[Swan] Phase 2 connection not being estbalished
Srinivas Gudipudi
sgudipud at gmail.com
Mon Mar 7 13:25:18 UTC 2016
Hi,
I tried restarting the Huawei device, that does not solve the problem:
The staus output from HUawei device is:
[test]dis ike sa
Conn-ID Peer VPN Flag(s) Phase
---------------------------------------------------------------
3804 125.16.240.98 0 2
3759 125.16.240.98 0 RD|ST 1
I get this error in the pluto log, not sure what this means, possibly an
ICMP packet being
Mar 7 18:30:40: | 02 00 64 06 6a d8 82 83 00 00 00 00 00 00 00 00
Mar 7 18:30:40: ERROR: asynchronous network error report on ens32
(sport=4500) for message to 106.216.130.131 port 25606, complainant
106.216.130.131: Connection refused [errno 111, origin ICMP type 3 code 3
(not authenticated)]
Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for child state #5
Mar 7 18:30:40: | processing connection "vpnpsk"[2] 106.216.172.126
Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126
"vpnpsk" #5 attempt 0 of 5
Mar 7 18:30:40: | sending 168 bytes for EVENT_v1_RETRANSMIT through
ens32:4500 to 106.216.172.126:33808 (using #5)
Mar 7 18:30:40: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3
Mar 7 18:30:40: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4
Mar 7 18:30:40: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0
Mar 7 18:30:40: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4
Mar 7 18:30:40: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68
Mar 7 18:30:40: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18
Mar 7 18:30:40: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9
Mar 7 18:30:40: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16
Mar 7 18:30:40: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90
Mar 7 18:30:40: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21
Mar 7 18:30:40: | 68 da 64 64 7c 32 cb f6
Mar 7 18:30:40: | event_schedule_ms called for about 4000 ms
Mar 7 18:30:40: | event_schedule_tv called for about 4 seconds and change
Mar 7 18:30:40: | inserting event EVENT_v1_RETRANSMIT, timeout in 4.000000
seconds for #5
Mar 7 18:30:41: | handling event EVENT_SHUNT_SCAN
Mar 7 18:30:41: | expiring aged bare shunts
Mar 7 18:30:41: | event_schedule called for 20 seconds
Mar 7 18:30:41: | event_schedule_tv called for about 20 seconds and change
Mar 7 18:30:41: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000
seconds
Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for child state #5
Mar 7 18:30:44: | processing connection "vpnpsk"[2] 106.216.172.126
Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126
"vpnpsk" #5 attempt 0 of 5
Mar 7 18:30:44: | sending 168 bytes for EVENT_v1_RETRANSMIT through
ens32:4500 to 106.216.172.126:33808 (using #5)
Mar 7 18:30:44: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3
Mar 7 18:30:44: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4
Mar 7 18:30:44: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0
Mar 7 18:30:44: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4
Mar 7 18:30:44: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68
Mar 7 18:30:44: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18
Mar 7 18:30:44: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9
Mar 7 18:30:44: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16
Mar 7 18:30:44: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90
Mar 7 18:30:44: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21
Mar 7 18:30:44: | 68 da 64 64 7c 32 cb f6
Mar 7 18:30:44: | event_schedule_ms called for about 8000 ms
Mar 7 18:30:44: | event_schedule_tv called for about 8 seconds and change
Mar 7 18:30:44: | inserting event EVENT_v1_RETRANSMIT, timeout in 8.000000
second
Regards,
Srinivas
On Mon, Mar 7, 2016 at 5:41 PM, Paul Wouters <paul at nohats.ca> wrote:
> You received a packet from before you restarted. Try restarting other end?
>
> Paul
>
> Sent from my iPhone
>
> On Mar 7, 2016, at 12:01, Srinivas Gudipudi <sgudipud at gmail.com> wrote:
>
> Hi,
>
> I am using Libreswan on RedHat to setup a VPN server, on the client side,
> I have a Huawei 4G router connected across a CGNAT network server to the
> Redhat server, which is the VPN server. I am placing the configurations
> below, I am able to get the phase 1 up, but the phase 2 is not
> estbalishing, can you please help here:
>
> *Huawei Router Config:*
>
>
> Peer name : spua
> IKE version : Version one
> Exchange mode : main on phase 1
> Pre-shared-key cipher : %@%@6SzGWj[<u/%UUUW|E";TcxX^%@%@
> Proposal : 5
> Local ID type : IP
> DPD : Enable
> DPD mode : Periodic
> DPD idle time : 120
> DPD retransmit interval : 30
> DPD retry limit : 5
> Host name :
> Peer IP address : 125.16.240.98(active)
> Host name :
> Peer IP address :
> VPN name :
> Local IP address :
> Local name :
> Remote name :
> NAT-traversal : Enable
> DPD request message : 94
> DPD Ack message : 40
> DPD fail time : 9
> PKI realm : NULL
> Lifetime notification : Disable
>
>
>
> *IPSec.conf:*
>
>
> version 2.0
>
> config setup
> dumpdir=/var/run/pluto/
> nat_traversal=yes
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
> oe=off
> protostack=netkey
> nhelpers=0
> interfaces=%defaultroute
> plutodebug=all
>
> conn vpnpsk
> connaddrfamily=ipv4
> auto=add
> left=10.56.138.86
> leftid=VM000003380
> leftsubnet=10.56.138.86/32
> leftnexthop=%defaultroute
> leftprotoport=17/1701
> rightprotoport=17/%any
> right=%any
> rightsubnetwithin=0.0.0.0/0
> forceencaps=yes
> authby=secret
> pfs=no
> type=transport
> auth=esp
> ike=3des-sha1,aes-sha1;dh22
> phase2alg=3des-sha1,aes-sha1
> rekey=no
> keyingtries=5
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
>
> *Pluto Debug Log:*
>
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A
> 81 7D 1C 4D 87 BD B8 2D 1F 1C"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB
> 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
> passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 128-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
> 88 99 AA BB CC DD EE FF"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
> bytes(0x7f386294bb90/16) - derive(CONCATENATE_DATA_AND_BASE)
> target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee
> ff
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(32)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
> next-byte(0) key-size(16) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
> target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(32)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(16)
> type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C
> 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 01 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50
> 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C
> 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50
> 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 01 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
> passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
> bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
> target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
> next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
> target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
> type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51
> 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA
> 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51
> 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA
> 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
> passed
> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
> 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
> Mar 7 17:23:55: | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00
> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
> bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
> target(EXTRACT_KEY_FROM_KEY)
> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
> type/mechanism(AES_KEY_GEN 0x00001080)
> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee
> ff
> Mar 7 17:23:55: | bytes: ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11
> 00
> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
> next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
> target(CAMELLIA_CBC)
> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
> type/mechanism(CAMELLIA_CBC 0x00000552)
> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56
> D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 01"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18
> 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: encrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56
> D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18
> 56 D3 EB 61 02 5E 93 21 9B 65 23 "
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 01"
> Mar 7 17:23:55: | decode_to_chunk: output:
> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
> Mar 7 17:23:55: | compare_chunk: decrypt: ok
> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
> passed
> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
> Mar 7 17:23:55: no crypto helpers will be started; all cryptographic
> operations will be done inline
> Mar 7 17:23:55: Using Linux XFRM/NETKEY IPsec interface code on
> 3.10.0-327.3.1.el7.x86_64
> Mar 7 17:23:55: | process 2067 listening for PF_KEY_V2 on file descriptor
> 11
> Mar 7 17:23:55: | kernel_alg_init()
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=18(ESP_AES_GCM_A)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=19(ESP_AES_GCM_B)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=20(ESP_AES_GCM_C)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=14(ESP_AES_CCM_A)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=15(ESP_AES_CCM_B)
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=16(ESP_AES_CCM_C)
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_8: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_12: Ok
> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_16: Ok
> Mar 7 17:23:55: | Registered AEAD AES CCM/GCM algorithms
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
> Mar 7 17:23:55: | 02 07 00 02 02 00 00 00 01 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 1
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
> sadb_msg_len=22 sadb_supported_len=72
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=251(ESP_KAME_NULL)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0],
> exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0,
> alg_maxbits=0, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1],
> exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2],
> exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160,
> alg_maxbits=160, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=5(ESP_IDEA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3],
> exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256,
> alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4],
> exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384,
> alg_maxbits=384, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5],
> exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512,
> alg_maxbits=512, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=8(ESP_3IDEA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6],
> exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160,
> alg_maxbits=160, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
> alg_id=9(ESP_DES_IV32)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7],
> exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
> sadb_msg_len=22 sadb_supported_len=88
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=11(ESP_NULL)
> Mar 7 17:23:55: | kernel_alg_add(2,15,11) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8],
> exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
> res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,2) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9],
> exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64,
> alg_maxbits=64, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,3) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10],
> exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192,
> alg_maxbits=192, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_add(2,15,6) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11],
> exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40,
> alg_maxbits=128, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(2,15,7) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12],
> exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40,
> alg_maxbits=448, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=12(ESP_AES)
> Mar 7 17:23:55: | kernel_alg_add(2,15,12) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13],
> exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=252(ESP_SERPENT)
> Mar 7 17:23:55: | kernel_alg_add(2,15,252) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14],
> exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=22(ESP_CAMELLIA)
> Mar 7 17:23:55: | kernel_alg_add(2,15,22) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15],
> exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=253(ESP_TWOFISH)
> Mar 7 17:23:55: | kernel_alg_add(2,15,253) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16],
> exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=-1
> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
> alg_id=13(ESP_AES_CTR)
> Mar 7 17:23:55: | kernel_alg_add(2,15,13) fails because alg combo is
> invalid
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17],
> exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160,
> alg_maxbits=288, res=0, ret=-1
> Mar 7 17:23:55: | AH registered with kernel.
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
> Mar 7 17:23:55: | 02 07 00 03 02 00 00 00 02 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 2
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
> sadb_msg_len=22 sadb_supported_len=72
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=251(ESP_KAME_NULL)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=251
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0],
> exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0,
> alg_maxbits=0, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=2
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1],
> exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=3
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2],
> exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160,
> alg_maxbits=160, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=5(ESP_IDEA)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=5
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3],
> exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256,
> alg_maxbits=256, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=6
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4],
> exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384,
> alg_maxbits=384, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=7
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5],
> exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512,
> alg_maxbits=512, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=8(ESP_3IDEA)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=8
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6],
> exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160,
> alg_maxbits=160, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
> alg_id=9(ESP_DES_IV32)
> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
> exttype=14, alg_id=9
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7],
> exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128,
> alg_maxbits=128, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
> sadb_msg_len=22 sadb_supported_len=88
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=11(ESP_NULL)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8],
> exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
> res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=2(ESP_DES)
> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9],
> exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64,
> alg_maxbits=64, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=3(ESP_3DES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10],
> exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192,
> alg_maxbits=192, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=6(ESP_CAST)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11],
> exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40,
> alg_maxbits=128, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=7(ESP_BLOWFISH)
> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) - too
> weak
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12],
> exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40,
> alg_maxbits=448, res=0, ret=0
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=12(ESP_AES)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13],
> exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=252(ESP_SERPENT)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14],
> exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=22(ESP_CAMELLIA)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15],
> exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=253(ESP_TWOFISH)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16],
> exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128,
> alg_maxbits=256, res=0, ret=1
> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
> alg_id=13(ESP_AES_CTR)
> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17],
> exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160,
> alg_maxbits=288, res=0, ret=1
> Mar 7 17:23:55: | ESP registered with kernel.
> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
> Mar 7 17:23:55: | 02 07 00 09 02 00 00 00 03 00 00 00 13 08 00 00
> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 3
> Mar 7 17:23:55: | IPCOMP registered with kernel.
> Mar 7 17:23:55: | Registered AH, ESP and IPCOMP
> Mar 7 17:23:55: | event_schedule called for 20 seconds
> Mar 7 17:23:55: | event_schedule_tv called for about 20 seconds and change
> Mar 7 17:23:55: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000
> seconds
> Mar 7 17:23:55: | setup kernel fd callback
> Mar 7 17:23:55: | Could not change to legacy CRL directory
> '/etc/ipsec.d/crls': 2 No such file or directory
> Mar 7 17:23:55: | event_schedule called for 23765 seconds
> Mar 7 17:23:55: | event_schedule_tv called for about 23765 seconds and
> change
> Mar 7 17:23:55: | inserting event EVENT_LOG_DAILY, timeout in
> 23765.000000 seconds
> Mar 7 17:23:55: | Setting up events, loop start
> Mar 7 17:23:56: | calling addconn helper using execve
> Mar 7 17:23:56: | entering aalg_getbyname_ike()
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
> ak_bits=0 modp_id=14, cnt=1
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
> ak_bits=0 modp_id=5, cnt=2
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
> ak_bits=0 modp_id=2, cnt=3
> Mar 7 17:23:56: | entering aalg_getbyname_ike()
> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=7 ek_bits=0 aalg_id=2
> ak_bits=0 modp_id=22, cnt=4
> Mar 7 17:23:56: | find_host_pair_conn: 10.56.138.86:500 %any:500 ->
> hp:none
> Mar 7 17:23:56: | Added new connection vpnpsk with policy
> PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
> Mar 7 17:23:56: | from whack: got --esp=3des-sha1,aes-sha1
> Mar 7 17:23:56: | phase2alg string values: 3DES(3)_000-SHA1(2)_000,
> AES(12)_000-SHA1(2)_000
> Mar 7 17:23:56: | ike (phase1) algorithm values:
> 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14),
> 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5),
> 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
> Mar 7 17:23:56: | counting wild cards for 10.56.138.86 is 0
> Mar 7 17:23:56: | counting wild cards for (none) is 15
> Mar 7 17:23:56: | based upon policy, the connection is a template.
> Mar 7 17:23:56: added connection description "vpnpsk"
> Mar 7 17:23:56: | 10.56.138.86/32===10.56.138.86
> <10.56.138.86>:17/1701---10.56.138.81...%any:17/%any
> Mar 7 17:23:56: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
> 540s; rekey_fuzz: 100%; keyingtries: 5; replay_window: 32; policy:
> PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
> Mar 7 17:23:56: listening for IKE messages
> Mar 7 17:23:56: | Inspecting interface lo
> Mar 7 17:23:56: | found lo with address 127.0.0.1
> Mar 7 17:23:56: | Inspecting interface ens32
> Mar 7 17:23:56: | found ens32 with address 10.56.138.86
> Mar 7 17:23:56: | Inspecting interface virbr0
> Mar 7 17:23:56: | found virbr0 with address 192.168.122.1
> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
> NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
> style NAT-T family IPv4
> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:4500
> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
> NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
> style NAT-T family IPv4
> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:4500
> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:500
> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
> NAT-T family IPv4 (errno=19)
> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
> style NAT-T family IPv4
> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:4500
> Mar 7 17:23:56: | found lo with address
> 0000:0000:0000:0000:0000:0000:0000:0001
> Mar 7 17:23:56: adding interface lo/lo ::1:500
> Mar 7 17:23:56: | connect_to_host_pair: 10.56.138.86:500 0.0.0.0:500 ->
> hp:none
> Mar 7 17:23:56: | setup callback for interface lo:500 fd 19
> Mar 7 17:23:56: | setup callback for interface lo:4500 fd 18
> Mar 7 17:23:56: | setup callback for interface lo:500 fd 17
> Mar 7 17:23:56: | setup callback for interface ens32:4500 fd 16
> Mar 7 17:23:56: | setup callback for interface ens32:500 fd 15
> Mar 7 17:23:56: | setup callback for interface virbr0:4500 fd 14
> Mar 7 17:23:56: | setup callback for interface virbr0:500 fd 13
> Mar 7 17:23:56: | certs and keys locked by 'free_preshared_secrets'
> Mar 7 17:23:56: | certs and keys unlocked by 'free_preshard_secrets'
> Mar 7 17:23:56: loading secrets from "/etc/ipsec.secrets"
> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK:
> 125.16.240.98
> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: %any
> Mar 7 17:23:56: | Processing PSK at line 1: passed
> Mar 7 17:23:56: | certs and keys locked by 'process_secret'
> Mar 7 17:23:56: | certs and keys unlocked by 'process_secret'
> Mar 7 17:23:56: | reaped addconn helper child
> Mar 7 17:23:56: reapchild failed with errno=10 No child processes
> Mar 7 17:23:56: | *received 84 bytes from 106.216.143.95:11359 on ens32
> (port=4500)
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | 0b 10 05 01 37 48 06 4c 00 00 00 54 17 dc ee 36
> Mar 7 17:23:56: | 46 77 45 10 38 d5 53 d8 5f 19 24 80 55 b6 c1 ac
> Mar 7 17:23:56: | 2f f3 54 f3 6f 61 65 08 d7 44 4c 4a 10 0f 41 1e
> Mar 7 17:23:56: | 02 a6 36 a5 dd ba db 3d f8 7c 32 e7 9f 4b 64 38
> Mar 7 17:23:56: | c6 76 cb f8
> Mar 7 17:23:56: | **parse ISAKMP Message:
> Mar 7 17:23:56: | initiator cookie:
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | responder cookie:
> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | next payload type: ISAKMP_NEXT_N (0xb)
> Mar 7 17:23:56: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
> Mar 7 17:23:56: | exchange type: ISAKMP_XCHG_INFO (0x5)
> Mar 7 17:23:56: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
> Mar 7 17:23:56: | message ID: 37 48 06 4c
> Mar 7 17:23:56: | length: 84 (0x54)
> Mar 7 17:23:56: | processing version=1.0 packet with exchange
> type=ISAKMP_XCHG_INFO (5)
> Mar 7 17:23:56: | finding hash chain in state hash table
> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | RCOOKIE: a2 29 a8 0f 40 0e 10 bf
> Mar 7 17:23:56: | found hash chain 14
> Mar 7 17:23:56: | p15 state object not found
> Mar 7 17:23:56: | finding hash chain in state hash table
> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | RCOOKIE: 00 00 00 00 00 00 00 00
> Mar 7 17:23:56: | found hash chain 3
> Mar 7 17:23:56: | v1 state object not found
> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_icookie:
> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_rcookie:
> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160307/089c538c/attachment-0001.html>
More information about the Swan
mailing list