[Swan] Phase 2 connection not being estbalished
Paul Wouters
paul at nohats.ca
Mon Mar 7 12:11:45 UTC 2016
You received a packet from before you restarted. Try restarting other end?
Paul
Sent from my iPhone
> On Mar 7, 2016, at 12:01, Srinivas Gudipudi <sgudipud at gmail.com> wrote:
>
> Hi,
>
> I am using Libreswan on RedHat to setup a VPN server, on the client side, I have a Huawei 4G router connected across a CGNAT network server to the Redhat server, which is the VPN server. I am placing the configurations below, I am able to get the phase 1 up, but the phase 2 is not estbalishing, can you please help here:
>
> Huawei Router Config:
>
>
> Peer name : spua
> IKE version : Version one
> Exchange mode : main on phase 1
> Pre-shared-key cipher : %@%@6SzGWj[<u/%UUUW|E";TcxX^%@%@
> Proposal : 5
> Local ID type : IP
> DPD : Enable
> DPD mode : Periodic
> DPD idle time : 120
> DPD retransmit interval : 30
> DPD retry limit : 5
> Host name :
> Peer IP address : 125.16.240.98(active)
> Host name :
> Peer IP address :
> VPN name :
> Local IP address :
> Local name :
> Remote name :
> NAT-traversal : Enable
> DPD request message : 94
> DPD Ack message : 40
> DPD fail time : 9
> PKI realm : NULL
> Lifetime notification : Disable
>
>
>
> IPSec.conf:
>
>
> version 2.0
>
> config setup
> dumpdir=/var/run/pluto/
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
> oe=off
> protostack=netkey
> nhelpers=0
> interfaces=%defaultroute
> plutodebug=all
>
> conn vpnpsk
> connaddrfamily=ipv4
> auto=add
> left=10.56.138.86
> leftid=VM000003380
> leftsubnet=10.56.138.86/32
> leftnexthop=%defaultroute
> leftprotoport=17/1701
> rightprotoport=17/%any
> right=%any
> rightsubnetwithin=0.0.0.0/0
> forceencaps=yes
> authby=secret
> pfs=no
> type=transport
> auth=esp
> ike=3des-sha1,aes-sha1;dh22
> phase2alg=3des-sha1,aes-sha1
> rekey=no
> keyingtries=5
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
>
> Pluto Debug Log:
>
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 128-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bb90/16) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(32) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(16) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(32) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(16) type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32) type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | bytes: ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32) type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed
> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
> Mar 7 17:23:55: no crypto helpers will be started; all cryptographic operations will be done inline
> Mar 7 17:23:55: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-327.3.1.el7.x86_64
> Mar 7 17:23:55: | process 2067 listening for PF_KEY_V2 on file descriptor 11
> Mar 7 17:23:55: | kernel_alg_init()
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_8: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_12: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_16: Ok
> Mar 7 17:23:55: | Registered AEAD AES CCM/GCM algorithms
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
> Mar 7 17:23:55: | 02 07 00 02 02 00 00 00 01 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 1
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=251(ESP_KAME_NULL)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0], exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1], exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2], exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=5(ESP_IDEA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3], exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4], exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5], exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=8(ESP_3IDEA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6], exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=9(ESP_DES_IV32)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7], exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=11(ESP_NULL)
> Mar 7 17:23:55: | kernel_alg_add(2,15,11) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8], exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,2) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9], exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,3) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10], exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_add(2,15,6) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11], exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(2,15,7) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12], exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=12(ESP_AES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,12) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13], exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=252(ESP_SERPENT)
> Mar 7 17:23:55: | kernel_alg_add(2,15,252) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14], exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=22(ESP_CAMELLIA)
> Mar 7 17:23:55: | kernel_alg_add(2,15,22) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15], exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=253(ESP_TWOFISH)
> Mar 7 17:23:55: | kernel_alg_add(2,15,253) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16], exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=13(ESP_AES_CTR)
> Mar 7 17:23:55: | kernel_alg_add(2,15,13) fails because alg combo is invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17], exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=-1
> Mar 7 17:23:55: | AH registered with kernel.
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
> Mar 7 17:23:55: | 02 07 00 03 02 00 00 00 02 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 2
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) - too weak
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
> Mar 7 17:23:55: | ESP registered with kernel.
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
> Mar 7 17:23:55: | 02 07 00 09 02 00 00 00 03 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 3
> Mar 7 17:23:55: | IPCOMP registered with kernel.
> Mar 7 17:23:55: | Registered AH, ESP and IPCOMP
> Mar 7 17:23:55: | event_schedule called for 20 seconds
> Mar 7 17:23:55: | event_schedule_tv called for about 20 seconds and change
> Mar 7 17:23:55: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
> Mar 7 17:23:55: | setup kernel fd callback
> Mar 7 17:23:55: | Could not change to legacy CRL directory '/etc/ipsec.d/crls': 2 No such file or directory
> Mar 7 17:23:55: | event_schedule called for 23765 seconds
> Mar 7 17:23:55: | event_schedule_tv called for about 23765 seconds and change
> Mar 7 17:23:55: | inserting event EVENT_LOG_DAILY, timeout in 23765.000000 seconds
> Mar 7 17:23:55: | Setting up events, loop start
> Mar 7 17:23:56: | calling addconn helper using execve
> Mar 7 17:23:56: | entering aalg_getbyname_ike()
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=14, cnt=1
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=5, cnt=2
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=2, cnt=3
> Mar 7 17:23:56: | entering aalg_getbyname_ike()
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=7 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=22, cnt=4
> Mar 7 17:23:56: | find_host_pair_conn: 10.56.138.86:500 %any:500 -> hp:none
> Mar 7 17:23:56: | Added new connection vpnpsk with policy PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
> Mar 7 17:23:56: | from whack: got --esp=3des-sha1,aes-sha1
> Mar 7 17:23:56: | phase2alg string values: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000
> Mar 7 17:23:56: | ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
> Mar 7 17:23:56: | counting wild cards for 10.56.138.86 is 0
> Mar 7 17:23:56: | counting wild cards for (none) is 15
> Mar 7 17:23:56: | based upon policy, the connection is a template.
> Mar 7 17:23:56: added connection description "vpnpsk"
> Mar 7 17:23:56: | 10.56.138.86/32===10.56.138.86<10.56.138.86>:17/1701---10.56.138.81...%any:17/%any
> Mar 7 17:23:56: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5; replay_window: 32; policy: PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
> Mar 7 17:23:56: listening for IKE messages
> Mar 7 17:23:56: | Inspecting interface lo
> Mar 7 17:23:56: | found lo with address 127.0.0.1
> Mar 7 17:23:56: | Inspecting interface ens32
> Mar 7 17:23:56: | found ens32 with address 10.56.138.86
> Mar 7 17:23:56: | Inspecting interface virbr0
> Mar 7 17:23:56: | found virbr0 with address 192.168.122.1
> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:4500
> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:4500
> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:4500
> Mar 7 17:23:56: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
> Mar 7 17:23:56: adding interface lo/lo ::1:500
> Mar 7 17:23:56: | connect_to_host_pair: 10.56.138.86:500 0.0.0.0:500 -> hp:none
> Mar 7 17:23:56: | setup callback for interface lo:500 fd 19
> Mar 7 17:23:56: | setup callback for interface lo:4500 fd 18
> Mar 7 17:23:56: | setup callback for interface lo:500 fd 17
> Mar 7 17:23:56: | setup callback for interface ens32:4500 fd 16
> Mar 7 17:23:56: | setup callback for interface ens32:500 fd 15
> Mar 7 17:23:56: | setup callback for interface virbr0:4500 fd 14
> Mar 7 17:23:56: | setup callback for interface virbr0:500 fd 13
> Mar 7 17:23:56: | certs and keys locked by 'free_preshared_secrets'
> Mar 7 17:23:56: | certs and keys unlocked by 'free_preshard_secrets'
> Mar 7 17:23:56: loading secrets from "/etc/ipsec.secrets"
> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: 125.16.240.98
> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: %any
> Mar 7 17:23:56: | Processing PSK at line 1: passed
> Mar 7 17:23:56: | certs and keys locked by 'process_secret'
> Mar 7 17:23:56: | certs and keys unlocked by 'process_secret'
> Mar 7 17:23:56: | reaped addconn helper child
> Mar 7 17:23:56: reapchild failed with errno=10 No child processes
> Mar 7 17:23:56: | *received 84 bytes from 106.216.143.95:11359 on ens32 (port=4500)
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | 0b 10 05 01 37 48 06 4c 00 00 00 54 17 dc ee 36
> Mar 7 17:23:56: | 46 77 45 10 38 d5 53 d8 5f 19 24 80 55 b6 c1 ac
> Mar 7 17:23:56: | 2f f3 54 f3 6f 61 65 08 d7 44 4c 4a 10 0f 41 1e
> Mar 7 17:23:56: | 02 a6 36 a5 dd ba db 3d f8 7c 32 e7 9f 4b 64 38
> Mar 7 17:23:56: | c6 76 cb f8
> Mar 7 17:23:56: | **parse ISAKMP Message:
> Mar 7 17:23:56: | initiator cookie:
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | responder cookie:
> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | next payload type: ISAKMP_NEXT_N (0xb)
> Mar 7 17:23:56: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
> Mar 7 17:23:56: | exchange type: ISAKMP_XCHG_INFO (0x5)
> Mar 7 17:23:56: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
> Mar 7 17:23:56: | message ID: 37 48 06 4c
> Mar 7 17:23:56: | length: 84 (0x54)
> Mar 7 17:23:56: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
> Mar 7 17:23:56: | finding hash chain in state hash table
> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | RCOOKIE: a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | found hash chain 14
> Mar 7 17:23:56: | p15 state object not found
> Mar 7 17:23:56: | finding hash chain in state hash table
> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | RCOOKIE: 00 00 00 00 00 00 00 00
> Mar 7 17:23:56: | found hash chain 3
> Mar 7 17:23:56: | v1 state object not found
> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_icookie:
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_rcookie:
> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160307/710eb4ea/attachment-0001.html>
More information about the Swan
mailing list