<div dir="ltr">Hi,<div><br></div><div>In case it helps, please find below thye output of ipsec auto --status</div><div><br></div><div><div>[root@VM000003380 ~]# ipsec auto --status</div><div>000 using kernel interface: netkey</div><div>000 interface lo/lo ::1@500</div><div>000 interface lo/lo 127.0.0.1@4500</div><div>000 interface lo/lo 127.0.0.1@500</div><div>000 interface ens32/ens32 10.56.138.86@4500</div><div>000 interface ens32/ens32 10.56.138.86@500</div><div>000 interface virbr0/virbr0 192.168.122.1@4500</div><div>000 interface virbr0/virbr0 192.168.122.1@500</div><div>000 </div><div>000 </div><div>000 fips mode=disabled;</div><div>000 SElinux=enabled</div><div>000 </div><div>000 config setup options:</div><div>000 </div><div>000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset</div><div>000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec</div><div>000 pluto_version=3.16, pluto_vendorid=OE-Libreswan-3.16</div><div>000 nhelpers=0, uniqueids=yes, perpeerlog=no, shuntlifetime=900s, xfrmlifetime=300s</div><div>000 ddos-cookies-treshold=50000, ddos-max-halfopen=25000, ddos-mode=auto</div><div>000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>, nflog-all=0</div><div>000 secctx-attr-type=<unsupported></div><div>000 myid = (none)</div><div>000 debug raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo</div><div>000 </div><div>000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500</div><div>000 virtual-private (%priv):</div><div>000 - allowed subnets: <a href="http://10.0.0.0/8">10.0.0.0/8</a>, <a href="http://192.168.0.0/16">192.168.0.0/16</a>, <a href="http://172.16.0.0/12">172.16.0.0/12</a></div><div>000 - excluded subnet: <a href="http://192.168.42.0/24">192.168.42.0/24</a></div><div>000 </div><div>000 ESP algorithms supported:</div><div>000 </div><div>000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</div><div>000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=128, keysizemax=128</div><div>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0</div><div>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128</div><div>000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</div><div>000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256</div><div>000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384</div><div>000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512</div><div>000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160</div><div>000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC, keysizemin=128, keysizemax=128</div><div>000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0</div><div>000 </div><div>000 IKE algorithms supported:</div><div>000 </div><div>000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192</div><div>000 algorithm IKE encrypt: v1id=24, v1name=OAKLEY_CAMELLIA_CTR, v2id=24, v2name=CAMELLIA_CTR, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128</div><div>000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16</div><div>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20</div><div>000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32</div><div>000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48</div><div>000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64</div><div>000 algorithm IKE hash: id=9, name=DISABLED-OAKLEY_AES_XCBC, hashlen=16</div><div>000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024</div><div>000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536</div><div>000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048</div><div>000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072</div><div>000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096</div><div>000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144</div><div>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192</div><div>000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024</div><div>000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048</div><div>000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048</div><div>000 </div><div>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} </div><div>000 </div><div>000 Connection list:</div><div>000 </div><div>000 "vpnpsk": <a href="http://10.56.138.86/32===10.56.138.86">10.56.138.86/32===10.56.138.86</a><10.56.138.86>:17/1701---10.56.138.81...%any:17/%any; unrouted; eroute owner: #0</div><div>000 "vpnpsk": oriented; my_ip=unset; their_ip=unset</div><div>000 "vpnpsk": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]</div><div>000 "vpnpsk": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;</div><div>000 "vpnpsk": labeled_ipsec:no;</div><div>000 "vpnpsk": policy_label:unset;</div><div>000 "vpnpsk": ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5;</div><div>000 "vpnpsk": retransmit-interval: 500ms; retransmit-timeout: 60s;</div><div>000 "vpnpsk": sha2_truncbug:no; initial_contact:no; cisco_unity:no; fake_strongswan:no; send_vendorid:no;</div><div>000 "vpnpsk": policy: PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;</div><div>000 "vpnpsk": conn_prio: 32,32; interface: ens32; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset; mark: unset;</div><div>000 "vpnpsk": dpd: action:clear; delay:30; timeout:120; nat-t: force_encaps:yes; nat_keepalive:yes; ikev1_natt:both</div><div>000 "vpnpsk": newest ISAKMP SA: #0; newest IPsec SA: #0;</div><div>000 "vpnpsk": IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)</div><div>000 "vpnpsk": IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-MODP2048(14), 3DES_CBC(5)_192-SHA1(2)_160-MODP1536(5), 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2), AES_CBC(7)_128-SHA1(2)_160-DH22(22)</div><div>000 "vpnpsk": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000</div><div>000 "vpnpsk": ESP algorithms loaded: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000</div><div>000 "vpnpsk"[2]: <a href="http://10.56.138.86/32===10.56.138.86">10.56.138.86/32===10.56.138.86</a><10.56.138.86>:17/1701---10.56.138.81...106.216.172.126[@test]:17/0; unrouted; eroute owner: #0</div><div>000 "vpnpsk"[2]: oriented; my_ip=unset; their_ip=unset</div><div>000 "vpnpsk"[2]: xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]</div><div>000 "vpnpsk"[2]: modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;</div><div>000 "vpnpsk"[2]: labeled_ipsec:no;</div><div>000 "vpnpsk"[2]: policy_label:unset;</div><div>000 "vpnpsk"[2]: ike_life: 3600s; ipsec_life: 28800s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5;</div><div>000 "vpnpsk"[2]: retransmit-interval: 500ms; retransmit-timeout: 60s;</div><div>000 "vpnpsk"[2]: sha2_truncbug:no; initial_contact:no; cisco_unity:no; fake_strongswan:no; send_vendorid:no;</div><div>000 "vpnpsk"[2]: policy: PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;</div><div>000 "vpnpsk"[2]: conn_prio: 32,32; interface: ens32; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset; mark: unset;</div><div>000 "vpnpsk"[2]: dpd: action:clear; delay:30; timeout:120; nat-t: force_encaps:yes; nat_keepalive:yes; ikev1_natt:both</div><div>000 "vpnpsk"[2]: newest ISAKMP SA: #53; newest IPsec SA: #0;</div><div>000 "vpnpsk"[2]: IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)</div><div>000 "vpnpsk"[2]: IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-MODP2048(14), 3DES_CBC(5)_192-SHA1(2)_160-MODP1536(5), 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2), AES_CBC(7)_128-SHA1(2)_160-DH22(22)</div><div>000 "vpnpsk"[2]: IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024</div><div>000 "vpnpsk"[2]: ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000</div><div>000 "vpnpsk"[2]: ESP algorithms loaded: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000</div><div>000 </div><div>000 Total IPsec connections: loaded 2, active 0</div><div>000 </div><div>000 State Information: DDoS cookies not required, Accepting new IKE connections</div><div>000 IKE SAs: total(2), half-open(0), open(0), authenticated(2), anonymous(0)</div><div>000 IPsec SAs: total(2), authenticated(2), anonymous(0)</div><div>000 </div><div>000 #1: "vpnpsk"[2] <a href="http://106.216.172.126:33808">106.216.172.126:33808</a> STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 84978s; lastdpd=238s(seq in:2409 out:0); idle; import:not set</div><div>000 #62: "vpnpsk"[2] <a href="http://106.216.172.126:33808">106.216.172.126:33808</a> STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_v1_RETRANSMIT in 4s; isakmp#53; idle; import:not set</div><div>000 #62: "vpnpsk"[2] 106.216.172.126 <a href="mailto:esp.ddb2082@106.216.172.126">esp.ddb2082@106.216.172.126</a> <a href="mailto:esp.b2e58188@10.56.138.86">esp.b2e58188@10.56.138.86</a> ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=1800B </div><div>000 #61: "vpnpsk"[2] <a href="http://106.216.172.126:33808">106.216.172.126:33808</a> STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_v1_RETRANSMIT in 9s; isakmp#53; idle; import:not set</div><div>000 #61: "vpnpsk"[2] 106.216.172.126 <a href="mailto:esp.9add6be2@106.216.172.126">esp.9add6be2@106.216.172.126</a> <a href="mailto:esp.184ae3fb@10.56.138.86">esp.184ae3fb@10.56.138.86</a> ref=0 refhim=4294901761 Traffic: ESPin=0B ESPout=0B! ESPmax=1800B </div><div>000 #53: "vpnpsk"[2] <a href="http://106.216.172.126:33808">106.216.172.126:33808</a> STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 86163s; newest ISAKMP; lastdpd=207s(seq in:7458 out:0); idle; import:not set</div><div>000 </div><div>000 Bare Shunt list:</div><div>000 </div></div><div><br></div><div>Regards,</div><div>Srinivas</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 7, 2016 at 6:55 PM, Srinivas Gudipudi <span dir="ltr"><<a href="mailto:sgudipud@gmail.com" target="_blank">sgudipud@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>I tried restarting the Huawei device, that does not solve the problem:</div><div><br></div><div>The staus output from HUawei device is:</div><div><br></div><div><div>[test]dis ike sa</div><div> Conn-ID Peer VPN Flag(s) Phase </div><div> ---------------------------------------------------------------</div><div> 3804 125.16.240.98 0 2 </div><div> 3759 125.16.240.98 0 RD|ST 1 </div></div><div><br></div><div><br></div><div>I get this error in the pluto log, not sure what this means, possibly an ICMP packet being </div><div><br></div><div><div><div>Mar 7 18:30:40: | 02 00 64 06 6a d8 82 83 00 00 00 00 00 00 00 00</div><div>Mar 7 18:30:40: ERROR: asynchronous network error report on ens32 (sport=4500) for message to 106.216.130.131 port 25606, complainant <a href="http://106.216.130.131" target="_blank">106.216.130.131</a>: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]</div><div>Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for child state #5</div><div>Mar 7 18:30:40: | processing connection "vpnpsk"[2] 106.216.172.126</div><div>Mar 7 18:30:40: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126 "vpnpsk" #5 attempt 0 of 5</div><div>Mar 7 18:30:40: | sending 168 bytes for EVENT_v1_RETRANSMIT through ens32:4500 to <a href="http://106.216.172.126:33808" target="_blank">106.216.172.126:33808</a> (using #5)</div><div>Mar 7 18:30:40: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3</div><div>Mar 7 18:30:40: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4</div><div>Mar 7 18:30:40: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0</div><div>Mar 7 18:30:40: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4</div><div>Mar 7 18:30:40: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68</div><div>Mar 7 18:30:40: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18</div><div>Mar 7 18:30:40: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9</div><div>Mar 7 18:30:40: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16</div><div>Mar 7 18:30:40: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90</div><div>Mar 7 18:30:40: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21</div><div>Mar 7 18:30:40: | 68 da 64 64 7c 32 cb f6</div><div>Mar 7 18:30:40: | event_schedule_ms called for about 4000 ms</div><div>Mar 7 18:30:40: | event_schedule_tv called for about 4 seconds and change</div><div>Mar 7 18:30:40: | inserting event EVENT_v1_RETRANSMIT, timeout in 4.000000 seconds for #5</div><div>Mar 7 18:30:41: | handling event EVENT_SHUNT_SCAN</div><div>Mar 7 18:30:41: | expiring aged bare shunts</div><div>Mar 7 18:30:41: | event_schedule called for 20 seconds</div><div>Mar 7 18:30:41: | event_schedule_tv called for about 20 seconds and change</div><div>Mar 7 18:30:41: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds</div><div>Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for child state #5</div><div>Mar 7 18:30:44: | processing connection "vpnpsk"[2] 106.216.172.126</div><div>Mar 7 18:30:44: | handling event EVENT_v1_RETRANSMIT for 106.216.172.126 "vpnpsk" #5 attempt 0 of 5</div><div>Mar 7 18:30:44: | sending 168 bytes for EVENT_v1_RETRANSMIT through ens32:4500 to <a href="http://106.216.172.126:33808" target="_blank">106.216.172.126:33808</a> (using #5)</div><div>Mar 7 18:30:44: | 00 00 00 00 6c ba be 1a e4 fa f7 40 67 98 26 c3</div><div>Mar 7 18:30:44: | 9e 98 3b db 08 10 20 01 37 09 9b 2b 00 00 00 a4</div><div>Mar 7 18:30:44: | b0 90 4b 99 d5 18 ee 9d 4b 0a 33 e6 c5 2e ad f0</div><div>Mar 7 18:30:44: | a6 76 ef 15 5f 52 46 e5 0b 38 b0 b9 ee 48 3e d4</div><div>Mar 7 18:30:44: | a4 fd 11 23 33 89 bf db d5 57 93 eb 31 fe 6a 68</div><div>Mar 7 18:30:44: | d9 af 0d 13 7d f3 2f fa d8 41 89 40 eb 68 2d 18</div><div>Mar 7 18:30:44: | 3a b6 21 58 92 3c d0 a0 57 47 26 2f c6 8d 66 f9</div><div>Mar 7 18:30:44: | 7e a8 3c 9b 5b 92 0c 8b 6f a7 09 15 79 44 31 16</div><div>Mar 7 18:30:44: | c8 9c 49 79 e8 1d 46 bc c7 46 04 91 07 c3 25 90</div><div>Mar 7 18:30:44: | 20 0d d5 d6 00 19 d2 3b 9b 43 fd f1 c6 7e a9 21</div><div>Mar 7 18:30:44: | 68 da 64 64 7c 32 cb f6</div><div>Mar 7 18:30:44: | event_schedule_ms called for about 8000 ms</div><div>Mar 7 18:30:44: | event_schedule_tv called for about 8 seconds and change</div><div>Mar 7 18:30:44: | inserting event EVENT_v1_RETRANSMIT, timeout in 8.000000 second</div></div></div><div><br></div><div>Regards,</div><div>Srinivas</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 7, 2016 at 5:41 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>You received a packet from before you restarted. Try restarting other end?</div><div><br></div><div>Paul</div><div><br>Sent from my iPhone</div><div><div><div><br>On Mar 7, 2016, at 12:01, Srinivas Gudipudi <<a href="mailto:sgudipud@gmail.com" target="_blank">sgudipud@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi,<div><br></div><div>I am using Libreswan on RedHat to setup a VPN server, on the client side, I have a Huawei 4G router connected across a CGNAT network server to the Redhat server, which is the VPN server. I am placing the configurations below, I am able to get the phase 1 up, but the phase 2 is not estbalishing, can you please help here:</div><div><br></div><div><b>Huawei Router Config:</b></div><div><br></div><div><br></div><div><div> Peer name : spua</div><div> IKE version : Version one</div><div> Exchange mode : main on phase 1</div><div> Pre-shared-key cipher : %@%@6SzGWj[<u/%UUUW|E";TcxX^%@%@</div><div> Proposal : 5</div><div> Local ID type : IP</div><div> DPD : Enable</div><div> DPD mode : Periodic</div><div> DPD idle time : 120</div><div> DPD retransmit interval : 30</div><div> DPD retry limit : 5</div><div> Host name : </div><div> Peer IP address : 125.16.240.98(active)</div><div> Host name : </div><div> Peer IP address : </div><div> VPN name : </div><div> Local IP address : </div><div> Local name : </div><div> Remote name : </div><div> NAT-traversal : Enable</div><div> DPD request message : 94</div><div> DPD Ack message : 40</div><div> DPD fail time : 9</div><div> PKI realm : NULL</div><div> Lifetime notification : Disable</div></div><div><br></div><div><br></div><div><br></div><div><b>IPSec.conf:</b></div><div><br></div><div><br></div><div><div>version 2.0</div><div><br></div><div>config setup</div><div> dumpdir=/var/run/pluto/</div><div> nat_traversal=yes</div><div> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24</a></div><div> oe=off</div><div> protostack=netkey</div><div> nhelpers=0</div><div> interfaces=%defaultroute</div><div> plutodebug=all </div><div><br></div><div>conn vpnpsk</div><div> connaddrfamily=ipv4</div><div> auto=add</div><div> left=10.56.138.86</div><div> leftid=VM000003380</div><div> leftsubnet=<a href="http://10.56.138.86/32" target="_blank">10.56.138.86/32</a></div><div> leftnexthop=%defaultroute</div><div> leftprotoport=17/1701</div><div> rightprotoport=17/%any</div><div> right=%any</div><div> rightsubnetwithin=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div><div> forceencaps=yes</div><div> authby=secret</div><div> pfs=no</div><div> type=transport</div><div> auth=esp</div><div> ike=3des-sha1,aes-sha1;dh22</div><div> phase2alg=3des-sha1,aes-sha1</div><div> rekey=no</div><div> keyingtries=5</div><div> dpddelay=30</div><div> dpdtimeout=120</div><div> dpdaction=clear</div></div><div><br></div><div><br></div><div><b>Pluto Debug Log:</b></div><div><br></div><div><div>Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: encrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c</div><div>Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: decrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | sym_key: free key 0x7f3862948990</div><div>Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed</div><div>Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 128-bit key</div><div>Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</div><div>Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bb90/16) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</div><div>Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(32) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(16) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)</div><div>Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(32) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(16) type/mechanism(CAMELLIA_CBC 0x00000552)</div><div>Mar 7 17:23:55: | tmp:: free key 0x7f386294a210</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01</div><div>Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: encrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37</div><div>Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: decrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | sym_key: free key 0x7f3862948990</div><div>Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed</div><div>Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key</div><div>Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)</div><div>Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32) type/mechanism(CAMELLIA_CBC 0x00000552)</div><div>Mar 7 17:23:55: | tmp:: free key 0x7f386294a210</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: encrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d</div><div>Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: decrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | sym_key: free key 0x7f3862948990</div><div>Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed</div><div>Mar 7 17:23:55: | test_cbc_vector: Camellia: 16 bytes with 256-bit key</div><div>Mar 7 17:23:55: | decode_to_chunk: key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</div><div>Mar 7 17:23:55: | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00</div><div>Mar 7 17:23:55: | ephemeral_key: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | tmp: merge symkey(0x7f3862947260) bytes(0x7f386294bc10/32) - derive(CONCATENATE_DATA_AND_BASE) target(EXTRACT_KEY_FROM_KEY)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862947260) length(16) type/mechanism(AES_KEY_GEN 0x00001080)</div><div>Mar 7 17:23:55: | bytes: 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</div><div>Mar 7 17:23:55: | bytes: ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00</div><div>Mar 7 17:23:55: | tmp: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: symkey from symkey(0x7f386294a210) - next-byte(0) key-size(32) flags(0x0) derive(EXTRACT_KEY_FROM_KEY) target(CAMELLIA_CBC)</div><div>Mar 7 17:23:55: | symkey: key(0x7f386294a210) length(48) type/mechanism(EXTRACT_KEY_FROM_KEY 0x00000365)</div><div>Mar 7 17:23:55: | symkey: key(0x7f3862948990) length(32) type/mechanism(CAMELLIA_CBC 0x00000552)</div><div>Mar 7 17:23:55: | tmp:: free key 0x7f386294a210</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01</div><div>Mar 7 17:23:55: | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: encrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:55: | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23</div><div>Mar 7 17:23:55: | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 "</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23</div><div>Mar 7 17:23:55: | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01"</div><div>Mar 7 17:23:55: | decode_to_chunk: output: </div><div>Mar 7 17:23:55: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - enter</div><div>Mar 7 17:23:55: | NSS ike_alg_nss_cbc: camellia - exit</div><div>Mar 7 17:23:55: | compare_chunk: decrypt: ok</div><div>Mar 7 17:23:55: | compare_chunk: updated CBC IV: ok</div><div>Mar 7 17:23:55: | sym_key: free key 0x7f3862948990</div><div>Mar 7 17:23:55: | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed</div><div>Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok</div><div>Mar 7 17:23:55: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok</div><div>Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok</div><div>Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok</div><div>Mar 7 17:23:55: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok</div><div>Mar 7 17:23:55: no crypto helpers will be started; all cryptographic operations will be done inline</div><div>Mar 7 17:23:55: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-327.3.1.el7.x86_64</div><div>Mar 7 17:23:55: | process 2067 listening for PF_KEY_V2 on file descriptor 11</div><div>Mar 7 17:23:55: | kernel_alg_init()</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)</div><div>Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_8: Ok</div><div>Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_12: Ok</div><div>Mar 7 17:23:55: ike_alg_register_enc(): Activating aes_ccm_16: Ok</div><div>Mar 7 17:23:55: | Registered AEAD AES CCM/GCM algorithms</div><div>Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH </div><div>Mar 7 17:23:55: | 02 07 00 02 02 00 00 00 01 00 00 00 13 08 00 00</div><div>Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 1</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=72</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=251(ESP_KAME_NULL)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[0], exttype=14, satype=2, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=2(ESP_DES)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[1], exttype=14, satype=2, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=3(ESP_3DES)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[2], exttype=14, satype=2, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=5(ESP_IDEA)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[3], exttype=14, satype=2, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=6(ESP_CAST)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[4], exttype=14, satype=2, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=7(ESP_BLOWFISH)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[5], exttype=14, satype=2, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=8(ESP_3IDEA)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[6], exttype=14, satype=2, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=14, alg_id=9(ESP_DES_IV32)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[7], exttype=14, satype=2, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: sadb_msg_len=22 sadb_supported_len=88</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=11(ESP_NULL)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,11) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[8], exttype=15, satype=2, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=2(ESP_DES)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,2) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[9], exttype=15, satype=2, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=3(ESP_3DES)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,3) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[10], exttype=15, satype=2, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=6(ESP_CAST)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,6) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[11], exttype=15, satype=2, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=7(ESP_BLOWFISH)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,7) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[12], exttype=15, satype=2, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=12(ESP_AES)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,12) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[13], exttype=15, satype=2, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=252(ESP_SERPENT)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,252) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[14], exttype=15, satype=2, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=22(ESP_CAMELLIA)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,22) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[15], exttype=15, satype=2, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=253(ESP_TWOFISH)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,253) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[16], exttype=15, satype=2, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=-1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=2, exttype=15, alg_id=13(ESP_AES_CTR)</div><div>Mar 7 17:23:55: | kernel_alg_add(2,15,13) fails because alg combo is invalid</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_AH: alg[17], exttype=15, satype=2, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=-1</div><div>Mar 7 17:23:55: | AH registered with kernel.</div><div>Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP </div><div>Mar 7 17:23:55: | 02 07 00 03 02 00 00 00 02 00 00 00 13 08 00 00</div><div>Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 2</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=251</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=2</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=3</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=5</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=6</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=7</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=8</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32)</div><div>Mar 7 17:23:55: | kernel_alg_add(): discarding already setup satype=3, exttype=14, alg_id=9</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)</div><div>Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=2(ESP_DES) - too weak</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)</div><div>Mar 7 17:23:55: | kernel_alg_add(): Ignoring alg_id=7(ESP_BLOWFISH) - too weak</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=0</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1</div><div>Mar 7 17:23:55: | kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR)</div><div>Mar 7 17:23:55: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1</div><div>Mar 7 17:23:55: | ESP registered with kernel.</div><div>Mar 7 17:23:55: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP </div><div>Mar 7 17:23:55: | 02 07 00 09 02 00 00 00 03 00 00 00 13 08 00 00</div><div>Mar 7 17:23:55: | pfkey_get: K_SADB_REGISTER message 3</div><div>Mar 7 17:23:55: | IPCOMP registered with kernel.</div><div>Mar 7 17:23:55: | Registered AH, ESP and IPCOMP</div><div>Mar 7 17:23:55: | event_schedule called for 20 seconds</div><div>Mar 7 17:23:55: | event_schedule_tv called for about 20 seconds and change</div><div>Mar 7 17:23:55: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds</div><div>Mar 7 17:23:55: | setup kernel fd callback</div><div>Mar 7 17:23:55: | Could not change to legacy CRL directory '/etc/ipsec.d/crls': 2 No such file or directory</div><div>Mar 7 17:23:55: | event_schedule called for 23765 seconds</div><div>Mar 7 17:23:55: | event_schedule_tv called for about 23765 seconds and change</div><div>Mar 7 17:23:55: | inserting event EVENT_LOG_DAILY, timeout in 23765.000000 seconds</div><div>Mar 7 17:23:55: | Setting up events, loop start</div><div>Mar 7 17:23:56: | calling addconn helper using execve</div><div>Mar 7 17:23:56: | entering aalg_getbyname_ike()</div><div>Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=14, cnt=1</div><div>Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=5, cnt=2</div><div>Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=5 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=2, cnt=3</div><div>Mar 7 17:23:56: | entering aalg_getbyname_ike()</div><div>Mar 7 17:23:56: | raw_alg_info_ike_add() ealg_id=7 ek_bits=0 aalg_id=2 ak_bits=0 modp_id=22, cnt=4</div><div>Mar 7 17:23:56: | find_host_pair_conn: <a href="http://10.56.138.86:500" target="_blank">10.56.138.86:500</a> %any:500 -> hp:none</div><div>Mar 7 17:23:56: | Added new connection vpnpsk with policy PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW</div><div>Mar 7 17:23:56: | from whack: got --esp=3des-sha1,aes-sha1</div><div>Mar 7 17:23:56: | phase2alg string values: 3DES(3)_000-SHA1(2)_000, AES(12)_000-SHA1(2)_000</div><div>Mar 7 17:23:56: | ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP2048(14), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2), AES_CBC(7)_000-SHA1(2)_000-DH22(22)</div><div>Mar 7 17:23:56: | counting wild cards for 10.56.138.86 is 0</div><div>Mar 7 17:23:56: | counting wild cards for (none) is 15</div><div>Mar 7 17:23:56: | based upon policy, the connection is a template.</div><div>Mar 7 17:23:56: added connection description "vpnpsk"</div><div>Mar 7 17:23:56: | <a href="http://10.56.138.86/32===10.56.138.86" target="_blank">10.56.138.86/32===10.56.138.86</a><10.56.138.86>:17/1701---10.56.138.81...%any:17/%any</div><div>Mar 7 17:23:56: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5; replay_window: 32; policy: PSK+ENCRYPT+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW</div><div>Mar 7 17:23:56: listening for IKE messages</div><div>Mar 7 17:23:56: | Inspecting interface lo </div><div>Mar 7 17:23:56: | found lo with address 127.0.0.1</div><div>Mar 7 17:23:56: | Inspecting interface ens32 </div><div>Mar 7 17:23:56: | found ens32 with address 10.56.138.86</div><div>Mar 7 17:23:56: | Inspecting interface virbr0 </div><div>Mar 7 17:23:56: | found virbr0 with address 192.168.122.1</div><div>Mar 7 17:23:56: adding interface virbr0/virbr0 <a href="http://192.168.122.1:500" target="_blank">192.168.122.1:500</a></div><div>Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)</div><div>Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4</div><div>Mar 7 17:23:56: adding interface virbr0/virbr0 <a href="http://192.168.122.1:4500" target="_blank">192.168.122.1:4500</a></div><div>Mar 7 17:23:56: adding interface ens32/ens32 <a href="http://10.56.138.86:500" target="_blank">10.56.138.86:500</a></div><div>Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)</div><div>Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4</div><div>Mar 7 17:23:56: adding interface ens32/ens32 <a href="http://10.56.138.86:4500" target="_blank">10.56.138.86:4500</a></div><div>Mar 7 17:23:56: adding interface lo/lo <a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a></div><div>Mar 7 17:23:56: | NAT-Traversal: Trying new style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)</div><div>Mar 7 17:23:56: | NAT-Traversal: Trying old style NAT-T</div><div>Mar 7 17:23:56: | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4</div><div>Mar 7 17:23:56: adding interface lo/lo <a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a></div><div>Mar 7 17:23:56: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001</div><div>Mar 7 17:23:56: adding interface lo/lo ::1:500</div><div>Mar 7 17:23:56: | connect_to_host_pair: <a href="http://10.56.138.86:500" target="_blank">10.56.138.86:500</a> <a href="http://0.0.0.0:500" target="_blank">0.0.0.0:500</a> -> hp:none</div><div>Mar 7 17:23:56: | setup callback for interface lo:500 fd 19</div><div>Mar 7 17:23:56: | setup callback for interface lo:4500 fd 18</div><div>Mar 7 17:23:56: | setup callback for interface lo:500 fd 17</div><div>Mar 7 17:23:56: | setup callback for interface ens32:4500 fd 16</div><div>Mar 7 17:23:56: | setup callback for interface ens32:500 fd 15</div><div>Mar 7 17:23:56: | setup callback for interface virbr0:4500 fd 14</div><div>Mar 7 17:23:56: | setup callback for interface virbr0:500 fd 13</div><div>Mar 7 17:23:56: | certs and keys locked by 'free_preshared_secrets'</div><div>Mar 7 17:23:56: | certs and keys unlocked by 'free_preshard_secrets'</div><div>Mar 7 17:23:56: loading secrets from "/etc/ipsec.secrets"</div><div>Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: 125.16.240.98</div><div>Mar 7 17:23:56: | id type added to secret(0x7f3862951260) PPK_PSK: %any</div><div>Mar 7 17:23:56: | Processing PSK at line 1: passed</div><div>Mar 7 17:23:56: | certs and keys locked by 'process_secret'</div><div>Mar 7 17:23:56: | certs and keys unlocked by 'process_secret'</div><div>Mar 7 17:23:56: | reaped addconn helper child</div><div>Mar 7 17:23:56: reapchild failed with errno=10 No child processes</div><div>Mar 7 17:23:56: | *received 84 bytes from <a href="http://106.216.143.95:11359" target="_blank">106.216.143.95:11359</a> on ens32 (port=4500)</div><div>Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c a2 29 a8 0f 40 0e 10 bf</div><div>Mar 7 17:23:56: | 0b 10 05 01 37 48 06 4c 00 00 00 54 17 dc ee 36</div><div>Mar 7 17:23:56: | 46 77 45 10 38 d5 53 d8 5f 19 24 80 55 b6 c1 ac</div><div>Mar 7 17:23:56: | 2f f3 54 f3 6f 61 65 08 d7 44 4c 4a 10 0f 41 1e</div><div>Mar 7 17:23:56: | 02 a6 36 a5 dd ba db 3d f8 7c 32 e7 9f 4b 64 38</div><div>Mar 7 17:23:56: | c6 76 cb f8</div><div>Mar 7 17:23:56: | **parse ISAKMP Message:</div><div>Mar 7 17:23:56: | initiator cookie:</div><div>Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c</div><div>Mar 7 17:23:56: | responder cookie:</div><div>Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf</div><div>Mar 7 17:23:56: | next payload type: ISAKMP_NEXT_N (0xb)</div><div>Mar 7 17:23:56: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)</div><div>Mar 7 17:23:56: | exchange type: ISAKMP_XCHG_INFO (0x5)</div><div>Mar 7 17:23:56: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)</div><div>Mar 7 17:23:56: | message ID: 37 48 06 4c</div><div>Mar 7 17:23:56: | length: 84 (0x54)</div><div>Mar 7 17:23:56: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)</div><div>Mar 7 17:23:56: | finding hash chain in state hash table</div><div>Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c</div><div>Mar 7 17:23:56: | RCOOKIE: a2 29 a8 0f 40 0e 10 bf</div><div>Mar 7 17:23:56: | found hash chain 14</div><div>Mar 7 17:23:56: | p15 state object not found</div><div>Mar 7 17:23:56: | finding hash chain in state hash table</div><div>Mar 7 17:23:56: | ICOOKIE: b1 42 5c 7a 52 75 cb 8c</div><div>Mar 7 17:23:56: | RCOOKIE: 00 00 00 00 00 00 00 00</div><div>Mar 7 17:23:56: | found hash chain 3</div><div>Mar 7 17:23:56: | v1 state object not found</div><div>Mar 7 17:23:56: | - unknown SA's md->hdr.isa_icookie:</div><div>Mar 7 17:23:56: | b1 42 5c 7a 52 75 cb 8c</div><div>Mar 7 17:23:56: | - unknown SA's md->hdr.isa_rcookie:</div><div>Mar 7 17:23:56: | a2 29 a8 0f 40 0e 10 bf</div></div><div><br></div><div><br></div><div><br></div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Swan mailing list</span><br><span><a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a></span><br><span><a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a></span><br></div></blockquote></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>