[Swan] Phase 2 connection not being estbalished
Srinivas Gudipudi
sgudipud at gmail.com
Mon Mar 7 13:26:02 UTC 2016
Hi,
In case it helps, please find below thye output of ipsec auto --status
[root at VM000003380 ~]# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1 at 500
000 interface lo/lo 127.0.0.1 at 4500
000 interface lo/lo 127.0.0.1 at 500
000 interface ens32/ens32 10.56.138.86 at 4500
000 interface ens32/ens32 10.56.138.86 at 500
000 interface virbr0/virbr0 192.168.122.1 at 4500
000 interface virbr0/virbr0 192.168.122.1 at 500
000
000
000 fips mode=disabled;
000 SElinux=enabled
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets,
ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset
000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec
000 pluto_version=3.16, pluto_vendorid=OE-Libreswan-3.16
000 nhelpers=0, uniqueids=yes, perpeerlog=no, shuntlifetime=900s,
xfrmlifetime=300s
000 ddos-cookies-treshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>,
nflog-all=0
000 secctx-attr-type=<unsupported>
000 myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
000
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
000 - excluded subnet: 192.168.42.0/24
000
000 ESP algorithms supported:
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=128,
keysizemax=128
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin=384, keysizemax=384
000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512,
keysizemin=512, keysizemax=512
000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC,
keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME,
keysizemin=0, keysizemax=0
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=24, v1name=OAKLEY_CAMELLIA_CTR, v2id=24,
v2name=CAMELLIA_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23,
v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C, v2id=20,
v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B, v2id=19,
v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A, v2id=18,
v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
000 algorithm IKE hash: id=9, name=DISABLED-OAKLEY_AES_XCBC, hashlen=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 Connection list:
000
000 "vpnpsk": 10.56.138.86/32===10.56.138.86<10.56.138.86>:17/1701---10.56.138.81...%any:17/%any;
unrouted; eroute owner: #0
000 "vpnpsk": oriented; my_ip=unset; their_ip=unset
000 "vpnpsk": xauth info: us:none, them:none, my_xauthuser=[any];
their_xauthuser=[any]
000 "vpnpsk": modecfg info: us:none, them:none, modecfg policy:push,
dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "vpnpsk": labeled_ipsec:no;
000 "vpnpsk": policy_label:unset;
000 "vpnpsk": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5;
000 "vpnpsk": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "vpnpsk": sha2_truncbug:no; initial_contact:no; cisco_unity:no;
fake_strongswan:no; send_vendorid:no;
000 "vpnpsk": policy:
PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "vpnpsk": conn_prio: 32,32; interface: ens32; metric: 0; mtu: unset;
sa_prio:auto; nflog-group: unset; mark: unset;
000 "vpnpsk": dpd: action:clear; delay:30; timeout:120; nat-t:
force_encaps:yes; nat_keepalive:yes; ikev1_natt:both
000 "vpnpsk": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vpnpsk": IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14),
3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5),
3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
000 "vpnpsk": IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-MODP2048(14),
3DES_CBC(5)_192-SHA1(2)_160-MODP1536(5),
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2), AES_CBC(7)_128-SHA1(2)_160-DH22(22)
000 "vpnpsk": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000,
AES(12)_000-SHA1(2)_000
000 "vpnpsk": ESP algorithms loaded: 3DES(3)_000-SHA1(2)_000,
AES(12)_000-SHA1(2)_000
000 "vpnpsk"[2]:
10.56.138.86/32===10.56.138.86<10.56.138.86>:17/1701---10.56.138.81...106.216.172.126[@test]:17/0;
unrouted; eroute owner: #0
000 "vpnpsk"[2]: oriented; my_ip=unset; their_ip=unset
000 "vpnpsk"[2]: xauth info: us:none, them:none, my_xauthuser=[any];
their_xauthuser=[any]
000 "vpnpsk"[2]: modecfg info: us:none, them:none, modecfg policy:push,
dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "vpnpsk"[2]: labeled_ipsec:no;
000 "vpnpsk"[2]: policy_label:unset;
000 "vpnpsk"[2]: ike_life: 3600s; ipsec_life: 28800s; replay_window: 32;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5;
000 "vpnpsk"[2]: retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "vpnpsk"[2]: sha2_truncbug:no; initial_contact:no; cisco_unity:no;
fake_strongswan:no; send_vendorid:no;
000 "vpnpsk"[2]: policy:
PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "vpnpsk"[2]: conn_prio: 32,32; interface: ens32; metric: 0; mtu:
unset; sa_prio:auto; nflog-group: unset; mark: unset;
000 "vpnpsk"[2]: dpd: action:clear; delay:30; timeout:120; nat-t:
force_encaps:yes; nat_keepalive:yes; ikev1_natt:both
000 "vpnpsk"[2]: newest ISAKMP SA: #53; newest IPsec SA: #0;
000 "vpnpsk"[2]: IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14),
3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5),
3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
000 "vpnpsk"[2]: IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-MODP2048(14),
3DES_CBC(5)_192-SHA1(2)_160-MODP1536(5),
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2), AES_CBC(7)_128-SHA1(2)_160-DH22(22)
000 "vpnpsk"[2]: IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "vpnpsk"[2]: ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000,
AES(12)_000-SHA1(2)_000
000 "vpnpsk"[2]: ESP algorithms loaded: 3DES(3)_000-SHA1(2)_000,
AES(12)_000-SHA1(2)_000
000
000 Total IPsec connections: loaded 2, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE
connections
000 IKE SAs: total(2), half-open(0), open(0), authenticated(2), anonymous(0)
000 IPsec SAs: total(2), authenticated(2), anonymous(0)
000
000 #1: "vpnpsk"[2] 106.216.172.126:33808 STATE_MAIN_R3 (sent MR3, ISAKMP
SA established); EVENT_SA_EXPIRE in 84978s; lastdpd=238s(seq in:2409
out:0); idle; import:not set
000 #62: "vpnpsk"[2] 106.216.172.126:33808 STATE_QUICK_R1 (sent QR1,
inbound IPsec SA installed, expecting QI2); EVENT_v1_RETRANSMIT in 4s;
isakmp#53; idle; import:not set
000 #62: "vpnpsk"[2] 106.216.172.126 esp.ddb2082 at 106.216.172.126
esp.b2e58188 at 10.56.138.86 ref=0 refhim=4294901761 Traffic: ESPin=0B
ESPout=0B! ESPmax=1800B
000 #61: "vpnpsk"[2] 106.216.172.126:33808 STATE_QUICK_R1 (sent QR1,
inbound IPsec SA installed, expecting QI2); EVENT_v1_RETRANSMIT in 9s;
isakmp#53; idle; import:not set
000 #61: "vpnpsk"[2] 106.216.172.126 esp.9add6be2 at 106.216.172.126
esp.184ae3fb at 10.56.138.86 ref=0 refhim=4294901761 Traffic: ESPin=0B
ESPout=0B! ESPmax=1800B
000 #53: "vpnpsk"[2] 106.216.172.126:33808 STATE_MAIN_R3 (sent MR3, ISAKMP
SA established); EVENT_SA_EXPIRE in 86163s; newest ISAKMP; lastdpd=207s(seq
in:7458 out:0); idle; import:not set
000
000 Bare Shunt list:
000
Regards,
Srinivas
On Mon, Mar 7, 2016 at 6:55 PM, Srinivas Gudipudi <sgudipud at gmail.com>
wrote:
> Hi,
>
> I tried restarting the Huawei device, that does not solve the problem:
>
> The staus output from HUawei device is:
>
> [test]dis ike sa
> Conn-ID Peer VPN Flag(s) Phase
> ---------------------------------------------------------------
> 3804 125.16.240.98 0 2
> 3759 125.16.240.98 0 RD|ST 1
>
>
> I get this error in the pluto log, not sure what this means, possibly an
> ICMP packet being
>
> Mar 7 18:30:40: | 02 00 64 06 6a d8 82 83 00 00 00 00 00 00 00 00
> Mar 7 18:30:40: ERROR: asynchronous network error report on ens32
> (sport=4500) for message to 106.216.130.131 port 25606, complainant
> 106.216.130.131: Connection refused [errno 111, origin ICMP type 3 code 3
> (not authenticated)]
> Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for child state #5
> Mar 7 18:30:40: | processing connection "vpnpsk"[2] 106.216.172.126
> Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126
> "vpnpsk" #5 attempt 0 of 5
> Mar 7 18:30:40: | sending 168 bytes for EVENT_v1_RETRANSMIT through
> ens32:4500 to 106.216.172.126:33808 (using #5)
> Mar 7 18:30:40: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3
> Mar 7 18:30:40: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4
> Mar 7 18:30:40: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0
> Mar 7 18:30:40: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4
> Mar 7 18:30:40: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68
> Mar 7 18:30:40: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18
> Mar 7 18:30:40: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9
> Mar 7 18:30:40: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16
> Mar 7 18:30:40: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90
> Mar 7 18:30:40: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21
> Mar 7 18:30:40: | 68 da 64 64 7c 32 cb f6
> Mar 7 18:30:40: | event_schedule_ms called for about 4000 ms
> Mar 7 18:30:40: | event_schedule_tv called for about 4 seconds and change
> Mar 7 18:30:40: | inserting event EVENT_v1_RETRANSMIT, timeout in
> 4.000000 seconds for #5
> Mar 7 18:30:41: | handling event EVENT_SHUNT_SCAN
> Mar 7 18:30:41: | expiring aged bare shunts
> Mar 7 18:30:41: | event_schedule called for 20 seconds
> Mar 7 18:30:41: | event_schedule_tv called for about 20 seconds and change
> Mar 7 18:30:41: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000
> seconds
> Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for child state #5
> Mar 7 18:30:44: | processing connection "vpnpsk"[2] 106.216.172.126
> Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126
> "vpnpsk" #5 attempt 0 of 5
> Mar 7 18:30:44: | sending 168 bytes for EVENT_v1_RETRANSMIT through
> ens32:4500 to 106.216.172.126:33808 (using #5)
> Mar 7 18:30:44: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3
> Mar 7 18:30:44: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4
> Mar 7 18:30:44: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0
> Mar 7 18:30:44: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4
> Mar 7 18:30:44: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68
> Mar 7 18:30:44: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18
> Mar 7 18:30:44: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9
> Mar 7 18:30:44: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16
> Mar 7 18:30:44: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90
> Mar 7 18:30:44: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21
> Mar 7 18:30:44: | 68 da 64 64 7c 32 cb f6
> Mar 7 18:30:44: | event_schedule_ms called for about 8000 ms
> Mar 7 18:30:44: | event_schedule_tv called for about 8 seconds and change
> Mar 7 18:30:44: | inserting event EVENT_v1_RETRANSMIT, timeout in
> 8.000000 second
>
> Regards,
> Srinivas
>
>
> On Mon, Mar 7, 2016 at 5:41 PM, Paul Wouters <paul at nohats.ca> wrote:
>
>> You received a packet from before you restarted. Try restarting other end?
>>
>> Paul
>>
>> Sent from my iPhone
>>
>> On Mar 7, 2016, at 12:01, Srinivas Gudipudi <sgudipud at gmail.com> wrote:
>>
>> Hi,
>>
>> I am using Libreswan on RedHat to setup a VPN server, on the client side,
>> I have a Huawei 4G router connected across a CGNAT network server to the
>> Redhat server, which is the VPN server. I am placing the configurations
>> below, I am able to get the phase 1 up, but the phase 2 is not
>> estbalishing, can you please help here:
>>
>> *Huawei Router Config:*
>>
>>
>> Peer name : spua
>> IKE version : Version one
>> Exchange mode : main on phase 1
>> Pre-shared-key cipher : %@%@6SzGWj[<u/%UUUW|E";TcxX^%@%@
>> Proposal : 5
>> Local ID type : IP
>> DPD : Enable
>> DPD mode : Periodic
>> DPD idle time : 120
>> DPD retransmit interval : 30
>> DPD retry limit : 5
>> Host name :
>> Peer IP address : 125.16.240.98(active)
>> Host name :
>> Peer IP address :
>> VPN name :
>> Local IP address :
>> Local name :
>> Remote name :
>> NAT-traversal : Enable
>> DPD request message : 94
>> DPD Ack message : 40
>> DPD fail time : 9
>> PKI realm : NULL
>> Lifetime notification : Disable
>>
>>
>>
>> *IPSec.conf:*
>>
>>
>> version 2.0
>>
>> config setup
>> dumpdir=/var/run/pluto/
>> nat_traversal=yes
>> virtual_private=%v4:
>> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
>> oe=off
>> protostack=netkey
>> nhelpers=0
>> interfaces=%defaultroute
>> plutodebug=all
>>
>> conn vpnpsk
>> connaddrfamily=ipv4
>> auto=add
>> left=10.56.138.86
>> leftid=VM000003380
>> leftsubnet=10.56.138.86/32
>> leftnexthop=%defaultroute
>> leftprotoport=17/1701
>> rightprotoport=17/%any
>> right=%any
>> rightsubnetwithin=0.0.0.0/0
>> forceencaps=yes
>> authby=secret
>> pfs=no
>> type=transport
>> auth=esp
>> ike=3des-sha1,aes-sha1;dh22
>> phase2alg=3des-sha1,aes-sha1
>> rekey=no
>> keyingtries=5
>> dpddelay=30
>> dpdtimeout=120
>> dpdaction=clear
>>
>>
>> *Pluto Debug Log:*
>>
>> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: encrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A
>> 81 7D 1C 4D 87 BD B8 2D 1F 1C"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
>> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB
>> 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: decrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
>> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
>> passed
>> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 128-bit key
>> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
>> 88 99 AA BB CC DD EE FF"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
>> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
>> bytes(0x7f386294bb90/16) - derive(CONCATENATE_DATA_AND_BASE)
>> target(EXTRACT_KEY_FROM_KEY)
>> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd
>> ee ff
>> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(32)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
>> next-byte(0) key-size(16) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
>> target(CAMELLIA_CBC)
>> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(32)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(16)
>> type/mechanism(CAMELLIA_CBC 0x00000552)
>> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C
>> 27 B7 EC 2C D1 2D 91 59 6F 37"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 01 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
>> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50
>> 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: encrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C
>> 27 B7 EC 2C D1 2D 91 59 6F 37"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
>> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50
>> 0C 27 B7 EC 2C D1 2D 91 59 6F 37"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 01 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: decrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
>> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key
>> passed
>> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
>> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
>> bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
>> target(EXTRACT_KEY_FROM_KEY)
>> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00
>> Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00
>> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
>> next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
>> target(CAMELLIA_CBC)
>> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
>> type/mechanism(CAMELLIA_CBC 0x00000552)
>> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51
>> 8A B0 9E 84 72 48 E9 1B 1B 9D"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA
>> 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: encrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51
>> 8A B0 9E 84 72 48 E9 1B 1B 9D"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
>> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA
>> 51 8A B0 9E 84 72 48 E9 1B 1B 9D"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: decrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
>> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
>> passed
>> Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key
>> Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77
>> 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff
>> Mar 7 17:23:55: | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00
>> Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260)
>> bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE)
>> target(EXTRACT_KEY_FROM_KEY)
>> Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16)
>> type/mechanism(AES_KEY_GEN 0x00001080)
>> Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd
>> ee ff
>> Mar 7 17:23:55: | bytes: ff ee dd cc bb aa 99 88 77 66 55 44 33 22
>> 11 00
>> Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) -
>> next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY)
>> target(CAMELLIA_CBC)
>> Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48)
>> type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)
>> Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32)
>> type/mechanism(CAMELLIA_CBC 0x00000552)
>> Mar 7 17:23:55: | tmp:: free key 0x7f386294a210
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56
>> D3 EB 61 02 5E 93 21 9B 65 23 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 01"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
>> Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18
>> 56 D3 EB 61 02 5E 93 21 9B 65 23 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: encrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56
>> D3 EB 61 02 5E 93 21 9B 65 23 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
>> Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18
>> 56 D3 EB 61 02 5E 93 21 9B 65 23 "
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23
>> Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 01"
>> Mar 7 17:23:55: | decode_to_chunk: output:
>> Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter
>> Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit
>> Mar 7 17:23:55: | compare_chunk: decrypt: ok
>> Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok
>> Mar 7 17:23:55: | sym_key: free key 0x7f3862948990
>> Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key
>> passed
>> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC:
>> Ok
>> Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR:
>> Ok
>> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
>> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
>> Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
>> Mar 7 17:23:55: no crypto helpers will be started; all cryptographic
>> operations will be done inline
>> Mar 7 17:23:55: Using Linux XFRM/NETKEY IPsec interface code on
>> 3.10.0-327.3.1.el7.x86_64
>> Mar 7 17:23:55: | process 2067 listening for PF_KEY_V2 on file
>> descriptor 11
>> Mar 7 17:23:55: | kernel_alg_init()
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=18(ESP_AES_GCM_A)
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=19(ESP_AES_GCM_B)
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=20(ESP_AES_GCM_C)
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=14(ESP_AES_CCM_A)
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=15(ESP_AES_CCM_B)
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=16(ESP_AES_CCM_C)
>> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_8: Ok
>> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_12: Ok
>> Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_16: Ok
>> Mar 7 17:23:55: | Registered AEAD AES CCM/GCM algorithms
>> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
>> Mar 7 17:23:55: | 02 07 00 02 02 00 00 00 01 00 00 00 13 08 00 00
>> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 1
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
>> sadb_msg_len=22 sadb_supported_len=72
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=251(ESP_KAME_NULL)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0],
>> exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0,
>> alg_maxbits=0, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=2(ESP_DES)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1],
>> exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128,
>> alg_maxbits=128, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=3(ESP_3DES)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2],
>> exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160,
>> alg_maxbits=160, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=5(ESP_IDEA)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3],
>> exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256,
>> alg_maxbits=256, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=6(ESP_CAST)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4],
>> exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384,
>> alg_maxbits=384, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=7(ESP_BLOWFISH)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5],
>> exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512,
>> alg_maxbits=512, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=8(ESP_3IDEA)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6],
>> exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160,
>> alg_maxbits=160, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14,
>> alg_id=9(ESP_DES_IV32)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7],
>> exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128,
>> alg_maxbits=128, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH:
>> sadb_msg_len=22 sadb_supported_len=88
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=11(ESP_NULL)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,11) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8],
>> exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
>> res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=2(ESP_DES)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,2) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9],
>> exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64,
>> alg_maxbits=64, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=3(ESP_3DES)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,3) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10],
>> exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192,
>> alg_maxbits=192, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=6(ESP_CAST)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,6) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11],
>> exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40,
>> alg_maxbits=128, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=7(ESP_BLOWFISH)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,7) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12],
>> exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40,
>> alg_maxbits=448, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=12(ESP_AES)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,12) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13],
>> exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=252(ESP_SERPENT)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,252) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14],
>> exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=22(ESP_CAMELLIA)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,22) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15],
>> exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=253(ESP_TWOFISH)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,253) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16],
>> exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=-1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15,
>> alg_id=13(ESP_AES_CTR)
>> Mar 7 17:23:55: | kernel_alg_add(2,15,13) fails because alg combo is
>> invalid
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17],
>> exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160,
>> alg_maxbits=288, res=0, ret=-1
>> Mar 7 17:23:55: | AH registered with kernel.
>> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
>> Mar 7 17:23:55: | 02 07 00 03 02 00 00 00 02 00 00 00 13 08 00 00
>> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 2
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
>> sadb_msg_len=22 sadb_supported_len=72
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=251(ESP_KAME_NULL)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=251
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0],
>> exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0,
>> alg_maxbits=0, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=2(ESP_DES)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=2
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1],
>> exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128,
>> alg_maxbits=128, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=3(ESP_3DES)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=3
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2],
>> exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160,
>> alg_maxbits=160, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=5(ESP_IDEA)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=5
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3],
>> exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256,
>> alg_maxbits=256, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=6(ESP_CAST)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=6
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4],
>> exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384,
>> alg_maxbits=384, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=7(ESP_BLOWFISH)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=7
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5],
>> exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512,
>> alg_maxbits=512, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=8(ESP_3IDEA)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=8
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6],
>> exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160,
>> alg_maxbits=160, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14,
>> alg_id=9(ESP_DES_IV32)
>> Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3,
>> exttype=14, alg_id=9
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7],
>> exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128,
>> alg_maxbits=128, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP:
>> sadb_msg_len=22 sadb_supported_len=88
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=11(ESP_NULL)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8],
>> exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0,
>> res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=2(ESP_DES)
>> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9],
>> exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64,
>> alg_maxbits=64, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=3(ESP_3DES)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10],
>> exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192,
>> alg_maxbits=192, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=6(ESP_CAST)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11],
>> exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40,
>> alg_maxbits=128, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=7(ESP_BLOWFISH)
>> Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) -
>> too weak
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12],
>> exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40,
>> alg_maxbits=448, res=0, ret=0
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=12(ESP_AES)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13],
>> exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=252(ESP_SERPENT)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14],
>> exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=22(ESP_CAMELLIA)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15],
>> exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=253(ESP_TWOFISH)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16],
>> exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128,
>> alg_maxbits=256, res=0, ret=1
>> Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15,
>> alg_id=13(ESP_AES_CTR)
>> Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17],
>> exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160,
>> alg_maxbits=288, res=0, ret=1
>> Mar 7 17:23:55: | ESP registered with kernel.
>> Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
>> Mar 7 17:23:55: | 02 07 00 09 02 00 00 00 03 00 00 00 13 08 00 00
>> Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 3
>> Mar 7 17:23:55: | IPCOMP registered with kernel.
>> Mar 7 17:23:55: | Registered AH, ESP and IPCOMP
>> Mar 7 17:23:55: | event_schedule called for 20 seconds
>> Mar 7 17:23:55: | event_schedule_tv called for about 20 seconds and
>> change
>> Mar 7 17:23:55: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000
>> seconds
>> Mar 7 17:23:55: | setup kernel fd callback
>> Mar 7 17:23:55: | Could not change to legacy CRL directory
>> '/etc/ipsec.d/crls': 2 No such file or directory
>> Mar 7 17:23:55: | event_schedule called for 23765 seconds
>> Mar 7 17:23:55: | event_schedule_tv called for about 23765 seconds and
>> change
>> Mar 7 17:23:55: | inserting event EVENT_LOG_DAILY, timeout in
>> 23765.000000 seconds
>> Mar 7 17:23:55: | Setting up events, loop start
>> Mar 7 17:23:56: | calling addconn helper using execve
>> Mar 7 17:23:56: | entering aalg_getbyname_ike()
>> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
>> ak_bits=0 modp_id=14, cnt=1
>> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
>> ak_bits=0 modp_id=5, cnt=2
>> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2
>> ak_bits=0 modp_id=2, cnt=3
>> Mar 7 17:23:56: | entering aalg_getbyname_ike()
>> Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=7 ek_bits=0 aalg_id=2
>> ak_bits=0 modp_id=22, cnt=4
>> Mar 7 17:23:56: | find_host_pair_conn: 10.56.138.86:500 %any:500 ->
>> hp:none
>> Mar 7 17:23:56: | Added new connection vpnpsk with policy
>> PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
>> Mar 7 17:23:56: | from whack: got --esp=3des-sha1,aes-sha1
>> Mar 7 17:23:56: | phase2alg string values: 3DES(3)_000-SHA1(2)_000,
>> AES(12)_000-SHA1(2)_000
>> Mar 7 17:23:56: | ike (phase1) algorithm values:
>> 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14),
>> 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5),
>> 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)
>> Mar 7 17:23:56: | counting wild cards for 10.56.138.86 is 0
>> Mar 7 17:23:56: | counting wild cards for (none) is 15
>> Mar 7 17:23:56: | based upon policy, the connection is a template.
>> Mar 7 17:23:56: added connection description "vpnpsk"
>> Mar 7 17:23:56: | 10.56.138.86/32===10.56.138.86
>> <10.56.138.86>:17/1701---10.56.138.81...%any:17/%any
>> Mar 7 17:23:56: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
>> 540s; rekey_fuzz: 100%; keyingtries: 5; replay_window: 32; policy:
>> PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
>> Mar 7 17:23:56: listening for IKE messages
>> Mar 7 17:23:56: | Inspecting interface lo
>> Mar 7 17:23:56: | found lo with address 127.0.0.1
>> Mar 7 17:23:56: | Inspecting interface ens32
>> Mar 7 17:23:56: | found ens32 with address 10.56.138.86
>> Mar 7 17:23:56: | Inspecting interface virbr0
>> Mar 7 17:23:56: | found virbr0 with address 192.168.122.1
>> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:500
>> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
>> NAT-T family IPv4 (errno=19)
>> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
>> style NAT-T family IPv4
>> Mar 7 17:23:56: adding interface virbr0/virbr0 192.168.122.1:4500
>> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:500
>> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
>> NAT-T family IPv4 (errno=19)
>> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
>> style NAT-T family IPv4
>> Mar 7 17:23:56: adding interface ens32/ens32 10.56.138.86:4500
>> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:500
>> Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style
>> NAT-T family IPv4 (errno=19)
>> Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T
>> Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old
>> style NAT-T family IPv4
>> Mar 7 17:23:56: adding interface lo/lo 127.0.0.1:4500
>> Mar 7 17:23:56: | found lo with address
>> 0000:0000:0000:0000:0000:0000:0000:0001
>> Mar 7 17:23:56: adding interface lo/lo ::1:500
>> Mar 7 17:23:56: | connect_to_host_pair: 10.56.138.86:500 0.0.0.0:500 ->
>> hp:none
>> Mar 7 17:23:56: | setup callback for interface lo:500 fd 19
>> Mar 7 17:23:56: | setup callback for interface lo:4500 fd 18
>> Mar 7 17:23:56: | setup callback for interface lo:500 fd 17
>> Mar 7 17:23:56: | setup callback for interface ens32:4500 fd 16
>> Mar 7 17:23:56: | setup callback for interface ens32:500 fd 15
>> Mar 7 17:23:56: | setup callback for interface virbr0:4500 fd 14
>> Mar 7 17:23:56: | setup callback for interface virbr0:500 fd 13
>> Mar 7 17:23:56: | certs and keys locked by 'free_preshared_secrets'
>> Mar 7 17:23:56: | certs and keys unlocked by 'free_preshard_secrets'
>> Mar 7 17:23:56: loading secrets from "/etc/ipsec.secrets"
>> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK:
>> 125.16.240.98
>> Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: %any
>> Mar 7 17:23:56: | Processing PSK at line 1: passed
>> Mar 7 17:23:56: | certs and keys locked by 'process_secret'
>> Mar 7 17:23:56: | certs and keys unlocked by 'process_secret'
>> Mar 7 17:23:56: | reaped addconn helper child
>> Mar 7 17:23:56: reapchild failed with errno=10 No child processes
>> Mar 7 17:23:56: | *received 84 bytes from 106.216.143.95:11359 on ens32
>> (port=4500)
>> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c a2 29 a8 0f 40 0e 10 bf
>> Mar 7 17:23:56: | 0b 10 05 01 37 48 06 4c 00 00 00 54 17 dc ee 36
>> Mar 7 17:23:56: | 46 77 45 10 38 d5 53 d8 5f 19 24 80 55 b6 c1 ac
>> Mar 7 17:23:56: | 2f f3 54 f3 6f 61 65 08 d7 44 4c 4a 10 0f 41 1e
>> Mar 7 17:23:56: | 02 a6 36 a5 dd ba db 3d f8 7c 32 e7 9f 4b 64 38
>> Mar 7 17:23:56: | c6 76 cb f8
>> Mar 7 17:23:56: | **parse ISAKMP Message:
>> Mar 7 17:23:56: | initiator cookie:
>> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
>> Mar 7 17:23:56: | responder cookie:
>> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
>> Mar 7 17:23:56: | next payload type: ISAKMP_NEXT_N (0xb)
>> Mar 7 17:23:56: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
>> Mar 7 17:23:56: | exchange type: ISAKMP_XCHG_INFO (0x5)
>> Mar 7 17:23:56: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
>> Mar 7 17:23:56: | message ID: 37 48 06 4c
>> Mar 7 17:23:56: | length: 84 (0x54)
>> Mar 7 17:23:56: | processing version=1.0 packet with exchange
>> type=ISAKMP_XCHG_INFO (5)
>> Mar 7 17:23:56: | finding hash chain in state hash table
>> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
>> Mar 7 17:23:56: | RCOOKIE: a2 29 a8 0f 40 0e 10 bf
>> Mar 7 17:23:56: | found hash chain 14
>> Mar 7 17:23:56: | p15 state object not found
>> Mar 7 17:23:56: | finding hash chain in state hash table
>> Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c
>> Mar 7 17:23:56: | RCOOKIE: 00 00 00 00 00 00 00 00
>> Mar 7 17:23:56: | found hash chain 3
>> Mar 7 17:23:56: | v1 state object not found
>> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_icookie:
>> Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c
>> Mar 7 17:23:56: | - unknown SA's md->hdr.isa_rcookie:
>> Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf
>>
>>
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160307/bbd852f1/attachment-0001.html>
More information about the Swan
mailing list