[Swan] Pluto crashes - packet from <invalid>:24836: ABORT at /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
Srinivas Gudipudi
sgudipud at gmail.com
Fri Mar 18 01:26:29 UTC 2016
Hi,
I am having a Road Warrior config wherein a 4G Access Point is connecting
to Libreswan server behind a CGNAT. After the success of the Phase 1, the
Pluto crashes, can someone please help here.
ipsec.conf
version 2.0
config setup
dumpdir=/var/run/pluto/
plutodebug=all
logfile=/var/log/pluto.log
nat_traversal=yes
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
oe=off
protostack=netkey
nhelpers=0
interfaces=%defaultroute
# aggressive=yes
uniqueids=no
conn vpnpsk
connaddrfamily=ipv4
auto=add
aggrmode=yes
left=10.56.138.86
leftid=125.16.240.98
leftsubnet=10.56.138.86/32
leftnexthop=%defaultroute
leftprotoport=17/%any
rightprotoport=17/%any
right=0.0.0.0
rightsubnetwithin=0.0.0.0/0
rightid=@huawei01
forceencaps=yes
authby=secret
keyexchange=ike
pfs=no
type=tunnel
auth=esp
ike=aes-md5;modp1536
phase2alg=3des-sha1
rekey=yes
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
Pluto logs:
Mar 18 06:34:52: | SKEYID_e prf: update byte 2
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c5d0)
bytes(0x7fff38e0e2dc/1) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(288)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 02
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(289)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c5d0
Mar 18 06:34:52: | SKEYID_e prf: final
Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500)
to symkey - derive(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(289)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c5d0) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500
Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb40262850)
bytes(0x7fff38e0e280/64) - derive(XOR_BASE_AND_DATA)
target(CONCATENATE_BASE_AND_DATA)
Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(64)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2:
0x7ffb4025c5d0) - derive(CONCATENATE_BASE_AND_KEY)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c5d0) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | concat: key(0x7ffb40264020) length(80)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500
Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c5d0
Mar 18 06:34:52: | prf key: free key 0x7ffb40262850
Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40264020)
to symkey - derive(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb40264020) length(80)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | prf outer hash key(0x7ffb40262850) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | prf outer: free key 0x7ffb40264020
Mar 18 06:34:52: | prf final result key(0x7ffb40262850) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | crypt key: symkey from symkey(0x7ffb40262850) -
next-byte(0) key-size(16) flags(0x300) derive(EXTRACT_KEY_FROM_KEY)
target(AES_CBC)
Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | crypt key: key(0x7ffb40264020) length(16)
type/mechanism(AES_CBC 0x00001082)
Mar 18 06:34:52: | NSS: pointers skeyid_d 0x7ffb4025f7e0, skeyid_a
0x7ffb40260fc0, skeyid_e 0x7ffb40262850, enc_key 0x7ffb40264020
Mar 18 06:34:52: | DH_i: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2 a2
Mar 18 06:34:52: | DH_i: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb 79
Mar 18 06:34:52: | DH_i: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f c9
Mar 18 06:34:52: | DH_i: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a 59
Mar 18 06:34:52: | DH_i: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2 ba
Mar 18 06:34:52: | DH_i: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11 c3
Mar 18 06:34:52: | DH_i: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a 32
Mar 18 06:34:52: | DH_i: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b 91
Mar 18 06:34:52: | DH_i: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3 71
Mar 18 06:34:52: | DH_i: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f d3
Mar 18 06:34:52: | DH_i: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c 1e
Mar 18 06:34:52: | DH_i: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a d2
Mar 18 06:34:52: | DH_r: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b
Mar 18 06:34:52: | DH_r: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e f2
Mar 18 06:34:52: | DH_r: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13 66
Mar 18 06:34:52: | DH_r: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7 82
Mar 18 06:34:52: | DH_r: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6 ad
Mar 18 06:34:52: | DH_r: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17 1c
Mar 18 06:34:52: | DH_r: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05 33
Mar 18 06:34:52: | DH_r: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5
Mar 18 06:34:52: | DH_r: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da 1d
Mar 18 06:34:52: | DH_r: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02 02
Mar 18 06:34:52: | DH_r: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f 16
Mar 18 06:34:52: | DH_r: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51 2c
Mar 18 06:34:52: | end of IV generation
Mar 18 06:34:52: | crypto helper -1 finished compute dh+iv (V1 Phase 1);
request ID 4227595259 time elapsed 5006 usec
Mar 18 06:34:52: | aggr_inI1_outR1_continue2 for #1: calculated
ke+nonce+DH, sending R1
Mar 18 06:34:52: | processing connection "vpnpsk"[1] 106.220.15.162
Mar 18 06:34:52: | #1 aggr_inI1_outR1_continue2:139 st->st_calculating =
FALSE;
Mar 18 06:34:52: | thinking about whether to send my certificate:
Mar 18 06:34:52: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
Mar 18 06:34:52: | sendcert: CERT_ALWAYSSEND and I did not get a
certificate request
Mar 18 06:34:52: | so do not send cert.
Mar 18 06:34:52: | I did not send a certificate because digital signatures
are not being used. (PSK)
Mar 18 06:34:52: | I am not sending a certificate request
Mar 18 06:34:52: | **emit ISAKMP Message:
Mar 18 06:34:52: | initiator cookie:
Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25
Mar 18 06:34:52: | responder cookie:
Mar 18 06:34:52: | 91 3a 72 a7 ff 28 5a 10
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_SA (0x1)
Mar 18 06:34:52: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
Mar 18 06:34:52: | exchange type: ISAKMP_XCHG_AGGR (0x4)
Mar 18 06:34:52: | flags: none (0x0)
Mar 18 06:34:52: | message ID: 00 00 00 00
Mar 18 06:34:52: | ***emit ISAKMP Security Association Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_KE (0x4)
Mar 18 06:34:52: | DOI: ISAKMP_DOI_IPSEC (0x1)
Mar 18 06:34:52: | ****parse IPsec DOI SIT:
Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
Mar 18 06:34:52: | ****parse ISAKMP Proposal Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
Mar 18 06:34:52: | length: 48 (0x30)
Mar 18 06:34:52: | proposal number: 1 (0x1)
Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1)
Mar 18 06:34:52: | SPI size: 0 (0x0)
Mar 18 06:34:52: | number of transforms: 1 (0x1)
Mar 18 06:34:52: | *****parse ISAKMP Transform Payload (ISAKMP):
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
Mar 18 06:34:52: | length: 40 (0x28)
Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0)
Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1)
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
Mar 18 06:34:52: | length/value: 7 (0x7)
Mar 18 06:34:52: | [7 is OAKLEY_AES_CBC]
Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16,
keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_KEY_LENGTH (0x800e)
Mar 18 06:34:52: | length/value: 128 (0x80)
Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16,
keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
Mar 18 06:34:52: | length/value: 1 (0x1)
Mar 18 06:34:52: | [1 is OAKLEY_MD5]
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
Mar 18 06:34:52: | length/value: 1 (0x1)
Mar 18 06:34:52: | [1 is OAKLEY_PRESHARED_KEY]
Mar 18 06:34:52: | started looking for secret for 125.16.240.98->@huawei01
of kind PPK_PSK
Mar 18 06:34:52: | actually looking for secret for 125.16.240.98->@huawei01
of kind PPK_PSK
Mar 18 06:34:52: | line 2: key type PPK_PSK(125.16.240.98) to type PPK_PSK
Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2
Mar 18 06:34:52: | 2: compared key 10.56.138.86 to 125.16.240.98 /
@huawei01 -> 2
Mar 18 06:34:52: | line 2: match=2
Mar 18 06:34:52: | best_match 0>2 best=0x7ffb40254310 (line=2)
Mar 18 06:34:52: | line 1: key type PPK_PSK(125.16.240.98) to type PPK_PSK
Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2
Mar 18 06:34:52: | 2: compared key 125.16.240.98 to 125.16.240.98 /
@huawei01 -> 10
Mar 18 06:34:52: | line 1: match=10
Mar 18 06:34:52: | best_match 2>10 best=0x7ffb40254200 (line=1)
Mar 18 06:34:52: | concluding with best_match=10 best=0x7ffb40254200
(lineno=1)
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
Mar 18 06:34:52: | length/value: 5 (0x5)
Mar 18 06:34:52: | [5 is OAKLEY_GROUP_MODP1536]
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_LIFE_TYPE (0x800b)
Mar 18 06:34:52: | length/value: 1 (0x1)
Mar 18 06:34:52: | [1 is OAKLEY_LIFE_SECONDS]
Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
Mar 18 06:34:52: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
Mar 18 06:34:52: | length/value: 4 (0x4)
Mar 18 06:34:52: | long duration: 86400
Mar 18 06:34:52: | Oakley Transform 0 accepted
Mar 18 06:34:52: | ****emit IPsec DOI SIT:
Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
Mar 18 06:34:52: | ****emit ISAKMP Proposal Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
Mar 18 06:34:52: | proposal number: 1 (0x1)
Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1)
Mar 18 06:34:52: | SPI size: 0 (0x0)
Mar 18 06:34:52: | number of transforms: 1 (0x1)
Mar 18 06:34:52: | *****emit ISAKMP Transform Payload (ISAKMP):
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0)
Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1)
Mar 18 06:34:52: | emitting 32 raw bytes of attributes into ISAKMP
Transform Payload (ISAKMP)
Mar 18 06:34:52: | attributes 80 01 00 07 80 0e 00 80 80 02 00 01 80 03
00 01
Mar 18 06:34:52: | attributes 80 04 00 05 80 0b 00 01 00 0c 00 04 00 01
51 80
Mar 18 06:34:52: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
Mar 18 06:34:52: | emitting length of ISAKMP Proposal Payload: 48
Mar 18 06:34:52: | emitting length of ISAKMP Security Association Payload:
60
Mar 18 06:34:52: | ***emit ISAKMP Key Exchange Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONCE (0xa)
Mar 18 06:34:52: | emitting 192 raw bytes of keyex value into ISAKMP Key
Exchange Payload
Mar 18 06:34:52: | keyex value 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4
32 45 0b
Mar 18 06:34:52: | keyex value 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd
81 6e f2
Mar 18 06:34:52: | keyex value c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da
0d 13 66
Mar 18 06:34:52: | keyex value 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51
1f f7 82
Mar 18 06:34:52: | keyex value dc f9 53 2b d3 da 81 cf 59 cc e3 55 99
02 d6 ad
Mar 18 06:34:52: | keyex value 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58
a8 17 1c
Mar 18 06:34:52: | keyex value a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc
80 05 33
Mar 18 06:34:52: | keyex value 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00
46 e3 f5
Mar 18 06:34:52: | keyex value c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb
71 da 1d
Mar 18 06:34:52: | keyex value b1 03 bf e5 c7 11 52 33 81 db f2 e6 51
ec 02 02
Mar 18 06:34:52: | keyex value 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00
45 5f 16
Mar 18 06:34:52: | keyex value 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c
2e 51 2c
Mar 18 06:34:52: | emitting length of ISAKMP Key Exchange Payload: 196
Mar 18 06:34:52: | ***emit ISAKMP Nonce Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_ID (0x5)
Mar 18 06:34:52: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
Mar 18 06:34:52: | Nr 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c
Mar 18 06:34:52: | emitting length of ISAKMP Nonce Payload: 20
Mar 18 06:34:52: | ***emit ISAKMP Identification Payload (IPsec DOI):
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_HASH (0x8)
Mar 18 06:34:52: | ID type: ID_IPV4_ADDR (0x1)
Mar 18 06:34:52: | Protocol ID: 0 (0x0)
Mar 18 06:34:52: | port: 0 (0x0)
Mar 18 06:34:52: | emitting 4 raw bytes of my identity into ISAKMP
Identification Payload (IPsec DOI)
Mar 18 06:34:52: | my identity 7d 10 f0 62
Mar 18 06:34:52: | emitting length of ISAKMP Identification Payload (IPsec
DOI): 12
Mar 18 06:34:52: | hmac prf: init 0x7ffb4025f7a0
Mar 18 06:34:52: | hmac prf: init symkey symkey 0x7ffb4024e4c0 (length 16)
Mar 18 06:34:52: | hmac prf: update
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4024e4c0)
bytes(0x7ffb3e2cbe00/48) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4024e4c0) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c5d0) length(64)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0)
bytes(0x7fff38e0e810/64) - derive(XOR_BASE_AND_DATA)
target(CONCATENATE_BASE_AND_DATA)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
36
Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
36
Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
36
Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
36
Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402563d0 (length 192)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
bytes(0x7ffb402563d0/192) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | bytes: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45
0b
Mar 18 06:34:52: | bytes: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e
f2
Mar 18 06:34:52: | bytes: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13
66
Mar 18 06:34:52: | bytes: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7
82
Mar 18 06:34:52: | bytes: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6
ad
Mar 18 06:34:52: | bytes: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17
1c
Mar 18 06:34:52: | bytes: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05
33
Mar 18 06:34:52: | bytes: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3
f5
Mar 18 06:34:52: | bytes: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da
1d
Mar 18 06:34:52: | bytes: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02
02
Mar 18 06:34:52: | bytes: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f
16
Mar 18 06:34:52: | bytes: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51
2c
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(256)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40256200 (length 192)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
bytes(0x7ffb40256200/192) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(256)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2
a2
Mar 18 06:34:52: | bytes: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb
79
Mar 18 06:34:52: | bytes: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f
c9
Mar 18 06:34:52: | bytes: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a
59
Mar 18 06:34:52: | bytes: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2
ba
Mar 18 06:34:52: | bytes: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11
c3
Mar 18 06:34:52: | bytes: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a
32
Mar 18 06:34:52: | bytes: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b
91
Mar 18 06:34:52: | bytes: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3
71
Mar 18 06:34:52: | bytes: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f
d3
Mar 18 06:34:52: | bytes: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c
1e
Mar 18 06:34:52: | bytes: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a
d2
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(448)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e40 (length 8)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
bytes(0x7ffb40255e40/8) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(448)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 91 3a 72 a7 ff 28 5a 10
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(456)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e18 (length 8)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
bytes(0x7ffb40255e18/8) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(456)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 47 2c c4 e4 6e 5c ab 25
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(464)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
Mar 18 06:34:52: | hashing 56 bytes of SA
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402541a4 (length 56)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
bytes(0x7ffb402541a4/56) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(464)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00
01
Mar 18 06:34:52: | bytes: 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00
80
Mar 18 06:34:52: | bytes: 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00
01
Mar 18 06:34:52: | bytes: 00 0c 00 04 00 01 51 80
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(520)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb3e2d2df4 (length 8)
Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
bytes(0x7ffb3e2d2df4/8) - derive(CONCATENATE_BASE_AND_DATA)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(520)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 01 00 00 00 7d 10 f0 62
Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(528)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
Mar 18 06:34:52: | hmac prf: final
Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500)
to symkey - derive(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(528)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c410) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500
Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0)
bytes(0x7fff38e0e7f0/64) - derive(XOR_BASE_AND_DATA)
target(CONCATENATE_BASE_AND_DATA)
Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
5c
Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2:
0x7ffb4025c410) - derive(CONCATENATE_BASE_AND_KEY)
target(MD5_KEY_DERIVATION)
Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64)
type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c410) length(16)
type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
Mar 18 06:34:52: | concat: key(0x7ffb40265940) length(80)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500
Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c410
Mar 18 06:34:52: | prf key: free key 0x7ffb4025c5d0
Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40265940)
to bytes
Mar 18 06:34:52: | symkey: key(0x7ffb40265940) length(80)
type/mechanism(MD5_KEY_DERIVATION 0x00000390)
Mar 18 06:34:52: | prf outer hash 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a
b0 33 eb f0
Mar 18 06:34:52: | prf outer: free key 0x7ffb40265940
Mar 18 06:34:52: | prf final bytes 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a
b0 33 eb f0
Mar 18 06:34:52: | ***emit ISAKMP Hash Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
Mar 18 06:34:52: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload
Mar 18 06:34:52: | HASH_R 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb
f0
Mar 18 06:34:52: | emitting length of ISAKMP Hash Payload: 20
Mar 18 06:34:52: | out_vid(): sending [Dead Peer Detection]
Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID
Payload
Mar 18 06:34:52: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20
Mar 18 06:34:52: | out_vid(): sending [RFC 3947]
Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID
Payload
Mar 18 06:34:52: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20
Mar 18 06:34:52: | sending NAT-D payloads
Mar 18 06:34:52: | NAT-T: forceencaps=yes, so mangling hash to force NAT-T
detection
Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16)
Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25
Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10
Mar 18 06:34:52: | natd_hash: ip= 6a dc 0f a2
Mar 18 06:34:52: | natd_hash: port=0
Mar 18 06:34:52: | natd_hash: hash= 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55
43 3c 48 1d
Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
Mar 18 06:34:52: | NAT-D 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55 43 3c 48 1d
Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20
Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16)
Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25
Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10
Mar 18 06:34:52: | natd_hash: ip= 0a 38 8a 56
Mar 18 06:34:52: | natd_hash: port=0
Mar 18 06:34:52: | natd_hash: hash= b4 91 57 b8 2a aa 0d 47 96 90 e7 05
d7 bb 51 ef
Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload:
Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
Mar 18 06:34:52: | NAT-D b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef
Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20
Mar 18 06:34:52: | no IKEv1 message padding required
Mar 18 06:34:52: | emitting length of ISAKMP Message: 416
Mar 18 06:34:52: | complete v1 state transition with STF_OK
Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: transition from state
STATE_AGGR_R0 to state STATE_AGGR_R1
Mar 18 06:34:52: | peer supports dpd
Mar 18 06:34:52: | dpd is active locally
Mar 18 06:34:52: | parent state #1: STATE_AGGR_R1(open-ike) >
STATE_AGGR_R1(open-ike)
Mar 18 06:34:52: | ignore states: 0
Mar 18 06:34:52: | half-open-ike states: 0
Mar 18 06:34:52: | open-ike states: 1
Mar 18 06:34:52: | established-anonymous-ike states: 0
Mar 18 06:34:52: | established-authenticated-ike states: 0
Mar 18 06:34:52: | anonymous-ipsec states: 0
Mar 18 06:34:52: | authenticated-ipsec states: 0
Mar 18 06:34:52: | informational states: 0
Mar 18 06:34:52: | unknown states: 0
Mar 18 06:34:52: | category states: 1 count states: 1
Mar 18 06:34:52: | state: #1 requesting EVENT_SO_DISCARD to be deleted
Mar 18 06:34:52: | sending reply packet to 106.220.15.162:24836 (from port
500)
Mar 18 06:34:52: | sending 416 bytes for STATE_AGGR_R0 through ens32:500 to
106.220.15.162:24836 (using #1)
Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25 91 3a 72 a7 ff 28 5a 10
Mar 18 06:34:52: | 01 10 04 00 00 00 00 00 00 00 01 a0 04 00 00 3c
Mar 18 06:34:52: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
Mar 18 06:34:52: | 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00 80
Mar 18 06:34:52: | 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00 01
Mar 18 06:34:52: | 00 0c 00 04 00 01 51 80 0a 00 00 c4 38 84 ff 8d
Mar 18 06:34:52: | 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b 76 f2 a6 95
Mar 18 06:34:52: | 55 0b 73 52 97 15 61 05 cd 81 6e f2 c6 ed 33 07
Mar 18 06:34:52: | c5 dd c8 4c b7 43 ec 68 da 0d 13 66 12 d1 b9 88
Mar 18 06:34:52: | 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 dc f9 53 2b
Mar 18 06:34:52: | d3 da 81 cf 59 cc e3 55 99 02 d6 ad 11 cd 68 a6
Mar 18 06:34:52: | 42 77 50 6f 27 0e 63 ec 58 a8 17 1c a3 5c 2a 07
Mar 18 06:34:52: | c1 34 98 be a6 fa a9 82 fc 80 05 33 88 10 c8 da
Mar 18 06:34:52: | 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 c2 2d 97 46
Mar 18 06:34:52: | 99 3b 58 0a 63 4f 84 72 bb 71 da 1d b1 03 bf e5
Mar 18 06:34:52: | c7 11 52 33 81 db f2 e6 51 ec 02 02 18 81 63 ed
Mar 18 06:34:52: | 3a d8 83 09 2e b4 02 fc 00 45 5f 16 48 f7 f1 a8
Mar 18 06:34:52: | c5 f1 de e9 90 7d 48 60 5c 2e 51 2c 05 00 00 14
Mar 18 06:34:52: | 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c
Mar 18 06:34:52: | 08 00 00 0c 01 00 00 00 7d 10 f0 62 0d 00 00 14
Mar 18 06:34:52: | 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0
Mar 18 06:34:52: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
Mar 18 06:34:52: | 77 57 01 00 14 00 00 14 4a 13 1c 81 07 03 58 45
Mar 18 06:34:52: | 5c 57 28 f2 0e 95 45 2f 14 00 00 14 1e 78 b5 53
Mar 18 06:34:52: | ce 53 b1 03 33 9e 8e 55 43 3c 48 1d 00 00 00 14
Mar 18 06:34:52: | b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef
Mar 18 06:34:52: | event_schedule_ms called for about 500 ms
Mar 18 06:34:52: | event_schedule_tv called for about 0 seconds and change
Mar 18 06:34:52: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000
seconds for #1
Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: STATE_AGGR_R1: sent AR1,
expecting AI2
Mar 18 06:34:52: | modecfg pull: quirk-poll policy:push not-client
Mar 18 06:34:52: | phase 1 is done, looking for phase 2 to unpend
Mar 18 06:34:52: packet from <invalid>:24836: ASSERTION FAILED at
/opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207: dh->pcrc_md != NULL
Mar 18 06:34:52: packet from <invalid>:24836: ABORT at
/opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
packet from <invalid>:24836: ABORT at
/opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160318/04a5a85f/attachment-0001.html>
More information about the Swan
mailing list