[Swan-dev] problem with ikev2 for libreswan version 3.8
jeffchen
jeffchen at ruggedcom.com
Fri Apr 25 17:47:40 EEST 2014
Hi,
I am trying to use ikev2 for libreswan (version 3.8). I have some
problem (same problem happen for libreswan version 3.7) to connect the
ipsec tunnel between two libreswan endpoint using ikev2. I also tried to
use ikev2=insist, it has the same problem.
If I use ikev1, the tunnel is established successfully with the same
configuration.
My setup is quite simple, the two libreswan endpoint are back to back
connected. And I use preshared key to establish the tunnel.
Below is my configuration:
config setup
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
nhelpers=0
oe=off
protostack=netkey
# Add connections here
# sample VPN connections, see /etc/ipsec.d/examples/
conn net32
connaddrfamily=ipv4
authby=secret
auto=add
ikev2=propose
phase2=esp
left=192.168.32.4
leftsubnet=192.168.13.0/24
leftupdown="ipsec _updown --route yes"
pfs=no
right=192.168.32.9
rightsubnet=192.168.41.0/24
rightupdown="ipsec _updown --route yes"
type=tunnel
Basically the problem is that during the ikev2 negotiation, it can not
find the v2 state object for ICOOKIE and RCOOKIE pair, and it sends
v2N_INVALID_MESSAGE_ID message to the peer. The error message looks like
this:
Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet with
exchange type=ISAKMP_v2_AUTH (35)
Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF
Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500: sending
notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500
And I found the problem is actually caused by a deletion of state just
before the above messages:
Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
STF_INLINE
Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages from
cryptographic helpers
Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_SO_DISCARD in 0
seconds for #1
Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD
Apr 25 10:14:38 R4 pluto[25049]: | event after this is
EVENT_PENDING_DDNS in 41 seconds
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 41
seconds
Looked at the source code, found in programs/pluto/state.c, function
insert_state, it has this piece of code:
if (st->st_event == NULL)
event_schedule(EVENT_SO_DISCARD, 0, st);
It deletes the state and cause the state can not be found for the
ICOOKIE and RCOOKIE pair. If I comment this piece of code, the tunnel is
established successfully.
Does anyone know what cause this problem? Maybe my configuration has
something wrong?
Thanks
Jeff Chen
Below is the whole log message during the tunnel establishment:
Apr 25 10:14:31 R4 pluto[25049]: | base debugging =
raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
Apr 25 10:14:31 R4 pluto[25049]: | * processed 0 messages from
cryptographic helpers
Apr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 48
seconds
Apr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 48
seconds
Apr 25 10:14:38 R4 pluto[25049]: |
Apr 25 10:14:38 R4 pluto[25049]: | *received 820 bytes from
192.168.32.9:500 on switch.0012 (port=500)
Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 00 00 00
00 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 08 00 00 00 00 00 00 03
34 22 00 01 fc
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 01 01 00 04 03 00 00
0c 01 00 00 0c
Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 00
02 03 00 00 08
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 00
0e 02 00 00 2c
Apr 25 10:14:38 R4 pluto[25049]: | 02 01 00 04 03 00 00 0c 01 00 00
0c 80 0e 00 80
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 00
08 02 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00 00
28 03 01 00 04
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 00
08 03 00 00 02
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00 00
08 04 00 00 0e
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 04 01 00 04 03 00 00
08 01 00 00 03
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 00
08 02 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00 00
2c 05 01 00 04
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 0c 01 00 00 0c 80 0e 00
80 03 00 00 08
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 02 03 00 00 08 02 00 00
02 00 00 00 08
Apr 25 10:14:38 R4 pluto[25049]: | 04 00 00 05 02 00 00 2c 06 01 00
04 03 00 00 0c
Apr 25 10:14:38 R4 pluto[25049]: | 01 00 00 0c 80 0e 00 80 03 00 00
08 03 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00 00
08 04 00 00 05
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 07 01 00 04 03 00 00
08 01 00 00 03
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 02 03 00 00
08 02 00 00 02
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 05 02 00 00
28 08 01 00 04
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 00
08 03 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00 00
08 04 00 00 05
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 09 01 00 04 03 00 00
0c 01 00 00 0c
Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 00
02 03 00 00 08
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 00
02 02 00 00 2c
Apr 25 10:14:38 R4 pluto[25049]: | 0a 01 00 04 03 00 00 0c 01 00 00
0c 80 0e 00 80
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 00
08 02 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 02 00 00
28 0b 01 00 04
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 00
08 03 00 00 02
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00 00
08 04 00 00 02
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 28 0c 01 00 04 03 00 00
08 01 00 00 03
Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 00
08 02 00 00 01
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 28 00 01
08 00 0e 00 00
Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8 3d
c7 9c e5 43 53
Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b c0
c9 c6 d2 a2 aa
Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc d3
fb 76 c3 e1 c5
Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05 7b
aa 98 14 e6 1d
Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77 ab
12 cf 71 3b fb
Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28 fb
76 be 1f 7e 8b
Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a 90
f6 7a f7 42 d6
Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30 e6
e2 9f 0a bb cd
Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43 66
54 da 85 7c 9b
Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2 7a
1d 7d ed 05 69
Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30 1c
7c 35 d9 79 1e
Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37 4a
31 87 8d 0f 39
Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef 8d
5f f0 f9 69 c6
Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da f1
e9 15 09 dc 8a
Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c 94
01 00 3d 54 ce
Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e fd
95 59 d5 17 ee
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 14 1e 3c 63 b2 30 74 f3
9e d8 b3 c2 ec
Apr 25 10:14:38 R4 pluto[25049]: | b0 01 81 87
Apr 25 10:14:38 R4 pluto[25049]: | **parse ISAKMP Message:
Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 00 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996)
Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | length: 820
Apr 25 10:14:38 R4 pluto[25049]: | processing version=2.0 packet with
exchange type=ISAKMP_v2_SA_INIT (34)
Apr 25 10:14:38 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
(ISAKMP_NEXT_v2SA)
Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Security Association
Payload:
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | length: 508
Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2SA
(len=508)
Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
(ISAKMP_NEXT_v2KE)
Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Key Exchange Payload:
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
ISAKMP_NEXT_v2Ni
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | length: 264
Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2KE
(len=264)
Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
(ISAKMP_NEXT_v2Ni)
Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Nonce Payload:
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | length: 20
Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2Ni
(len=20)
Apr 25 10:14:38 R4 pluto[25049]: | Finished and now at the end of
ikev2_process_payload
Apr 25 10:14:38 R4 pluto[25049]: | Finished processing
ikev2_process_payloads
Apr 25 10:14:38 R4 pluto[25049]: | Now lets proceed with state specific
processing
Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 called from
ikev2parent_inI1outR1, me=192.168.32.4:500 him=192.168.32.9:500
policy=IKEv2ALLOW
Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair: comparing to
192.168.32.4:500 192.168.32.9:500
Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair_conn
(find_host_connection2): 192.168.32.4:500 192.168.32.9:500 -> hp:net32
Apr 25 10:14:38 R4 pluto[25049]: | searching for connection with policy
= IKEv2ALLOW
Apr 25 10:14:38 R4 pluto[25049]: | found policy =
PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+IKEv2Init+SAREFTRACK+IKE_FRAG (net32)
Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 returns net32
Apr 25 10:14:38 R4 pluto[25049]: | found connection: net32
Apr 25 10:14:38 R4 pluto[25049]: | creating state object #1 at 0x20fa8688
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:38 R4 pluto[25049]: | inserting state object #1
Apr 25 10:14:38 R4 pluto[25049]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Apr 25 10:14:38 R4 pluto[25049]: | event added at head of queue
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | will not send/process a dcookie
Apr 25 10:14:38 R4 pluto[25049]: | helper -1 doing build_kenonce op id: 0
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of Prime:
Apr 25 10:14:38 R4 pluto[25049]: | ff ff ff ff ff ff ff ff c9 0f da
a2 21 68 c2 34
Apr 25 10:14:38 R4 pluto[25049]: | c4 c6 62 8b 80 dc 1c d1 29 02 4e
08 8a 67 cc 74
Apr 25 10:14:38 R4 pluto[25049]: | 02 0b be a6 3b 13 9b 22 51 4a 08
79 8e 34 04 dd
Apr 25 10:14:38 R4 pluto[25049]: | ef 95 19 b3 cd 3a 43 1b 30 2b 0a
6d f2 5f 14 37
Apr 25 10:14:38 R4 pluto[25049]: | 4f e1 35 6d 6d 51 c2 45 e4 85 b5
76 62 5e 7e c6
Apr 25 10:14:38 R4 pluto[25049]: | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c
b6 f4 06 b7 ed
Apr 25 10:14:38 R4 pluto[25049]: | ee 38 6b fb 5a 89 9f a5 ae 9f 24
11 7c 4b 1f e6
Apr 25 10:14:38 R4 pluto[25049]: | 49 28 66 51 ec e4 5b 3d c2 00 7c
b8 a1 63 bf 05
Apr 25 10:14:38 R4 pluto[25049]: | 98 da 48 36 1c 55 d3 9a 69 16 3f
a8 fd 24 cf 5f
Apr 25 10:14:38 R4 pluto[25049]: | 83 65 5d 23 dc a3 ad 96 1c 62 f3
56 20 85 52 bb
Apr 25 10:14:38 R4 pluto[25049]: | 9e d5 29 07 70 96 96 6d 67 0c 35
4e 4a bc 98 04
Apr 25 10:14:38 R4 pluto[25049]: | f1 74 6c 08 ca 18 21 7c 32 90 5e
46 2e 36 ce 3b
Apr 25 10:14:38 R4 pluto[25049]: | e3 9e 77 2c 18 0e 86 03 9b 27 83
a2 ec 07 a2 8f
Apr 25 10:14:38 R4 pluto[25049]: | b5 c5 5d f0 6f 4c 52 c9 de 2b cb
f6 95 58 17 18
Apr 25 10:14:38 R4 pluto[25049]: | 39 95 49 7c ea 95 6a e5 15 d2 26
18 98 fa 05 10
Apr 25 10:14:38 R4 pluto[25049]: | 15 72 8e 5a 8a ac aa 68 ff ff ff
ff ff ff ff ff
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of base:
Apr 25 10:14:38 R4 pluto[25049]: | 02
Apr 25 10:14:38 R4 pluto[25049]: | NSS: generated dh priv and pub keys: 256
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH secret (pointer):
Apr 25 10:14:38 R4 pluto[25049]: | 20 fa cc 60
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Public DH value sent(computed in
NSS):
Apr 25 10:14:38 R4 pluto[25049]: | 4d 26 44 7e 77 d8 17 f5 f5 b3 ef
f2 5b 14 67 35
Apr 25 10:14:38 R4 pluto[25049]: | fa c7 66 7e 62 d0 01 34 f2 c2 79
b0 e6 f3 fe 8b
Apr 25 10:14:38 R4 pluto[25049]: | db 99 5a b9 0a fb 9a 08 bf 3c 94
42 4c 15 8e 23
Apr 25 10:14:38 R4 pluto[25049]: | b1 ee 3c ff ca ad 05 01 00 b5 3d
1a 21 5f 4e b8
Apr 25 10:14:38 R4 pluto[25049]: | 95 ba c4 a3 48 8f 43 c7 d4 6a 77
03 93 0d 33 96
Apr 25 10:14:38 R4 pluto[25049]: | f1 e0 d5 57 e8 e4 08 7b 80 36 5c
e1 33 83 e7 d4
Apr 25 10:14:38 R4 pluto[25049]: | 2d 91 30 c6 0f c3 f2 19 e6 a8 79
ef 4e be 05 30
Apr 25 10:14:38 R4 pluto[25049]: | de dd df 02 5f c9 cd 40 75 16 29
91 08 55 29 4d
Apr 25 10:14:38 R4 pluto[25049]: | 88 eb 42 a0 f9 b2 cb ed 0e 4b 8a
74 6d ca 7c 89
Apr 25 10:14:38 R4 pluto[25049]: | de eb 3c 1e cc f6 f8 58 c8 27 b5
44 a1 21 2c 87
Apr 25 10:14:38 R4 pluto[25049]: | 74 bc 85 e0 c8 50 c8 a0 67 10 bc
72 e2 16 e2 c9
Apr 25 10:14:38 R4 pluto[25049]: | 4e 81 87 ce 89 6d 70 bb f1 4d 14
b9 70 9a 85 70
Apr 25 10:14:38 R4 pluto[25049]: | d9 45 ca f3 25 d9 ac ed 0f fd 33
cb 23 ed 82 0b
Apr 25 10:14:38 R4 pluto[25049]: | 17 0d fc ea c8 c5 1e 30 07 59 d5
be eb ab 2a 39
Apr 25 10:14:38 R4 pluto[25049]: | 9d 36 15 cb e4 0d 48 39 5e 2e 46
f9 5f 10 0f 57
Apr 25 10:14:38 R4 pluto[25049]: | 12 e6 e4 1f 23 e4 d8 2f 12 c8 29
98 d6 99 62 75
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH public value (pointer):
Apr 25 10:14:38 R4 pluto[25049]: | 20 fa c4 58
Apr 25 10:14:38 R4 pluto[25049]: | Generated nonce:
Apr 25 10:14:38 R4 pluto[25049]: | 96 c8 96 22 3d 1d 9e 99 3e 7c e6
c9 12 e8 3e f7
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 parent inI1outR1: calculated
ke+nonce, sending R1
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | **emit ISAKMP Message:
Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
Apr 25 10:14:38 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996)
Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Security Association
Payload:
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | no IKE algorithms for this connection
Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal Substructure
Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 44
Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 12
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
Apr 25 10:14:38 R4 pluto[25049]: | ******parse IKEv2 Attribute
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 8
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 8
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 8
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
Apr 25 10:14:38 R4 pluto[25049]: | ipprotoid is '1'
Apr 25 10:14:38 R4 pluto[25049]: | proposal 1 succeeded encr=
(policy:AES_CBC vs offered:AES_CBC)
Apr 25 10:14:38 R4 pluto[25049]: | succeeded
integ=(policy:AUTH_HMAC_SHA1_96 vs offered:AUTH_HMAC_SHA1_96)
Apr 25 10:14:38 R4 pluto[25049]: | succeeded prf=
(policy:PRF_HMAC_SHA1 vs offered:PRF_HMAC_SHA1)
Apr 25 10:14:38 R4 pluto[25049]: | succeeded dh=
(policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)
Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal Substructure
Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | length: 44
Apr 25 10:14:38 R4 pluto[25049]: | prop #: 2
Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
Apr 25 10:14:38 R4 pluto[25049]: | ****emit IKEv2 Proposal Substructure
Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_LAST
Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
Apr 25 10:14:38 R4 pluto[25049]: | ******emit IKEv2 Attribute
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
Apr 25 10:14:38 R4 pluto[25049]: | [128 is 128??]
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
Substructure Payload: 12
Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
Substructure Payload: 8
Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
Substructure Payload: 8
Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
Substructure Payload:
Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
Substructure Payload: 8
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Proposal
Substructure Payload: 44
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Security
Association Payload: 48
Apr 25 10:14:38 R4 pluto[25049]: | DH public value received:
Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8 3d
c7 9c e5 43 53
Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b c0
c9 c6 d2 a2 aa
Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc d3
fb 76 c3 e1 c5
Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05 7b
aa 98 14 e6 1d
Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77 ab
12 cf 71 3b fb
Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28 fb
76 be 1f 7e 8b
Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a 90
f6 7a f7 42 d6
Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30 e6
e2 9f 0a bb cd
Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43 66
54 da 85 7c 9b
Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2 7a
1d 7d ed 05 69
Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30 1c
7c 35 d9 79 1e
Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37 4a
31 87 8d 0f 39
Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef 8d
5f f0 f9 69 c6
Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da f1
e9 15 09 dc 8a
Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c 94
01 00 3d 54 ce
Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e fd
95 59 d5 17 ee
Apr 25 10:14:38 R4 pluto[25049]: | saving DH priv (local secret) and pub
key into state struc
Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Key Exchange Payload:
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
ISAKMP_NEXT_v2Ni
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
Apr 25 10:14:38 R4 pluto[25049]: | emitting 256 raw bytes of ikev2 g^x
into IKEv2 Key Exchange Payload
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4d 26 44 7e 77 d8 17 f5
f5 b3 ef f2 5b 14 67 35
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x fa c7 66 7e 62 d0 01 34
f2 c2 79 b0 e6 f3 fe 8b
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x db 99 5a b9 0a fb 9a 08
bf 3c 94 42 4c 15 8e 23
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x b1 ee 3c ff ca ad 05 01
00 b5 3d 1a 21 5f 4e b8
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 95 ba c4 a3 48 8f 43 c7
d4 6a 77 03 93 0d 33 96
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x f1 e0 d5 57 e8 e4 08 7b
80 36 5c e1 33 83 e7 d4
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 2d 91 30 c6 0f c3 f2 19
e6 a8 79 ef 4e be 05 30
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de dd df 02 5f c9 cd 40
75 16 29 91 08 55 29 4d
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 88 eb 42 a0 f9 b2 cb ed
0e 4b 8a 74 6d ca 7c 89
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de eb 3c 1e cc f6 f8 58
c8 27 b5 44 a1 21 2c 87
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 74 bc 85 e0 c8 50 c8 a0
67 10 bc 72 e2 16 e2 c9
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4e 81 87 ce 89 6d 70 bb
f1 4d 14 b9 70 9a 85 70
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x d9 45 ca f3 25 d9 ac ed
0f fd 33 cb 23 ed 82 0b
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 17 0d fc ea c8 c5 1e 30
07 59 d5 be eb ab 2a 39
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 9d 36 15 cb e4 0d 48 39
5e 2e 46 f9 5f 10 0f 57
Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 12 e6 e4 1f 23 e4 d8 2f
12 c8 29 98 d6 99 62 75
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Key Exchange
Payload: 264
Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Nonce Payload:
Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | emitting 16 raw bytes of IKEv2 nonce
into IKEv2 Nonce Payload
Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 nonce 96 c8 96 22 3d 1d 9e
99 3e 7c e6 c9 12 e8 3e f7
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Nonce
Payload: 20
Apr 25 10:14:38 R4 pluto[25049]: | no IKE message padding required
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of ISAKMP Message: 360
Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with STF_OK
Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: transition from state
STATE_IKEv2_START to state STATE_PARENT_R1
Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: STATE_PARENT_R1: received
v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_sha
group=modp2048}
Apr 25 10:14:38 R4 pluto[25049]: | sending reply packet to
192.168.32.9:500 (from port 500)
Apr 25 10:14:38 R4 pluto[25049]: | sending 360 bytes for
STATE_IKEv2_START through switch.0012:500 to 192.168.32.9:500 (using #1)
Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3d
ad 75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 20 00 00 00 00 00 00 01
68 22 00 00 30
Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 2c 01 01 00 04 03 00 00
0c 01 00 00 0c
Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 00
02 03 00 00 08
Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 00
0e 28 00 01 08
Apr 25 10:14:38 R4 pluto[25049]: | 00 0e 00 00 4d 26 44 7e 77 d8 17
f5 f5 b3 ef f2
Apr 25 10:14:38 R4 pluto[25049]: | 5b 14 67 35 fa c7 66 7e 62 d0 01
34 f2 c2 79 b0
Apr 25 10:14:38 R4 pluto[25049]: | e6 f3 fe 8b db 99 5a b9 0a fb 9a
08 bf 3c 94 42
Apr 25 10:14:38 R4 pluto[25049]: | 4c 15 8e 23 b1 ee 3c ff ca ad 05
01 00 b5 3d 1a
Apr 25 10:14:38 R4 pluto[25049]: | 21 5f 4e b8 95 ba c4 a3 48 8f 43
c7 d4 6a 77 03
Apr 25 10:14:38 R4 pluto[25049]: | 93 0d 33 96 f1 e0 d5 57 e8 e4 08
7b 80 36 5c e1
Apr 25 10:14:38 R4 pluto[25049]: | 33 83 e7 d4 2d 91 30 c6 0f c3 f2
19 e6 a8 79 ef
Apr 25 10:14:38 R4 pluto[25049]: | 4e be 05 30 de dd df 02 5f c9 cd
40 75 16 29 91
Apr 25 10:14:38 R4 pluto[25049]: | 08 55 29 4d 88 eb 42 a0 f9 b2 cb
ed 0e 4b 8a 74
Apr 25 10:14:38 R4 pluto[25049]: | 6d ca 7c 89 de eb 3c 1e cc f6 f8
58 c8 27 b5 44
Apr 25 10:14:38 R4 pluto[25049]: | a1 21 2c 87 74 bc 85 e0 c8 50 c8
a0 67 10 bc 72
Apr 25 10:14:38 R4 pluto[25049]: | e2 16 e2 c9 4e 81 87 ce 89 6d 70
bb f1 4d 14 b9
Apr 25 10:14:38 R4 pluto[25049]: | 70 9a 85 70 d9 45 ca f3 25 d9 ac
ed 0f fd 33 cb
Apr 25 10:14:38 R4 pluto[25049]: | 23 ed 82 0b 17 0d fc ea c8 c5 1e
30 07 59 d5 be
Apr 25 10:14:38 R4 pluto[25049]: | eb ab 2a 39 9d 36 15 cb e4 0d 48
39 5e 2e 46 f9
Apr 25 10:14:38 R4 pluto[25049]: | 5f 10 0f 57 12 e6 e4 1f 23 e4 d8
2f 12 c8 29 98
Apr 25 10:14:38 R4 pluto[25049]: | d6 99 62 75 00 00 00 14 96 c8 96
22 3d 1d 9e 99
Apr 25 10:14:38 R4 pluto[25049]: | 3e 7c e6 c9 12 e8 3e f7
Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
STF_INLINE
Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages from
cryptographic helpers
Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_SO_DISCARD in 0
seconds for #1
Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD
Apr 25 10:14:38 R4 pluto[25049]: | event after this is
EVENT_PENDING_DDNS in 41 seconds
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 41
seconds
Apr 25 10:14:39 R4 pluto[25049]: |
Apr 25 10:14:39 R4 pluto[25049]: | *received 316 bytes from
192.168.32.9:500 on switch.0012 (port=500)
Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3d
ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | 2e 20 23 08 00 00 00 01 00 00 01
3c 23 00 01 20
Apr 25 10:14:39 R4 pluto[25049]: | f3 53 aa ba ee 28 bc f3 28 fc 37
52 53 8c 64 40
Apr 25 10:14:39 R4 pluto[25049]: | 8e 74 39 49 53 83 30 ec 77 43 cd
05 79 ef a0 07
Apr 25 10:14:39 R4 pluto[25049]: | 14 64 ef 3b 08 e8 a1 f2 58 1a 44
6a de c9 10 b1
Apr 25 10:14:39 R4 pluto[25049]: | e7 e3 08 42 4e 90 cf f0 84 75 b3
2b a2 0c 74 37
Apr 25 10:14:39 R4 pluto[25049]: | 1e b9 4f 65 b7 06 4d 36 13 f0 bf
f6 41 2a a1 e8
Apr 25 10:14:39 R4 pluto[25049]: | bf 8d 0f 0c 9c a9 16 10 3a 63 34
f8 e4 09 52 8f
Apr 25 10:14:39 R4 pluto[25049]: | 35 f9 d0 2c d0 60 1f 37 40 16 8d
62 b0 d9 f4 a1
Apr 25 10:14:39 R4 pluto[25049]: | a3 f0 ba 7f f4 a1 8b 4c 2b 20 46
be de 61 55 51
Apr 25 10:14:39 R4 pluto[25049]: | 53 05 9f e3 7b 37 f6 15 df a8 55
32 04 ba 32 33
Apr 25 10:14:39 R4 pluto[25049]: | d5 57 19 7a b3 cd 99 20 71 6d 85
9d 77 13 91 82
Apr 25 10:14:39 R4 pluto[25049]: | 9b 77 e0 04 21 24 a7 a9 84 b4 26
54 da b2 e2 8d
Apr 25 10:14:39 R4 pluto[25049]: | 7f 39 1f 50 0b 6d a7 4d c1 21 03
30 36 8b 5e ca
Apr 25 10:14:39 R4 pluto[25049]: | 9b a2 ec 31 69 47 33 fe ee 60 57
7e 5f 93 a1 31
Apr 25 10:14:39 R4 pluto[25049]: | 2a de 2a 37 56 e2 59 3e f7 d5 32
41 f3 1d 91 e8
Apr 25 10:14:39 R4 pluto[25049]: | 5c f1 5a 25 b3 cf e1 aa cd db 8f
03 42 2b fc b7
Apr 25 10:14:39 R4 pluto[25049]: | d2 31 d1 8e b7 32 d3 b8 05 b2 ae
87 dc 1c 5b a2
Apr 25 10:14:39 R4 pluto[25049]: | 53 d6 6b 86 1c 98 3a 1c 0c b3 1b
ba 1a 9a ef 59
Apr 25 10:14:39 R4 pluto[25049]: | 84 84 a9 98 86 df 4f 5c 8f ad 19 ec
Apr 25 10:14:39 R4 pluto[25049]: | **parse ISAKMP Message:
Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2E
Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996)
Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_AUTH
Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 01
Apr 25 10:14:39 R4 pluto[25049]: | length: 316
Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet with
exchange type=ISAKMP_v2_AUTH (35)
Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF
Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500: sending
notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500
Apr 25 10:14:39 R4 pluto[25049]: | **emit ISAKMP Message:
Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2N
Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996)
Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | Adding a v2N Payload
Apr 25 10:14:39 R4 pluto[25049]: | ***emit IKEv2 Notify Payload:
Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:39 R4 pluto[25049]: | critical bit: none
Apr 25 10:14:39 R4 pluto[25049]: | Protocol ID: PROTO_ISAKMP
Apr 25 10:14:39 R4 pluto[25049]: | SPI size: 0
Apr 25 10:14:39 R4 pluto[25049]: | Notify Message Type:
v2N_INVALID_MESSAGE_ID
Apr 25 10:14:39 R4 pluto[25049]: | emitting length of IKEv2 Notify
Payload: 8
Apr 25 10:14:39 R4 pluto[25049]: | no IKE message padding required
Apr 25 10:14:39 R4 pluto[25049]: | emitting length of ISAKMP Message: 36
Apr 25 10:14:39 R4 pluto[25049]: | sending 36 bytes for
send_v2_notification through switch.0012:500 to 192.168.32.9:500 (using #0)
Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3d
ad 75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | 29 20 22 20 00 00 00 00 00 00 00
24 00 00 00 08
Apr 25 10:14:39 R4 pluto[25049]: | 01 00 00 09
Apr 25 10:14:39 R4 pluto[25049]: | * processed 0 messages from
cryptographic helpers
Apr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 40
seconds
Apr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 40
seconds
--
Jeff Chen
More information about the Swan-dev
mailing list