection is instance
4287. Mar 30 11:11:26.884141: | not in pending use
4288. Mar 30 11:11:26.884144: | State DB: found state #8 in QUICK_R2 (connection_discard)
4289. Mar 30 11:11:26.884147: | states still using this connection instance, retaining
4290. Mar 30 11:11:26.884150: | State DB: deleting IKEv1 state #7 in QUICK_R2
4291. Mar 30 11:11:26.884155: | child state #7: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
4292. Mar 30 11:11:26.884159: | releasing #7's fd-fd@(nil) because deleting state
4293. Mar 30 11:11:26.884162: | delref fdp@NULL (in delete_state() at state.c:1185)
4294. Mar 30 11:11:26.884168: | stop processing: state #7 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
4295. Mar 30 11:11:26.884173: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
4296. Mar 30 11:11:26.884181: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
4297. Mar 30 11:11:26.884184: | del:
4298. Mar 30 11:11:26.884187: |
4299. Mar 30 11:11:26.884192: | complete v1 state transition with STF_IGNORE
4300. Mar 30 11:11:26.884197: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
4301. Mar 30 11:11:26.884203: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
4302. Mar 30 11:11:26.884207: | processing: STOP connection NULL (in process_md() at demux.c:384)
4303. Mar 30 11:11:31.436852: | processing global timer EVENT_NAT_T_KEEPALIVE
4304. Mar 30 11:11:31.436911: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
4305. Mar 30 11:11:31.436930: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1642)
4306. Mar 30 11:11:31.436940: | [RE]START processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in nat_traversal_send_ka() at nat_traversal.c:760)
4307. Mar 30 11:11:31.436947: | ka_event: send NAT-KA to 93.46.124.104:4500 (state=#8)
4308. Mar 30 11:11:31.436952: | sending NAT-T Keep Alive
4309. Mar 30 11:11:31.436963: | sending 1 bytes for NAT-T Keep Alive through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #8)
4310. Mar 30 11:11:31.436968: |   ff
4311. Mar 30 11:11:31.437064: | stop processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in nat_traversal_send_ka() at nat_traversal.c:769)
4312. Mar 30 11:11:31.437076: | processing: STOP state #0 (in for_each_state() at state.c:1644)
4313. Mar 30 11:11:31.437085: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1642)
4314. Mar 30 11:11:31.437093: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in for_each_state() at state.c:1644)
4315. Mar 30 11:11:31.437110: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
4316. Mar 30 11:11:36.729139: | *received 444 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4317. Mar 30 11:11:36.729196: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4318. Mar 30 11:11:36.729208: |   08 10 20 01  00 00 00 06  00 00 01 bc  29 35 0a 66
4319. Mar 30 11:11:36.729219: |   b5 30 66 37  5e cc fe 3a  4c de 59 ef  62 2d 0d 3c
4320. Mar 30 11:11:36.729228: |   91 2d 64 5c  ad e1 ba 14  4f e8 c7 a6  ee 33 65 da
4321. Mar 30 11:11:36.729235: |   0e db 8f 33  c1 51 f9 15  95 ba 02 ed  54 c1 74 72
4322. Mar 30 11:11:36.729243: |   3a 86 4f 19  0d 41 fc 49  cb 61 9b 41  83 0f 89 b1
4323. Mar 30 11:11:36.729251: |   04 c0 2a cf  25 49 59 a1  79 aa f9 da  c5 7e 02 ad
4324. Mar 30 11:11:36.729258: |   95 52 14 3e  43 9a 5a 7f  ce 68 ce 48  c4 f3 58 bb
4325. Mar 30 11:11:36.729266: |   dd 56 98 b0  47 5e 70 fc  7e 15 71 2b  e3 13 b5 3d
4326. Mar 30 11:11:36.729276: |   58 e9 7a 83  57 10 c8 47  5f e7 47 cd  7d ad 40 06
4327. Mar 30 11:11:36.729312: |   6c d6 92 6f  77 24 43 4d  65 47 16 ed  be 69 4a 28
4328. Mar 30 11:11:36.729323: |   dc 38 73 45  e7 1b 57 97  4d b4 a9 d3  f0 33 c2 f5
4329. Mar 30 11:11:36.729331: |   99 38 7a d3  84 ce f8 c7  ed bc 4c cc  25 27 36 f8
4330. Mar 30 11:11:36.729338: |   dd e4 b3 d3  9b f0 8f 5b  ab ed 91 e4  83 c4 88 24
4331. Mar 30 11:11:36.729345: |   71 4d 8c 63  b6 f9 46 41  cf 67 1f 37  40 2b 9a 43
4332. Mar 30 11:11:36.729351: |   ca d8 f1 05  7e 1f 01 f9  38 f5 c1 0f  b1 d3 d3 cd
4333. Mar 30 11:11:36.729359: |   ec ab 7f 8c  ae 56 7a 65  0a ff 90 04  62 fe 40 0a
4334. Mar 30 11:11:36.729365: |   43 81 b4 43  29 5d 8a 04  d9 74 04 77  4f 54 5d dd
4335. Mar 30 11:11:36.729372: |   31 e2 e4 5c  e7 a4 ec ed  2e d2 34 eb  8c 8f ed 87
4336. Mar 30 11:11:36.729381: |   ce d6 c3 6e  0e c7 7f d9  d2 2c e1 6c  dc 5c ca 43
4337. Mar 30 11:11:36.729389: |   38 90 2c ba  aa 38 52 2d  a4 1b 7f de  29 bc c4 84
4338. Mar 30 11:11:36.729396: |   54 ac ae a8  ba c7 17 94  e8 81 f9 9d  03 a0 ef 07
4339. Mar 30 11:11:36.729403: |   e1 3d a0 02  bf 55 81 7f  87 a6 aa 15  a9 e9 17 46
4340. Mar 30 11:11:36.729410: |   b9 b2 79 cb  49 7d c8 73  62 0c 1d 7d  b8 50 9b 02
4341. Mar 30 11:11:36.729417: |   24 01 63 3c  3e 3f 09 d3  6c b8 46 e2  ca 26 72 7a
4342. Mar 30 11:11:36.729424: |   9c ed 9a 6e  97 4e 2e 9d  77 8d 5c 1c  00 09 1f 00
4343. Mar 30 11:11:36.729431: |   f7 72 0d 45  2c 50 5c 00  74 70 4c 19  aa 7f b1 cb
4344. Mar 30 11:11:36.729438: |   ca 95 77 ca  d8 7e cd dd  0d 84 39 41
4345. Mar 30 11:11:36.729453: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
4346. Mar 30 11:11:36.729466: | **parse ISAKMP Message:
4347. Mar 30 11:11:36.729479: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4348. Mar 30 11:11:36.729491: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4349. Mar 30 11:11:36.729500: |    next payload type: ISAKMP_NEXT_HASH (0x8)
4350. Mar 30 11:11:36.729508: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4351. Mar 30 11:11:36.729516: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
4352. Mar 30 11:11:36.729526: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4353. Mar 30 11:11:36.729540: |    Message ID: 6 (00 00 00 06)
4354. Mar 30 11:11:36.729553: |    length: 444 (00 00 01 bc)
4355. Mar 30 11:11:36.729564: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
4356. Mar 30 11:11:36.729576: | State DB: IKEv1 state not found (find_state_ikev1)
4357. Mar 30 11:11:36.729587: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1)
4358. Mar 30 11:11:36.729606: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1473)
4359. Mar 30 11:11:36.729660: | #3 is idle
4360. Mar 30 11:11:36.729672: | #3 idle
4361. Mar 30 11:11:36.729686: | received encrypted packet from 93.46.124.104:4500
4362. Mar 30 11:11:36.729720: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
4363. Mar 30 11:11:36.729730: | ***parse ISAKMP Hash Payload:
4364. Mar 30 11:11:36.729737: |    next payload type: ISAKMP_NEXT_SA (0x1)
4365. Mar 30 11:11:36.729746: |    length: 24 (00 18)
4366. Mar 30 11:11:36.729753: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
4367. Mar 30 11:11:36.729761: | ***parse ISAKMP Security Association Payload:
4368. Mar 30 11:11:36.729769: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
4369. Mar 30 11:11:36.729781: |    length: 280 (01 18)
4370. Mar 30 11:11:36.729789: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4371. Mar 30 11:11:36.729798: | got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
4372. Mar 30 11:11:36.729806: | ***parse ISAKMP Nonce Payload:
4373. Mar 30 11:11:36.729814: |    next payload type: ISAKMP_NEXT_ID (0x5)
4374. Mar 30 11:11:36.729823: |    length: 52 (00 34)
4375. Mar 30 11:11:36.729830: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
4376. Mar 30 11:11:36.729850: | ***parse ISAKMP Identification Payload (IPsec DOI):
4377. Mar 30 11:11:36.729869: |    next payload type: ISAKMP_NEXT_ID (0x5)
4378. Mar 30 11:11:36.729879: |    length: 12 (00 0c)
4379. Mar 30 11:11:36.729886: |    ID type: ID_IPV4_ADDR (0x1)
4380. Mar 30 11:11:36.729893: |    Protocol ID: 17 (11)
4381. Mar 30 11:11:36.729901: |    port: 1701 (06 a5)
4382. Mar 30 11:11:36.729910: |      obj:
4383. Mar 30 11:11:36.729917: |   c0 a8 01 65
4384. Mar 30 11:11:36.729924: | got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
4385. Mar 30 11:11:36.729948: | ***parse ISAKMP Identification Payload (IPsec DOI):
4386. Mar 30 11:11:36.729956: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
4387. Mar 30 11:11:36.729965: |    length: 12 (00 0c)
4388. Mar 30 11:11:36.729972: |    ID type: ID_IPV4_ADDR (0x1)
4389. Mar 30 11:11:36.729980: |    Protocol ID: 17 (11)
4390. Mar 30 11:11:36.729987: |    port: 1701 (06 a5)
4391. Mar 30 11:11:36.729994: |      obj:
4392. Mar 30 11:11:36.730000: |   33 9e 40 c9
4393. Mar 30 11:11:36.730007: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
4394. Mar 30 11:11:36.730015: | ***parse ISAKMP NAT-OA Payload:
4395. Mar 30 11:11:36.730021: |    next payload type: ISAKMP_NEXT_NATOA_RFC (0x15)
4396. Mar 30 11:11:36.730029: |    length: 12 (00 0c)
4397. Mar 30 11:11:36.730035: |    ID type: ID_IPV4_ADDR (0x1)
4398. Mar 30 11:11:36.730042: |      obj:
4399. Mar 30 11:11:36.730048: |   c0 a8 01 65
4400. Mar 30 11:11:36.730056: | got payload 0x200000  (ISAKMP_NEXT_NATOA_RFC) needed: 0x0 opt: 0x200030
4401. Mar 30 11:11:36.730064: | ***parse ISAKMP NAT-OA Payload:
4402. Mar 30 11:11:36.730071: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4403. Mar 30 11:11:36.730080: |    length: 12 (00 0c)
4404. Mar 30 11:11:36.730089: |    ID type: ID_IPV4_ADDR (0x1)
4405. Mar 30 11:11:36.730099: |      obj:
4406. Mar 30 11:11:36.730106: |   33 9e 40 c9
4407. Mar 30 11:11:36.730113: | removing 12 bytes of padding
4408. Mar 30 11:11:36.730172: | quick_inI1_outR1 HASH(1):
4409. Mar 30 11:11:36.730180: |   cb 9b f0 c9  c2 b9 9e cf  4a db 2f bc  4b 01 3c ac
4410. Mar 30 11:11:36.730185: |   ab 1d 17 31
4411. Mar 30 11:11:36.730192: | received 'quick_inI1_outR1' message HASH(1) data ok
4412. Mar 30 11:11:36.730204: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
4413. Mar 30 11:11:36.730210: | ID address
4414. Mar 30 11:11:36.730215: |   c0 a8 01 65
4415. Mar 30 11:11:36.730226: | subnet from address 192.168.1.101 (in decode_net_id() at ikev1_quick.c:440)
4416. Mar 30 11:11:36.730235: | peer client is 192.168.1.101/32
4417. Mar 30 11:11:36.730241: | peer client protocol/port is 17/1701
4418. Mar 30 11:11:36.730247: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
4419. Mar 30 11:11:36.730253: | ID address
4420. Mar 30 11:11:36.730258: |   33 9e 40 c9
4421. Mar 30 11:11:36.730266: | subnet from address 51.158.64.201 (in decode_net_id() at ikev1_quick.c:440)
4422. Mar 30 11:11:36.730273: | our client is 51.158.64.201/32
4423. Mar 30 11:11:36.730279: | our client protocol/port is 17/1701
4424. Mar 30 11:11:36.730293: "l2tp-psk"[4] 93.46.124.104 #3: the peer proposed: 51.158.64.201/32:17/1701 -> 192.168.1.101/32:17/1701
4425. Mar 30 11:11:36.730300: | find_client_connection starting with l2tp-psk
4426. Mar 30 11:11:36.730310: |   looking for 51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701
4427. Mar 30 11:11:36.730320: |   concrete checking against sr#0 10.68.154.105/32:1701 -> 93.46.124.104/32:1701
4428. Mar 30 11:11:36.730329: |    match_id a=192.168.1.101
4429. Mar 30 11:11:36.730336: |             b=192.168.1.101
4430. Mar 30 11:11:36.730341: |    results  matched
4431. Mar 30 11:11:36.730357: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 93.46.124.104/32:1701:17/1701
4432. Mar 30 11:11:36.730367: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
4433. Mar 30 11:11:36.730373: |   fc_try concluding with none [0]
4434. Mar 30 11:11:36.730378: |   fc_try l2tp-psk gives none
4435. Mar 30 11:11:36.730389: | find_host_pair: comparing 10.68.154.105:500 to 0.0.0.0:500 but ignoring ports
4436. Mar 30 11:11:36.730399: |   checking hostpair 10.68.154.105/32:1701 -> 93.46.124.104/32:1701 is found
4437. Mar 30 11:11:36.730407: |    match_id a=192.168.1.101
4438. Mar 30 11:11:36.730412: |             b=(none)
4439. Mar 30 11:11:36.730418: |    results  matched
4440. Mar 30 11:11:36.730433: |   fc_try trying l2tp-psk:51.158.64.201/32:1701:17/1701 -> 192.168.1.101/32:1701:17/1701 vs l2tp-psk:10.68.154.105/32:1701:17/1701 -> 0.0.0.0/32:0:17/0
4441. Mar 30 11:11:36.730442: |    our client (10.68.154.105/32:1701) not in our_net (51.158.64.201/32:1701)
4442. Mar 30 11:11:36.730450: |    match_id a=192.168.1.101
4443. Mar 30 11:11:36.730466: |             b=(none)
4444. Mar 30 11:11:36.730471: |    results  matched
4445. Mar 30 11:11:36.730477: |   fc_try concluding with none [0]
4446. Mar 30 11:11:36.730484: |    match_id a=192.168.1.101
4447. Mar 30 11:11:36.730490: |             b=(none)
4448. Mar 30 11:11:36.730495: |    results  matched
4449. Mar 30 11:11:36.730508: |   fc_try_oppo trying l2tp-psk:51.158.64.201/32:1701 -> 192.168.1.101/32:1701 vs l2tp-psk:10.68.154.105/32:1701 -> 0.0.0.0/32:0
4450. Mar 30 11:11:36.730515: |    match_id a=192.168.1.101
4451. Mar 30 11:11:36.730521: |             b=(none)
4452. Mar 30 11:11:36.730526: |    results  matched
4453. Mar 30 11:11:36.730532: |   fc_try_oppo concluding with none [0]
4454. Mar 30 11:11:36.730537: |   concluding with d = none
4455. Mar 30 11:11:36.730545: | using something (we hope the IP we or they are NAT'ed to) for transport mode connection "l2tp-psk"[4] 93.46.124.104
4456. Mar 30 11:11:36.730551: | client wildcard: no  port wildcard: no  virtual: no
4457. Mar 30 11:11:36.730558: | NAT-Traversal: received 2 NAT-OA.
4458. Mar 30 11:11:36.730567: "l2tp-psk"[4] 93.46.124.104 #3: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
4459. Mar 30 11:11:36.730572: | NAT-OA:
4460. Mar 30 11:11:36.730578: |   15 00 00 0c  01 00 00 00  c0 a8 01 65
4461. Mar 30 11:11:36.730584: | parsing 4 raw bytes of ISAKMP NAT-OA Payload into NAT-Traversal: NAT-OA IP
4462. Mar 30 11:11:36.730589: | NAT-Traversal: NAT-OA IP
4463. Mar 30 11:11:36.730594: |   c0 a8 01 65
4464. Mar 30 11:11:36.730601: | received NAT-OA: 192.168.1.101
4465. Mar 30 11:11:36.730612: | addref fd@NULL (in new_state() at state.c:555)
4466. Mar 30 11:11:36.730619: | creating state object #9 at 0x562b2d556758
4467. Mar 30 11:11:36.730625: | State DB: adding IKEv1 state #9 in UNDEFINED
4468. Mar 30 11:11:36.730635: | pstats #9 ikev1.ipsec started
4469. Mar 30 11:11:36.730643: | duplicating state object #3 "l2tp-psk"[4] 93.46.124.104 as #9 for IPSEC SA
4470. Mar 30 11:11:36.730653: | #9 setting local endpoint to 10.68.154.105:4500 from #3.st_localport (in duplicate_state() at state.c:1548)
4471. Mar 30 11:11:36.730666: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
4472. Mar 30 11:11:36.730677: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1244)
4473. Mar 30 11:11:36.730683: | switching MD.ST from #3 to CHILD #9; ulgh
4474. Mar 30 11:11:36.730690: | child state #9: UNDEFINED(ignore) => QUICK_R0(established CHILD SA)
4475. Mar 30 11:11:36.730698: | ****parse IPsec DOI SIT:
4476. Mar 30 11:11:36.730705: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
4477. Mar 30 11:11:36.730711: | ****parse ISAKMP Proposal Payload:
4478. Mar 30 11:11:36.730717: |    next payload type: ISAKMP_NEXT_P (0x2)
4479. Mar 30 11:11:36.730724: |    length: 56 (00 38)
4480. Mar 30 11:11:36.730730: |    proposal number: 1 (01)
4481. Mar 30 11:11:36.730736: |    protocol ID: PROTO_IPSEC_ESP (0x3)
4482. Mar 30 11:11:36.730742: |    SPI size: 4 (04)
4483. Mar 30 11:11:36.730748: |    number of transforms: 1 (01)
4484. Mar 30 11:11:36.730754: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
4485. Mar 30 11:11:36.730759: | SPI
4486. Mar 30 11:11:36.730765: |   37 1a 89 1a
4487. Mar 30 11:11:36.730772: | ****parse ISAKMP Proposal Payload:
4488. Mar 30 11:11:36.730798: |    next payload type: ISAKMP_NEXT_P (0x2)
4489. Mar 30 11:11:36.730810: |    length: 56 (00 38)
4490. Mar 30 11:11:36.730819: |    proposal number: 2 (02)
4491. Mar 30 11:11:36.730827: |    protocol ID: PROTO_IPSEC_ESP (0x3)
4492. Mar 30 11:11:36.730835: |    SPI size: 4 (04)
4493. Mar 30 11:11:36.730842: |    number of transforms: 1 (01)
4494. Mar 30 11:11:36.730851: | *****parse ISAKMP Transform Payload (ESP):
4495. Mar 30 11:11:36.730858: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4496. Mar 30 11:11:36.730865: |    length: 44 (00 2c)
4497. Mar 30 11:11:36.730871: |    ESP transform number: 1 (01)
4498. Mar 30 11:11:36.730877: |    ESP transform ID: ESP_AES (0xc)
4499. Mar 30 11:11:36.730885: | ******parse ISAKMP IPsec DOI attribute:
4500. Mar 30 11:11:36.730892: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
4501. Mar 30 11:11:36.730901: |    length/value: 4 (00 04)
4502. Mar 30 11:11:36.730909: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
4503. Mar 30 11:11:36.731046: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
4504. Mar 30 11:11:36.731062: | ******parse ISAKMP IPsec DOI attribute:
4505. Mar 30 11:11:36.731070: |    af+type: AF+KEY_LENGTH (0x8006)
4506. Mar 30 11:11:36.731090: |    length/value: 256 (01 00)
4507. Mar 30 11:11:36.731107: | ******parse ISAKMP IPsec DOI attribute:
4508. Mar 30 11:11:36.731117: |    af+type: AF+AUTH_ALGORITHM (0x8005)
4509. Mar 30 11:11:36.731125: |    length/value: 2 (00 02)
4510. Mar 30 11:11:36.731133: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
4511. Mar 30 11:11:36.731142: | ******parse ISAKMP IPsec DOI attribute:
4512. Mar 30 11:11:36.731149: |    af+type: AF+SA_LIFE_TYPE (0x8001)
4513. Mar 30 11:11:36.731158: |    length/value: 1 (00 01)
4514. Mar 30 11:11:36.731166: |    [1 is SA_LIFE_TYPE_SECONDS]
4515. Mar 30 11:11:36.731174: | ******parse ISAKMP IPsec DOI attribute:
4516. Mar 30 11:11:36.731181: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
4517. Mar 30 11:11:36.731190: |    length/value: 4 (00 04)
4518. Mar 30 11:11:36.731197: |    long duration: 3600
4519. Mar 30 11:11:36.731204: | ******parse ISAKMP IPsec DOI attribute:
4520. Mar 30 11:11:36.731211: |    af+type: AF+SA_LIFE_TYPE (0x8001)
4521. Mar 30 11:11:36.731219: |    length/value: 2 (00 02)
4522. Mar 30 11:11:36.731226: |    [2 is SA_LIFE_TYPE_KBYTES]
4523. Mar 30 11:11:36.731233: | ******parse ISAKMP IPsec DOI attribute:
4524. Mar 30 11:11:36.731240: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
4525. Mar 30 11:11:36.731248: |    length/value: 4 (00 04)
4526. Mar 30 11:11:36.731255: |    long duration: 250000
4527. Mar 30 11:11:36.731263: | ESP IPsec Transform verified; matches alg_info entry
4528. Mar 30 11:11:36.731280: | adding quick_outI1 KE work-order 11 for state #9
4529. Mar 30 11:11:36.731289: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d554758
4530. Mar 30 11:11:36.731299: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9
4531. Mar 30 11:11:36.731310: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
4532. Mar 30 11:11:36.731355: | crypto helper 1 resuming
4533. Mar 30 11:11:36.731369: | crypto helper 1 starting work-order 11 for state #9
4534. Mar 30 11:11:36.731380: | crypto helper 1 doing build nonce (quick_outI1 KE); request ID 11
4535. Mar 30 11:11:36.731410: | crypto helper 1 finished build nonce (quick_outI1 KE); request ID 11 time elapsed 0.000031 seconds
4536. Mar 30 11:11:36.731419: | crypto helper 1 sending results from work-order 11 for state #9 to event queue
4537. Mar 30 11:11:36.731427: | scheduling resume sending helper answer for #9
4538. Mar 30 11:11:36.731443: | libevent_malloc: newref ptr-libevent@0x7f3a44003828 size 128
4539. Mar 30 11:11:36.731457: | crypto helper 1 waiting (nothing to do)
4540. Mar 30 11:11:36.731470: | complete v1 state transition with STF_SUSPEND
4541. Mar 30 11:11:36.731488: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2514)
4542. Mar 30 11:11:36.731496: | suspending state #9 and saving MD 0x562b2d551f08
4543. Mar 30 11:11:36.731504: | #9 is busy; has suspended MD 0x562b2d551f08
4544. Mar 30 11:11:36.731520: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
4545. Mar 30 11:11:36.731535: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
4546. Mar 30 11:11:36.731544: | processing: STOP connection NULL (in process_md() at demux.c:384)
4547. Mar 30 11:11:36.731569: | processing resume sending helper answer for #9
4548. Mar 30 11:11:36.731583: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:817)
4549. Mar 30 11:11:36.731592: | unsuspending #9 MD 0x562b2d551f08
4550. Mar 30 11:11:36.731599: | crypto helper 1 replies to request ID 11
4551. Mar 30 11:11:36.731606: | calling continuation function 0x562b2c27c390
4552. Mar 30 11:11:36.731613: | quick_inI1_outR1_cryptocontinue1 for #9: calculated ke+nonce, calculating DH
4553. Mar 30 11:11:36.731631: | **emit ISAKMP Message:
4554. Mar 30 11:11:36.731642: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4555. Mar 30 11:11:36.731652: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4556. Mar 30 11:11:36.731675: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4557. Mar 30 11:11:36.731683: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4558. Mar 30 11:11:36.731691: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
4559. Mar 30 11:11:36.731700: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4560. Mar 30 11:11:36.731710: |    Message ID: 6 (00 00 00 06)
4561. Mar 30 11:11:36.731719: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
4562. Mar 30 11:11:36.731728: | ***emit ISAKMP Hash Payload:
4563. Mar 30 11:11:36.731735: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4564. Mar 30 11:11:36.731743: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
4565. Mar 30 11:11:36.731750: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
4566. Mar 30 11:11:36.731759: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
4567. Mar 30 11:11:36.731766: | emitting length of ISAKMP Hash Payload: 24
4568. Mar 30 11:11:36.731773: | ***emit ISAKMP Security Association Payload:
4569. Mar 30 11:11:36.731780: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
4570. Mar 30 11:11:36.731787: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4571. Mar 30 11:11:36.731794: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
4572. Mar 30 11:11:36.731802: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
4573. Mar 30 11:11:36.731809: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
4574. Mar 30 11:11:36.731817: | ****parse IPsec DOI SIT:
4575. Mar 30 11:11:36.731824: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
4576. Mar 30 11:11:36.731832: | ****parse ISAKMP Proposal Payload:
4577. Mar 30 11:11:36.731838: |    next payload type: ISAKMP_NEXT_P (0x2)
4578. Mar 30 11:11:36.731847: |    length: 56 (00 38)
4579. Mar 30 11:11:36.731854: |    proposal number: 1 (01)
4580. Mar 30 11:11:36.731862: |    protocol ID: PROTO_IPSEC_ESP (0x3)
4581. Mar 30 11:11:36.731870: |    SPI size: 4 (04)
4582. Mar 30 11:11:36.731878: |    number of transforms: 1 (01)
4583. Mar 30 11:11:36.731887: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
4584. Mar 30 11:11:36.731894: | SPI
4585. Mar 30 11:11:36.731901: |   37 1a 89 1a
4586. Mar 30 11:11:36.731909: | ****parse ISAKMP Proposal Payload:
4587. Mar 30 11:11:36.731916: |    next payload type: ISAKMP_NEXT_P (0x2)
4588. Mar 30 11:11:36.731924: |    length: 56 (00 38)
4589. Mar 30 11:11:36.731932: |    proposal number: 2 (02)
4590. Mar 30 11:11:36.731938: |    protocol ID: PROTO_IPSEC_ESP (0x3)
4591. Mar 30 11:11:36.731946: |    SPI size: 4 (04)
4592. Mar 30 11:11:36.731953: |    number of transforms: 1 (01)
4593. Mar 30 11:11:36.731961: | *****parse ISAKMP Transform Payload (ESP):
4594. Mar 30 11:11:36.731968: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4595. Mar 30 11:11:36.731976: |    length: 44 (00 2c)
4596. Mar 30 11:11:36.731984: |    ESP transform number: 1 (01)
4597. Mar 30 11:11:36.731991: |    ESP transform ID: ESP_AES (0xc)
4598. Mar 30 11:11:36.732088: | ******parse ISAKMP IPsec DOI attribute:
4599. Mar 30 11:11:36.732098: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
4600. Mar 30 11:11:36.732107: |    length/value: 4 (00 04)
4601. Mar 30 11:11:36.732114: |    [4 is ENCAPSULATION_MODE_UDP_TRANSPORT_RFC]
4602. Mar 30 11:11:36.732122: | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT+peer behind NAT
4603. Mar 30 11:11:36.732130: | ******parse ISAKMP IPsec DOI attribute:
4604. Mar 30 11:11:36.732137: |    af+type: AF+KEY_LENGTH (0x8006)
4605. Mar 30 11:11:36.732145: |    length/value: 256 (01 00)
4606. Mar 30 11:11:36.732152: | ******parse ISAKMP IPsec DOI attribute:
4607. Mar 30 11:11:36.732160: |    af+type: AF+AUTH_ALGORITHM (0x8005)
4608. Mar 30 11:11:36.732167: |    length/value: 2 (00 02)
4609. Mar 30 11:11:36.732174: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
4610. Mar 30 11:11:36.732182: | ******parse ISAKMP IPsec DOI attribute:
4611. Mar 30 11:11:36.732189: |    af+type: AF+SA_LIFE_TYPE (0x8001)
4612. Mar 30 11:11:36.732197: |    length/value: 1 (00 01)
4613. Mar 30 11:11:36.732215: |    [1 is SA_LIFE_TYPE_SECONDS]
4614. Mar 30 11:11:36.732224: | ******parse ISAKMP IPsec DOI attribute:
4615. Mar 30 11:11:36.732232: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
4616. Mar 30 11:11:36.732241: |    length/value: 4 (00 04)
4617. Mar 30 11:11:36.732249: |    long duration: 3600
4618. Mar 30 11:11:36.732257: | ******parse ISAKMP IPsec DOI attribute:
4619. Mar 30 11:11:36.732264: |    af+type: AF+SA_LIFE_TYPE (0x8001)
4620. Mar 30 11:11:36.732273: |    length/value: 2 (00 02)
4621. Mar 30 11:11:36.732280: |    [2 is SA_LIFE_TYPE_KBYTES]
4622. Mar 30 11:11:36.732287: | ******parse ISAKMP IPsec DOI attribute:
4623. Mar 30 11:11:36.732294: |    af+type: SA_LIFE_DURATION (variable length) (0x2)
4624. Mar 30 11:11:36.732302: |    length/value: 4 (00 04)
4625. Mar 30 11:11:36.732309: |    long duration: 250000
4626. Mar 30 11:11:36.732317: | ESP IPsec Transform verified; matches alg_info entry
4627. Mar 30 11:11:36.732324: | ****emit IPsec DOI SIT:
4628. Mar 30 11:11:36.732331: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
4629. Mar 30 11:11:36.732338: | ****emit ISAKMP Proposal Payload:
4630. Mar 30 11:11:36.732345: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4631. Mar 30 11:11:36.732353: |    proposal number: 1 (01)
4632. Mar 30 11:11:36.732360: |    protocol ID: PROTO_IPSEC_ESP (0x3)
4633. Mar 30 11:11:36.732368: |    SPI size: 4 (04)
4634. Mar 30 11:11:36.732375: |    number of transforms: 1 (01)
4635. Mar 30 11:11:36.732382: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
4636. Mar 30 11:11:36.732436: | netlink_get_spi: allocated 0xf7240e32 for esp.0@10.68.154.105
4637. Mar 30 11:11:36.732450: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
4638. Mar 30 11:11:36.732460: | SPI: f7 24 0e 32
4639. Mar 30 11:11:36.732466: | *****emit ISAKMP Transform Payload (ESP):
4640. Mar 30 11:11:36.732474: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4641. Mar 30 11:11:36.732481: |    ESP transform number: 1 (01)
4642. Mar 30 11:11:36.732488: |    ESP transform ID: ESP_AES (0xc)
4643. Mar 30 11:11:36.732495: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
4644. Mar 30 11:11:36.732503: | emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
4645. Mar 30 11:11:36.732510: | attributes:
4646. Mar 30 11:11:36.732517: |   80 04 00 04  80 06 01 00  80 05 00 02  80 01 00 01
4647. Mar 30 11:11:36.732524: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
4648. Mar 30 11:11:36.732530: |   00 03 d0 90
4649. Mar 30 11:11:36.732537: | emitting length of ISAKMP Transform Payload (ESP): 44
4650. Mar 30 11:11:36.732544: | emitting length of ISAKMP Proposal Payload: 56
4651. Mar 30 11:11:36.732551: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
4652. Mar 30 11:11:36.732559: | emitting length of ISAKMP Security Association Payload: 68
4653. Mar 30 11:11:36.732566: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
4654. Mar 30 11:11:36.732580: "l2tp-psk"[4] 93.46.124.104 #9: responding to Quick Mode proposal {msgid:00000006}
4655. Mar 30 11:11:36.732601: "l2tp-psk"[4] 93.46.124.104 #9:     us: 10.68.154.105[51.158.64.201]:17/1701
4656. Mar 30 11:11:36.732619: "l2tp-psk"[4] 93.46.124.104 #9:   them: 93.46.124.104[192.168.1.101]:17/1701
4657. Mar 30 11:11:36.732627: | ***emit ISAKMP Nonce Payload:
4658. Mar 30 11:11:36.732634: |    next payload type: ISAKMP_NEXT_ID (0x5)
4659. Mar 30 11:11:36.732641: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
4660. Mar 30 11:11:36.732649: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
4661. Mar 30 11:11:36.732657: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
4662. Mar 30 11:11:36.732665: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload
4663. Mar 30 11:11:36.732672: | Nr:
4664. Mar 30 11:11:36.732678: |   4c 08 f3 ee  69 e8 3b ee  5d ac 7a 6a  3c 63 34 65
4665. Mar 30 11:11:36.732685: |   c6 c1 4c 90  d8 72 7c 5c  ed c2 88 ed  79 ab 98 e0
4666. Mar 30 11:11:36.732702: | emitting length of ISAKMP Nonce Payload: 36
4667. Mar 30 11:11:36.732710: | ***emit ISAKMP Identification Payload (IPsec DOI):
4668. Mar 30 11:11:36.732717: |    next payload type: ISAKMP_NEXT_ID (0x5)
4669. Mar 30 11:11:36.732724: |    ID type: ID_IPV4_ADDR (0x1)
4670. Mar 30 11:11:36.732732: |    Protocol ID: 17 (11)
4671. Mar 30 11:11:36.732740: |    port: 1701 (06 a5)
4672. Mar 30 11:11:36.732748: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
4673. Mar 30 11:11:36.732756: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
4674. Mar 30 11:11:36.732764: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
4675. Mar 30 11:11:36.732773: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
4676. Mar 30 11:11:36.732783: | ID body: c0 a8 01 65
4677. Mar 30 11:11:36.732790: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
4678. Mar 30 11:11:36.732797: | ***emit ISAKMP Identification Payload (IPsec DOI):
4679. Mar 30 11:11:36.732804: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4680. Mar 30 11:11:36.732811: |    ID type: ID_IPV4_ADDR (0x1)
4681. Mar 30 11:11:36.732819: |    Protocol ID: 17 (11)
4682. Mar 30 11:11:36.732827: |    port: 1701 (06 a5)
4683. Mar 30 11:11:36.732835: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
4684. Mar 30 11:11:36.732842: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
4685. Mar 30 11:11:36.732850: | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI)
4686. Mar 30 11:11:36.732859: | ID body: 33 9e 40 c9
4687. Mar 30 11:11:36.732866: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
4688. Mar 30 11:11:36.732941: | quick inR1 outI2 HASH(2):
4689. Mar 30 11:11:36.732953: |   bd 5a 73 c0  19 df d3 52  e5 a3 56 9d  c8 6a 91 35
4690. Mar 30 11:11:36.732960: |   d7 30 3d dd
4691. Mar 30 11:11:36.732968: | compute_proto_keymat: needed_len (after ESP enc)=32
4692. Mar 30 11:11:36.732975: | compute_proto_keymat: needed_len (after ESP auth)=52
4693. Mar 30 11:11:36.733142: | install_inbound_ipsec_sa() checking if we can route
4694. Mar 30 11:11:36.733158: | could_route called for l2tp-psk (kind=CK_INSTANCE)
4695. Mar 30 11:11:36.733165: | FOR_EACH_CONNECTION_... in route_owner
4696. Mar 30 11:11:36.733173: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4697. Mar 30 11:11:36.733181: |  conn l2tp-psk mark 0/00000000, 0/00000000
4698. Mar 30 11:11:36.733188: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4699. Mar 30 11:11:36.733196: |  conn xauth-psk mark 0/00000000, 0/00000000
4700. Mar 30 11:11:36.733203: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4701. Mar 30 11:11:36.733211: |  conn l2tp-psk mark 0/00000000, 0/00000000
4702. Mar 30 11:11:36.733224: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4703. Mar 30 11:11:36.733231: |    routing is easy, or has resolvable near-conflict
4704. Mar 30 11:11:36.733239: | checking if this is a replacement state
4705. Mar 30 11:11:36.733246: |   st=0x562b2d556758 ost=0x562b2d555bd8 st->serialno=#9 ost->serialno=#8
4706. Mar 30 11:11:36.733257: "l2tp-psk"[4] 93.46.124.104 #9: keeping refhim=0 during rekey
4707. Mar 30 11:11:36.733264: | installing outgoing SA now as refhim=0
4708. Mar 30 11:11:36.733272: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
4709. Mar 30 11:11:36.733280: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
4710. Mar 30 11:11:36.733288: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
4711. Mar 30 11:11:36.733298: | setting IPsec SA replay-window to 32
4712. Mar 30 11:11:36.733307: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
4713. Mar 30 11:11:36.733316: | netlink: enabling transport mode
4714. Mar 30 11:11:36.733329: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1261)
4715. Mar 30 11:11:36.733337: | XFRM: adding IPsec SA with reqid 16409
4716. Mar 30 11:11:36.733355: | netlink: setting IPsec SA replay-window to 32 using old-style req
4717. Mar 30 11:11:36.733364: | netlink: esp-hw-offload not set for IPsec SA
4718. Mar 30 11:11:36.733488: | netlink response for Add SA esp.371a891a@93.46.124.104 included non-error error
4719. Mar 30 11:11:36.733504: | outgoing SA has refhim=0
4720. Mar 30 11:11:36.733514: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA1_96
4721. Mar 30 11:11:36.733522: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12
4722. Mar 30 11:11:36.733529: | st->st_esp.keymat_len=52 is encrypt_keymat_size=32 + integ_keymat_size=20
4723. Mar 30 11:11:36.733539: | setting IPsec SA replay-window to 32
4724. Mar 30 11:11:36.733546: | NIC esp-hw-offload not for connection 'l2tp-psk' not available on interface ens2
4725. Mar 30 11:11:36.733555: | netlink: enabling transport mode
4726. Mar 30 11:11:36.733566: | subnet from endpoint 93.46.124.104:1701 (in netlink_add_sa() at kernel_xfrm.c:1268)
4727. Mar 30 11:11:36.733575: | XFRM: adding IPsec SA with reqid 16409
4728. Mar 30 11:11:36.733581: | netlink: setting IPsec SA replay-window to 32 using old-style req
4729. Mar 30 11:11:36.733588: | netlink: esp-hw-offload not set for IPsec SA
4730. Mar 30 11:11:36.733663: | netlink response for Add SA esp.f7240e32@10.68.154.105 included non-error error
4731. Mar 30 11:11:36.733680: | emitting 8 zero bytes of encryption padding into ISAKMP Message
4732. Mar 30 11:11:36.733689: | no IKEv1 message padding required
4733. Mar 30 11:11:36.733697: | emitting length of ISAKMP Message: 188
4734. Mar 30 11:11:36.733727: | finished processing quick inI1
4735. Mar 30 11:11:36.733735: | complete v1 state transition with STF_OK
4736. Mar 30 11:11:36.733751: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
4737. Mar 30 11:11:36.733758: | #9 is idle
4738. Mar 30 11:11:36.733766: | doing_xauth:no, t_xauth_client_done:no
4739. Mar 30 11:11:36.733775: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
4740. Mar 30 11:11:36.733784: | child state #9: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA)
4741. Mar 30 11:11:36.733791: | event_already_set, deleting event
4742. Mar 30 11:11:36.733799: | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted
4743. Mar 30 11:11:36.733809: | libevent_free: delref ptr-libevent@0x562b2d5545b8
4744. Mar 30 11:11:36.733817: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b2d554758
4745. Mar 30 11:11:36.733830: | sending reply packet to 93.46.124.104:4500 (from 10.68.154.105:4500)
4746. Mar 30 11:11:36.733848: | sending 192 bytes for STATE_QUICK_R0 through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #9)
4747. Mar 30 11:11:36.733858: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
4748. Mar 30 11:11:36.733865: |   5d 82 98 78  08 10 20 01  00 00 00 06  00 00 00 bc
4749. Mar 30 11:11:36.733873: |   19 df ec 48  3b 5f 4b f6  28 f2 0b 97  18 81 b9 0b
4750. Mar 30 11:11:36.733880: |   b9 25 3d af  b3 7a e2 5a  78 96 8d 1e  2c c2 2b ba
4751. Mar 30 11:11:36.733887: |   70 99 94 f1  67 5f 7b ed  bf a6 68 f3  45 38 0c 80
4752. Mar 30 11:11:36.733894: |   c4 42 75 1c  57 a4 13 f0  4e 83 5c 81  be c4 28 f6
4753. Mar 30 11:11:36.733900: |   13 24 98 7d  55 d4 03 77  1a 50 7d 85  75 2f 8a 2e
4754. Mar 30 11:11:36.733907: |   c3 99 5c 50  ae 4f 42 c0  bc 24 03 0c  84 fd 68 fc
4755. Mar 30 11:11:36.733913: |   a3 41 43 76  4e 99 8e a1  2a e4 4b ac  ff f8 04 43
4756. Mar 30 11:11:36.733920: |   b2 39 16 3b  77 ef 50 6e  15 54 4f 66  79 31 60 5f
4757. Mar 30 11:11:36.733926: |   b3 b1 ad 35  30 e2 29 4e  8b 19 18 af  01 87 9d 21
4758. Mar 30 11:11:36.733933: |   0d 80 25 ea  0e 38 cd d9  7f 4b 5a 33  5c 24 54 19
4759. Mar 30 11:11:36.734034: | !event_already_set at reschedule
4760. Mar 30 11:11:36.734054: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b2d554758
4761. Mar 30 11:11:36.734066: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9
4762. Mar 30 11:11:36.734075: | libevent_malloc: newref ptr-libevent@0x562b2d551528 size 128
4763. Mar 30 11:11:36.734088: | #9 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 5655.159281
4764. Mar 30 11:11:36.734110: | pstats #9 ikev1.ipsec established
4765. Mar 30 11:11:36.734125: | NAT-T: NAT Traversal detected - their IKE port is '500'
4766. Mar 30 11:11:36.734132: | NAT-T: encaps is 'yes'
4767. Mar 30 11:11:36.734148: "l2tp-psk"[4] 93.46.124.104 #9: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x371a891a <0xf7240e32 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
4768. Mar 30 11:11:36.734156: | modecfg pull: noquirk policy:push not-client
4769. Mar 30 11:11:36.734163: | phase 1 is done, looking for phase 2 to unpend
4770. Mar 30 11:11:36.734171: | releasing #9's fd-fd@(nil) because IKEv1 transitions finished
4771. Mar 30 11:11:36.734178: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
4772. Mar 30 11:11:36.734188: | resume sending helper answer for #9 suppresed complete_v1_state_transition()
4773. Mar 30 11:11:36.734208: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in resume_handler() at server.c:860)
4774. Mar 30 11:11:36.734218: | libevent_free: delref ptr-libevent@0x7f3a44003828
4775. Mar 30 11:11:36.814763: | *received 60 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4776. Mar 30 11:11:36.814805: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4777. Mar 30 11:11:36.814811: |   08 10 20 01  00 00 00 06  00 00 00 3c  23 38 24 77
4778. Mar 30 11:11:36.814815: |   40 12 02 4d  f1 c5 d7 23  93 23 d9 32  55 b4 4b 4d
4779. Mar 30 11:11:36.814820: |   1b 60 e8 cf  56 3e eb 28  3e 35 28 95
4780. Mar 30 11:11:36.814830: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
4781. Mar 30 11:11:36.814838: | **parse ISAKMP Message:
4782. Mar 30 11:11:36.814847: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4783. Mar 30 11:11:36.814854: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4784. Mar 30 11:11:36.814859: |    next payload type: ISAKMP_NEXT_HASH (0x8)
4785. Mar 30 11:11:36.814865: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4786. Mar 30 11:11:36.814870: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
4787. Mar 30 11:11:36.814875: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4788. Mar 30 11:11:36.814882: |    Message ID: 6 (00 00 00 06)
4789. Mar 30 11:11:36.814889: |    length: 60 (00 00 00 3c)
4790. Mar 30 11:11:36.814894: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
4791. Mar 30 11:11:36.814902: | State DB: found IKEv1 state #9 in QUICK_R1 (find_state_ikev1)
4792. Mar 30 11:11:36.814914: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1499)
4793. Mar 30 11:11:36.814920: | #9 is idle
4794. Mar 30 11:11:36.814924: | #9 idle
4795. Mar 30 11:11:36.815100: | received encrypted packet from 93.46.124.104:4500
4796. Mar 30 11:11:36.815152: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
4797. Mar 30 11:11:36.815160: | ***parse ISAKMP Hash Payload:
4798. Mar 30 11:11:36.815165: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4799. Mar 30 11:11:36.815171: |    length: 24 (00 18)
4800. Mar 30 11:11:36.815176: | removing 8 bytes of padding
4801. Mar 30 11:11:36.815217: | quick_inI2 HASH(3):
4802. Mar 30 11:11:36.815224: |   70 4d c0 57  e5 81 8c f8  44 12 31 54  ca ed 97 41
4803. Mar 30 11:11:36.815229: |   da df bb 2c
4804. Mar 30 11:11:36.815234: | received 'quick_inI2' message HASH(3) data ok
4805. Mar 30 11:11:36.815243: | install_ipsec_sa() for #9: outbound only
4806. Mar 30 11:11:36.815249: | could_route called for l2tp-psk (kind=CK_INSTANCE)
4807. Mar 30 11:11:36.815254: | FOR_EACH_CONNECTION_... in route_owner
4808. Mar 30 11:11:36.815260: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4809. Mar 30 11:11:36.815264: |  conn l2tp-psk mark 0/00000000, 0/00000000
4810. Mar 30 11:11:36.815270: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4811. Mar 30 11:11:36.815275: |  conn xauth-psk mark 0/00000000, 0/00000000
4812. Mar 30 11:11:36.815280: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4813. Mar 30 11:11:36.815284: |  conn l2tp-psk mark 0/00000000, 0/00000000
4814. Mar 30 11:11:36.815294: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4815. Mar 30 11:11:36.815300: | sr for #9: erouted
4816. Mar 30 11:11:36.815305: | route_and_eroute() for proto 17, and source port 1701 dest port 1701
4817. Mar 30 11:11:36.815328: | FOR_EACH_CONNECTION_... in route_owner
4818. Mar 30 11:11:36.815334: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4819. Mar 30 11:11:36.815338: |  conn l2tp-psk mark 0/00000000, 0/00000000
4820. Mar 30 11:11:36.815343: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4821. Mar 30 11:11:36.815347: |  conn xauth-psk mark 0/00000000, 0/00000000
4822. Mar 30 11:11:36.815352: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
4823. Mar 30 11:11:36.815357: |  conn l2tp-psk mark 0/00000000, 0/00000000
4824. Mar 30 11:11:36.815364: | route owner of "l2tp-psk"[4] 93.46.124.104 erouted: self; eroute owner: self
4825. Mar 30 11:11:36.815370: | route_and_eroute with c: l2tp-psk (next: none) ero:l2tp-psk esr:{(nil)} ro:l2tp-psk rosr:{(nil)} and state: #9
4826. Mar 30 11:11:36.815374: | we are replacing an eroute
4827. Mar 30 11:11:36.815380: | priority calculation of connection "l2tp-psk" is 0x15bfbf
4828. Mar 30 11:11:36.815396: | eroute_connection replace eroute 10.68.154.105/32:1701 --17-> 93.46.124.104/32:1701 => esp.371a891a@93.46.124.104>esp.371a891a@93.46.124.104 using reqid 16409 (raw_eroute)
4829. Mar 30 11:11:36.815404: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
4830. Mar 30 11:11:36.815410: | netlink_raw_eroute: using host address instead of client subnet
4831. Mar 30 11:11:36.815415: | IPsec Sa SPD priority set to 1425343
4832. Mar 30 11:11:36.815450: | raw_eroute result=success
4833. Mar 30 11:11:36.815456: | route_and_eroute: firewall_notified: true
4834. Mar 30 11:11:36.815463: | route_and_eroute: instance "l2tp-psk"[4] 93.46.124.104, setting eroute_owner {spd=0x562b2d554130,sr=0x562b2d554130} to #9 (was #8) (newest_ipsec_sa=#8)
4835. Mar 30 11:11:36.815471: | inI2: instance l2tp-psk[4], setting IKEv1 newest_ipsec_sa to #9 (was #8) (spd.eroute=#9) cloned from #3
4836. Mar 30 11:11:36.815477: | DPD: dpd_init() called on IPsec SA
4837. Mar 30 11:11:36.815481: | DPD: Peer does not support Dead Peer Detection
4838. Mar 30 11:11:36.815486: | complete v1 state transition with STF_OK
4839. Mar 30 11:11:36.815495: | [RE]START processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in complete_v1_state_transition() at ikev1.c:2539)
4840. Mar 30 11:11:36.815500: | #9 is idle
4841. Mar 30 11:11:36.815505: | doing_xauth:no, t_xauth_client_done:no
4842. Mar 30 11:11:36.815510: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
4843. Mar 30 11:11:36.815515: | child state #9: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA)
4844. Mar 30 11:11:36.815521: | event_already_set, deleting event
4845. Mar 30 11:11:36.815526: | state #9 requesting EVENT_RETRANSMIT to be deleted
4846. Mar 30 11:11:36.815531: | #9 STATE_QUICK_R2: retransmits: cleared
4847. Mar 30 11:11:36.815540: | libevent_free: delref ptr-libevent@0x562b2d551528
4848. Mar 30 11:11:36.815545: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b2d554758
4849. Mar 30 11:11:36.815551: | !event_already_set at reschedule
4850. Mar 30 11:11:36.815556: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x562b2d551528
4851. Mar 30 11:11:36.815563: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #9
4852. Mar 30 11:11:36.815569: | libevent_malloc: newref ptr-libevent@0x562b2d5545b8 size 128
4853. Mar 30 11:11:36.815576: | pstats #9 ikev1.ipsec established
4854. Mar 30 11:11:36.815585: | NAT-T: NAT Traversal detected - their IKE port is '500'
4855. Mar 30 11:11:36.815590: | NAT-T: encaps is 'yes'
4856. Mar 30 11:11:36.815600: "l2tp-psk"[4] 93.46.124.104 #9: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x371a891a <0xf7240e32 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.1.101 NATD=93.46.124.104:4500 DPD=unsupported}
4857. Mar 30 11:11:36.815606: | modecfg pull: noquirk policy:push not-client
4858. Mar 30 11:11:36.815611: | phase 1 is done, looking for phase 2 to unpend
4859. Mar 30 11:11:36.815616: | releasing #9's fd-fd@(nil) because IKEv1 transitions finished
4860. Mar 30 11:11:36.815620: | delref fdp@NULL (in complete_v1_state_transition() at ikev1.c:2982)
4861. Mar 30 11:11:36.815630: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
4862. Mar 30 11:11:36.815639: | stop processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
4863. Mar 30 11:11:36.815652: | processing: STOP connection NULL (in process_md() at demux.c:384)
4864. Mar 30 11:11:36.815681: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4865. Mar 30 11:11:36.815688: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4866. Mar 30 11:11:36.815692: |   08 10 05 01  a9 9b cb d3  00 00 00 4c  8f 89 8a 18
4867. Mar 30 11:11:36.815697: |   77 68 7d c5  5e f6 b8 d1  6b eb 86 cc  58 33 4f 82
4868. Mar 30 11:11:36.815701: |   3b 59 18 ab  d1 ef 3b 26  6b 37 13 c6  7a 8e 50 28
4869. Mar 30 11:11:36.815705: |   f7 b7 db f5  4b 44 b7 4b  4b 15 c9 6b
4870. Mar 30 11:11:36.815712: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
4871. Mar 30 11:11:36.815717: | **parse ISAKMP Message:
4872. Mar 30 11:11:36.815724: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4873. Mar 30 11:11:36.815730: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4874. Mar 30 11:11:36.815735: |    next payload type: ISAKMP_NEXT_HASH (0x8)
4875. Mar 30 11:11:36.815740: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4876. Mar 30 11:11:36.815744: |    exchange type: ISAKMP_XCHG_INFO (0x5)
4877. Mar 30 11:11:36.815749: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4878. Mar 30 11:11:36.815755: |    Message ID: 2845559763 (a9 9b cb d3)
4879. Mar 30 11:11:36.815761: |    length: 76 (00 00 00 4c)
4880. Mar 30 11:11:36.815766: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
4881. Mar 30 11:11:36.815771: | peer and cookies match on #9; msgid=00000000 st_msgid=00000006 st_v1_msgid.phase15=00000000
4882. Mar 30 11:11:36.815776: | peer and cookies match on #8; msgid=00000000 st_msgid=00000005 st_v1_msgid.phase15=00000000
4883. Mar 30 11:11:36.815781: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
4884. Mar 30 11:11:36.815786: | p15 state object #3 found, in STATE_MAIN_R3
4885. Mar 30 11:11:36.815791: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
4886. Mar 30 11:11:36.815800: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
4887. Mar 30 11:11:36.815819: | #3 is idle
4888. Mar 30 11:11:36.815824: | #3 idle
4889. Mar 30 11:11:36.815830: | received encrypted packet from 93.46.124.104:4500
4890. Mar 30 11:11:36.815843: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
4891. Mar 30 11:11:36.815849: | ***parse ISAKMP Hash Payload:
4892. Mar 30 11:11:36.815854: |    next payload type: ISAKMP_NEXT_D (0xc)
4893. Mar 30 11:11:36.815859: |    length: 24 (00 18)
4894. Mar 30 11:11:36.815865: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
4895. Mar 30 11:11:36.815870: | ***parse ISAKMP Delete Payload:
4896. Mar 30 11:11:36.815875: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4897. Mar 30 11:11:36.815880: |    length: 16 (00 10)
4898. Mar 30 11:11:36.815885: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4899. Mar 30 11:11:36.815889: |    protocol ID: 3 (03)
4900. Mar 30 11:11:36.815894: |    SPI size: 4 (04)
4901. Mar 30 11:11:36.815899: |    number of SPIs: 1 (00 01)
4902. Mar 30 11:11:36.815904: | removing 8 bytes of padding
4903. Mar 30 11:11:36.815930: | informational HASH(1):
4904. Mar 30 11:11:36.815937: |   6a ad 5f 2b  45 32 01 7a  f7 83 91 2d  9b d2 3f 3c
4905. Mar 30 11:11:36.815941: |   3c 22 11 ce
4906. Mar 30 11:11:36.815945: | received 'informational' message HASH(1) data ok
4907. Mar 30 11:11:36.815951: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
4908. Mar 30 11:11:36.815955: | SPI
4909. Mar 30 11:11:36.815959: |   87 4d 05 0a
4910. Mar 30 11:11:36.815963: | FOR_EACH_STATE_... in find_phase2_state_to_delete
4911. Mar 30 11:11:36.815972: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
4912. Mar 30 11:11:36.815979: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x874d050a) payload: deleting IPsec State #8
4913. Mar 30 11:11:36.815984: | pstats #8 ikev1.ipsec deleted completed
4914. Mar 30 11:11:36.816045: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
4915. Mar 30 11:11:36.816060: | start processing: state #8 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
4916. Mar 30 11:11:36.816076: "l2tp-psk"[4] 93.46.124.104 #8: deleting other state #8 (STATE_QUICK_R2) aged 10.086s and sending notification
4917. Mar 30 11:11:36.816082: | child state #8: QUICK_R2(established CHILD SA) => delete
4918. Mar 30 11:11:36.816090: | get_sa_info esp.874d050a@93.46.124.104
4919. Mar 30 11:11:36.816111: | get_sa_info esp.2c43b193@10.68.154.105
4920. Mar 30 11:11:36.816125: "l2tp-psk"[4] 93.46.124.104 #8: ESP traffic information: in=0B out=0B
4921. Mar 30 11:11:36.816131: | unsuspending #8 MD (nil)
4922. Mar 30 11:11:36.816136: | #8 send IKEv1 delete notification for STATE_QUICK_R2
4923. Mar 30 11:11:36.816140: | FOR_EACH_STATE_... in find_phase1_state
4924. Mar 30 11:11:36.816152: | **emit ISAKMP Message:
4925. Mar 30 11:11:36.816160: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
4926. Mar 30 11:11:36.816187: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
4927. Mar 30 11:11:36.816192: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4928. Mar 30 11:11:36.816196: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
4929. Mar 30 11:11:36.816201: |    exchange type: ISAKMP_XCHG_INFO (0x5)
4930. Mar 30 11:11:36.816206: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
4931. Mar 30 11:11:36.816212: |    Message ID: 3568206273 (d4 ae 81 c1)
4932. Mar 30 11:11:36.816216: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
4933. Mar 30 11:11:36.816221: | ***emit ISAKMP Hash Payload:
4934. Mar 30 11:11:36.816225: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4935. Mar 30 11:11:36.816229: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
4936. Mar 30 11:11:36.816235: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
4937. Mar 30 11:11:36.816240: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
4938. Mar 30 11:11:36.816244: | emitting length of ISAKMP Hash Payload: 24
4939. Mar 30 11:11:36.816249: | ***emit ISAKMP Delete Payload:
4940. Mar 30 11:11:36.816252: |    next payload type: ISAKMP_NEXT_NONE (0x0)
4941. Mar 30 11:11:36.816256: |    DOI: ISAKMP_DOI_IPSEC (0x1)
4942. Mar 30 11:11:36.816260: |    protocol ID: 3 (03)
4943. Mar 30 11:11:36.816264: |    SPI size: 4 (04)
4944. Mar 30 11:11:36.816270: |    number of SPIs: 1 (00 01)
4945. Mar 30 11:11:36.816274: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
4946. Mar 30 11:11:36.816279: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
4947. Mar 30 11:11:36.816283: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
4948. Mar 30 11:11:36.816288: | delete payload: 2c 43 b1 93
4949. Mar 30 11:11:36.816292: | emitting length of ISAKMP Delete Payload: 16
4950. Mar 30 11:11:36.816330: | send delete HASH(1):
4951. Mar 30 11:11:36.816337: |   e8 94 b4 6d  55 fd e1 c7  2a 06 ef 7f  30 e8 7d bc
4952. Mar 30 11:11:36.816341: |   9a 11 39 55
4953. Mar 30 11:11:36.816354: | emitting 8 zero bytes of encryption padding into ISAKMP Message
4954. Mar 30 11:11:36.816359: | no IKEv1 message padding required
4955. Mar 30 11:11:36.816363: | emitting length of ISAKMP Message: 76
4956. Mar 30 11:11:36.816384: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
4957. Mar 30 11:11:36.816390: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
4958. Mar 30 11:11:36.816395: |   5d 82 98 78  08 10 05 01  d4 ae 81 c1  00 00 00 4c
4959. Mar 30 11:11:36.816399: |   66 f2 5e 6a  3e 57 2d 7a  33 52 f9 e1  80 42 bd ad
4960. Mar 30 11:11:36.816403: |   46 58 bb 9d  cc 44 fe c3  e2 84 24 f3  02 fb a6 1a
4961. Mar 30 11:11:36.816409: |   16 88 d4 50  e8 9d b6 53  14 88 39 d9  0b fb 5e 7f
4962. Mar 30 11:11:36.816505: | state #8 requesting EVENT_SA_EXPIRE to be deleted
4963. Mar 30 11:11:36.816522: | libevent_free: delref ptr-libevent@0x562b2d5547c8
4964. Mar 30 11:11:36.816528: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d554a08
4965. Mar 30 11:11:36.816537: | delete esp.874d050a@93.46.124.104
4966. Mar 30 11:11:36.816543: | XFRM: deleting IPsec SA with reqid 0
4967. Mar 30 11:11:36.816604: | netlink response for Del SA esp.874d050a@93.46.124.104 included non-error error
4968. Mar 30 11:11:36.816634: | delete esp.2c43b193@10.68.154.105
4969. Mar 30 11:11:36.816641: | XFRM: deleting IPsec SA with reqid 0
4970. Mar 30 11:11:36.816664: | netlink response for Del SA esp.2c43b193@10.68.154.105 included non-error error
4971. Mar 30 11:11:36.816678: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
4972. Mar 30 11:11:36.816684: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
4973. Mar 30 11:11:36.816688: | in connection_discard for connection l2tp-psk
4974. Mar 30 11:11:36.816693: | connection is instance
4975. Mar 30 11:11:36.816698: | not in pending use
4976. Mar 30 11:11:36.816703: | State DB: found state #9 in QUICK_R2 (connection_discard)
4977. Mar 30 11:11:36.816707: | states still using this connection instance, retaining
4978. Mar 30 11:11:36.816712: | State DB: deleting IKEv1 state #8 in QUICK_R2
4979. Mar 30 11:11:36.816719: | child state #8: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
4980. Mar 30 11:11:36.816726: | releasing #8's fd-fd@(nil) because deleting state
4981. Mar 30 11:11:36.816731: | delref fdp@NULL (in delete_state() at state.c:1185)
4982. Mar 30 11:11:36.816740: | stop processing: state #8 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
4983. Mar 30 11:11:36.816749: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
4984. Mar 30 11:11:36.816759: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
4985. Mar 30 11:11:36.816765: | del:
4986. Mar 30 11:11:36.816787: |
4987. Mar 30 11:11:36.816796: | complete v1 state transition with STF_IGNORE
4988. Mar 30 11:11:36.816805: | stop processing: from 93.46.124.104:4500 (BACKGROUND) (in process_md() at demux.c:381)
4989. Mar 30 11:11:36.816815: | stop processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_md() at demux.c:383)
4990. Mar 30 11:11:36.816819: | processing: STOP connection NULL (in process_md() at demux.c:384)
4991. Mar 30 11:11:43.347473: | processing global timer EVENT_SHUNT_SCAN
4992. Mar 30 11:11:43.347540: | checking for aged bare shunts from shunt table to expire
4993. Mar 30 11:11:46.737295: | *received 76 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
4994. Mar 30 11:11:46.737358: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
4995. Mar 30 11:11:46.737367: |   08 10 05 01  8c 2f db 7e  00 00 00 4c  87 4c e6 8c
4996. Mar 30 11:11:46.737375: |   00 60 42 8e  4e f6 d5 69  40 ae 3c 3b  65 44 e2 4f
4997. Mar 30 11:11:46.737383: |   bf 70 bc 6f  15 c5 4c bf  60 48 8b a9  c8 d6 fe 93
4998. Mar 30 11:11:46.737390: |   38 d9 4a 43  31 98 72 66  34 c5 9b 68
4999. Mar 30 11:11:46.737405: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
5000. Mar 30 11:11:46.737418: | **parse ISAKMP Message:
5001. Mar 30 11:11:46.737432: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
5002. Mar 30 11:11:46.737444: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
5003. Mar 30 11:11:46.737452: |    next payload type: ISAKMP_NEXT_HASH (0x8)
5004. Mar 30 11:11:46.737460: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
5005. Mar 30 11:11:46.737468: |    exchange type: ISAKMP_XCHG_INFO (0x5)
5006. Mar 30 11:11:46.737477: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
5007. Mar 30 11:11:46.737488: |    Message ID: 2351946622 (8c 2f db 7e)
5008. Mar 30 11:11:46.737498: |    length: 76 (00 00 00 4c)
5009. Mar 30 11:11:46.737509: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
5010. Mar 30 11:11:46.737532: | peer and cookies match on #9; msgid=00000000 st_msgid=00000006 st_v1_msgid.phase15=00000000
5011. Mar 30 11:11:46.737561: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_v1_msgid.phase15=00000000
5012. Mar 30 11:11:46.737573: | p15 state object #3 found, in STATE_MAIN_R3
5013. Mar 30 11:11:46.737587: | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state)
5014. Mar 30 11:11:46.737610: | start processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in process_v1_packet() at ikev1.c:1347)
5015. Mar 30 11:11:46.737685: | #3 is idle
5016. Mar 30 11:11:46.737702: | #3 idle
5017. Mar 30 11:11:46.737719: | received encrypted packet from 93.46.124.104:4500
5018. Mar 30 11:11:46.737808: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
5019. Mar 30 11:11:46.737909: | ***parse ISAKMP Hash Payload:
5020. Mar 30 11:11:46.737922: |    next payload type: ISAKMP_NEXT_D (0xc)
5021. Mar 30 11:11:46.737934: |    length: 24 (00 18)
5022. Mar 30 11:11:46.737947: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
5023. Mar 30 11:11:46.737959: | ***parse ISAKMP Delete Payload:
5024. Mar 30 11:11:46.737970: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5025. Mar 30 11:11:46.737982: |    length: 16 (00 10)
5026. Mar 30 11:11:46.737993: |    DOI: ISAKMP_DOI_IPSEC (0x1)
5027. Mar 30 11:11:46.738004: |    protocol ID: 3 (03)
5028. Mar 30 11:11:46.738015: |    SPI size: 4 (04)
5029. Mar 30 11:11:46.738027: |    number of SPIs: 1 (00 01)
5030. Mar 30 11:11:46.738036: | removing 8 bytes of padding
5031. Mar 30 11:11:46.738133: | informational HASH(1):
5032. Mar 30 11:11:46.738172: |   27 41 1e 27  26 18 aa 52  aa bc fa 1b  f2 53 34 31
5033. Mar 30 11:11:46.738193: |   f4 10 78 9a
5034. Mar 30 11:11:46.738205: | received 'informational' message HASH(1) data ok
5035. Mar 30 11:11:46.738217: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI
5036. Mar 30 11:11:46.738237: | SPI
5037. Mar 30 11:11:46.738246: |   37 1a 89 1a
5038. Mar 30 11:11:46.738257: | FOR_EACH_STATE_... in find_phase2_state_to_delete
5039. Mar 30 11:11:46.738286: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in accept_delete() at ikev1_main.c:2492)
5040. Mar 30 11:11:46.738312: "l2tp-psk"[4] 93.46.124.104 #3: received Delete SA(0x371a891a) payload: deleting IPsec State #9
5041. Mar 30 11:11:46.738326: | pstats #9 ikev1.ipsec deleted completed
5042. Mar 30 11:11:46.738344: | suspend processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
5043. Mar 30 11:11:46.738371: | start processing: state #9 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
5044. Mar 30 11:11:46.738410: "l2tp-psk"[4] 93.46.124.104 #9: deleting other state #9 (STATE_QUICK_R2) aged 10.007s and sending notification
5045. Mar 30 11:11:46.738423: | child state #9: QUICK_R2(established CHILD SA) => delete
5046. Mar 30 11:11:46.738442: | get_sa_info esp.371a891a@93.46.124.104
5047. Mar 30 11:11:46.738518: | get_sa_info esp.f7240e32@10.68.154.105
5048. Mar 30 11:11:46.738575: "l2tp-psk"[4] 93.46.124.104 #9: ESP traffic information: in=0B out=0B
5049. Mar 30 11:11:46.738594: | unsuspending #9 MD (nil)
5050. Mar 30 11:11:46.738607: | #9 send IKEv1 delete notification for STATE_QUICK_R2
5051. Mar 30 11:11:46.738618: | FOR_EACH_STATE_... in find_phase1_state
5052. Mar 30 11:11:46.738648: | **emit ISAKMP Message:
5053. Mar 30 11:11:46.738667: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
5054. Mar 30 11:11:46.738684: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
5055. Mar 30 11:11:46.738693: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5056. Mar 30 11:11:46.738702: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
5057. Mar 30 11:11:46.738710: |    exchange type: ISAKMP_XCHG_INFO (0x5)
5058. Mar 30 11:11:46.738719: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
5059. Mar 30 11:11:46.738729: |    Message ID: 790460060 (2f 1d 76 9c)
5060. Mar 30 11:11:46.738737: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
5061. Mar 30 11:11:46.738746: | ***emit ISAKMP Hash Payload:
5062. Mar 30 11:11:46.738754: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5063. Mar 30 11:11:46.738762: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
5064. Mar 30 11:11:46.738770: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
5065. Mar 30 11:11:46.738780: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
5066. Mar 30 11:11:46.738787: | emitting length of ISAKMP Hash Payload: 24
5067. Mar 30 11:11:46.738795: | ***emit ISAKMP Delete Payload:
5068. Mar 30 11:11:46.738802: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5069. Mar 30 11:11:46.738810: |    DOI: ISAKMP_DOI_IPSEC (0x1)
5070. Mar 30 11:11:46.738818: |    protocol ID: 3 (03)
5071. Mar 30 11:11:46.738826: |    SPI size: 4 (04)
5072. Mar 30 11:11:46.738835: |    number of SPIs: 1 (00 01)
5073. Mar 30 11:11:46.738843: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
5074. Mar 30 11:11:46.738906: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
5075. Mar 30 11:11:46.739020: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
5076. Mar 30 11:11:46.739044: | delete payload: f7 24 0e 32
5077. Mar 30 11:11:46.739057: | emitting length of ISAKMP Delete Payload: 16
5078. Mar 30 11:11:46.739140: | send delete HASH(1):
5079. Mar 30 11:11:46.739160: |   e6 3a ba 40  bd 8c 88 ed  66 92 35 a6  84 78 57 ed
5080. Mar 30 11:11:46.739169: |   ac c0 c0 46
5081. Mar 30 11:11:46.739203: | emitting 8 zero bytes of encryption padding into ISAKMP Message
5082. Mar 30 11:11:46.739218: | no IKEv1 message padding required
5083. Mar 30 11:11:46.739229: | emitting length of ISAKMP Message: 76
5084. Mar 30 11:11:46.739277: | sending 80 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
5085. Mar 30 11:11:46.739292: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
5086. Mar 30 11:11:46.739302: |   5d 82 98 78  08 10 05 01  2f 1d 76 9c  00 00 00 4c
5087. Mar 30 11:11:46.739311: |   50 90 ba 67  e2 d8 f2 62  9f 54 cf 45  4c 5a c3 9e
5088. Mar 30 11:11:46.739319: |   8c df e0 f1  cf f0 8c 10  66 c7 75 22  ea a6 d4 5d
5089. Mar 30 11:11:46.739328: |   36 e0 b1 f6  17 60 d8 4b  6b 3e bb 30  a1 da 76 02
5090. Mar 30 11:11:46.739479: | state #9 requesting EVENT_SA_EXPIRE to be deleted
5091. Mar 30 11:11:46.739510: | libevent_free: delref ptr-libevent@0x562b2d5545b8
5092. Mar 30 11:11:46.739524: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d551528
5093. Mar 30 11:11:46.739538: | running updown command "ipsec _updown" for verb down
5094. Mar 30 11:11:46.739551: | command executing down-host
5095. Mar 30 11:11:46.739632: | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1585566696' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_...
5096. Mar 30 11:11:46.739652: | popen cmd is 1134 chars long
5097. Mar 30 11:11:46.739662: | cmd(   0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIR:
5098. Mar 30 11:11:46.739672: | cmd(  80):T_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='1:
5099. Mar 30 11:11:46.739681: | cmd( 160):0.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIE:
5100. Mar 30 11:11:46.739690: | cmd( 240):NT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK=':
5101. Mar 30 11:11:46.739698: | cmd( 320):255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='164:
5102. Mar 30 11:11:46.739705: | cmd( 400):08' PLUTO_SA_TYPE='ESP' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101':
5103. Mar 30 11:11:46.739712: | cmd( 480): PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUT:
5104. Mar 30 11:11:46.739719: | cmd( 560):O_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL=:
5105. Mar 30 11:11:46.739726: | cmd( 640):'17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1585566696' PLUTO_CONN:
5106. Mar 30 11:11:46.739733: | cmd( 720):_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P:
5107. Mar 30 11:11:46.739740: | cmd( 800):LUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I:
5108. Mar 30 11:11:46.739766: | cmd( 880):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN:
5109. Mar 30 11:11:46.739774: | cmd( 960):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA:
5110. Mar 30 11:11:46.739781: | cmd(1040):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x371a891a SPI_OUT=0xf7240e32 ipse:
5111. Mar 30 11:11:46.739788: | cmd(1120):c _updown 2>&1:
5112. Mar 30 11:11:46.748052: | shunt_eroute() called for connection 'l2tp-psk' to 'delete' for rt_kind 'unrouted' using protoports 10.68.154.105/32:1701 --17->- 93.46.124.104/32:1701
5113. Mar 30 11:11:46.748106: | netlink_shunt_eroute for proto 17, and source 10.68.154.105/32:1701 dest 93.46.124.104/32:1701
5114. Mar 30 11:11:46.748119: | priority calculation of connection "l2tp-psk" is 0x15bfbf
5115. Mar 30 11:11:46.748138: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:585)
5116. Mar 30 11:11:46.748146: | netlink_raw_eroute: using host address instead of client subnet
5117. Mar 30 11:11:46.748206: | priority calculation of connection "l2tp-psk" is 0x15bfbf
5118. Mar 30 11:11:46.748240: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
5119. Mar 30 11:11:46.748250: | netlink_raw_eroute: using host address instead of client subnet
5120. Mar 30 11:11:46.748274: | FOR_EACH_CONNECTION_... in route_owner
5121. Mar 30 11:11:46.748282: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
5122. Mar 30 11:11:46.748288: |  conn l2tp-psk mark 0/00000000, 0/00000000
5123. Mar 30 11:11:46.748293: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
5124. Mar 30 11:11:46.748299: |  conn xauth-psk mark 0/00000000, 0/00000000
5125. Mar 30 11:11:46.748305: |  conn l2tp-psk mark 0/00000000, 0/00000000 vs
5126. Mar 30 11:11:46.748310: |  conn l2tp-psk mark 0/00000000, 0/00000000
5127. Mar 30 11:11:46.748326: | route owner of "l2tp-psk"[4] 93.46.124.104 unrouted: NULL
5128. Mar 30 11:11:46.748332: | running updown command "ipsec _updown" for verb unroute
5129. Mar 30 11:11:46.748338: | command executing unroute-host
5130. Mar 30 11:11:46.748385: | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_CLIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID='16408' PLUTO_SA_TYPE='none' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CL...
5131. Mar 30 11:11:46.748393: | popen cmd is 1115 chars long
5132. Mar 30 11:11:46.748398: | cmd(   0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='l2tp-psk' PLUTO_:
5133. Mar 30 11:11:46.748404: | cmd(  80):VIRT_INTERFACE='ens2' PLUTO_INTERFACE='ens2' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP:
5134. Mar 30 11:11:46.748409: | cmd( 160):='10.68.154.104' PLUTO_ME='10.68.154.105' PLUTO_MY_ID='51.158.64.201' PLUTO_MY_C:
5135. Mar 30 11:11:46.748414: | cmd( 240):LIENT='10.68.154.105/32' PLUTO_MY_CLIENT_NET='10.68.154.105' PLUTO_MY_CLIENT_MAS:
5136. Mar 30 11:11:46.748419: | cmd( 320):K='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_SA_REQID=':
5137. Mar 30 11:11:46.748424: | cmd( 400):16408' PLUTO_SA_TYPE='none' PLUTO_PEER='93.46.124.104' PLUTO_PEER_ID='192.168.1.:
5138. Mar 30 11:11:46.748429: | cmd( 480):101' PLUTO_PEER_CLIENT='93.46.124.104/32' PLUTO_PEER_CLIENT_NET='93.46.124.104' :
5139. Mar 30 11:11:46.748434: | cmd( 560):PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTO:
5140. Mar 30 11:11:46.748455: | cmd( 640):COL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI:
5141. Mar 30 11:11:46.748461: | cmd( 720):CY='PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_:
5142. Mar 30 11:11:46.748466: | cmd( 800):CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE:
5143. Mar 30 11:11:46.748471: | cmd( 880):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=':
5144. Mar 30 11:11:46.748476: | cmd( 960):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='':
5145. Mar 30 11:11:46.748481: | cmd(1040): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
5146. Mar 30 11:11:46.759381: | delete esp.371a891a@93.46.124.104
5147. Mar 30 11:11:46.759415: | XFRM: deleting IPsec SA with reqid 0
5148. Mar 30 11:11:46.759450: | netlink response for Del SA esp.371a891a@93.46.124.104 included non-error error
5149. Mar 30 11:11:46.759457: | priority calculation of connection "l2tp-psk" is 0x15bfbf
5150. Mar 30 11:11:46.759467: | delete inbound eroute 93.46.124.104/32:1701 --17-> 10.68.154.105/32:1701 => esp.10000@10.68.154.105 using reqid 0 (raw_eroute)
5151. Mar 30 11:11:46.759474: | subnet from endpoint 93.46.124.104:1701 (in netlink_raw_eroute() at kernel_xfrm.c:589)
5152. Mar 30 11:11:46.759478: | netlink_raw_eroute: using host address instead of client subnet
5153. Mar 30 11:11:46.759491: | raw_eroute result=success
5154. Mar 30 11:11:46.759496: | delete esp.f7240e32@10.68.154.105
5155. Mar 30 11:11:46.759500: | XFRM: deleting IPsec SA with reqid 0
5156. Mar 30 11:11:46.759508: | netlink response for Del SA esp.f7240e32@10.68.154.105 included non-error error
5157. Mar 30 11:11:46.759525: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (BACKGROUND) (in update_state_connection() at connections.c:4093)
5158. Mar 30 11:11:46.759529: | start processing: connection NULL (in update_state_connection() at connections.c:4094)
5159. Mar 30 11:11:46.759532: | in connection_discard for connection l2tp-psk
5160. Mar 30 11:11:46.759535: | connection is instance
5161. Mar 30 11:11:46.759539: | not in pending use
5162. Mar 30 11:11:46.759543: | State DB: found state #3 in MAIN_R3 (connection_discard)
5163. Mar 30 11:11:46.759547: | states still using this connection instance, retaining
5164. Mar 30 11:11:46.759552: | State DB: deleting IKEv1 state #9 in QUICK_R2
5165. Mar 30 11:11:46.759563: | child state #9: QUICK_R2(established CHILD SA) => UNDEFINED(ignore)
5166. Mar 30 11:11:46.759567: | releasing #9's fd-fd@(nil) because deleting state
5167. Mar 30 11:11:46.759571: | delref fdp@NULL (in delete_state() at state.c:1185)
5168. Mar 30 11:11:46.759578: | stop processing: state #9 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
5169. Mar 30 11:11:46.759585: | resume processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
5170. Mar 30 11:11:46.759605: | connection 'l2tp-psk' -POLICY_UP
5171. Mar 30 11:11:46.759609: | FOR_EACH_STATE_... in shared_phase1_connection
5172. Mar 30 11:11:46.759613: | Deleting states for connection - not including other IPsec SA's
5173. Mar 30 11:11:46.759616: | pass 0
5174. Mar 30 11:11:46.759619: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
5175. Mar 30 11:11:46.759622: | state #3
5176. Mar 30 11:11:46.759625: | pass 1
5177. Mar 30 11:11:46.759628: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
5178. Mar 30 11:11:46.759631: | state #3
5179. Mar 30 11:11:46.759638: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in foreach_state_by_connection_func_delete() at state.c:1376)
5180. Mar 30 11:11:46.759642: | pstats #3 ikev1.isakmp deleted completed
5181. Mar 30 11:11:46.759650: | [RE]START processing: state #3 connection "l2tp-psk"[4] 93.46.124.104 from 93.46.124.104:4500 (in delete_state() at state.c:944)
5182. Mar 30 11:11:46.759657: "l2tp-psk"[4] 93.46.124.104 #3: deleting state (STATE_MAIN_R3) aged 35.444s and sending notification
5183. Mar 30 11:11:46.759661: | parent state #3: MAIN_R3(established IKE SA) => delete
5184. Mar 30 11:11:46.759665: | unsuspending #3 MD (nil)
5185. Mar 30 11:11:46.759669: | #3 send IKEv1 delete notification for STATE_MAIN_R3
5186. Mar 30 11:11:46.759703: | **emit ISAKMP Message:
5187. Mar 30 11:11:46.759710: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
5188. Mar 30 11:11:46.759714: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
5189. Mar 30 11:11:46.759719: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5190. Mar 30 11:11:46.759722: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
5191. Mar 30 11:11:46.759726: |    exchange type: ISAKMP_XCHG_INFO (0x5)
5192. Mar 30 11:11:46.759730: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
5193. Mar 30 11:11:46.759735: |    Message ID: 618241470 (24 d9 9d be)
5194. Mar 30 11:11:46.759739: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
5195. Mar 30 11:11:46.759743: | ***emit ISAKMP Hash Payload:
5196. Mar 30 11:11:46.759746: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5197. Mar 30 11:11:46.759750: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
5198. Mar 30 11:11:46.759754: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
5199. Mar 30 11:11:46.759758: | emitting 20 zero bytes of HASH DATA into ISAKMP Hash Payload
5200. Mar 30 11:11:46.759762: | emitting length of ISAKMP Hash Payload: 24
5201. Mar 30 11:11:46.759765: | ***emit ISAKMP Delete Payload:
5202. Mar 30 11:11:46.759769: |    next payload type: ISAKMP_NEXT_NONE (0x0)
5203. Mar 30 11:11:46.759772: |    DOI: ISAKMP_DOI_IPSEC (0x1)
5204. Mar 30 11:11:46.759776: |    protocol ID: 1 (01)
5205. Mar 30 11:11:46.759780: |    SPI size: 16 (10)
5206. Mar 30 11:11:46.759783: |    number of SPIs: 1 (00 01)
5207. Mar 30 11:11:46.759787: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
5208. Mar 30 11:11:46.759790: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
5209. Mar 30 11:11:46.759794: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload
5210. Mar 30 11:11:46.759799: | initiator SPI: f8 3c 21 0c  a6 50 d0 ca
5211. Mar 30 11:11:46.759802: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload
5212. Mar 30 11:11:46.759807: | responder SPI: 6c 9a 42 2a  5d 82 98 78
5213. Mar 30 11:11:46.759810: | emitting length of ISAKMP Delete Payload: 28
5214. Mar 30 11:11:46.759868: | send delete HASH(1):
5215. Mar 30 11:11:46.759873: |   9e a3 ed af  c4 4c 43 d4  a6 ee bb d5  70 22 a5 d8
5216. Mar 30 11:11:46.759876: |   1b 8f 41 ac
5217. Mar 30 11:11:46.759891: | emitting 12 zero bytes of encryption padding into ISAKMP Message
5218. Mar 30 11:11:46.759894: | no IKEv1 message padding required
5219. Mar 30 11:11:46.759898: | emitting length of ISAKMP Message: 92
5220. Mar 30 11:11:46.759922: | sending 96 bytes for delete notify through ens2 from 10.68.154.105:4500 to 93.46.124.104:4500 (using #3)
5221. Mar 30 11:11:46.759926: |   00 00 00 00  f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a
5222. Mar 30 11:11:46.759930: |   5d 82 98 78  08 10 05 01  24 d9 9d be  00 00 00 5c
5223. Mar 30 11:11:46.759933: |   83 62 f6 7d  6b 2e 19 2a  52 25 0e 2f  4d cb 58 e6
5224. Mar 30 11:11:46.759936: |   28 76 8e 84  e1 d3 4c 6e  70 37 d0 6f  be 62 96 ac
5225. Mar 30 11:11:46.759939: |   17 c6 4d 71  76 11 ad b4  9e 6c 96 76  be 61 22 71
5226. Mar 30 11:11:46.759943: |   a5 05 88 aa  b6 fa 09 1d  82 95 e2 29  07 94 c2 23
5227. Mar 30 11:11:46.760053: | state #3 requesting EVENT_SA_EXPIRE to be deleted
5228. Mar 30 11:11:46.760070: | libevent_free: delref ptr-libevent@0x562b2d5553d8
5229. Mar 30 11:11:46.760075: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x562b2d551aa8
5230. Mar 30 11:11:46.760081: | State DB: IKEv1 state not found (flush_incomplete_children)
5231. Mar 30 11:11:46.760085: | in connection_discard for connection l2tp-psk
5232. Mar 30 11:11:46.760089: | State DB: deleting IKEv1 state #3 in MAIN_R3
5233. Mar 30 11:11:46.760094: | parent state #3: MAIN_R3(established IKE SA) => UNDEFINED(ignore)
5234. Mar 30 11:11:46.760098: | releasing #3's fd-fd@(nil) because deleting state
5235. Mar 30 11:11:46.760101: | delref fdp@NULL (in delete_state() at state.c:1185)
5236. Mar 30 11:11:46.760129: | stop processing: state #3 from 93.46.124.104:4500 (in delete_state() at state.c:1211)
5237. Mar 30 11:11:46.760157: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1378)
5238. Mar 30 11:11:46.760170: | start processing: connection "l2tp-psk"[4] 93.46.124.104 (in delete_connection() at connections.c:192)
5239. Mar 30 11:11:46.760178: "l2tp-psk"[4] 93.46.124.104: deleting connection "l2tp-psk"[4] 93.46.124.104 instance with peer 93.46.124.104 {isakmp=#0/ipsec=#0}
5240. Mar 30 11:11:46.760181: | Deleting states for connection - not including other IPsec SA's
5241. Mar 30 11:11:46.760184: | pass 0
5242. Mar 30 11:11:46.760187: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
5243. Mar 30 11:11:46.760190: | pass 1
5244. Mar 30 11:11:46.760193: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
5245. Mar 30 11:11:46.760200: | free hp@0x562b2d550f18
5246. Mar 30 11:11:46.760203: | flush revival: connection 'l2tp-psk' wasn't on the list
5247. Mar 30 11:11:46.760208: | stop processing: connection "l2tp-psk"[4] 93.46.124.104 (in discard_connection() at connections.c:255)
5248. Mar 30 11:11:46.760216: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2533)
5249. Mar 30 11:11:46.760219: | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2536)
5250. Mar 30 11:11:46.760223: | del:
5251. Mar 30 11:11:46.760226: |
5252. Mar 30 11:11:46.760229: | in statetime_start() with no state
5253. Mar 30 11:11:46.760234: | complete v1 state transition with STF_IGNORE
5254. Mar 30 11:11:46.760240: | stop processing: from 93.46.124.104:4500 (in process_md() at demux.c:381)
5255. Mar 30 11:11:46.760246: | processing: STOP state #0 (in process_md() at demux.c:383)
5256. Mar 30 11:11:46.760249: | processing: STOP connection NULL (in process_md() at demux.c:384)
5257. Mar 30 11:11:46.760285: | *received 92 bytes from 93.46.124.104:4500 on ens2 (10.68.154.105:4500)
5258. Mar 30 11:11:46.760289: |   f8 3c 21 0c  a6 50 d0 ca  6c 9a 42 2a  5d 82 98 78
5259. Mar 30 11:11:46.760292: |   08 10 05 01  4d 21 e2 08  00 00 00 5c  12 46 88 29
5260. Mar 30 11:11:46.760295: |   97 e7 7a 75  dd 8e a4 88  dc 4d cd 55  74 6c 69 1c
5261. Mar 30 11:11:46.760298: |   d8 4e f8 db  9a bf a1 12  11 8b c0 14  1e de 5a fb
5262. Mar 30 11:11:46.760301: |   a2 9d 10 d4  59 69 9d d4  a2 d4 64 c3  8e 73 07 5e
5263. Mar 30 11:11:46.760304: |   a0 b6 31 8b  1e 8d 53 63  fa 29 d2 c3
5264. Mar 30 11:11:46.760309: | start processing: from 93.46.124.104:4500 (in process_md() at demux.c:379)
5265. Mar 30 11:11:46.760313: | **parse ISAKMP Message:
5266. Mar 30 11:11:46.760318: |    initiator cookie: f8 3c 21 0c  a6 50 d0 ca
5267. Mar 30 11:11:46.760323: |    responder cookie: 6c 9a 42 2a  5d 82 98 78
5268. Mar 30 11:11:46.760326: |    next payload type: ISAKMP_NEXT_HASH (0x8)
5269. Mar 30 11:11:46.760329: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
5270. Mar 30 11:11:46.760333: |    exchange type: ISAKMP_XCHG_INFO (0x5)
5271. Mar 30 11:11:46.760336: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
5272. Mar 30 11:11:46.760340: |    Message ID: 1294066184 (4d 21 e2 08)
5273. Mar 30 11:11:46.760345: |    length: 92 (00 00 00 5c)
5274. Mar 30 11:11:46.760348: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
5275. Mar 30 11:11:46.760352: | State DB: IKEv1 state not found (find_v1_info_state)
5276. Mar 30 11:11:46.760355: | State DB: IKEv1 state not found (find_state_ikev1_init)
5277. Mar 30 11:11:46.760359: | Informational Exchange is for an unknown (expired?) SA with MSGID:0x4d21e208
5278. Mar 30 11:11:46.760362: | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes:
5279. Mar 30 11:11:46.760365: |   f8 3c 21 0c  a6 50 d0 ca
5280. Mar 30 11:11:46.760368: | - unknown SA's md->hdr.isa_ike_responder_spi.bytes:
5281. Mar 30 11:11:46.760371: |   6c 9a 42 2a  5d 82 98 78
5282. Mar 30 11:11:46.760376: | stop processing: from 93.46.124.104:4500 (in process_md() at demux.c:381)
5283. Mar 30 11:11:46.760380: | processing: STOP state #0 (in process_md() at demux.c:383)
5284. Mar 30 11:11:46.760383: | processing: STOP connection NULL (in process_md() at demux.c:384)
5285. Mar 30 11:11:46.760392: | processing signal PLUTO_SIGCHLD
5286. Mar 30 11:11:46.760397: | waitpid returned ECHILD (no child processes left)
5287. Mar 30 11:11:46.760401: | processing signal PLUTO_SIGCHLD
5288. Mar 30 11:11:46.760404: | waitpid returned ECHILD (no child processes left)
5289. Mar 30 11:11:51.445201: | processing global timer EVENT_NAT_T_KEEPALIVE
5290. Mar 30 11:11:51.445295: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
5291. Mar 30 11:12:03.341580: | processing global timer EVENT_PENDING_DDNS
5292. Mar 30 11:12:03.341651: | FOR_EACH_CONNECTION_... in connection_check_ddns
5293. Mar 30 11:12:03.341661: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
5294. Mar 30 11:12:03.341689: | elapsed time in connection_check_ddns for hostname lookup 0.000037
5295. Mar 30 11:12:03.341698: | processing global timer EVENT_SHUNT_SCAN
5296. Mar 30 11:12:03.341707: | checking for aged bare shunts from shunt table to expire
5297. Mar 30 11:12:23.357806: | processing global timer EVENT_SD_WATCHDOG
5298. Mar 30 11:12:23.357863: | pluto_sd: executing action action: watchdog(3), status 0
5299. Mar 30 11:12:23.357951: | processing global timer EVENT_SHUNT_SCAN
5300. Mar 30 11:12:23.357962: | checking for aged bare shunts from shunt table to expire
5301. Mar 30 11:12:43.358059: | processing global timer EVENT_SHUNT_SCAN
5302. Mar 30 11:12:43.358124: | checking for aged bare shunts from shunt table to expire