[Swan-dev] problem with ikev2 for libreswan version 3.8
Antony Antony
antony at phenome.org
Fri Apr 25 18:35:29 EEST 2014
Hi Jeff,
could you try without this line on both side.
nhelpers=0
leaving it out is better or change to non zero, say 1.
nhelpers=1
regards,
-antony
On Fri, Apr 25, 2014 at 10:47:40AM -0400, jeffchen wrote:
> Hi,
>
> I am trying to use ikev2 for libreswan (version 3.8). I have some
> problem (same problem happen for libreswan version 3.7) to connect
> the ipsec tunnel between two libreswan endpoint using ikev2. I also
> tried to use ikev2=insist, it has the same problem.
> If I use ikev1, the tunnel is established successfully with the same
> configuration.
>
> My setup is quite simple, the two libreswan endpoint are back to
> back connected. And I use preshared key to establish the tunnel.
>
> Below is my configuration:
> config setup
> # NAT-TRAVERSAL support, see README.NAT-Traversal
> nat_traversal=no
> nhelpers=0
> oe=off
> protostack=netkey
>
> # Add connections here
>
> # sample VPN connections, see /etc/ipsec.d/examples/
>
> conn net32
> connaddrfamily=ipv4
> authby=secret
> auto=add
> ikev2=propose
> phase2=esp
> left=192.168.32.4
> leftsubnet=192.168.13.0/24
> leftupdown="ipsec _updown --route yes"
> pfs=no
> right=192.168.32.9
> rightsubnet=192.168.41.0/24
> rightupdown="ipsec _updown --route yes"
> type=tunnel
>
> Basically the problem is that during the ikev2 negotiation, it can
> not find the v2 state object for ICOOKIE and RCOOKIE pair, and it
> sends v2N_INVALID_MESSAGE_ID message to the peer. The error message
> looks like this:
>
> Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet
> with exchange type=ISAKMP_v2_AUTH (35)
> Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
> Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
> Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
> Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
> Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF
> Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500:
> sending notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500
>
> And I found the problem is actually caused by a deletion of state
> just before the above messages:
>
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
> STF_INLINE
> Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers
> Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_SO_DISCARD in 0
> seconds for #1
> Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
> Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD
> Apr 25 10:14:38 R4 pluto[25049]: | event after this is
> EVENT_PENDING_DDNS in 41 seconds
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
> Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
> Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
> Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
> Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 41 seconds
>
> Looked at the source code, found in programs/pluto/state.c, function
> insert_state, it has this piece of code:
> if (st->st_event == NULL)
> event_schedule(EVENT_SO_DISCARD, 0, st);
> It deletes the state and cause the state can not be found for the
> ICOOKIE and RCOOKIE pair. If I comment this piece of code, the
> tunnel is established successfully.
>
> Does anyone know what cause this problem? Maybe my configuration has
> something wrong?
>
> Thanks
>
> Jeff Chen
>
> Below is the whole log message during the tunnel establishment:
>
> Apr 25 10:14:31 R4 pluto[25049]: | base debugging = raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
> Apr 25 10:14:31 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers
> Apr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 48 seconds
> Apr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 48 seconds
> Apr 25 10:14:38 R4 pluto[25049]: |
> Apr 25 10:14:38 R4 pluto[25049]: | *received 820 bytes from
> 192.168.32.9:500 on switch.0012 (port=500)
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 00 00
> 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 08 00 00 00 00 00 00
> 03 34 22 00 01 fc
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 01 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 0e 02 00 00 2c
> Apr 25 10:14:38 R4 pluto[25049]: | 02 01 00 04 03 00 00 0c 01 00
> 00 0c 80 0e 00 80
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00
> 00 28 03 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00
> 00 08 04 00 00 0e
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 04 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00
> 00 2c 05 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 0c 01 00 00 0c 80 0e
> 00 80 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 02 03 00 00 08 02 00
> 00 02 00 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 04 00 00 05 02 00 00 2c 06 01
> 00 04 03 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 01 00 00 0c 80 0e 00 80 03 00
> 00 08 03 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00
> 00 08 04 00 00 05
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 07 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 02 03 00
> 00 08 02 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 05 02 00
> 00 28 08 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00
> 00 08 04 00 00 05
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 09 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 02 02 00 00 2c
> Apr 25 10:14:38 R4 pluto[25049]: | 0a 01 00 04 03 00 00 0c 01 00
> 00 0c 80 0e 00 80
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 02 00
> 00 28 0b 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00
> 00 08 04 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 28 0c 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 28 00
> 01 08 00 0e 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8
> 3d c7 9c e5 43 53
> Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b
> c0 c9 c6 d2 a2 aa
> Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc
> d3 fb 76 c3 e1 c5
> Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05
> 7b aa 98 14 e6 1d
> Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77
> ab 12 cf 71 3b fb
> Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28
> fb 76 be 1f 7e 8b
> Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a
> 90 f6 7a f7 42 d6
> Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30
> e6 e2 9f 0a bb cd
> Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43
> 66 54 da 85 7c 9b
> Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2
> 7a 1d 7d ed 05 69
> Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30
> 1c 7c 35 d9 79 1e
> Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37
> 4a 31 87 8d 0f 39
> Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef
> 8d 5f f0 f9 69 c6
> Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da
> f1 e9 15 09 dc 8a
> Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c
> 94 01 00 3d 54 ce
> Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e
> fd 95 59 d5 17 ee
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 14 1e 3c 63 b2 30 74
> f3 9e d8 b3 c2 ec
> Apr 25 10:14:38 R4 pluto[25049]: | b0 01 81 87
> Apr 25 10:14:38 R4 pluto[25049]: | **parse ISAKMP Message:
> Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
> Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | length: 820
> Apr 25 10:14:38 R4 pluto[25049]: | processing version=2.0 packet
> with exchange type=ISAKMP_v2_SA_INIT (34)
> Apr 25 10:14:38 R4 pluto[25049]: | I am IKE SA Responder
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
> Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
> Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2SA)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Security
> Association Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 508
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2SA (len=508)
> Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2KE)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Key Exchange Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
> ISAKMP_NEXT_v2Ni
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 264
> Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2KE (len=264)
> Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2Ni)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Nonce Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 20
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2Ni (len=20)
> Apr 25 10:14:38 R4 pluto[25049]: | Finished and now at the end of
> ikev2_process_payload
> Apr 25 10:14:38 R4 pluto[25049]: | Finished processing
> ikev2_process_payloads
> Apr 25 10:14:38 R4 pluto[25049]: | Now lets proceed with state
> specific processing
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 called from
> ikev2parent_inI1outR1, me=192.168.32.4:500 him=192.168.32.9:500
> policy=IKEv2ALLOW
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair: comparing to
> 192.168.32.4:500 192.168.32.9:500
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair_conn
> (find_host_connection2): 192.168.32.4:500 192.168.32.9:500 ->
> hp:net32
> Apr 25 10:14:38 R4 pluto[25049]: | searching for connection with
> policy = IKEv2ALLOW
> Apr 25 10:14:38 R4 pluto[25049]: | found policy =
> PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+IKEv2Init+SAREFTRACK+IKE_FRAG (net32)
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 returns net32
> Apr 25 10:14:38 R4 pluto[25049]: | found connection: net32
> Apr 25 10:14:38 R4 pluto[25049]: | creating state object #1 at 0x20fa8688
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
> Apr 25 10:14:38 R4 pluto[25049]: | inserting state object #1
> Apr 25 10:14:38 R4 pluto[25049]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #1
> Apr 25 10:14:38 R4 pluto[25049]: | event added at head of queue
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
> Apr 25 10:14:38 R4 pluto[25049]: | will not send/process a dcookie
> Apr 25 10:14:38 R4 pluto[25049]: | helper -1 doing build_kenonce op id: 0
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of Prime:
> Apr 25 10:14:38 R4 pluto[25049]: | ff ff ff ff ff ff ff ff c9 0f
> da a2 21 68 c2 34
> Apr 25 10:14:38 R4 pluto[25049]: | c4 c6 62 8b 80 dc 1c d1 29 02
> 4e 08 8a 67 cc 74
> Apr 25 10:14:38 R4 pluto[25049]: | 02 0b be a6 3b 13 9b 22 51 4a
> 08 79 8e 34 04 dd
> Apr 25 10:14:38 R4 pluto[25049]: | ef 95 19 b3 cd 3a 43 1b 30 2b
> 0a 6d f2 5f 14 37
> Apr 25 10:14:38 R4 pluto[25049]: | 4f e1 35 6d 6d 51 c2 45 e4 85
> b5 76 62 5e 7e c6
> Apr 25 10:14:38 R4 pluto[25049]: | f4 4c 42 e9 a6 37 ed 6b 0b ff
> 5c b6 f4 06 b7 ed
> Apr 25 10:14:38 R4 pluto[25049]: | ee 38 6b fb 5a 89 9f a5 ae 9f
> 24 11 7c 4b 1f e6
> Apr 25 10:14:38 R4 pluto[25049]: | 49 28 66 51 ec e4 5b 3d c2 00
> 7c b8 a1 63 bf 05
> Apr 25 10:14:38 R4 pluto[25049]: | 98 da 48 36 1c 55 d3 9a 69 16
> 3f a8 fd 24 cf 5f
> Apr 25 10:14:38 R4 pluto[25049]: | 83 65 5d 23 dc a3 ad 96 1c 62
> f3 56 20 85 52 bb
> Apr 25 10:14:38 R4 pluto[25049]: | 9e d5 29 07 70 96 96 6d 67 0c
> 35 4e 4a bc 98 04
> Apr 25 10:14:38 R4 pluto[25049]: | f1 74 6c 08 ca 18 21 7c 32 90
> 5e 46 2e 36 ce 3b
> Apr 25 10:14:38 R4 pluto[25049]: | e3 9e 77 2c 18 0e 86 03 9b 27
> 83 a2 ec 07 a2 8f
> Apr 25 10:14:38 R4 pluto[25049]: | b5 c5 5d f0 6f 4c 52 c9 de 2b
> cb f6 95 58 17 18
> Apr 25 10:14:38 R4 pluto[25049]: | 39 95 49 7c ea 95 6a e5 15 d2
> 26 18 98 fa 05 10
> Apr 25 10:14:38 R4 pluto[25049]: | 15 72 8e 5a 8a ac aa 68 ff ff
> ff ff ff ff ff ff
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of base:
> Apr 25 10:14:38 R4 pluto[25049]: | 02
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: generated dh priv and pub keys: 256
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH secret (pointer):
> Apr 25 10:14:38 R4 pluto[25049]: | 20 fa cc 60
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Public DH value
> sent(computed in NSS):
> Apr 25 10:14:38 R4 pluto[25049]: | 4d 26 44 7e 77 d8 17 f5 f5 b3
> ef f2 5b 14 67 35
> Apr 25 10:14:38 R4 pluto[25049]: | fa c7 66 7e 62 d0 01 34 f2 c2
> 79 b0 e6 f3 fe 8b
> Apr 25 10:14:38 R4 pluto[25049]: | db 99 5a b9 0a fb 9a 08 bf 3c
> 94 42 4c 15 8e 23
> Apr 25 10:14:38 R4 pluto[25049]: | b1 ee 3c ff ca ad 05 01 00 b5
> 3d 1a 21 5f 4e b8
> Apr 25 10:14:38 R4 pluto[25049]: | 95 ba c4 a3 48 8f 43 c7 d4 6a
> 77 03 93 0d 33 96
> Apr 25 10:14:38 R4 pluto[25049]: | f1 e0 d5 57 e8 e4 08 7b 80 36
> 5c e1 33 83 e7 d4
> Apr 25 10:14:38 R4 pluto[25049]: | 2d 91 30 c6 0f c3 f2 19 e6 a8
> 79 ef 4e be 05 30
> Apr 25 10:14:38 R4 pluto[25049]: | de dd df 02 5f c9 cd 40 75 16
> 29 91 08 55 29 4d
> Apr 25 10:14:38 R4 pluto[25049]: | 88 eb 42 a0 f9 b2 cb ed 0e 4b
> 8a 74 6d ca 7c 89
> Apr 25 10:14:38 R4 pluto[25049]: | de eb 3c 1e cc f6 f8 58 c8 27
> b5 44 a1 21 2c 87
> Apr 25 10:14:38 R4 pluto[25049]: | 74 bc 85 e0 c8 50 c8 a0 67 10
> bc 72 e2 16 e2 c9
> Apr 25 10:14:38 R4 pluto[25049]: | 4e 81 87 ce 89 6d 70 bb f1 4d
> 14 b9 70 9a 85 70
> Apr 25 10:14:38 R4 pluto[25049]: | d9 45 ca f3 25 d9 ac ed 0f fd
> 33 cb 23 ed 82 0b
> Apr 25 10:14:38 R4 pluto[25049]: | 17 0d fc ea c8 c5 1e 30 07 59
> d5 be eb ab 2a 39
> Apr 25 10:14:38 R4 pluto[25049]: | 9d 36 15 cb e4 0d 48 39 5e 2e
> 46 f9 5f 10 0f 57
> Apr 25 10:14:38 R4 pluto[25049]: | 12 e6 e4 1f 23 e4 d8 2f 12 c8
> 29 98 d6 99 62 75
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH public value (pointer):
> Apr 25 10:14:38 R4 pluto[25049]: | 20 fa c4 58
> Apr 25 10:14:38 R4 pluto[25049]: | Generated nonce:
> Apr 25 10:14:38 R4 pluto[25049]: | 96 c8 96 22 3d 1d 9e 99 3e 7c
> e6 c9 12 e8 3e f7
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 parent inI1outR1:
> calculated ke+nonce, sending R1
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
> Apr 25 10:14:38 R4 pluto[25049]: | **emit ISAKMP Message:
> Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
> Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
> Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Security
> Association Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | no IKE algorithms for this connection
> Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 44
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 12
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
> Apr 25 10:14:38 R4 pluto[25049]: | ******parse IKEv2 Attribute
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
> Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
> Apr 25 10:14:38 R4 pluto[25049]: | ipprotoid is '1'
> Apr 25 10:14:38 R4 pluto[25049]: | proposal 1 succeeded encr=
> (policy:AES_CBC vs offered:AES_CBC)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded
> integ=(policy:AUTH_HMAC_SHA1_96 vs offered:AUTH_HMAC_SHA1_96)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded prf=
> (policy:PRF_HMAC_SHA1 vs offered:PRF_HMAC_SHA1)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded dh=
> (policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)
> Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 44
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 2
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | ****emit IKEv2 Proposal
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
> Apr 25 10:14:38 R4 pluto[25049]: | ******emit IKEv2 Attribute
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
> Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
> Apr 25 10:14:38 R4 pluto[25049]: | [128 is 128??]
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2
> Transform Substructure Payload: 12
> Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2
> Transform Substructure Payload: 8
> Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2
> Transform Substructure Payload: 8
> Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2
> Transform Substructure Payload: 8
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Proposal
> Substructure Payload: 44
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Security
> Association Payload: 48
> Apr 25 10:14:38 R4 pluto[25049]: | DH public value received:
> Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8
> 3d c7 9c e5 43 53
> Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b
> c0 c9 c6 d2 a2 aa
> Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc
> d3 fb 76 c3 e1 c5
> Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05
> 7b aa 98 14 e6 1d
> Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77
> ab 12 cf 71 3b fb
> Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28
> fb 76 be 1f 7e 8b
> Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a
> 90 f6 7a f7 42 d6
> Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30
> e6 e2 9f 0a bb cd
> Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43
> 66 54 da 85 7c 9b
> Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2
> 7a 1d 7d ed 05 69
> Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30
> 1c 7c 35 d9 79 1e
> Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37
> 4a 31 87 8d 0f 39
> Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef
> 8d 5f f0 f9 69 c6
> Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da
> f1 e9 15 09 dc 8a
> Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c
> 94 01 00 3d 54 ce
> Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e
> fd 95 59 d5 17 ee
> Apr 25 10:14:38 R4 pluto[25049]: | saving DH priv (local secret) and
> pub key into state struc
> Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Key Exchange Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
> ISAKMP_NEXT_v2Ni
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
> Apr 25 10:14:38 R4 pluto[25049]: | emitting 256 raw bytes of ikev2
> g^x into IKEv2 Key Exchange Payload
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4d 26 44 7e 77 d8 17
> f5 f5 b3 ef f2 5b 14 67 35
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x fa c7 66 7e 62 d0 01
> 34 f2 c2 79 b0 e6 f3 fe 8b
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x db 99 5a b9 0a fb 9a
> 08 bf 3c 94 42 4c 15 8e 23
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x b1 ee 3c ff ca ad 05
> 01 00 b5 3d 1a 21 5f 4e b8
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 95 ba c4 a3 48 8f 43
> c7 d4 6a 77 03 93 0d 33 96
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x f1 e0 d5 57 e8 e4 08
> 7b 80 36 5c e1 33 83 e7 d4
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 2d 91 30 c6 0f c3 f2
> 19 e6 a8 79 ef 4e be 05 30
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de dd df 02 5f c9 cd
> 40 75 16 29 91 08 55 29 4d
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 88 eb 42 a0 f9 b2 cb
> ed 0e 4b 8a 74 6d ca 7c 89
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de eb 3c 1e cc f6 f8
> 58 c8 27 b5 44 a1 21 2c 87
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 74 bc 85 e0 c8 50 c8
> a0 67 10 bc 72 e2 16 e2 c9
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4e 81 87 ce 89 6d 70
> bb f1 4d 14 b9 70 9a 85 70
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x d9 45 ca f3 25 d9 ac
> ed 0f fd 33 cb 23 ed 82 0b
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 17 0d fc ea c8 c5 1e
> 30 07 59 d5 be eb ab 2a 39
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 9d 36 15 cb e4 0d 48
> 39 5e 2e 46 f9 5f 10 0f 57
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 12 e6 e4 1f 23 e4 d8
> 2f 12 c8 29 98 d6 99 62 75
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Key
> Exchange Payload: 264
> Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Nonce Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | emitting 16 raw bytes of IKEv2
> nonce into IKEv2 Nonce Payload
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 nonce 96 c8 96 22 3d 1d
> 9e 99 3e 7c e6 c9 12 e8 3e f7
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Nonce
> Payload: 20
> Apr 25 10:14:38 R4 pluto[25049]: | no IKE message padding required
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of ISAKMP Message: 360
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with STF_OK
> Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: transition from state
> STATE_IKEv2_START to state STATE_PARENT_R1
> Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: STATE_PARENT_R1:
> received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96
> prf=oakley_sha group=modp2048}
> Apr 25 10:14:38 R4 pluto[25049]: | sending reply packet to
> 192.168.32.9:500 (from port 500)
> Apr 25 10:14:38 R4 pluto[25049]: | sending 360 bytes for
> STATE_IKEv2_START through switch.0012:500 to 192.168.32.9:500 (using
> #1)
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 20 00 00 00 00 00 00
> 01 68 22 00 00 30
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 2c 01 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 0e 28 00 01 08
> Apr 25 10:14:38 R4 pluto[25049]: | 00 0e 00 00 4d 26 44 7e 77 d8
> 17 f5 f5 b3 ef f2
> Apr 25 10:14:38 R4 pluto[25049]: | 5b 14 67 35 fa c7 66 7e 62 d0
> 01 34 f2 c2 79 b0
> Apr 25 10:14:38 R4 pluto[25049]: | e6 f3 fe 8b db 99 5a b9 0a fb
> 9a 08 bf 3c 94 42
> Apr 25 10:14:38 R4 pluto[25049]: | 4c 15 8e 23 b1 ee 3c ff ca ad
> 05 01 00 b5 3d 1a
> Apr 25 10:14:38 R4 pluto[25049]: | 21 5f 4e b8 95 ba c4 a3 48 8f
> 43 c7 d4 6a 77 03
> Apr 25 10:14:38 R4 pluto[25049]: | 93 0d 33 96 f1 e0 d5 57 e8 e4
> 08 7b 80 36 5c e1
> Apr 25 10:14:38 R4 pluto[25049]: | 33 83 e7 d4 2d 91 30 c6 0f c3
> f2 19 e6 a8 79 ef
> Apr 25 10:14:38 R4 pluto[25049]: | 4e be 05 30 de dd df 02 5f c9
> cd 40 75 16 29 91
> Apr 25 10:14:38 R4 pluto[25049]: | 08 55 29 4d 88 eb 42 a0 f9 b2
> cb ed 0e 4b 8a 74
> Apr 25 10:14:38 R4 pluto[25049]: | 6d ca 7c 89 de eb 3c 1e cc f6
> f8 58 c8 27 b5 44
> Apr 25 10:14:38 R4 pluto[25049]: | a1 21 2c 87 74 bc 85 e0 c8 50
> c8 a0 67 10 bc 72
> Apr 25 10:14:38 R4 pluto[25049]: | e2 16 e2 c9 4e 81 87 ce 89 6d
> 70 bb f1 4d 14 b9
> Apr 25 10:14:38 R4 pluto[25049]: | 70 9a 85 70 d9 45 ca f3 25 d9
> ac ed 0f fd 33 cb
> Apr 25 10:14:38 R4 pluto[25049]: | 23 ed 82 0b 17 0d fc ea c8 c5
> 1e 30 07 59 d5 be
> Apr 25 10:14:38 R4 pluto[25049]: | eb ab 2a 39 9d 36 15 cb e4 0d
> 48 39 5e 2e 46 f9
> Apr 25 10:14:38 R4 pluto[25049]: | 5f 10 0f 57 12 e6 e4 1f 23 e4
> d8 2f 12 c8 29 98
> Apr 25 10:14:38 R4 pluto[25049]: | d6 99 62 75 00 00 00 14 96 c8
> 96 22 3d 1d 9e 99
> Apr 25 10:14:38 R4 pluto[25049]: | 3e 7c e6 c9 12 e8 3e f7
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
> STF_INLINE
> Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers
> Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_SO_DISCARD in 0
> seconds for #1
> Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
> Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD
> Apr 25 10:14:38 R4 pluto[25049]: | event after this is
> EVENT_PENDING_DDNS in 41 seconds
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
> Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
> Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
> Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
> Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 41 seconds
> Apr 25 10:14:39 R4 pluto[25049]: |
> Apr 25 10:14:39 R4 pluto[25049]: | *received 316 bytes from
> 192.168.32.9:500 on switch.0012 (port=500)
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | 2e 20 23 08 00 00 00 01 00 00
> 01 3c 23 00 01 20
> Apr 25 10:14:39 R4 pluto[25049]: | f3 53 aa ba ee 28 bc f3 28 fc
> 37 52 53 8c 64 40
> Apr 25 10:14:39 R4 pluto[25049]: | 8e 74 39 49 53 83 30 ec 77 43
> cd 05 79 ef a0 07
> Apr 25 10:14:39 R4 pluto[25049]: | 14 64 ef 3b 08 e8 a1 f2 58 1a
> 44 6a de c9 10 b1
> Apr 25 10:14:39 R4 pluto[25049]: | e7 e3 08 42 4e 90 cf f0 84 75
> b3 2b a2 0c 74 37
> Apr 25 10:14:39 R4 pluto[25049]: | 1e b9 4f 65 b7 06 4d 36 13 f0
> bf f6 41 2a a1 e8
> Apr 25 10:14:39 R4 pluto[25049]: | bf 8d 0f 0c 9c a9 16 10 3a 63
> 34 f8 e4 09 52 8f
> Apr 25 10:14:39 R4 pluto[25049]: | 35 f9 d0 2c d0 60 1f 37 40 16
> 8d 62 b0 d9 f4 a1
> Apr 25 10:14:39 R4 pluto[25049]: | a3 f0 ba 7f f4 a1 8b 4c 2b 20
> 46 be de 61 55 51
> Apr 25 10:14:39 R4 pluto[25049]: | 53 05 9f e3 7b 37 f6 15 df a8
> 55 32 04 ba 32 33
> Apr 25 10:14:39 R4 pluto[25049]: | d5 57 19 7a b3 cd 99 20 71 6d
> 85 9d 77 13 91 82
> Apr 25 10:14:39 R4 pluto[25049]: | 9b 77 e0 04 21 24 a7 a9 84 b4
> 26 54 da b2 e2 8d
> Apr 25 10:14:39 R4 pluto[25049]: | 7f 39 1f 50 0b 6d a7 4d c1 21
> 03 30 36 8b 5e ca
> Apr 25 10:14:39 R4 pluto[25049]: | 9b a2 ec 31 69 47 33 fe ee 60
> 57 7e 5f 93 a1 31
> Apr 25 10:14:39 R4 pluto[25049]: | 2a de 2a 37 56 e2 59 3e f7 d5
> 32 41 f3 1d 91 e8
> Apr 25 10:14:39 R4 pluto[25049]: | 5c f1 5a 25 b3 cf e1 aa cd db
> 8f 03 42 2b fc b7
> Apr 25 10:14:39 R4 pluto[25049]: | d2 31 d1 8e b7 32 d3 b8 05 b2
> ae 87 dc 1c 5b a2
> Apr 25 10:14:39 R4 pluto[25049]: | 53 d6 6b 86 1c 98 3a 1c 0c b3
> 1b ba 1a 9a ef 59
> Apr 25 10:14:39 R4 pluto[25049]: | 84 84 a9 98 86 df 4f 5c 8f ad 19 ec
> Apr 25 10:14:39 R4 pluto[25049]: | **parse ISAKMP Message:
> Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2E
> Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_AUTH
> Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
> Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 01
> Apr 25 10:14:39 R4 pluto[25049]: | length: 316
> Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet
> with exchange type=ISAKMP_v2_AUTH (35)
> Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
> Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
> Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
> Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
> Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF
> Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500:
> sending notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500
> Apr 25 10:14:39 R4 pluto[25049]: | **emit ISAKMP Message:
> Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2N
> Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
> Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:39 R4 pluto[25049]: | Adding a v2N Payload
> Apr 25 10:14:39 R4 pluto[25049]: | ***emit IKEv2 Notify Payload:
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:39 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:39 R4 pluto[25049]: | Protocol ID: PROTO_ISAKMP
> Apr 25 10:14:39 R4 pluto[25049]: | SPI size: 0
> Apr 25 10:14:39 R4 pluto[25049]: | Notify Message Type:
> v2N_INVALID_MESSAGE_ID
> Apr 25 10:14:39 R4 pluto[25049]: | emitting length of IKEv2 Notify
> Payload: 8
> Apr 25 10:14:39 R4 pluto[25049]: | no IKE message padding required
> Apr 25 10:14:39 R4 pluto[25049]: | emitting length of ISAKMP Message: 36
> Apr 25 10:14:39 R4 pluto[25049]: | sending 36 bytes for
> send_v2_notification through switch.0012:500 to 192.168.32.9:500
> (using #0)
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | 29 20 22 20 00 00 00 00 00 00
> 00 24 00 00 00 08
> Apr 25 10:14:39 R4 pluto[25049]: | 01 00 00 09
> Apr 25 10:14:39 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers
> Apr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 40 seconds
> Apr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 40 seconds
>
> --
> Jeff Chen
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
More information about the Swan-dev
mailing list