[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)

Antonio Silva asilva at wirelessmundi.com
Fri May 8 16:39:18 EEST 2015


Hi,

Not sure if this apply to me, i saw this same error in my log, "cannot 
install eroute -- it is in use for "tunnel2-nat", when behind NAT i 
tried to connect simultaneous users with windows and l2tp/ipsec

I've installed libreswan 3.12.

Is this setup possible?

For openswan i found this 
https://lists.openswan.org/pipermail/users/2014-July/023037.html , but 
not sure if this apply to libreswan as well....


****
My lab scenario to simulate a nat connection is very simple, two virtual 
machines using wm on a debian box and them connect to the remote ipsec 
server:


WM host win8.1 [192.168.8.131]
                                                 ----
                                                       ---- 
[192.168.8.1] HOST [192.168.10.25] -------    [192.168.10.254] SERVER
                                                 --- -
WM host win8.1 [192.168.8.129]



Attach my configuration and the respective log files when try to connect.

peer_one_connected.log.txt => peer one connected
peer_two_fail_simultaneous_con.log.txt => peer two fail to connect



Thanks for the help.


regards,
António


On 12/16/2014 02:11 AM, Paul Wouters wrote:
> On Fri, 12 Dec 2014, Elison Niven wrote:
>
>> Subject: [Swan] Error ”cannot install eroute” when rekey/reconnect 
>> from the
>>     same IP (for L2TP)
>
>> Is this fixed now ?
>> https://lists.openswan.org/pipermail/users/2010-April/018685.html
>
> I changed this test case:
>
> https://github.com/libreswan/libreswan/tree/master/testing/pluto/l2tp-02-netkey 
>
>
> to simulate your scenario using:
>
> ipsec auto --up north-east-l2tp
> echo "c server" > /var/run/xl2tpd/l2tp-control
> sleep 5
> ipsec look
> : ==== cut ====
> cat /tmp/xl2tpd.log
> : ==== tuc ====
> ping -c 4 -n 192.0.2.254
> # testing passthrough plaintext
> echo quit | nc 192.0.2.254 22
> ip addr show dev ppp0
> sleep 5
> echo "d server" > /var/run/xl2tpd/l2tp-control
> ipsec auto --down north-east-l2tp
> sleep 5
> ipsec auto --up north-east-l2tp
> echo "c server" > /var/run/xl2tpd/l2tp-control
> sleep 5
> ipsec look
> echo done
>
> This worked fine. Both the first IPsec and PPP and the second IPsec and
> PPP came up successfully. Since it uses RSA, I then modified it to use
> PSK. But it still worked.
>
> Is there a chance you can try and test this with libreswan-3.12 ?
>
> Paul
>
>
>  I'm not sure if that fully reproduced your
> connection from behind NAT? This connection used RSA, not PSK.
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-- 
---
António Silva

-------------- next part --------------

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
	plutodebug=all
	plutorestartoncrash=false
	dumpdir=/tmp
	nat_traversal=yes
	interfaces=%none
	protostack=netkey
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
	fragicmp=no

# Add connections here

## remote
conn tunnel1-nat
	rightsubnet=vhost:%priv
	also=tunnel1

conn tunnel1
	pfs=no
	type=transport
	auto=add
	auth=esp
	authby=secret
	keyingtries=3
	rekey=no
	ikelifetime=8h
	keylife=1h
	left=192.168.10.254
	leftprotoport=17/%any
	leftid=192.168.10.254
	leftupdown=/opt/commsmundi/scripts/ipsec_monitor.php
	right=%any
	rightprotoport=17/%any
	rightid=%any
	rightupdown=/opt/commsmundi/scripts/ipsec_monitor.php
	dpddelay=30
	dpdtimeout=120
	dpdaction=hold


# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption [ remove file include not supported any more ]
conn block
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore
-------------- next part --------------
May  8 15:22:53 bitch pluto[16274]: |  
May  8 15:22:53 bitch pluto[16274]: | *received whack message
May  8 15:22:53 bitch pluto[16274]: shutting down
May  8 15:22:53 bitch pluto[16274]: | certs and keys locked by 'free_preshared_secrets'
May  8 15:22:53 bitch pluto[16274]: forgetting secrets
May  8 15:22:53 bitch pluto[16274]: | certs and keys unlocked by 'free_preshard_secrets'
May  8 15:22:53 bitch pluto[16274]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:22:53 bitch pluto[16274]: "tunnel1-nat"[3] 192.168.10.25: deleting connection "tunnel1-nat" instance with peer 192.168.10.25 {isakmp=#0/ipsec=#0}
May  8 15:22:53 bitch pluto[16274]: | processing connection tunnel1-nat
May  8 15:22:53 bitch pluto[16274]: "tunnel1-nat" #4: deleting state (STATE_QUICK_R0)
May  8 15:22:53 bitch pluto[16274]: | deleting state #4
May  8 15:22:53 bitch pluto[16274]: | deleting event for #4
May  8 15:22:53 bitch pluto[16274]: | ICOOKIE:  b4 c5 a7 e5  d0 f7 4d bd
May  8 15:22:53 bitch pluto[16274]: | RCOOKIE:  fa 87 f6 77  e3 c5 64 49
May  8 15:22:53 bitch pluto[16274]: | state hash entry 19
May  8 15:22:53 bitch pluto[16274]: | processing connection tunnel1-nat
May  8 15:22:53 bitch pluto[16274]: "tunnel1-nat" #5: deleting state (STATE_MAIN_R1)
May  8 15:22:53 bitch pluto[16274]: | deleting state #5
May  8 15:22:53 bitch pluto[16274]: | deleting event for #5
May  8 15:22:53 bitch pluto[16274]: | ICOOKIE:  0a 4d c3 3e  00 03 74 cf
May  8 15:22:53 bitch pluto[16274]: | RCOOKIE:  4b fb f6 8a  10 b3 31 74
May  8 15:22:53 bitch pluto[16274]: | state hash entry 30
May  8 15:22:53 bitch pluto[16274]: | processing connection tunnel1
May  8 15:22:53 bitch pluto[16274]: "tunnel1": deleting connection
May  8 15:22:53 bitch pluto[16274]: | processing connection tunnel1-nat
May  8 15:22:53 bitch pluto[16274]: "tunnel1-nat": deleting connection
May  8 15:22:53 bitch pluto[16274]: | crl fetch request list locked by 'free_crl_fetch'
May  8 15:22:53 bitch pluto[16274]: | crl fetch request list unlocked by 'free_crl_fetch'
May  8 15:22:53 bitch pluto[16274]: | authcert list locked by 'free_authcerts'
May  8 15:22:53 bitch pluto[16274]: | authcert list unlocked by 'free_authcerts'
May  8 15:22:53 bitch pluto[16274]: | crl list locked by 'free_crls'
May  8 15:22:53 bitch pluto[16274]: | crl list unlocked by 'free_crls'
May  8 15:22:53 bitch pluto[16274]: shutting down interface lo/lo 127.0.0.1:4500
May  8 15:22:53 bitch pluto[16274]: shutting down interface lo/lo 127.0.0.1:500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth0/eth0 10.10.0.1:4500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth0/eth0 10.10.0.1:500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth1/eth1 192.168.10.254:4500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth1/eth1 192.168.10.254:500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth1/eth1 192.168.11.254:4500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth1/eth1 192.168.11.254:500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth2/eth2 192.168.3.254:4500
May  8 15:22:53 bitch pluto[16274]: shutting down interface eth2/eth2 192.168.3.254:500
May  8 15:22:53 bitch ipsec__plutorun: pluto killed by SIGTERM, terminating without restart
May  8 15:22:53 bitch ipsec__plutorun: Starting Pluto subsystem...
May  8 15:22:53 bitch pluto[19962]: nss directory plutomain: /etc/ipsec.d
May  8 15:22:53 bitch pluto[19962]: NSS Initialized
May  8 15:22:53 bitch pluto[19962]: libcap-ng support [disabled]
May  8 15:22:53 bitch pluto[19962]: FIPS HMAC integrity support [disabled]
May  8 15:22:53 bitch pluto[19962]: Linux audit support [disabled]
May  8 15:22:53 bitch pluto[19962]: Starting Pluto (Libreswan Version 3.12 XFRM(netkey) KLIPS NSS DNSSEC XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:19962
May  8 15:22:53 bitch pluto[19962]: core dump dir: /tmp
May  8 15:22:53 bitch pluto[19962]: secrets file: /etc/ipsec.secrets
May  8 15:22:53 bitch pluto[19962]: leak-detective disabled
May  8 15:22:53 bitch pluto[19962]: SAref support [disabled]: Protocol not available
May  8 15:22:53 bitch pluto[19962]: SAbind support [disabled]: Protocol not available
May  8 15:22:53 bitch pluto[19962]: NSS crypto [enabled]
May  8 15:22:53 bitch pluto[19962]: XAUTH PAM support [enabled]
May  8 15:22:53 bitch pluto[19962]:    NAT-Traversal support  [enabled]
May  8 15:22:53 bitch pluto[19962]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
May  8 15:22:53 bitch pluto[19962]: | event added at head of queue
May  8 15:22:53 bitch pluto[19962]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
May  8 15:22:53 bitch pluto[19962]: | event added at head of queue
May  8 15:22:53 bitch pluto[19962]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
May  8 15:22:53 bitch pluto[19962]: | event added after event EVENT_PENDING_DDNS
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating DISABLED-OAKLEY_AES_CTR: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating DISABLED-OAKLEY_CAMELLIA_CBC: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
May  8 15:22:53 bitch pluto[19962]: starting up 3 crypto helpers
May  8 15:22:53 bitch pluto[19962]: started thread for crypto helper 0 (master fd 6)
May  8 15:22:53 bitch pluto[19962]: started thread for crypto helper 1 (master fd 8)
May  8 15:22:53 bitch pluto[19962]: | status value returned by setting the priority of this thread (crypto helper 1) 0
May  8 15:22:53 bitch pluto[19962]: | crypto helper 1 waiting on fd 9
May  8 15:22:53 bitch pluto[19962]: | status value returned by setting the priority of this thread (crypto helper 2) 0
May  8 15:22:53 bitch pluto[19962]: | crypto helper 2 waiting on fd 11
May  8 15:22:53 bitch pluto[19962]: | status value returned by setting the priority of this thread (crypto helper 0) 0
May  8 15:22:53 bitch pluto[19962]: | crypto helper 0 waiting on fd 7
May  8 15:22:53 bitch pluto[19962]: started thread for crypto helper 2 (master fd 10)
May  8 15:22:53 bitch pluto[19962]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.58
May  8 15:22:53 bitch pluto[19962]: | process 19962 listening for PF_KEY_V2 on file descriptor 15
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_init()
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_gcm_8: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_gcm_12: Ok
May  8 15:22:53 bitch pluto[19962]: ike_alg_register_enc(): Activating aes_gcm_16: Ok
May  8 15:22:53 bitch pluto[19962]: | Registered AEAD AES CCM/GCM algorithms
May  8 15:22:53 bitch pluto[19962]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH 
May  8 15:22:53 bitch pluto[19962]: |   02 07 00 02  02 00 00 00  01 00 00 00  fa 4d 00 00
May  8 15:22:53 bitch pluto[19962]: | pfkey_get: K_SADB_REGISTER message 1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=251(ESP_KAME_NULL)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0], exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=2(ESP_DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1], exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=3(ESP_3DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2], exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=5(ESP_IDEA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3], exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=6(ESP_CAST)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4], exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=7(ESP_BLOWFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5], exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=8(ESP_3IDEA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6], exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=14, alg_id=9(ESP_DES_IV32)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7], exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=11(ESP_NULL)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,11) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8], exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=2(ESP_DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,2) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9], exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=3(ESP_3DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,3) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10], exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=6(ESP_CAST)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,6) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11], exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=7(ESP_BLOWFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,7) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12], exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=12(ESP_AES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,12) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13], exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=252(ESP_SERPENT)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,252) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14], exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=22(ESP_CAMELLIA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,22) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15], exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=253(ESP_TWOFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,253) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16], exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=2, exttype=15, alg_id=13(ESP_AES_CTR)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(2,15,13) fails because alg combo is invalid
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17], exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=-1
May  8 15:22:53 bitch pluto[19962]: | AH registered with kernel.
May  8 15:22:53 bitch pluto[19962]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP 
May  8 15:22:53 bitch pluto[19962]: |   02 07 00 03  02 00 00 00  02 00 00 00  fa 4d 00 00
May  8 15:22:53 bitch pluto[19962]: | pfkey_get: K_SADB_REGISTER message 2
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) - too weak
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=0
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR)
May  8 15:22:53 bitch pluto[19962]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
May  8 15:22:53 bitch pluto[19962]: | ESP registered with kernel.
May  8 15:22:53 bitch pluto[19962]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP 
May  8 15:22:53 bitch pluto[19962]: |   02 07 00 09  02 00 00 00  03 00 00 00  fa 4d 00 00
May  8 15:22:53 bitch pluto[19962]: | pfkey_get: K_SADB_REGISTER message 3
May  8 15:22:53 bitch pluto[19962]: | IPCOMP registered with kernel.
May  8 15:22:53 bitch pluto[19962]: | Registered AH, ESP and IPCOMP
May  8 15:22:53 bitch pluto[19962]: | Changed path to directory '/etc/ipsec.d/cacerts'
May  8 15:22:53 bitch pluto[19962]: | Changing to directory '/etc/ipsec.d/crls'
May  8 15:22:53 bitch pluto[19962]: | inserting event EVENT_LOG_DAILY, timeout in 31027 seconds
May  8 15:22:53 bitch pluto[19962]: | event added after event EVENT_REINIT_SECRET
May  8 15:22:53 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 60 seconds
May  8 15:22:54 bitch pluto[20012]: | calling addconn helper using execve
May  8 15:22:54 bitch pluto[19962]: |  
May  8 15:22:54 bitch pluto[19962]: | *received whack message
May  8 15:22:54 bitch pluto[19962]: | find_host_pair_conn (check_connection_end): 192.168.10.254:500 %any:500 -> hp:none
May  8 15:22:54 bitch pluto[19962]: | Added new connection tunnel1-nat with policy PSK+ENCRYPT+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
May  8 15:22:54 bitch pluto[19962]: | counting wild cards for 192.168.10.254 is 0
May  8 15:22:54 bitch pluto[19962]: | counting wild cards for (none) is 15
May  8 15:22:54 bitch pluto[19962]: | based upon policy, the connection is a template.
May  8 15:22:54 bitch pluto[19962]: added connection description "tunnel1-nat"
May  8 15:22:54 bitch pluto[19962]: | %any:17/%any...192.168.10.254<192.168.10.254>:17/%any===vhost:?
May  8 15:22:54 bitch pluto[19962]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: PSK+ENCRYPT+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
May  8 15:22:54 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:22:54 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 59 seconds
May  8 15:22:54 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 59 seconds
May  8 15:22:54 bitch pluto[19962]: |  
May  8 15:22:54 bitch pluto[19962]: | *received whack message
May  8 15:22:54 bitch pluto[19962]: | find_host_pair_conn (check_connection_end): 192.168.10.254:500 %any:500 -> hp:none
May  8 15:22:54 bitch pluto[19962]: | Added new connection tunnel1 with policy PSK+ENCRYPT+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
May  8 15:22:54 bitch pluto[19962]: | counting wild cards for 192.168.10.254 is 0
May  8 15:22:54 bitch pluto[19962]: | counting wild cards for (none) is 15
May  8 15:22:54 bitch pluto[19962]: | based upon policy, the connection is a template.
May  8 15:22:54 bitch pluto[19962]: added connection description "tunnel1"
May  8 15:22:54 bitch pluto[19962]: | %any:17/%any...192.168.10.254<192.168.10.254>:17/%any
May  8 15:22:54 bitch pluto[19962]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: PSK+ENCRYPT+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
May  8 15:22:54 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:22:54 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 59 seconds
May  8 15:22:54 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 59 seconds
May  8 15:22:54 bitch pluto[19962]: |  
May  8 15:22:54 bitch pluto[19962]: | *received whack message
May  8 15:22:54 bitch pluto[19962]: listening for IKE messages
May  8 15:23:28 bitch pluto[19962]: |  
May  8 15:23:28 bitch pluto[19962]: | *received 408 bytes from 192.168.10.25:500 on eth1 (port=500)
May  8 15:23:28 bitch pluto[19962]: |   3d 46 1f e3  1f 2f 33 ad  00 00 00 00  00 00 00 00
May  8 15:23:28 bitch pluto[19962]: |   01 10 02 00  00 00 00 00  00 00 01 98  0d 00 00 d4
May  8 15:23:28 bitch pluto[19962]: |   00 00 00 01  00 00 00 01  00 00 00 c8  01 01 00 05
May  8 15:23:28 bitch pluto[19962]: |   03 00 00 28  01 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:23:28 bitch pluto[19962]: |   80 02 00 02  80 04 00 14  80 03 00 01  80 0b 00 01
May  8 15:23:28 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 28  02 01 00 00
May  8 15:23:28 bitch pluto[19962]: |   80 01 00 07  80 0e 00 80  80 02 00 02  80 04 00 13
May  8 15:23:28 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:23:28 bitch pluto[19962]: |   03 00 00 28  03 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:23:28 bitch pluto[19962]: |   80 02 00 02  80 04 00 0e  80 03 00 01  80 0b 00 01
May  8 15:23:28 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 24  04 01 00 00
May  8 15:23:28 bitch pluto[19962]: |   80 01 00 05  80 02 00 02  80 04 00 0e  80 03 00 01
May  8 15:23:28 bitch pluto[19962]: |   80 0b 00 01  00 0c 00 04  00 00 70 80  00 00 00 24
May  8 15:23:28 bitch pluto[19962]: |   05 01 00 00  80 01 00 05  80 02 00 02  80 04 00 02
May  8 15:23:28 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:23:28 bitch pluto[19962]: |   0d 00 00 18  01 52 8b bb  c0 06 96 12  18 49 ab 9a
May  8 15:23:28 bitch pluto[19962]: |   1c 5b 2a 51  00 00 00 01  0d 00 00 18  1e 2b 51 69
May  8 15:23:28 bitch pluto[19962]: |   05 99 1c 7d  7c 96 fc bf  b5 87 e4 61  00 00 00 09
May  8 15:23:28 bitch pluto[19962]: |   0d 00 00 14  4a 13 1c 81  07 03 58 45  5c 57 28 f2
May  8 15:23:28 bitch pluto[19962]: |   0e 95 45 2f  0d 00 00 14  90 cb 80 91  3e bb 69 6e
May  8 15:23:28 bitch pluto[19962]: |   08 63 81 b5  ec 42 7b 1f  0d 00 00 14  40 48 b7 d5
May  8 15:23:28 bitch pluto[19962]: |   6e bc e8 85  25 e7 de 7f  00 d6 c2 d3  0d 00 00 14
May  8 15:23:28 bitch pluto[19962]: |   fb 1d e3 cd  f3 41 b7 ea  16 b7 e5 be  08 55 f1 20
May  8 15:23:28 bitch pluto[19962]: |   0d 00 00 14  26 24 4d 38  ed db 61 b3  17 2a 36 e3
May  8 15:23:28 bitch pluto[19962]: |   d0 cf b8 19  00 00 00 14  e3 a5 96 6a  76 37 9f e7
May  8 15:23:28 bitch pluto[19962]: |   07 22 82 31  e5 ce 86 52
May  8 15:23:28 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:23:28 bitch pluto[19962]: |    initiator cookie:
May  8 15:23:28 bitch pluto[19962]: |   3d 46 1f e3  1f 2f 33 ad
May  8 15:23:28 bitch pluto[19962]: |    responder cookie:
May  8 15:23:28 bitch pluto[19962]: |   00 00 00 00  00 00 00 00
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_SA
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:23:28 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_IDPROT
May  8 15:23:28 bitch pluto[19962]: |    flags: none
May  8 15:23:28 bitch pluto[19962]: |    message ID:  00 00 00 00
May  8 15:23:28 bitch pluto[19962]: |    length: 408
May  8 15:23:28 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Security Association Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 212
May  8 15:23:28 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 24
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 24
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:23:28 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:23:28 bitch pluto[19962]: |    length: 20
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
May  8 15:23:28 bitch pluto[19962]: |  quirks.qnat_traversal_vid set to=83 
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: received Vendor ID payload [RFC 3947]
May  8 15:23:28 bitch pluto[19962]: | Ignoring older NAT-T Vendor ID paylad [draft-ietf-ipsec-nat-t-ike-02_n]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: received Vendor ID payload [FRAGMENTATION]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May  8 15:23:28 bitch pluto[19962]: packet from 192.168.10.25:500: ignoring Vendor ID payload [IKE CGA version 1]
May  8 15:23:28 bitch pluto[19962]: | find_host_connection me=192.168.10.254:500 him=192.168.10.25:500 policy=none
May  8 15:23:28 bitch pluto[19962]: | find_host_pair: comparing to 192.168.10.254:500 0.0.0.0:500
May  8 15:23:28 bitch pluto[19962]: | find_host_pair_conn (find_host_connection): 192.168.10.254:500 192.168.10.25:500 -> hp:none
May  8 15:23:28 bitch pluto[19962]: | searching for connection with policy = none
May  8 15:23:28 bitch pluto[19962]: | find_host_connection returns empty
May  8 15:23:28 bitch pluto[19962]: | ****parse IPsec DOI SIT:
May  8 15:23:28 bitch pluto[19962]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
May  8 15:23:28 bitch pluto[19962]: | ****parse ISAKMP Proposal Payload:
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:23:28 bitch pluto[19962]: |    length: 200
May  8 15:23:28 bitch pluto[19962]: |    proposal number: 1
May  8 15:23:28 bitch pluto[19962]: |    protocol ID: PROTO_ISAKMP
May  8 15:23:28 bitch pluto[19962]: |    SPI size: 0
May  8 15:23:28 bitch pluto[19962]: |    number of transforms: 5
May  8 15:23:28 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:23:28 bitch pluto[19962]: |    length: 40
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform number: 1
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 7
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:23:28 bitch pluto[19962]: |    length/value: 256
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 2
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:23:28 bitch pluto[19962]: |    length/value: 20
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_TYPE
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
May  8 15:23:28 bitch pluto[19962]: |    length/value: 4
May  8 15:23:28 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:23:28 bitch pluto[19962]: |    length: 40
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform number: 2
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 7
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:23:28 bitch pluto[19962]: |    length/value: 128
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 2
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:23:28 bitch pluto[19962]: |    length/value: 19
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_TYPE
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
May  8 15:23:28 bitch pluto[19962]: |    length/value: 4
May  8 15:23:28 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:23:28 bitch pluto[19962]: |    length: 40
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform number: 3
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 7
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:23:28 bitch pluto[19962]: |    length/value: 256
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 2
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:23:28 bitch pluto[19962]: |    length/value: 14
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_TYPE
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
May  8 15:23:28 bitch pluto[19962]: |    length/value: 4
May  8 15:23:28 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:23:28 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:23:28 bitch pluto[19962]: |    length: 36
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform number: 4
May  8 15:23:28 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 5
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:23:28 bitch pluto[19962]: |    length/value: 2
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:23:28 bitch pluto[19962]: |    length/value: 14
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:28 bitch pluto[19962]: |    af+type: OAKLEY_LIFE_TYPE
May  8 15:23:28 bitch pluto[19962]: |    length/value: 1
May  8 15:23:28 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:23:48 bitch pluto[19962]: |  
May  8 15:23:48 bitch pluto[19962]: | next event EVENT_NAT_T_KEEPALIVE in 0 seconds
May  8 15:23:48 bitch pluto[19962]: | *time to handle event
May  8 15:23:48 bitch pluto[19962]: | handling event EVENT_NAT_T_KEEPALIVE
May  8 15:23:48 bitch pluto[19962]: | event after this is EVENT_PENDING_DDNS in 5 seconds
May  8 15:23:48 bitch pluto[19962]: | processing connection tunnel1-nat[2] 192.168.10.25
May  8 15:23:48 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:23:48 bitch pluto[19962]: | processing connection tunnel1-nat[2] 192.168.10.25
May  8 15:23:48 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:23:48 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 5 seconds
-------------- next part --------------
May  8 15:24:09 bitch pluto[19962]: |  
May  8 15:24:09 bitch pluto[19962]: | *received 408 bytes from 192.168.10.25:1 on eth1 (port=500)
May  8 15:24:09 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df  00 00 00 00  00 00 00 00
May  8 15:24:09 bitch pluto[19962]: |   01 10 02 00  00 00 00 00  00 00 01 98  0d 00 00 d4
May  8 15:24:09 bitch pluto[19962]: |   00 00 00 01  00 00 00 01  00 00 00 c8  01 01 00 05
May  8 15:24:09 bitch pluto[19962]: |   03 00 00 28  01 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:24:09 bitch pluto[19962]: |   80 02 00 02  80 04 00 14  80 03 00 01  80 0b 00 01
May  8 15:24:09 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 28  02 01 00 00
May  8 15:24:09 bitch pluto[19962]: |   80 01 00 07  80 0e 00 80  80 02 00 02  80 04 00 13
May  8 15:24:09 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:24:09 bitch pluto[19962]: |   03 00 00 28  03 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:24:09 bitch pluto[19962]: |   80 02 00 02  80 04 00 0e  80 03 00 01  80 0b 00 01
May  8 15:24:09 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 24  04 01 00 00
May  8 15:24:09 bitch pluto[19962]: |   80 01 00 05  80 02 00 02  80 04 00 0e  80 03 00 01
May  8 15:24:09 bitch pluto[19962]: |   80 0b 00 01  00 0c 00 04  00 00 70 80  00 00 00 24
May  8 15:24:09 bitch pluto[19962]: |   05 01 00 00  80 01 00 05  80 02 00 02  80 04 00 02
May  8 15:24:09 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:24:09 bitch pluto[19962]: |   0d 00 00 18  01 52 8b bb  c0 06 96 12  18 49 ab 9a
May  8 15:24:09 bitch pluto[19962]: |   1c 5b 2a 51  00 00 00 01  0d 00 00 18  1e 2b 51 69
May  8 15:24:09 bitch pluto[19962]: |   05 99 1c 7d  7c 96 fc bf  b5 87 e4 61  00 00 00 09
May  8 15:24:09 bitch pluto[19962]: |   0d 00 00 14  4a 13 1c 81  07 03 58 45  5c 57 28 f2
May  8 15:24:09 bitch pluto[19962]: |   0e 95 45 2f  0d 00 00 14  90 cb 80 91  3e bb 69 6e
May  8 15:24:09 bitch pluto[19962]: |   08 63 81 b5  ec 42 7b 1f  0d 00 00 14  40 48 b7 d5
May  8 15:24:09 bitch pluto[19962]: |   6e bc e8 85  25 e7 de 7f  00 d6 c2 d3  0d 00 00 14
May  8 15:24:09 bitch pluto[19962]: |   fb 1d e3 cd  f3 41 b7 ea  16 b7 e5 be  08 55 f1 20
May  8 15:24:09 bitch pluto[19962]: |   0d 00 00 14  26 24 4d 38  ed db 61 b3  17 2a 36 e3
May  8 15:24:09 bitch pluto[19962]: |   d0 cf b8 19  00 00 00 14  e3 a5 96 6a  76 37 9f e7
May  8 15:24:09 bitch pluto[19962]: |   07 22 82 31  e5 ce 86 52
May  8 15:24:09 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:24:09 bitch pluto[19962]: |    initiator cookie:
May  8 15:24:09 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:24:09 bitch pluto[19962]: |    responder cookie:
May  8 15:24:09 bitch pluto[19962]: |   00 00 00 00  00 00 00 00
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_SA
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:24:09 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_IDPROT
May  8 15:24:09 bitch pluto[19962]: |    flags: none
May  8 15:24:09 bitch pluto[19962]: |    message ID:  00 00 00 00
May  8 15:24:09 bitch pluto[19962]: |    length: 408
May  8 15:24:09 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Security Association Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 212
May  8 15:24:09 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 24
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 24
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:24:09 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:24:09 bitch pluto[19962]: |    length: 20
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
May  8 15:24:09 bitch pluto[19962]: |  quirks.qnat_traversal_vid set to=83 
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: received Vendor ID payload [RFC 3947]
May  8 15:24:09 bitch pluto[19962]: | Ignoring older NAT-T Vendor ID paylad [draft-ietf-ipsec-nat-t-ike-02_n]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: received Vendor ID payload [FRAGMENTATION]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring Vendor ID payload [Vid-Initial-Contact]
May  8 15:24:09 bitch pluto[19962]: packet from 192.168.10.25:1: ignoring Vendor ID payload [IKE CGA version 1]
May  8 15:24:09 bitch pluto[19962]: | find_host_connection me=192.168.10.254:500 him=192.168.10.25:1 policy=none
May  8 15:24:09 bitch pluto[19962]: | find_host_pair: comparing to 192.168.10.254:500 0.0.0.0:500
May  8 15:24:09 bitch pluto[19962]: | find_host_pair: comparing to 192.168.10.254:500 192.168.10.25:500
May  8 15:24:09 bitch pluto[19962]: | find_host_pair_conn (find_host_connection): 192.168.10.254:500 192.168.10.25:1 -> hp:tunnel1-nat
May  8 15:24:09 bitch pluto[19962]: | searching for connection with policy = none
May  8 15:24:09 bitch pluto[19962]: | found policy = PSK+ENCRYPT+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW (tunnel1-nat)
May  8 15:24:09 bitch pluto[19962]: | find_host_connection returns tunnel1-nat
May  8 15:24:09 bitch pluto[19962]: | creating state object #3 at 0x7f4b99acae40
May  8 15:24:09 bitch pluto[19962]: | processing connection tunnel1-nat[2] 192.168.10.25
May  8 15:24:09 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:24:09 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:24:09 bitch pluto[19962]: | state hash entry 8
May  8 15:24:09 bitch pluto[19962]: | inserting state object #3
May  8 15:24:09 bitch pluto[19962]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3
May  8 15:24:09 bitch pluto[19962]: | event added at head of queue
May  8 15:24:09 bitch pluto[19962]: | sender checking NAT-t: enabled and 83
May  8 15:24:09 bitch pluto[19962]: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
May  8 15:24:09 bitch pluto[19962]: "tunnel1-nat"[2] 192.168.10.25 #3: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
May  8 15:24:09 bitch pluto[19962]: "tunnel1-nat"[2] 192.168.10.25 #3: responding to Main Mode from unknown peer 192.168.10.25
May  8 15:24:09 bitch pluto[19962]: | **emit ISAKMP Message:
May  8 15:24:09 bitch pluto[19962]: |    initiator cookie:
May  8 15:24:09 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:24:09 bitch pluto[19962]: |    responder cookie:
May  8 15:24:09 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_SA
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:24:09 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_IDPROT
May  8 15:24:09 bitch pluto[19962]: |    flags: none
May  8 15:24:09 bitch pluto[19962]: |    message ID:  00 00 00 00
May  8 15:24:09 bitch pluto[19962]: | nat-t detected, sending nat-t VID
May  8 15:24:09 bitch pluto[19962]: | ***emit ISAKMP Security Association Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:24:09 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:24:09 bitch pluto[19962]: | ****parse IPsec DOI SIT:
May  8 15:24:09 bitch pluto[19962]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
May  8 15:24:09 bitch pluto[19962]: | ****parse ISAKMP Proposal Payload:
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:24:09 bitch pluto[19962]: |    length: 200
May  8 15:24:09 bitch pluto[19962]: |    proposal number: 1
May  8 15:24:09 bitch pluto[19962]: |    protocol ID: PROTO_ISAKMP
May  8 15:24:09 bitch pluto[19962]: |    SPI size: 0
May  8 15:24:09 bitch pluto[19962]: |    number of transforms: 5
May  8 15:24:09 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:24:09 bitch pluto[19962]: |    length: 40
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform number: 1
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 7
May  8 15:24:09 bitch pluto[19962]: |    [7 is OAKLEY_AES_CBC]
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:24:09 bitch pluto[19962]: |    length/value: 256
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 2
May  8 15:24:09 bitch pluto[19962]: |    [2 is OAKLEY_SHA1]
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:24:09 bitch pluto[19962]: |    length/value: 20
May  8 15:24:09 bitch pluto[19962]: |    [20 is OAKLEY_GROUP_ECP_384]
May  8 15:24:09 bitch pluto[19962]: "tunnel1-nat"[2] 192.168.10.25 #3: OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May  8 15:24:09 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:24:09 bitch pluto[19962]: |    length: 40
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform number: 2
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 7
May  8 15:24:09 bitch pluto[19962]: |    [7 is OAKLEY_AES_CBC]
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:24:09 bitch pluto[19962]: |    length/value: 128
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 2
May  8 15:24:09 bitch pluto[19962]: |    [2 is OAKLEY_SHA1]
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:24:09 bitch pluto[19962]: |    length/value: 19
May  8 15:24:09 bitch pluto[19962]: |    [19 is OAKLEY_GROUP_ECP_256]
May  8 15:24:09 bitch pluto[19962]: "tunnel1-nat"[2] 192.168.10.25 #3: OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
May  8 15:24:09 bitch pluto[19962]: | *****parse ISAKMP Transform Payload (ISAKMP):
May  8 15:24:09 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_T
May  8 15:24:09 bitch pluto[19962]: |    length: 40
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform number: 3
May  8 15:24:09 bitch pluto[19962]: |    ISAKMP transform ID: KEY_IKE
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 7
May  8 15:24:09 bitch pluto[19962]: |    [7 is OAKLEY_AES_CBC]
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_KEY_LENGTH
May  8 15:24:09 bitch pluto[19962]: |    length/value: 256
May  8 15:24:09 bitch pluto[19962]: | ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_HASH_ALGORITHM
May  8 15:24:09 bitch pluto[19962]: |    length/value: 2
May  8 15:24:09 bitch pluto[19962]: |    [2 is OAKLEY_SHA1]
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_GROUP_DESCRIPTION
May  8 15:24:09 bitch pluto[19962]: |    length/value: 14
May  8 15:24:09 bitch pluto[19962]: |    [14 is OAKLEY_GROUP_MODP2048]
May  8 15:24:09 bitch pluto[19962]: | ******parse ISAKMP Oakley attribute:
May  8 15:24:09 bitch pluto[19962]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
May  8 15:24:09 bitch pluto[19962]: |    length/value: 1
May  8 15:24:21 bitch pluto[19962]: |  
May  8 15:24:21 bitch pluto[19962]: | *received 444 bytes from 192.168.10.25:1024 on eth1 (port=4500)
May  8 15:24:21 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:24:21 bitch pluto[19962]: |   08 10 20 01  00 00 00 01  00 00 01 bc  59 47 e1 29
May  8 15:24:21 bitch pluto[19962]: |   8f 66 e3 1f  0b 5d 9a 18  08 5a 18 4d  8b e7 ed d1
May  8 15:24:21 bitch pluto[19962]: |   d7 72 45 fc  95 f1 e3 28  0b c7 98 e4  40 73 b4 3e
May  8 15:24:21 bitch pluto[19962]: |   8b b8 2a 82  07 bd 0d 93  80 84 5c 7b  c3 1a a4 46
May  8 15:24:21 bitch pluto[19962]: |   71 91 eb cd  c1 ad 84 8a  52 ed a2 69  7b cc 66 de
May  8 15:24:21 bitch pluto[19962]: |   f7 29 d9 99  f8 48 6a 23  a7 e9 73 4a  47 34 de 5e
May  8 15:24:21 bitch pluto[19962]: |   58 85 f8 70  d9 72 ee ed  01 59 50 1a  01 85 af 57
May  8 15:24:21 bitch pluto[19962]: |   e1 1b fb 6e  a3 ff 41 d9  e5 3d 7d fd  86 5c 62 ef
May  8 15:24:21 bitch pluto[19962]: |   87 a6 1b 1f  8f 72 2d e5  67 fc 59 1a  1d 45 42 fe
May  8 15:24:21 bitch pluto[19962]: |   87 cd 05 6c  3e 39 e3 53  c7 b8 66 34  d6 ce 6f 51
May  8 15:24:21 bitch pluto[19962]: |   58 34 2f 6c  51 07 79 49  60 4b d6 e6  a6 2d a3 9d
May  8 15:24:21 bitch pluto[19962]: |   21 be dc e8  6a cd 64 4a  e5 50 41 03  90 83 88 61
May  8 15:24:21 bitch pluto[19962]: |   02 ac 6e f0  f2 e4 09 8a  66 c1 7e 79  50 e9 f6 97
May  8 15:24:21 bitch pluto[19962]: |   d8 80 86 2c  9e a7 db 52  44 74 a0 63  af 54 d4 0a
May  8 15:24:21 bitch pluto[19962]: |   c5 58 46 13  50 dd 2e f8  31 4a 85 9f  70 19 7d e5
May  8 15:24:21 bitch pluto[19962]: |   89 d4 d4 85  3f da d3 ab  94 76 b5 98  bb 4c b5 ea
May  8 15:24:21 bitch pluto[19962]: |   a6 88 65 70  c6 a9 08 87  e6 4e 94 02  db 06 b0 49
May  8 15:24:21 bitch pluto[19962]: |   df 68 90 47  aa 88 8a ae  bb 1b e3 1c  31 27 3a 31
May  8 15:24:21 bitch pluto[19962]: |   83 c4 7a 0e  cd d2 b1 9c  3e 95 66 b9  83 c3 a9 9d
May  8 15:24:21 bitch pluto[19962]: |   30 73 a0 fe  fe 87 c2 cf  4b 22 38 27  f2 e4 58 8d
May  8 15:24:21 bitch pluto[19962]: |   de 8a 5c c5  99 dc 4b 5f  74 13 1e 9c  6d dd eb 5e
May  8 15:24:21 bitch pluto[19962]: |   8c c5 ca b3  ec 29 9c 32  0a 3a 32 16  aa 45 e1 09
May  8 15:24:21 bitch pluto[19962]: |   4c 5b 6a 20  43 53 fc 9f  a6 99 4a 06  e2 de 0c 17
May  8 15:24:21 bitch pluto[19962]: |   2c 23 12 96  17 0e f1 1b  ed ad 03 6c  ec 90 26 35
May  8 15:24:21 bitch pluto[19962]: |   ad 48 18 9e  69 46 e5 69  03 05 d1 c3  08 97 ff 44
May  8 15:24:21 bitch pluto[19962]: |   12 bd 74 c8  27 a9 d2 8e  21 78 eb ea  a5 04 77 9f
May  8 15:24:21 bitch pluto[19962]: |   17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:21 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:24:21 bitch pluto[19962]: |    initiator cookie:
May  8 15:24:21 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:24:21 bitch pluto[19962]: |    responder cookie:
May  8 15:24:21 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:24:21 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_HASH
May  8 15:24:21 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:24:21 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_QUICK
May  8 15:24:21 bitch pluto[19962]: |    flags: ISAKMP_FLAG_v1_ENCRYPTION
May  8 15:24:21 bitch pluto[19962]: |    message ID:  00 00 00 01
May  8 15:24:21 bitch pluto[19962]: |    length: 444
May  8 15:24:21 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
May  8 15:24:21 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:24:21 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:24:21 bitch pluto[19962]: | state hash entry 8
May  8 15:24:21 bitch pluto[19962]: | v1 peer and cookies match on #4, provided msgid 00000001 vs 00000001
May  8 15:24:21 bitch pluto[19962]: | v1 state object #4 found, in STATE_QUICK_R0
May  8 15:24:21 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:24:21 bitch pluto[19962]: | #4 state_busy:1872 st != NULL && st->st_calculating == FALSE;
May  8 15:24:21 bitch pluto[19962]: | received encrypted packet from 192.168.10.25:1024
May  8 15:24:21 bitch pluto[19962]: | decrypting 416 bytes using algorithm OAKLEY_AES_CBC
May  8 15:24:21 bitch pluto[19962]: | last Phase 1 IV:
May  8 15:24:21 bitch pluto[19962]: | current Phase 1 IV:
May  8 15:24:21 bitch pluto[19962]: | computed Phase 2 IV:
May  8 15:24:21 bitch pluto[19962]: |   47 9e 04 f3  d1 2d 11 2b  5c 04 c9 ee  67 e4 b1 e6
May  8 15:24:21 bitch pluto[19962]: |   e2 01 ea 4e
May  8 15:24:21 bitch pluto[19962]: | NSS do_aes_cbc: enter
May  8 15:24:21 bitch pluto[19962]: | NSS do_aes_cbc: exit
May  8 15:24:21 bitch pluto[19962]: | decrypted:
May  8 15:24:21 bitch pluto[19962]: |   35 1f 3a 11  43 c0 b8 5e  17 f5 0f d0  05 fd 96 6a
May  8 15:24:21 bitch pluto[19962]: |   45 09 ea bd  48 6c 1f 3c  0a 00 01 18  00 00 00 01
May  8 15:24:21 bitch pluto[19962]: |   00 00 00 01  02 00 00 38  01 03 04 01  55 86 0d 10
May  8 15:24:21 bitch pluto[19962]: |   00 00 00 2c  01 0c 00 00  80 04 00 04  80 06 01 00
May  8 15:24:21 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:21 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  02 00 00 38
May  8 15:24:21 bitch pluto[19962]: |   02 03 04 01  55 86 0d 10  00 00 00 2c  01 0c 00 00
May  8 15:24:21 bitch pluto[19962]: |   80 04 00 04  80 06 00 80  80 05 00 02  80 01 00 01
May  8 15:24:21 bitch pluto[19962]: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
May  8 15:24:21 bitch pluto[19962]: |   00 03 d0 90  02 00 00 34  03 03 04 01  55 86 0d 10
May  8 15:24:21 bitch pluto[19962]: |   00 00 00 28  01 03 00 00  80 04 00 04  80 05 00 02
May  8 15:24:21 bitch pluto[19962]: |   80 01 00 01  00 02 00 04  00 00 0e 10  80 01 00 02
May  8 15:24:21 bitch pluto[19962]: |   00 02 00 04  00 03 d0 90  02 00 00 34  04 03 04 01
May  8 15:24:21 bitch pluto[19962]: |   55 86 0d 10  00 00 00 28  01 02 00 00  80 04 00 04
May  8 15:24:21 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:21 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  00 00 00 34
May  8 15:24:21 bitch pluto[19962]: |   05 03 04 01  55 86 0d 10  00 00 00 28  01 0b 00 00
May  8 15:24:21 bitch pluto[19962]: |   80 04 00 04  80 05 00 02  80 01 00 01  00 02 00 04
May  8 15:24:21 bitch pluto[19962]: |   00 00 0e 10  80 01 00 02  00 02 00 04  00 03 d0 90
May  8 15:24:21 bitch pluto[19962]: |   05 00 00 34  e0 11 2a 0c  97 0d 5e 6c  3c a8 50 43
May  8 15:24:21 bitch pluto[19962]: |   30 65 43 4f  e1 e9 8e ec  ab eb 99 a7  65 49 cb 34
May  8 15:24:21 bitch pluto[19962]: |   1d aa 2f 86  f1 e8 ea fa  32 ff 2b eb  6d 6b 44 84
May  8 15:24:21 bitch pluto[19962]: |   5c f0 04 ff  05 00 00 0c  01 11 06 a5  c0 a8 08 81
May  8 15:24:21 bitch pluto[19962]: |   15 00 00 0c  01 11 06 a5  c0 a8 0a fe  15 00 00 0c
May  8 15:24:21 bitch pluto[19962]: |   01 00 00 00  c0 a8 08 81  00 00 00 0c  01 00 00 00
May  8 15:24:21 bitch pluto[19962]: |   c0 a8 0a fe  00 00 00 00  00 00 00 00  00 00 00 00
May  8 15:24:21 bitch pluto[19962]: | next IV:  a5 04 77 9f  17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:21 bitch pluto[19962]: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502opt: 0x200030
May  8 15:24:21 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: next payload type of ISAKMP Hash Payload has an unknown value: 53
May  8 15:24:21 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: malformed payload in packet
May  8 15:24:21 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:24:21 bitch pluto[19962]: | next event EVENT_NAT_T_KEEPALIVE in 8 seconds
May  8 15:24:21 bitch pluto[19962]: | next event EVENT_NAT_T_KEEPALIVE in 8 seconds
May  8 15:24:29 bitch pluto[19962]: |  
May  8 15:24:29 bitch pluto[19962]: | next event EVENT_NAT_T_KEEPALIVE in 0 seconds
May  8 15:24:29 bitch pluto[19962]: | *time to handle event
May  8 15:24:29 bitch pluto[19962]: | handling event EVENT_NAT_T_KEEPALIVE
May  8 15:24:29 bitch pluto[19962]: | event after this is EVENT_PENDING_DDNS in 24 seconds
May  8 15:24:29 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:24:29 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:24:29 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:24:29 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:24:29 bitch pluto[19962]: | processing connection tunnel1-nat[2] 192.168.10.25
May  8 15:24:29 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:24:29 bitch pluto[19962]: | processing connection tunnel1-nat[2] 192.168.10.25
May  8 15:24:29 bitch pluto[19962]: | Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
May  8 15:24:29 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 24 seconds
May  8 15:24:36 bitch pluto[19962]: |  
May  8 15:24:36 bitch pluto[19962]: | *received 444 bytes from 192.168.10.25:1024 on eth1 (port=4500)
May  8 15:24:36 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:24:36 bitch pluto[19962]: |   08 10 20 01  00 00 00 01  00 00 01 bc  59 47 e1 29
May  8 15:24:36 bitch pluto[19962]: |   8f 66 e3 1f  0b 5d 9a 18  08 5a 18 4d  8b e7 ed d1
May  8 15:24:36 bitch pluto[19962]: |   d7 72 45 fc  95 f1 e3 28  0b c7 98 e4  40 73 b4 3e
May  8 15:24:36 bitch pluto[19962]: |   8b b8 2a 82  07 bd 0d 93  80 84 5c 7b  c3 1a a4 46
May  8 15:24:36 bitch pluto[19962]: |   71 91 eb cd  c1 ad 84 8a  52 ed a2 69  7b cc 66 de
May  8 15:24:36 bitch pluto[19962]: |   f7 29 d9 99  f8 48 6a 23  a7 e9 73 4a  47 34 de 5e
May  8 15:24:36 bitch pluto[19962]: |   58 85 f8 70  d9 72 ee ed  01 59 50 1a  01 85 af 57
May  8 15:24:36 bitch pluto[19962]: |   e1 1b fb 6e  a3 ff 41 d9  e5 3d 7d fd  86 5c 62 ef
May  8 15:24:36 bitch pluto[19962]: |   87 a6 1b 1f  8f 72 2d e5  67 fc 59 1a  1d 45 42 fe
May  8 15:24:36 bitch pluto[19962]: |   87 cd 05 6c  3e 39 e3 53  c7 b8 66 34  d6 ce 6f 51
May  8 15:24:36 bitch pluto[19962]: |   58 34 2f 6c  51 07 79 49  60 4b d6 e6  a6 2d a3 9d
May  8 15:24:36 bitch pluto[19962]: |   21 be dc e8  6a cd 64 4a  e5 50 41 03  90 83 88 61
May  8 15:24:36 bitch pluto[19962]: |   02 ac 6e f0  f2 e4 09 8a  66 c1 7e 79  50 e9 f6 97
May  8 15:24:36 bitch pluto[19962]: |   d8 80 86 2c  9e a7 db 52  44 74 a0 63  af 54 d4 0a
May  8 15:24:36 bitch pluto[19962]: |   c5 58 46 13  50 dd 2e f8  31 4a 85 9f  70 19 7d e5
May  8 15:24:36 bitch pluto[19962]: |   89 d4 d4 85  3f da d3 ab  94 76 b5 98  bb 4c b5 ea
May  8 15:24:36 bitch pluto[19962]: |   a6 88 65 70  c6 a9 08 87  e6 4e 94 02  db 06 b0 49
May  8 15:24:36 bitch pluto[19962]: |   df 68 90 47  aa 88 8a ae  bb 1b e3 1c  31 27 3a 31
May  8 15:24:36 bitch pluto[19962]: |   83 c4 7a 0e  cd d2 b1 9c  3e 95 66 b9  83 c3 a9 9d
May  8 15:24:36 bitch pluto[19962]: |   30 73 a0 fe  fe 87 c2 cf  4b 22 38 27  f2 e4 58 8d
May  8 15:24:36 bitch pluto[19962]: |   de 8a 5c c5  99 dc 4b 5f  74 13 1e 9c  6d dd eb 5e
May  8 15:24:36 bitch pluto[19962]: |   8c c5 ca b3  ec 29 9c 32  0a 3a 32 16  aa 45 e1 09
May  8 15:24:36 bitch pluto[19962]: |   4c 5b 6a 20  43 53 fc 9f  a6 99 4a 06  e2 de 0c 17
May  8 15:24:36 bitch pluto[19962]: |   2c 23 12 96  17 0e f1 1b  ed ad 03 6c  ec 90 26 35
May  8 15:24:36 bitch pluto[19962]: |   ad 48 18 9e  69 46 e5 69  03 05 d1 c3  08 97 ff 44
May  8 15:24:36 bitch pluto[19962]: |   12 bd 74 c8  27 a9 d2 8e  21 78 eb ea  a5 04 77 9f
May  8 15:24:36 bitch pluto[19962]: |   17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:36 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:24:36 bitch pluto[19962]: |    initiator cookie:
May  8 15:24:36 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:24:36 bitch pluto[19962]: |    responder cookie:
May  8 15:24:36 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:24:36 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_HASH
May  8 15:24:36 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:24:36 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_QUICK
May  8 15:24:36 bitch pluto[19962]: |    flags: ISAKMP_FLAG_v1_ENCRYPTION
May  8 15:24:36 bitch pluto[19962]: |    message ID:  00 00 00 01
May  8 15:24:36 bitch pluto[19962]: |    length: 444
May  8 15:24:36 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
May  8 15:24:36 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:24:36 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:24:36 bitch pluto[19962]: | state hash entry 8
May  8 15:24:36 bitch pluto[19962]: | v1 peer and cookies match on #4, provided msgid 00000001 vs 00000001
May  8 15:24:36 bitch pluto[19962]: | v1 state object #4 found, in STATE_QUICK_R0
May  8 15:24:36 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:24:36 bitch pluto[19962]: | #4 state_busy:1872 st != NULL && st->st_calculating == FALSE;
May  8 15:24:36 bitch pluto[19962]: | received encrypted packet from 192.168.10.25:1024
May  8 15:24:36 bitch pluto[19962]: | decrypting 416 bytes using algorithm OAKLEY_AES_CBC
May  8 15:24:36 bitch pluto[19962]: | last Phase 1 IV:
May  8 15:24:36 bitch pluto[19962]: | current Phase 1 IV:
May  8 15:24:36 bitch pluto[19962]: | computed Phase 2 IV:
May  8 15:24:36 bitch pluto[19962]: |   47 9e 04 f3  d1 2d 11 2b  5c 04 c9 ee  67 e4 b1 e6
May  8 15:24:36 bitch pluto[19962]: |   e2 01 ea 4e
May  8 15:24:36 bitch pluto[19962]: | NSS do_aes_cbc: enter
May  8 15:24:36 bitch pluto[19962]: | NSS do_aes_cbc: exit
May  8 15:24:36 bitch pluto[19962]: | decrypted:
May  8 15:24:36 bitch pluto[19962]: |   35 1f 3a 11  43 c0 b8 5e  17 f5 0f d0  05 fd 96 6a
May  8 15:24:36 bitch pluto[19962]: |   45 09 ea bd  48 6c 1f 3c  0a 00 01 18  00 00 00 01
May  8 15:24:36 bitch pluto[19962]: |   00 00 00 01  02 00 00 38  01 03 04 01  55 86 0d 10
May  8 15:24:36 bitch pluto[19962]: |   00 00 00 2c  01 0c 00 00  80 04 00 04  80 06 01 00
May  8 15:24:36 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:36 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  02 00 00 38
May  8 15:24:36 bitch pluto[19962]: |   02 03 04 01  55 86 0d 10  00 00 00 2c  01 0c 00 00
May  8 15:24:36 bitch pluto[19962]: |   80 04 00 04  80 06 00 80  80 05 00 02  80 01 00 01
May  8 15:24:36 bitch pluto[19962]: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
May  8 15:24:36 bitch pluto[19962]: |   00 03 d0 90  02 00 00 34  03 03 04 01  55 86 0d 10
May  8 15:24:36 bitch pluto[19962]: |   00 00 00 28  01 03 00 00  80 04 00 04  80 05 00 02
May  8 15:24:36 bitch pluto[19962]: |   80 01 00 01  00 02 00 04  00 00 0e 10  80 01 00 02
May  8 15:24:36 bitch pluto[19962]: |   00 02 00 04  00 03 d0 90  02 00 00 34  04 03 04 01
May  8 15:24:36 bitch pluto[19962]: |   55 86 0d 10  00 00 00 28  01 02 00 00  80 04 00 04
May  8 15:24:36 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:36 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  00 00 00 34
May  8 15:24:36 bitch pluto[19962]: |   05 03 04 01  55 86 0d 10  00 00 00 28  01 0b 00 00
May  8 15:24:36 bitch pluto[19962]: |   80 04 00 04  80 05 00 02  80 01 00 01  00 02 00 04
May  8 15:24:36 bitch pluto[19962]: |   00 00 0e 10  80 01 00 02  00 02 00 04  00 03 d0 90
May  8 15:24:36 bitch pluto[19962]: |   05 00 00 34  e0 11 2a 0c  97 0d 5e 6c  3c a8 50 43
May  8 15:24:36 bitch pluto[19962]: |   30 65 43 4f  e1 e9 8e ec  ab eb 99 a7  65 49 cb 34
May  8 15:24:36 bitch pluto[19962]: |   1d aa 2f 86  f1 e8 ea fa  32 ff 2b eb  6d 6b 44 84
May  8 15:24:36 bitch pluto[19962]: |   5c f0 04 ff  05 00 00 0c  01 11 06 a5  c0 a8 08 81
May  8 15:24:36 bitch pluto[19962]: |   15 00 00 0c  01 11 06 a5  c0 a8 0a fe  15 00 00 0c
May  8 15:24:36 bitch pluto[19962]: |   01 00 00 00  c0 a8 08 81  00 00 00 0c  01 00 00 00
May  8 15:24:36 bitch pluto[19962]: |   c0 a8 0a fe  00 00 00 00  00 00 00 00  00 00 00 00
May  8 15:24:36 bitch pluto[19962]: | next IV:  a5 04 77 9f  17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:36 bitch pluto[19962]: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502opt: 0x200030
May  8 15:24:36 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: next payload type of ISAKMP Hash Payload has an unknown value: 53
May  8 15:24:36 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: malformed payload in packet
May  8 15:24:36 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:24:36 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 17 seconds
May  8 15:24:36 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 17 seconds
May  8 15:24:39 bitch pluto[19962]: |  
May  8 15:24:39 bitch pluto[19962]: | *received kernel message
May  8 15:24:39 bitch pluto[19962]: | netlink_get: XFRM_MSG_EXPIRE message
May  8 15:24:39 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:24:39 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 14 seconds
May  8 15:24:39 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 14 seconds
May  8 15:24:51 bitch pluto[19962]: |  
May  8 15:24:51 bitch pluto[19962]: | *received 444 bytes from 192.168.10.25:1024 on eth1 (port=4500)
May  8 15:24:51 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:24:51 bitch pluto[19962]: |   08 10 20 01  00 00 00 01  00 00 01 bc  59 47 e1 29
May  8 15:24:51 bitch pluto[19962]: |   8f 66 e3 1f  0b 5d 9a 18  08 5a 18 4d  8b e7 ed d1
May  8 15:24:51 bitch pluto[19962]: |   d7 72 45 fc  95 f1 e3 28  0b c7 98 e4  40 73 b4 3e
May  8 15:24:51 bitch pluto[19962]: |   8b b8 2a 82  07 bd 0d 93  80 84 5c 7b  c3 1a a4 46
May  8 15:24:51 bitch pluto[19962]: |   71 91 eb cd  c1 ad 84 8a  52 ed a2 69  7b cc 66 de
May  8 15:24:51 bitch pluto[19962]: |   f7 29 d9 99  f8 48 6a 23  a7 e9 73 4a  47 34 de 5e
May  8 15:24:51 bitch pluto[19962]: |   58 85 f8 70  d9 72 ee ed  01 59 50 1a  01 85 af 57
May  8 15:24:51 bitch pluto[19962]: |   e1 1b fb 6e  a3 ff 41 d9  e5 3d 7d fd  86 5c 62 ef
May  8 15:24:51 bitch pluto[19962]: |   87 a6 1b 1f  8f 72 2d e5  67 fc 59 1a  1d 45 42 fe
May  8 15:24:51 bitch pluto[19962]: |   87 cd 05 6c  3e 39 e3 53  c7 b8 66 34  d6 ce 6f 51
May  8 15:24:51 bitch pluto[19962]: |   58 34 2f 6c  51 07 79 49  60 4b d6 e6  a6 2d a3 9d
May  8 15:24:51 bitch pluto[19962]: |   21 be dc e8  6a cd 64 4a  e5 50 41 03  90 83 88 61
May  8 15:24:51 bitch pluto[19962]: |   02 ac 6e f0  f2 e4 09 8a  66 c1 7e 79  50 e9 f6 97
May  8 15:24:51 bitch pluto[19962]: |   d8 80 86 2c  9e a7 db 52  44 74 a0 63  af 54 d4 0a
May  8 15:24:51 bitch pluto[19962]: |   c5 58 46 13  50 dd 2e f8  31 4a 85 9f  70 19 7d e5
May  8 15:24:51 bitch pluto[19962]: |   89 d4 d4 85  3f da d3 ab  94 76 b5 98  bb 4c b5 ea
May  8 15:24:51 bitch pluto[19962]: |   a6 88 65 70  c6 a9 08 87  e6 4e 94 02  db 06 b0 49
May  8 15:24:51 bitch pluto[19962]: |   df 68 90 47  aa 88 8a ae  bb 1b e3 1c  31 27 3a 31
May  8 15:24:51 bitch pluto[19962]: |   83 c4 7a 0e  cd d2 b1 9c  3e 95 66 b9  83 c3 a9 9d
May  8 15:24:51 bitch pluto[19962]: |   30 73 a0 fe  fe 87 c2 cf  4b 22 38 27  f2 e4 58 8d
May  8 15:24:51 bitch pluto[19962]: |   de 8a 5c c5  99 dc 4b 5f  74 13 1e 9c  6d dd eb 5e
May  8 15:24:51 bitch pluto[19962]: |   8c c5 ca b3  ec 29 9c 32  0a 3a 32 16  aa 45 e1 09
May  8 15:24:51 bitch pluto[19962]: |   4c 5b 6a 20  43 53 fc 9f  a6 99 4a 06  e2 de 0c 17
May  8 15:24:51 bitch pluto[19962]: |   2c 23 12 96  17 0e f1 1b  ed ad 03 6c  ec 90 26 35
May  8 15:24:51 bitch pluto[19962]: |   ad 48 18 9e  69 46 e5 69  03 05 d1 c3  08 97 ff 44
May  8 15:24:51 bitch pluto[19962]: |   12 bd 74 c8  27 a9 d2 8e  21 78 eb ea  a5 04 77 9f
May  8 15:24:51 bitch pluto[19962]: |   17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:51 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:24:51 bitch pluto[19962]: |    initiator cookie:
May  8 15:24:51 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:24:51 bitch pluto[19962]: |    responder cookie:
May  8 15:24:51 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:24:51 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_HASH
May  8 15:24:51 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:24:51 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_QUICK
May  8 15:24:51 bitch pluto[19962]: |    flags: ISAKMP_FLAG_v1_ENCRYPTION
May  8 15:24:51 bitch pluto[19962]: |    message ID:  00 00 00 01
May  8 15:24:51 bitch pluto[19962]: |    length: 444
May  8 15:24:51 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
May  8 15:24:51 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:24:51 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:24:51 bitch pluto[19962]: | state hash entry 8
May  8 15:24:51 bitch pluto[19962]: | v1 peer and cookies match on #4, provided msgid 00000001 vs 00000001
May  8 15:24:51 bitch pluto[19962]: | v1 state object #4 found, in STATE_QUICK_R0
May  8 15:24:51 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:24:51 bitch pluto[19962]: | #4 state_busy:1872 st != NULL && st->st_calculating == FALSE;
May  8 15:24:51 bitch pluto[19962]: | received encrypted packet from 192.168.10.25:1024
May  8 15:24:51 bitch pluto[19962]: | decrypting 416 bytes using algorithm OAKLEY_AES_CBC
May  8 15:24:51 bitch pluto[19962]: | last Phase 1 IV:
May  8 15:24:51 bitch pluto[19962]: | current Phase 1 IV:
May  8 15:24:51 bitch pluto[19962]: | computed Phase 2 IV:
May  8 15:24:51 bitch pluto[19962]: |   47 9e 04 f3  d1 2d 11 2b  5c 04 c9 ee  67 e4 b1 e6
May  8 15:24:51 bitch pluto[19962]: |   e2 01 ea 4e
May  8 15:24:51 bitch pluto[19962]: | NSS do_aes_cbc: enter
May  8 15:24:51 bitch pluto[19962]: | NSS do_aes_cbc: exit
May  8 15:24:51 bitch pluto[19962]: | decrypted:
May  8 15:24:51 bitch pluto[19962]: |   35 1f 3a 11  43 c0 b8 5e  17 f5 0f d0  05 fd 96 6a
May  8 15:24:51 bitch pluto[19962]: |   45 09 ea bd  48 6c 1f 3c  0a 00 01 18  00 00 00 01
May  8 15:24:51 bitch pluto[19962]: |   00 00 00 01  02 00 00 38  01 03 04 01  55 86 0d 10
May  8 15:24:51 bitch pluto[19962]: |   00 00 00 2c  01 0c 00 00  80 04 00 04  80 06 01 00
May  8 15:24:51 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:51 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  02 00 00 38
May  8 15:24:51 bitch pluto[19962]: |   02 03 04 01  55 86 0d 10  00 00 00 2c  01 0c 00 00
May  8 15:24:51 bitch pluto[19962]: |   80 04 00 04  80 06 00 80  80 05 00 02  80 01 00 01
May  8 15:24:51 bitch pluto[19962]: |   00 02 00 04  00 00 0e 10  80 01 00 02  00 02 00 04
May  8 15:24:51 bitch pluto[19962]: |   00 03 d0 90  02 00 00 34  03 03 04 01  55 86 0d 10
May  8 15:24:51 bitch pluto[19962]: |   00 00 00 28  01 03 00 00  80 04 00 04  80 05 00 02
May  8 15:24:51 bitch pluto[19962]: |   80 01 00 01  00 02 00 04  00 00 0e 10  80 01 00 02
May  8 15:24:51 bitch pluto[19962]: |   00 02 00 04  00 03 d0 90  02 00 00 34  04 03 04 01
May  8 15:24:51 bitch pluto[19962]: |   55 86 0d 10  00 00 00 28  01 02 00 00  80 04 00 04
May  8 15:24:51 bitch pluto[19962]: |   80 05 00 02  80 01 00 01  00 02 00 04  00 00 0e 10
May  8 15:24:51 bitch pluto[19962]: |   80 01 00 02  00 02 00 04  00 03 d0 90  00 00 00 34
May  8 15:24:51 bitch pluto[19962]: |   05 03 04 01  55 86 0d 10  00 00 00 28  01 0b 00 00
May  8 15:24:51 bitch pluto[19962]: |   80 04 00 04  80 05 00 02  80 01 00 01  00 02 00 04
May  8 15:24:51 bitch pluto[19962]: |   00 00 0e 10  80 01 00 02  00 02 00 04  00 03 d0 90
May  8 15:24:51 bitch pluto[19962]: |   05 00 00 34  e0 11 2a 0c  97 0d 5e 6c  3c a8 50 43
May  8 15:24:51 bitch pluto[19962]: |   30 65 43 4f  e1 e9 8e ec  ab eb 99 a7  65 49 cb 34
May  8 15:24:51 bitch pluto[19962]: |   1d aa 2f 86  f1 e8 ea fa  32 ff 2b eb  6d 6b 44 84
May  8 15:24:51 bitch pluto[19962]: |   5c f0 04 ff  05 00 00 0c  01 11 06 a5  c0 a8 08 81
May  8 15:24:51 bitch pluto[19962]: |   15 00 00 0c  01 11 06 a5  c0 a8 0a fe  15 00 00 0c
May  8 15:24:51 bitch pluto[19962]: |   01 00 00 00  c0 a8 08 81  00 00 00 0c  01 00 00 00
May  8 15:24:51 bitch pluto[19962]: |   c0 a8 0a fe  00 00 00 00  00 00 00 00  00 00 00 00
May  8 15:24:51 bitch pluto[19962]: | next IV:  a5 04 77 9f  17 50 ad 8e  87 ca c8 92  e9 0b ff 9f
May  8 15:24:51 bitch pluto[19962]: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502opt: 0x200030
May  8 15:24:51 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: next payload type of ISAKMP Hash Payload has an unknown value: 53
May  8 15:24:51 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #4: malformed payload in packet
May  8 15:24:51 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:24:51 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 2 seconds
May  8 15:24:51 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 2 seconds
May  8 15:24:53 bitch pluto[19962]: |  
May  8 15:24:53 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 0 seconds
May  8 15:24:53 bitch pluto[19962]: | *time to handle event
May  8 15:24:53 bitch pluto[19962]: | handling event EVENT_PENDING_DDNS
May  8 15:24:53 bitch pluto[19962]: | event after this is EVENT_PENDING_PHASE2 in 0 seconds
May  8 15:24:53 bitch pluto[19962]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
May  8 15:24:53 bitch pluto[19962]: | event added after event EVENT_PENDING_PHASE2
May  8 15:24:53 bitch pluto[19962]: | handling event EVENT_PENDING_PHASE2
May  8 15:24:53 bitch pluto[19962]: | event after this is EVENT_PENDING_DDNS in 60 seconds
May  8 15:24:53 bitch pluto[19962]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
May  8 15:24:53 bitch pluto[19962]: | event added after event EVENT_PENDING_DDNS
May  8 15:24:53 bitch pluto[19962]: | pending review: connection "tunnel1-nat" was not up, skipped
May  8 15:24:53 bitch pluto[19962]: | pending review: connection "tunnel1-nat" was not up, skipped
May  8 15:24:53 bitch pluto[19962]: | pending review: connection "tunnel1" was not up, skipped
May  8 15:24:53 bitch pluto[19962]: | pending review: connection "tunnel1-nat" was not up, skipped
May  8 15:24:53 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 60 seconds
May  8 15:25:06 bitch pluto[19962]: |  
May  8 15:25:06 bitch pluto[19962]: | *received 92 bytes from 192.168.10.25:1024 on eth1 (port=4500)
May  8 15:25:06 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: |   08 10 05 01  d8 23 be 34  00 00 00 5c  5d 9e e0 32
May  8 15:25:06 bitch pluto[19962]: |   52 a4 62 64  1b e2 c1 dc  0a 7f 30 ac  6d 2f a3 a1
May  8 15:25:06 bitch pluto[19962]: |   11 d8 40 d1  32 21 5c 38  d6 bb b4 ce  13 7c fd e1
May  8 15:25:06 bitch pluto[19962]: |   e8 47 df ea  09 6e e9 ef  79 07 b0 7a  26 00 22 5b
May  8 15:25:06 bitch pluto[19962]: |   f0 ff 04 15  15 b5 5d 10  13 3c f7 c7
May  8 15:25:06 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:25:06 bitch pluto[19962]: |    initiator cookie:
May  8 15:25:06 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:25:06 bitch pluto[19962]: |    responder cookie:
May  8 15:25:06 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_HASH
May  8 15:25:06 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:25:06 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_INFO
May  8 15:25:06 bitch pluto[19962]: |    flags: ISAKMP_FLAG_v1_ENCRYPTION
May  8 15:25:06 bitch pluto[19962]: |    message ID:  d8 23 be 34
May  8 15:25:06 bitch pluto[19962]: |    length: 92
May  8 15:25:06 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
May  8 15:25:06 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:25:06 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | state hash entry 8
May  8 15:25:06 bitch pluto[19962]: | peer and cookies match on #4, provided msgid 00000000 vs 00000001/00000000
May  8 15:25:06 bitch pluto[19962]: | peer and cookies match on #3, provided msgid 00000000 vs 00000000/00000000
May  8 15:25:06 bitch pluto[19962]: | p15 state object #3 found, in STATE_MAIN_R3
May  8 15:25:06 bitch pluto[19962]: | processing connection tunnel1-nat[3] 192.168.10.25
May  8 15:25:06 bitch pluto[19962]: | last Phase 1 IV:  53 41 2a e1  b8 a2 fc 76  69 fb 40 db  ce b2 02 3f
May  8 15:25:06 bitch pluto[19962]: | current Phase 1 IV:  53 41 2a e1  b8 a2 fc 76  69 fb 40 db  ce b2 02 3f
May  8 15:25:06 bitch pluto[19962]: | computed Phase 2 IV:
May  8 15:25:06 bitch pluto[19962]: |   50 29 a2 ac  14 60 d7 a6  b7 cc ab f9  77 5b de eb
May  8 15:25:06 bitch pluto[19962]: |   8b 83 d9 d2
May  8 15:25:06 bitch pluto[19962]: | #3 state_busy:1872 st != NULL && st->st_calculating == FALSE;
May  8 15:25:06 bitch pluto[19962]: | received encrypted packet from 192.168.10.25:1024
May  8 15:25:06 bitch pluto[19962]: | decrypting 64 bytes using algorithm OAKLEY_AES_CBC
May  8 15:25:06 bitch pluto[19962]: | NSS do_aes_cbc: enter
May  8 15:25:06 bitch pluto[19962]: | NSS do_aes_cbc: exit
May  8 15:25:06 bitch pluto[19962]: | decrypted:
May  8 15:25:06 bitch pluto[19962]: |   0c 00 00 18  b2 ae 09 20  39 25 03 dd  d1 5a e2 a7
May  8 15:25:06 bitch pluto[19962]: |   d6 7e c8 9e  f0 5f ed e0  00 00 00 1c  00 00 00 01
May  8 15:25:06 bitch pluto[19962]: |   01 10 00 01  14 d8 b2 ef  4f 94 ba df  f0 88 83 b3
May  8 15:25:06 bitch pluto[19962]: |   05 30 fa ac  00 00 00 00  00 00 00 00  00 00 00 00
May  8 15:25:06 bitch pluto[19962]: | next IV:  26 00 22 5b  f0 ff 04 15  15 b5 5d 10  13 3c f7 c7
May  8 15:25:06 bitch pluto[19962]: | got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Hash Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_D
May  8 15:25:06 bitch pluto[19962]: |    length: 24
May  8 15:25:06 bitch pluto[19962]: | got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0opt: 0x0
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Delete Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:25:06 bitch pluto[19962]: |    length: 28
May  8 15:25:06 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:25:06 bitch pluto[19962]: |    protocol ID: 1
May  8 15:25:06 bitch pluto[19962]: |    SPI size: 16
May  8 15:25:06 bitch pluto[19962]: |    number of SPIs: 1
May  8 15:25:06 bitch pluto[19962]: | removing 12 bytes of padding
May  8 15:25:06 bitch pluto[19962]: | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie
May  8 15:25:06 bitch pluto[19962]: | iCookie  14 d8 b2 ef  4f 94 ba df
May  8 15:25:06 bitch pluto[19962]: | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie
May  8 15:25:06 bitch pluto[19962]: | rCookie  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | ICOOKIE:  14 d8 b2 ef  4f 94 ba df
May  8 15:25:06 bitch pluto[19962]: | RCOOKIE:  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | state hash entry 8
May  8 15:25:06 bitch pluto[19962]: | v1 peer and cookies match on #4, provided msgid 00000000 vs 00000001
May  8 15:25:06 bitch pluto[19962]: | v1 peer and cookies match on #3, provided msgid 00000000 vs 00000000
May  8 15:25:06 bitch pluto[19962]: | v1 state object #3 found, in STATE_MAIN_R3
May  8 15:25:06 bitch pluto[19962]: | del:
May  8 15:25:06 bitch pluto[19962]: "tunnel1-nat"[3] 192.168.10.25 #3: received Delete SA payload: self-deleting ISAKMP State #3
May  8 15:25:06 bitch pluto[19962]: | deleting state #3
May  8 15:25:06 bitch pluto[19962]: | **emit ISAKMP Message:
May  8 15:25:06 bitch pluto[19962]: |    initiator cookie:
May  8 15:25:06 bitch pluto[19962]: |   14 d8 b2 ef  4f 94 ba df
May  8 15:25:06 bitch pluto[19962]: |    responder cookie:
May  8 15:25:06 bitch pluto[19962]: |   f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_HASH
May  8 15:25:06 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:25:06 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_INFO
May  8 15:25:06 bitch pluto[19962]: |    flags: ISAKMP_FLAG_v1_ENCRYPTION
May  8 15:25:06 bitch pluto[19962]: |    message ID:  48 68 95 9b
May  8 15:25:06 bitch pluto[19962]: | ***emit ISAKMP Hash Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_D
May  8 15:25:06 bitch pluto[19962]: | emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
May  8 15:25:06 bitch pluto[19962]: | emitting length of ISAKMP Hash Payload: 24
May  8 15:25:06 bitch pluto[19962]: | ***emit ISAKMP Delete Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_NONE
May  8 15:25:06 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:25:06 bitch pluto[19962]: |    protocol ID: 1
May  8 15:25:06 bitch pluto[19962]: |    SPI size: 16
May  8 15:25:06 bitch pluto[19962]: |    number of SPIs: 1
May  8 15:25:06 bitch pluto[19962]: | emitting 16 raw bytes of delete payload into ISAKMP Delete Payload
May  8 15:25:06 bitch pluto[19962]: | delete payload  14 d8 b2 ef  4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | emitting length of ISAKMP Delete Payload: 28
May  8 15:25:06 bitch pluto[19962]: | hmac_update data value: 
May  8 15:25:06 bitch pluto[19962]: |   48 68 95 9b
May  8 15:25:06 bitch pluto[19962]: | hmac_update: inside if
May  8 15:25:06 bitch pluto[19962]: | hmac_update: after digest
May  8 15:25:06 bitch pluto[19962]: | hmac_update: after assert
May  8 15:25:06 bitch pluto[19962]: | hmac_update data value: 
May  8 15:25:06 bitch pluto[19962]: |   00 00 00 1c  00 00 00 01  01 10 00 01  14 d8 b2 ef
May  8 15:25:06 bitch pluto[19962]: |   4f 94 ba df  f0 88 83 b3  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | hmac_update: inside if
May  8 15:25:06 bitch pluto[19962]: | hmac_update: after digest
May  8 15:25:06 bitch pluto[19962]: | hmac_update: after assert
May  8 15:25:06 bitch pluto[19962]: | HASH(1) computed:
May  8 15:25:06 bitch pluto[19962]: |   97 ae 28 72  63 15 b8 1d  0f c9 ac 41  f1 8a 1b b6
May  8 15:25:06 bitch pluto[19962]: |   e5 39 64 15
May  8 15:25:06 bitch pluto[19962]: | last Phase 1 IV:  53 41 2a e1  b8 a2 fc 76  69 fb 40 db  ce b2 02 3f
May  8 15:25:06 bitch pluto[19962]: | current Phase 1 IV:  53 41 2a e1  b8 a2 fc 76  69 fb 40 db  ce b2 02 3f
May  8 15:25:06 bitch pluto[19962]: | computed Phase 2 IV:
May  8 15:25:06 bitch pluto[19962]: |   0f 7d 4d 9a  44 c6 9a 97  fe 8c 65 66  42 86 03 b7
May  8 15:25:06 bitch pluto[19962]: |   d7 98 e2 ba
May  8 15:25:06 bitch pluto[19962]: | encrypting:  0c 00 00 18  97 ae 28 72  63 15 b8 1d  0f c9 ac 41
May  8 15:25:06 bitch pluto[19962]: | encrypting:  f1 8a 1b b6  e5 39 64 15  00 00 00 1c  00 00 00 01
May  8 15:25:06 bitch pluto[19962]: | encrypting:  01 10 00 01  14 d8 b2 ef  4f 94 ba df  f0 88 83 b3
May  8 15:25:06 bitch pluto[19962]: | encrypting:  05 30 fa ac
May  8 15:25:06 bitch pluto[19962]: | IV:  0f 7d 4d 9a  44 c6 9a 97  fe 8c 65 66  42 86 03 b7
May  8 15:25:06 bitch pluto[19962]: | IV:  d7 98 e2 ba
May  8 15:25:06 bitch pluto[19962]: | unpadded size is: 52
May  8 15:25:06 bitch pluto[19962]: | emitting 12 zero bytes of encryption padding into ISAKMP Message
May  8 15:25:06 bitch pluto[19962]: | encrypting 64 using OAKLEY_AES_CBC
May  8 15:25:06 bitch pluto[19962]: | NSS do_aes_cbc: enter
May  8 15:25:06 bitch pluto[19962]: | NSS do_aes_cbc: exit
May  8 15:25:06 bitch pluto[19962]: | next IV:  7f e3 14 24  66 ac 28 aa  8a 4f 4f a8  8b 26 a2 3d
May  8 15:25:06 bitch pluto[19962]: | no IKE message padding required
May  8 15:25:06 bitch pluto[19962]: | emitting length of ISAKMP Message: 92
May  8 15:25:06 bitch pluto[19962]: | sending 96 bytes for delete notify through eth1:4500 to 192.168.10.25:1024 (using #3)
May  8 15:25:06 bitch pluto[19962]: |   00 00 00 00  14 d8 b2 ef  4f 94 ba df  f0 88 83 b3
May  8 15:25:06 bitch pluto[19962]: |   05 30 fa ac  08 10 05 01  48 68 95 9b  00 00 00 5c
May  8 15:25:06 bitch pluto[19962]: |   d9 7a 25 09  81 b8 60 e7  fb a8 ca 9e  d5 91 0f ca
May  8 15:25:06 bitch pluto[19962]: |   a9 a0 12 86  26 ba 76 cd  45 c5 b2 9e  9f c7 e6 77
May  8 15:25:06 bitch pluto[19962]: |   79 a1 c5 78  f8 71 5f 62  34 bc 04 08  69 49 4e 94
May  8 15:25:06 bitch pluto[19962]: |   7f e3 14 24  66 ac 28 aa  8a 4f 4f a8  8b 26 a2 3d
May  8 15:25:06 bitch pluto[19962]: | deleting event for #3
May  8 15:25:06 bitch pluto[19962]: packet from 192.168.10.25:1024: received and ignored empty informational notification payload
May  8 15:25:06 bitch pluto[19962]: | complete v1 state transition with STF_IGNORE
May  8 15:25:06 bitch pluto[19962]: | * processed 0 messages from cryptographic helpers
May  8 15:25:06 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 47 seconds
May  8 15:25:06 bitch pluto[19962]: | next event EVENT_PENDING_DDNS in 47 seconds
May  8 15:25:06 bitch pluto[19962]: |  
May  8 15:25:06 bitch pluto[19962]: | *received 408 bytes from 192.168.10.25:1 on eth1 (port=500)
May  8 15:25:06 bitch pluto[19962]: |   06 41 ba f0  fe 82 86 ea  00 00 00 00  00 00 00 00
May  8 15:25:06 bitch pluto[19962]: |   01 10 02 00  00 00 00 00  00 00 01 98  0d 00 00 d4
May  8 15:25:06 bitch pluto[19962]: |   00 00 00 01  00 00 00 01  00 00 00 c8  01 01 00 05
May  8 15:25:06 bitch pluto[19962]: |   03 00 00 28  01 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:25:06 bitch pluto[19962]: |   80 02 00 02  80 04 00 14  80 03 00 01  80 0b 00 01
May  8 15:25:06 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 28  02 01 00 00
May  8 15:25:06 bitch pluto[19962]: |   80 01 00 07  80 0e 00 80  80 02 00 02  80 04 00 13
May  8 15:25:06 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:25:06 bitch pluto[19962]: |   03 00 00 28  03 01 00 00  80 01 00 07  80 0e 01 00
May  8 15:25:06 bitch pluto[19962]: |   80 02 00 02  80 04 00 0e  80 03 00 01  80 0b 00 01
May  8 15:25:06 bitch pluto[19962]: |   00 0c 00 04  00 00 70 80  03 00 00 24  04 01 00 00
May  8 15:25:06 bitch pluto[19962]: |   80 01 00 05  80 02 00 02  80 04 00 0e  80 03 00 01
May  8 15:25:06 bitch pluto[19962]: |   80 0b 00 01  00 0c 00 04  00 00 70 80  00 00 00 24
May  8 15:25:06 bitch pluto[19962]: |   05 01 00 00  80 01 00 05  80 02 00 02  80 04 00 02
May  8 15:25:06 bitch pluto[19962]: |   80 03 00 01  80 0b 00 01  00 0c 00 04  00 00 70 80
May  8 15:25:06 bitch pluto[19962]: |   0d 00 00 18  01 52 8b bb  c0 06 96 12  18 49 ab 9a
May  8 15:25:06 bitch pluto[19962]: |   1c 5b 2a 51  00 00 00 01  0d 00 00 18  1e 2b 51 69
May  8 15:25:06 bitch pluto[19962]: |   05 99 1c 7d  7c 96 fc bf  b5 87 e4 61  00 00 00 09
May  8 15:25:06 bitch pluto[19962]: |   0d 00 00 14  4a 13 1c 81  07 03 58 45  5c 57 28 f2
May  8 15:25:06 bitch pluto[19962]: |   0e 95 45 2f  0d 00 00 14  90 cb 80 91  3e bb 69 6e
May  8 15:25:06 bitch pluto[19962]: |   08 63 81 b5  ec 42 7b 1f  0d 00 00 14  40 48 b7 d5
May  8 15:25:06 bitch pluto[19962]: |   6e bc e8 85  25 e7 de 7f  00 d6 c2 d3  0d 00 00 14
May  8 15:25:06 bitch pluto[19962]: |   fb 1d e3 cd  f3 41 b7 ea  16 b7 e5 be  08 55 f1 20
May  8 15:25:06 bitch pluto[19962]: |   0d 00 00 14  26 24 4d 38  ed db 61 b3  17 2a 36 e3
May  8 15:25:06 bitch pluto[19962]: |   d0 cf b8 19  00 00 00 14  e3 a5 96 6a  76 37 9f e7
May  8 15:25:06 bitch pluto[19962]: |   07 22 82 31  e5 ce 86 52
May  8 15:25:06 bitch pluto[19962]: | **parse ISAKMP Message:
May  8 15:25:06 bitch pluto[19962]: |    initiator cookie:
May  8 15:25:06 bitch pluto[19962]: |   06 41 ba f0  fe 82 86 ea
May  8 15:25:06 bitch pluto[19962]: |    responder cookie:
May  8 15:25:06 bitch pluto[19962]: |   00 00 00 00  00 00 00 00
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_SA
May  8 15:25:06 bitch pluto[19962]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
May  8 15:25:06 bitch pluto[19962]: |    exchange type: ISAKMP_XCHG_IDPROT
May  8 15:25:06 bitch pluto[19962]: |    flags: none
May  8 15:25:06 bitch pluto[19962]: |    message ID:  00 00 00 00
May  8 15:25:06 bitch pluto[19962]: |    length: 408
May  8 15:25:06 bitch pluto[19962]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2opt: 0x2080
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Security Association Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:25:06 bitch pluto[19962]: |    length: 212
May  8 15:25:06 bitch pluto[19962]: |    DOI: ISAKMP_DOI_IPSEC
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:25:06 bitch pluto[19962]: |    length: 24
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:25:06 bitch pluto[19962]: |    length: 24
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:25:06 bitch pluto[19962]: |    length: 20
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
May  8 15:25:06 bitch pluto[19962]: | ***parse ISAKMP Vendor ID Payload:
May  8 15:25:06 bitch pluto[19962]: |    next payload type: ISAKMP_NEXT_VID
May  8 15:25:06 bitch pluto[19962]: |    length: 20
May  8 15:25:06 bitch pluto[19962]: | got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080


More information about the Swan mailing list