[Swan] Pluto crashes - packet from <invalid>:24836: ABORT at /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
Srinivas Gudipudi
sgudipud at gmail.com
Fri Mar 18 17:53:10 UTC 2016
Hi,
Can someone please help me here.
Regards,
Srinivas
On Fri, Mar 18, 2016 at 6:56 AM, Srinivas Gudipudi <sgudipud at gmail.com>
wrote:
> Hi,
>
> I am having a Road Warrior config wherein a 4G Access Point is connecting
> to Libreswan server behind a CGNAT. After the success of the Phase 1, the
> Pluto crashes, can someone please help here.
>
> ipsec.conf
>
>
>
> version 2.0
>
> config setup
> dumpdir=/var/run/pluto/
> plutodebug=all
> logfile=/var/log/pluto.log
> nat_traversal=yes
> virtual_private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24
> oe=off
> protostack=netkey
> nhelpers=0
> interfaces=%defaultroute
> # aggressive=yes
> uniqueids=no
>
> conn vpnpsk
> connaddrfamily=ipv4
> auto=add
> aggrmode=yes
> left=10.56.138.86
> leftid=125.16.240.98
> leftsubnet=10.56.138.86/32
> leftnexthop=%defaultroute
> leftprotoport=17/%any
> rightprotoport=17/%any
> right=0.0.0.0
> rightsubnetwithin=0.0.0.0/0
> rightid=@huawei01
> forceencaps=yes
> authby=secret
> keyexchange=ike
> pfs=no
> type=tunnel
> auth=esp
> ike=aes-md5;modp1536
> phase2alg=3des-sha1
> rekey=yes
> keyingtries=5
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
>
>
>
> Pluto logs:
>
>
> Mar 18 06:34:52: | SKEYID_e prf: update byte 2
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c5d0)
> bytes(0x7fff38e0e2dc/1) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(288)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 02
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(289)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c5d0
> Mar 18 06:34:52: | SKEYID_e prf: final
> Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500)
> to symkey - derive(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(289)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c5d0) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500
> Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb40262850)
> bytes(0x7fff38e0e280/64) - derive(XOR_BASE_AND_DATA)
> target(CONCATENATE_BASE_AND_DATA)
> Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(64)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2:
> 0x7ffb4025c5d0) - derive(CONCATENATE_BASE_AND_KEY)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c5d0) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | concat: key(0x7ffb40264020) length(80)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500
> Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c5d0
> Mar 18 06:34:52: | prf key: free key 0x7ffb40262850
> Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40264020)
> to symkey - derive(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb40264020) length(80)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | prf outer hash key(0x7ffb40262850) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | prf outer: free key 0x7ffb40264020
> Mar 18 06:34:52: | prf final result key(0x7ffb40262850) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | crypt key: symkey from symkey(0x7ffb40262850) -
> next-byte(0) key-size(16) flags(0x300) derive(EXTRACT_KEY_FROM_KEY)
> target(AES_CBC)
> Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | crypt key: key(0x7ffb40264020) length(16)
> type/mechanism(AES_CBC 0x00001082)
> Mar 18 06:34:52: | NSS: pointers skeyid_d 0x7ffb4025f7e0, skeyid_a
> 0x7ffb40260fc0, skeyid_e 0x7ffb40262850, enc_key 0x7ffb40264020
> Mar 18 06:34:52: | DH_i: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2
> a2
> Mar 18 06:34:52: | DH_i: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb
> 79
> Mar 18 06:34:52: | DH_i: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f
> c9
> Mar 18 06:34:52: | DH_i: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a
> 59
> Mar 18 06:34:52: | DH_i: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2
> ba
> Mar 18 06:34:52: | DH_i: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11
> c3
> Mar 18 06:34:52: | DH_i: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a
> 32
> Mar 18 06:34:52: | DH_i: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b
> 91
> Mar 18 06:34:52: | DH_i: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3
> 71
> Mar 18 06:34:52: | DH_i: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f
> d3
> Mar 18 06:34:52: | DH_i: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c
> 1e
> Mar 18 06:34:52: | DH_i: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a
> d2
> Mar 18 06:34:52: | DH_r: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45
> 0b
> Mar 18 06:34:52: | DH_r: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e
> f2
> Mar 18 06:34:52: | DH_r: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13
> 66
> Mar 18 06:34:52: | DH_r: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7
> 82
> Mar 18 06:34:52: | DH_r: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6
> ad
> Mar 18 06:34:52: | DH_r: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17
> 1c
> Mar 18 06:34:52: | DH_r: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05
> 33
> Mar 18 06:34:52: | DH_r: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3
> f5
> Mar 18 06:34:52: | DH_r: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da
> 1d
> Mar 18 06:34:52: | DH_r: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02
> 02
> Mar 18 06:34:52: | DH_r: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f
> 16
> Mar 18 06:34:52: | DH_r: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51
> 2c
> Mar 18 06:34:52: | end of IV generation
> Mar 18 06:34:52: | crypto helper -1 finished compute dh+iv (V1 Phase 1);
> request ID 4227595259 time elapsed 5006 usec
> Mar 18 06:34:52: | aggr_inI1_outR1_continue2 for #1: calculated
> ke+nonce+DH, sending R1
> Mar 18 06:34:52: | processing connection "vpnpsk"[1] 106.220.15.162
> Mar 18 06:34:52: | #1 aggr_inI1_outR1_continue2:139 st->st_calculating =
> FALSE;
> Mar 18 06:34:52: | thinking about whether to send my certificate:
> Mar 18 06:34:52: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
> Mar 18 06:34:52: | sendcert: CERT_ALWAYSSEND and I did not get a
> certificate request
> Mar 18 06:34:52: | so do not send cert.
> Mar 18 06:34:52: | I did not send a certificate because digital signatures
> are not being used. (PSK)
> Mar 18 06:34:52: | I am not sending a certificate request
> Mar 18 06:34:52: | **emit ISAKMP Message:
> Mar 18 06:34:52: | initiator cookie:
> Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25
> Mar 18 06:34:52: | responder cookie:
> Mar 18 06:34:52: | 91 3a 72 a7 ff 28 5a 10
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_SA (0x1)
> Mar 18 06:34:52: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
> Mar 18 06:34:52: | exchange type: ISAKMP_XCHG_AGGR (0x4)
> Mar 18 06:34:52: | flags: none (0x0)
> Mar 18 06:34:52: | message ID: 00 00 00 00
> Mar 18 06:34:52: | ***emit ISAKMP Security Association Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_KE (0x4)
> Mar 18 06:34:52: | DOI: ISAKMP_DOI_IPSEC (0x1)
> Mar 18 06:34:52: | ****parse IPsec DOI SIT:
> Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
> Mar 18 06:34:52: | ****parse ISAKMP Proposal Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
> Mar 18 06:34:52: | length: 48 (0x30)
> Mar 18 06:34:52: | proposal number: 1 (0x1)
> Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1)
> Mar 18 06:34:52: | SPI size: 0 (0x0)
> Mar 18 06:34:52: | number of transforms: 1 (0x1)
> Mar 18 06:34:52: | *****parse ISAKMP Transform Payload (ISAKMP):
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
> Mar 18 06:34:52: | length: 40 (0x28)
> Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0)
> Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1)
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
> Mar 18 06:34:52: | length/value: 7 (0x7)
> Mar 18 06:34:52: | [7 is OAKLEY_AES_CBC]
> Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16,
> keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_KEY_LENGTH (0x800e)
> Mar 18 06:34:52: | length/value: 128 (0x80)
> Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16,
> keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
> Mar 18 06:34:52: | length/value: 1 (0x1)
> Mar 18 06:34:52: | [1 is OAKLEY_MD5]
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
> Mar 18 06:34:52: | length/value: 1 (0x1)
> Mar 18 06:34:52: | [1 is OAKLEY_PRESHARED_KEY]
> Mar 18 06:34:52: | started looking for secret for 125.16.240.98->@huawei01
> of kind PPK_PSK
> Mar 18 06:34:52: | actually looking for secret for
> 125.16.240.98->@huawei01 of kind PPK_PSK
> Mar 18 06:34:52: | line 2: key type PPK_PSK(125.16.240.98) to type PPK_PSK
> Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2
> Mar 18 06:34:52: | 2: compared key 10.56.138.86 to 125.16.240.98 /
> @huawei01 -> 2
> Mar 18 06:34:52: | line 2: match=2
> Mar 18 06:34:52: | best_match 0>2 best=0x7ffb40254310 (line=2)
> Mar 18 06:34:52: | line 1: key type PPK_PSK(125.16.240.98) to type PPK_PSK
> Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2
> Mar 18 06:34:52: | 2: compared key 125.16.240.98 to 125.16.240.98 /
> @huawei01 -> 10
> Mar 18 06:34:52: | line 1: match=10
> Mar 18 06:34:52: | best_match 2>10 best=0x7ffb40254200 (line=1)
> Mar 18 06:34:52: | concluding with best_match=10 best=0x7ffb40254200
> (lineno=1)
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
> Mar 18 06:34:52: | length/value: 5 (0x5)
> Mar 18 06:34:52: | [5 is OAKLEY_GROUP_MODP1536]
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_LIFE_TYPE (0x800b)
> Mar 18 06:34:52: | length/value: 1 (0x1)
> Mar 18 06:34:52: | [1 is OAKLEY_LIFE_SECONDS]
> Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute:
> Mar 18 06:34:52: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc)
> Mar 18 06:34:52: | length/value: 4 (0x4)
> Mar 18 06:34:52: | long duration: 86400
> Mar 18 06:34:52: | Oakley Transform 0 accepted
> Mar 18 06:34:52: | ****emit IPsec DOI SIT:
> Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
> Mar 18 06:34:52: | ****emit ISAKMP Proposal Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
> Mar 18 06:34:52: | proposal number: 1 (0x1)
> Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1)
> Mar 18 06:34:52: | SPI size: 0 (0x0)
> Mar 18 06:34:52: | number of transforms: 1 (0x1)
> Mar 18 06:34:52: | *****emit ISAKMP Transform Payload (ISAKMP):
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
> Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0)
> Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1)
> Mar 18 06:34:52: | emitting 32 raw bytes of attributes into ISAKMP
> Transform Payload (ISAKMP)
> Mar 18 06:34:52: | attributes 80 01 00 07 80 0e 00 80 80 02 00 01 80
> 03 00 01
> Mar 18 06:34:52: | attributes 80 04 00 05 80 0b 00 01 00 0c 00 04 00
> 01 51 80
> Mar 18 06:34:52: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
> Mar 18 06:34:52: | emitting length of ISAKMP Proposal Payload: 48
> Mar 18 06:34:52: | emitting length of ISAKMP Security Association Payload:
> 60
> Mar 18 06:34:52: | ***emit ISAKMP Key Exchange Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONCE (0xa)
> Mar 18 06:34:52: | emitting 192 raw bytes of keyex value into ISAKMP Key
> Exchange Payload
> Mar 18 06:34:52: | keyex value 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4
> 32 45 0b
> Mar 18 06:34:52: | keyex value 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd
> 81 6e f2
> Mar 18 06:34:52: | keyex value c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da
> 0d 13 66
> Mar 18 06:34:52: | keyex value 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51
> 1f f7 82
> Mar 18 06:34:52: | keyex value dc f9 53 2b d3 da 81 cf 59 cc e3 55 99
> 02 d6 ad
> Mar 18 06:34:52: | keyex value 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58
> a8 17 1c
> Mar 18 06:34:52: | keyex value a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc
> 80 05 33
> Mar 18 06:34:52: | keyex value 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00
> 46 e3 f5
> Mar 18 06:34:52: | keyex value c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb
> 71 da 1d
> Mar 18 06:34:52: | keyex value b1 03 bf e5 c7 11 52 33 81 db f2 e6 51
> ec 02 02
> Mar 18 06:34:52: | keyex value 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00
> 45 5f 16
> Mar 18 06:34:52: | keyex value 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c
> 2e 51 2c
> Mar 18 06:34:52: | emitting length of ISAKMP Key Exchange Payload: 196
> Mar 18 06:34:52: | ***emit ISAKMP Nonce Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_ID (0x5)
> Mar 18 06:34:52: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
> Mar 18 06:34:52: | Nr 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c
> Mar 18 06:34:52: | emitting length of ISAKMP Nonce Payload: 20
> Mar 18 06:34:52: | ***emit ISAKMP Identification Payload (IPsec DOI):
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_HASH (0x8)
> Mar 18 06:34:52: | ID type: ID_IPV4_ADDR (0x1)
> Mar 18 06:34:52: | Protocol ID: 0 (0x0)
> Mar 18 06:34:52: | port: 0 (0x0)
> Mar 18 06:34:52: | emitting 4 raw bytes of my identity into ISAKMP
> Identification Payload (IPsec DOI)
> Mar 18 06:34:52: | my identity 7d 10 f0 62
> Mar 18 06:34:52: | emitting length of ISAKMP Identification Payload (IPsec
> DOI): 12
> Mar 18 06:34:52: | hmac prf: init 0x7ffb4025f7a0
> Mar 18 06:34:52: | hmac prf: init symkey symkey 0x7ffb4024e4c0 (length 16)
> Mar 18 06:34:52: | hmac prf: update
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4024e4c0)
> bytes(0x7ffb3e2cbe00/48) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4024e4c0) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c5d0) length(64)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0)
> bytes(0x7fff38e0e810/64) - derive(XOR_BASE_AND_DATA)
> target(CONCATENATE_BASE_AND_DATA)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36
> Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36
> Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36
> Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36
> 36
> Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402563d0 (length 192)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
> bytes(0x7ffb402563d0/192) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | bytes: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45
> 0b
> Mar 18 06:34:52: | bytes: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e
> f2
> Mar 18 06:34:52: | bytes: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13
> 66
> Mar 18 06:34:52: | bytes: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7
> 82
> Mar 18 06:34:52: | bytes: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6
> ad
> Mar 18 06:34:52: | bytes: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17
> 1c
> Mar 18 06:34:52: | bytes: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05
> 33
> Mar 18 06:34:52: | bytes: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3
> f5
> Mar 18 06:34:52: | bytes: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da
> 1d
> Mar 18 06:34:52: | bytes: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02
> 02
> Mar 18 06:34:52: | bytes: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f
> 16
> Mar 18 06:34:52: | bytes: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51
> 2c
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(256)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40256200 (length 192)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
> bytes(0x7ffb40256200/192) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(256)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2
> a2
> Mar 18 06:34:52: | bytes: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb
> 79
> Mar 18 06:34:52: | bytes: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f
> c9
> Mar 18 06:34:52: | bytes: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a
> 59
> Mar 18 06:34:52: | bytes: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2
> ba
> Mar 18 06:34:52: | bytes: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11
> c3
> Mar 18 06:34:52: | bytes: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a
> 32
> Mar 18 06:34:52: | bytes: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b
> 91
> Mar 18 06:34:52: | bytes: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3
> 71
> Mar 18 06:34:52: | bytes: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f
> d3
> Mar 18 06:34:52: | bytes: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c
> 1e
> Mar 18 06:34:52: | bytes: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a
> d2
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(448)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e40 (length 8)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
> bytes(0x7ffb40255e40/8) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(448)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 91 3a 72 a7 ff 28 5a 10
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(456)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e18 (length 8)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
> bytes(0x7ffb40255e18/8) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(456)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 47 2c c4 e4 6e 5c ab 25
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(464)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
> Mar 18 06:34:52: | hashing 56 bytes of SA
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402541a4 (length 56)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500)
> bytes(0x7ffb402541a4/56) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(464)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00
> 01
> Mar 18 06:34:52: | bytes: 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00
> 80
> Mar 18 06:34:52: | bytes: 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00
> 01
> Mar 18 06:34:52: | bytes: 00 0c 00 04 00 01 51 80
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(520)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500
> Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb3e2d2df4 (length 8)
> Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410)
> bytes(0x7ffb3e2d2df4/8) - derive(CONCATENATE_BASE_AND_DATA)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(520)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 01 00 00 00 7d 10 f0 62
> Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(528)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410
> Mar 18 06:34:52: | hmac prf: final
> Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500)
> to symkey - derive(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(528)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c410) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500
> Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0)
> bytes(0x7fff38e0e7f0/64) - derive(XOR_BASE_AND_DATA)
> target(CONCATENATE_BASE_AND_DATA)
> Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c
> 5c
> Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2:
> 0x7ffb4025c410) - derive(CONCATENATE_BASE_AND_KEY)
> target(MD5_KEY_DERIVATION)
> Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64)
> type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362)
> Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c410) length(16)
> type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360)
> Mar 18 06:34:52: | concat: key(0x7ffb40265940) length(80)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500
> Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c410
> Mar 18 06:34:52: | prf key: free key 0x7ffb4025c5d0
> Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40265940)
> to bytes
> Mar 18 06:34:52: | symkey: key(0x7ffb40265940) length(80)
> type/mechanism(MD5_KEY_DERIVATION 0x00000390)
> Mar 18 06:34:52: | prf outer hash 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a
> b0 33 eb f0
> Mar 18 06:34:52: | prf outer: free key 0x7ffb40265940
> Mar 18 06:34:52: | prf final bytes 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a
> b0 33 eb f0
> Mar 18 06:34:52: | ***emit ISAKMP Hash Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
> Mar 18 06:34:52: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload
> Mar 18 06:34:52: | HASH_R 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb
> f0
> Mar 18 06:34:52: | emitting length of ISAKMP Hash Payload: 20
> Mar 18 06:34:52: | out_vid(): sending [Dead Peer Detection]
> Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
> Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID
> Payload
> Mar 18 06:34:52: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
> Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20
> Mar 18 06:34:52: | out_vid(): sending [RFC 3947]
> Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd)
> Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID
> Payload
> Mar 18 06:34:52: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20
> Mar 18 06:34:52: | sending NAT-D payloads
> Mar 18 06:34:52: | NAT-T: forceencaps=yes, so mangling hash to force NAT-T
> detection
> Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16)
> Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25
> Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10
> Mar 18 06:34:52: | natd_hash: ip= 6a dc 0f a2
> Mar 18 06:34:52: | natd_hash: port=0
> Mar 18 06:34:52: | natd_hash: hash= 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55
> 43 3c 48 1d
> Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
> Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
> Mar 18 06:34:52: | NAT-D 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55 43 3c 48
> 1d
> Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20
> Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16)
> Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25
> Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10
> Mar 18 06:34:52: | natd_hash: ip= 0a 38 8a 56
> Mar 18 06:34:52: | natd_hash: port=0
> Mar 18 06:34:52: | natd_hash: hash= b4 91 57 b8 2a aa 0d 47 96 90 e7 05
> d7 bb 51 ef
> Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload:
> Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0)
> Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload
> Mar 18 06:34:52: | NAT-D b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51
> ef
> Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20
> Mar 18 06:34:52: | no IKEv1 message padding required
> Mar 18 06:34:52: | emitting length of ISAKMP Message: 416
> Mar 18 06:34:52: | complete v1 state transition with STF_OK
> Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: transition from state
> STATE_AGGR_R0 to state STATE_AGGR_R1
> Mar 18 06:34:52: | peer supports dpd
> Mar 18 06:34:52: | dpd is active locally
> Mar 18 06:34:52: | parent state #1: STATE_AGGR_R1(open-ike) >
> STATE_AGGR_R1(open-ike)
> Mar 18 06:34:52: | ignore states: 0
> Mar 18 06:34:52: | half-open-ike states: 0
> Mar 18 06:34:52: | open-ike states: 1
> Mar 18 06:34:52: | established-anonymous-ike states: 0
> Mar 18 06:34:52: | established-authenticated-ike states: 0
> Mar 18 06:34:52: | anonymous-ipsec states: 0
> Mar 18 06:34:52: | authenticated-ipsec states: 0
> Mar 18 06:34:52: | informational states: 0
> Mar 18 06:34:52: | unknown states: 0
> Mar 18 06:34:52: | category states: 1 count states: 1
> Mar 18 06:34:52: | state: #1 requesting EVENT_SO_DISCARD to be deleted
> Mar 18 06:34:52: | sending reply packet to 106.220.15.162:24836 (from
> port 500)
> Mar 18 06:34:52: | sending 416 bytes for STATE_AGGR_R0 through ens32:500
> to 106.220.15.162:24836 (using #1)
> Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25 91 3a 72 a7 ff 28 5a 10
> Mar 18 06:34:52: | 01 10 04 00 00 00 00 00 00 00 01 a0 04 00 00 3c
> Mar 18 06:34:52: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
> Mar 18 06:34:52: | 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00 80
> Mar 18 06:34:52: | 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00 01
> Mar 18 06:34:52: | 00 0c 00 04 00 01 51 80 0a 00 00 c4 38 84 ff 8d
> Mar 18 06:34:52: | 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b 76 f2 a6 95
> Mar 18 06:34:52: | 55 0b 73 52 97 15 61 05 cd 81 6e f2 c6 ed 33 07
> Mar 18 06:34:52: | c5 dd c8 4c b7 43 ec 68 da 0d 13 66 12 d1 b9 88
> Mar 18 06:34:52: | 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 dc f9 53 2b
> Mar 18 06:34:52: | d3 da 81 cf 59 cc e3 55 99 02 d6 ad 11 cd 68 a6
> Mar 18 06:34:52: | 42 77 50 6f 27 0e 63 ec 58 a8 17 1c a3 5c 2a 07
> Mar 18 06:34:52: | c1 34 98 be a6 fa a9 82 fc 80 05 33 88 10 c8 da
> Mar 18 06:34:52: | 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 c2 2d 97 46
> Mar 18 06:34:52: | 99 3b 58 0a 63 4f 84 72 bb 71 da 1d b1 03 bf e5
> Mar 18 06:34:52: | c7 11 52 33 81 db f2 e6 51 ec 02 02 18 81 63 ed
> Mar 18 06:34:52: | 3a d8 83 09 2e b4 02 fc 00 45 5f 16 48 f7 f1 a8
> Mar 18 06:34:52: | c5 f1 de e9 90 7d 48 60 5c 2e 51 2c 05 00 00 14
> Mar 18 06:34:52: | 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c
> Mar 18 06:34:52: | 08 00 00 0c 01 00 00 00 7d 10 f0 62 0d 00 00 14
> Mar 18 06:34:52: | 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0
> Mar 18 06:34:52: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
> Mar 18 06:34:52: | 77 57 01 00 14 00 00 14 4a 13 1c 81 07 03 58 45
> Mar 18 06:34:52: | 5c 57 28 f2 0e 95 45 2f 14 00 00 14 1e 78 b5 53
> Mar 18 06:34:52: | ce 53 b1 03 33 9e 8e 55 43 3c 48 1d 00 00 00 14
> Mar 18 06:34:52: | b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef
> Mar 18 06:34:52: | event_schedule_ms called for about 500 ms
> Mar 18 06:34:52: | event_schedule_tv called for about 0 seconds and change
> Mar 18 06:34:52: | inserting event EVENT_v1_RETRANSMIT, timeout in
> 0.500000 seconds for #1
> Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: STATE_AGGR_R1: sent AR1,
> expecting AI2
> Mar 18 06:34:52: | modecfg pull: quirk-poll policy:push not-client
> Mar 18 06:34:52: | phase 1 is done, looking for phase 2 to unpend
> Mar 18 06:34:52: packet from <invalid>:24836: ASSERTION FAILED at
> /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207: dh->pcrc_md != NULL
> Mar 18 06:34:52: packet from <invalid>:24836: ABORT at
> /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
> packet from <invalid>:24836: ABORT at
> /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160318/d2701721/attachment-0001.html>
More information about the Swan
mailing list