[Swan] Phase 2 connection not being estbalished
Srinivas Gudipudi
sgudipud at gmail.com
Mon Mar 7 12:01:09 UTC 2016
Hi,
I am using Libreswan on RedHat to setup a VPN server, on the client side, I
have a Huawei 4G router connected across a CGNAT network server to the
Redhat server, which is the VPN server. I am placing the configurations
below, I am able to get the phase 1 up, but the phase 2 is not
estbalishing, can you please help here:
*Huawei Router Config:*
Peer name : spua
IKE version : Version one
Exchange mode : main on phase 1
Pre-shared-key cipher : %@%@6SzGWj[<u/%UUUW|E";TcxX^%@%@
Proposal : 5
Local ID type : IP
DPD : Enable
DPD mode : Periodic
DPD idle time : 120
DPD retransmit interval : 30
DPD retry limit : 5
Host name :
Peer IP address : 125.16.240.98(active)
Host name :
Peer IP address :
VPN name :
Local IP address :
Local name :
Remote name :
NAT-traversal : Enable
DPD request message : 94
DPD Ack message : 40
DPD fail time : 9
PKI realm : NULL
Lifetime notification : Disable
*IPSec.conf:*
version 2.0
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
oe=off
protostack=netkey
nhelpers=0
interfaces=%defaultroute
plutodebug=all
conn vpnpsk
connaddrfamily=ipv4
auto=add
left=10.56.138.86
leftid=VM000003380
leftsubnet=10.56.138.86/32
leftnexthop=%defaultroute
leftprotoport=17/1701
rightprotoport=17/%any
right=%any
rightsubnetwithin=0.0.0.0/0
forceencaps=yes
authby=secret
pfs=no
type=transport
auth=esp
ike=3des-sha1,aes-sha1;dh22
phase2alg=3des-sha1,aes-sha1
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
*Pluto Debug Log:*
Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: encrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81
7D 1C 4D 87 BD B8 2D 1F 1C"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A
81 7D 1C 4D 87 BD B8 2D 1F 1C"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: decrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
passed
Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 128-bit key
Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
88 99 AA BB CC DD EE FF"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
bytes(0x7f386294bb90/16) - derive(CONCATENATE_DATA_AND_BASE)
target(EXTRACT_KEY_FROM_KEY)
Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee
ff
Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(32)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
next-byte(0) key-size(16) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
target(CAMELLIA_CBC)
Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(32)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(16)
type/mechanism(CAMELLIA_CBC 0x00000552)
Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27
B7 EC 2C D1 2D 91 59 6F 37"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50
0C 27 B7 EC 2C D1 2D 91 59 6F 37"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: encrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27
B7 EC 2C D1 2D 91 59 6F 37"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C
27 B7 EC 2C D1 2D 91 59 6F 37"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: decrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
passed
Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
target(EXTRACT_KEY_FROM_KEY)
Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
target(CAMELLIA_CBC)
Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
type/mechanism(CAMELLIA_CBC 0x00000552)
Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A
B0 9E 84 72 48 E9 1B 1B 9D"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA
51 8A B0 9E 84 72 48 E9 1B 1B 9D"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: encrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A
B0 9E 84 72 48 E9 1B 1B 9D"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51
8A B0 9E 84 72 48 E9 1B 1B 9D"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: decrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
passed
Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
Mar 7 17:23:55: | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00
Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
target(EXTRACT_KEY_FROM_KEY)
Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
type/mechanism(AES_KEY_GEN 0x00001080)
Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee
ff
Mar 7 17:23:55: | bytes: ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11
00
Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
target(CAMELLIA_CBC)
Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
type/mechanism(CAMELLIA_CBC 0x00000552)
Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3
EB 61 02 5E 93 21 9B 65 23 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18
56 D3 EB 61 02 5E 93 21 9B 65 23 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: encrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3
EB 61 02 5E 93 21 9B 65 23 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56
D3 EB 61 02 5E 93 21 9B 65 23 "
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01"
Mar 7 17:23:55: | decode_to_chunk: output:
Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
Mar 7 17:23:55: | compare_chunk: decrypt: ok
Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
passed
Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Mar 7 17:23:55: no crypto helpers will be started; all cryptographic
operations will be done inline
Mar 7 17:23:55: Using Linux XFRM/NETKEY IPsec interface code on
3.10.0-327.3.1.el7.x86_64
Mar 7 17:23:55: | process 2067 listening for PF_KEY_V2 on file descriptor
11
Mar 7 17:23:55: | kernel_alg_init()
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=18(ESP_AES_GCM_A)
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=19(ESP_AES_GCM_B)
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=20(ESP_AES_GCM_C)
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=14(ESP_AES_CCM_A)
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=15(ESP_AES_CCM_B)
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=16(ESP_AES_CCM_C)
Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Mar 7 17:23:55: | Registered AEAD AES CCM/GCM algorithms
Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
Mar 7 17:23:55: | 02 07 00 02 02 00 00 00 01 00 00 00 13 08 00 00
Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 1
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
sadb_msg_len=22 sadb_supported_len=72
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=251(ESP_KAME_NULL)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0],
exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0,
alg_maxbits=0, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=2(ESP_DES)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1],
exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128,
alg_maxbits=128, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=3(ESP_3DES)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2],
exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160,
alg_maxbits=160, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=5(ESP_IDEA)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3],
exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256,
alg_maxbits=256, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=6(ESP_CAST)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4],
exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384,
alg_maxbits=384, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=7(ESP_BLOWFISH)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5],
exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512,
alg_maxbits=512, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=8(ESP_3IDEA)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6],
exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160,
alg_maxbits=160, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
alg_id=9(ESP_DES_IV32)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7],
exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128,
alg_maxbits=128, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
sadb_msg_len=22 sadb_supported_len=88
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=11(ESP_NULL)
Mar 7 17:23:55: | kernel_alg_add(2,15,11) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8],
exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=2(ESP_DES)
Mar 7 17:23:55: | kernel_alg_add(2,15,2) fails because alg combo is invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9],
exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64,
alg_maxbits=64, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=3(ESP_3DES)
Mar 7 17:23:55: | kernel_alg_add(2,15,3) fails because alg combo is invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10],
exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192,
alg_maxbits=192, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=6(ESP_CAST)
Mar 7 17:23:55: | kernel_alg_add(2,15,6) fails because alg combo is invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11],
exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40,
alg_maxbits=128, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=7(ESP_BLOWFISH)
Mar 7 17:23:55: | kernel_alg_add(2,15,7) fails because alg combo is invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12],
exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40,
alg_maxbits=448, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=12(ESP_AES)
Mar 7 17:23:55: | kernel_alg_add(2,15,12) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13],
exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=252(ESP_SERPENT)
Mar 7 17:23:55: | kernel_alg_add(2,15,252) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14],
exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=22(ESP_CAMELLIA)
Mar 7 17:23:55: | kernel_alg_add(2,15,22) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15],
exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=253(ESP_TWOFISH)
Mar 7 17:23:55: | kernel_alg_add(2,15,253) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16],
exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=-1
Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
alg_id=13(ESP_AES_CTR)
Mar 7 17:23:55: | kernel_alg_add(2,15,13) fails because alg combo is
invalid
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17],
exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160,
alg_maxbits=288, res=0, ret=-1
Mar 7 17:23:55: | AH registered with kernel.
Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
Mar 7 17:23:55: | 02 07 00 03 02 00 00 00 02 00 00 00 13 08 00 00
Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 2
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
sadb_msg_len=22 sadb_supported_len=72
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=251(ESP_KAME_NULL)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=251
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0],
exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0,
alg_maxbits=0, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=2
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1],
exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128,
alg_maxbits=128, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=3(ESP_3DES)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=3
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2],
exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160,
alg_maxbits=160, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=5(ESP_IDEA)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=5
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3],
exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256,
alg_maxbits=256, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=6(ESP_CAST)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=6
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4],
exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384,
alg_maxbits=384, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=7(ESP_BLOWFISH)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=7
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5],
exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512,
alg_maxbits=512, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=8(ESP_3IDEA)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=8
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6],
exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160,
alg_maxbits=160, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
alg_id=9(ESP_DES_IV32)
Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
exttype=14, alg_id=9
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7],
exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128,
alg_maxbits=128, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
sadb_msg_len=22 sadb_supported_len=88
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=11(ESP_NULL)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8],
exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)
Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9],
exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64,
alg_maxbits=64, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=3(ESP_3DES)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10],
exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192,
alg_maxbits=192, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=6(ESP_CAST)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11],
exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40,
alg_maxbits=128, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=7(ESP_BLOWFISH)
Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) - too
weak
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12],
exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40,
alg_maxbits=448, res=0, ret=0
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=12(ESP_AES)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13],
exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=252(ESP_SERPENT)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14],
exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=22(ESP_CAMELLIA)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15],
exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=253(ESP_TWOFISH)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16],
exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128,
alg_maxbits=256, res=0, ret=1
Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
alg_id=13(ESP_AES_CTR)
Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17],
exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160,
alg_maxbits=288, res=0, ret=1
Mar 7 17:23:55: | ESP registered with kernel.
Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
Mar 7 17:23:55: | 02 07 00 09 02 00 00 00 03 00 00 00 13 08 00 00
Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 3
Mar 7 17:23:55: | IPCOMP registered with kernel.
Mar 7 17:23:55: | Registered AH, ESP and IPCOMP
Mar 7 17:23:55: | event_schedule called for 20 seconds
Mar 7 17:23:55: | event_schedule_tv called for about 20 seconds and change
Mar 7 17:23:55: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000
seconds
Mar 7 17:23:55: | setup kernel fd callback
Mar 7 17:23:55: | Could not change to legacy CRL directory
'/etc/ipsec.d/crls': 2 No such file or directory
Mar 7 17:23:55: | event_schedule called for 23765 seconds
Mar 7 17:23:55: | event_schedule_tv called for about 23765 seconds and
change
Mar 7 17:23:55: | inserting event EVENT_LOG_DAILY, timeout in 23765.000000
seconds
Mar 7 17:23:55: | Setting up events, loop start
Mar 7 17:23:56: | calling addconn helper using execve
Mar 7 17:23:56: | entering aalg_getbyname_ike()
Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
ak_bits=0 modp_id=14, cnt=1
Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
ak_bits=0 modp_id=5, cnt=2
Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
ak_bits=0 modp_id=2, cnt=3
Mar 7 17:23:56: | entering aalg_getbyname_ike()
Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=7 ek_bits=0 aalg_id=2
ak_bits=0 modp_id=22, cnt=4
Mar 7 17:23:56: | find_host_pair_conn: 10.56.138.86:500 %any:500 -> hp:none
Mar 7 17:23:56: | Added new connection vpnpsk with policy
PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
Mar 7 17:23:56: | from whack: got --esp=3des-sha1,aes-sha1
Mar 7 17:23:56: | phase2alg string values: 3DES(3)_000-SHA1(2)_000,
AES(12)_000-SHA1(2)_000
Mar 7 17:23:56: | ike (phase1) algorithm values:
3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14),
3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5),
3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
Mar 7 17:23:56: | counting wild cards for 10.56.138.86 is 0
Mar 7 17:23:56: | counting wild cards for (none) is 15
Mar 7 17:23:56: | based upon policy, the connection is a template.
Mar 7 17:23:56: added connection description "vpnpsk"
Mar 7 17:23:56: | 10.56.138.86/32===10.56.138.86
<10.56.138.86>:17/1701---10.56.138.81...%any:17/%any
Mar 7 17:23:56: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 5; replay_window: 32; policy:
PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
Mar 7 17:23:56: listening for IKE messages
Mar 7 17:23:56: | Inspecting interface lo
Mar 7 17:23:56: | found lo with address 127.0.0.1
Mar 7 17:23:56: | Inspecting interface ens32
Mar 7 17:23:56: | found ens32 with address 10.56.138.86
Mar 7 17:23:56: | Inspecting interface virbr0
Mar 7 17:23:56: | found virbr0 with address 192.168.122.1
Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:500
Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
NAT-T family IPv4 (errno=19)
Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style
NAT-T family IPv4
Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:4500
Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:500
Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
NAT-T family IPv4 (errno=19)
Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style
NAT-T family IPv4
Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:4500
Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:500
Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
NAT-T family IPv4 (errno=19)
Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style
NAT-T family IPv4
Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:4500
Mar 7 17:23:56: | found lo with address
0000:0000:0000:0000:0000:0000:0000:0001
Mar 7 17:23:56: adding interface lo/lo ::1:500
Mar 7 17:23:56: | connect_to_host_pair: 10.56.138.86:500 0.0.0.0:500 ->
hp:none
Mar 7 17:23:56: | setup callback for interface lo:500 fd 19
Mar 7 17:23:56: | setup callback for interface lo:4500 fd 18
Mar 7 17:23:56: | setup callback for interface lo:500 fd 17
Mar 7 17:23:56: | setup callback for interface ens32:4500 fd 16
Mar 7 17:23:56: | setup callback for interface ens32:500 fd 15
Mar 7 17:23:56: | setup callback for interface virbr0:4500 fd 14
Mar 7 17:23:56: | setup callback for interface virbr0:500 fd 13
Mar 7 17:23:56: | certs and keys locked by 'free_preshared_secrets'
Mar 7 17:23:56: | certs and keys unlocked by 'free_preshard_secrets'
Mar 7 17:23:56: loading secrets from "/etc/ipsec.secrets"
Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK:
125.16.240.98
Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: %any
Mar 7 17:23:56: | Processing PSK at line 1: passed
Mar 7 17:23:56: | certs and keys locked by 'process_secret'
Mar 7 17:23:56: | certs and keys unlocked by 'process_secret'
Mar 7 17:23:56: | reaped addconn helper child
Mar 7 17:23:56: reapchild failed with errno=10 No child processes
Mar 7 17:23:56: | *received 84 bytes from 106.216.143.95:11359 on ens32
(port=4500)
Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c a2 29 a8 0f 40 0e 10 bf
Mar 7 17:23:56: | 0b 10 05 01 37 48 06 4c 00 00 00 54 17 dc ee 36
Mar 7 17:23:56: | 46 77 45 10 38 d5 53 d8 5f 19 24 80 55 b6 c1 ac
Mar 7 17:23:56: | 2f f3 54 f3 6f 61 65 08 d7 44 4c 4a 10 0f 41 1e
Mar 7 17:23:56: | 02 a6 36 a5 dd ba db 3d f8 7c 32 e7 9f 4b 64 38
Mar 7 17:23:56: | c6 76 cb f8
Mar 7 17:23:56: | **parse ISAKMP Message:
Mar 7 17:23:56: | initiator cookie:
Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
Mar 7 17:23:56: | responder cookie:
Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
Mar 7 17:23:56: | next payload type: ISAKMP_NEXT_N (0xb)
Mar 7 17:23:56: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
Mar 7 17:23:56: | exchange type: ISAKMP_XCHG_INFO (0x5)
Mar 7 17:23:56: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
Mar 7 17:23:56: | message ID: 37 48 06 4c
Mar 7 17:23:56: | length: 84 (0x54)
Mar 7 17:23:56: | processing version=1.0 packet with exchange
type=ISAKMP_XCHG_INFO (5)
Mar 7 17:23:56: | finding hash chain in state hash table
Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
Mar 7 17:23:56: | RCOOKIE: a2 29 a8 0f 40 0e 10 bf
Mar 7 17:23:56: | found hash chain 14
Mar 7 17:23:56: | p15 state object not found
Mar 7 17:23:56: | finding hash chain in state hash table
Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
Mar 7 17:23:56: | RCOOKIE: 00 00 00 00 00 00 00 00
Mar 7 17:23:56: | found hash chain 3
Mar 7 17:23:56: | v1 state object not found
Mar 7 17:23:56: | - unknown SA's md->hdr.isa_icookie:
Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
Mar 7 17:23:56: | - unknown SA's md->hdr.isa_rcookie:
Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160307/fd69a66d/attachment-0001.html>
More information about the Swan
mailing list