[Swan-dev] problem with ikev2 for libreswan version 3.8
CHEN, JIANFU (NAM RC-CA)
jeff.chen at siemens.com
Fri Apr 25 18:43:52 EEST 2014
Thanks, I found when I remove the nhelpers=0 line, it works
-----Original Message-----
From: Antony Antony [mailto:antony at phenome.org]
Sent: Friday, April 25, 2014 11:35 AM
To: jeffchen
Cc: swan-dev at lists.libreswan.org
Subject: Re: [Swan-dev] problem with ikev2 for libreswan version 3.8
Hi Jeff,
could you try without this line on both side.
nhelpers=0
leaving it out is better or change to non zero, say 1.
nhelpers=1
regards,
-antony
On Fri, Apr 25, 2014 at 10:47:40AM -0400, jeffchen wrote:
> Hi,
>
> I am trying to use ikev2 for libreswan (version 3.8). I have some
> problem (same problem happen for libreswan version 3.7) to connect the
> ipsec tunnel between two libreswan endpoint using ikev2. I also tried
> to use ikev2=insist, it has the same problem.
> If I use ikev1, the tunnel is established successfully with the same
> configuration.
>
> My setup is quite simple, the two libreswan endpoint are back to back
> connected. And I use preshared key to establish the tunnel.
>
> Below is my configuration:
> config setup
> # NAT-TRAVERSAL support, see README.NAT-Traversal
> nat_traversal=no
> nhelpers=0
> oe=off
> protostack=netkey
>
> # Add connections here
>
> # sample VPN connections, see /etc/ipsec.d/examples/
>
> conn net32
> connaddrfamily=ipv4
> authby=secret
> auto=add
> ikev2=propose
> phase2=esp
> left=192.168.32.4
> leftsubnet=192.168.13.0/24
> leftupdown="ipsec _updown --route yes"
> pfs=no
> right=192.168.32.9
> rightsubnet=192.168.41.0/24
> rightupdown="ipsec _updown --route yes"
> type=tunnel
>
> Basically the problem is that during the ikev2 negotiation, it can not
> find the v2 state object for ICOOKIE and RCOOKIE pair, and it sends
> v2N_INVALID_MESSAGE_ID message to the peer. The error message looks
> like this:
>
> Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet with
> exchange type=ISAKMP_v2_AUTH (35) Apr 25 10:14:39 R4 pluto[25049]: | I
> am IKE SA Responder Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c
> 4d a9 d2 2c bb 89 Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1
> 3d ad 75 3a 79 c9 Apr 25 10:14:39 R4 pluto[25049]: | state hash entry
> 11 Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found Apr 25
> 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89 Apr 25
> 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00 Apr 25
> 10:14:39 R4 pluto[25049]: | state hash entry 28 Apr 25 10:14:39 R4
> pluto[25049]: | v2 state object not found Apr 25 10:14:39 R4
> pluto[25049]: | ended up with STATE_IKEv2_ROOF Apr 25 10:14:39 R4
> pluto[25049]: packet from 192.168.32.9:500:
> sending notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500
>
> And I found the problem is actually caused by a deletion of state just
> before the above messages:
>
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
> STF_INLINE Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages
> from cryptographic helpers Apr 25 10:14:38 R4 pluto[25049]: | next
> event EVENT_SO_DISCARD in 0 seconds for #1 Apr 25 10:14:38 R4
> pluto[25049]: | *time to handle event Apr 25 10:14:38 R4 pluto[25049]:
> | handling event EVENT_SO_DISCARD Apr 25 10:14:38 R4 pluto[25049]: |
> event after this is EVENT_PENDING_DDNS in 41 seconds Apr 25 10:14:38
> R4 pluto[25049]: | processing connection net32 Apr 25 10:14:38 R4
> pluto[25049]: | deleting state #1 Apr 25 10:14:38 R4 pluto[25049]: |
> deleting event for #1 Apr 25 10:14:38 R4 pluto[25049]: | no suspended
> cryptographic state for 1 Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:
> 44 4c 4d a9 d2 2c bb 89 Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:
> 57 c1 3d ad 75 3a 79 c9 Apr 25 10:14:38 R4 pluto[25049]: | state hash
> entry 11 Apr 25 10:14:38 R4 pluto[25049]: | next event
> EVENT_PENDING_DDNS in
> 41 seconds
>
> Looked at the source code, found in programs/pluto/state.c, function
> insert_state, it has this piece of code:
> if (st->st_event == NULL)
> event_schedule(EVENT_SO_DISCARD, 0, st); It deletes the state
> and cause the state can not be found for the ICOOKIE and RCOOKIE pair.
> If I comment this piece of code, the tunnel is established
> successfully.
>
> Does anyone know what cause this problem? Maybe my configuration has
> something wrong?
>
> Thanks
>
> Jeff Chen
>
> Below is the whole log message during the tunnel establishment:
>
> Apr 25 10:14:31 R4 pluto[25049]: | base debugging =
> raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmo
> re+pfkey+nattraversal+x509+dpd+oppoinfo
> Apr 25 10:14:31 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers Apr 25 10:14:31 R4 pluto[25049]: | next event
> EVENT_PENDING_DDNS in
> 48 seconds
> Apr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 48 seconds
> Apr 25 10:14:38 R4 pluto[25049]: |
> Apr 25 10:14:38 R4 pluto[25049]: | *received 820 bytes from
> 192.168.32.9:500 on switch.0012 (port=500)
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 00 00
> 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 08 00 00 00 00 00 00
> 03 34 22 00 01 fc
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 01 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 0e 02 00 00 2c
> Apr 25 10:14:38 R4 pluto[25049]: | 02 01 00 04 03 00 00 0c 01 00
> 00 0c 80 0e 00 80
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00
> 00 28 03 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00
> 00 08 04 00 00 0e
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 04 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00
> 00 2c 05 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 0c 01 00 00 0c 80 0e
> 00 80 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 02 03 00 00 08 02 00
> 00 02 00 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 04 00 00 05 02 00 00 2c 06 01
> 00 04 03 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 01 00 00 0c 80 0e 00 80 03 00
> 00 08 03 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00
> 00 08 04 00 00 05
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 07 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 02 03 00
> 00 08 02 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 05 02 00
> 00 28 08 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00
> 00 08 04 00 00 05
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 09 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 02 02 00 00 2c
> Apr 25 10:14:38 R4 pluto[25049]: | 0a 01 00 04 03 00 00 0c 01 00
> 00 0c 80 0e 00 80
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 02 00
> 00 28 0b 01 00 04
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00
> 00 08 03 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00
> 00 08 04 00 00 02
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 28 0c 01 00 04 03 00
> 00 08 01 00 00 03
> Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00
> 00 08 02 00 00 01
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 28 00
> 01 08 00 0e 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8
> 3d c7 9c e5 43 53
> Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b
> c0 c9 c6 d2 a2 aa
> Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc
> d3 fb 76 c3 e1 c5
> Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05
> 7b aa 98 14 e6 1d
> Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77
> ab 12 cf 71 3b fb
> Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28
> fb 76 be 1f 7e 8b
> Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a
> 90 f6 7a f7 42 d6
> Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30
> e6 e2 9f 0a bb cd
> Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43
> 66 54 da 85 7c 9b
> Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2
> 7a 1d 7d ed 05 69
> Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30
> 1c 7c 35 d9 79 1e
> Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37
> 4a 31 87 8d 0f 39
> Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef
> 8d 5f f0 f9 69 c6
> Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da
> f1 e9 15 09 dc 8a
> Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c
> 94 01 00 3d 54 ce
> Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e
> fd 95 59 d5 17 ee
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 14 1e 3c 63 b2 30 74
> f3 9e d8 b3 c2 ec
> Apr 25 10:14:38 R4 pluto[25049]: | b0 01 81 87
> Apr 25 10:14:38 R4 pluto[25049]: | **parse ISAKMP Message:
> Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
> Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | length: 820
> Apr 25 10:14:38 R4 pluto[25049]: | processing version=2.0 packet with
> exchange type=ISAKMP_v2_SA_INIT (34) Apr 25 10:14:38 R4 pluto[25049]:
> | I am IKE SA Responder Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:
> 44 4c 4d a9 d2 2c bb 89 Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:
> 00 00 00 00 00 00 00 00 Apr 25 10:14:38 R4 pluto[25049]: | state hash
> entry 28 Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
> Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28 Apr 25 10:14:38
> R4 pluto[25049]: | v2 state object not found Apr 25 10:14:38 R4
> pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2SA)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Security Association
> Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 508
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2SA (len=508)
> Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2KE)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Key Exchange Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
> ISAKMP_NEXT_v2Ni
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 264
> Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2KE (len=264)
> Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload
> (ISAKMP_NEXT_v2Ni)
> Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Nonce Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | length: 20
> Apr 25 10:14:38 R4 pluto[25049]: | processing payload:
> ISAKMP_NEXT_v2Ni (len=20)
> Apr 25 10:14:38 R4 pluto[25049]: | Finished and now at the end of
> ikev2_process_payload Apr 25 10:14:38 R4 pluto[25049]: | Finished
> processing ikev2_process_payloads Apr 25 10:14:38 R4 pluto[25049]: |
> Now lets proceed with state specific processing Apr 25 10:14:38 R4
> pluto[25049]: | find_host_connection2 called from
> ikev2parent_inI1outR1, me=192.168.32.4:500 him=192.168.32.9:500
> policy=IKEv2ALLOW Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair:
> comparing to
> 192.168.32.4:500 192.168.32.9:500
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair_conn
> (find_host_connection2): 192.168.32.4:500 192.168.32.9:500 ->
> hp:net32
> Apr 25 10:14:38 R4 pluto[25049]: | searching for connection with
> policy = IKEv2ALLOW Apr 25 10:14:38 R4 pluto[25049]: | found policy =
> PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+IKEv2Init+SAREFTRACK+IKE_FRAG (net32)
> Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 returns net32
> Apr 25 10:14:38 R4 pluto[25049]: | found connection: net32 Apr 25
> 10:14:38 R4 pluto[25049]: | creating state object #1 at 0x20fa8688 Apr
> 25 10:14:38 R4 pluto[25049]: | processing connection net32 Apr 25
> 10:14:38 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89 Apr 25
> 10:14:38 R4 pluto[25049]: | RCOOKIE: 57 c1 3d ad 75 3a 79 c9 Apr 25
> 10:14:38 R4 pluto[25049]: | state hash entry 11 Apr 25 10:14:38 R4
> pluto[25049]: | inserting state object #1 Apr 25 10:14:38 R4
> pluto[25049]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds
> for #1 Apr 25 10:14:38 R4 pluto[25049]: | event added at head of queue
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32 Apr 25
> 10:14:38 R4 pluto[25049]: | will not send/process a dcookie Apr 25
> 10:14:38 R4 pluto[25049]: | helper -1 doing build_kenonce op id: 0 Apr
> 25 10:14:38 R4 pluto[25049]: | NSS: Value of Prime:
> Apr 25 10:14:38 R4 pluto[25049]: | ff ff ff ff ff ff ff ff c9 0f
> da a2 21 68 c2 34
> Apr 25 10:14:38 R4 pluto[25049]: | c4 c6 62 8b 80 dc 1c d1 29 02
> 4e 08 8a 67 cc 74
> Apr 25 10:14:38 R4 pluto[25049]: | 02 0b be a6 3b 13 9b 22 51 4a
> 08 79 8e 34 04 dd
> Apr 25 10:14:38 R4 pluto[25049]: | ef 95 19 b3 cd 3a 43 1b 30 2b
> 0a 6d f2 5f 14 37
> Apr 25 10:14:38 R4 pluto[25049]: | 4f e1 35 6d 6d 51 c2 45 e4 85
> b5 76 62 5e 7e c6
> Apr 25 10:14:38 R4 pluto[25049]: | f4 4c 42 e9 a6 37 ed 6b 0b ff
> 5c b6 f4 06 b7 ed
> Apr 25 10:14:38 R4 pluto[25049]: | ee 38 6b fb 5a 89 9f a5 ae 9f
> 24 11 7c 4b 1f e6
> Apr 25 10:14:38 R4 pluto[25049]: | 49 28 66 51 ec e4 5b 3d c2 00
> 7c b8 a1 63 bf 05
> Apr 25 10:14:38 R4 pluto[25049]: | 98 da 48 36 1c 55 d3 9a 69 16
> 3f a8 fd 24 cf 5f
> Apr 25 10:14:38 R4 pluto[25049]: | 83 65 5d 23 dc a3 ad 96 1c 62
> f3 56 20 85 52 bb
> Apr 25 10:14:38 R4 pluto[25049]: | 9e d5 29 07 70 96 96 6d 67 0c
> 35 4e 4a bc 98 04
> Apr 25 10:14:38 R4 pluto[25049]: | f1 74 6c 08 ca 18 21 7c 32 90
> 5e 46 2e 36 ce 3b
> Apr 25 10:14:38 R4 pluto[25049]: | e3 9e 77 2c 18 0e 86 03 9b 27
> 83 a2 ec 07 a2 8f
> Apr 25 10:14:38 R4 pluto[25049]: | b5 c5 5d f0 6f 4c 52 c9 de 2b
> cb f6 95 58 17 18
> Apr 25 10:14:38 R4 pluto[25049]: | 39 95 49 7c ea 95 6a e5 15 d2
> 26 18 98 fa 05 10
> Apr 25 10:14:38 R4 pluto[25049]: | 15 72 8e 5a 8a ac aa 68 ff ff
> ff ff ff ff ff ff
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of base:
> Apr 25 10:14:38 R4 pluto[25049]: | 02
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: generated dh priv and pub
> keys: 256 Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH secret (pointer):
> Apr 25 10:14:38 R4 pluto[25049]: | 20 fa cc 60
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Public DH value sent(computed
> in NSS):
> Apr 25 10:14:38 R4 pluto[25049]: | 4d 26 44 7e 77 d8 17 f5 f5 b3
> ef f2 5b 14 67 35
> Apr 25 10:14:38 R4 pluto[25049]: | fa c7 66 7e 62 d0 01 34 f2 c2
> 79 b0 e6 f3 fe 8b
> Apr 25 10:14:38 R4 pluto[25049]: | db 99 5a b9 0a fb 9a 08 bf 3c
> 94 42 4c 15 8e 23
> Apr 25 10:14:38 R4 pluto[25049]: | b1 ee 3c ff ca ad 05 01 00 b5
> 3d 1a 21 5f 4e b8
> Apr 25 10:14:38 R4 pluto[25049]: | 95 ba c4 a3 48 8f 43 c7 d4 6a
> 77 03 93 0d 33 96
> Apr 25 10:14:38 R4 pluto[25049]: | f1 e0 d5 57 e8 e4 08 7b 80 36
> 5c e1 33 83 e7 d4
> Apr 25 10:14:38 R4 pluto[25049]: | 2d 91 30 c6 0f c3 f2 19 e6 a8
> 79 ef 4e be 05 30
> Apr 25 10:14:38 R4 pluto[25049]: | de dd df 02 5f c9 cd 40 75 16
> 29 91 08 55 29 4d
> Apr 25 10:14:38 R4 pluto[25049]: | 88 eb 42 a0 f9 b2 cb ed 0e 4b
> 8a 74 6d ca 7c 89
> Apr 25 10:14:38 R4 pluto[25049]: | de eb 3c 1e cc f6 f8 58 c8 27
> b5 44 a1 21 2c 87
> Apr 25 10:14:38 R4 pluto[25049]: | 74 bc 85 e0 c8 50 c8 a0 67 10
> bc 72 e2 16 e2 c9
> Apr 25 10:14:38 R4 pluto[25049]: | 4e 81 87 ce 89 6d 70 bb f1 4d
> 14 b9 70 9a 85 70
> Apr 25 10:14:38 R4 pluto[25049]: | d9 45 ca f3 25 d9 ac ed 0f fd
> 33 cb 23 ed 82 0b
> Apr 25 10:14:38 R4 pluto[25049]: | 17 0d fc ea c8 c5 1e 30 07 59
> d5 be eb ab 2a 39
> Apr 25 10:14:38 R4 pluto[25049]: | 9d 36 15 cb e4 0d 48 39 5e 2e
> 46 f9 5f 10 0f 57
> Apr 25 10:14:38 R4 pluto[25049]: | 12 e6 e4 1f 23 e4 d8 2f 12 c8
> 29 98 d6 99 62 75
> Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH public value (pointer):
> Apr 25 10:14:38 R4 pluto[25049]: | 20 fa c4 58
> Apr 25 10:14:38 R4 pluto[25049]: | Generated nonce:
> Apr 25 10:14:38 R4 pluto[25049]: | 96 c8 96 22 3d 1d 9e 99 3e 7c
> e6 c9 12 e8 3e f7
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 parent inI1outR1:
> calculated ke+nonce, sending R1
> Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32 Apr 25
> 10:14:38 R4 pluto[25049]: | **emit ISAKMP Message:
> Apr 25 10:14:38 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:38 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:38 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2SA
> Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:38 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:38 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
> Apr 25 10:14:38 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Security Association
> Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2KE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | no IKE algorithms for this
> connection Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 44
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 12
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
> Apr 25 10:14:38 R4 pluto[25049]: | ******parse IKEv2 Attribute
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
> Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 8
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
> Apr 25 10:14:38 R4 pluto[25049]: | ipprotoid is '1'
> Apr 25 10:14:38 R4 pluto[25049]: | proposal 1 succeeded encr=
> (policy:AES_CBC vs offered:AES_CBC)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded
> integ=(policy:AUTH_HMAC_SHA1_96 vs offered:AUTH_HMAC_SHA1_96)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded prf=
> (policy:PRF_HMAC_SHA1 vs offered:PRF_HMAC_SHA1)
> Apr 25 10:14:38 R4 pluto[25049]: | succeeded dh=
> (policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048) Apr 25
> 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal Substructure
> Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | length: 44
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 2
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | ****emit IKEv2 Proposal
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last proposal: v2_PROPOSAL_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | prop #: 1
> Apr 25 10:14:38 R4 pluto[25049]: | proto ID: IKEv2_SEC_PROTO_IKE
> Apr 25 10:14:38 R4 pluto[25049]: | spi size: 0
> Apr 25 10:14:38 R4 pluto[25049]: | # transforms: 4
> Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 Transform
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_ENCR
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 12
> Apr 25 10:14:38 R4 pluto[25049]: | ******emit IKEv2 Attribute
> Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | af+type: IKEv2_KEY_LENGTH
> Apr 25 10:14:38 R4 pluto[25049]: | length/value: 128
> Apr 25 10:14:38 R4 pluto[25049]: | [128 is 128??]
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
> Substructure Payload: 12 Apr 25 10:14:38 R4 pluto[25049]: | *****emit
> IKEv2 Transform Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_INTEG
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
> Substructure Payload: 8 Apr 25 10:14:38 R4 pluto[25049]: | *****emit
> IKEv2 Transform Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_NON_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_PRF
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 2
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
> Substructure Payload: 8 Apr 25 10:14:38 R4 pluto[25049]: | *****emit
> IKEv2 Transform Substructure Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | last transform: v2_TRANSFORM_LAST
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform type: TRANS_TYPE_DH
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 transform ID: 14
> Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Transform
> Substructure Payload: 8 Apr 25 10:14:38 R4 pluto[25049]: | emitting
> length of IKEv2 Proposal Substructure Payload: 44 Apr 25 10:14:38 R4
> pluto[25049]: | emitting length of IKEv2 Security Association Payload:
> 48 Apr 25 10:14:38 R4 pluto[25049]: | DH public value received:
> Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8
> 3d c7 9c e5 43 53
> Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b
> c0 c9 c6 d2 a2 aa
> Apr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc
> d3 fb 76 c3 e1 c5
> Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05
> 7b aa 98 14 e6 1d
> Apr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77
> ab 12 cf 71 3b fb
> Apr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28
> fb 76 be 1f 7e 8b
> Apr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a
> 90 f6 7a f7 42 d6
> Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30
> e6 e2 9f 0a bb cd
> Apr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43
> 66 54 da 85 7c 9b
> Apr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2
> 7a 1d 7d ed 05 69
> Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30
> 1c 7c 35 d9 79 1e
> Apr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37
> 4a 31 87 8d 0f 39
> Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef
> 8d 5f f0 f9 69 c6
> Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da
> f1 e9 15 09 dc 8a
> Apr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c
> 94 01 00 3d 54 ce
> Apr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e
> fd 95 59 d5 17 ee
> Apr 25 10:14:38 R4 pluto[25049]: | saving DH priv (local secret) and
> pub key into state struc Apr 25 10:14:38 R4 pluto[25049]: | ***emit
> IKEv2 Key Exchange Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:
> ISAKMP_NEXT_v2Ni
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | DH group: OAKLEY_GROUP_MODP2048
> Apr 25 10:14:38 R4 pluto[25049]: | emitting 256 raw bytes of ikev2 g^x
> into IKEv2 Key Exchange Payload Apr 25 10:14:38 R4 pluto[25049]: |
> ikev2 g^x 4d 26 44 7e 77 d8 17
> f5 f5 b3 ef f2 5b 14 67 35
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x fa c7 66 7e 62 d0 01
> 34 f2 c2 79 b0 e6 f3 fe 8b
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x db 99 5a b9 0a fb 9a
> 08 bf 3c 94 42 4c 15 8e 23
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x b1 ee 3c ff ca ad 05
> 01 00 b5 3d 1a 21 5f 4e b8
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 95 ba c4 a3 48 8f 43
> c7 d4 6a 77 03 93 0d 33 96
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x f1 e0 d5 57 e8 e4 08 7b
> 80 36 5c e1 33 83 e7 d4 Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x
> 2d 91 30 c6 0f c3 f2
> 19 e6 a8 79 ef 4e be 05 30
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de dd df 02 5f c9 cd
> 40 75 16 29 91 08 55 29 4d
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 88 eb 42 a0 f9 b2 cb ed
> 0e 4b 8a 74 6d ca 7c 89 Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x
> de eb 3c 1e cc f6 f8
> 58 c8 27 b5 44 a1 21 2c 87
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 74 bc 85 e0 c8 50 c8
> a0 67 10 bc 72 e2 16 e2 c9
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4e 81 87 ce 89 6d 70 bb
> f1 4d 14 b9 70 9a 85 70 Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x
> d9 45 ca f3 25 d9 ac ed 0f fd 33 cb 23 ed 82 0b Apr 25 10:14:38 R4
> pluto[25049]: | ikev2 g^x 17 0d fc ea c8 c5 1e
> 30 07 59 d5 be eb ab 2a 39
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 9d 36 15 cb e4 0d 48
> 39 5e 2e 46 f9 5f 10 0f 57
> Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 12 e6 e4 1f 23 e4 d8 2f
> 12 c8 29 98 d6 99 62 75 Apr 25 10:14:38 R4 pluto[25049]: | emitting
> length of IKEv2 Key Exchange Payload: 264 Apr 25 10:14:38 R4
> pluto[25049]: | ***emit IKEv2 Nonce Payload:
> Apr 25 10:14:38 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:38 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:38 R4 pluto[25049]: | emitting 16 raw bytes of IKEv2
> nonce into IKEv2 Nonce Payload Apr 25 10:14:38 R4 pluto[25049]: |
> IKEv2 nonce 96 c8 96 22 3d 1d 9e 99 3e 7c e6 c9 12 e8 3e f7 Apr 25
> 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Nonce
> Payload: 20
> Apr 25 10:14:38 R4 pluto[25049]: | no IKE message padding required Apr
> 25 10:14:38 R4 pluto[25049]: | emitting length of ISAKMP Message: 360
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
> STF_OK Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: transition from
> state STATE_IKEv2_START to state STATE_PARENT_R1 Apr 25 10:14:38 R4
> pluto[25049]: "net32" #1: STATE_PARENT_R1:
> received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96
> prf=oakley_sha group=modp2048} Apr 25 10:14:38 R4 pluto[25049]: |
> sending reply packet to
> 192.168.32.9:500 (from port 500)
> Apr 25 10:14:38 R4 pluto[25049]: | sending 360 bytes for
> STATE_IKEv2_START through switch.0012:500 to 192.168.32.9:500 (using
> #1)
> Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 20 00 00 00 00 00 00
> 01 68 22 00 00 30
> Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 2c 01 01 00 04 03 00
> 00 0c 01 00 00 0c
> Apr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00
> 00 02 03 00 00 08
> Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00
> 00 0e 28 00 01 08
> Apr 25 10:14:38 R4 pluto[25049]: | 00 0e 00 00 4d 26 44 7e 77 d8
> 17 f5 f5 b3 ef f2
> Apr 25 10:14:38 R4 pluto[25049]: | 5b 14 67 35 fa c7 66 7e 62 d0
> 01 34 f2 c2 79 b0
> Apr 25 10:14:38 R4 pluto[25049]: | e6 f3 fe 8b db 99 5a b9 0a fb
> 9a 08 bf 3c 94 42
> Apr 25 10:14:38 R4 pluto[25049]: | 4c 15 8e 23 b1 ee 3c ff ca ad
> 05 01 00 b5 3d 1a
> Apr 25 10:14:38 R4 pluto[25049]: | 21 5f 4e b8 95 ba c4 a3 48 8f
> 43 c7 d4 6a 77 03
> Apr 25 10:14:38 R4 pluto[25049]: | 93 0d 33 96 f1 e0 d5 57 e8 e4
> 08 7b 80 36 5c e1
> Apr 25 10:14:38 R4 pluto[25049]: | 33 83 e7 d4 2d 91 30 c6 0f c3
> f2 19 e6 a8 79 ef
> Apr 25 10:14:38 R4 pluto[25049]: | 4e be 05 30 de dd df 02 5f c9
> cd 40 75 16 29 91
> Apr 25 10:14:38 R4 pluto[25049]: | 08 55 29 4d 88 eb 42 a0 f9 b2
> cb ed 0e 4b 8a 74
> Apr 25 10:14:38 R4 pluto[25049]: | 6d ca 7c 89 de eb 3c 1e cc f6
> f8 58 c8 27 b5 44
> Apr 25 10:14:38 R4 pluto[25049]: | a1 21 2c 87 74 bc 85 e0 c8 50
> c8 a0 67 10 bc 72
> Apr 25 10:14:38 R4 pluto[25049]: | e2 16 e2 c9 4e 81 87 ce 89 6d
> 70 bb f1 4d 14 b9
> Apr 25 10:14:38 R4 pluto[25049]: | 70 9a 85 70 d9 45 ca f3 25 d9
> ac ed 0f fd 33 cb
> Apr 25 10:14:38 R4 pluto[25049]: | 23 ed 82 0b 17 0d fc ea c8 c5
> 1e 30 07 59 d5 be
> Apr 25 10:14:38 R4 pluto[25049]: | eb ab 2a 39 9d 36 15 cb e4 0d
> 48 39 5e 2e 46 f9
> Apr 25 10:14:38 R4 pluto[25049]: | 5f 10 0f 57 12 e6 e4 1f 23 e4
> d8 2f 12 c8 29 98
> Apr 25 10:14:38 R4 pluto[25049]: | d6 99 62 75 00 00 00 14 96 c8
> 96 22 3d 1d 9e 99
> Apr 25 10:14:38 R4 pluto[25049]: | 3e 7c e6 c9 12 e8 3e f7
> Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with
> STF_INLINE Apr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages
> from cryptographic helpers Apr 25 10:14:38 R4 pluto[25049]: | next
> event EVENT_SO_DISCARD in 0 seconds for #1 Apr 25 10:14:38 R4
> pluto[25049]: | *time to handle event Apr 25 10:14:38 R4 pluto[25049]:
> | handling event EVENT_SO_DISCARD Apr 25 10:14:38 R4 pluto[25049]: |
> event after this is EVENT_PENDING_DDNS in 41 seconds Apr 25 10:14:38
> R4 pluto[25049]: | processing connection net32 Apr 25 10:14:38 R4
> pluto[25049]: | deleting state #1 Apr 25 10:14:38 R4 pluto[25049]: |
> deleting event for #1 Apr 25 10:14:38 R4 pluto[25049]: | no suspended
> cryptographic state for 1 Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:
> 44 4c 4d a9 d2 2c bb 89 Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:
> 57 c1 3d ad 75 3a 79 c9 Apr 25 10:14:38 R4 pluto[25049]: | state hash
> entry 11 Apr 25 10:14:38 R4 pluto[25049]: | next event
> EVENT_PENDING_DDNS in
> 41 seconds
> Apr 25 10:14:39 R4 pluto[25049]: |
> Apr 25 10:14:39 R4 pluto[25049]: | *received 316 bytes from
> 192.168.32.9:500 on switch.0012 (port=500)
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | 2e 20 23 08 00 00 00 01 00 00
> 01 3c 23 00 01 20
> Apr 25 10:14:39 R4 pluto[25049]: | f3 53 aa ba ee 28 bc f3 28 fc
> 37 52 53 8c 64 40
> Apr 25 10:14:39 R4 pluto[25049]: | 8e 74 39 49 53 83 30 ec 77 43
> cd 05 79 ef a0 07
> Apr 25 10:14:39 R4 pluto[25049]: | 14 64 ef 3b 08 e8 a1 f2 58 1a
> 44 6a de c9 10 b1
> Apr 25 10:14:39 R4 pluto[25049]: | e7 e3 08 42 4e 90 cf f0 84 75
> b3 2b a2 0c 74 37
> Apr 25 10:14:39 R4 pluto[25049]: | 1e b9 4f 65 b7 06 4d 36 13 f0
> bf f6 41 2a a1 e8
> Apr 25 10:14:39 R4 pluto[25049]: | bf 8d 0f 0c 9c a9 16 10 3a 63
> 34 f8 e4 09 52 8f
> Apr 25 10:14:39 R4 pluto[25049]: | 35 f9 d0 2c d0 60 1f 37 40 16
> 8d 62 b0 d9 f4 a1
> Apr 25 10:14:39 R4 pluto[25049]: | a3 f0 ba 7f f4 a1 8b 4c 2b 20
> 46 be de 61 55 51
> Apr 25 10:14:39 R4 pluto[25049]: | 53 05 9f e3 7b 37 f6 15 df a8
> 55 32 04 ba 32 33
> Apr 25 10:14:39 R4 pluto[25049]: | d5 57 19 7a b3 cd 99 20 71 6d
> 85 9d 77 13 91 82
> Apr 25 10:14:39 R4 pluto[25049]: | 9b 77 e0 04 21 24 a7 a9 84 b4
> 26 54 da b2 e2 8d
> Apr 25 10:14:39 R4 pluto[25049]: | 7f 39 1f 50 0b 6d a7 4d c1 21
> 03 30 36 8b 5e ca
> Apr 25 10:14:39 R4 pluto[25049]: | 9b a2 ec 31 69 47 33 fe ee 60
> 57 7e 5f 93 a1 31
> Apr 25 10:14:39 R4 pluto[25049]: | 2a de 2a 37 56 e2 59 3e f7 d5
> 32 41 f3 1d 91 e8
> Apr 25 10:14:39 R4 pluto[25049]: | 5c f1 5a 25 b3 cf e1 aa cd db
> 8f 03 42 2b fc b7
> Apr 25 10:14:39 R4 pluto[25049]: | d2 31 d1 8e b7 32 d3 b8 05 b2
> ae 87 dc 1c 5b a2
> Apr 25 10:14:39 R4 pluto[25049]: | 53 d6 6b 86 1c 98 3a 1c 0c b3
> 1b ba 1a 9a ef 59
> Apr 25 10:14:39 R4 pluto[25049]: | 84 84 a9 98 86 df 4f 5c 8f ad 19 ec
> Apr 25 10:14:39 R4 pluto[25049]: | **parse ISAKMP Message:
> Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2E
> Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_AUTH
> Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_INIT
> Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 01
> Apr 25 10:14:39 R4 pluto[25049]: | length: 316
> Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet with
> exchange type=ISAKMP_v2_AUTH (35) Apr 25 10:14:39 R4 pluto[25049]: | I
> am IKE SA Responder Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c
> 4d a9 d2 2c bb 89 Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE: 57 c1
> 3d ad 75 3a 79 c9 Apr 25 10:14:39 R4 pluto[25049]: | state hash entry
> 11 Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found Apr 25
> 10:14:39 R4 pluto[25049]: | ICOOKIE: 44 4c 4d a9 d2 2c bb 89 Apr 25
> 10:14:39 R4 pluto[25049]: | RCOOKIE: 00 00 00 00 00 00 00 00 Apr 25
> 10:14:39 R4 pluto[25049]: | state hash entry 28 Apr 25 10:14:39 R4
> pluto[25049]: | v2 state object not found Apr 25 10:14:39 R4
> pluto[25049]: | ended up with STATE_IKEv2_ROOF Apr 25 10:14:39 R4
> pluto[25049]: packet from 192.168.32.9:500:
> sending notification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500 Apr
> 25 10:14:39 R4 pluto[25049]: | **emit ISAKMP Message:
> Apr 25 10:14:39 R4 pluto[25049]: | initiator cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89
> Apr 25 10:14:39 R4 pluto[25049]: | responder cookie:
> Apr 25 10:14:39 R4 pluto[25049]: | 57 c1 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2N
> Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version
> 2.0 (rfc4306/rfc5996)
> Apr 25 10:14:39 R4 pluto[25049]: | exchange type: ISAKMP_v2_SA_INIT
> Apr 25 10:14:39 R4 pluto[25049]: | flags: ISAKMP_FLAG_RESPONSE
> Apr 25 10:14:39 R4 pluto[25049]: | message ID: 00 00 00 00
> Apr 25 10:14:39 R4 pluto[25049]: | Adding a v2N Payload Apr 25
> 10:14:39 R4 pluto[25049]: | ***emit IKEv2 Notify Payload:
> Apr 25 10:14:39 R4 pluto[25049]: | next payload type: ISAKMP_NEXT_v2NONE
> Apr 25 10:14:39 R4 pluto[25049]: | critical bit: none
> Apr 25 10:14:39 R4 pluto[25049]: | Protocol ID: PROTO_ISAKMP
> Apr 25 10:14:39 R4 pluto[25049]: | SPI size: 0
> Apr 25 10:14:39 R4 pluto[25049]: | Notify Message Type:
> v2N_INVALID_MESSAGE_ID
> Apr 25 10:14:39 R4 pluto[25049]: | emitting length of IKEv2 Notify
> Payload: 8
> Apr 25 10:14:39 R4 pluto[25049]: | no IKE message padding required Apr
> 25 10:14:39 R4 pluto[25049]: | emitting length of ISAKMP Message: 36
> Apr 25 10:14:39 R4 pluto[25049]: | sending 36 bytes for
> send_v2_notification through switch.0012:500 to 192.168.32.9:500
> (using #0)
> Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1
> 3d ad 75 3a 79 c9
> Apr 25 10:14:39 R4 pluto[25049]: | 29 20 22 20 00 00 00 00 00 00
> 00 24 00 00 00 08
> Apr 25 10:14:39 R4 pluto[25049]: | 01 00 00 09
> Apr 25 10:14:39 R4 pluto[25049]: | * processed 0 messages from
> cryptographic helpers Apr 25 10:14:39 R4 pluto[25049]: | next event
> EVENT_PENDING_DDNS in
> 40 seconds
> Apr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in
> 40 seconds
>
> --
> Jeff Chen
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
This message and any attachments are solely for the use of intended recipients. The information contained herein may include trade secrets, protected health or personal information, privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you are not an intended recipient, you are hereby notified that you received this email in error, and that any review, dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system. Thank you for your cooperation
More information about the Swan-dev
mailing list