Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- After running ``ping -I eth1 -p deadbeef 192.168.50.2`` from 192.168.50.3:
- /var/log/pluto.log (192.168.50.3 - ping originator):
- ------
- Dec 7 19:09:08.481089: FIPS Product: NO
- Dec 7 19:09:08.481231: FIPS Kernel: NO
- Dec 7 19:09:08.481234: FIPS Mode: NO
- Dec 7 19:09:08.481236: NSS DB directory: sql:/etc/ipsec.d
- Dec 7 19:09:08.481317: Initializing NSS
- Dec 7 19:09:08.481327: Opening NSS database "sql:/etc/ipsec.d" read-only
- Dec 7 19:09:08.559610: NSS initialized
- Dec 7 19:09:08.559635: NSS crypto library initialized
- Dec 7 19:09:08.559640: FIPS HMAC integrity support [enabled]
- Dec 7 19:09:08.559644: FIPS mode disabled for pluto daemon
- Dec 7 19:09:08.584017: FIPS HMAC integrity verification self-test passed
- Dec 7 19:09:08.584565: libcap-ng support [enabled]
- Dec 7 19:09:08.584576: Linux audit support [enabled]
- Dec 7 19:09:08.584721: Linux audit activated
- Dec 7 19:09:08.584726: Starting Pluto (Libreswan Version 3.25 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:7534
- Dec 7 19:09:08.584729: core dump dir: /run/pluto
- Dec 7 19:09:08.584731: secrets file: /etc/ipsec.secrets
- Dec 7 19:09:08.584733: leak-detective enabled
- Dec 7 19:09:08.584735: NSS crypto [enabled]
- Dec 7 19:09:08.584737: XAUTH PAM support [enabled]
- Dec 7 19:09:08.584797: | init_nat_traversal() initialized with keep_alive=0s
- Dec 7 19:09:08.584801: NAT-Traversal support [enabled]
- Dec 7 19:09:08.584814: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
- Dec 7 19:09:08.584965: | event_schedule: new EVENT_REINIT_SECRET-pe@0x564dee3ac808
- Dec 7 19:09:08.584972: | inserting event EVENT_REINIT_SECRET, timeout in 3600.000 seconds
- Dec 7 19:09:08.584980: | event_schedule: new EVENT_PENDING_DDNS-pe@0x564dee3ac958
- Dec 7 19:09:08.584983: | inserting event EVENT_PENDING_DDNS, timeout in 60.000 seconds
- Dec 7 19:09:08.584986: | event_schedule: new EVENT_PENDING_PHASE2-pe@0x564dee3aca58
- Dec 7 19:09:08.584989: | inserting event EVENT_PENDING_PHASE2, timeout in 120.000 seconds
- Dec 7 19:09:08.585013: Encryption algorithms:
- Dec 7 19:09:08.585020: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
- Dec 7 19:09:08.585023: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
- Dec 7 19:09:08.585026: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
- Dec 7 19:09:08.585029: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
- Dec 7 19:09:08.585032: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
- Dec 7 19:09:08.585035: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
- Dec 7 19:09:08.585038: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
- Dec 7 19:09:08.585041: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_b)
- Dec 7 19:09:08.585043: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
- Dec 7 19:09:08.585046: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aesctr)
- Dec 7 19:09:08.585049: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
- Dec 7 19:09:08.585052: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (serpent)
- Dec 7 19:09:08.585055: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
- Dec 7 19:09:08.585057: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} (twofish_cbc_ssh)
- Dec 7 19:09:08.585060: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
- Dec 7 19:09:08.585063: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
- Dec 7 19:09:08.585065: NULL IKEv1: ESP IKEv2: ESP []
- Dec 7 19:09:08.585071: Hash algorithms:
- Dec 7 19:09:08.585074: MD5 IKEv1: IKE IKEv2:
- Dec 7 19:09:08.585084: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
- Dec 7 19:09:08.585086: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
- Dec 7 19:09:08.585089: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
- Dec 7 19:09:08.585091: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
- Dec 7 19:09:08.585097: PRF algorithms:
- Dec 7 19:09:08.585100: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
- Dec 7 19:09:08.585102: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
- Dec 7 19:09:08.585105: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
- Dec 7 19:09:08.585107: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS (sha384 sha2_384)
- Dec 7 19:09:08.585109: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
- Dec 7 19:09:08.585112: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
- Dec 7 19:09:08.585119: Integrity algorithms:
- Dec 7 19:09:08.585121: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (md5 hmac_md5)
- Dec 7 19:09:08.585124: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
- Dec 7 19:09:08.585126: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha512 sha2_512 hmac_sha2_512)
- Dec 7 19:09:08.585129: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
- Dec 7 19:09:08.585131: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
- Dec 7 19:09:08.585133: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
- Dec 7 19:09:08.585136: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS (aes_cmac)
- Dec 7 19:09:08.585138: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
- Dec 7 19:09:08.585146: DH algorithms:
- Dec 7 19:09:08.585148: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
- Dec 7 19:09:08.585151: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
- Dec 7 19:09:08.585153: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
- Dec 7 19:09:08.585155: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
- Dec 7 19:09:08.585157: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
- Dec 7 19:09:08.585160: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
- Dec 7 19:09:08.585162: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
- Dec 7 19:09:08.585165: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
- Dec 7 19:09:08.585167: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
- Dec 7 19:09:08.585169: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
- Dec 7 19:09:08.585171: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
- Dec 7 19:09:08.585174: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH
- Dec 7 19:09:08.585176: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
- Dec 7 19:09:08.585178: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
- Dec 7 19:09:08.586891: starting up 2 crypto helpers
- Dec 7 19:09:08.586936: started thread for crypto helper 0
- Dec 7 19:09:08.586951: started thread for crypto helper 1
- Dec 7 19:09:08.586962: | ignoring microcode for XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0) -> MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_v1_RETRANSMIT
- Dec 7 19:09:08.586965: | MAIN_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.586967: | MAIN_I1 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.586970: | MAIN_R1 (timeout: EVENT_SO_DISCARD flags: 200)
- Dec 7 19:09:08.586972: | MAIN_I2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Dec 7 19:09:08.586977: | MAIN_R2 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Dec 7 19:09:08.586980: | MAIN_I3 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Dec 7 19:09:08.586982: | MAIN_R3 (timeout: EVENT_SA_REPLACE flags: 200)
- Dec 7 19:09:08.586984: | MAIN_I4 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.586986: | AGGR_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.586988: | AGGR_I1 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.586990: | AGGR_R1 (timeout: EVENT_SO_DISCARD flags: 200)
- Dec 7 19:09:08.586992: | AGGR_I2 (timeout: EVENT_SA_REPLACE flags: 200)
- Dec 7 19:09:08.586995: | AGGR_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.586997: | QUICK_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.586999: | QUICK_I1 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587001: | QUICK_R1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587003: | QUICK_I2 (timeout: EVENT_SA_REPLACE flags: 200)
- Dec 7 19:09:08.587005: | QUICK_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587007: | INFO (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587010: | INFO_PROTECTED (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587012: | XAUTH_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587014: | XAUTH_R1 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587016: | MODE_CFG_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587018: | MODE_CFG_R1 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587020: | MODE_CFG_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587022: | MODE_CFG_I1 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587024: | XAUTH_I0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587026: | XAUTH_I1 (timeout: EVENT_v1_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587032: | Processing IKEv2 state V2_REKEY_IKE_I0 (microcode Initiate CREATE_CHILD_SA IKE Rekey)
- Dec 7 19:09:08.587035: | Processing IKEv2 state V2_REKEY_CHILD_I0 (microcode Initiate CREATE_CHILD_SA IPsec Rekey SA)
- Dec 7 19:09:08.587037: | Processing IKEv2 state V2_CREATE_I0 (microcode Initiate CREATE_CHILD_SA IPsec SA)
- Dec 7 19:09:08.587040: | Processing IKEv2 state PARENT_I0 (microcode initiate IKE_SA_INIT)
- Dec 7 19:09:08.587042: | Processing IKEv2 state PARENT_I1 (microcode Initiator: process SA_INIT reply notification)
- Dec 7 19:09:08.587044: | Processing IKEv2 state PARENT_I2 (microcode Initiator: process INVALID_SYNTAX AUTH notification)
- Dec 7 19:09:08.587047: | Processing IKEv2 state PARENT_R0 (microcode Respond to IKE_SA_INIT)
- Dec 7 19:09:08.587049: | Processing IKEv2 state PARENT_R1 (microcode Responder: process AUTH request (no SKEYSEED))
- Dec 7 19:09:08.587051: | Processing IKEv2 state V2_REKEY_IKE_R (microcode Respond to CREATE_CHILD_SA IKE Rekey)
- Dec 7 19:09:08.587054: | Processing IKEv2 state V2_REKEY_IKE_I (microcode Process CREATE_CHILD_SA IKE Rekey Response)
- Dec 7 19:09:08.587056: | Processing IKEv2 state V2_CREATE_I (microcode Process CREATE_CHILD_SA IPsec SA Response)
- Dec 7 19:09:08.587058: | Processing IKEv2 state V2_CREATE_R (microcode Respond to CREATE_CHILD_SA IPsec SA Request)
- Dec 7 19:09:08.587060: | Processing IKEv2 state PARENT_I3 (microcode I3: INFORMATIONAL Request)
- Dec 7 19:09:08.587063: | Processing IKEv2 state PARENT_R2 (microcode R2: process INFORMATIONAL Request)
- Dec 7 19:09:08.587065: | Processing IKEv2 state IKESA_DEL (microcode IKE_SA_DEL: process INFORMATIONAL)
- Dec 7 19:09:08.587068: | ignoring microcode for PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_RETAIN
- Dec 7 19:09:08.587071: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Dec 7 19:09:08.587074: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Dec 7 19:09:08.587077: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Dec 7 19:09:08.587080: | ignoring microcode for PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) -> PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0) with event EVENT_NULL
- Dec 7 19:09:08.587084: | ignoring microcode for PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) -> PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0) with event EVENT_SA_REPLACE
- Dec 7 19:09:08.587088: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Dec 7 19:09:08.587091: | ignoring microcode for PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Dec 7 19:09:08.587094: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Dec 7 19:09:08.587097: | ignoring microcode for PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) -> PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0) with event EVENT_RETAIN
- Dec 7 19:09:08.587099: | IKEv2_BASE (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587102: | PARENT_I1 (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587104: | PARENT_I2 (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587106: | PARENT_I3 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587108: | PARENT_R1 (timeout: EVENT_v2_RESPONDER_TIMEOUT flags: 0)
- Dec 7 19:09:08.587110: | PARENT_R2 (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587112: | V2_CREATE_I0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587114: | V2_CREATE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587117: | V2_REKEY_IKE_I0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587119: | V2_REKEY_IKE_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587121: | V2_REKEY_CHILD_I0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587123: | V2_REKEY_CHILD_I (timeout: EVENT_v2_RETRANSMIT flags: 0)
- Dec 7 19:09:08.587125: | V2_CREATE_R (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587127: | V2_REKEY_IKE_R (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587129: | V2_REKEY_CHILD_R (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587132: | V2_IPSEC_I (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587134: | V2_IPSEC_R (timeout: EVENT_SA_REPLACE flags: 0)
- Dec 7 19:09:08.587136: | IKESA_DEL (timeout: EVENT_RETAIN flags: 0)
- Dec 7 19:09:08.587138: | CHILDSA_DEL (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587140: | PARENT_R0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587142: | PARENT_I0 (timeout: EVENT_NULL flags: 0)
- Dec 7 19:09:08.587196: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-957.1.3.el7.x86_64
- Dec 7 19:09:08.587720: | process 7534 listening for PF_KEY_V2 on file descriptor 14
- Dec 7 19:09:08.587724: | kernel_alg_init()
- Dec 7 19:09:08.587730: | Hard-wiring new AEAD algorithms
- Dec 7 19:09:08.587734: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=18(ESP_AES_GCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587737: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=19(ESP_AES_GCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587740: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=20(ESP_AES_GCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587743: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=14(ESP_AES_CCM_A), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587746: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=15(ESP_AES_CCM_B), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587749: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=16(ESP_AES_CCM_C), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587752: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=23(ESP_NULL_AUTH_AES_GMAC), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.587756: | Hard-wiring new INTEG algorithms
- Dec 7 19:09:08.587759: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=250(AH_AES_CMAC_96), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Dec 7 19:09:08.587964: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
- Dec 7 19:09:08.587970: | 02 07 00 02 02 00 00 00 01 00 00 00 6e 1d 00 00
- Dec 7 19:09:08.588295: | starting up helper thread 0
- Dec 7 19:09:08.588304: | status value returned by setting the priority of this thread (crypto helper 0) 22
- Dec 7 19:09:08.588306: | crypto helper 0 waiting (nothing to do)
- Dec 7 19:09:08.588313: | starting up helper thread 1
- Dec 7 19:09:08.588317: | status value returned by setting the priority of this thread (crypto helper 1) 22
- Dec 7 19:09:08.588319: | crypto helper 1 waiting (nothing to do)
- Dec 7 19:09:08.595687: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 1 for process 0
- Dec 7 19:09:08.595704: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 2 for process 0
- Dec 7 19:09:08.595709: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 3 for process 0
- Dec 7 19:09:08.595713: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 4 for process 0
- Dec 7 19:09:08.595717: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 5 for process 0
- Dec 7 19:09:08.595721: | pfkey_get: ignoring PF_KEY K_SADB_X_GRPSA message 6 for process 0
- Dec 7 19:09:08.595724: | pfkey_get: K_SADB_REGISTER message 1
- Dec 7 19:09:08.595729: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72
- Dec 7 19:09:08.595733: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Dec 7 19:09:08.595736: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Dec 7 19:09:08.595739: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Dec 7 19:09:08.595742: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
- Dec 7 19:09:08.595745: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
- Dec 7 19:09:08.595748: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
- Dec 7 19:09:08.595750: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Dec 7 19:09:08.595765: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Dec 7 19:09:08.595769: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88
- Dec 7 19:09:08.595772: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Dec 7 19:09:08.595774: | kernel_alg_add(2,15,11) fails because alg combo is invalid
- Dec 7 19:09:08.595777: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
- Dec 7 19:09:08.595780: | kernel_alg_add(2,15,2) fails because alg combo is invalid
- Dec 7 19:09:08.595782: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
- Dec 7 19:09:08.595785: | kernel_alg_add(2,15,3) fails because alg combo is invalid
- Dec 7 19:09:08.595787: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
- Dec 7 19:09:08.595789: | kernel_alg_add(2,15,6) fails because alg combo is invalid
- Dec 7 19:09:08.595798: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
- Dec 7 19:09:08.595801: | kernel_alg_add(2,15,7) fails because alg combo is invalid
- Dec 7 19:09:08.595804: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.595806: | kernel_alg_add(2,15,12) fails because alg combo is invalid
- Dec 7 19:09:08.595809: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.595811: | kernel_alg_add(2,15,252) fails because alg combo is invalid
- Dec 7 19:09:08.595814: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.595816: | kernel_alg_add(2,15,22) fails because alg combo is invalid
- Dec 7 19:09:08.595818: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.595821: | kernel_alg_add(2,15,253) fails because alg combo is invalid
- Dec 7 19:09:08.595823: | kernel_alg_add(): satype=2(SADB_SATYPE_AH), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
- Dec 7 19:09:08.595826: | kernel_alg_add(2,15,13) fails because alg combo is invalid
- Dec 7 19:09:08.595828: | AH registered with kernel.
- Dec 7 19:09:08.595832: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
- Dec 7 19:09:08.595835: | 02 07 00 03 02 00 00 00 02 00 00 00 6e 1d 00 00
- Dec 7 19:09:08.598696: | pfkey_get: K_SADB_REGISTER message 2
- Dec 7 19:09:08.598706: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
- Dec 7 19:09:08.598710: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=251(AH_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Dec 7 19:09:08.598712: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251
- Dec 7 19:09:08.598715: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=2(AH_MD5), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Dec 7 19:09:08.598718: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2
- Dec 7 19:09:08.598720: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=3(AH_SHA), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Dec 7 19:09:08.598723: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3
- Dec 7 19:09:08.598725: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=5(AH_SHA2_256), alg_ivlen=0, alg_minbits=256, alg_maxbits=256
- Dec 7 19:09:08.598728: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5
- Dec 7 19:09:08.598730: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=6(AH_SHA2_384), alg_ivlen=0, alg_minbits=384, alg_maxbits=384
- Dec 7 19:09:08.598732: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6
- Dec 7 19:09:08.598735: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=7(AH_SHA2_512), alg_ivlen=0, alg_minbits=512, alg_maxbits=512
- Dec 7 19:09:08.598737: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7
- Dec 7 19:09:08.598740: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=8(AH_RIPEMD), alg_ivlen=0, alg_minbits=160, alg_maxbits=160
- Dec 7 19:09:08.598742: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8
- Dec 7 19:09:08.598745: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=14(SADB_EXT_SUPPORTED_AUTH), alg_id=9(AH_AES_XCBC_MAC), alg_ivlen=0, alg_minbits=128, alg_maxbits=128
- Dec 7 19:09:08.598750: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9
- Dec 7 19:09:08.598753: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
- Dec 7 19:09:08.598756: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=11(ESP_NULL), alg_ivlen=0, alg_minbits=0, alg_maxbits=0
- Dec 7 19:09:08.598759: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=2(ESP_DES(UNUSED)), alg_ivlen=8, alg_minbits=64, alg_maxbits=64
- Dec 7 19:09:08.598761: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES(UNUSED)) - too weak
- Dec 7 19:09:08.598764: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=3(ESP_3DES), alg_ivlen=8, alg_minbits=192, alg_maxbits=192
- Dec 7 19:09:08.598766: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=6(ESP_CAST), alg_ivlen=8, alg_minbits=40, alg_maxbits=128
- Dec 7 19:09:08.598769: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=7(ESP_BLOWFISH(UNUSED)), alg_ivlen=8, alg_minbits=40, alg_maxbits=448
- Dec 7 19:09:08.598771: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH(UNUSED)) - too weak
- Dec 7 19:09:08.598774: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=12(ESP_AES), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.598777: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=252(ESP_SERPENT), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.598780: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=22(ESP_CAMELLIA), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.598783: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=253(ESP_TWOFISH), alg_ivlen=8, alg_minbits=128, alg_maxbits=256
- Dec 7 19:09:08.598785: | kernel_alg_add(): satype=3(SADB_SATYPE_ESP), exttype=15(SADB_EXT_SUPPORTED_ENCRYPT), alg_id=13(ESP_AES_CTR), alg_ivlen=8, alg_minbits=160, alg_maxbits=288
- Dec 7 19:09:08.598788: | ESP registered with kernel.
- Dec 7 19:09:08.598791: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
- Dec 7 19:09:08.598794: | 02 07 00 09 02 00 00 00 03 00 00 00 6e 1d 00 00
- Dec 7 19:09:08.602487: | pfkey_get: K_SADB_REGISTER message 3
- Dec 7 19:09:08.602498: | IPCOMP registered with kernel.
- Dec 7 19:09:08.602513: | Registered AH, ESP and IPCOMP
- Dec 7 19:09:08.602518: | event_schedule: new EVENT_SHUNT_SCAN-pe@0x564dee3b9b58
- Dec 7 19:09:08.602523: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000 seconds
- Dec 7 19:09:08.602529: | setup kernel fd callback
- Dec 7 19:09:08.602735: | selinux support is enabled.
- Dec 7 19:09:08.603103: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
- Dec 7 19:09:08.603108: watchdog: sending probes every 100 secs
- Dec 7 19:09:08.603111: | pluto_sd: executing action action: start(2), status 0
- Dec 7 19:09:08.603424: | event_schedule: new EVENT_SD_WATCHDOG-pe@0x564dee3c4248
- Dec 7 19:09:08.603430: | inserting event EVENT_SD_WATCHDOG, timeout in 100.000 seconds
- Dec 7 19:09:08.603606: | unbound context created - setting debug level to 5
- Dec 7 19:09:08.603653: | /etc/hosts lookups activated
- Dec 7 19:09:08.603681: | /etc/resolv.conf usage activated
- Dec 7 19:09:08.603685: | Loading dnssec root key from:/var/lib/unbound/root.key
- Dec 7 19:09:08.603688: | No additional dnssec trust anchors defined via dnssec-trusted= option
- Dec 7 19:09:08.603691: | Setting up events, loop start
- Dec 7 19:09:08.603995: | created addconn helper (pid:7563) using fork+execve
- Dec 7 19:09:08.604009: | forked child 7563
- Dec 7 19:09:08.604022: | pid table: inserting object 0x564dee3c66c8 (addconn pid 7563) entry 0x564dee3c66d0 into list 0x564dececf600 (older 0x564dececf600 newer 0x564dececf600)
- Dec 7 19:09:08.604027: | pid table: inserted object 0x564dee3c66c8 (addconn pid 7563) entry 0x564dee3c66d0 (older 0x564dececf600 newer 0x564dececf600)
- Dec 7 19:09:08.604036: | pid table: list entry 0x564dececf600 is HEAD (older 0x564dee3c66d0 newer 0x564dee3c66d0)
- Dec 7 19:09:08.608403: | certs and keys locked by 'lsw_add_rsa_secret'
- Dec 7 19:09:08.608422: | certs and keys unlocked by 'lsw_add_rsa_secret'
- Dec 7 19:09:08.608448: | Added new connection private with policy RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Dec 7 19:09:08.608947: | setting ID to ID_DER_ASN1_DN: 'CN=192.168.50.3,OU=AIMS,O=Polaris Alpha,ST=Colorado,C=US'
- Dec 7 19:09:08.608964: | loaded left certificate 'parsons'
- Dec 7 19:09:08.609056: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x564dee39c978
- Dec 7 19:09:08.609062: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x564dee3c8008
- Dec 7 19:09:08.609064: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x564dee3c8058
- Dec 7 19:09:08.609222: | unreference key: 0x564dee3c7e58 C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3 cnt 1--
- Dec 7 19:09:08.609231: | counting wild cards for C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3 is 0
- Dec 7 19:09:08.609235: | counting wild cards for (none) is 15
- Dec 7 19:09:08.609294: added connection description "private"
- Dec 7 19:09:08.609310: | 0.0.0.0/0===192.168.50.3<192.168.50.3>[C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3]...%opportunisticgroup
- Dec 7 19:09:08.609316: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUP+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
- Dec 7 19:09:08.609382: | pluto_sd: executing action action: reloading(4), status 0
- Dec 7 19:09:08.609417: listening for IKE messages
- Dec 7 19:09:08.609657: | Inspecting interface lo
- Dec 7 19:09:08.609662: | found lo with address 127.0.0.1
- Dec 7 19:09:08.609665: | Inspecting interface eth0
- Dec 7 19:09:08.609668: | found eth0 with address 10.0.2.15
- Dec 7 19:09:08.609670: | Inspecting interface eth1
- Dec 7 19:09:08.609673: | found eth1 with address 192.168.50.3
- Dec 7 19:09:08.609675: | Inspecting interface docker0
- Dec 7 19:09:08.609678: | found docker0 with address 172.17.0.1
- Dec 7 19:09:08.609708: adding interface docker0/docker0 172.17.0.1:500
- Dec 7 19:09:08.609751: | NAT-Traversal: Trying sockopt style NAT-T
- Dec 7 19:09:08.609755: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Dec 7 19:09:08.609757: adding interface docker0/docker0 172.17.0.1:4500
- Dec 7 19:09:08.609775: adding interface eth1/eth1 192.168.50.3:500
- Dec 7 19:09:08.609789: | NAT-Traversal: Trying sockopt style NAT-T
- Dec 7 19:09:08.609793: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Dec 7 19:09:08.609795: adding interface eth1/eth1 192.168.50.3:4500
- Dec 7 19:09:08.609812: adding interface eth0/eth0 10.0.2.15:500
- Dec 7 19:09:08.609826: | NAT-Traversal: Trying sockopt style NAT-T
- Dec 7 19:09:08.609830: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Dec 7 19:09:08.609832: adding interface eth0/eth0 10.0.2.15:4500
- Dec 7 19:09:08.609848: adding interface lo/lo 127.0.0.1:500
- Dec 7 19:09:08.609862: | NAT-Traversal: Trying sockopt style NAT-T
- Dec 7 19:09:08.609865: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
- Dec 7 19:09:08.609867: adding interface lo/lo 127.0.0.1:4500
- Dec 7 19:09:08.609919: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
- Dec 7 19:09:08.609957: adding interface lo/lo ::1:500
- Dec 7 19:09:08.609966: | connect_to_host_pair: 192.168.50.3:500 0.0.0.0:500 -> hp:none
- Dec 7 19:09:08.609974: | setup callback for interface lo:500 fd 24
- Dec 7 19:09:08.609978: | setup callback for interface lo:4500 fd 23
- Dec 7 19:09:08.609982: | setup callback for interface lo:500 fd 22
- Dec 7 19:09:08.609985: | setup callback for interface eth0:4500 fd 21
- Dec 7 19:09:08.609996: | setup callback for interface eth0:500 fd 20
- Dec 7 19:09:08.609999: | setup callback for interface eth1:4500 fd 19
- Dec 7 19:09:08.610003: | setup callback for interface eth1:500 fd 18
- Dec 7 19:09:08.610006: | setup callback for interface docker0:4500 fd 17
- Dec 7 19:09:08.610010: | setup callback for interface docker0:500 fd 16
- Dec 7 19:09:08.610015: | certs and keys locked by 'free_preshared_secrets'
- Dec 7 19:09:08.610017: forgetting secrets
- Dec 7 19:09:08.610022: | certs and keys unlocked by 'free_preshard_secrets'
- Dec 7 19:09:08.610039: loading secrets from "/etc/ipsec.secrets"
- Dec 7 19:09:08.610060: no secrets filename matched "/etc/ipsec.d/*.secrets"
- Dec 7 19:09:08.610083: loading group "/etc/ipsec.d/policies/private"
- Dec 7 19:09:08.610097: | 0.0.0.0/0->192.168.50.0/24 0 sport 0 dport 0 private
- Dec 7 19:09:08.610104: | pluto_sd: executing action action: ready(5), status 0
- Dec 7 19:09:08.610179: | processing: start connection "private" (in whack_route_connection() at rcv_whack.c:106)
- Dec 7 19:09:08.610185: | processing: suspend connection "private" (in route_group() at foodgroups.c:437)
- Dec 7 19:09:08.610188: | processing: start connection "private#192.168.50.0/24" (in route_group() at foodgroups.c:437)
- Dec 7 19:09:08.610194: | could_route called for private#192.168.50.0/24 (kind=CK_TEMPLATE)
- Dec 7 19:09:08.610199: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000 vs
- Dec 7 19:09:08.610202: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000
- Dec 7 19:09:08.610204: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000 vs
- Dec 7 19:09:08.610206: | conn private mark 0/00000000, 0/00000000
- Dec 7 19:09:08.610210: | route owner of "private#192.168.50.0/24" unrouted: NULL; eroute owner: NULL
- Dec 7 19:09:08.610214: | route_and_eroute() for proto 0, and source port 0 dest port 0
- Dec 7 19:09:08.610217: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000 vs
- Dec 7 19:09:08.610219: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000
- Dec 7 19:09:08.610221: | conn private#192.168.50.0/24 mark 0/00000000, 0/00000000 vs
- Dec 7 19:09:08.610223: | conn private mark 0/00000000, 0/00000000
- Dec 7 19:09:08.610226: | route owner of "private#192.168.50.0/24" unrouted: NULL; eroute owner: NULL
- Dec 7 19:09:08.610229: | route_and_eroute with c: private#192.168.50.0/24 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
- Dec 7 19:09:08.610233: | shunt_eroute() called for connection 'private#192.168.50.0/24' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0
- Dec 7 19:09:08.610238: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0
- Dec 7 19:09:08.610243: | priority calculation of connection "private#192.168.50.0/24" is 0x17ffe7
- Dec 7 19:09:08.610246: | IPsec Sa SPD priority set to 1572839
- Dec 7 19:09:08.610287: | priority calculation of connection "private#192.168.50.0/24" is 0x17ffe7
- Dec 7 19:09:08.610290: | route_and_eroute: firewall_notified: true
- Dec 7 19:09:08.610293: | running updown command "ipsec _updown" for verb prepare
- Dec 7 19:09:08.610295: | command executing prepare-client
- Dec 7 19:09:08.610305: | id type with ID_NONE means wildcard match
- Dec 7 19:09:08.610312: | trusted_ca_nss: trustee A = 'C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA'
- Dec 7 19:09:08.610318: | trusted_ca_nss: trustor B = 'C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA'
- Dec 7 19:09:08.610338: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private#192.168.50.0/24' PLUTO_INTERFACE='eth1' PLUTO_ME='192.168.50.3' PLUTO_MY_ID='C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.50.0/24' PLUTO_PEER_CLIENT_NET='192.168.50.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0'
- Dec 7 19:09:08.610346: | popen cmd is 1215 chars long
- Dec 7 19:09:08.610350: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private#192.16:
- Dec 7 19:09:08.610353: | cmd( 80):8.50.0/24' PLUTO_INTERFACE='eth1' PLUTO_ME='192.168.50.3' PLUTO_MY_ID='C=US, ST=:
- Dec 7 19:09:08.610356: | cmd( 160):Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3' PLUTO_MY_CLIENT='0.0.0.0/0':
- Dec 7 19:09:08.610360: | cmd( 240): PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' :
- Dec 7 19:09:08.610363: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='0.:
- Dec 7 19:09:08.610366: | cmd( 400):0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.50.0/24' PLUTO_PEER_CLI:
- Dec 7 19:09:08.610369: | cmd( 480):ENT_NET='192.168.50.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0:
- Dec 7 19:09:08.610372: | cmd( 560):' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Colorado, L=Colorado Springs, :
- Dec 7 19:09:08.610375: | cmd( 640):O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA' PLUTO_STACK='netkey' :
- Dec 7 19:09:08.610378: | cmd( 720):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GRO:
- Dec 7 19:09:08.610381: | cmd( 800):UPINSTANCE+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_:
- Dec 7 19:09:08.610384: | cmd( 880):ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F:
- Dec 7 19:09:08.610387: | cmd( 960):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='':
- Dec 7 19:09:08.610389: | cmd(1040): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU:
- Dec 7 19:09:08.610391: | cmd(1120):RED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ips:
- Dec 7 19:09:08.610393: | cmd(1200):ec _updown 2>&1:
- Dec 7 19:09:08.627300: | running updown command "ipsec _updown" for verb route
- Dec 7 19:09:08.627313: | command executing route-client
- Dec 7 19:09:08.627326: | id type with ID_NONE means wildcard match
- Dec 7 19:09:08.627332: | trusted_ca_nss: trustee A = 'C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA'
- Dec 7 19:09:08.627336: | trusted_ca_nss: trustor B = 'C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA'
- Dec 7 19:09:08.627355: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private#192.168.50.0/24' PLUTO_INTERFACE='eth1' PLUTO_ME='192.168.50.3' PLUTO_MY_ID='C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.50.0/24' PLUTO_PEER_CLIENT_NET='192.168.50.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUPINSTANCE+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLU
- Dec 7 19:09:08.627359: | popen cmd is 1213 chars long
- Dec 7 19:09:08.627361: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='private#192.168.:
- Dec 7 19:09:08.627370: | cmd( 80):50.0/24' PLUTO_INTERFACE='eth1' PLUTO_ME='192.168.50.3' PLUTO_MY_ID='C=US, ST=Co:
- Dec 7 19:09:08.627372: | cmd( 160):lorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3' PLUTO_MY_CLIENT='0.0.0.0/0' P:
- Dec 7 19:09:08.627375: | cmd( 240):LUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PL:
- Dec 7 19:09:08.627377: | cmd( 320):UTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='0.0.:
- Dec 7 19:09:08.627379: | cmd( 400):0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.50.0/24' PLUTO_PEER_CLIEN:
- Dec 7 19:09:08.627381: | cmd( 480):T_NET='192.168.50.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' :
- Dec 7 19:09:08.627383: | cmd( 560):PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Colorado, L=Colorado Springs, O=:
- Dec 7 19:09:08.627385: | cmd( 640):Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA' PLUTO_STACK='netkey' PL:
- Dec 7 19:09:08.627388: | cmd( 720):UTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+OPPORTUNISTIC+GROUP:
- Dec 7 19:09:08.627390: | cmd( 800):INSTANCE+IKEV2_ALLOW+IKEV2_PROPOSE+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_AL:
- Dec 7 19:09:08.627392: | cmd( 880):LOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAI:
- Dec 7 19:09:08.627394: | cmd( 960):LED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' P:
- Dec 7 19:09:08.627396: | cmd(1040):LUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE:
- Dec 7 19:09:08.627398: | cmd(1120):D='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec:
- Dec 7 19:09:08.627401: | cmd(1200): _updown 2>&1:
- Dec 7 19:09:08.641387: | processing: suspend connection "private#192.168.50.0/24" (in route_group() at foodgroups.c:441)
- Dec 7 19:09:08.641409: | processing: start connection "private" (in route_group() at foodgroups.c:441)
- Dec 7 19:09:08.641413: | processing: stop connection "private" (in whack_route_connection() at rcv_whack.c:116)
- Dec 7 19:09:08.641451: | waitpid returned nothing left to do (all child processes are busy)
- Dec 7 19:09:08.641455: | waitpid returned nothing left to do (all child processes are busy)
- Dec 7 19:09:08.641748: | waitpid returned pid 7563 (exited with status 0)
- Dec 7 19:09:08.641759: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:08.641762: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:08.641765: | reaped addconn helper child (status 0)
- Dec 7 19:09:08.641768: | pid table: removing object 0x564dee3c66c8 (addconn pid 7563) entry 0x564dee3c66d0 (older 0x564dececf600 newer 0x564dececf600)
- Dec 7 19:09:08.641772: | pid table: empty
- Dec 7 19:09:08.641777: | waitpid returned ECHILD (no child processes left)
- Dec 7 19:09:15.712038: | kernel_process_msg_cb process netlink message
- Dec 7 19:09:15.712149: | netlink_get: XFRM_MSG_ACQUIRE message
- Dec 7 19:09:15.712165: | xfrm netlink msg len 376
- Dec 7 19:09:15.712175: | xfrm acquire rtattribute type 5
- Dec 7 19:09:15.712184: | xfrm acquire rtattribute type 16
- Dec 7 19:09:15.712230: | add bare shunt 0x564dee3cec28 192.168.50.3/32:44927 --17--> 192.168.50.2/32:1025 => %hold 0 %acquire-netlink
- Dec 7 19:09:15.712254: initiate on demand from 192.168.50.3:44927 to 192.168.50.2:1025 proto=17 because: acquire
- Dec 7 19:09:15.712271: | find_connection: looking for policy for connection: 192.168.50.3:17/44927 -> 192.168.50.2:17/1025
- Dec 7 19:09:15.712324: | find_connection: conn "private#192.168.50.0/24" has compatible peers: 0.0.0.0/0 -> 192.168.50.0/24 [pri: 8]
- Dec 7 19:09:15.712341: | find_connection: first OK "private#192.168.50.0/24" [pri:8]{0x564dee3ce648} (child none)
- Dec 7 19:09:15.712353: | find_connection: concluding with "private#192.168.50.0/24" [pri:8]{0x564dee3ce648} kind=CK_TEMPLATE
- Dec 7 19:09:15.712365: | creating new instance from "private#192.168.50.0/24"
- Dec 7 19:09:15.712387: | shunt widened for protoports since conn does not limit protocols
- Dec 7 19:09:15.712400: | going to initiate opportunistic, first installing hold negotiationshunt
- Dec 7 19:09:15.712437: | priority calculation of connection "private#192.168.50.0/24" is 0x17ffe7
- Dec 7 19:09:15.712463: | oe-negotiating eroute 192.168.50.3/32:0 --0-> 192.168.50.2/32:0 => %hold (raw_eroute)
- Dec 7 19:09:15.712482: | netlink_raw_eroute: SPI_HOLD implemented as no-op
- Dec 7 19:09:15.712492: | raw_eroute result=success
- Dec 7 19:09:15.712502: | added bare (possibly wided) passthrough negotiationshunt succeeded (violating API)
- Dec 7 19:09:15.712522: | add bare shunt 0x564dee3cecf8 192.168.50.3/32:0 --0--> 192.168.50.2/32:0 => %hold 0 oe-negotiating
- Dec 7 19:09:15.712532: | fiddle_bare_shunt called
- Dec 7 19:09:15.712541: | fiddle_bare_shunt with transport_proto 17
- Dec 7 19:09:15.712551: | removing specific host-to-host bare shunt
- Dec 7 19:09:15.712564: | delete bare kernel shunt - was replaced with negotiationshunt eroute 192.168.50.3/32:44927 --17-> 192.168.50.2/32:1025 => %hold (raw_eroute)
- Dec 7 19:09:15.712574: | netlink_raw_eroute: SPI_PASS
- Dec 7 19:09:15.712632: | raw_eroute result=success
- Dec 7 19:09:15.712647: | raw_eroute with op='delete' for transport_proto='17' kernel shunt succeeded, bare shunt lookup succeeded
- Dec 7 19:09:15.712661: | delete bare shunt 0x564dee3cec28 192.168.50.3/32:44927 --17--> 192.168.50.2/32:1025 => %hold 0 %acquire-netlink
- Dec 7 19:09:15.712673: | success taking down narrow bare shunt
- Dec 7 19:09:15.712687: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712713: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712720: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712728: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712735: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712742: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712749: | checking private
- Dec 7 19:09:15.712755: | checking private#192.168.50.0/24
- Dec 7 19:09:15.712762: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712768: | checking private
- Dec 7 19:09:15.712774: | checking private#192.168.50.0/24
- Dec 7 19:09:15.712781: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712788: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712814: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.712823: | connect_to_host_pair: 192.168.50.3:500 192.168.50.2:500 -> hp:none
- Dec 7 19:09:15.712832: | oppo instantiate d="private#192.168.50.0/24" from c="private#192.168.50.0/24" with c->routing prospective erouted, d->routing unrouted
- Dec 7 19:09:15.712856: | new oppo instance: 0.0.0.0/0===192.168.50.3<192.168.50.3>[C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3]...192.168.50.2===192.168.50.0/24
- Dec 7 19:09:15.712878: | oppo_instantiate() instantiated "[1] ...192.168.50.2"private#192.168.50.0/24: 192.168.50.3/32===192.168.50.3<192.168.50.3>[C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3]...192.168.50.2
- Dec 7 19:09:15.712885: | assigning negotiation_shunt to connection
- Dec 7 19:09:15.712892: | assign hold, routing was unrouted, needs to be unrouted HOLD
- Dec 7 19:09:15.712898: | assign_holdpass() removing bare shunt
- Dec 7 19:09:15.712907: | delete bare shunt 0x564dee3cecf8 192.168.50.3/32:0 --0--> 192.168.50.2/32:0 => %hold 0 oe-negotiating
- Dec 7 19:09:15.712914: | assign_holdpass() done - returning success
- Dec 7 19:09:15.712920: | assign_holdpass succeeded
- Dec 7 19:09:15.712927: | initiate on demand from 192.168.50.3:0 to 192.168.50.2:0 proto=17 because: acquire
- Dec 7 19:09:15.712947: | creating state object #1 at 0x564dee3cf5b8
- Dec 7 19:09:15.712956: | parent state #1: new => STATE_UNDEFINED(ignore)
- Dec 7 19:09:15.713004: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in initialize_new_state() at ipsec_doi.c:490)
- Dec 7 19:09:15.713013: | inserting state object #1
- Dec 7 19:09:15.713023: | serialno list: inserting object 0x564dee3cf5b8 (state #1) entry 0x564dee3cfd60 into list 0x564deced80c0 (older 0x564deced80c0 newer 0x564deced80c0)
- Dec 7 19:09:15.713043: | serialno list: inserted object 0x564dee3cf5b8 (state #1) entry 0x564dee3cfd60 (older 0x564deced80c0 newer 0x564deced80c0)
- Dec 7 19:09:15.713051: | serialno list: list entry 0x564deced80c0 is HEAD (older 0x564dee3cfd60 newer 0x564dee3cfd60)
- Dec 7 19:09:15.713061: | serialno table: inserting object 0x564dee3cf5b8 (state #1) entry 0x564dee3cfd80 into list 0x564dececb000 (older 0x564dececb000 newer 0x564dececb000)
- Dec 7 19:09:15.713072: | serialno table: inserted object 0x564dee3cf5b8 (state #1) entry 0x564dee3cfd80 (older 0x564dececb000 newer 0x564dececb000)
- Dec 7 19:09:15.713080: | serialno table: list entry 0x564dececb000 is HEAD (older 0x564dee3cfd80 newer 0x564dee3cfd80)
- Dec 7 19:09:15.713095: | processing: [RE]START state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in initialize_new_state() at ipsec_doi.c:510)
- Dec 7 19:09:15.713104: | parent state #1: STATE_UNDEFINED(ignore) => STATE_PARENT_I1(half-open-ike)
- Dec 7 19:09:15.713111: | ignore states: 0
- Dec 7 19:09:15.713117: | half-open-ike states: 1
- Dec 7 19:09:15.713122: | open-ike states: 0
- Dec 7 19:09:15.713128: | established-anonymous-ike states: 0
- Dec 7 19:09:15.713134: | established-authenticated-ike states: 0
- Dec 7 19:09:15.713140: | anonymous-ipsec states: 0
- Dec 7 19:09:15.713146: | authenticated-ipsec states: 0
- Dec 7 19:09:15.713152: | informational states: 0
- Dec 7 19:09:15.713158: | unknown states: 0
- Dec 7 19:09:15.713164: | category states: 1 count states: 1
- Dec 7 19:09:15.713179: | Queuing pending IPsec SA negotiating with 192.168.50.2 "private#192.168.50.0/24"[1] ...192.168.50.2 IKE SA #1 "private#192.168.50.0/24"[1] ...192.168.50.2
- Dec 7 19:09:15.713198: | selecting default local IKE proposals for private#192.168.50.0/24 (IKE SA initiator selecting KE)
- Dec 7 19:09:15.713236: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local IKE proposals for private#192.168.50.0/24 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
- Dec 7 19:09:15.713261: | adding ikev2_outI1 KE work-order 1 for state #1
- Dec 7 19:09:15.713268: | state #1 requesting to delete non existing event
- Dec 7 19:09:15.713275: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564dee3d0b58
- Dec 7 19:09:15.713286: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
- Dec 7 19:09:15.713300: | backlog: inserting object 0x564dee3cff88 (work-order 1 state #1) entry 0x564dee3cff90 into list 0x564deced8fc0 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.713310: | backlog: inserted object 0x564dee3cff88 (work-order 1 state #1) entry 0x564dee3cff90 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.713318: | backlog: list entry 0x564deced8fc0 is HEAD (older 0x564dee3cff90 newer 0x564dee3cff90)
- Dec 7 19:09:15.713342: | processing: RESET state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in ikev2_parent_outI1() at ikev2_parent.c:823)
- Dec 7 19:09:15.713352: | initiate on demand using RSASIG from 192.168.50.3 to 192.168.50.2
- Dec 7 19:09:15.713386: | crypto helper 0 resuming
- Dec 7 19:09:15.713399: | backlog: removing object 0x564dee3cff88 (work-order 1 state #1) entry 0x564dee3cff90 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.713406: | backlog: empty
- Dec 7 19:09:15.713414: | crypto helper 0 starting work-order 1 for state #1
- Dec 7 19:09:15.713422: | crypto helper 0 doing build KE and nonce; request ID 1
- Dec 7 19:09:15.715800: | crypto helper 0 finished build KE and nonce; request ID 1 time elapsed 2365 usec
- Dec 7 19:09:15.715844: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
- Dec 7 19:09:15.715854: | scheduling now-event sending helper answer for #1
- Dec 7 19:09:15.715886: | crypto helper 0 waiting (nothing to do)
- Dec 7 19:09:15.715920: | executing now-event sending helper answer for 1
- Dec 7 19:09:15.715930: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.715937: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.715955: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in schedule_event_now_cb() at server.c:594)
- Dec 7 19:09:15.715962: | crypto helper 0 replies to request ID 1
- Dec 7 19:09:15.715969: | calling continuation function 0x564decbeb9b0
- Dec 7 19:09:15.715980: | ikev2_parent_outI1_continue for #1
- Dec 7 19:09:15.716091: | **emit ISAKMP Message:
- Dec 7 19:09:15.716105: | initiator cookie:
- Dec 7 19:09:15.716111: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.716117: | responder cookie:
- Dec 7 19:09:15.716123: | 00 00 00 00 00 00 00 00
- Dec 7 19:09:15.716131: | next payload type: ISAKMP_NEXT_v2SA (0x21)
- Dec 7 19:09:15.716138: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.716145: | exchange type: ISAKMP_v2_SA_INIT (0x22)
- Dec 7 19:09:15.716152: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.716159: | message ID: 00 00 00 00
- Dec 7 19:09:15.716167: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.716175: | already determined local IKE proposals for private#192.168.50.0/24 (IKE SA initiator emitting local proposals)
- Dec 7 19:09:15.716182: | Emitting ikev2_proposals ...
- Dec 7 19:09:15.716189: | ***emit IKEv2 Security Association Payload:
- Dec 7 19:09:15.716195: | next payload type: ISAKMP_NEXT_v2KE (0x22)
- Dec 7 19:09:15.716202: | flags: none (0x0)
- Dec 7 19:09:15.716211: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Security Association Payload' (33:ISAKMP_NEXT_v2SA)
- Dec 7 19:09:15.716218: | next payload type: saving payload location 'IKEv2 Security Association Payload' 'next payload type'
- Dec 7 19:09:15.716226: | ****emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.716233: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.716239: | prop #: 1 (0x1)
- Dec 7 19:09:15.716246: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Dec 7 19:09:15.716252: | spi size: 0 (0x0)
- Dec 7 19:09:15.716258: | # transforms: 9 (0x9)
- Dec 7 19:09:15.716265: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716271: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716278: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.716285: | IKEv2 transform ID: AES_GCM_C (0x14)
- Dec 7 19:09:15.716292: | ******emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.716298: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.716305: | length/value: 256 (0x100)
- Dec 7 19:09:15.716312: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.716318: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716324: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716330: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716337: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Dec 7 19:09:15.716344: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716350: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716356: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716362: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716368: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Dec 7 19:09:15.716374: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716380: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716387: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716406: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716412: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Dec 7 19:09:15.716419: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716425: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716431: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716437: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716444: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.716450: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716456: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716462: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716468: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716474: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
- Dec 7 19:09:15.716480: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716486: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716493: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716499: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716505: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
- Dec 7 19:09:15.716511: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716517: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716523: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716529: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716535: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
- Dec 7 19:09:15.716541: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716547: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716553: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.716559: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716565: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Dec 7 19:09:15.716571: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716578: | emitting length of IKEv2 Proposal Substructure Payload: 84
- Dec 7 19:09:15.716584: | ****emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.716591: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.716597: | prop #: 2 (0x2)
- Dec 7 19:09:15.716602: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Dec 7 19:09:15.716608: | spi size: 0 (0x0)
- Dec 7 19:09:15.716614: | # transforms: 9 (0x9)
- Dec 7 19:09:15.716620: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716626: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716633: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.716639: | IKEv2 transform ID: AES_GCM_C (0x14)
- Dec 7 19:09:15.716645: | ******emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.716651: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.716657: | length/value: 128 (0x80)
- Dec 7 19:09:15.716663: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.716669: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716675: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716681: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716687: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Dec 7 19:09:15.716693: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716699: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716705: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716711: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716717: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Dec 7 19:09:15.716723: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716729: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716735: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716746: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.716752: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Dec 7 19:09:15.716758: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716764: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716771: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716777: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716783: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.716789: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716795: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716801: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716807: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716814: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
- Dec 7 19:09:15.716820: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716826: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716832: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716838: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716844: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
- Dec 7 19:09:15.716850: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716856: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716862: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716868: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716874: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
- Dec 7 19:09:15.716880: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716886: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716892: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.716899: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.716905: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Dec 7 19:09:15.716911: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.716917: | emitting length of IKEv2 Proposal Substructure Payload: 84
- Dec 7 19:09:15.716923: | ****emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.716930: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.716935: | prop #: 3 (0x3)
- Dec 7 19:09:15.716941: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Dec 7 19:09:15.716947: | spi size: 0 (0x0)
- Dec 7 19:09:15.716953: | # transforms: 12 (0xc)
- Dec 7 19:09:15.716959: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.716965: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.716972: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.716978: | IKEv2 transform ID: AES_CBC (0xc)
- Dec 7 19:09:15.716984: | ******emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.716990: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.716996: | length/value: 256 (0x100)
- Dec 7 19:09:15.717002: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.717008: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717014: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717020: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717026: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Dec 7 19:09:15.717033: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717039: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717045: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717051: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717057: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Dec 7 19:09:15.717063: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717069: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717075: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717081: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717092: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Dec 7 19:09:15.717098: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717104: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717110: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717116: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717123: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Dec 7 19:09:15.717129: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717135: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717141: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717147: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717153: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Dec 7 19:09:15.717159: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717165: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717171: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717177: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717184: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
- Dec 7 19:09:15.717190: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717196: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717202: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717208: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717214: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.717220: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717226: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717232: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717238: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717245: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
- Dec 7 19:09:15.717251: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717257: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717263: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717269: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717275: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
- Dec 7 19:09:15.717281: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717287: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717293: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717299: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717305: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
- Dec 7 19:09:15.717311: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717317: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717323: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.717330: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717336: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Dec 7 19:09:15.717342: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717348: | emitting length of IKEv2 Proposal Substructure Payload: 108
- Dec 7 19:09:15.717354: | ****emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.717361: | last proposal: v2_PROPOSAL_LAST (0x0)
- Dec 7 19:09:15.717366: | prop #: 4 (0x4)
- Dec 7 19:09:15.717373: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Dec 7 19:09:15.717378: | spi size: 0 (0x0)
- Dec 7 19:09:15.717384: | # transforms: 12 (0xc)
- Dec 7 19:09:15.717390: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717396: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717403: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.717409: | IKEv2 transform ID: AES_CBC (0xc)
- Dec 7 19:09:15.717415: | ******emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.717421: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.717427: | length/value: 128 (0x80)
- Dec 7 19:09:15.717437: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.717443: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717450: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717456: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717462: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Dec 7 19:09:15.717468: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717474: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717480: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717492: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
- Dec 7 19:09:15.717498: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717504: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717510: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717516: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.717522: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
- Dec 7 19:09:15.717528: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717534: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717541: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717547: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717553: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Dec 7 19:09:15.717559: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717565: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717571: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717577: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717583: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Dec 7 19:09:15.717589: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717595: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717601: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717607: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.717613: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
- Dec 7 19:09:15.717620: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717640: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717645: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717649: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717654: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.717659: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717663: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717668: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717673: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717677: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
- Dec 7 19:09:15.717682: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717686: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717691: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717695: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717700: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
- Dec 7 19:09:15.717705: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717709: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717714: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.717718: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717723: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
- Dec 7 19:09:15.717728: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717732: | *****emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.717737: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.717741: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.717751: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
- Dec 7 19:09:15.717756: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.717761: | emitting length of IKEv2 Proposal Substructure Payload: 108
- Dec 7 19:09:15.717765: | emitting length of IKEv2 Security Association Payload: 388
- Dec 7 19:09:15.717771: | ***emit IKEv2 Key Exchange Payload:
- Dec 7 19:09:15.717776: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
- Dec 7 19:09:15.717781: | flags: none (0x0)
- Dec 7 19:09:15.717785: | DH group: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.717791: | next payload type: previous 'IKEv2 Security Association Payload' 'next payload type' matches 'IKEv2 Key Exchange Payload' (34:ISAKMP_NEXT_v2KE)
- Dec 7 19:09:15.717796: | next payload type: saving payload location 'IKEv2 Key Exchange Payload' 'next payload type'
- Dec 7 19:09:15.717802: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
- Dec 7 19:09:15.717808: | ikev2 g^x e6 14 db ee 26 6e 5b 92 9c 54 5b ba f8 e8 07 58
- Dec 7 19:09:15.717812: | ikev2 g^x 92 d1 5b a0 38 96 79 14 05 31 06 20 c8 4f 11 33
- Dec 7 19:09:15.717817: | ikev2 g^x d5 c5 85 1b f8 d4 9d 40 66 84 19 44 01 75 ef 07
- Dec 7 19:09:15.717821: | ikev2 g^x d9 bc f7 83 c0 90 6d 97 cb 76 09 da 2d d3 f8 8d
- Dec 7 19:09:15.717826: | ikev2 g^x b5 a3 eb b7 ec a8 15 ed 1a 6f 9e c6 92 18 38 2b
- Dec 7 19:09:15.717830: | ikev2 g^x 4b 77 e9 18 9b b6 7e d1 bf 02 7c 9d af 8f 72 56
- Dec 7 19:09:15.717835: | ikev2 g^x ea 1c 74 56 af 81 17 d7 24 85 fa 53 5e 27 ab 7d
- Dec 7 19:09:15.717839: | ikev2 g^x 13 f8 b1 ca aa 67 72 b0 34 93 61 51 df 5f 6d fb
- Dec 7 19:09:15.717843: | ikev2 g^x 46 48 44 a4 ec e4 04 ff c0 47 7b de 3d e1 32 5b
- Dec 7 19:09:15.717848: | ikev2 g^x 83 80 a1 be 9e 62 c8 2c 69 79 cf d2 32 aa cb c0
- Dec 7 19:09:15.717852: | ikev2 g^x 84 c3 d2 db 68 98 88 a7 28 64 50 ca 05 25 c7 d4
- Dec 7 19:09:15.717857: | ikev2 g^x 4a 92 89 27 fe 68 2a 77 84 6a 49 57 11 77 7a 17
- Dec 7 19:09:15.717861: | ikev2 g^x 1c 6d 39 05 84 79 e8 fe 0f e0 9f 69 4f 71 2f 49
- Dec 7 19:09:15.717866: | ikev2 g^x 90 e4 25 b6 30 13 96 73 d8 15 a3 f1 27 8d ed 81
- Dec 7 19:09:15.717870: | ikev2 g^x 0e 7e c7 86 c4 35 bc 94 30 08 02 c5 f0 9b cb 5d
- Dec 7 19:09:15.717875: | ikev2 g^x 2d 10 81 1a 3c 32 2e 09 92 c8 6b 7c ad 20 04 c8
- Dec 7 19:09:15.717880: | emitting length of IKEv2 Key Exchange Payload: 264
- Dec 7 19:09:15.717885: | ***emit IKEv2 Nonce Payload:
- Dec 7 19:09:15.717889: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.717894: | flags: none (0x0)
- Dec 7 19:09:15.717900: | next payload type: previous 'IKEv2 Key Exchange Payload' 'next payload type' matches 'IKEv2 Nonce Payload' (40:ISAKMP_NEXT_v2Ni)
- Dec 7 19:09:15.717905: | next payload type: saving payload location 'IKEv2 Nonce Payload' 'next payload type'
- Dec 7 19:09:15.717910: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
- Dec 7 19:09:15.717915: | IKEv2 nonce db 95 97 ce 32 17 f6 c8 27 37 f7 10 30 6f 43 37
- Dec 7 19:09:15.717920: | IKEv2 nonce 6c ed a6 7b 4e ff c3 14 90 18 e1 e7 74 ac 36 b6
- Dec 7 19:09:15.717924: | emitting length of IKEv2 Nonce Payload: 36
- Dec 7 19:09:15.717929: | Adding a v2N Payload
- Dec 7 19:09:15.717934: | ***emit IKEv2 Notify Payload:
- Dec 7 19:09:15.717939: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.717943: | flags: none (0x0)
- Dec 7 19:09:15.717948: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.717952: | SPI size: 0 (0x0)
- Dec 7 19:09:15.717958: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
- Dec 7 19:09:15.717964: | next payload type: previous 'IKEv2 Nonce Payload' 'next payload type' matches 'IKEv2 Notify Payload' (41:ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.717969: | next payload type: saving payload location 'IKEv2 Notify Payload' 'next payload type'
- Dec 7 19:09:15.717974: | emitting 0 raw bytes of Notify data into IKEv2 Notify Payload
- Dec 7 19:09:15.717978: | Notify data
- Dec 7 19:09:15.717983: | emitting length of IKEv2 Notify Payload: 8
- Dec 7 19:09:15.717993: | Adding a v2N Payload
- Dec 7 19:09:15.717998: | ***emit IKEv2 Notify Payload:
- Dec 7 19:09:15.718002: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.718007: | flags: none (0x0)
- Dec 7 19:09:15.718011: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.718016: | SPI size: 0 (0x0)
- Dec 7 19:09:15.718020: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
- Dec 7 19:09:15.718026: | next payload type: previous 'IKEv2 Notify Payload' 'next payload type' matches 'IKEv2 Notify Payload' (41:ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.718031: | next payload type: saving payload location 'IKEv2 Notify Payload' 'next payload type'
- Dec 7 19:09:15.718036: | emitting 2 raw bytes of Notify data into IKEv2 Notify Payload
- Dec 7 19:09:15.718041: | Notify data 00 01
- Dec 7 19:09:15.718045: | emitting length of IKEv2 Notify Payload: 10
- Dec 7 19:09:15.718051: | NAT-Traversal support [enabled] add v2N payloads.
- Dec 7 19:09:15.718057: | natd_hash: Warning, rcookie is zero !!
- Dec 7 19:09:15.718081: | natd_hash: hasher=0x564deceb7720(20)
- Dec 7 19:09:15.718087: | natd_hash: icookie= af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.718091: | natd_hash: rcookie= 00 00 00 00 00 00 00 00
- Dec 7 19:09:15.718096: | natd_hash: ip= c0 a8 32 03
- Dec 7 19:09:15.718100: | natd_hash: port=500
- Dec 7 19:09:15.718105: | natd_hash: hash= 87 e4 8d f3 e5 da d4 8b 8c 78 b2 f7 7f dc 9f bf
- Dec 7 19:09:15.718110: | natd_hash: hash= 5d 93 24 9d
- Dec 7 19:09:15.718114: | Adding a v2N Payload
- Dec 7 19:09:15.718119: | ***emit IKEv2 Notify Payload:
- Dec 7 19:09:15.718123: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.718128: | flags: none (0x0)
- Dec 7 19:09:15.718133: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.718137: | SPI size: 0 (0x0)
- Dec 7 19:09:15.718143: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
- Dec 7 19:09:15.718149: | next payload type: previous 'IKEv2 Notify Payload' 'next payload type' matches 'IKEv2 Notify Payload' (41:ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.718153: | next payload type: saving payload location 'IKEv2 Notify Payload' 'next payload type'
- Dec 7 19:09:15.718159: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
- Dec 7 19:09:15.718164: | Notify data 87 e4 8d f3 e5 da d4 8b 8c 78 b2 f7 7f dc 9f bf
- Dec 7 19:09:15.718168: | Notify data 5d 93 24 9d
- Dec 7 19:09:15.718173: | emitting length of IKEv2 Notify Payload: 28
- Dec 7 19:09:15.718177: | natd_hash: Warning, rcookie is zero !!
- Dec 7 19:09:15.718188: | natd_hash: hasher=0x564deceb7720(20)
- Dec 7 19:09:15.718193: | natd_hash: icookie= af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.718198: | natd_hash: rcookie= 00 00 00 00 00 00 00 00
- Dec 7 19:09:15.718202: | natd_hash: ip= c0 a8 32 02
- Dec 7 19:09:15.718206: | natd_hash: port=500
- Dec 7 19:09:15.718211: | natd_hash: hash= 0c db 0c f0 72 3d d8 82 cf df 53 b0 ce 85 1f b1
- Dec 7 19:09:15.718215: | natd_hash: hash= d7 67 ff 7b
- Dec 7 19:09:15.718219: | Adding a v2N Payload
- Dec 7 19:09:15.718224: | ***emit IKEv2 Notify Payload:
- Dec 7 19:09:15.718229: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.718233: | flags: none (0x0)
- Dec 7 19:09:15.718238: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.718242: | SPI size: 0 (0x0)
- Dec 7 19:09:15.718247: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
- Dec 7 19:09:15.718252: | next payload type: previous 'IKEv2 Notify Payload' 'next payload type' matches 'IKEv2 Notify Payload' (41:ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.718257: | next payload type: saving payload location 'IKEv2 Notify Payload' 'next payload type'
- Dec 7 19:09:15.718262: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
- Dec 7 19:09:15.718267: | Notify data 0c db 0c f0 72 3d d8 82 cf df 53 b0 ce 85 1f b1
- Dec 7 19:09:15.718271: | Notify data d7 67 ff 7b
- Dec 7 19:09:15.718276: | emitting length of IKEv2 Notify Payload: 28
- Dec 7 19:09:15.718280: | emitting length of ISAKMP Message: 790
- Dec 7 19:09:15.718291: | processing: stop state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in ikev2_parent_outI1_common() at ikev2_parent.c:1089)
- Dec 7 19:09:15.718301: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.718306: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.718318: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in complete_v2_state_transition() at ikev2.c:2787)
- Dec 7 19:09:15.718325: | #1 complete v2 state transition from STATE_PARENT_I1 with STF_OK
- Dec 7 19:09:15.718333: | IKEv2: transition from state STATE_IKEv2_BASE to state STATE_PARENT_I1
- Dec 7 19:09:15.718341: | message ID #1 STATE_PARENT_I1 private#192.168.50.0/24 pst #1 st_msgid_nextuse(before=0) 1 st_msgid_lastack 4294967295 st_msgid_lastrecv 4294967295 md is a request
- Dec 7 19:09:15.718347: | sending V2 new request packet to 192.168.50.2:500 (from port 500)
- Dec 7 19:09:15.718361: | sending 790 bytes for STATE_IKEv2_BASE through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.718366: | af 26 30 ff 4b 80 f5 5b 00 00 00 00 00 00 00 00
- Dec 7 19:09:15.718371: | 21 20 22 08 00 00 00 00 00 00 03 16 22 00 01 84
- Dec 7 19:09:15.718375: | 02 00 00 54 01 01 00 09 03 00 00 0c 01 00 00 14
- Dec 7 19:09:15.718379: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08
- Dec 7 19:09:15.718384: | 02 00 00 05 03 00 00 08 02 00 00 02 03 00 00 08
- Dec 7 19:09:15.718388: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08
- Dec 7 19:09:15.718393: | 04 00 00 10 03 00 00 08 04 00 00 12 00 00 00 08
- Dec 7 19:09:15.718397: | 04 00 00 13 02 00 00 54 02 01 00 09 03 00 00 0c
- Dec 7 19:09:15.718401: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07
- Dec 7 19:09:15.718406: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02
- Dec 7 19:09:15.718410: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f
- Dec 7 19:09:15.718414: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12
- Dec 7 19:09:15.718419: | 00 00 00 08 04 00 00 13 02 00 00 6c 03 01 00 0c
- Dec 7 19:09:15.718423: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08
- Dec 7 19:09:15.718428: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08
- Dec 7 19:09:15.718432: | 02 00 00 02 03 00 00 08 03 00 00 0e 03 00 00 08
- Dec 7 19:09:15.718436: | 03 00 00 0c 03 00 00 08 03 00 00 02 03 00 00 08
- Dec 7 19:09:15.718441: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08
- Dec 7 19:09:15.718445: | 04 00 00 10 03 00 00 08 04 00 00 12 00 00 00 08
- Dec 7 19:09:15.718449: | 04 00 00 13 00 00 00 6c 04 01 00 0c 03 00 00 0c
- Dec 7 19:09:15.718454: | 01 00 00 0c 80 0e 00 80 03 00 00 08 02 00 00 07
- Dec 7 19:09:15.718458: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02
- Dec 7 19:09:15.718462: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c
- Dec 7 19:09:15.718467: | 03 00 00 08 03 00 00 02 03 00 00 08 04 00 00 0e
- Dec 7 19:09:15.718471: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10
- Dec 7 19:09:15.718476: | 03 00 00 08 04 00 00 12 00 00 00 08 04 00 00 13
- Dec 7 19:09:15.718480: | 28 00 01 08 00 0e 00 00 e6 14 db ee 26 6e 5b 92
- Dec 7 19:09:15.718484: | 9c 54 5b ba f8 e8 07 58 92 d1 5b a0 38 96 79 14
- Dec 7 19:09:15.718489: | 05 31 06 20 c8 4f 11 33 d5 c5 85 1b f8 d4 9d 40
- Dec 7 19:09:15.718493: | 66 84 19 44 01 75 ef 07 d9 bc f7 83 c0 90 6d 97
- Dec 7 19:09:15.718497: | cb 76 09 da 2d d3 f8 8d b5 a3 eb b7 ec a8 15 ed
- Dec 7 19:09:15.718502: | 1a 6f 9e c6 92 18 38 2b 4b 77 e9 18 9b b6 7e d1
- Dec 7 19:09:15.718506: | bf 02 7c 9d af 8f 72 56 ea 1c 74 56 af 81 17 d7
- Dec 7 19:09:15.718511: | 24 85 fa 53 5e 27 ab 7d 13 f8 b1 ca aa 67 72 b0
- Dec 7 19:09:15.718515: | 34 93 61 51 df 5f 6d fb 46 48 44 a4 ec e4 04 ff
- Dec 7 19:09:15.718519: | c0 47 7b de 3d e1 32 5b 83 80 a1 be 9e 62 c8 2c
- Dec 7 19:09:15.718524: | 69 79 cf d2 32 aa cb c0 84 c3 d2 db 68 98 88 a7
- Dec 7 19:09:15.718528: | 28 64 50 ca 05 25 c7 d4 4a 92 89 27 fe 68 2a 77
- Dec 7 19:09:15.718532: | 84 6a 49 57 11 77 7a 17 1c 6d 39 05 84 79 e8 fe
- Dec 7 19:09:15.718540: | 0f e0 9f 69 4f 71 2f 49 90 e4 25 b6 30 13 96 73
- Dec 7 19:09:15.718545: | d8 15 a3 f1 27 8d ed 81 0e 7e c7 86 c4 35 bc 94
- Dec 7 19:09:15.718549: | 30 08 02 c5 f0 9b cb 5d 2d 10 81 1a 3c 32 2e 09
- Dec 7 19:09:15.718554: | 92 c8 6b 7c ad 20 04 c8 29 00 00 24 db 95 97 ce
- Dec 7 19:09:15.718558: | 32 17 f6 c8 27 37 f7 10 30 6f 43 37 6c ed a6 7b
- Dec 7 19:09:15.718562: | 4e ff c3 14 90 18 e1 e7 74 ac 36 b6 29 00 00 08
- Dec 7 19:09:15.718567: | 00 00 40 2e 29 00 00 0a 00 00 40 2f 00 01 29 00
- Dec 7 19:09:15.718571: | 00 1c 00 00 40 04 87 e4 8d f3 e5 da d4 8b 8c 78
- Dec 7 19:09:15.718575: | b2 f7 7f dc 9f bf 5d 93 24 9d 00 00 00 1c 00 00
- Dec 7 19:09:15.718580: | 40 05 0c db 0c f0 72 3d d8 82 cf df 53 b0 ce 85
- Dec 7 19:09:15.718584: | 1f b1 d7 67 ff 7b
- Dec 7 19:09:15.718722: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Dec 7 19:09:15.718740: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564dee3d0b58
- Dec 7 19:09:15.718747: | success_v2_state_transition scheduling EVENT_v2_RETRANSMIT of c->r_interval=500ms
- Dec 7 19:09:15.718756: | event_schedule: new EVENT_v2_RETRANSMIT-pe@0x564dee3d0b58
- Dec 7 19:09:15.718763: | inserting event EVENT_v2_RETRANSMIT, timeout in 0.500 seconds for #1
- Dec 7 19:09:15.718773: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 992.645
- Dec 7 19:09:15.718783: | processing: stop state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in schedule_event_now_cb() at server.c:597)
- Dec 7 19:09:15.718789: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.718794: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.725494: | *received 447 bytes from 192.168.50.2:500 on eth1 (port=500)
- Dec 7 19:09:15.725526: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.725530: | 21 20 22 20 00 00 00 00 00 00 01 bf 22 00 00 28
- Dec 7 19:09:15.725534: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14
- Dec 7 19:09:15.725537: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08
- Dec 7 19:09:15.725541: | 04 00 00 0e 28 00 01 08 00 0e 00 00 22 0c c4 07
- Dec 7 19:09:15.725544: | d1 74 bb b5 fb ad 84 52 6d b7 25 ec 35 9f b9 35
- Dec 7 19:09:15.725548: | a8 aa 77 c0 1a 4d 6b f0 15 f7 d7 70 05 49 a5 fb
- Dec 7 19:09:15.725551: | 50 2b 9b 05 87 c7 88 70 bc 62 00 26 51 ff 3c cf
- Dec 7 19:09:15.725555: | fe 31 ce e3 7f a0 d4 3e 54 ae e1 f8 0e 45 4e e8
- Dec 7 19:09:15.725560: | 1e 88 de 43 32 52 fa a2 e6 37 c5 cf d2 5a 96 78
- Dec 7 19:09:15.725566: | 17 65 9c b5 60 25 a3 38 b8 b6 63 44 24 11 05 e7
- Dec 7 19:09:15.725571: | bb 7a 17 5e 33 41 bc 2b 01 6b 16 95 06 bd a1 79
- Dec 7 19:09:15.725577: | 36 01 c3 a3 9a 7a 3d 62 a3 3e e4 9d 24 29 06 fa
- Dec 7 19:09:15.725583: | 0e 65 1e a2 e2 9c d1 50 0c 04 a4 44 18 58 c5 c4
- Dec 7 19:09:15.725589: | 83 e1 99 9f b8 ca c4 87 72 3a 8b d8 2a 64 ec 43
- Dec 7 19:09:15.725594: | f3 e3 47 97 5a 03 53 cf bc 78 f7 de c6 80 98 b3
- Dec 7 19:09:15.725600: | dd ce f7 1e 3e 5d 8a b3 45 16 8c e1 92 c7 ae 07
- Dec 7 19:09:15.725606: | 3d 9f ac e2 16 d1 fb ad 31 ba c2 40 1a 91 4b 8f
- Dec 7 19:09:15.725611: | 47 f6 18 d0 ac 89 47 3a b6 4a 0a f4 f1 c9 48 8f
- Dec 7 19:09:15.725628: | 8f 86 05 5f 27 87 43 63 2b 4e 88 b2 5b df 39 b9
- Dec 7 19:09:15.725634: | 5f 2e 91 67 f7 89 03 26 a8 39 79 d6 29 00 00 24
- Dec 7 19:09:15.725640: | f0 2a f0 c4 47 41 78 6b 1c d8 53 3e 6d dc c0 fc
- Dec 7 19:09:15.725645: | 05 19 15 83 46 34 21 19 01 61 51 8d 44 f6 77 39
- Dec 7 19:09:15.725651: | 29 00 00 08 00 00 40 2e 29 00 00 0a 00 00 40 2f
- Dec 7 19:09:15.725656: | 00 01 29 00 00 1c 00 00 40 04 fd db ab cd 0c 6f
- Dec 7 19:09:15.725660: | 89 38 cb 7c eb 45 1c 8d 69 7f 66 8e fc 83 26 00
- Dec 7 19:09:15.725663: | 00 1c 00 00 40 05 2a b4 eb eb 74 40 26 fc 5b 08
- Dec 7 19:09:15.725667: | b9 a1 0c 71 1f 3c ef d5 d7 7f 00 00 00 05 04
- Dec 7 19:09:15.725692: | processing: start from 192.168.50.2:500 (in process_md() at demux.c:392)
- Dec 7 19:09:15.725699: | **parse ISAKMP Message:
- Dec 7 19:09:15.725704: | initiator cookie:
- Dec 7 19:09:15.725707: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.725711: | responder cookie:
- Dec 7 19:09:15.725715: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.725719: | next payload type: ISAKMP_NEXT_v2SA (0x21)
- Dec 7 19:09:15.725723: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.725727: | exchange type: ISAKMP_v2_SA_INIT (0x22)
- Dec 7 19:09:15.725732: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
- Dec 7 19:09:15.725736: | message ID: 00 00 00 00
- Dec 7 19:09:15.725740: | length: 447 (0x1bf)
- Dec 7 19:09:15.725744: | processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
- Dec 7 19:09:15.725751: | I am receiving an IKEv2 Response ISAKMP_v2_SA_INIT
- Dec 7 19:09:15.725755: | I am the IKE SA Original Initiator
- Dec 7 19:09:15.725766: | icookie table: hash icookie af 26 30 ff 4b 80 f5 5b to 10993388570101360805 slot 0x564decec8ae0
- Dec 7 19:09:15.725771: | parent_init v2 peer and cookies match on #1
- Dec 7 19:09:15.725775: | v2 state object #1 found, in STATE_PARENT_I1
- Dec 7 19:09:15.725779: | rehashing state object #1
- Dec 7 19:09:15.725783: | icookie table: cookies table: re-hashing state #1 cookies
- Dec 7 19:09:15.725788: | found state #1
- Dec 7 19:09:15.725797: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in ikev2_process_packet() at ikev2.c:1538)
- Dec 7 19:09:15.725804: | processing: start connection "private#192.168.50.0/24"[1] ...192.168.50.2 (BACKGROUND) (in ikev2_process_packet() at ikev2.c:1543)
- Dec 7 19:09:15.725808: | #1 is idle
- Dec 7 19:09:15.725812: | #1 idle
- Dec 7 19:09:15.725816: | #1 in state PARENT_I1: sent v2I1, expected v2R1
- Dec 7 19:09:15.725820: | Unpacking clear payload for svm: Initiator: process SA_INIT reply notification
- Dec 7 19:09:15.725824: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
- Dec 7 19:09:15.725829: | ***parse IKEv2 Security Association Payload:
- Dec 7 19:09:15.725832: | next payload type: ISAKMP_NEXT_v2KE (0x22)
- Dec 7 19:09:15.725836: | flags: none (0x0)
- Dec 7 19:09:15.725840: | length: 40 (0x28)
- Dec 7 19:09:15.725843: | processing payload: ISAKMP_NEXT_v2SA (len=40)
- Dec 7 19:09:15.725847: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
- Dec 7 19:09:15.725851: | ***parse IKEv2 Key Exchange Payload:
- Dec 7 19:09:15.725855: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
- Dec 7 19:09:15.725859: | flags: none (0x0)
- Dec 7 19:09:15.725862: | length: 264 (0x108)
- Dec 7 19:09:15.725866: | DH group: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.725870: | processing payload: ISAKMP_NEXT_v2KE (len=264)
- Dec 7 19:09:15.725873: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
- Dec 7 19:09:15.725877: | ***parse IKEv2 Nonce Payload:
- Dec 7 19:09:15.725881: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.725884: | flags: none (0x0)
- Dec 7 19:09:15.725888: | length: 36 (0x24)
- Dec 7 19:09:15.725891: | processing payload: ISAKMP_NEXT_v2Ni (len=36)
- Dec 7 19:09:15.725895: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.725899: | ***parse IKEv2 Notify Payload:
- Dec 7 19:09:15.725903: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.725906: | flags: none (0x0)
- Dec 7 19:09:15.725910: | length: 8 (0x8)
- Dec 7 19:09:15.725914: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.725917: | SPI size: 0 (0x0)
- Dec 7 19:09:15.725921: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
- Dec 7 19:09:15.725925: | processing payload: ISAKMP_NEXT_v2N (len=8)
- Dec 7 19:09:15.725929: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.725932: | ***parse IKEv2 Notify Payload:
- Dec 7 19:09:15.725936: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.725939: | flags: none (0x0)
- Dec 7 19:09:15.725943: | length: 10 (0xa)
- Dec 7 19:09:15.725946: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.725954: | SPI size: 0 (0x0)
- Dec 7 19:09:15.725958: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
- Dec 7 19:09:15.725962: | processing payload: ISAKMP_NEXT_v2N (len=10)
- Dec 7 19:09:15.725965: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.725969: | ***parse IKEv2 Notify Payload:
- Dec 7 19:09:15.725973: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.725976: | flags: none (0x0)
- Dec 7 19:09:15.725980: | length: 28 (0x1c)
- Dec 7 19:09:15.725983: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.725987: | SPI size: 0 (0x0)
- Dec 7 19:09:15.725991: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
- Dec 7 19:09:15.725994: | processing payload: ISAKMP_NEXT_v2N (len=28)
- Dec 7 19:09:15.725998: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.726002: | ***parse IKEv2 Notify Payload:
- Dec 7 19:09:15.726005: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26)
- Dec 7 19:09:15.726009: | flags: none (0x0)
- Dec 7 19:09:15.726012: | length: 28 (0x1c)
- Dec 7 19:09:15.726016: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.726019: | SPI size: 0 (0x0)
- Dec 7 19:09:15.726023: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
- Dec 7 19:09:15.726027: | processing payload: ISAKMP_NEXT_v2N (len=28)
- Dec 7 19:09:15.726030: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ)
- Dec 7 19:09:15.726034: | ***parse IKEv2 Certificate Request Payload:
- Dec 7 19:09:15.726038: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.726042: | flags: none (0x0)
- Dec 7 19:09:15.726045: | length: 5 (0x5)
- Dec 7 19:09:15.726049: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
- Dec 7 19:09:15.726053: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=5)
- Dec 7 19:09:15.726057: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
- Dec 7 19:09:15.726061: | Now lets proceed with state specific processing
- Dec 7 19:09:15.726064: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
- Dec 7 19:09:15.726083: | parsing 2 raw bytes of IKEv2 Notify Payload into hash value
- Dec 7 19:09:15.726090: | hash value 00 01
- Dec 7 19:09:15.726096: | ikev2 parent inR1: calculating g^{xy} in order to send I2
- Dec 7 19:09:15.726103: | already determined local IKE proposals for private#192.168.50.0/24 (IKE SA initiator accepting remote proposal)
- Dec 7 19:09:15.726108: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals
- Dec 7 19:09:15.726113: | ****parse IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.726117: | last proposal: v2_PROPOSAL_LAST (0x0)
- Dec 7 19:09:15.726121: | length: 36 (0x24)
- Dec 7 19:09:15.726124: | prop #: 1 (0x1)
- Dec 7 19:09:15.726128: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
- Dec 7 19:09:15.726131: | spi size: 0 (0x0)
- Dec 7 19:09:15.726135: | # transforms: 3 (0x3)
- Dec 7 19:09:15.726143: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals
- Dec 7 19:09:15.726148: | local proposal 1 type ENCR has 1 transforms
- Dec 7 19:09:15.726152: | local proposal 1 type PRF has 3 transforms
- Dec 7 19:09:15.726156: | local proposal 1 type INTEG has 1 transforms
- Dec 7 19:09:15.726160: | local proposal 1 type DH has 5 transforms
- Dec 7 19:09:15.726163: | local proposal 1 type ESN has 0 transforms
- Dec 7 19:09:15.726169: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
- Dec 7 19:09:15.726173: | *****parse IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.726177: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.726180: | length: 12 (0xc)
- Dec 7 19:09:15.726184: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.726188: | IKEv2 transform ID: AES_GCM_C (0x14)
- Dec 7 19:09:15.726192: | ******parse IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.726196: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.726200: | length/value: 256 (0x100)
- Dec 7 19:09:15.726208: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
- Dec 7 19:09:15.726216: | *****parse IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.726220: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.726224: | length: 8 (0x8)
- Dec 7 19:09:15.726227: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
- Dec 7 19:09:15.726231: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
- Dec 7 19:09:15.726236: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
- Dec 7 19:09:15.726240: | *****parse IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.726244: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.726248: | length: 8 (0x8)
- Dec 7 19:09:15.726251: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
- Dec 7 19:09:15.726255: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
- Dec 7 19:09:15.726260: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
- Dec 7 19:09:15.726266: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
- Dec 7 19:09:15.726272: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
- Dec 7 19:09:15.726276: | remote proposal 1 matches local proposal 1
- Dec 7 19:09:15.726281: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match]
- Dec 7 19:09:15.726285: | converting proposal to internal trans attrs
- Dec 7 19:09:15.726291: | since AEAD, forcing NULL integ to 'NONE'
- Dec 7 19:09:15.726297: | message ID #1 STATE_PARENT_I1 private#192.168.50.0/24 pst #1 st_msgid_nextuse(before=1) 1 st_msgid_lastack 0 st_msgid_lastrecv 4294967295 md is a resonse
- Dec 7 19:09:15.726332: | natd_hash: hasher=0x564deceb7720(20)
- Dec 7 19:09:15.726337: | natd_hash: icookie= af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.726340: | natd_hash: rcookie= 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.726344: | natd_hash: ip= c0 a8 32 03
- Dec 7 19:09:15.726347: | natd_hash: port=500
- Dec 7 19:09:15.726351: | natd_hash: hash= 2a b4 eb eb 74 40 26 fc 5b 08 b9 a1 0c 71 1f 3c
- Dec 7 19:09:15.726355: | natd_hash: hash= ef d5 d7 7f
- Dec 7 19:09:15.726363: | natd_hash: hasher=0x564deceb7720(20)
- Dec 7 19:09:15.726367: | natd_hash: icookie= af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.726371: | natd_hash: rcookie= 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.726374: | natd_hash: ip= c0 a8 32 02
- Dec 7 19:09:15.726378: | natd_hash: port=500
- Dec 7 19:09:15.726381: | natd_hash: hash= fd db ab cd 0c 6f 89 38 cb 7c eb 45 1c 8d 69 7f
- Dec 7 19:09:15.726385: | natd_hash: hash= 66 8e fc 83
- Dec 7 19:09:15.726389: | NAT_TRAVERSAL encaps using auto-detect
- Dec 7 19:09:15.726393: | NAT_TRAVERSAL this end is NOT behind NAT
- Dec 7 19:09:15.726396: | NAT_TRAVERSAL that end is NOT behind NAT
- Dec 7 19:09:15.726400: | NAT_TRAVERSAL nat_keepalive enabled 192.168.50.2
- Dec 7 19:09:15.726409: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
- Dec 7 19:09:15.726416: | adding ikev2_inR1outI2 KE work-order 2 for state #1
- Dec 7 19:09:15.726420: | state #1 requesting EVENT_v2_RETRANSMIT to be deleted
- Dec 7 19:09:15.726424: | #1 STATE_PARENT_I1: retransmits: cleared
- Dec 7 19:09:15.726431: | free_event_entry: release EVENT_v2_RETRANSMIT-pe@0x564dee3d0b58
- Dec 7 19:09:15.726436: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564dee3d0b58
- Dec 7 19:09:15.726444: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60.000 seconds for #1
- Dec 7 19:09:15.726452: | backlog: inserting object 0x564dee3d26d8 (work-order 2 state #1) entry 0x564dee3d26e0 into list 0x564deced8fc0 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.726458: | backlog: inserted object 0x564dee3d26d8 (work-order 2 state #1) entry 0x564dee3d26e0 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.726463: | backlog: list entry 0x564deced8fc0 is HEAD (older 0x564dee3d26e0 newer 0x564dee3d26e0)
- Dec 7 19:09:15.726478: | suspending state #1 and saving MD
- Dec 7 19:09:15.726487: | #1 is busy; has a suspended MD
- Dec 7 19:09:15.726493: | processing: [RE]START state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in log_stf_suspend() at ikev2.c:2691)
- Dec 7 19:09:15.726500: | "private#192.168.50.0/24"[1] ...192.168.50.2 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:2763
- Dec 7 19:09:15.726506: | processing: stop from 192.168.50.2:500 (BACKGROUND) (in process_md() at demux.c:394)
- Dec 7 19:09:15.726511: | processing: stop state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.726516: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.726519: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.726524: | processing: resume connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.726530: | processing: stop connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:397)
- Dec 7 19:09:15.726549: | crypto helper 1 resuming
- Dec 7 19:09:15.726557: | backlog: removing object 0x564dee3d26d8 (work-order 2 state #1) entry 0x564dee3d26e0 (older 0x564deced8fc0 newer 0x564deced8fc0)
- Dec 7 19:09:15.726563: | backlog: empty
- Dec 7 19:09:15.726571: | crypto helper 1 starting work-order 2 for state #1
- Dec 7 19:09:15.726578: | crypto helper 1 doing compute dh (V2); request ID 2
- Dec 7 19:09:15.727642: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
- Dec 7 19:09:15.728163: | crypto helper 1 finished compute dh (V2); request ID 2 time elapsed 1585 usec
- Dec 7 19:09:15.728172: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
- Dec 7 19:09:15.728176: | scheduling now-event sending helper answer for #1
- Dec 7 19:09:15.728189: | crypto helper 1 waiting (nothing to do)
- Dec 7 19:09:15.728204: | executing now-event sending helper answer for 1
- Dec 7 19:09:15.728209: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.728213: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.728221: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in schedule_event_now_cb() at server.c:594)
- Dec 7 19:09:15.728225: | crypto helper 1 replies to request ID 2
- Dec 7 19:09:15.728229: | calling continuation function 0x564decbf0ea0
- Dec 7 19:09:15.728237: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2
- Dec 7 19:09:15.728247: | creating state object #2 at 0x564dee3d32a8
- Dec 7 19:09:15.728252: | parent state #2: new => STATE_UNDEFINED(ignore)
- Dec 7 19:09:15.728257: | duplicating state object #1 "private#192.168.50.0/24"[1] ...192.168.50.2 as #2 for IPSEC SA
- Dec 7 19:09:15.728263: | inserting state object #2
- Dec 7 19:09:15.728268: | serialno list: inserting object 0x564dee3d32a8 (state #2) entry 0x564dee3d3a50 into list 0x564deced80c0 (older 0x564dee3cfd60 newer 0x564dee3cfd60)
- Dec 7 19:09:15.728274: | serialno list: inserted object 0x564dee3d32a8 (state #2) entry 0x564dee3d3a50 (older 0x564dee3cfd60 newer 0x564deced80c0)
- Dec 7 19:09:15.728278: | serialno list: list entry 0x564deced80c0 is HEAD (older 0x564dee3d3a50 newer 0x564dee3cfd60)
- Dec 7 19:09:15.728284: | serialno table: inserting object 0x564dee3d32a8 (state #2) entry 0x564dee3d3a70 into list 0x564dececb020 (older 0x564dececb020 newer 0x564dececb020)
- Dec 7 19:09:15.728289: | serialno table: inserted object 0x564dee3d32a8 (state #2) entry 0x564dee3d3a70 (older 0x564dececb020 newer 0x564dececb020)
- Dec 7 19:09:15.728293: | serialno table: list entry 0x564dececb020 is HEAD (older 0x564dee3d3a70 newer 0x564dee3d3a70)
- Dec 7 19:09:15.728298: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
- Dec 7 19:09:15.728304: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564dee3d0b58
- Dec 7 19:09:15.728308: | ikev2_replace_delay() picked up half-open SA ike_life:60
- Dec 7 19:09:15.728313: | event_schedule: new EVENT_SA_EXPIRE-pe@0x564dee3d0b58
- Dec 7 19:09:15.728324: | inserting event EVENT_SA_EXPIRE, timeout in 60.000 seconds for #1
- Dec 7 19:09:15.728330: | parent state #1: STATE_PARENT_I1(half-open-ike) => STATE_PARENT_I2(open-ike)
- Dec 7 19:09:15.728334: | ignore states: 0
- Dec 7 19:09:15.728338: | half-open-ike states: 0
- Dec 7 19:09:15.728341: | open-ike states: 1
- Dec 7 19:09:15.728345: | established-anonymous-ike states: 0
- Dec 7 19:09:15.728348: | established-authenticated-ike states: 0
- Dec 7 19:09:15.728352: | anonymous-ipsec states: 0
- Dec 7 19:09:15.728355: | authenticated-ipsec states: 0
- Dec 7 19:09:15.728359: | informational states: 0
- Dec 7 19:09:15.728362: | unknown states: 0
- Dec 7 19:09:15.728419: | category states: 1 count states: 1
- Dec 7 19:09:15.728434: | **emit ISAKMP Message:
- Dec 7 19:09:15.728439: | initiator cookie:
- Dec 7 19:09:15.728443: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.728446: | responder cookie:
- Dec 7 19:09:15.728450: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.728454: | next payload type: ISAKMP_NEXT_v2SK (0x2e)
- Dec 7 19:09:15.728458: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.728462: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.728467: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.728471: | message ID: 00 00 00 01
- Dec 7 19:09:15.728475: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.728479: | ***emit IKEv2 Encryption Payload:
- Dec 7 19:09:15.728484: | next payload type: ISAKMP_NEXT_v2IDi (0x23)
- Dec 7 19:09:15.728487: | flags: none (0x0)
- Dec 7 19:09:15.728492: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Encryption Payload' (46:ISAKMP_NEXT_v2SK)
- Dec 7 19:09:15.728496: | next payload type: saving payload location 'IKEv2 Encryption Payload' 'next payload type'
- Dec 7 19:09:15.728508: | emitting 8 raw bytes of IV into IKEv2 Encryption Payload
- Dec 7 19:09:15.728512: | IV c5 40 31 2c 56 c4 87 e6
- Dec 7 19:09:15.728519: | IKEv2 CERT: send a certificate?
- Dec 7 19:09:15.728523: | IKEv2 CERT: OK to send a certificate
- Dec 7 19:09:15.728527: | IDr payload will NOT be sent
- Dec 7 19:09:15.728547: | *****emit IKEv2 Identification - Initiator - Payload:
- Dec 7 19:09:15.728552: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.728556: | flags: none (0x0)
- Dec 7 19:09:15.728560: | ID type: ID_DER_ASN1_DN (0x9)
- Dec 7 19:09:15.728565: | next payload type: previous 'IKEv2 Encryption Payload' 'next payload type' matches 'IKEv2 Identification - Initiator - Payload' (35:ISAKMP_NEXT_v2IDi)
- Dec 7 19:09:15.728569: | next payload type: saving payload location 'IKEv2 Identification - Initiator - Payload' 'next payload type'
- Dec 7 19:09:15.728574: | emitting 96 raw bytes of my identity into IKEv2 Identification - Initiator - Payload
- Dec 7 19:09:15.728578: | my identity 30 5e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31
- Dec 7 19:09:15.728582: | my identity 11 30 0f 06 03 55 04 08 0c 08 43 6f 6c 6f 72 61
- Dec 7 19:09:15.728586: | my identity 64 6f 31 16 30 14 06 03 55 04 0a 0c 0d 50 6f 6c
- Dec 7 19:09:15.728589: | my identity 61 72 69 73 20 41 6c 70 68 61 31 0d 30 0b 06 03
- Dec 7 19:09:15.728593: | my identity 55 04 0b 0c 04 41 49 4d 53 31 15 30 13 06 03 55
- Dec 7 19:09:15.728596: | my identity 04 03 0c 0c 31 39 32 2e 31 36 38 2e 35 30 2e 33
- Dec 7 19:09:15.728600: | emitting length of IKEv2 Identification - Initiator - Payload: 104
- Dec 7 19:09:15.728612: | Sending [CERT] of certificate: CN=192.168.50.3,OU=AIMS,O=Polaris Alpha,ST=Colorado,C=US
- Dec 7 19:09:15.728617: | *****emit IKEv2 Certificate Payload:
- Dec 7 19:09:15.728621: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.728624: | flags: none (0x0)
- Dec 7 19:09:15.728628: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
- Dec 7 19:09:15.728633: | next payload type: setting 'IKEv2 Identification - Initiator - Payload' 'next payload type' to IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT)
- Dec 7 19:09:15.728637: | next payload type: saving payload location 'IKEv2 Certificate Payload' 'next payload type'
- Dec 7 19:09:15.728647: | emitting 1155 raw bytes of CERT into IKEv2 Certificate Payload
- Dec 7 19:09:15.728651: | CERT 30 82 04 7f 30 82 02 67 a0 03 02 01 02 02 02 10
- Dec 7 19:09:15.728654: | CERT 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
- Dec 7 19:09:15.728658: | CERT 30 81 89 31 0b 30 09 06 03 55 04 06 13 02 55 53
- Dec 7 19:09:15.728662: | CERT 31 11 30 0f 06 03 55 04 08 0c 08 43 6f 6c 6f 72
- Dec 7 19:09:15.728665: | CERT 61 64 6f 31 19 30 17 06 03 55 04 07 0c 10 43 6f
- Dec 7 19:09:15.728669: | CERT 6c 6f 72 61 64 6f 20 53 70 72 69 6e 67 73 31 16
- Dec 7 19:09:15.728672: | CERT 30 14 06 03 55 04 0a 0c 0d 50 6f 6c 61 72 69 73
- Dec 7 19:09:15.728676: | CERT 20 41 6c 70 68 61 31 0d 30 0b 06 03 55 04 0b 0c
- Dec 7 19:09:15.728679: | CERT 04 41 49 4d 53 31 25 30 23 06 03 55 04 03 0c 1c
- Dec 7 19:09:15.728683: | CERT 50 6f 6c 61 72 69 73 20 41 6c 70 68 61 20 57 45
- Dec 7 19:09:15.728686: | CERT 20 44 65 76 20 52 6f 6f 74 20 43 41 30 1e 17 0d
- Dec 7 19:09:15.728690: | CERT 31 38 31 32 30 37 30 30 30 34 35 30 5a 17 0d 32
- Dec 7 19:09:15.728694: | CERT 38 31 32 30 34 30 30 30 34 35 30 5a 30 5e 31 0b
- Dec 7 19:09:15.728697: | CERT 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06
- Dec 7 19:09:15.728701: | CERT 03 55 04 08 0c 08 43 6f 6c 6f 72 61 64 6f 31 16
- Dec 7 19:09:15.728704: | CERT 30 14 06 03 55 04 0a 0c 0d 50 6f 6c 61 72 69 73
- Dec 7 19:09:15.728708: | CERT 20 41 6c 70 68 61 31 0d 30 0b 06 03 55 04 0b 0c
- Dec 7 19:09:15.728711: | CERT 04 41 49 4d 53 31 15 30 13 06 03 55 04 03 0c 0c
- Dec 7 19:09:15.728715: | CERT 31 39 32 2e 31 36 38 2e 35 30 2e 33 30 82 01 22
- Dec 7 19:09:15.728718: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03
- Dec 7 19:09:15.728722: | CERT 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d2 4e 5f
- Dec 7 19:09:15.728725: | CERT 14 bf b4 a2 6c b9 4a 96 51 a6 22 cb 2e a3 18 ac
- Dec 7 19:09:15.728729: | CERT 66 2e a6 8e 17 65 1c 0a a0 1d 5b 48 5e 1f 29 2d
- Dec 7 19:09:15.728733: | CERT 60 e8 2c 10 06 d2 57 ca 92 d2 99 fb 9a 0e 10 b2
- Dec 7 19:09:15.728736: | CERT d1 29 e1 e6 bc 62 30 8a 31 ee cd a0 70 9d 02 d2
- Dec 7 19:09:15.728740: | CERT fe fd 9e 3f 54 3c 12 b6 13 e4 77 ab ac 5b b3 62
- Dec 7 19:09:15.728743: | CERT 24 72 33 a7 73 4d bc cf 2d be e9 b8 82 e9 20 d0
- Dec 7 19:09:15.728747: | CERT 44 be 2b 57 5e b6 89 01 f0 c3 ca 00 16 1f 12 50
- Dec 7 19:09:15.728750: | CERT fb 3b 80 b6 7a 13 8d e1 ea b3 e4 bb 1b bf b3 a9
- Dec 7 19:09:15.728754: | CERT 12 7f 9b 94 a9 dd 4e da 79 3a 04 6c 84 46 53 6b
- Dec 7 19:09:15.728757: | CERT 12 f1 a0 53 16 ed 79 f4 63 2e 9b 84 e3 9b 1b d8
- Dec 7 19:09:15.728761: | CERT 57 b6 3a 0a 8d 3c 71 58 b5 e3 89 c5 1d 91 5e ec
- Dec 7 19:09:15.728764: | CERT 02 14 0d eb ab f9 da 06 82 78 49 ce 88 82 80 a6
- Dec 7 19:09:15.728768: | CERT de b7 05 52 f8 f4 d6 c9 aa d5 0d 9c 2d fe a5 be
- Dec 7 19:09:15.728772: | CERT 45 a5 56 00 f9 39 b9 22 3f 57 a1 02 5a b8 7f fd
- Dec 7 19:09:15.728775: | CERT 61 ef 20 e4 b8 b4 b9 40 49 eb c0 89 bf 4c 8e 3e
- Dec 7 19:09:15.728779: | CERT 7e fe c9 ee 60 28 03 5c 91 51 df 2b 3b 02 03 01
- Dec 7 19:09:15.728782: | CERT 00 01 a3 1b 30 19 30 17 06 03 55 1d 11 04 10 30
- Dec 7 19:09:15.728786: | CERT 0e 82 06 6b 76 6f 74 68 65 87 04 c0 a8 32 03 30
- Dec 7 19:09:15.728789: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82
- Dec 7 19:09:15.728793: | CERT 02 01 00 c2 e6 22 3b 8b b0 43 15 28 f3 90 2c 28
- Dec 7 19:09:15.728796: | CERT 6b 6d 89 f7 f6 86 8c 66 05 af 58 a3 71 47 ef ce
- Dec 7 19:09:15.728800: | CERT 37 db ee 9b 83 b9 03 d2 23 1f fc e6 4e da b0 85
- Dec 7 19:09:15.728804: | CERT 23 0d e5 3b 0e 0f 83 47 ab 10 59 4d c2 1e ea b7
- Dec 7 19:09:15.728807: | CERT e1 b8 38 6f 6b fb aa 09 31 7d b4 6d f4 cc b0 ab
- Dec 7 19:09:15.728811: | CERT b0 ba 0c f6 a3 83 73 a7 47 56 d2 c0 ed fa 0b fc
- Dec 7 19:09:15.728814: | CERT 78 2c 54 a8 00 8a 52 01 f4 e9 57 15 6d 88 2b af
- Dec 7 19:09:15.728818: | CERT 72 e4 97 32 20 bd fd fe 27 ee 34 2a 9e 2a 63 96
- Dec 7 19:09:15.728824: | CERT 35 05 26 bd aa 68 27 99 40 d4 83 62 ad 4c d8 14
- Dec 7 19:09:15.728828: | CERT 2b d4 6a 55 23 5d 10 f9 f8 1d 99 44 97 03 e1 b1
- Dec 7 19:09:15.728831: | CERT 0f 40 1b 09 ff d9 0d 5b e9 9a 82 c1 d1 d7 57 8c
- Dec 7 19:09:15.728835: | CERT c8 7a ff 35 f4 42 e1 27 49 46 66 3c 33 2c 54 e2
- Dec 7 19:09:15.728838: | CERT 66 0c c9 b0 b1 26 ee d0 ce c1 4c 1f 8d 5a 40 d3
- Dec 7 19:09:15.728842: | CERT e1 38 49 97 33 03 f8 e6 e1 2d 8e bc e7 05 e9 b4
- Dec 7 19:09:15.728845: | CERT 84 81 cb 5f 62 41 f1 5b 35 79 ec 18 40 a7 ee bf
- Dec 7 19:09:15.728849: | CERT 4f c7 88 63 76 45 3a 34 bf 7b 51 45 8e 4e 9c f2
- Dec 7 19:09:15.728852: | CERT 1a 39 3e 0d 6d a2 9a 8b f1 e0 f2 ad 85 8e 6b 52
- Dec 7 19:09:15.728856: | CERT bb 90 21 18 6f 7f e2 11 80 1d 63 76 b8 dd 1f 72
- Dec 7 19:09:15.728860: | CERT 18 8d 98 69 e3 62 b8 73 3f 7c dc dc 19 3f 38 47
- Dec 7 19:09:15.728863: | CERT 30 15 a2 48 b3 7b 58 9c 18 3b 10 12 b0 7b 72 f6
- Dec 7 19:09:15.728867: | CERT d1 4d a7 f8 ff 5b a3 86 04 5c 74 d0 46 17 61 0f
- Dec 7 19:09:15.728870: | CERT d2 a2 87 d0 36 97 fb 43 e5 7e 69 14 87 e4 20 5b
- Dec 7 19:09:15.728874: | CERT 98 a2 9b 91 f2 20 f9 21 4c 40 92 2f 60 93 7e 41
- Dec 7 19:09:15.728877: | CERT 30 2b 82 c6 64 12 69 72 40 21 38 45 0c 0b 73 aa
- Dec 7 19:09:15.728881: | CERT bf ac 47 14 05 48 e5 c2 7c 13 88 64 bd 89 ad 39
- Dec 7 19:09:15.728884: | CERT a2 e6 34 ef 50 43 48 89 74 de ba 95 8e 89 e6 70
- Dec 7 19:09:15.728888: | CERT 6c 61 a9 ba eb b2 c9 12 6d ca 91 df cc 15 3b 26
- Dec 7 19:09:15.728892: | CERT aa 9f 5a e6 91 29 59 41 08 b7 e9 00 73 54 e1 2e
- Dec 7 19:09:15.728895: | CERT 9f a9 c8 f7 5f d0 cf 01 c7 17 84 c0 17 c6 6c 99
- Dec 7 19:09:15.728899: | CERT be 79 a6 8b 9c e8 43 ea 7d 90 ef 79 8c e4 f5 d7
- Dec 7 19:09:15.728902: | CERT 49 25 0c 3a bb 68 5a ce 0f 60 4d fa 37 b3 8a ff
- Dec 7 19:09:15.728906: | CERT 2b 51 ac 59 39 4b a1 43 45 46 9e e9 01 d8 80 95
- Dec 7 19:09:15.728909: | CERT 9d 00 60
- Dec 7 19:09:15.728913: | emitting length of IKEv2 Certificate Payload: 1160
- Dec 7 19:09:15.728917: | IKEv2 CERTREQ: send a cert request?
- Dec 7 19:09:15.728921: | IKEv2 CERTREQ: OK to send a certificate request
- Dec 7 19:09:15.728930: | Sending [CERTREQ] of C=US, ST=Colorado, L=Colorado Springs, O=Polaris Alpha, OU=AIMS, CN=Polaris Alpha WE Dev Root CA
- Dec 7 19:09:15.728934: | connection->kind is not CK_PERMANENT (instance), so collect CAs
- Dec 7 19:09:15.728940: | find_host_pair: comparing 192.168.50.3:500 to 192.168.50.2:500
- Dec 7 19:09:15.728956: | find_host_pair: comparing 192.168.50.3:500 to 0.0.0.0:500
- Dec 7 19:09:15.728966: | Not a roadwarrior instance, sending empty CA in CERTREQ
- Dec 7 19:09:15.728971: | *****emit IKEv2 Certificate Request Payload:
- Dec 7 19:09:15.728975: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.728979: | flags: none (0x0)
- Dec 7 19:09:15.728983: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
- Dec 7 19:09:15.728987: | next payload type: setting 'IKEv2 Certificate Payload' 'next payload type' to IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ)
- Dec 7 19:09:15.728991: | next payload type: saving payload location 'IKEv2 Certificate Request Payload' 'next payload type'
- Dec 7 19:09:15.728995: | emitting length of IKEv2 Certificate Request Payload: 5
- Dec 7 19:09:15.728999: | not sending INITIAL_CONTACT
- Dec 7 19:09:15.729006: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.729010: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.729014: | *****emit IKEv2 Authentication Payload:
- Dec 7 19:09:15.729018: | next payload type: ISAKMP_NEXT_v2SA (0x21)
- Dec 7 19:09:15.729021: | flags: none (0x0)
- Dec 7 19:09:15.729025: | auth method: IKEv2_AUTH_DIGSIG (0xe)
- Dec 7 19:09:15.729030: | next payload type: setting 'IKEv2 Certificate Request Payload' 'next payload type' to IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
- Dec 7 19:09:15.729034: | next payload type: saving payload location 'IKEv2 Authentication Payload' 'next payload type'
- Dec 7 19:09:15.729044: | emitting 1 raw bytes of Length of the ASN.1 Algorithm Identifier sha1WithRSAEncryption into IKEv2 Authentication Payload
- Dec 7 19:09:15.729049: | Length of the ASN.1 Algorithm Identifier sha1WithRSAEncryption
- Dec 7 19:09:15.729052: | 0f
- Dec 7 19:09:15.729057: | emitting 15 raw bytes of OID of ASN.1 Algorithm Identifier sha1WithRSAEncryption into IKEv2 Authentication Payload
- Dec 7 19:09:15.729061: | OID of ASN.1 Algorithm Identifier sha1WithRSAEncryption
- Dec 7 19:09:15.729064: | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00
- Dec 7 19:09:15.729074: | started looking for secret for C=US, ST=Colorado, O=Polaris Alpha, OU=AIMS, CN=192.168.50.3->192.168.50.2 of kind PKK_RSA
- Dec 7 19:09:15.729348: | private key for cert parsons not found in local cache; loading from NSS DB
- Dec 7 19:09:15.729826: | certs and keys locked by 'lsw_add_rsa_secret'
- Dec 7 19:09:15.729840: | certs and keys unlocked by 'lsw_add_rsa_secret'
- Dec 7 19:09:15.729845: | searching for certificate PKK_RSA:AwEAAdJOX vs PKK_RSA:AwEAAdJOX
- Dec 7 19:09:15.734966: | emitting 256 raw bytes of rsa signature into IKEv2 Authentication Payload
- Dec 7 19:09:15.734998: | rsa signature 5a 88 f0 4f cb 7e 9e 7e 79 d6 0e d7 87 08 1d 43
- Dec 7 19:09:15.735003: | rsa signature c2 4a ed c9 eb 39 75 f0 db 3f c9 92 22 41 4c 6f
- Dec 7 19:09:15.735007: | rsa signature 61 63 a2 ed a0 a3 c7 a1 1b 7f 33 31 88 d0 88 52
- Dec 7 19:09:15.735010: | rsa signature 73 34 08 95 99 ce b3 f6 78 f6 be dc 9f ab 2f 38
- Dec 7 19:09:15.735014: | rsa signature d6 ce 3a f3 2b ac 04 00 89 33 9f 1d 97 50 72 25
- Dec 7 19:09:15.735017: | rsa signature f5 11 06 07 b9 44 89 f8 e2 7b 32 3c c9 6d d6 be
- Dec 7 19:09:15.735021: | rsa signature 1e 23 d4 75 34 59 ab 37 8e 5f cf fd 3f d4 e0 78
- Dec 7 19:09:15.735025: | rsa signature 0e ba 73 67 ee 67 4c 8d 46 52 e3 09 2d 20 3a 99
- Dec 7 19:09:15.735028: | rsa signature fa f8 2c 19 b4 c9 68 37 30 1c 19 d1 d5 ec 96 4a
- Dec 7 19:09:15.735032: | rsa signature d7 94 dd 76 8f 49 dd ec 96 15 2d 0f 08 d0 f1 e6
- Dec 7 19:09:15.735036: | rsa signature 72 83 f1 85 df ed c8 94 03 6e 87 30 ab 43 f4 23
- Dec 7 19:09:15.735039: | rsa signature 65 8e 65 a4 5a 43 24 4d 4a b3 4d a4 9a 06 fc 7c
- Dec 7 19:09:15.735043: | rsa signature 3f b5 8c 98 c5 80 13 f1 ea c9 22 0e 85 d7 e1 a7
- Dec 7 19:09:15.735046: | rsa signature 78 1f 26 41 e9 17 be 58 a5 00 ac b8 0a 46 71 a3
- Dec 7 19:09:15.735050: | rsa signature 20 48 b0 f4 05 c0 a2 33 30 b5 c0 96 43 b3 0a 3f
- Dec 7 19:09:15.735056: | rsa signature 1c 4c 9c 6c 5a f0 d4 18 e3 7b dd 6d 37 ac f4 7e
- Dec 7 19:09:15.735061: | emitting length of IKEv2 Authentication Payload: 280
- Dec 7 19:09:15.735066: | getting first pending from state #1
- Dec 7 19:09:15.735101: | netlink_get_spi: allocated 0xed6c8164 for esp.0@192.168.50.3
- Dec 7 19:09:15.735107: | selecting default local ESP/AH proposals for private#192.168.50.0/24 (IKE SA initiator emitting ESP/AH proposals)
- Dec 7 19:09:15.735137: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local ESP/AH proposals for private#192.168.50.0/24 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 5:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED (default)
- Dec 7 19:09:15.735143: | Emitting ikev2_proposals ...
- Dec 7 19:09:15.735148: | *****emit IKEv2 Security Association Payload:
- Dec 7 19:09:15.735153: | next payload type: ISAKMP_NEXT_v2TSi (0x2c)
- Dec 7 19:09:15.735157: | flags: none (0x0)
- Dec 7 19:09:15.735163: | next payload type: previous 'IKEv2 Authentication Payload' 'next payload type' matches 'IKEv2 Security Association Payload' (33:ISAKMP_NEXT_v2SA)
- Dec 7 19:09:15.735167: | next payload type: saving payload location 'IKEv2 Security Association Payload' 'next payload type'
- Dec 7 19:09:15.735181: | ******emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.735186: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.735189: | prop #: 1 (0x1)
- Dec 7 19:09:15.735193: | proto ID: IKEv2_SEC_PROTO_ESP (0x3)
- Dec 7 19:09:15.735197: | spi size: 4 (0x4)
- Dec 7 19:09:15.735200: | # transforms: 2 (0x2)
- Dec 7 19:09:15.735205: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
- Dec 7 19:09:15.735209: | our spi ed 6c 81 64
- Dec 7 19:09:15.735213: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735217: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735220: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.735224: | IKEv2 transform ID: AES_GCM_C (0x14)
- Dec 7 19:09:15.735228: | ********emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.735232: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.735236: | length/value: 256 (0x100)
- Dec 7 19:09:15.735240: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.735244: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735248: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.735252: | IKEv2 transform type: TRANS_TYPE_ESN (0x5)
- Dec 7 19:09:15.735255: | IKEv2 transform ID: ESN_DISABLED (0x0)
- Dec 7 19:09:15.735259: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735263: | emitting length of IKEv2 Proposal Substructure Payload: 32
- Dec 7 19:09:15.735267: | ******emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.735271: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.735275: | prop #: 2 (0x2)
- Dec 7 19:09:15.735278: | proto ID: IKEv2_SEC_PROTO_ESP (0x3)
- Dec 7 19:09:15.735282: | spi size: 4 (0x4)
- Dec 7 19:09:15.735285: | # transforms: 2 (0x2)
- Dec 7 19:09:15.735289: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
- Dec 7 19:09:15.735293: | our spi ed 6c 81 64
- Dec 7 19:09:15.735296: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735300: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735304: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.735308: | IKEv2 transform ID: AES_GCM_C (0x14)
- Dec 7 19:09:15.735312: | ********emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.735315: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.735319: | length/value: 128 (0x80)
- Dec 7 19:09:15.735323: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.735326: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735330: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.735334: | IKEv2 transform type: TRANS_TYPE_ESN (0x5)
- Dec 7 19:09:15.735337: | IKEv2 transform ID: ESN_DISABLED (0x0)
- Dec 7 19:09:15.735341: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735345: | emitting length of IKEv2 Proposal Substructure Payload: 32
- Dec 7 19:09:15.735349: | ******emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.735352: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.735356: | prop #: 3 (0x3)
- Dec 7 19:09:15.735360: | proto ID: IKEv2_SEC_PROTO_ESP (0x3)
- Dec 7 19:09:15.735363: | spi size: 4 (0x4)
- Dec 7 19:09:15.735367: | # transforms: 4 (0x4)
- Dec 7 19:09:15.735371: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
- Dec 7 19:09:15.735374: | our spi ed 6c 81 64
- Dec 7 19:09:15.735378: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735381: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735385: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.735389: | IKEv2 transform ID: AES_CBC (0xc)
- Dec 7 19:09:15.735392: | ********emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.735396: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.735400: | length/value: 256 (0x100)
- Dec 7 19:09:15.735403: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.735411: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735415: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735418: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.735422: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Dec 7 19:09:15.735426: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735430: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735433: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735437: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.735441: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Dec 7 19:09:15.735444: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735448: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735452: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.735455: | IKEv2 transform type: TRANS_TYPE_ESN (0x5)
- Dec 7 19:09:15.735459: | IKEv2 transform ID: ESN_DISABLED (0x0)
- Dec 7 19:09:15.735463: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735466: | emitting length of IKEv2 Proposal Substructure Payload: 48
- Dec 7 19:09:15.735470: | ******emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.735474: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
- Dec 7 19:09:15.735477: | prop #: 4 (0x4)
- Dec 7 19:09:15.735481: | proto ID: IKEv2_SEC_PROTO_ESP (0x3)
- Dec 7 19:09:15.735484: | spi size: 4 (0x4)
- Dec 7 19:09:15.735488: | # transforms: 4 (0x4)
- Dec 7 19:09:15.735492: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
- Dec 7 19:09:15.735495: | our spi ed 6c 81 64
- Dec 7 19:09:15.735499: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735503: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735506: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.735510: | IKEv2 transform ID: AES_CBC (0xc)
- Dec 7 19:09:15.735514: | ********emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.735517: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.735521: | length/value: 128 (0x80)
- Dec 7 19:09:15.735525: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.735528: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735532: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735536: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.735539: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
- Dec 7 19:09:15.735543: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735547: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735550: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735554: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.735558: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
- Dec 7 19:09:15.735561: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735565: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735569: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.735573: | IKEv2 transform type: TRANS_TYPE_ESN (0x5)
- Dec 7 19:09:15.735576: | IKEv2 transform ID: ESN_DISABLED (0x0)
- Dec 7 19:09:15.735580: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735583: | emitting length of IKEv2 Proposal Substructure Payload: 48
- Dec 7 19:09:15.735587: | ******emit IKEv2 Proposal Substructure Payload:
- Dec 7 19:09:15.735591: | last proposal: v2_PROPOSAL_LAST (0x0)
- Dec 7 19:09:15.735595: | prop #: 5 (0x5)
- Dec 7 19:09:15.735598: | proto ID: IKEv2_SEC_PROTO_ESP (0x3)
- Dec 7 19:09:15.735602: | spi size: 4 (0x4)
- Dec 7 19:09:15.735605: | # transforms: 3 (0x3)
- Dec 7 19:09:15.735609: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
- Dec 7 19:09:15.735626: | our spi ed 6c 81 64
- Dec 7 19:09:15.735630: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735640: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735644: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
- Dec 7 19:09:15.735647: | IKEv2 transform ID: AES_CBC (0xc)
- Dec 7 19:09:15.735651: | ********emit IKEv2 Attribute Substructure Payload:
- Dec 7 19:09:15.735655: | af+type: IKEv2_KEY_LENGTH (0x800e)
- Dec 7 19:09:15.735658: | length/value: 128 (0x80)
- Dec 7 19:09:15.735662: | emitting length of IKEv2 Transform Substructure Payload: 12
- Dec 7 19:09:15.735666: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735670: | last transform: v2_TRANSFORM_NON_LAST (0x3)
- Dec 7 19:09:15.735673: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
- Dec 7 19:09:15.735677: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
- Dec 7 19:09:15.735681: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735684: | *******emit IKEv2 Transform Substructure Payload:
- Dec 7 19:09:15.735688: | last transform: v2_TRANSFORM_LAST (0x0)
- Dec 7 19:09:15.735692: | IKEv2 transform type: TRANS_TYPE_ESN (0x5)
- Dec 7 19:09:15.735695: | IKEv2 transform ID: ESN_DISABLED (0x0)
- Dec 7 19:09:15.735699: | emitting length of IKEv2 Transform Substructure Payload: 8
- Dec 7 19:09:15.735703: | emitting length of IKEv2 Proposal Substructure Payload: 40
- Dec 7 19:09:15.735706: | emitting length of IKEv2 Security Association Payload: 204
- Dec 7 19:09:15.735715: | *****emit IKEv2 Traffic Selector - Initiator - Payload:
- Dec 7 19:09:15.735719: | next payload type: ISAKMP_NEXT_v2TSr (0x2d)
- Dec 7 19:09:15.735723: | flags: none (0x0)
- Dec 7 19:09:15.735726: | number of TS: 1 (0x1)
- Dec 7 19:09:15.735731: | next payload type: previous 'IKEv2 Security Association Payload' 'next payload type' matches 'IKEv2 Traffic Selector - Initiator - Payload' (44:ISAKMP_NEXT_v2TSi)
- Dec 7 19:09:15.735735: | next payload type: saving payload location 'IKEv2 Traffic Selector - Initiator - Payload' 'next payload type'
- Dec 7 19:09:15.735740: | ******emit IKEv2 Traffic Selector:
- Dec 7 19:09:15.735744: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
- Dec 7 19:09:15.735747: | IP Protocol ID: 0 (0x0)
- Dec 7 19:09:15.735751: | start port: 0 (0x0)
- Dec 7 19:09:15.735755: | end port: 65535 (0xffff)
- Dec 7 19:09:15.735759: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
- Dec 7 19:09:15.735763: | ipv4 start c0 a8 32 03
- Dec 7 19:09:15.735767: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
- Dec 7 19:09:15.735770: | ipv4 end c0 a8 32 03
- Dec 7 19:09:15.735774: | emitting length of IKEv2 Traffic Selector: 16
- Dec 7 19:09:15.735778: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
- Dec 7 19:09:15.735782: | *****emit IKEv2 Traffic Selector - Responder - Payload:
- Dec 7 19:09:15.735786: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.735789: | flags: none (0x0)
- Dec 7 19:09:15.735793: | number of TS: 1 (0x1)
- Dec 7 19:09:15.735798: | next payload type: previous 'IKEv2 Traffic Selector - Initiator - Payload' 'next payload type' matches 'IKEv2 Traffic Selector - Responder - Payload' (45:ISAKMP_NEXT_v2TSr)
- Dec 7 19:09:15.735802: | next payload type: saving payload location 'IKEv2 Traffic Selector - Responder - Payload' 'next payload type'
- Dec 7 19:09:15.735806: | ******emit IKEv2 Traffic Selector:
- Dec 7 19:09:15.735809: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
- Dec 7 19:09:15.735813: | IP Protocol ID: 0 (0x0)
- Dec 7 19:09:15.735817: | start port: 0 (0x0)
- Dec 7 19:09:15.735822: | end port: 65535 (0xffff)
- Dec 7 19:09:15.735828: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector
- Dec 7 19:09:15.735834: | ipv4 start c0 a8 32 02
- Dec 7 19:09:15.735839: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector
- Dec 7 19:09:15.735844: | ipv4 end c0 a8 32 02
- Dec 7 19:09:15.735849: | emitting length of IKEv2 Traffic Selector: 16
- Dec 7 19:09:15.735854: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
- Dec 7 19:09:15.735863: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
- Dec 7 19:09:15.735876: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735882: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735888: | emitting 1 raw bytes of padding and length into cleartext
- Dec 7 19:09:15.735893: | padding and length 00
- Dec 7 19:09:15.735901: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735907: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735914: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
- Dec 7 19:09:15.735920: | emitting length of IKEv2 Encryption Payload: 1830
- Dec 7 19:09:15.735926: | emitting length of ISAKMP Message: 1858
- Dec 7 19:09:15.735932: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735938: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735944: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735949: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.735955: | **emit ISAKMP Message:
- Dec 7 19:09:15.735960: | initiator cookie:
- Dec 7 19:09:15.735965: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.735970: | responder cookie:
- Dec 7 19:09:15.735975: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.735980: | next payload type: ISAKMP_NEXT_v2SKF (0x35)
- Dec 7 19:09:15.735986: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.735992: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.735998: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.736004: | message ID: 00 00 00 01
- Dec 7 19:09:15.736010: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.736016: | ***emit IKEv2 Encrypted Fragment:
- Dec 7 19:09:15.736022: | next payload type: ISAKMP_NEXT_v2IDi (0x23)
- Dec 7 19:09:15.736028: | flags: none (0x0)
- Dec 7 19:09:15.736033: | fragment number: 1 (0x1)
- Dec 7 19:09:15.736037: | total fragments: 4 (0x4)
- Dec 7 19:09:15.736043: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Encrypted Fragment' (53:ISAKMP_NEXT_v2SKF)
- Dec 7 19:09:15.736049: | next payload type: saving payload location 'IKEv2 Encrypted Fragment' 'next payload type'
- Dec 7 19:09:15.736064: | emitting 8 raw bytes of IV into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736071: | IV 35 c5 e2 aa e9 0b 36 f6
- Dec 7 19:09:15.736078: | emitting 478 raw bytes of cleartext fragment into cleartext
- Dec 7 19:09:15.736084: | cleartext fragment 25 00 00 68 09 00 00 00 30 5e 31 0b 30 09 06 03
- Dec 7 19:09:15.736089: | cleartext fragment 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08
- Dec 7 19:09:15.736095: | cleartext fragment 0c 08 43 6f 6c 6f 72 61 64 6f 31 16 30 14 06 03
- Dec 7 19:09:15.736100: | cleartext fragment 55 04 0a 0c 0d 50 6f 6c 61 72 69 73 20 41 6c 70
- Dec 7 19:09:15.736105: | cleartext fragment 68 61 31 0d 30 0b 06 03 55 04 0b 0c 04 41 49 4d
- Dec 7 19:09:15.736110: | cleartext fragment 53 31 15 30 13 06 03 55 04 03 0c 0c 31 39 32 2e
- Dec 7 19:09:15.736116: | cleartext fragment 31 36 38 2e 35 30 2e 33 26 00 04 88 04 30 82 04
- Dec 7 19:09:15.736122: | cleartext fragment 7f 30 82 02 67 a0 03 02 01 02 02 02 10 01 30 0d
- Dec 7 19:09:15.736127: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 89
- Dec 7 19:09:15.736133: | cleartext fragment 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30
- Dec 7 19:09:15.736138: | cleartext fragment 0f 06 03 55 04 08 0c 08 43 6f 6c 6f 72 61 64 6f
- Dec 7 19:09:15.736144: | cleartext fragment 31 19 30 17 06 03 55 04 07 0c 10 43 6f 6c 6f 72
- Dec 7 19:09:15.736150: | cleartext fragment 61 64 6f 20 53 70 72 69 6e 67 73 31 16 30 14 06
- Dec 7 19:09:15.736156: | cleartext fragment 03 55 04 0a 0c 0d 50 6f 6c 61 72 69 73 20 41 6c
- Dec 7 19:09:15.736162: | cleartext fragment 70 68 61 31 0d 30 0b 06 03 55 04 0b 0c 04 41 49
- Dec 7 19:09:15.736167: | cleartext fragment 4d 53 31 25 30 23 06 03 55 04 03 0c 1c 50 6f 6c
- Dec 7 19:09:15.736180: | cleartext fragment 61 72 69 73 20 41 6c 70 68 61 20 57 45 20 44 65
- Dec 7 19:09:15.736186: | cleartext fragment 76 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 38 31
- Dec 7 19:09:15.736191: | cleartext fragment 32 30 37 30 30 30 34 35 30 5a 17 0d 32 38 31 32
- Dec 7 19:09:15.736197: | cleartext fragment 30 34 30 30 30 34 35 30 5a 30 5e 31 0b 30 09 06
- Dec 7 19:09:15.736203: | cleartext fragment 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04
- Dec 7 19:09:15.736209: | cleartext fragment 08 0c 08 43 6f 6c 6f 72 61 64 6f 31 16 30 14 06
- Dec 7 19:09:15.736215: | cleartext fragment 03 55 04 0a 0c 0d 50 6f 6c 61 72 69 73 20 41 6c
- Dec 7 19:09:15.736221: | cleartext fragment 70 68 61 31 0d 30 0b 06 03 55 04 0b 0c 04 41 49
- Dec 7 19:09:15.736227: | cleartext fragment 4d 53 31 15 30 13 06 03 55 04 03 0c 0c 31 39 32
- Dec 7 19:09:15.736234: | cleartext fragment 2e 31 36 38 2e 35 30 2e 33 30 82 01 22 30 0d 06
- Dec 7 19:09:15.736240: | cleartext fragment 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f
- Dec 7 19:09:15.736246: | cleartext fragment 00 30 82 01 0a 02 82 01 01 00 d2 4e 5f 14 bf b4
- Dec 7 19:09:15.736252: | cleartext fragment a2 6c b9 4a 96 51 a6 22 cb 2e a3 18 ac 66 2e a6
- Dec 7 19:09:15.736258: | cleartext fragment 8e 17 65 1c 0a a0 1d 5b 48 5e 1f 29 2d 60
- Dec 7 19:09:15.736265: | emitting 1 raw bytes of padding and length into cleartext
- Dec 7 19:09:15.736271: | padding and length 00
- Dec 7 19:09:15.736277: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736283: | emitting length of IKEv2 Encrypted Fragment: 511
- Dec 7 19:09:15.736289: | emitting length of ISAKMP Message: 539
- Dec 7 19:09:15.736318: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736326: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736332: | **emit ISAKMP Message:
- Dec 7 19:09:15.736338: | initiator cookie:
- Dec 7 19:09:15.736343: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.736349: | responder cookie:
- Dec 7 19:09:15.736354: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.736360: | next payload type: ISAKMP_NEXT_v2SKF (0x35)
- Dec 7 19:09:15.736366: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.736373: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.736378: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.736384: | message ID: 00 00 00 01
- Dec 7 19:09:15.736391: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.736396: | ***emit IKEv2 Encrypted Fragment:
- Dec 7 19:09:15.736400: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.736403: | flags: none (0x0)
- Dec 7 19:09:15.736407: | fragment number: 2 (0x2)
- Dec 7 19:09:15.736410: | total fragments: 4 (0x4)
- Dec 7 19:09:15.736415: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Encrypted Fragment' (53:ISAKMP_NEXT_v2SKF)
- Dec 7 19:09:15.736419: | next payload type: saving payload location 'IKEv2 Encrypted Fragment' 'next payload type'
- Dec 7 19:09:15.736426: | emitting 8 raw bytes of IV into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736430: | IV 60 b3 86 4f c4 ed 81 5e
- Dec 7 19:09:15.736434: | emitting 478 raw bytes of cleartext fragment into cleartext
- Dec 7 19:09:15.736438: | cleartext fragment e8 2c 10 06 d2 57 ca 92 d2 99 fb 9a 0e 10 b2 d1
- Dec 7 19:09:15.736442: | cleartext fragment 29 e1 e6 bc 62 30 8a 31 ee cd a0 70 9d 02 d2 fe
- Dec 7 19:09:15.736445: | cleartext fragment fd 9e 3f 54 3c 12 b6 13 e4 77 ab ac 5b b3 62 24
- Dec 7 19:09:15.736449: | cleartext fragment 72 33 a7 73 4d bc cf 2d be e9 b8 82 e9 20 d0 44
- Dec 7 19:09:15.736453: | cleartext fragment be 2b 57 5e b6 89 01 f0 c3 ca 00 16 1f 12 50 fb
- Dec 7 19:09:15.736456: | cleartext fragment 3b 80 b6 7a 13 8d e1 ea b3 e4 bb 1b bf b3 a9 12
- Dec 7 19:09:15.736460: | cleartext fragment 7f 9b 94 a9 dd 4e da 79 3a 04 6c 84 46 53 6b 12
- Dec 7 19:09:15.736470: | cleartext fragment f1 a0 53 16 ed 79 f4 63 2e 9b 84 e3 9b 1b d8 57
- Dec 7 19:09:15.736474: | cleartext fragment b6 3a 0a 8d 3c 71 58 b5 e3 89 c5 1d 91 5e ec 02
- Dec 7 19:09:15.736477: | cleartext fragment 14 0d eb ab f9 da 06 82 78 49 ce 88 82 80 a6 de
- Dec 7 19:09:15.736481: | cleartext fragment b7 05 52 f8 f4 d6 c9 aa d5 0d 9c 2d fe a5 be 45
- Dec 7 19:09:15.736485: | cleartext fragment a5 56 00 f9 39 b9 22 3f 57 a1 02 5a b8 7f fd 61
- Dec 7 19:09:15.736488: | cleartext fragment ef 20 e4 b8 b4 b9 40 49 eb c0 89 bf 4c 8e 3e 7e
- Dec 7 19:09:15.736492: | cleartext fragment fe c9 ee 60 28 03 5c 91 51 df 2b 3b 02 03 01 00
- Dec 7 19:09:15.736496: | cleartext fragment 01 a3 1b 30 19 30 17 06 03 55 1d 11 04 10 30 0e
- Dec 7 19:09:15.736499: | cleartext fragment 82 06 6b 76 6f 74 68 65 87 04 c0 a8 32 03 30 0d
- Dec 7 19:09:15.736503: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02
- Dec 7 19:09:15.736507: | cleartext fragment 01 00 c2 e6 22 3b 8b b0 43 15 28 f3 90 2c 28 6b
- Dec 7 19:09:15.736510: | cleartext fragment 6d 89 f7 f6 86 8c 66 05 af 58 a3 71 47 ef ce 37
- Dec 7 19:09:15.736514: | cleartext fragment db ee 9b 83 b9 03 d2 23 1f fc e6 4e da b0 85 23
- Dec 7 19:09:15.736518: | cleartext fragment 0d e5 3b 0e 0f 83 47 ab 10 59 4d c2 1e ea b7 e1
- Dec 7 19:09:15.736522: | cleartext fragment b8 38 6f 6b fb aa 09 31 7d b4 6d f4 cc b0 ab b0
- Dec 7 19:09:15.736525: | cleartext fragment ba 0c f6 a3 83 73 a7 47 56 d2 c0 ed fa 0b fc 78
- Dec 7 19:09:15.736529: | cleartext fragment 2c 54 a8 00 8a 52 01 f4 e9 57 15 6d 88 2b af 72
- Dec 7 19:09:15.736533: | cleartext fragment e4 97 32 20 bd fd fe 27 ee 34 2a 9e 2a 63 96 35
- Dec 7 19:09:15.736536: | cleartext fragment 05 26 bd aa 68 27 99 40 d4 83 62 ad 4c d8 14 2b
- Dec 7 19:09:15.736540: | cleartext fragment d4 6a 55 23 5d 10 f9 f8 1d 99 44 97 03 e1 b1 0f
- Dec 7 19:09:15.736544: | cleartext fragment 40 1b 09 ff d9 0d 5b e9 9a 82 c1 d1 d7 57 8c c8
- Dec 7 19:09:15.736547: | cleartext fragment 7a ff 35 f4 42 e1 27 49 46 66 3c 33 2c 54 e2 66
- Dec 7 19:09:15.736551: | cleartext fragment 0c c9 b0 b1 26 ee d0 ce c1 4c 1f 8d 5a 40
- Dec 7 19:09:15.736555: | emitting 1 raw bytes of padding and length into cleartext
- Dec 7 19:09:15.736559: | padding and length 00
- Dec 7 19:09:15.736563: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736567: | emitting length of IKEv2 Encrypted Fragment: 511
- Dec 7 19:09:15.736571: | emitting length of ISAKMP Message: 539
- Dec 7 19:09:15.736583: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736588: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736592: | **emit ISAKMP Message:
- Dec 7 19:09:15.736595: | initiator cookie:
- Dec 7 19:09:15.736599: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.736602: | responder cookie:
- Dec 7 19:09:15.736606: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.736611: | next payload type: ISAKMP_NEXT_v2SKF (0x35)
- Dec 7 19:09:15.736621: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.736632: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.736639: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.736646: | message ID: 00 00 00 01
- Dec 7 19:09:15.736653: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.736660: | ***emit IKEv2 Encrypted Fragment:
- Dec 7 19:09:15.736666: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.736672: | flags: none (0x0)
- Dec 7 19:09:15.736680: | fragment number: 3 (0x3)
- Dec 7 19:09:15.736685: | total fragments: 4 (0x4)
- Dec 7 19:09:15.736692: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Encrypted Fragment' (53:ISAKMP_NEXT_v2SKF)
- Dec 7 19:09:15.736698: | next payload type: saving payload location 'IKEv2 Encrypted Fragment' 'next payload type'
- Dec 7 19:09:15.736706: | emitting 8 raw bytes of IV into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736720: | IV 07 f1 e4 e8 1f fa 68 c7
- Dec 7 19:09:15.736727: | emitting 478 raw bytes of cleartext fragment into cleartext
- Dec 7 19:09:15.736732: | cleartext fragment d3 e1 38 49 97 33 03 f8 e6 e1 2d 8e bc e7 05 e9
- Dec 7 19:09:15.736738: | cleartext fragment b4 84 81 cb 5f 62 41 f1 5b 35 79 ec 18 40 a7 ee
- Dec 7 19:09:15.736744: | cleartext fragment bf 4f c7 88 63 76 45 3a 34 bf 7b 51 45 8e 4e 9c
- Dec 7 19:09:15.736750: | cleartext fragment f2 1a 39 3e 0d 6d a2 9a 8b f1 e0 f2 ad 85 8e 6b
- Dec 7 19:09:15.736755: | cleartext fragment 52 bb 90 21 18 6f 7f e2 11 80 1d 63 76 b8 dd 1f
- Dec 7 19:09:15.736761: | cleartext fragment 72 18 8d 98 69 e3 62 b8 73 3f 7c dc dc 19 3f 38
- Dec 7 19:09:15.736768: | cleartext fragment 47 30 15 a2 48 b3 7b 58 9c 18 3b 10 12 b0 7b 72
- Dec 7 19:09:15.736774: | cleartext fragment f6 d1 4d a7 f8 ff 5b a3 86 04 5c 74 d0 46 17 61
- Dec 7 19:09:15.736780: | cleartext fragment 0f d2 a2 87 d0 36 97 fb 43 e5 7e 69 14 87 e4 20
- Dec 7 19:09:15.736786: | cleartext fragment 5b 98 a2 9b 91 f2 20 f9 21 4c 40 92 2f 60 93 7e
- Dec 7 19:09:15.736793: | cleartext fragment 41 30 2b 82 c6 64 12 69 72 40 21 38 45 0c 0b 73
- Dec 7 19:09:15.736798: | cleartext fragment aa bf ac 47 14 05 48 e5 c2 7c 13 88 64 bd 89 ad
- Dec 7 19:09:15.736804: | cleartext fragment 39 a2 e6 34 ef 50 43 48 89 74 de ba 95 8e 89 e6
- Dec 7 19:09:15.736810: | cleartext fragment 70 6c 61 a9 ba eb b2 c9 12 6d ca 91 df cc 15 3b
- Dec 7 19:09:15.736816: | cleartext fragment 26 aa 9f 5a e6 91 29 59 41 08 b7 e9 00 73 54 e1
- Dec 7 19:09:15.736823: | cleartext fragment 2e 9f a9 c8 f7 5f d0 cf 01 c7 17 84 c0 17 c6 6c
- Dec 7 19:09:15.736829: | cleartext fragment 99 be 79 a6 8b 9c e8 43 ea 7d 90 ef 79 8c e4 f5
- Dec 7 19:09:15.736835: | cleartext fragment d7 49 25 0c 3a bb 68 5a ce 0f 60 4d fa 37 b3 8a
- Dec 7 19:09:15.736840: | cleartext fragment ff 2b 51 ac 59 39 4b a1 43 45 46 9e e9 01 d8 80
- Dec 7 19:09:15.736846: | cleartext fragment 95 9d 00 60 27 00 00 05 04 21 00 01 18 0e 00 00
- Dec 7 19:09:15.736851: | cleartext fragment 00 0f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
- Dec 7 19:09:15.736857: | cleartext fragment 00 5a 88 f0 4f cb 7e 9e 7e 79 d6 0e d7 87 08 1d
- Dec 7 19:09:15.736864: | cleartext fragment 43 c2 4a ed c9 eb 39 75 f0 db 3f c9 92 22 41 4c
- Dec 7 19:09:15.736870: | cleartext fragment 6f 61 63 a2 ed a0 a3 c7 a1 1b 7f 33 31 88 d0 88
- Dec 7 19:09:15.736876: | cleartext fragment 52 73 34 08 95 99 ce b3 f6 78 f6 be dc 9f ab 2f
- Dec 7 19:09:15.736881: | cleartext fragment 38 d6 ce 3a f3 2b ac 04 00 89 33 9f 1d 97 50 72
- Dec 7 19:09:15.736888: | cleartext fragment 25 f5 11 06 07 b9 44 89 f8 e2 7b 32 3c c9 6d d6
- Dec 7 19:09:15.736894: | cleartext fragment be 1e 23 d4 75 34 59 ab 37 8e 5f cf fd 3f d4 e0
- Dec 7 19:09:15.736900: | cleartext fragment 78 0e ba 73 67 ee 67 4c 8d 46 52 e3 09 2d 20 3a
- Dec 7 19:09:15.736906: | cleartext fragment 99 fa f8 2c 19 b4 c9 68 37 30 1c 19 d1 d5
- Dec 7 19:09:15.736913: | emitting 1 raw bytes of padding and length into cleartext
- Dec 7 19:09:15.736920: | padding and length 00
- Dec 7 19:09:15.736926: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.736930: | emitting length of IKEv2 Encrypted Fragment: 511
- Dec 7 19:09:15.736934: | emitting length of ISAKMP Message: 539
- Dec 7 19:09:15.736950: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736956: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.736960: | **emit ISAKMP Message:
- Dec 7 19:09:15.736964: | initiator cookie:
- Dec 7 19:09:15.736967: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.736971: | responder cookie:
- Dec 7 19:09:15.736974: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.736978: | next payload type: ISAKMP_NEXT_v2SKF (0x35)
- Dec 7 19:09:15.736982: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.736986: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.736996: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
- Dec 7 19:09:15.737001: | message ID: 00 00 00 01
- Dec 7 19:09:15.737005: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.737009: | ***emit IKEv2 Encrypted Fragment:
- Dec 7 19:09:15.737013: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.737017: | flags: none (0x0)
- Dec 7 19:09:15.737020: | fragment number: 4 (0x4)
- Dec 7 19:09:15.737024: | total fragments: 4 (0x4)
- Dec 7 19:09:15.737028: | next payload type: previous 'ISAKMP Message' 'next payload type' matches 'IKEv2 Encrypted Fragment' (53:ISAKMP_NEXT_v2SKF)
- Dec 7 19:09:15.737032: | next payload type: saving payload location 'IKEv2 Encrypted Fragment' 'next payload type'
- Dec 7 19:09:15.737043: | emitting 8 raw bytes of IV into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.737047: | IV 7b 44 04 67 c2 ed 71 ef
- Dec 7 19:09:15.737051: | emitting 367 raw bytes of cleartext fragment into cleartext
- Dec 7 19:09:15.737055: | cleartext fragment ec 96 4a d7 94 dd 76 8f 49 dd ec 96 15 2d 0f 08
- Dec 7 19:09:15.737059: | cleartext fragment d0 f1 e6 72 83 f1 85 df ed c8 94 03 6e 87 30 ab
- Dec 7 19:09:15.737062: | cleartext fragment 43 f4 23 65 8e 65 a4 5a 43 24 4d 4a b3 4d a4 9a
- Dec 7 19:09:15.737066: | cleartext fragment 06 fc 7c 3f b5 8c 98 c5 80 13 f1 ea c9 22 0e 85
- Dec 7 19:09:15.737069: | cleartext fragment d7 e1 a7 78 1f 26 41 e9 17 be 58 a5 00 ac b8 0a
- Dec 7 19:09:15.737073: | cleartext fragment 46 71 a3 20 48 b0 f4 05 c0 a2 33 30 b5 c0 96 43
- Dec 7 19:09:15.737077: | cleartext fragment b3 0a 3f 1c 4c 9c 6c 5a f0 d4 18 e3 7b dd 6d 37
- Dec 7 19:09:15.737081: | cleartext fragment ac f4 7e 2c 00 00 cc 02 00 00 20 01 03 04 02 ed
- Dec 7 19:09:15.737084: | cleartext fragment 6c 81 64 03 00 00 0c 01 00 00 14 80 0e 01 00 00
- Dec 7 19:09:15.737088: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 ed
- Dec 7 19:09:15.737092: | cleartext fragment 6c 81 64 03 00 00 0c 01 00 00 14 80 0e 00 80 00
- Dec 7 19:09:15.737096: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 ed
- Dec 7 19:09:15.737099: | cleartext fragment 6c 81 64 03 00 00 0c 01 00 00 0c 80 0e 01 00 03
- Dec 7 19:09:15.737103: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00
- Dec 7 19:09:15.737107: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 04 03 04 04 ed
- Dec 7 19:09:15.737111: | cleartext fragment 6c 81 64 03 00 00 0c 01 00 00 0c 80 0e 00 80 03
- Dec 7 19:09:15.737114: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00
- Dec 7 19:09:15.737118: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 28 05 03 04 03 ed
- Dec 7 19:09:15.737122: | cleartext fragment 6c 81 64 03 00 00 0c 01 00 00 0c 80 0e 00 80 03
- Dec 7 19:09:15.737126: | cleartext fragment 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 2d
- Dec 7 19:09:15.737130: | cleartext fragment 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0
- Dec 7 19:09:15.737133: | cleartext fragment a8 32 03 c0 a8 32 03 00 00 00 18 01 00 00 00 07
- Dec 7 19:09:15.737137: | cleartext fragment 00 00 10 00 00 ff ff c0 a8 32 02 c0 a8 32 02
- Dec 7 19:09:15.737141: | emitting 1 raw bytes of padding and length into cleartext
- Dec 7 19:09:15.737145: | padding and length 00
- Dec 7 19:09:15.737149: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
- Dec 7 19:09:15.737153: | emitting length of IKEv2 Encrypted Fragment: 400
- Dec 7 19:09:15.737157: | emitting length of ISAKMP Message: 428
- Dec 7 19:09:15.737174: | processing: suspend state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in complete_v2_state_transition() at ikev2.c:2787)
- Dec 7 19:09:15.737182: | processing: start state #2 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in complete_v2_state_transition() at ikev2.c:2787)
- Dec 7 19:09:15.737187: | #2 complete v2 state transition from STATE_UNDEFINED with STF_OK
- Dec 7 19:09:15.737192: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.737205: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.737210: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
- Dec 7 19:09:15.737215: | child state #2: STATE_UNDEFINED(ignore) => STATE_PARENT_I2(open-ike)
- Dec 7 19:09:15.737219: | ignore states: 0
- Dec 7 19:09:15.737223: | half-open-ike states: 0
- Dec 7 19:09:15.737227: | open-ike states: 2
- Dec 7 19:09:15.737231: | established-anonymous-ike states: 0
- Dec 7 19:09:15.737234: | established-authenticated-ike states: 0
- Dec 7 19:09:15.737238: | anonymous-ipsec states: 0
- Dec 7 19:09:15.737241: | authenticated-ipsec states: 0
- Dec 7 19:09:15.737245: | informational states: 0
- Dec 7 19:09:15.737249: | unknown states: 0
- Dec 7 19:09:15.737252: | category states: 2 count states: 2
- Dec 7 19:09:15.737257: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.737261: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.737266: | message ID #2 STATE_PARENT_I2 private#192.168.50.0/24 pst #1 st_msgid_nextuse(before=1) 2 st_msgid_lastack 0 st_msgid_lastrecv 4294967295 md is a resonse
- Dec 7 19:09:15.737283: | sending V2 reply packet to 192.168.50.2:500 (from port 500)
- Dec 7 19:09:15.737288: | sending fragments ...
- Dec 7 19:09:15.737296: | sending 539 bytes for STATE_PARENT_I1 through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.737300: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.737304: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff
- Dec 7 19:09:15.737307: | 00 01 00 04 35 c5 e2 aa e9 0b 36 f6 e1 18 97 ac
- Dec 7 19:09:15.737311: | 43 d9 bd b4 a2 32 9a b3 c6 f2 93 c0 d3 a8 0a 35
- Dec 7 19:09:15.737314: | da e5 53 46 c2 0b 39 ee 6b d7 cf cd 2a f6 20 6a
- Dec 7 19:09:15.737318: | 93 75 37 b9 d2 43 0d 3c 18 ec 36 52 e9 10 d3 33
- Dec 7 19:09:15.737322: | 93 20 14 91 20 5b 90 71 34 dd f5 74 b9 71 3f 5e
- Dec 7 19:09:15.737325: | 14 35 0d 14 ab eb 89 a6 b2 f9 ec cd c4 ae 76 c4
- Dec 7 19:09:15.737330: | 4c 85 5d 06 87 4d 70 72 3f e0 4f 88 a2 36 db b1
- Dec 7 19:09:15.737333: | ca be 58 08 57 48 a6 c5 f0 35 86 02 75 6e 0e e1
- Dec 7 19:09:15.737337: | 08 c8 37 f2 68 1d 0d 0d 9f 33 fd 1d dc 80 1e 6a
- Dec 7 19:09:15.737340: | 0c c6 d5 43 d6 e5 d2 d7 e8 cf 3a e6 1c d8 0f 4a
- Dec 7 19:09:15.737344: | b3 fc 88 8f 1e fe 73 b5 d6 54 99 4c 39 ca 5d 8f
- Dec 7 19:09:15.737347: | 06 fe 4b a9 d8 65 d2 df fe 0b a8 5e 1d 93 ca 4e
- Dec 7 19:09:15.737351: | de 33 75 c7 31 80 b3 0c b5 e8 75 a8 d4 3b 44 f0
- Dec 7 19:09:15.737354: | 05 9b e6 06 6c 43 a0 95 33 47 a6 4a a7 df de 45
- Dec 7 19:09:15.737358: | 44 88 2a d8 7f 60 f2 15 b9 93 1f f7 79 53 5b 99
- Dec 7 19:09:15.737361: | 69 e8 6e e3 57 2a d6 9b 57 b5 af 2b fd b5 8c de
- Dec 7 19:09:15.737365: | 36 cc 7d 89 f0 2d 4e c9 0b 4a 28 d6 69 9f d1 0b
- Dec 7 19:09:15.737369: | 9a 7f f2 93 b0 f5 d5 4b 77 41 bb d4 1c 95 2d 63
- Dec 7 19:09:15.737372: | 13 4d 8c ff 3e 25 3a 25 f4 a8 58 43 bd 0e 4c dc
- Dec 7 19:09:15.737376: | 3e 60 5b ea bd e0 59 2a cb c5 7e ef 5f 7c dd b3
- Dec 7 19:09:15.737379: | 8d 17 94 ea 13 43 4f d1 46 ba ac ab 1e f1 47 d9
- Dec 7 19:09:15.737383: | db 1e 88 c3 9f 8f 61 15 f6 4e b3 90 9a 47 c4 9e
- Dec 7 19:09:15.737386: | 76 ea 76 02 50 55 bc b5 25 35 f2 e1 d9 f4 25 10
- Dec 7 19:09:15.737390: | ce c5 2d 33 6b b9 db 72 99 8c 54 11 85 23 d8 52
- Dec 7 19:09:15.737393: | 4b 39 24 a0 13 06 ad 8d ac c2 81 b1 58 45 96 90
- Dec 7 19:09:15.737397: | d9 0f 21 42 72 cb 1d 00 6f be 79 32 d1 40 01 f7
- Dec 7 19:09:15.737400: | fe b8 0b 7b ad 85 c8 ee 11 6e 85 38 fe 13 f4 87
- Dec 7 19:09:15.737404: | d2 a4 20 d7 78 0d 91 2e 4c ba da b9 ef 92 09 17
- Dec 7 19:09:15.737408: | a3 e1 2e f5 c0 cf 32 20 5e 90 b7 f7 e8 05 28 f4
- Dec 7 19:09:15.737411: | 21 0b 2f 13 a6 2f 24 aa bd 2c 4f 09 1b eb fd 6a
- Dec 7 19:09:15.737415: | 0b 13 e0 76 44 3b 1e 81 e1 77 e7 7e de 2c 54 35
- Dec 7 19:09:15.737419: | c0 2f e2 0e b9 e3 47 d0 13 18 a3
- Dec 7 19:09:15.737559: | sending 539 bytes for STATE_PARENT_I1 through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.737577: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.737581: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff
- Dec 7 19:09:15.737584: | 00 02 00 04 60 b3 86 4f c4 ed 81 5e 99 d1 2f 3e
- Dec 7 19:09:15.737588: | 2c 5d ab bb de 1b 65 d9 09 3b ec 4b e0 f8 f9 ba
- Dec 7 19:09:15.737591: | 5f 31 3c 85 2c ac e1 8b 99 7e 6a 16 80 0a e3 1a
- Dec 7 19:09:15.737595: | bd 35 ed de 3f 01 38 b3 53 2d be ef bd be f3 5e
- Dec 7 19:09:15.737598: | b8 f8 50 b1 a7 7c 53 d5 77 72 75 61 15 99 50 9e
- Dec 7 19:09:15.737602: | 12 a2 1c 12 ea 35 b3 35 bd 7e 88 9e b6 7b f7 0d
- Dec 7 19:09:15.737605: | 2e 1b cd f7 e1 ea b9 89 33 f7 4e 92 92 50 43 12
- Dec 7 19:09:15.737609: | 4c 9e ba 04 fb 4e 72 70 21 81 50 ee d7 27 f9 92
- Dec 7 19:09:15.737612: | 8e 39 53 fd b6 b4 d9 36 e4 66 98 9f 07 cc e1 36
- Dec 7 19:09:15.737616: | 00 b7 1d 4e cd c8 a8 6a 4c a2 86 cf 5d af 22 0a
- Dec 7 19:09:15.737619: | 6f 96 93 b4 ad fd 3a e3 2e 1e ba 0e a0 cb 84 f0
- Dec 7 19:09:15.737623: | 6f d0 b2 27 80 bc e5 3b 25 80 b1 ca 31 e5 ba 3b
- Dec 7 19:09:15.737627: | dd 65 cd 5d ad 1c 3c f3 a0 88 20 7a 4f a9 b5 e4
- Dec 7 19:09:15.737630: | 54 be f3 5d 91 a7 c7 6c 7b 79 e0 52 51 8a e4 23
- Dec 7 19:09:15.737634: | f8 a9 f5 0f 0a e2 ec e0 50 1c 9d df 38 ef f1 2c
- Dec 7 19:09:15.737637: | a0 e7 fb 79 8f 16 3e 59 64 d7 0e 11 6e a1 89 a7
- Dec 7 19:09:15.737641: | ef de 30 82 39 69 c6 23 d6 03 0d ef 5a 13 4a 34
- Dec 7 19:09:15.737644: | d8 62 2e 58 79 95 99 94 d0 5a 19 f4 b8 b2 5c 56
- Dec 7 19:09:15.737648: | 5d 0f 25 a5 42 09 bf 6d e1 5f dc 98 a3 ec 43 e7
- Dec 7 19:09:15.737651: | 4d d2 e3 ae 4f ee fe 9b 66 eb f6 ee 06 38 6d 1b
- Dec 7 19:09:15.737655: | db c3 c7 dd ba 94 63 da 12 86 e3 e2 1e 2d a2 d1
- Dec 7 19:09:15.737658: | 3b c4 57 83 44 75 9a 81 5c 56 9d 1d 95 0a 81 ba
- Dec 7 19:09:15.737662: | e5 f8 fa e2 a7 69 b3 81 01 59 e4 03 8f de ff f5
- Dec 7 19:09:15.737665: | f0 70 12 eb f1 f5 5b f6 19 67 88 7d 4e 88 49 3f
- Dec 7 19:09:15.737669: | dc a0 cf 05 ef 5d 95 d6 99 6f 66 e9 ab 4f 3d 8c
- Dec 7 19:09:15.737672: | e7 a3 b1 e2 35 8f 49 a1 4d 38 9b 21 05 24 d0 78
- Dec 7 19:09:15.737676: | fe 67 a4 89 09 95 ab a0 b1 f3 57 1e c3 ca de f4
- Dec 7 19:09:15.737679: | 49 08 7c d0 1c 79 3c 95 52 2f e9 2b 19 77 29 7d
- Dec 7 19:09:15.737683: | ac 9b e7 c3 06 65 8d 76 f4 5b e8 65 27 cb 62 46
- Dec 7 19:09:15.737687: | 9c 93 1b a1 0e 26 c8 39 52 de 38 0d ea 33 9e 0f
- Dec 7 19:09:15.737690: | 4e 50 0f 68 3f c7 5c 31 b0 5e c9 82 86 aa 3c cf
- Dec 7 19:09:15.737694: | b0 d0 5d 76 81 0b 8a 5c 95 c6 74
- Dec 7 19:09:15.737712: | sending 539 bytes for STATE_PARENT_I1 through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.737716: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.737720: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff
- Dec 7 19:09:15.737724: | 00 03 00 04 07 f1 e4 e8 1f fa 68 c7 9f 50 ef 60
- Dec 7 19:09:15.737727: | 66 c5 9c af 13 55 f0 ec 39 29 ef c7 d7 5d 0a 63
- Dec 7 19:09:15.737731: | 89 ea 7e 9a 48 17 74 25 df dd 37 2c 1c 7d 4e 91
- Dec 7 19:09:15.737734: | d9 bb 4b af c4 59 e5 63 13 83 2d 47 f9 9f b3 34
- Dec 7 19:09:15.737738: | 46 a3 be fa 00 03 c8 88 6d a7 98 33 cb 1e 13 ed
- Dec 7 19:09:15.737741: | cc 9a 36 0c 5e e9 d8 60 a1 5f 14 6f 7a 63 40 03
- Dec 7 19:09:15.737745: | b0 34 38 ef 6c f4 8c 77 c3 b4 eb 26 72 67 cb 32
- Dec 7 19:09:15.737748: | 37 e8 85 ce 51 88 33 56 70 3e 5d d4 75 cc 48 c7
- Dec 7 19:09:15.737752: | 1b b5 c6 e9 86 30 df c1 e8 a9 96 26 2e d9 8c 46
- Dec 7 19:09:15.737755: | f6 d5 1f 82 b0 3a 83 32 7f 1e 7e 4a e1 34 f2 7f
- Dec 7 19:09:15.737759: | 5d d8 19 2b c1 16 5c 57 09 56 c7 b2 86 4f fc f4
- Dec 7 19:09:15.737762: | f5 1d 71 a4 0e ef 67 1a 95 5b 35 32 3b 24 f0 8f
- Dec 7 19:09:15.737766: | 25 5c 04 f9 5d 0d 9a 8c 2b 4e 8e c0 12 f7 3f 35
- Dec 7 19:09:15.737769: | 04 e9 e7 27 dc 0e 90 29 fb 0e 92 4f 78 87 ce 83
- Dec 7 19:09:15.737776: | a5 bb c6 80 c7 ac af e9 bb 27 25 ea 94 bf 36 97
- Dec 7 19:09:15.737780: | 33 14 92 3b c0 61 74 38 3d 13 b1 8e 7e a2 39 14
- Dec 7 19:09:15.737784: | 85 78 88 cf fb c7 b3 dc bb d7 ee ec 37 38 19 6d
- Dec 7 19:09:15.737787: | bd a2 11 85 1e a8 27 8d 03 68 27 59 dd 60 59 e4
- Dec 7 19:09:15.737791: | da d9 17 c3 44 33 ab 2e 98 b0 09 75 81 8c 73 f2
- Dec 7 19:09:15.737794: | 54 ac 63 78 20 15 74 46 ed 2f 22 5c 8a b6 bd aa
- Dec 7 19:09:15.737798: | fa 09 aa 06 18 0f cc 7c f5 a6 9b ab e9 ca aa 90
- Dec 7 19:09:15.737801: | 10 63 1b 17 84 9c c1 71 47 8e c3 7f 43 82 b6 37
- Dec 7 19:09:15.737805: | d7 2d 07 73 06 8f e4 83 46 1e 13 22 1a 87 f9 0d
- Dec 7 19:09:15.737808: | 3c 33 44 4c 84 1a 0d 23 a4 1a d0 4c 30 2a 6f c7
- Dec 7 19:09:15.737812: | 21 49 8c a9 1c ab 1d c1 d0 73 4b 1a 97 f2 b4 a9
- Dec 7 19:09:15.737815: | b4 bd ce 2b de 10 26 0f 73 5d e2 30 fd e7 1e 04
- Dec 7 19:09:15.737819: | ba 25 a0 04 ec dc e7 5e 3d 62 3e 7e ba 97 87 fc
- Dec 7 19:09:15.737822: | 27 84 bd f7 b1 4b 39 42 f3 07 f3 26 d8 62 5e b7
- Dec 7 19:09:15.737826: | 7e 79 a8 e4 0f 88 11 31 4a c2 de 9b 2c fa c2 78
- Dec 7 19:09:15.737829: | 98 da e9 a6 23 30 98 b0 b2 2c ca 89 86 dd 00 6b
- Dec 7 19:09:15.737833: | 31 d7 26 6b 21 b1 20 00 d1 d5 a7 59 82 45 22 e2
- Dec 7 19:09:15.737836: | ae 46 53 8d d5 c5 06 60 ce e1 44
- Dec 7 19:09:15.737848: | sending 428 bytes for STATE_PARENT_I1 through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.737852: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.737856: | 35 20 23 08 00 00 00 01 00 00 01 ac 00 00 01 90
- Dec 7 19:09:15.737860: | 00 04 00 04 7b 44 04 67 c2 ed 71 ef b4 8e 6c 55
- Dec 7 19:09:15.737863: | 78 a6 c8 d7 f9 50 35 82 f8 8e 9a 93 2c 85 7e bb
- Dec 7 19:09:15.737867: | 12 d5 b2 56 54 f5 78 b2 ae f7 22 c8 1a cc b3 6c
- Dec 7 19:09:15.737870: | bb 41 19 c3 61 a9 d4 99 71 8b 71 21 42 2b 7c 9d
- Dec 7 19:09:15.737874: | b9 ad 6c 6f 36 12 d1 f6 e5 d7 89 20 9f 5f 10 db
- Dec 7 19:09:15.737877: | 38 ed cf 07 e8 8a 19 4b 7d 69 2f 4a c8 5c bc bb
- Dec 7 19:09:15.737881: | a1 3e ad c1 0a e0 71 80 bc 54 79 eb ba 18 c7 20
- Dec 7 19:09:15.737884: | 02 31 5c f0 fe fe 6a cb de 4f 23 18 07 ea 7c 7f
- Dec 7 19:09:15.737888: | bf 7c 1e 1e 3b 61 66 c8 d9 df f2 b2 86 68 a7 33
- Dec 7 19:09:15.737891: | 13 01 90 39 0f 3d 20 69 44 0f f3 2b 4a 5e 93 98
- Dec 7 19:09:15.737895: | 6b e1 a8 c4 7c f9 5c 28 08 a6 89 dd 46 ee 3e 45
- Dec 7 19:09:15.737898: | 26 72 83 34 77 68 85 75 36 08 b7 42 b0 3a 50 e2
- Dec 7 19:09:15.737902: | b7 36 c4 d7 63 c6 ac d3 f5 0a 79 a3 16 50 4a 32
- Dec 7 19:09:15.737905: | 9e 86 31 fe 73 18 43 8b 8b d8 15 35 32 ae e3 81
- Dec 7 19:09:15.737909: | 20 54 4a 38 79 fd cf e7 43 c6 9e 0d e0 a9 05 9b
- Dec 7 19:09:15.737912: | 6e 55 f7 20 66 41 ac 9e d6 85 4d d3 bf 83 18 66
- Dec 7 19:09:15.737916: | 3f 29 b3 5c 86 d0 99 70 27 60 6e 07 55 a1 6f e8
- Dec 7 19:09:15.737919: | 22 be 14 cd d9 98 ad bf c9 96 d8 1e 61 73 b5 e5
- Dec 7 19:09:15.737923: | 8a d4 de 26 b2 1a a0 a3 fb 80 45 63 8d ab f5 d9
- Dec 7 19:09:15.737927: | 7c 39 e7 88 22 6f ff 1b 7a 51 6a 4e 7a 48 e2 14
- Dec 7 19:09:15.737930: | 13 e2 94 f6 5c bf 93 94 f4 4f 9c d5 58 ac 74 9b
- Dec 7 19:09:15.737934: | a6 c0 f9 a4 36 09 12 ca c5 b3 da 87 c2 f1 16 47
- Dec 7 19:09:15.737937: | 44 a3 43 7a 1f e3 27 d9 24 e3 96 ff bf a3 8f af
- Dec 7 19:09:15.737941: | 19 5b 65 0d 8a 72 8d e7 0c 49 52 3e ad ab 91 bd
- Dec 7 19:09:15.737944: | 28 bf ff da 15 38 d4 2b df 66 5c 94
- Dec 7 19:09:15.737955: | sent 4 fragments
- Dec 7 19:09:15.737961: | state #2 requesting to delete non existing event
- Dec 7 19:09:15.737966: | success_v2_state_transition scheduling EVENT_v2_RETRANSMIT of c->r_interval=500ms
- Dec 7 19:09:15.737974: | event_schedule: new EVENT_v2_RETRANSMIT-pe@0x564dee3d3c78
- Dec 7 19:09:15.737980: | inserting event EVENT_v2_RETRANSMIT, timeout in 0.500 seconds for #2
- Dec 7 19:09:15.737995: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 992.664
- Dec 7 19:09:15.738007: | processing: stop state #2 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in schedule_event_now_cb() at server.c:597)
- Dec 7 19:09:15.738012: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.738016: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.754189: | *received 65 bytes from 192.168.50.2:500 on eth1 (port=500)
- Dec 7 19:09:15.754215: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754218: | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25
- Dec 7 19:09:15.754220: | 8b 5c 43 4f eb 99 66 39 91 b0 b9 2f 50 cc c7 90
- Dec 7 19:09:15.754222: | 9e cc e8 92 eb 9f 87 a9 1b 90 9b 62 c6 7c ab a9
- Dec 7 19:09:15.754225: | 75
- Dec 7 19:09:15.754229: | processing: start from 192.168.50.2:500 (in process_md() at demux.c:392)
- Dec 7 19:09:15.754233: | **parse ISAKMP Message:
- Dec 7 19:09:15.754236: | initiator cookie:
- Dec 7 19:09:15.754238: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.754240: | responder cookie:
- Dec 7 19:09:15.754243: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754246: | next payload type: ISAKMP_NEXT_v2SK (0x2e)
- Dec 7 19:09:15.754248: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.754251: | exchange type: ISAKMP_v2_AUTH (0x23)
- Dec 7 19:09:15.754254: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
- Dec 7 19:09:15.754257: | message ID: 00 00 00 01
- Dec 7 19:09:15.754259: | length: 65 (0x41)
- Dec 7 19:09:15.754262: | processing version=2.0 packet with exchange type=ISAKMP_v2_AUTH (35)
- Dec 7 19:09:15.754265: | I am receiving an IKEv2 Response ISAKMP_v2_AUTH
- Dec 7 19:09:15.754267: | I am the IKE SA Original Initiator
- Dec 7 19:09:15.754274: | cookies table: hash icookie af 26 30 ff 4b 80 f5 5b rcookie 50 e3 a7 bd 0a d5 14 e9 to 849541088340921400 slot 0x564decec4d60
- Dec 7 19:09:15.754277: | v2 peer, cookies and msgid match on #2
- Dec 7 19:09:15.754280: | v2 state object #2 found, in STATE_PARENT_I2
- Dec 7 19:09:15.754282: | found state #2
- Dec 7 19:09:15.754288: | processing: start state #2 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in ikev2_process_packet() at ikev2.c:1538)
- Dec 7 19:09:15.754292: | processing: start connection "private#192.168.50.0/24"[1] ...192.168.50.2 (BACKGROUND) (in ikev2_process_packet() at ikev2.c:1543)
- Dec 7 19:09:15.754296: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754298: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754301: | #2 is idle
- Dec 7 19:09:15.754303: | #2 idle
- Dec 7 19:09:15.754306: | #2 in state PARENT_I2: sent v2I2, expected v2R2
- Dec 7 19:09:15.754309: | Unpacking clear payload for svm: Initiator: process INVALID_SYNTAX AUTH notification
- Dec 7 19:09:15.754312: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
- Dec 7 19:09:15.754315: | ***parse IKEv2 Encryption Payload:
- Dec 7 19:09:15.754317: | next payload type: ISAKMP_NEXT_v2N (0x29)
- Dec 7 19:09:15.754319: | flags: none (0x0)
- Dec 7 19:09:15.754322: | length: 37 (0x25)
- Dec 7 19:09:15.754324: | processing payload: ISAKMP_NEXT_v2SK (len=37)
- Dec 7 19:09:15.754327: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754329: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754352: | #2 ikev2 ISAKMP_v2_AUTH decrypt success
- Dec 7 19:09:15.754355: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.754358: | **parse IKEv2 Notify Payload:
- Dec 7 19:09:15.754360: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.754363: | flags: none (0x0)
- Dec 7 19:09:15.754365: | length: 8 (0x8)
- Dec 7 19:09:15.754367: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.754370: | SPI size: 0 (0x0)
- Dec 7 19:09:15.754372: | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18)
- Dec 7 19:09:15.754375: | processing payload: ISAKMP_NEXT_v2N (len=8)
- Dec 7 19:09:15.754388: | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification
- Dec 7 19:09:15.754391: | Now lets proceed with state specific processing
- Dec 7 19:09:15.754393: | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification
- Dec 7 19:09:15.754397: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: IKE SA authentication request rejected: AUTHENTICATION_FAILED
- Dec 7 19:09:15.754401: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: scheduling retry attempt 1 of an unlimited number
- Dec 7 19:09:15.754405: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754407: | serialno table: hash serialno #1 to head 0x564dececb000
- Dec 7 19:09:15.754415: | free_event_entry: release EVENT_v2_RETRANSMIT-pe@0x564dee3d3c78
- Dec 7 19:09:15.754418: | event_schedule: new EVENT_v2_RETRANSMIT-pe@0x564dee3d3c78
- Dec 7 19:09:15.754422: | inserting event EVENT_v2_RETRANSMIT, timeout in 59.983 seconds for #2
- Dec 7 19:09:15.754427: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.983 seconds for retry
- Dec 7 19:09:15.754430: | complete v2 state transition with STF_IGNORE
- Dec 7 19:09:15.754434: | processing: stop from 192.168.50.2:500 (BACKGROUND) (in process_md() at demux.c:394)
- Dec 7 19:09:15.754438: | processing: stop state #2 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.754440: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.754443: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.754446: | processing: resume connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.754449: | processing: stop connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:397)
- Dec 7 19:09:15.754460: | *received 65 bytes from 192.168.50.2:500 on eth1 (port=500)
- Dec 7 19:09:15.754463: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754466: | 2e 20 25 00 00 00 00 00 00 00 00 41 2a 00 00 25
- Dec 7 19:09:15.754468: | 95 00 95 be 62 3c de df 97 d4 98 ea 61 ab 67 c5
- Dec 7 19:09:15.754470: | 54 49 4d 50 81 ef 99 26 dd ba 0c 3b 7a dd 55 ae
- Dec 7 19:09:15.754472: | d5
- Dec 7 19:09:15.754475: | processing: start from 192.168.50.2:500 (in process_md() at demux.c:392)
- Dec 7 19:09:15.754478: | **parse ISAKMP Message:
- Dec 7 19:09:15.754480: | initiator cookie:
- Dec 7 19:09:15.754482: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.754484: | responder cookie:
- Dec 7 19:09:15.754487: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754489: | next payload type: ISAKMP_NEXT_v2SK (0x2e)
- Dec 7 19:09:15.754492: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.754494: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
- Dec 7 19:09:15.754496: | flags: none (0x0)
- Dec 7 19:09:15.754499: | message ID: 00 00 00 00
- Dec 7 19:09:15.754501: | length: 65 (0x41)
- Dec 7 19:09:15.754504: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
- Dec 7 19:09:15.754506: | I am receiving an IKEv2 Request ISAKMP_v2_INFORMATIONAL
- Dec 7 19:09:15.754509: | I am the IKE SA Original Initiator
- Dec 7 19:09:15.754514: | cookies table: hash icookie af 26 30 ff 4b 80 f5 5b rcookie 50 e3 a7 bd 0a d5 14 e9 to 849541088340921400 slot 0x564decec4d60
- Dec 7 19:09:15.754517: | parent v2 peer and cookies match on #1
- Dec 7 19:09:15.754519: | v2 state object #1 found, in STATE_PARENT_I2
- Dec 7 19:09:15.754522: | processing: start state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in processed_retransmit() at ikev2.c:1187)
- Dec 7 19:09:15.754525: | found state #1
- Dec 7 19:09:15.754528: | processing: [RE]START state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in ikev2_process_packet() at ikev2.c:1538)
- Dec 7 19:09:15.754531: | processing: start connection "private#192.168.50.0/24"[1] ...192.168.50.2 (BACKGROUND) (in ikev2_process_packet() at ikev2.c:1543)
- Dec 7 19:09:15.754541: | #1 is idle
- Dec 7 19:09:15.754543: | #1 idle
- Dec 7 19:09:15.754546: | #1 in state PARENT_I2: sent v2I2, expected v2R2
- Dec 7 19:09:15.754548: | selected state microcode roof
- Dec 7 19:09:15.754550: | no useful state microcode entry found
- Dec 7 19:09:15.754554: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: responding to INFORMATIONAL message (ID 0) from 192.168.50.2:500 with encrypted notification INVALID_IKE_SPI
- Dec 7 19:09:15.754557: | Opening output PBS encrypted notification
- Dec 7 19:09:15.754560: | **emit ISAKMP Message:
- Dec 7 19:09:15.754562: | initiator cookie:
- Dec 7 19:09:15.754564: | af 26 30 ff 4b 80 f5 5b
- Dec 7 19:09:15.754567: | responder cookie:
- Dec 7 19:09:15.754569: | 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754571: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Dec 7 19:09:15.754574: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
- Dec 7 19:09:15.754576: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
- Dec 7 19:09:15.754579: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
- Dec 7 19:09:15.754581: | message ID: 00 00 00 00
- Dec 7 19:09:15.754584: | next payload type: saving message location 'ISAKMP Message' 'next payload type'
- Dec 7 19:09:15.754587: | ***emit IKEv2 Encryption Payload:
- Dec 7 19:09:15.754590: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.754592: | flags: none (0x0)
- Dec 7 19:09:15.754595: | next payload type: setting 'ISAKMP Message' 'next payload type' to IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
- Dec 7 19:09:15.754598: | next payload type: saving payload location 'IKEv2 Encryption Payload' 'next payload type'
- Dec 7 19:09:15.754608: | emitting 8 raw bytes of IV into IKEv2 Encryption Payload
- Dec 7 19:09:15.754611: | IV dc 57 05 18 5e 95 7a 0e
- Dec 7 19:09:15.754615: | Adding a v2N Payload
- Dec 7 19:09:15.754618: | ****emit IKEv2 Notify Payload:
- Dec 7 19:09:15.754621: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
- Dec 7 19:09:15.754624: | flags: none (0x0)
- Dec 7 19:09:15.754627: | Protocol ID: PROTO_v2_RESERVED (0x0)
- Dec 7 19:09:15.754630: | SPI size: 0 (0x0)
- Dec 7 19:09:15.754634: | Notify Message Type: v2N_INVALID_IKE_SPI (0x4)
- Dec 7 19:09:15.754638: | next payload type: setting 'IKEv2 Encryption Payload' 'next payload type' to IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
- Dec 7 19:09:15.754641: | next payload type: saving payload location 'IKEv2 Notify Payload' 'next payload type'
- Dec 7 19:09:15.754644: | emitting length of IKEv2 Notify Payload: 8
- Dec 7 19:09:15.754648: | adding 1 bytes of padding (including 1 byte padding-length)
- Dec 7 19:09:15.754651: | emitting 1 raw bytes of padding and length into IKEv2 Encryption Payload
- Dec 7 19:09:15.754659: | padding and length 00
- Dec 7 19:09:15.754662: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
- Dec 7 19:09:15.754666: | emitting length of IKEv2 Encryption Payload: 37
- Dec 7 19:09:15.754669: | emitting length of ISAKMP Message: 65
- Dec 7 19:09:15.754682: | sending 65 bytes for v2 notify through eth1:500 to 192.168.50.2:500 (using #1)
- Dec 7 19:09:15.754686: | af 26 30 ff 4b 80 f5 5b 50 e3 a7 bd 0a d5 14 e9
- Dec 7 19:09:15.754690: | 2e 20 25 28 00 00 00 00 00 00 00 41 29 00 00 25
- Dec 7 19:09:15.754693: | dc 57 05 18 5e 95 7a 0e 92 45 9d c4 13 04 2e 5c
- Dec 7 19:09:15.754695: | 9e ff bd e3 b0 41 ae cb 69 23 a9 b6 76 85 4d ec
- Dec 7 19:09:15.754698: | d9
- Dec 7 19:09:15.754772: | processing: stop from 192.168.50.2:500 (BACKGROUND) (in process_md() at demux.c:394)
- Dec 7 19:09:15.754784: | processing: stop state #1 connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.754792: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.754797: | serialno table: hash serialno #0 to head 0x564dececafe0
- Dec 7 19:09:15.754803: | processing: resume connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:396)
- Dec 7 19:09:15.754809: | processing: stop connection "private#192.168.50.0/24"[1] ...192.168.50.2 (in process_md() at demux.c:397)
- ------
Add Comment
Please, Sign In to add comment