localhost.localdomain
Thu Jul 23 10:15:49 IST 2009
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.21/K2.6.23.1-42.fc8 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.23.1-42.fc8 (kojibuilder@xenbuilder4.fedora.phx.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Tue Oct 30 13:55:12 EDT 2007
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.0.2     0.0.0.0         UG        0 0          0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src ::/0 dst ::/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir in priority 0 ptype main 
src ::/0 dst ::/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir out priority 0 ptype main 
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name         : deflate
driver       : deflate-generic
module       : deflate
priority     : 0
refcnt       : 1
type         : compression

name         : cbc(twofish)
driver       : cbc(twofish-generic)
module       : cbc
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16

name         : cbc(camellia)
driver       : cbc(camellia-generic)
module       : cbc
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16

name         : camellia
driver       : camellia-generic
module       : camellia
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16

name         : cbc(aes)
driver       : cbc(aes-generic)
module       : cbc
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16

name         : cbc(blowfish)
driver       : cbc(blowfish-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 4
max keysize  : 56
ivsize       : 8

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8

name         : cbc(des)
driver       : cbc(des-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 8

name         : ecb(cipher_null)
driver       : ecb(cipher_null-generic)
module       : ecb
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0

name         : xcbc(aes)
driver       : xcbc(aes-generic)
module       : xcbc
priority     : 100
refcnt       : 1
type         : hash
blocksize    : 16
digestsize   : 16

name         : hmac(sha256)
driver       : hmac(sha256-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 32

name         : hmac(sha1)
driver       : hmac(sha1-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 20

name         : hmac(md5)
driver       : hmac(md5-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 16

name         : hmac(digest_null)
driver       : hmac(digest_null-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 1
digestsize   : 0

name         : compress_null
driver       : compress_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : compression

name         : digest_null
driver       : digest_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 1
digestsize   : 0

name         : cipher_null
driver       : cipher_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : blowfish
driver       : blowfish-generic
module       : blowfish
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : twofish
driver       : twofish-generic
module       : twofish
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : sha256
driver       : sha256-generic
module       : sha256
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 32

name         : sha512
driver       : sha512-generic
module       : sha512
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 128
digestsize   : 48

name         : des3_ede
driver       : des3_ede-generic
module       : des
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : des
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : aes
driver       : aes-generic
module       : aes
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 32
digestsize   : 4

name         : sha1
driver       : sha1-generic
module       : kernel
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 16

+ __________________________/proc/sys/net/core/xfrm-star
/usr/local/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.3
000 interface eth0/eth0 192.168.0.3
000 interface eth1/eth1 192.168.1.5
000 interface eth1/eth1 192.168.1.5
000 interface virbr0/virbr0 192.168.122.1
000 interface virbr0/virbr0 192.168.122.1
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000  
000 virtual_private (%priv):
000 - allowed 3 subnets: 0.0.0.0/32, 192.168.0.0/16, 192.160.0.0/12
000 - disallowed 0 subnets: 
000 WARNING: Either virtual_private= was not specified, or there was a syntax 
000          error in that line. 'left/rightsubnet=%priv' will not work!
000  
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000  
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000  
000 "e61": 0.0.0.0/0===192.168.0.3[@foo.mydomain.org,MS+S=C]...%any[+MC+S=C]===192.168.0.3/32; unrouted; eroute owner: #0
000 "e61":     myip=unset; hisip=192.168.0.3;
000 "e61":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "e61":   policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW; prio: 0,32; interface: eth0; 
000 "e61":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "e61":   IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5); flags=-strict
000 "e61":   IKE algorithms found:  AES_CBC(7)_256-SHA1(2)_160-5, 
000 "e61":   ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "e61":   ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000  
000  
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:01:6C:9D:3E:45  
          inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::201:6cff:fe9d:3e45/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:832 errors:0 dropped:0 overruns:0 frame:0
          TX packets:880 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:103712 (101.2 KiB)  TX bytes:91523 (89.3 KiB)
          Interrupt:17 

eth1      Link encap:Ethernet  HWaddr 00:E0:4E:70:15:43  
          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:4eff:fe70:1543/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:708 (708.0 b)  TX bytes:5243 (5.1 KiB)
          Interrupt:21 Memory:d0200000-d02000ff 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4043 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3474824 (3.3 MiB)  TX bytes:3474824 (3.3 MiB)

sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:5553 (5.4 KiB)

+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:01:6c:9d:3e:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
    inet6 fe80::201:6cff:fe9d:3e45/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:e0:4e:70:15:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.5/24 brd 192.168.1.255 scope global eth1
    inet6 fe80::2e0:4eff:fe70:1543/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
    inet6 fe80::200:ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever
5: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.5 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.3 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
169.254.0.0/16 dev eth0  scope link 
default via 192.168.0.2 dev eth0 
+ _________________________ ip-rule-list
+ ip rule list
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.21/K2.6.23.1-42.fc8 (netkey)
Checking for IPsec support in kernel                        	[OK]
NETKEY detected, testing for disabled ICMP send_redirects   	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking for RSA private key (/etc/ipsec.secrets)           	[OK]
Checking that pluto is running                              	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[N/A]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: localhost.localdomain	[MISSING]
   Does the machine have at least one non-private address?  	[FAILED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
  product info: vendor 00:50:ef, model 14 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
SIOCGMIIPHY on 'eth1' failed: Operation not supported
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
 10:16:14 up 21 min,  5 users,  load average: 0.00, 0.03, 0.07
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0     0  5142  4714  20   0   4660  1140 wait   S+   pts/3      0:00      \_ /bin/sh /usr/local/libexec/ipsec/barf
0     0  5229  5142  20   0   1968   484 pipe_w S+   pts/3      0:00          \_ egrep -i ppid|pluto|ipsec|klips
1     0  5063     1  20   0   2624   420 wait   S    pts/3      0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all raw crypt parsing emitting control lifecycle klips dns oppo controlmore x509 pfkey nattraversal --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:0.0.0.0/32,%v4:192.168.0.0/16,%4:192.168.0.1/12 --crlcheckinterval 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1     0  5065  5063  20   0   2624   572 wait   S    pts/3      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug all raw crypt parsing emitting control lifecycle klips dns oppo controlmore x509 pfkey nattraversal --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:0.0.0.0/32,%v4:192.168.0.0/16,%4:192.168.0.1/12 --crlcheckinterval 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4     0  5069  5065  20   0   3352  1688 -      S    pts/3      0:00  |   \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-controlmore --debug-x509 --debug-pfkey --debug-nattraversal --use-netkey --uniqueids --nat_traversal --virtual_private %v4:0.0.0.0/32,%v4:192.168.0.0/16,%4:192.168.0.1/12
1     0  5071  5069  30  10   3356   768 -      SN   pts/3      0:00  |       \_ pluto helper  #  0                                                                                                                                                                                                                                                                                                                                                                                                                 
0     0  5066  5063  20   0   2624  1084 pipe_w S    pts/3      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 
0     0  5064     1  20   0   1740   544 pipe_w S    pts/3      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=none
routeaddr=192.168.0.3
routenexthop=192.168.0.2
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Do not set debug options to debug configuration issues!
	# plutodebug / klipsdebug = "all", "none" or a combation from below:
	# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
	# eg:
	 plutodebug="all"
	#
	# enable to get logs per-peer
	# plutoopts="--perpeerlog"
	#
	# Again: only enable plutodebug or klipsdebug when asked by a developer
	#
	# NAT-TRAVERSAL support, see README.NAT-Traversal
	nat_traversal=yes
	# exclude networks used on server side by adding %v4:!a.b.c.0/24
	virtual_private=%v4:0.0.0.0/32,%v4:192.168.0.0/16,%4:192.168.0.1/12
	# OE is now off by default. Uncomment and change to on, to enable.
#	OE=off
	# which IPsec stack to use. netkey,klips,mast,auto or none
	protostack=netkey
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug="none"
      #  plutodebug="none" 
        interfaces=%defaultroute 
                #interfaces="ipsec0=eth0"
	

# Add connections here

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
#		# Left security gateway, subnet behind it, nexthop toward right.
#		left=10.0.0.1
#		leftsubnet=172.16.0.0/24
#		leftnexthop=10.22.33.44
#		# Right security gateway, subnet behind it, nexthop toward left.
#		right=10.12.12.1
#		rightsubnet=192.168.0.0/24
#		rightnexthop=10.101.102.103
#		# To authorize this connection, but not actually start it, 
#		# at startup, uncomment this.
#		#auto=start


conn e61
        # Key exchange
        ike=aes256-sha1-modp1536
        # Data exchange
        esp=aes256-sha1
        # Authentication method PSK
        authby=secret
        auto=route
        keyingtries=3
        # Modeconfig setting
        modecfgpull=yes
        pfs=no
        rekey=no
        #leftid=@monkeyiq.example.org
        leftid=@foo.mydomain.org 
        left=%defaultroute
        leftsubnet=192.168.0.2/0
        leftrsasigkey=[sums to 7e5b...]
        leftmodecfgserver=yes
        leftxauthserver=no
        rightrsasigkey=[sums to 7e5b...]
        right=%any
        rightxauthclient=no
        rightmodecfgclient=yes
        rightsourceip=192.168.0.3
        rightsubnet=192.168.0.3/32

+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: RSA	{
	# RSA 2192 bits   localhost.localdomain   Mon Jun  1 11:31:15 2009
	# for signatures only, UNSAFE FOR ENCRYPTION
	#pubkey=[keyid AQOz4bY9h]
	Modulus: [...]
	PublicExponent: [...]
	# everything after this point is secret
	PrivateExponent: [...]
	Prime1: [...]
	Prime2: [...]
	Exponent1: [...]
	Exponent2: [...]
	Coefficient: [...]
	}
# do not change the indenting of that "[sums to 7d9d...]"

192.168.0.3 %any: PSK "[sums to d3b0...]"

+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000     18: PSK %any 192.168.0.3
000     1: RSA (none) (none)
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
#auto=ignore

+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#

# root name servers should be in the clear
192.168.0.2
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

#auto=ignore
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

#auto=ignore
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
#auto=ignore
#0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 240
-rwxr-xr-x 1 root root 12042 Jul 21 17:14 _copyright
-rwxr-xr-x 1 root root 12042 Jul 21 16:20 _copyright.old
-rwxr-xr-x 1 root root  2379 Jul 21 17:14 _include
-rwxr-xr-x 1 root root  2379 Jul 21 16:20 _include.old
-rwxr-xr-x 1 root root  1475 Jul 21 17:14 _keycensor
-rwxr-xr-x 1 root root  1475 Jul 21 16:20 _keycensor.old
-rwxr-xr-x 1 root root  2632 Jul 21 17:14 _plutoload
-rwxr-xr-x 1 root root  2632 Jul 21 16:20 _plutoload.old
-rwxr-xr-x 1 root root  7635 Jul 21 17:14 _plutorun
-rwxr-xr-x 1 root root  7635 Jul 21 16:20 _plutorun.old
-rwxr-xr-x 1 root root 12771 Jul 21 17:14 _realsetup
-rwxr-xr-x 1 root root 12771 Jul 21 16:20 _realsetup.old
-rwxr-xr-x 1 root root  1975 Jul 21 17:14 _secretcensor
-rwxr-xr-x 1 root root  1975 Jul 21 16:20 _secretcensor.old
-rwxr-xr-x 1 root root  8567 Jul 21 17:14 _startklips
-rwxr-xr-x 1 root root  8567 Jul 21 17:14 _startklips.old
-rwxr-xr-x 1 root root  5923 Jul 21 17:14 _startnetkey
-rwxr-xr-x 1 root root  5923 Jul 21 16:20 _startnetkey.old
-rwxr-xr-x 1 root root  4886 Jul 21 17:14 _updown
-rwxr-xr-x 1 root root 14030 Jul 21 17:14 _updown.klips
-rwxr-xr-x 1 root root 14030 Jul 21 17:14 _updown.klips.old
-rwxr-xr-x 1 root root 11798 Jul 21 17:14 _updown.mast
-rwxr-xr-x 1 root root 11798 Jul 21 17:14 _updown.mast.old
-rwxr-xr-x 1 root root  8534 Jul 21 17:14 _updown.netkey
-rwxr-xr-x 1 root root  8534 Jul 21 16:20 _updown.netkey.old
-rwxr-xr-x 1 root root  4886 Jul 21 16:20 _updown.old
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 15092
-rwxr-xr-x 1 root root   14218 May  6 19:15 _copyright
-rwxr-xr-x 1 root root   28391 May  6 19:15 _pluto_adns
-rwxr-xr-x 1 root root   21422 May  6 19:15 _updown
-rwxr-xr-x 1 root root   14061 May  6 19:15 _updown_espmark
-rwxr-xr-x 1 root root  386763 Jul 21 17:14 addconn
-rwxr-xr-x 1 root root  386763 Jul 21 16:20 addconn.old
-rwxr-xr-x 1 root root    6129 Jul 21 17:14 auto
-rwxr-xr-x 1 root root    6129 Jul 21 16:20 auto.old
-rwxr-xr-x 1 root root   10758 Jul 21 17:14 barf
-rwxr-xr-x 1 root root   10758 Jul 21 16:20 barf.old
-rwxr-xr-x 1 root root 2758472 May  6 19:15 charon
-rwxr-xr-x 1 root root  168056 Jul 21 17:14 eroute
-rwxr-xr-x 1 root root  168056 Jul 21 16:20 eroute.old
-rwxr-xr-x 1 root root   48150 Jul 21 17:14 ikeping
-rwxr-xr-x 1 root root   48150 Jul 21 16:20 ikeping.old
-rwxr-xr-x 1 root root  112257 Jul 21 17:14 klipsdebug
-rwxr-xr-x 1 root root  112257 Jul 21 16:20 klipsdebug.old
-rwxr-xr-x 1 root root    2591 Jul 21 17:14 look
-rwxr-xr-x 1 root root    2591 Jul 21 16:20 look.old
-rwxr-xr-x 1 root root  869950 Jul 21 17:14 lwdnsq
-rwxr-xr-x 1 root root  869950 Jul 21 16:20 lwdnsq.old
-rwxr-xr-x 1 root root    1921 Jul 21 17:14 newhostkey
-rwxr-xr-x 1 root root    1921 Jul 21 16:20 newhostkey.old
-rwxr-xr-x 1 root root   35263 May  6 19:15 openac
-rwxr-xr-x 1 root root  102759 Jul 21 17:14 pf_key
-rwxr-xr-x 1 root root  102759 Jul 21 16:20 pf_key.old
drwxr-xr-x 2 root root    4096 May  6 19:15 plugins
-rwxr-xr-x 1 root root 2760522 Jul 21 17:14 pluto
-rwxr-xr-x 1 root root 2760522 Jul 21 16:20 pluto.old
-rwxr-xr-x 1 root root   16641 Jul 21 17:14 ranbits
-rwxr-xr-x 1 root root   16641 Jul 21 16:20 ranbits.old
-rwxr-xr-x 1 root root   36792 Jul 21 17:14 rsasigkey
-rwxr-xr-x 1 root root   36792 Jul 21 16:20 rsasigkey.old
-rwxr-xr-x 1 root root  584564 May  6 19:15 scepclient
-rwxr-xr-x 1 root root     766 Jul 21 17:14 secrets
-rwxr-xr-x 1 root root     766 Jul 21 16:20 secrets.old
lrwxrwxrwx 1 root root      22 Jul 21 17:14 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root    1054 Jul 21 17:14 showdefaults
-rwxr-xr-x 1 root root    1054 Jul 21 16:20 showdefaults.old
-rwxr-xr-x 1 root root  474103 Jul 21 17:14 showhostkey
-rwxr-xr-x 1 root root  474103 Jul 21 16:20 showhostkey.old
-rwxr-xr-x 1 root root   62576 Jul 21 17:14 showpolicy
-rwxr-xr-x 1 root root   62576 Jul 21 16:20 showpolicy.old
-rwxr-xr-x 1 root root  281193 Jul 21 17:14 spi
-rwxr-xr-x 1 root root  281193 Jul 21 16:20 spi.old
-rwxr-xr-x 1 root root  143276 Jul 21 17:14 spigrp
-rwxr-xr-x 1 root root  143276 Jul 21 16:20 spigrp.old
-rwxr-xr-x 1 root root  287224 May  6 19:15 starter
-rwxr-xr-x 1 root root   26039 May  6 19:15 stroke
-rwxr-xr-x 1 root root  121657 Jul 21 17:14 tncfg
-rwxr-xr-x 1 root root  121657 Jul 21 16:20 tncfg.old
-rwxr-xr-x 1 root root   13026 Jul 21 17:14 verify
-rwxr-xr-x 1 root root   13026 Jul 21 16:20 verify.old
-rwxr-xr-x 1 root root  109137 Jul 21 17:14 whack
-rwxr-xr-x 1 root root  109137 Jul 21 16:20 whack.old
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo: 3476360    4059    0    0    0     0          0         0  3476360    4059    0    0    0     0       0          0
  eth0:  108048     866    0    0    0     0          0        73    95163     910    0    0    0     0       0          0
  eth1:     708       8    0    0    0     0          0         0     5243      29    0    0    0     0       0          0
virbr0:       0       0    0    0    0     0          0         0     5553      38    0    0    0     0       0          0
  sit0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
eth1	0001A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
eth0	0000A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
virbr0	007AA8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                             
eth0	0000FEA9	00000000	0001	0	0	0	0000FFFF	0	0	0                                                                               
eth0	00000000	0200A8C0	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter sit0/rp_filter virbr0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:0
sit0/rp_filter:1
virbr0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects sit0/accept_redirects sit0/secure_redirects sit0/send_redirects virbr0/accept_redirects virbr0/secure_redirects virbr0/send_redirects
all/accept_redirects:0
all/secure_redirects:0
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:0
default/send_redirects:0
eth0/accept_redirects:1
eth0/secure_redirects:0
eth0/send_redirects:1
eth1/accept_redirects:0
eth1/secure_redirects:0
eth1/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:0
lo/send_redirects:0
sit0/accept_redirects:0
sit0/secure_redirects:0
sit0/send_redirects:0
virbr0/accept_redirects:0
virbr0/secure_redirects:0
virbr0/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 8 (Werewolf)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.23.1-42.fc8) support detected '
NETKEY (2.6.23.1-42.fc8) support detected 
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 3832 packets, 538K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT 3930 packets, 547K bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 74 packets, 24774 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 2074 packets, 143K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24     0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 2074 packets, 143K bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 6337 0 - Live 0xe043f000
ah6 9793 0 - Live 0xe057b000
ah4 8641 0 - Live 0xe0556000
esp6 9793 0 - Live 0xe049e000
esp4 9793 0 - Live 0xe049a000
xfrm4_mode_beet 6337 0 - Live 0xe0493000
xfrm4_tunnel 6337 0 - Live 0xe048c000
xfrm4_mode_tunnel 6465 0 - Live 0xe0489000
xfrm4_mode_transport 5825 0 - Live 0xe045f000
xfrm6_mode_transport 5825 0 - Live 0xe045c000
xfrm6_mode_ro 5697 0 - Live 0xe0459000
xfrm6_mode_beet 6081 0 - Live 0xe0456000
xfrm6_mode_tunnel 6465 0 - Live 0xe0442000
ipcomp 9545 0 - Live 0xe0452000
ipcomp6 9673 0 - Live 0xe0294000
xfrm6_tunnel 9953 1 ipcomp6, Live 0xe043b000
af_key 38097 0 - Live 0xe0447000
sit 12069 0 - Live 0xe0563000
i915 23745 2 - Live 0xe055c000
drm 67028 3 i915, Live 0xe0569000
ipt_MASQUERADE 6721 1 - Live 0xe0547000
iptable_nat 9669 1 - Live 0xe0543000
nf_nat 18669 2 ipt_MASQUERADE,iptable_nat, Live 0xe04e5000
nf_conntrack_ipv4 11717 3 iptable_nat, Live 0xe053a000
ipt_REJECT 7617 2 - Live 0xe0537000
iptable_filter 6465 1 - Live 0xe0534000
ip_tables 14213 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xe04c8000
bridge 46809 0 - Live 0xe0513000
deflate 6721 0 - Live 0xe04e2000
zlib_deflate 21465 1 deflate, Live 0xe04fc000
camellia 36033 0 - Live 0xe052a000
rfcomm 36825 0 - Live 0xe0520000
l2cap 25537 9 rfcomm, Live 0xe04f4000
crypto_null 6465 0 - Live 0xe04d2000
bluetooth 49316 4 rfcomm,l2cap, Live 0xe0505000
serpent 28993 0 - Live 0xe04eb000
blowfish 12353 0 - Live 0xe04cd000
twofish 11585 0 - Live 0xe048f000
twofish_common 39489 1 twofish, Live 0xe04d7000
ecb 6721 0 - Live 0xe04c5000
xcbc 8649 0 - Live 0xe04c1000
cbc 7617 0 - Live 0xe0486000
sha256 15169 0 - Live 0xe04b7000
sha512 13121 0 - Live 0xe04bc000
des 20161 0 - Live 0xe04a7000
aes 31489 0 - Live 0xe04ae000
blkcipher 9029 2 ecb,cbc, Live 0xe04a3000
tunnel4 6857 2 xfrm4_tunnel,sit, Live 0xe0338000
tunnel6 6857 1 xfrm6_tunnel, Live 0xe0335000
autofs4 20421 2 - Live 0xe0319000
sunrpc 140765 1 - Live 0xe0462000
nf_conntrack_ipv6 18769 2 - Live 0xe0320000
xt_state 6081 3 - Live 0xe0316000
nf_conntrack 51977 6 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live 0xe0327000
nfnetlink 8281 4 nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,nf_conntrack, Live 0xe0312000
xt_tcpudp 6977 8 - Live 0xe02f4000
ip6t_ipv6header 6209 2 - Live 0xe029d000
ip6t_REJECT 8257 2 - Live 0xe02f0000
ip6table_filter 6337 1 - Live 0xe021d000
ip6_tables 15109 2 ip6t_ipv6header,ip6table_filter, Live 0xe030d000
x_tables 14277 9 ipt_MASQUERADE,iptable_nat,ipt_REJECT,ip_tables,xt_state,xt_tcpudp,ip6t_ipv6header,ip6t_REJECT,ip6_tables, Live 0xe0308000
cpufreq_ondemand 10317 2 - Live 0xe0283000
acpi_cpufreq 12365 0 - Live 0xe0303000
loop 16581 0 - Live 0xe02fd000
dm_multipath 18249 0 - Live 0xe02f7000
ipv6 245989 33 ah6,esp6,xfrm6_mode_beet,ipcomp6,xfrm6_tunnel,sit,tunnel6,nf_conntrack_ipv6,ip6t_REJECT, Live 0xe0380000
snd_hda_intel 274657 4 - Live 0xe033b000
snd_seq_dummy 6725 0 - Live 0xe0287000
snd_seq_oss 29889 0 - Live 0xe02bc000
snd_seq_midi_event 9793 1 snd_seq_oss, Live 0xe0290000
snd_seq 44849 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live 0xe02d6000
snd_seq_device 10061 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xe0250000
snd_pcm_oss 37569 0 - Live 0xe02b1000
snd_mixer_oss 16705 2 snd_pcm_oss, Live 0xe017a000
snd_pcm 63685 2 snd_hda_intel,snd_pcm_oss, Live 0xe02c5000
sc92031 16453 0 - Live 0xe028a000
snd_timer 20549 2 snd_seq,snd_pcm, Live 0xe0258000
snd_page_alloc 11337 2 snd_hda_intel,snd_pcm, Live 0xe0254000
parport_pc 26981 0 - Live 0xe025f000
button 10321 0 - Live 0xe024c000
i2c_i801 12113 0 - Live 0xe0212000
snd_hwdep 10309 1 snd_hda_intel, Live 0xe020e000
i2c_core 21825 1 i2c_i801, Live 0xe0216000
tg3 98885 0 - Live 0xe0269000
parport 32393 1 parport_pc, Live 0xe0243000
snd 43461 15 snd_hda_intel,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep, Live 0xe0237000
iTCO_wdt 13797 0 - Live 0xe0056000
soundcore 9633 2 snd, Live 0xe0149000
iTCO_vendor_support 7109 1 iTCO_wdt, Live 0xe0146000
sg 31965 0 - Live 0xe022e000
floppy 53125 0 - Live 0xe0220000
dm_snapshot 17765 0 - Live 0xe0155000
dm_zero 5825 0 - Live 0xe0063000
dm_mirror 21569 0 - Live 0xe014e000
dm_mod 46209 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror, Live 0xe0201000
ata_generic 8901 0 - Live 0xe005f000
ata_piix 16709 2 - Live 0xe0140000
libata 99633 2 ata_generic,ata_piix, Live 0xe015e000
sd_mod 27329 3 - Live 0xe0069000
scsi_mod 119757 3 sg,libata,sd_mod, Live 0xe0101000
ext3 110665 2 - Live 0xe0123000
jbd 52457 1 ext3, Live 0xe0071000
mbcache 10177 1 ext3, Live 0xe005b000
uhci_hcd 23633 0 - Live 0xe003e000
ohci_hcd 21445 0 - Live 0xe004f000
ehci_hcd 31693 0 - Live 0xe0046000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:       505500 kB
MemFree:          6916 kB
Buffers:         46916 kB
Cached:         181320 kB
SwapCached:          0 kB
Active:         237396 kB
Inactive:       157072 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       505500 kB
LowFree:          6916 kB
SwapTotal:     1015800 kB
SwapFree:      1015800 kB
Dirty:             156 kB
Writeback:           0 kB
AnonPages:      166232 kB
Mapped:          54348 kB
Slab:            14832 kB
SReclaimable:     7164 kB
SUnreclaim:       7668 kB
PageTables:       5128 kB
NFS_Unstable:        0 kB
Bounce:              0 kB
CommitLimit:   1268548 kB
Committed_AS:   626912 kB
VmallocTotal:   516088 kB
VmallocUsed:      6156 kB
VmallocChunk:   509556 kB
HugePages_Total:     0
HugePages_Free:      0
HugePages_Rsvd:      0
Hugepagesize:     4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.23.1-42.fc8/build/.config
++ uname -r
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
+ cat /lib/modules/2.6.23.1-42.fc8/build/.config
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
CONFIG_IP_DCCP_ACKVEC=y
CONFIG_IP_DCCP_CCID2=m
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_CCID3_RTO=100
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
# CONFIG_IPW2200_DEBUG is not set
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_GEODE=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_GEODE=m
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf


search mydomain.org
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x 7 root root 4096 Apr 30 14:56 2.6.23.1-42.fc8
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05baabc T __netif_rx_schedule
c05bb9ad T netif_rx
c05bbb98 T netif_rx_ni
c06e4914 r __ksymtab_netif_rx
c06e4a04 r __ksymtab_netif_rx_ni
c06e4a34 r __ksymtab___netif_rx_schedule
c06f330f r __kstrtab_netif_rx
c06f3517 r __kstrtab_netif_rx_ni
c06f3582 r __kstrtab___netif_rx_schedule
c05bb9ad u netif_rx	[sit]
c05bb9ad u netif_rx	[ipv6]
c05bb9ad u netif_rx	[sc92031]
c05baabc u __netif_rx_schedule	[tg3]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.23.1-42.fc8: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '15113,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jul 23 10:15:14 localhost ipsec_setup: Starting Openswan IPsec U2.6.21/K2.6.23.1-42.fc8...
Jul 23 10:15:14 localhost ipsec_setup: Using NETKEY(XFRM) stack
Jul 23 10:15:15 localhost ipsec_setup: ...Openswan IPsec started
Jul 23 10:15:15 localhost pluto: adjusting ipsec.d to /etc/ipsec.d
Jul 23 10:15:15 localhost ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jul 23 10:15:15 localhost ipsec__plutorun: 002 added connection description "e61"
Jul 23 10:15:15 localhost ipsec__plutorun: 003 "e61": prepare-client command exited with status 2
Jul 23 10:15:15 localhost ipsec__plutorun: 003 "e61": route-client command exited with status 2
Jul 23 10:15:15 localhost ipsec__plutorun: 003 "e61": down-client command exited with status 2
Jul 23 10:15:15 localhost ipsec__plutorun: 025 "e61": could not route
+ _________________________ plog
+ sed -n '43274,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jul 23 10:15:15 localhost ipsec__plutorun: Starting Pluto subsystem...
Jul 23 10:15:15 localhost pluto[5069]: Starting Pluto (Openswan Version 2.6.21; Vendor ID OE~q\177kZNr}Wk) pid:5069
Jul 23 10:15:15 localhost pluto[5069]: Setting NAT-Traversal port-4500 floating to on
Jul 23 10:15:15 localhost pluto[5069]:    port floating activation criteria nat_t=1/port_float=1
Jul 23 10:15:15 localhost pluto[5069]:    including NAT-Traversal patch (Version 0.6c)
Jul 23 10:15:15 localhost pluto[5069]: fixup for bad virtual_private entry '%4:192.168.0.1/12', please fix your virtual_private line!
Jul 23 10:15:15 localhost pluto[5069]: fixup for bad virtual_private entry '%4:192.168.0.1/12', please fix your virtual_private line!
Jul 23 10:15:15 localhost pluto[5069]: | opening /dev/urandom
Jul 23 10:15:15 localhost pluto[5069]: using /dev/urandom as source of random entropy
Jul 23 10:15:15 localhost pluto[5069]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Jul 23 10:15:15 localhost pluto[5069]: | event added at head of queue
Jul 23 10:15:15 localhost pluto[5069]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: | event added at head of queue
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: starting up 1 cryptographic helpers
Jul 23 10:15:15 localhost pluto[5071]: | opening /dev/urandom
Jul 23 10:15:15 localhost pluto[5071]: using /dev/urandom as source of random entropy
Jul 23 10:15:15 localhost pluto[5071]: ! helper 0 waiting on fd: 8
Jul 23 10:15:15 localhost pluto[5069]: started helper pid=5071 (fd:7)
Jul 23 10:15:15 localhost pluto[5069]: Using Linux 2.6 IPsec interface code on 2.6.23.1-42.fc8 (experimental code)
Jul 23 10:15:15 localhost pluto[5069]: | process 5069 listening for PF_KEY_V2 on file descriptor 10
Jul 23 10:15:15 localhost pluto[5069]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH 
Jul 23 10:15:15 localhost pluto[5069]: |   02 07 00 02  02 00 00 00  01 00 00 00  cd 13 00 00
Jul 23 10:15:15 localhost pluto[5069]: | pfkey_get: K_SADB_REGISTER message 1
Jul 23 10:15:15 localhost pluto[5069]: | AH registered with kernel.
Jul 23 10:15:15 localhost pluto[5069]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP 
Jul 23 10:15:15 localhost pluto[5069]: |   02 07 00 03  02 00 00 00  02 00 00 00  cd 13 00 00
Jul 23 10:15:15 localhost pluto[5069]: | pfkey_get: K_SADB_REGISTER message 2
Jul 23 10:15:15 localhost pluto[5069]: | alg_init():memset(0x8149ea0, 0, 2016) memset(0x814a680, 0, 2048) 
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=17 sadb_supported_len=48
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=14, alg_id=251
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=14, alg_id=5
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=14, alg_id=9
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=17 sadb_supported_len=72
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=11
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=2
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=7
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=12
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=252
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=22
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=253
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=18
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=19
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=20
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=14
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=15
Jul 23 10:15:15 localhost pluto[5069]: | kernel_alg_add():satype=3, exttype=15, alg_id=16
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_add(): ERROR: Algorithm already exists
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_add(): ERROR: Algorithm already exists
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_add(): ERROR: Algorithm already exists
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_add(): ERROR: Algorithm already exists
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names  
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_add(): ERROR: Algorithm already exists
Jul 23 10:15:15 localhost pluto[5069]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Jul 23 10:15:15 localhost pluto[5069]: | ESP registered with kernel.
Jul 23 10:15:15 localhost pluto[5069]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP 
Jul 23 10:15:15 localhost pluto[5069]: |   02 07 00 09  02 00 00 00  03 00 00 00  cd 13 00 00
Jul 23 10:15:15 localhost pluto[5069]: | pfkey_get: K_SADB_REGISTER message 3
Jul 23 10:15:15 localhost pluto[5069]: | IPCOMP registered with kernel.
Jul 23 10:15:15 localhost pluto[5069]: Changed path to directory '/etc/ipsec.d/cacerts'
Jul 23 10:15:15 localhost pluto[5069]: Changed path to directory '/etc/ipsec.d/aacerts'
Jul 23 10:15:15 localhost pluto[5069]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Jul 23 10:15:15 localhost pluto[5069]: Changing to directory '/etc/ipsec.d/crls'
Jul 23 10:15:15 localhost pluto[5069]:   Warning: empty directory
Jul 23 10:15:15 localhost pluto[5069]: | inserting event EVENT_LOG_DAILY, timeout in 49485 seconds
Jul 23 10:15:15 localhost pluto[5069]: | event added after event EVENT_REINIT_SECRET
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: |  
Jul 23 10:15:15 localhost pluto[5069]: | *received whack message
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1eklen=256  aklen=0
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_prefix () calling enum_search(0x811cdf4, "OAKLEY_AES")
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_ppfixi () calling enum_search(0x811cdf4, "OAKLEY_AES_CBC")
Jul 23 10:15:15 localhost pluto[5069]: | parser_alg_info_add() ealg_getbyname("aes")=7
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_prefix () calling enum_search(0x811ce90, "OAKLEY_SHA1")
Jul 23 10:15:15 localhost pluto[5069]: | parser_alg_info_add() aalg_getbyname("sha1")=2
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_prefix () calling enum_search(0x811d20c, "OAKLEY_GROUP_MODP1536")
Jul 23 10:15:15 localhost pluto[5069]: | parser_alg_info_add() modp_getbyname("modp1536")=5
Jul 23 10:15:15 localhost pluto[5069]: | __alg_info_ike_add() ealg=7 aalg=2 modp_id=5, cnt=1
Jul 23 10:15:15 localhost pluto[5069]: | find_host_pair_conn (check_connection_end): 192.168.0.3:500 %any:500 -> hp:none 
Jul 23 10:15:15 localhost pluto[5069]: | Added new connection e61 with policy PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW
Jul 23 10:15:15 localhost pluto[5069]: | from whack: got --esp=aes256-sha1
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1eklen=256  aklen=0
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_prefix () calling enum_search(0x811bf74, "ESP_AES")
Jul 23 10:15:15 localhost pluto[5069]: | parser_alg_info_add() ealg_getbyname("aes")=12
Jul 23 10:15:15 localhost pluto[5069]: | enum_search_prefix () calling enum_search(0x811c988, "AUTH_ALGORITHM_HMAC_SHA1")
Jul 23 10:15:15 localhost pluto[5069]: | parser_alg_info_add() aalg_getbyname("sha1")=2
Jul 23 10:15:15 localhost pluto[5069]: | __alg_info_esp_add() ealg=12 aalg=2 cnt=1
Jul 23 10:15:15 localhost pluto[5069]: | esp string values: AES(12)_256-SHA1(2); flags=-strict
Jul 23 10:15:15 localhost pluto[5069]: | ike (phase1) algorihtm values: AES_CBC(7)_256-SHA1(2)-MODP1536(5); flags=-strict
Jul 23 10:15:15 localhost pluto[5069]: | counting wild cards for @foo.mydomain.org is 0
Jul 23 10:15:15 localhost pluto[5069]: | counting wild cards for (none) is 15
Jul 23 10:15:15 localhost pluto[5069]: | based upon policy, the connection is a template.
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=1
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=1
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=2
Jul 23 10:15:15 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=2
Jul 23 10:15:15 localhost pluto[5069]: added connection description "e61"
Jul 23 10:15:15 localhost pluto[5069]: | 0.0.0.0/0===192.168.0.3[@foo.mydomain.org,MS+S=C]...%any[+MC+S=C]===192.168.0.3/32
Jul 23 10:15:15 localhost pluto[5069]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW
Jul 23 10:15:15 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: |  
Jul 23 10:15:15 localhost pluto[5069]: | *received whack message
Jul 23 10:15:15 localhost pluto[5069]: listening for IKE messages
Jul 23 10:15:15 localhost pluto[5069]: | found lo with address 127.0.0.1
Jul 23 10:15:15 localhost pluto[5069]: | found eth0 with address 192.168.0.3
Jul 23 10:15:15 localhost pluto[5069]: | found eth1 with address 192.168.1.5
Jul 23 10:15:15 localhost pluto[5069]: | found virbr0 with address 192.168.122.1
Jul 23 10:15:15 localhost pluto[5069]: adding interface virbr0/virbr0 192.168.122.1:500
Jul 23 10:15:15 localhost pluto[5069]: adding interface virbr0/virbr0 192.168.122.1:4500
Jul 23 10:15:15 localhost pluto[5069]: adding interface eth1/eth1 192.168.1.5:500
Jul 23 10:15:15 localhost pluto[5069]: adding interface eth1/eth1 192.168.1.5:4500
Jul 23 10:15:15 localhost pluto[5069]: adding interface eth0/eth0 192.168.0.3:500
Jul 23 10:15:15 localhost pluto[5069]: adding interface eth0/eth0 192.168.0.3:4500
Jul 23 10:15:15 localhost pluto[5069]: adding interface lo/lo 127.0.0.1:500
Jul 23 10:15:15 localhost pluto[5069]: adding interface lo/lo 127.0.0.1:4500
Jul 23 10:15:15 localhost pluto[5069]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
Jul 23 10:15:15 localhost pluto[5069]: adding interface lo/lo ::1:500
Jul 23 10:15:15 localhost pluto[5069]: | connect_to_host_pair: 192.168.0.3:500 0.0.0.0:500 -> hp:none 
Jul 23 10:15:15 localhost pluto[5069]: loading secrets from "/etc/ipsec.secrets"
Jul 23 10:15:15 localhost pluto[5069]: loaded private key for keyid: PPK_RSA:AQOz4bY9h
Jul 23 10:15:15 localhost pluto[5069]: | id type added to secret(0x83e1250) 1: 192.168.0.3
Jul 23 10:15:15 localhost pluto[5069]: | id type added to secret(0x83e1250) 1: %any
Jul 23 10:15:15 localhost pluto[5069]: | Processing PSK at line 19: passed
Jul 23 10:15:15 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: |  
Jul 23 10:15:15 localhost pluto[5069]: | *received whack message
Jul 23 10:15:15 localhost pluto[5069]: | processing connection e61
Jul 23 10:15:15 localhost pluto[5069]: | route owner of "e61" unrouted: NULL; eroute owner: NULL
Jul 23 10:15:15 localhost pluto[5069]: | could_route called for e61 (kind=CK_TEMPLATE)
Jul 23 10:15:15 localhost pluto[5069]: | route owner of "e61" unrouted: NULL; eroute owner: NULL
Jul 23 10:15:15 localhost pluto[5069]: | route_and_eroute with c: e61 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0
Jul 23 10:15:15 localhost pluto[5069]: | request to add a prospective erouted policy with netkey kernel --- experimental
Jul 23 10:15:15 localhost pluto[5069]: | route_and_eroute: firewall_notified: true
Jul 23 10:15:15 localhost pluto[5069]: | command executing prepare-client
Jul 23 10:15:15 localhost pluto[5069]: | executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown
Jul 23 10:15:15 localhost pluto[5069]: | popen(): cmd is 609 chars long
Jul 23 10:15:15 localhost pluto[5069]: | cmd(   0):2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUT:
Jul 23 10:15:15 localhost pluto[5069]: | cmd(  80):O_INTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 160):MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 240):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 320):none)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PL:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 400):UTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=':
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 480):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 560):DONTREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown:
Jul 23 10:15:15 localhost pluto[5069]: "e61": prepare-client output: /usr/local/libexec/ipsec/_updown: unknown interface version `2.0'
Jul 23 10:15:15 localhost pluto[5069]: "e61": prepare-client command exited with status 2
Jul 23 10:15:15 localhost pluto[5069]: | command executing route-client
Jul 23 10:15:15 localhost pluto[5069]: | executing route-client: 2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown
Jul 23 10:15:15 localhost pluto[5069]: | popen(): cmd is 607 chars long
Jul 23 10:15:15 localhost pluto[5069]: | cmd(   0):2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_:
Jul 23 10:15:15 localhost pluto[5069]: | cmd(  80):INTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 160):_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0':
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 240): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(no:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 320):ne)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUT:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 400):O_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0':
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 480): PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DO:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 560):NTREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown:
Jul 23 10:15:15 localhost pluto[5069]: "e61": route-client output: /usr/local/libexec/ipsec/_updown: unknown interface version `2.0'
Jul 23 10:15:15 localhost pluto[5069]: "e61": route-client command exited with status 2
Jul 23 10:15:15 localhost pluto[5069]: | command executing down-client
Jul 23 10:15:15 localhost pluto[5069]: | executing down-client: 2>&1 PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown
Jul 23 10:15:15 localhost pluto[5069]: | popen(): cmd is 606 chars long
Jul 23 10:15:15 localhost pluto[5069]: | cmd(   0):2>&1 PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_I:
Jul 23 10:15:15 localhost pluto[5069]: | cmd(  80):NTERFACE='eth0' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY_:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 160):CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' :
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 240):PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(non:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 320):e)' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 400):_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' :
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 480):PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DON:
Jul 23 10:15:15 localhost pluto[5069]: | cmd( 560):TREKEY+MODECFGPULL+IKEv2ALLOW'   ipsec _updown:
Jul 23 10:15:15 localhost pluto[5069]: "e61": down-client output: /usr/local/libexec/ipsec/_updown: unknown interface version `2.0'
Jul 23 10:15:15 localhost pluto[5069]: "e61": down-client command exited with status 2
Jul 23 10:15:15 localhost pluto[5069]: | request to delete a unrouted policy with netkey kernel --- experimental
Jul 23 10:15:15 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:15 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 23 10:15:49 localhost pluto[5069]: |  
Jul 23 10:15:49 localhost pluto[5069]: | *received whack message
Jul 23 10:15:49 localhost pluto[5069]: | kernel_alg_esp_enc_ok(12,0): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:49 localhost pluto[5069]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Jul 23 10:15:49 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:49 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 86 seconds
Jul 23 10:15:49 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 86 seconds
Jul 23 10:15:49 localhost pluto[5069]: |  
Jul 23 10:15:49 localhost pluto[5069]: | *received whack message
Jul 23 10:15:49 localhost pluto[5069]: | kernel_alg_esp_enc_ok(12,0): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:15:49 localhost pluto[5069]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Jul 23 10:15:49 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:49 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 86 seconds
Jul 23 10:15:49 localhost pluto[5069]: | next event EVENT_PENDING_PHASE2 in 86 seconds
Jul 23 10:15:58 localhost pluto[5069]: |  
Jul 23 10:15:58 localhost pluto[5069]: | *received 140 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:15:58 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  00 00 00 00  00 00 00 00
Jul 23 10:15:58 localhost pluto[5069]: |   01 10 02 00  00 00 00 00  00 00 00 8c  0d 00 00 3c
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 00 01  00 00 00 01  00 00 00 30  00 01 00 01
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 00 28  00 01 00 00  80 01 00 07  80 02 00 02
Jul 23 10:15:58 localhost pluto[5069]: |   80 03 00 01  80 04 00 05  80 0b 00 01  00 0c 00 04
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 70 80  80 0e 01 00  0d 00 00 14  7d 94 19 a6
Jul 23 10:15:58 localhost pluto[5069]: |   53 10 ca 6f  2c 17 9d 92  15 52 9d 56  0d 00 00 0c
Jul 23 10:15:58 localhost pluto[5069]: |   09 00 26 89  df d6 b7 12  00 00 00 14  12 f5 f2 8c
Jul 23 10:15:58 localhost pluto[5069]: |   45 71 68 a9  70 2d 9f e2  74 cc 01 00
Jul 23 10:15:58 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:15:58 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:15:58 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:58 localhost pluto[5069]: |    responder cookie:
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 00 00  00 00 00 00
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_SA
Jul 23 10:15:58 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:15:58 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:15:58 localhost pluto[5069]: |    flags: none
Jul 23 10:15:58 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:15:58 localhost pluto[5069]: |    length: 140
Jul 23 10:15:58 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 23 10:15:58 localhost pluto[5069]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
Jul 23 10:15:58 localhost pluto[5069]: | ***parse ISAKMP Security Association Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: |    length: 60
Jul 23 10:15:58 localhost pluto[5069]: |    DOI: ISAKMP_DOI_IPSEC
Jul 23 10:15:58 localhost pluto[5069]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Jul 23 10:15:58 localhost pluto[5069]: | ***parse ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: |    length: 20
Jul 23 10:15:58 localhost pluto[5069]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Jul 23 10:15:58 localhost pluto[5069]: | ***parse ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: |    length: 12
Jul 23 10:15:58 localhost pluto[5069]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Jul 23 10:15:58 localhost pluto[5069]: | ***parse ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    length: 20
Jul 23 10:15:58 localhost pluto[5069]: packet from 192.168.0.8:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 
Jul 23 10:15:58 localhost pluto[5069]: packet from 192.168.0.8:500: received Vendor ID payload [XAUTH]
Jul 23 10:15:58 localhost pluto[5069]: packet from 192.168.0.8:500: received Vendor ID payload [Cisco-Unity]
Jul 23 10:15:58 localhost pluto[5069]: | nat-t detected, sending nat-t VID
Jul 23 10:15:58 localhost pluto[5069]: | find_host_connection2 called from main_inI1_outR1, me=192.168.0.3:500 him=192.168.0.8:500 policy=none
Jul 23 10:15:58 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 0.0.0.0:500 
Jul 23 10:15:58 localhost pluto[5069]: | find_host_pair_conn (find_host_connection2): 192.168.0.3:500 192.168.0.8:500 -> hp:none 
Jul 23 10:15:58 localhost pluto[5069]: | find_host_connection returns empty
Jul 23 10:15:58 localhost pluto[5069]: | ****parse IPsec DOI SIT:
Jul 23 10:15:58 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:15:58 localhost pluto[5069]: | ****parse ISAKMP Proposal Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    length: 48
Jul 23 10:15:58 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    protocol ID: PROTO_ISAKMP
Jul 23 10:15:58 localhost pluto[5069]: |    SPI size: 0
Jul 23 10:15:58 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:15:58 localhost pluto[5069]: | *****parse ISAKMP Transform Payload (ISAKMP):
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    length: 40
Jul 23 10:15:58 localhost pluto[5069]: |    transform number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    transform ID: KEY_IKE
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 7
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_HASH_ALGORITHM
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 2
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 1
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_GROUP_DESCRIPTION
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 5
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_LIFE_TYPE
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 1
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 4
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_KEY_LENGTH
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 256
Jul 23 10:15:58 localhost pluto[5069]: | find_host_connection2 called from main_inI1_outR1, me=192.168.0.3:500 him=%any:500 policy=PSK
Jul 23 10:15:58 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 0.0.0.0:500 
Jul 23 10:15:58 localhost pluto[5069]: | find_host_pair_conn (find_host_connection2): 192.168.0.3:500 %any:500 -> hp:e61 
Jul 23 10:15:58 localhost pluto[5069]: | searching for policy=PSK, found=PSK (e61)
Jul 23 10:15:58 localhost pluto[5069]: | find_host_connection returns e61
Jul 23 10:15:58 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=3
Jul 23 10:15:58 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=3
Jul 23 10:15:58 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=4
Jul 23 10:15:58 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=4
Jul 23 10:15:58 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 0.0.0.0:500 
Jul 23 10:15:58 localhost pluto[5069]: | connect_to_host_pair: 192.168.0.3:500 192.168.0.8:500 -> hp:none 
Jul 23 10:15:58 localhost pluto[5069]: | instantiated "e61" for 192.168.0.8
Jul 23 10:15:58 localhost pluto[5069]: | creating state object #1 at 0x83e2570
Jul 23 10:15:58 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:15:58 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:58 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:15:58 localhost pluto[5069]: | state hash entry 19
Jul 23 10:15:58 localhost pluto[5069]: | inserting state object #1 on chain 19
Jul 23 10:15:58 localhost pluto[5069]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Jul 23 10:15:58 localhost pluto[5069]: | event added at head of queue
Jul 23 10:15:58 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: responding to Main Mode from unknown peer 192.168.0.8
Jul 23 10:15:58 localhost pluto[5069]: | **emit ISAKMP Message:
Jul 23 10:15:58 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:15:58 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:58 localhost pluto[5069]: |    responder cookie:
Jul 23 10:15:58 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_SA
Jul 23 10:15:58 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:15:58 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:15:58 localhost pluto[5069]: |    flags: none
Jul 23 10:15:58 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:15:58 localhost pluto[5069]: | ***emit ISAKMP Security Association Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: |    DOI: ISAKMP_DOI_IPSEC
Jul 23 10:15:58 localhost pluto[5069]: | ****parse IPsec DOI SIT:
Jul 23 10:15:58 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:15:58 localhost pluto[5069]: | ****parse ISAKMP Proposal Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    length: 48
Jul 23 10:15:58 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    protocol ID: PROTO_ISAKMP
Jul 23 10:15:58 localhost pluto[5069]: |    SPI size: 0
Jul 23 10:15:58 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:15:58 localhost pluto[5069]: | *****parse ISAKMP Transform Payload (ISAKMP):
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    length: 40
Jul 23 10:15:58 localhost pluto[5069]: |    transform number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    transform ID: KEY_IKE
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 7
Jul 23 10:15:58 localhost pluto[5069]: |    [7 is OAKLEY_AES_CBC]
Jul 23 10:15:58 localhost pluto[5069]: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_HASH_ALGORITHM
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 2
Jul 23 10:15:58 localhost pluto[5069]: |    [2 is OAKLEY_SHA1]
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 1
Jul 23 10:15:58 localhost pluto[5069]: |    [1 is OAKLEY_PRESHARED_KEY]
Jul 23 10:15:58 localhost pluto[5069]: | started looking for secret for @foo.mydomain.org->192.168.0.8 of kind PPK_PSK
Jul 23 10:15:58 localhost pluto[5069]: | instantiating him to 0.0.0.0
Jul 23 10:15:58 localhost pluto[5069]: | actually looking for secret for @foo.mydomain.org->%any of kind PPK_PSK
Jul 23 10:15:58 localhost pluto[5069]: | line 18: key type PPK_PSK(@foo.mydomain.org) to type PPK_PSK 
Jul 23 10:15:58 localhost pluto[5069]: | 1: compared key %any to @foo.mydomain.org / %any -> 2
Jul 23 10:15:58 localhost pluto[5069]: | 2: compared key 192.168.0.3 to @foo.mydomain.org / %any -> 2
Jul 23 10:15:58 localhost pluto[5069]: | line 18: match=2 
Jul 23 10:15:58 localhost pluto[5069]: | best_match 0>2 best=0x83e1250 (line=18)
Jul 23 10:15:58 localhost pluto[5069]: | line 1: key type PPK_PSK(@foo.mydomain.org) to type PPK_RSA 
Jul 23 10:15:58 localhost pluto[5069]: | concluding with best_match=2 best=0x83e1250 (lineno=18)
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_GROUP_DESCRIPTION
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 5
Jul 23 10:15:58 localhost pluto[5069]: |    [5 is OAKLEY_GROUP_MODP1536]
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_LIFE_TYPE
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 1
Jul 23 10:15:58 localhost pluto[5069]: |    [1 is OAKLEY_LIFE_SECONDS]
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 4
Jul 23 10:15:58 localhost pluto[5069]: |    long duration: 28800
Jul 23 10:15:58 localhost pluto[5069]: | ******parse ISAKMP Oakley attribute:
Jul 23 10:15:58 localhost pluto[5069]: |    af+type: OAKLEY_KEY_LENGTH
Jul 23 10:15:58 localhost pluto[5069]: |    length/value: 256
Jul 23 10:15:58 localhost pluto[5069]: | ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
Jul 23 10:15:58 localhost pluto[5069]: | Oakley Transform 0 accepted
Jul 23 10:15:58 localhost pluto[5069]: | ****emit IPsec DOI SIT:
Jul 23 10:15:58 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:15:58 localhost pluto[5069]: | ****emit ISAKMP Proposal Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    protocol ID: PROTO_ISAKMP
Jul 23 10:15:58 localhost pluto[5069]: |    SPI size: 0
Jul 23 10:15:58 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:15:58 localhost pluto[5069]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: |    transform number: 0
Jul 23 10:15:58 localhost pluto[5069]: |    transform ID: KEY_IKE
Jul 23 10:15:58 localhost pluto[5069]: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
Jul 23 10:15:58 localhost pluto[5069]: | attributes  80 01 00 07  80 02 00 02  80 03 00 01  80 04 00 05
Jul 23 10:15:58 localhost pluto[5069]: | attributes  80 0b 00 01  00 0c 00 04  00 00 70 80  80 0e 01 00
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Proposal Payload: 48
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Security Association Payload: 60
Jul 23 10:15:58 localhost pluto[5069]: | ***emit ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
Jul 23 10:15:58 localhost pluto[5069]: | Vendor ID  4f 45 7e 71  7f 6b 5a 4e  72 7d 57 6b
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Vendor ID Payload: 16
Jul 23 10:15:58 localhost pluto[5069]: | out_vendorid(): sending [Dead Peer Detection]
Jul 23 10:15:58 localhost pluto[5069]: | ***emit ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:58 localhost pluto[5069]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jul 23 10:15:58 localhost pluto[5069]: | V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Vendor ID Payload: 20
Jul 23 10:15:58 localhost pluto[5069]: | sender checking NAT-t: 1 and 108
Jul 23 10:15:58 localhost pluto[5069]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
Jul 23 10:15:58 localhost pluto[5069]: | ***emit ISAKMP Vendor ID Payload:
Jul 23 10:15:58 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:58 localhost pluto[5069]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jul 23 10:15:58 localhost pluto[5069]: | V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Vendor ID Payload: 20
Jul 23 10:15:58 localhost pluto[5069]: | emitting length of ISAKMP Message: 144
Jul 23 10:15:58 localhost pluto[5069]: | complete state transition with STF_OK
Jul 23 10:15:58 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 23 10:15:58 localhost pluto[5069]: | deleting event for #1
Jul 23 10:15:58 localhost pluto[5069]: | sending reply packet to 192.168.0.8:500 (from port 500)
Jul 23 10:15:58 localhost pluto[5069]: | sending 144 bytes for STATE_MAIN_R0 through eth0:500 to 192.168.0.8:500 (using #1)
Jul 23 10:15:58 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:15:58 localhost pluto[5069]: |   01 10 02 00  00 00 00 00  00 00 00 90  0d 00 00 3c
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 00 01  00 00 00 01  00 00 00 30  00 01 00 01
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 00 28  00 01 00 00  80 01 00 07  80 02 00 02
Jul 23 10:15:58 localhost pluto[5069]: |   80 03 00 01  80 04 00 05  80 0b 00 01  00 0c 00 04
Jul 23 10:15:58 localhost pluto[5069]: |   00 00 70 80  80 0e 01 00  0d 00 00 10  4f 45 7e 71
Jul 23 10:15:58 localhost pluto[5069]: |   7f 6b 5a 4e  72 7d 57 6b  0d 00 00 14  af ca d7 13
Jul 23 10:15:58 localhost pluto[5069]: |   68 a1 f1 c9  6b 86 96 fc  77 57 01 00  00 00 00 14
Jul 23 10:15:58 localhost pluto[5069]: |   7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
Jul 23 10:15:58 localhost pluto[5069]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jul 23 10:15:58 localhost pluto[5069]: | event added at head of queue
Jul 23 10:15:58 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 23 10:15:58 localhost pluto[5069]: | modecfg pull: quirk-poll policy:pull not-client
Jul 23 10:15:58 localhost pluto[5069]: | phase 1 is done, looking for phase 2 to unpend
Jul 23 10:15:58 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:58 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:15:58 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:15:59 localhost pluto[5069]: |  
Jul 23 10:15:59 localhost pluto[5069]: | *received 312 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: |   04 10 02 00  00 00 00 00  00 00 01 38  0a 00 00 c4
Jul 23 10:15:59 localhost pluto[5069]: |   47 b8 d5 02  09 1b c6 16  c5 a0 b0 9c  7d a5 2f ac
Jul 23 10:15:59 localhost pluto[5069]: |   0b 2e 54 9b  58 3d 12 db  7b fe 3e ee  77 10 67 5f
Jul 23 10:15:59 localhost pluto[5069]: |   9a 8d 1d 8c  20 36 54 39  f1 af e6 19  32 9a 26 ee
Jul 23 10:15:59 localhost pluto[5069]: |   48 2c 9a 1f  a9 f6 ea c0  08 03 a5 00  58 8b e5 82
Jul 23 10:15:59 localhost pluto[5069]: |   d5 de 2a 16  3a 51 81 26  e4 b3 4e 62  6d 51 9b bb
Jul 23 10:15:59 localhost pluto[5069]: |   e6 2b 02 e5  93 92 da b3  0b 7c 32 76  99 6b 8b c5
Jul 23 10:15:59 localhost pluto[5069]: |   f9 68 06 ec  20 fe 40 3d  43 0a f0 ef  b4 58 b8 47
Jul 23 10:15:59 localhost pluto[5069]: |   57 f2 45 14  a9 a6 25 f0  00 6b 0e 39  cd c9 5f 1a
Jul 23 10:15:59 localhost pluto[5069]: |   c3 cb cc 81  7a 17 fc a6  87 6b d5 a7  86 fd be 07
Jul 23 10:15:59 localhost pluto[5069]: |   c3 cd 18 06  d1 2a 34 ff  b5 98 a2 4c  83 7d 79 8e
Jul 23 10:15:59 localhost pluto[5069]: |   09 3f c6 a9  fd 43 0f 56  65 ae 3b af  ad bf d8 36
Jul 23 10:15:59 localhost pluto[5069]: |   33 21 66 37  b9 c6 3a 3b  e5 0a 31 c8  cc 18 e5 ec
Jul 23 10:15:59 localhost pluto[5069]: |   0d 00 00 14  68 12 77 30  40 88 17 a2  62 2c bf 04
Jul 23 10:15:59 localhost pluto[5069]: |   f1 33 9c c1  82 00 00 14  5c 1e f4 ea  92 49 0a 55
Jul 23 10:15:59 localhost pluto[5069]: |   ad 45 62 29  e8 d9 11 c7  82 00 00 18  7b b7 a7 89
Jul 23 10:15:59 localhost pluto[5069]: |   a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: |   00 00 00 18  c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c
Jul 23 10:15:59 localhost pluto[5069]: |   d8 08 b5 07  92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:15:59 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: |    responder cookie:
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_KE
Jul 23 10:15:59 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:15:59 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:15:59 localhost pluto[5069]: |    flags: none
Jul 23 10:15:59 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:15:59 localhost pluto[5069]: |    length: 312
Jul 23 10:15:59 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 23 10:15:59 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: | state hash entry 19
Jul 23 10:15:59 localhost pluto[5069]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 23 10:15:59 localhost pluto[5069]: | v1 state object #1 found, in STATE_MAIN_R1
Jul 23 10:15:59 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:15:59 localhost pluto[5069]: | got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
Jul 23 10:15:59 localhost pluto[5069]: | ***parse ISAKMP Key Exchange Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONCE
Jul 23 10:15:59 localhost pluto[5069]: |    length: 196
Jul 23 10:15:59 localhost pluto[5069]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
Jul 23 10:15:59 localhost pluto[5069]: | ***parse ISAKMP Nonce Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:15:59 localhost pluto[5069]: |    length: 20
Jul 23 10:15:59 localhost pluto[5069]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x102080
Jul 23 10:15:59 localhost pluto[5069]: | ***parse ISAKMP Vendor ID Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NAT-D
Jul 23 10:15:59 localhost pluto[5069]: |    length: 20
Jul 23 10:15:59 localhost pluto[5069]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Jul 23 10:15:59 localhost pluto[5069]: | ***parse ISAKMP NAT-D Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NAT-D
Jul 23 10:15:59 localhost pluto[5069]: |    length: 24
Jul 23 10:15:59 localhost pluto[5069]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Jul 23 10:15:59 localhost pluto[5069]: | ***parse ISAKMP NAT-D Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:59 localhost pluto[5069]: |    length: 24
Jul 23 10:15:59 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: ignoring unknown Vendor ID payload [5c1ef4ea92490a55ad456229e8d911c7]
Jul 23 10:15:59 localhost pluto[5069]: | **emit ISAKMP Message:
Jul 23 10:15:59 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: |    responder cookie:
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_KE
Jul 23 10:15:59 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:15:59 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:15:59 localhost pluto[5069]: |    flags: none
Jul 23 10:15:59 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:15:59 localhost pluto[5069]: | DH public value received:
Jul 23 10:15:59 localhost pluto[5069]: |   47 b8 d5 02  09 1b c6 16  c5 a0 b0 9c  7d a5 2f ac
Jul 23 10:15:59 localhost pluto[5069]: |   0b 2e 54 9b  58 3d 12 db  7b fe 3e ee  77 10 67 5f
Jul 23 10:15:59 localhost pluto[5069]: |   9a 8d 1d 8c  20 36 54 39  f1 af e6 19  32 9a 26 ee
Jul 23 10:15:59 localhost pluto[5069]: |   48 2c 9a 1f  a9 f6 ea c0  08 03 a5 00  58 8b e5 82
Jul 23 10:15:59 localhost pluto[5069]: |   d5 de 2a 16  3a 51 81 26  e4 b3 4e 62  6d 51 9b bb
Jul 23 10:15:59 localhost pluto[5069]: |   e6 2b 02 e5  93 92 da b3  0b 7c 32 76  99 6b 8b c5
Jul 23 10:15:59 localhost pluto[5069]: |   f9 68 06 ec  20 fe 40 3d  43 0a f0 ef  b4 58 b8 47
Jul 23 10:15:59 localhost pluto[5069]: |   57 f2 45 14  a9 a6 25 f0  00 6b 0e 39  cd c9 5f 1a
Jul 23 10:15:59 localhost pluto[5069]: |   c3 cb cc 81  7a 17 fc a6  87 6b d5 a7  86 fd be 07
Jul 23 10:15:59 localhost pluto[5069]: |   c3 cd 18 06  d1 2a 34 ff  b5 98 a2 4c  83 7d 79 8e
Jul 23 10:15:59 localhost pluto[5069]: |   09 3f c6 a9  fd 43 0f 56  65 ae 3b af  ad bf d8 36
Jul 23 10:15:59 localhost pluto[5069]: |   33 21 66 37  b9 c6 3a 3b  e5 0a 31 c8  cc 18 e5 ec
Jul 23 10:15:59 localhost pluto[5069]: | inI2: checking NAT-t: 1 and 4
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hasher=0x812fac0(20)
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: icookie=
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: rcookie=
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: ip=  c0 a8 00 03
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: port=500
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hasher=0x812fac0(20)
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: icookie=
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: rcookie=
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: ip=  c0 a8 00 08
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: port=500
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | NAT_TRAVERSAL hash=0 (me:0) (him:0)
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(me):  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(me):  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(him):
Jul 23 10:15:59 localhost pluto[5069]: |   c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: |   92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | received NAT-D:  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | received NAT-D:  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | NAT_TRAVERSAL hash=1 (me:1) (him:0)
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(me):  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(me):  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | expected NAT-D(him):
Jul 23 10:15:59 localhost pluto[5069]: |   c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: |   92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | received NAT-D:  c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: | received NAT-D:  92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | NAT_TRAVERSAL hash=2 (me:1) (him:1)
Jul 23 10:15:59 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Jul 23 10:15:59 localhost pluto[5069]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 23 10:15:59 localhost pluto[5069]: | event added after event EVENT_RETRANSMIT for #1
Jul 23 10:15:59 localhost pluto[5069]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 23 10:15:59 localhost pluto[5069]: | asking helper 0 to do build_kenonce op on seq: 1 (len=2668, pcw_work=1)
Jul 23 10:15:59 localhost pluto[5069]: | crypto helper write of request: cnt=2668<wlen=2668.  
Jul 23 10:15:59 localhost pluto[5069]: | deleting event for #1
Jul 23 10:15:59 localhost pluto[5071]: ! helper 0 read 2664+4/2668 bytesfd: 8
Jul 23 10:15:59 localhost pluto[5069]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Jul 23 10:15:59 localhost pluto[5071]: ! helper 0 doing build_kenonce op id: 1
Jul 23 10:15:59 localhost pluto[5069]: | event added after event EVENT_PENDING_PHASE2
Jul 23 10:15:59 localhost pluto[5069]: | complete state transition with STF_SUSPEND
Jul 23 10:15:59 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Jul 23 10:15:59 localhost pluto[5071]: ! Local DH secret:
Jul 23 10:15:59 localhost pluto[5071]: !   a0 28 a0 47  a4 d3 86 e7  c1 65 d8 c9  45 17 5f 7f
Jul 23 10:15:59 localhost pluto[5071]: !   2c 9e c3 6f  be e8 ac ea  3a f5 8a 73  c7 c4 a2 a9
Jul 23 10:15:59 localhost pluto[5071]: ! Public DH value sent:
Jul 23 10:15:59 localhost pluto[5071]: !   d5 7c b3 9f  d9 d0 d0 3d  89 0c 30 49  34 0b d9 4c
Jul 23 10:15:59 localhost pluto[5071]: !   32 f7 7b bc  96 e2 63 4b  23 a8 e4 ad  6a 84 06 7f
Jul 23 10:15:59 localhost pluto[5071]: !   c7 e2 b4 e5  e6 af 6b 42  81 19 50 c5  76 b7 08 62
Jul 23 10:15:59 localhost pluto[5071]: !   47 de 17 a4  82 29 b2 56  2f bf ba 04  c3 68 6b a2
Jul 23 10:15:59 localhost pluto[5071]: !   ef f7 6e 3b  aa 5c a6 c4  b1 44 5c 68  dc 5a d6 4f
Jul 23 10:15:59 localhost pluto[5071]: !   94 7d fc c6  57 a9 81 02  16 28 d9 12  69 00 de 1e
Jul 23 10:15:59 localhost pluto[5071]: !   dc 0f 73 ad  8f d0 62 3e  95 cc 03 79  a2 fe 4a 9c
Jul 23 10:15:59 localhost pluto[5071]: !   f8 ea d9 d6  ec eb a3 d9  68 37 d5 b1  a1 01 3f cd
Jul 23 10:15:59 localhost pluto[5071]: !   cb d8 b3 15  45 d5 0d 4b  f0 93 73 bf  e4 3d d8 f6
Jul 23 10:15:59 localhost pluto[5071]: !   36 29 4f d2  47 45 35 49  33 40 27 d5  5f a6 b8 8a
Jul 23 10:15:59 localhost pluto[5071]: !   9f 89 e6 cf  5e 40 0c eb  d4 3e 4d 40  c7 28 6d 98
Jul 23 10:15:59 localhost pluto[5071]: !   48 b3 19 9b  95 a4 61 7d  44 9f 2e 39  a9 26 97 a5
Jul 23 10:15:59 localhost pluto[5071]: ! Generated nonce:
Jul 23 10:15:59 localhost pluto[5071]: !   f6 58 b4 52  6b 57 a9 8e  86 a9 db 72  51 a4 4b 09
Jul 23 10:15:59 localhost pluto[5069]: |  
Jul 23 10:15:59 localhost pluto[5069]: | helper 0 has finished work (cnt now 1)
Jul 23 10:15:59 localhost pluto[5069]: | helper 0 replies to id: q#1
Jul 23 10:15:59 localhost pluto[5069]: | calling callback function 0x806be46
Jul 23 10:15:59 localhost pluto[5069]: | main inI2_outR2: calculated ke+nonce, sending R2
Jul 23 10:15:59 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:15:59 localhost pluto[5069]: | ***emit ISAKMP Key Exchange Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONCE
Jul 23 10:15:59 localhost pluto[5069]: | emitting 192 raw bytes of keyex value into ISAKMP Key Exchange Payload
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  d5 7c b3 9f  d9 d0 d0 3d  89 0c 30 49  34 0b d9 4c
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  32 f7 7b bc  96 e2 63 4b  23 a8 e4 ad  6a 84 06 7f
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  c7 e2 b4 e5  e6 af 6b 42  81 19 50 c5  76 b7 08 62
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  47 de 17 a4  82 29 b2 56  2f bf ba 04  c3 68 6b a2
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  ef f7 6e 3b  aa 5c a6 c4  b1 44 5c 68  dc 5a d6 4f
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  94 7d fc c6  57 a9 81 02  16 28 d9 12  69 00 de 1e
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  dc 0f 73 ad  8f d0 62 3e  95 cc 03 79  a2 fe 4a 9c
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  f8 ea d9 d6  ec eb a3 d9  68 37 d5 b1  a1 01 3f cd
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  cb d8 b3 15  45 d5 0d 4b  f0 93 73 bf  e4 3d d8 f6
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  36 29 4f d2  47 45 35 49  33 40 27 d5  5f a6 b8 8a
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  9f 89 e6 cf  5e 40 0c eb  d4 3e 4d 40  c7 28 6d 98
Jul 23 10:15:59 localhost pluto[5069]: | keyex value  48 b3 19 9b  95 a4 61 7d  44 9f 2e 39  a9 26 97 a5
Jul 23 10:15:59 localhost pluto[5069]: | emitting length of ISAKMP Key Exchange Payload: 196
Jul 23 10:15:59 localhost pluto[5069]: | ***emit ISAKMP Nonce Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:59 localhost pluto[5069]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
Jul 23 10:15:59 localhost pluto[5069]: | Nr  f6 58 b4 52  6b 57 a9 8e  86 a9 db 72  51 a4 4b 09
Jul 23 10:15:59 localhost pluto[5069]: | emitting length of ISAKMP Nonce Payload: 20
Jul 23 10:15:59 localhost pluto[5069]: | sending NATD payloads
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hasher=0x812fac0(20)
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: icookie=
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: rcookie=
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: ip=  c0 a8 00 08
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: port=500
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | ***emit ISAKMP NAT-D Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NAT-D
Jul 23 10:15:59 localhost pluto[5069]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
Jul 23 10:15:59 localhost pluto[5069]: | NAT-D  c1 ee 1a fb  2f 0e 88 5a  5b a5 a6 9c  d8 08 b5 07
Jul 23 10:15:59 localhost pluto[5069]: | NAT-D  92 77 cc b7
Jul 23 10:15:59 localhost pluto[5069]: | emitting length of ISAKMP NAT-D Payload: 24
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hasher=0x812fac0(20)
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: icookie=
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: rcookie=
Jul 23 10:15:59 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: ip=  c0 a8 00 03
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: port=500
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | _natd_hash: hash=  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | ***emit ISAKMP NAT-D Payload:
Jul 23 10:15:59 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:15:59 localhost pluto[5069]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
Jul 23 10:15:59 localhost pluto[5069]: | NAT-D  7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: | NAT-D  e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | emitting length of ISAKMP NAT-D Payload: 24
Jul 23 10:15:59 localhost pluto[5069]: | emitting length of ISAKMP Message: 292
Jul 23 10:15:59 localhost pluto[5069]: | main inI2_outR2: starting async DH calculation (group=5)
Jul 23 10:15:59 localhost pluto[5069]: | started looking for secret for @foo.mydomain.org->192.168.0.8 of kind PPK_PSK
Jul 23 10:15:59 localhost pluto[5069]: | instantiating him to 0.0.0.0
Jul 23 10:15:59 localhost pluto[5069]: | actually looking for secret for @foo.mydomain.org->%any of kind PPK_PSK
Jul 23 10:15:59 localhost pluto[5069]: | line 18: key type PPK_PSK(@foo.mydomain.org) to type PPK_PSK 
Jul 23 10:15:59 localhost pluto[5069]: | 1: compared key %any to @foo.mydomain.org / %any -> 2
Jul 23 10:15:59 localhost pluto[5069]: | 2: compared key 192.168.0.3 to @foo.mydomain.org / %any -> 2
Jul 23 10:15:59 localhost pluto[5069]: | line 18: match=2 
Jul 23 10:15:59 localhost pluto[5069]: | best_match 0>2 best=0x83e1250 (line=18)
Jul 23 10:15:59 localhost pluto[5069]: | line 1: key type PPK_PSK(@foo.mydomain.org) to type PPK_RSA 
Jul 23 10:15:59 localhost pluto[5069]: | concluding with best_match=2 best=0x83e1250 (lineno=18)
Jul 23 10:15:59 localhost pluto[5069]: | parent1 type: 7 group: 5 len: 2668 
Jul 23 10:15:59 localhost pluto[5069]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 23 10:15:59 localhost pluto[5069]: | asking helper 0 to do compute dh+iv op on seq: 2 (len=2668, pcw_work=1)
Jul 23 10:15:59 localhost pluto[5069]: | crypto helper write of request: cnt=2668<wlen=2668.  
Jul 23 10:15:59 localhost pluto[5069]: | deleting event for #1
Jul 23 10:15:59 localhost pluto[5069]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Jul 23 10:15:59 localhost pluto[5069]: | event added after event EVENT_PENDING_PHASE2
Jul 23 10:15:59 localhost pluto[5069]: | started dh_secretiv, returned: stf=STF_SUSPEND 
Jul 23 10:15:59 localhost pluto[5069]: | complete state transition with STF_OK
Jul 23 10:15:59 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 23 10:15:59 localhost pluto[5069]: | deleting event for #1
Jul 23 10:15:59 localhost pluto[5069]: | sending reply packet to 192.168.0.8:500 (from port 500)
Jul 23 10:15:59 localhost pluto[5069]: | sending 292 bytes for STATE_MAIN_R1 through eth0:500 to 192.168.0.8:500 (using #1)
Jul 23 10:15:59 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:15:59 localhost pluto[5069]: |   04 10 02 00  00 00 00 00  00 00 01 24  0a 00 00 c4
Jul 23 10:15:59 localhost pluto[5069]: |   d5 7c b3 9f  d9 d0 d0 3d  89 0c 30 49  34 0b d9 4c
Jul 23 10:15:59 localhost pluto[5069]: |   32 f7 7b bc  96 e2 63 4b  23 a8 e4 ad  6a 84 06 7f
Jul 23 10:15:59 localhost pluto[5071]: ! helper 0 read 2664+4/2668 bytesfd: 8
Jul 23 10:15:59 localhost pluto[5069]: |   c7 e2 b4 e5  e6 af 6b 42  81 19 50 c5  76 b7 08 62
Jul 23 10:15:59 localhost pluto[5071]: ! helper 0 doing compute dh+iv op id: 2
Jul 23 10:15:59 localhost pluto[5069]: |   47 de 17 a4  82 29 b2 56  2f bf ba 04  c3 68 6b a2
Jul 23 10:15:59 localhost pluto[5069]: |   ef f7 6e 3b  aa 5c a6 c4  b1 44 5c 68  dc 5a d6 4f
Jul 23 10:15:59 localhost pluto[5069]: |   94 7d fc c6  57 a9 81 02  16 28 d9 12  69 00 de 1e
Jul 23 10:15:59 localhost pluto[5069]: |   dc 0f 73 ad  8f d0 62 3e  95 cc 03 79  a2 fe 4a 9c
Jul 23 10:15:59 localhost pluto[5069]: |   f8 ea d9 d6  ec eb a3 d9  68 37 d5 b1  a1 01 3f cd
Jul 23 10:15:59 localhost pluto[5069]: |   cb d8 b3 15  45 d5 0d 4b  f0 93 73 bf  e4 3d d8 f6
Jul 23 10:15:59 localhost pluto[5069]: |   36 29 4f d2  47 45 35 49  33 40 27 d5  5f a6 b8 8a
Jul 23 10:15:59 localhost pluto[5069]: |   9f 89 e6 cf  5e 40 0c eb  d4 3e 4d 40  c7 28 6d 98
Jul 23 10:15:59 localhost pluto[5069]: |   48 b3 19 9b  95 a4 61 7d  44 9f 2e 39  a9 26 97 a5
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   47 b8 d5 02  09 1b c6 16  c5 a0 b0 9c  7d a5 2f ac
Jul 23 10:15:59 localhost pluto[5069]: |   82 00 00 14  f6 58 b4 52  6b 57 a9 8e  86 a9 db 72
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   0b 2e 54 9b  58 3d 12 db  7b fe 3e ee  77 10 67 5f
Jul 23 10:15:59 localhost pluto[5069]: |   51 a4 4b 09  82 00 00 18  c1 ee 1a fb  2f 0e 88 5a
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   9a 8d 1d 8c  20 36 54 39  f1 af e6 19  32 9a 26 ee
Jul 23 10:15:59 localhost pluto[5069]: |   5b a5 a6 9c  d8 08 b5 07  92 77 cc b7  00 00 00 18
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   48 2c 9a 1f  a9 f6 ea c0  08 03 a5 00  58 8b e5 82
Jul 23 10:15:59 localhost pluto[5069]: |   7b b7 a7 89  a6 09 1b 0f  1a 2f 07 1a  ca 52 a5 29
Jul 23 10:15:59 localhost pluto[5069]: |   e3 ac 8a e7
Jul 23 10:15:59 localhost pluto[5069]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jul 23 10:15:59 localhost pluto[5069]: | event added at head of queue
Jul 23 10:15:59 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Jul 23 10:15:59 localhost pluto[5069]: | modecfg pull: quirk-poll policy:pull not-client
Jul 23 10:15:59 localhost pluto[5069]: | phase 1 is done, looking for phase 2 to unpend
Jul 23 10:15:59 localhost pluto[5069]: | * processed 1 messages from cryptographic helpers 
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   d5 de 2a 16  3a 51 81 26  e4 b3 4e 62  6d 51 9b bb
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   e6 2b 02 e5  93 92 da b3  0b 7c 32 76  99 6b 8b c5
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   f9 68 06 ec  20 fe 40 3d  43 0a f0 ef  b4 58 b8 47
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   57 f2 45 14  a9 a6 25 f0  00 6b 0e 39  cd c9 5f 1a
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   c3 cb cc 81  7a 17 fc a6  87 6b d5 a7  86 fd be 07
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   c3 cd 18 06  d1 2a 34 ff  b5 98 a2 4c  83 7d 79 8e
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   09 3f c6 a9  fd 43 0f 56  65 ae 3b af  ad bf d8 36
Jul 23 10:15:59 localhost pluto[5071]: ! peer's g:   33 21 66 37  b9 c6 3a 3b  e5 0a 31 c8  cc 18 e5 ec
Jul 23 10:15:59 localhost pluto[5071]: ! long term secret:   a0 28 a0 47  a4 d3 86 e7  c1 65 d8 c9  45 17 5f 7f
Jul 23 10:15:59 localhost pluto[5071]: ! long term secret:   2c 9e c3 6f  be e8 ac ea  3a f5 8a 73  c7 c4 a2 a9
Jul 23 10:15:59 localhost pluto[5071]: ! calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1536): 5260 usec
Jul 23 10:15:59 localhost pluto[5071]: ! DH shared-secret:
Jul 23 10:15:59 localhost pluto[5071]: !   cf 2d 67 9d  9c e9 89 4b  b5 49 ad af  30 7f 44 24
Jul 23 10:15:59 localhost pluto[5071]: !   76 50 61 f6  c6 8d 31 a0  38 f0 63 32  dd 5f 9f 07
Jul 23 10:15:59 localhost pluto[5071]: !   88 76 44 65  f2 e3 6d 83  71 66 e0 0d  50 2d ca 2d
Jul 23 10:15:59 localhost pluto[5071]: !   c0 95 44 b6  bb ee 35 2f  81 c5 54 e8  bf 8b 00 b1
Jul 23 10:15:59 localhost pluto[5071]: !   c8 1f 59 c0  43 ad 26 f0  e3 2e 1f 18  9b 18 d7 17
Jul 23 10:15:59 localhost pluto[5071]: !   43 c4 e6 3b  08 cc b2 b2  1f 44 27 68  78 f1 3c 90
Jul 23 10:15:59 localhost pluto[5071]: !   c6 c1 e7 d1  9c b1 f5 f0  08 1d c9 e5  33 9b 2e 2a
Jul 23 10:15:59 localhost pluto[5071]: !   a2 4e b0 c6  79 26 c2 ef  d4 cb da fe  e1 d0 07 0d
Jul 23 10:15:59 localhost pluto[5071]: !   00 dd 36 46  d7 0a 84 1e  ce 03 45 ee  db 07 9a 58
Jul 23 10:15:59 localhost pluto[5071]: !   a4 7b 06 d7  b7 51 97 2c  7d 66 68 3a  c9 d5 d2 8c
Jul 23 10:15:59 localhost pluto[5071]: !   0b 19 be dd  2e a6 f1 1c  58 da d4 a5  ed e7 8d 85
Jul 23 10:15:59 localhost pluto[5071]: !   0c cd 65 6e  a6 fd f3 97  49 d2 de 7f  76 fe fd 90
Jul 23 10:15:59 localhost pluto[5071]: ! Skey inputs (PSK+NI+NR)
Jul 23 10:15:59 localhost pluto[5071]: ! ni:   68 12 77 30  40 88 17 a2  62 2c bf 04  f1 33 9c c1
Jul 23 10:15:59 localhost pluto[5071]: ! nr:   f6 58 b4 52  6b 57 a9 8e  86 a9 db 72  51 a4 4b 09
Jul 23 10:15:59 localhost pluto[5071]: ! keyid:   1b 83 96 03  8a 0b ad 61  60 7b 27 cb  77 50 3d e1
Jul 23 10:15:59 localhost pluto[5071]: ! keyid:   09 12 00 09
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  47 b8 d5 02  09 1b c6 16  c5 a0 b0 9c  7d a5 2f ac
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  0b 2e 54 9b  58 3d 12 db  7b fe 3e ee  77 10 67 5f
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  9a 8d 1d 8c  20 36 54 39  f1 af e6 19  32 9a 26 ee
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  48 2c 9a 1f  a9 f6 ea c0  08 03 a5 00  58 8b e5 82
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  d5 de 2a 16  3a 51 81 26  e4 b3 4e 62  6d 51 9b bb
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  e6 2b 02 e5  93 92 da b3  0b 7c 32 76  99 6b 8b c5
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  f9 68 06 ec  20 fe 40 3d  43 0a f0 ef  b4 58 b8 47
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  57 f2 45 14  a9 a6 25 f0  00 6b 0e 39  cd c9 5f 1a
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  c3 cb cc 81  7a 17 fc a6  87 6b d5 a7  86 fd be 07
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  c3 cd 18 06  d1 2a 34 ff  b5 98 a2 4c  83 7d 79 8e
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  09 3f c6 a9  fd 43 0f 56  65 ae 3b af  ad bf d8 36
Jul 23 10:15:59 localhost pluto[5071]: ! DH_i:  33 21 66 37  b9 c6 3a 3b  e5 0a 31 c8  cc 18 e5 ec
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  d5 7c b3 9f  d9 d0 d0 3d  89 0c 30 49  34 0b d9 4c
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  32 f7 7b bc  96 e2 63 4b  23 a8 e4 ad  6a 84 06 7f
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  c7 e2 b4 e5  e6 af 6b 42  81 19 50 c5  76 b7 08 62
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  47 de 17 a4  82 29 b2 56  2f bf ba 04  c3 68 6b a2
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  ef f7 6e 3b  aa 5c a6 c4  b1 44 5c 68  dc 5a d6 4f
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  94 7d fc c6  57 a9 81 02  16 28 d9 12  69 00 de 1e
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  dc 0f 73 ad  8f d0 62 3e  95 cc 03 79  a2 fe 4a 9c
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  f8 ea d9 d6  ec eb a3 d9  68 37 d5 b1  a1 01 3f cd
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  cb d8 b3 15  45 d5 0d 4b  f0 93 73 bf  e4 3d d8 f6
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  36 29 4f d2  47 45 35 49  33 40 27 d5  5f a6 b8 8a
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  9f 89 e6 cf  5e 40 0c eb  d4 3e 4d 40  c7 28 6d 98
Jul 23 10:15:59 localhost pluto[5071]: ! DH_r:  48 b3 19 9b  95 a4 61 7d  44 9f 2e 39  a9 26 97 a5
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid:    1b 83 96 03  8a 0b ad 61  60 7b 27 cb  77 50 3d e1
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid:    09 12 00 09
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_d:  93 97 be ab  8e 32 cc 45  29 1d 5f 06  e8 99 27 3e
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_d:  56 57 40 36
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_a:  50 cb 75 57  d0 30 d6 7c  dd 10 95 3f  f1 7f 95 f3
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_a:  3b 4a 2e 61
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_e:  8c 80 f0 a9  92 7f 92 27  a8 56 ce af  30 3d c6 50
Jul 23 10:15:59 localhost pluto[5071]: ! Skeyid_e:  3f 9f cd c9
Jul 23 10:15:59 localhost pluto[5071]: ! enc key:  38 76 86 8e  59 45 6e 19  46 7f 3f 49  a9 d4 59 20
Jul 23 10:15:59 localhost pluto[5071]: ! enc key:  a6 73 ce ab  6d 7a 55 67  c2 86 7f 73  66 9c 52 6e
Jul 23 10:15:59 localhost pluto[5071]: ! IV:  12 2f 3c 50  59 0c e5 bf  65 26 b0 a2  8e 3b 69 cc
Jul 23 10:15:59 localhost pluto[5071]: ! IV:  e2 53 60 e1
Jul 23 10:15:59 localhost pluto[5069]: |  
Jul 23 10:15:59 localhost pluto[5069]: | helper 0 has finished work (cnt now 1)
Jul 23 10:15:59 localhost pluto[5069]: | helper 0 replies to id: q#2
Jul 23 10:15:59 localhost pluto[5069]: | calling callback function 0x806c290
Jul 23 10:15:59 localhost pluto[5069]: | main inI2_outR2: calculated DH finished
Jul 23 10:15:59 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:15:59 localhost pluto[5069]: | * processed 1 messages from cryptographic helpers 
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:15:59 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 23 10:16:00 localhost pluto[5069]: |  
Jul 23 10:16:00 localhost pluto[5069]: | *received 76 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |   05 10 02 01  00 00 00 00  00 00 00 4c  7f c1 da 21
Jul 23 10:16:00 localhost pluto[5069]: |   27 de cf 41  96 de fe 7a  0d 45 ef b8  fb f9 cd 9b
Jul 23 10:16:00 localhost pluto[5069]: |   af 12 99 41  1c 17 9b 2f  1f 9c 0d c0  ae 4b f1 6a
Jul 23 10:16:00 localhost pluto[5069]: |   5a f0 71 57  d6 0f ec ac  95 b0 04 57
Jul 23 10:16:00 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:16:00 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_ID
Jul 23 10:16:00 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:00 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:16:00 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:00 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:16:00 localhost pluto[5069]: |    length: 76
Jul 23 10:16:00 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 23 10:16:00 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:00 localhost pluto[5069]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 23 10:16:00 localhost pluto[5069]: | v1 state object #1 found, in STATE_MAIN_R2
Jul 23 10:16:00 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: | received encrypted packet from 192.168.0.8:500
Jul 23 10:16:00 localhost pluto[5069]: | decrypting 48 bytes using algorithm OAKLEY_AES_CBC
Jul 23 10:16:00 localhost pluto[5069]: | decrypted:
Jul 23 10:16:00 localhost pluto[5069]: |   08 00 00 13  0b 11 01 f4  4d 6f 62 69  6c 65 47 72
Jul 23 10:16:00 localhost pluto[5069]: |   6f 75 70 00  00 00 18 d2  54 55 f3 f6  fb bb 79 11
Jul 23 10:16:00 localhost pluto[5069]: |   c0 d6 ab cd  fb 2b 86 34  e6 d1 4b 00  00 00 00 00
Jul 23 10:16:00 localhost pluto[5069]: | next IV:  ae 4b f1 6a  5a f0 71 57  d6 0f ec ac  95 b0 04 57
Jul 23 10:16:00 localhost pluto[5069]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
Jul 23 10:16:00 localhost pluto[5069]: | ***parse ISAKMP Identification Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:00 localhost pluto[5069]: |    length: 19
Jul 23 10:16:00 localhost pluto[5069]: |    ID type: ID_KEY_ID
Jul 23 10:16:00 localhost pluto[5069]: |    DOI specific A: 17
Jul 23 10:16:00 localhost pluto[5069]: |    DOI specific B: 500
Jul 23 10:16:00 localhost pluto[5069]: |      obj:   4d 6f 62 69  6c 65 47 72  6f 75 70 00  00 00 18 d2
Jul 23 10:16:00 localhost pluto[5069]: |      obj:   54 55 f3
Jul 23 10:16:00 localhost pluto[5069]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
Jul 23 10:16:00 localhost pluto[5069]: | ***parse ISAKMP Hash Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:00 localhost pluto[5069]: |    length: 24
Jul 23 10:16:00 localhost pluto[5069]: | removing 5 bytes of padding
Jul 23 10:16:00 localhost pluto[5069]: | KEY ID:  4d 6f 62 69  6c 65 47 72  6f 75 70
Jul 23 10:16:00 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: Main mode peer ID is ID_KEY_ID: '@#0x4d6f62696c6547726f7570'
Jul 23 10:16:00 localhost pluto[5069]: | refine_connection: starting with e61
Jul 23 10:16:00 localhost pluto[5069]: | started looking for secret for @foo.mydomain.org->192.168.0.8 of kind PPK_PSK
Jul 23 10:16:00 localhost pluto[5069]: | instantiating him to 0.0.0.0
Jul 23 10:16:00 localhost pluto[5069]: | actually looking for secret for @foo.mydomain.org->%any of kind PPK_PSK
Jul 23 10:16:00 localhost pluto[5069]: | line 18: key type PPK_PSK(@foo.mydomain.org) to type PPK_PSK 
Jul 23 10:16:00 localhost pluto[5069]: | 1: compared key %any to @foo.mydomain.org / %any -> 2
Jul 23 10:16:00 localhost pluto[5069]: | 2: compared key 192.168.0.3 to @foo.mydomain.org / %any -> 2
Jul 23 10:16:00 localhost pluto[5069]: | line 18: match=2 
Jul 23 10:16:00 localhost pluto[5069]: | best_match 0>2 best=0x83e1250 (line=18)
Jul 23 10:16:00 localhost pluto[5069]: | line 1: key type PPK_PSK(@foo.mydomain.org) to type PPK_RSA 
Jul 23 10:16:00 localhost pluto[5069]: | concluding with best_match=2 best=0x83e1250 (lineno=18)
Jul 23 10:16:00 localhost pluto[5069]: |    match_id a=@#0x4d6f62696c6547726f7570
Jul 23 10:16:00 localhost pluto[5069]: |             b=192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: |    results  fail
Jul 23 10:16:00 localhost pluto[5069]: |   trusted_ca called with a=(empty) b=(empty)
Jul 23 10:16:00 localhost pluto[5069]: | refine_connection: checking e61 against e61, best=(none) with match=0(id=0/ca=1/reqca=1)
Jul 23 10:16:00 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 192.168.0.8:500 
Jul 23 10:16:00 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 0.0.0.0:500 
Jul 23 10:16:00 localhost pluto[5069]: | find_host_pair_conn (refine_host_connection): 192.168.0.3:500 %any:500 -> hp:e61 
Jul 23 10:16:00 localhost pluto[5069]: |    match_id a=@#0x4d6f62696c6547726f7570
Jul 23 10:16:00 localhost pluto[5069]: |             b=(none)
Jul 23 10:16:00 localhost pluto[5069]: |    results  matched
Jul 23 10:16:00 localhost pluto[5069]: |   trusted_ca called with a=(empty) b=(empty)
Jul 23 10:16:00 localhost pluto[5069]: | refine_connection: checking e61 against e61, best=(none) with match=1(id=1/ca=1/reqca=1)
Jul 23 10:16:00 localhost pluto[5069]: | refine_connection: checked e61 against e61, now for see if best
Jul 23 10:16:00 localhost pluto[5069]: | started looking for secret for @foo.mydomain.org->(none) of kind PPK_PSK
Jul 23 10:16:00 localhost pluto[5069]: | replace him to 0.0.0.0
Jul 23 10:16:00 localhost pluto[5069]: | actually looking for secret for @foo.mydomain.org->%any of kind PPK_PSK
Jul 23 10:16:00 localhost pluto[5069]: | line 18: key type PPK_PSK(@foo.mydomain.org) to type PPK_PSK 
Jul 23 10:16:00 localhost pluto[5069]: | 1: compared key %any to @foo.mydomain.org / %any -> 2
Jul 23 10:16:00 localhost pluto[5069]: | 2: compared key 192.168.0.3 to @foo.mydomain.org / %any -> 2
Jul 23 10:16:00 localhost pluto[5069]: | line 18: match=2 
Jul 23 10:16:00 localhost pluto[5069]: | best_match 0>2 best=0x83e1250 (line=18)
Jul 23 10:16:00 localhost pluto[5069]: | line 1: key type PPK_PSK(@foo.mydomain.org) to type PPK_RSA 
Jul 23 10:16:00 localhost pluto[5069]: | concluding with best_match=2 best=0x83e1250 (lineno=18)
Jul 23 10:16:00 localhost pluto[5069]: | refine_connection: picking new best e61 (wild=15, peer_pathlen=0/our=0)
Jul 23 10:16:00 localhost pluto[5069]: | offered CA: '%none'
Jul 23 10:16:00 localhost pluto[5069]: "e61"[1] 192.168.0.8 #1: switched from "e61" to "e61"
Jul 23 10:16:00 localhost pluto[5069]: |    match_id a=@#0x4d6f62696c6547726f7570
Jul 23 10:16:00 localhost pluto[5069]: |             b=(none)
Jul 23 10:16:00 localhost pluto[5069]: |    results  matched
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=5
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=5
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=6
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_addref() alg_info->ref_cnt=6
Jul 23 10:16:00 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 0.0.0.0:500 
Jul 23 10:16:00 localhost pluto[5069]: | find_host_pair: comparing to 192.168.0.3:500 192.168.0.8:500 
Jul 23 10:16:00 localhost pluto[5069]: | connect_to_host_pair: 192.168.0.3:500 192.168.0.8:500 -> hp:e61 
Jul 23 10:16:00 localhost pluto[5069]: | instantiated "e61" for 192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: | processing connection e61[1] 192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: deleting connection "e61" instance with peer 192.168.0.8 {isakmp=#0/ipsec=#0}
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_delref(0x83df7a0) alg_info->ref_cnt=6
Jul 23 10:16:00 localhost pluto[5069]: | alg_info_delref(0x83def40) alg_info->ref_cnt=6
Jul 23 10:16:00 localhost pluto[5069]: | hashing 56 bytes of SA
Jul 23 10:16:00 localhost pluto[5069]: | authentication succeeded
Jul 23 10:16:00 localhost pluto[5069]: | thinking about whether to send my certificate:
Jul 23 10:16:00 localhost pluto[5069]: |   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE 
Jul 23 10:16:00 localhost pluto[5069]: |   sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
Jul 23 10:16:00 localhost pluto[5069]: |   so do not send cert.
Jul 23 10:16:00 localhost pluto[5069]: | I did not send a certificate because digital signatures are not being used. (PSK)
Jul 23 10:16:00 localhost pluto[5069]: | **emit ISAKMP Message:
Jul 23 10:16:00 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_ID
Jul 23 10:16:00 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:00 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_IDPROT
Jul 23 10:16:00 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:00 localhost pluto[5069]: |    message ID:  00 00 00 00
Jul 23 10:16:00 localhost pluto[5069]: | ***emit ISAKMP Identification Payload (IPsec DOI):
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:00 localhost pluto[5069]: |    ID type: ID_FQDN
Jul 23 10:16:00 localhost pluto[5069]: |    Protocol ID: 0
Jul 23 10:16:00 localhost pluto[5069]: |    port: 0
Jul 23 10:16:00 localhost pluto[5069]: | emitting 16 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
Jul 23 10:16:00 localhost pluto[5069]: | my identity  66 6f 6f 2e  6d 79 64 6f  6d 61 69 6e  2e 6f 72 67
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 24
Jul 23 10:16:00 localhost pluto[5069]: | hashing 56 bytes of SA
Jul 23 10:16:00 localhost pluto[5069]: | ***emit ISAKMP Hash Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_VID
Jul 23 10:16:00 localhost pluto[5069]: | emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload
Jul 23 10:16:00 localhost pluto[5069]: | HASH_R  9f 9a e5 2a  2c 28 49 31  08 25 93 6f  c2 2f f9 46
Jul 23 10:16:00 localhost pluto[5069]: | HASH_R  55 0d b7 42
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Hash Payload: 24
Jul 23 10:16:00 localhost pluto[5069]: | out_vendorid(): sending [CAN-IKEv2]
Jul 23 10:16:00 localhost pluto[5069]: | ***emit ISAKMP Vendor ID Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:00 localhost pluto[5069]: | emitting 5 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jul 23 10:16:00 localhost pluto[5069]: | V_ID  49 4b 45 76  32
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Vendor ID Payload: 9
Jul 23 10:16:00 localhost pluto[5069]: | encrypting:
Jul 23 10:16:00 localhost pluto[5069]: |   08 00 00 18  02 00 00 00  66 6f 6f 2e  6d 79 64 6f
Jul 23 10:16:00 localhost pluto[5069]: |   6d 61 69 6e  2e 6f 72 67  0d 00 00 18  9f 9a e5 2a
Jul 23 10:16:00 localhost pluto[5069]: |   2c 28 49 31  08 25 93 6f  c2 2f f9 46  55 0d b7 42
Jul 23 10:16:00 localhost pluto[5069]: |   00 00 00 09  49 4b 45 76  32
Jul 23 10:16:00 localhost pluto[5069]: | IV:
Jul 23 10:16:00 localhost pluto[5069]: |   ae 4b f1 6a  5a f0 71 57  d6 0f ec ac  95 b0 04 57
Jul 23 10:16:00 localhost pluto[5069]: | unpadded size is: 57
Jul 23 10:16:00 localhost pluto[5069]: | emitting 7 zero bytes of encryption padding into ISAKMP Message
Jul 23 10:16:00 localhost pluto[5069]: | encrypting 64 using OAKLEY_AES_CBC
Jul 23 10:16:00 localhost pluto[5069]: | next IV:  1a 71 27 97  71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Message: 92
Jul 23 10:16:00 localhost pluto[5069]: | last encrypted block of Phase 1:
Jul 23 10:16:00 localhost pluto[5069]: |   1a 71 27 97  71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:00 localhost pluto[5069]: | complete state transition with STF_OK
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 23 10:16:00 localhost pluto[5069]: | deleting event for #1
Jul 23 10:16:00 localhost pluto[5069]: | sending reply packet to 192.168.0.8:500 (from port 500)
Jul 23 10:16:00 localhost pluto[5069]: | sending 92 bytes for STATE_MAIN_R2 through eth0:500 to 192.168.0.8:500 (using #1)
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |   05 10 02 01  00 00 00 00  00 00 00 5c  ee 1c 05 07
Jul 23 10:16:00 localhost pluto[5069]: |   0c f6 56 56  8b 7f 31 5d  3a 80 0c 8d  37 53 1d 42
Jul 23 10:16:00 localhost pluto[5069]: |   de f7 1f d2  ec 9d a5 d0  91 03 22 47  2b 93 f0 82
Jul 23 10:16:00 localhost pluto[5069]: |   39 c1 eb 64  b1 b6 48 cd  db 2d 53 49  1a 71 27 97
Jul 23 10:16:00 localhost pluto[5069]: |   71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:00 localhost pluto[5069]: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #1
Jul 23 10:16:00 localhost pluto[5069]: | event added after event EVENT_REINIT_SECRET
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1536}
Jul 23 10:16:00 localhost pluto[5069]: | modecfg pull: quirk-poll policy:pull not-client
Jul 23 10:16:00 localhost pluto[5069]: | phase 1 is done, looking for phase 2 to unpend
Jul 23 10:16:00 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:16:00 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
Jul 23 10:16:00 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
Jul 23 10:16:00 localhost pluto[5069]: |  
Jul 23 10:16:00 localhost pluto[5069]: | *received 76 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |   08 10 06 01  1e da a0 ac  00 00 00 4c  c7 3e f1 be
Jul 23 10:16:00 localhost pluto[5069]: |   5e fb 18 08  b8 78 6a 53  c8 66 c3 7c  bc 39 cd 98
Jul 23 10:16:00 localhost pluto[5069]: |   6b 48 aa 53  8d fd 1b 93  79 cd 36 5d  71 91 80 af
Jul 23 10:16:00 localhost pluto[5069]: |   19 ef 64 70  93 7e 78 c9  cc 12 93 34
Jul 23 10:16:00 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:16:00 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:00 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:00 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_MODE_CFG
Jul 23 10:16:00 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:00 localhost pluto[5069]: |    message ID:  1e da a0 ac
Jul 23 10:16:00 localhost pluto[5069]: |    length: 76
Jul 23 10:16:00 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
Jul 23 10:16:00 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:00 localhost pluto[5069]: | peer and cookies match on #1, provided msgid 1edaa0ac vs 00000000/00000000
Jul 23 10:16:00 localhost pluto[5069]: | p15 state object not found
Jul 23 10:16:00 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:00 localhost pluto[5069]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
Jul 23 10:16:00 localhost pluto[5069]: | p15 state object #1 found, in STATE_MAIN_R3
Jul 23 10:16:00 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:00 localhost pluto[5069]: | last Phase 1 IV:  1a 71 27 97  71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:00 localhost pluto[5069]: | current Phase 1 IV:  1a 71 27 97  71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:00 localhost pluto[5069]: | computed Phase 2 IV:
Jul 23 10:16:00 localhost pluto[5069]: |   b4 ea 9c 9a  e1 2b 64 a6  c1 7d 35 26  6e f1 21 90
Jul 23 10:16:00 localhost pluto[5069]: |   28 06 ef 58
Jul 23 10:16:00 localhost pluto[5069]: | received encrypted packet from 192.168.0.8:500
Jul 23 10:16:00 localhost pluto[5069]: | decrypting 48 bytes using algorithm OAKLEY_AES_CBC
Jul 23 10:16:00 localhost pluto[5069]: | decrypted:
Jul 23 10:16:00 localhost pluto[5069]: |   0e 00 00 18  16 dc ef 2f  44 97 26 ad  39 00 91 7d
Jul 23 10:16:00 localhost pluto[5069]: |   23 0c 91 f0  34 c2 71 26  00 00 00 10  01 00 ff ff
Jul 23 10:16:00 localhost pluto[5069]: |   00 01 00 00  00 03 00 00  00 00 00 00  00 00 00 00
Jul 23 10:16:00 localhost pluto[5069]: | next IV:  71 91 80 af  19 ef 64 70  93 7e 78 c9  cc 12 93 34
Jul 23 10:16:00 localhost pluto[5069]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000
Jul 23 10:16:00 localhost pluto[5069]: | ***parse ISAKMP Hash Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_MODECFG
Jul 23 10:16:00 localhost pluto[5069]: |    length: 24
Jul 23 10:16:00 localhost pluto[5069]: | got payload 0x4000(ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000
Jul 23 10:16:00 localhost pluto[5069]: | ***parse ISAKMP Mode Attribute:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:00 localhost pluto[5069]: |    length: 16
Jul 23 10:16:00 localhost pluto[5069]: |    Attr Msg Type: ISAKMP_CFG_REQUEST
Jul 23 10:16:00 localhost pluto[5069]: |    Identifier: 65535
Jul 23 10:16:00 localhost pluto[5069]: | removing 8 bytes of padding
Jul 23 10:16:00 localhost pluto[5069]: | **emit ISAKMP Message:
Jul 23 10:16:00 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:00 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:00 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:00 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:00 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_MODE_CFG
Jul 23 10:16:00 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:00 localhost pluto[5069]: |    message ID:  1e da a0 ac
Jul 23 10:16:00 localhost pluto[5069]: | arrived in modecfg_inR0
Jul 23 10:16:00 localhost pluto[5069]: | XAUTH: HASH computed:
Jul 23 10:16:00 localhost pluto[5069]: |   16 dc ef 2f  44 97 26 ad  39 00 91 7d  23 0c 91 f0
Jul 23 10:16:00 localhost pluto[5069]: |   34 c2 71 26
Jul 23 10:16:00 localhost pluto[5069]: | ****parse ISAKMP ModeCfg attribute:
Jul 23 10:16:00 localhost pluto[5069]: |    ModeCfg attr type: INTERNAL_IP4_ADDRESS
Jul 23 10:16:00 localhost pluto[5069]: |    length/value: 0
Jul 23 10:16:00 localhost pluto[5069]: | ***emit ISAKMP Hash Payload:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_MODECFG
Jul 23 10:16:00 localhost pluto[5069]: | emitting 20 zero bytes of HASH into ISAKMP Hash Payload
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Hash Payload: 24
Jul 23 10:16:00 localhost pluto[5069]: | ***emit ISAKMP Mode Attribute:
Jul 23 10:16:00 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:00 localhost pluto[5069]: |    Attr Msg Type: ISAKMP_CFG_REPLY
Jul 23 10:16:00 localhost pluto[5069]: |    Identifier: 65535
Jul 23 10:16:00 localhost pluto[5069]: | ****emit ISAKMP ModeCfg attribute:
Jul 23 10:16:00 localhost pluto[5069]: |    ModeCfg attr type: INTERNAL_IP4_ADDRESS
Jul 23 10:16:00 localhost pluto[5069]: | emitting 4 raw bytes of IP4_addr into ISAKMP ModeCfg attribute
Jul 23 10:16:00 localhost pluto[5069]: | IP4_addr  c0 a8 00 03
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP ModeCfg attribute: 4
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Mode Attribute: 16
Jul 23 10:16:00 localhost pluto[5069]: | XAUTH: HASH computed:
Jul 23 10:16:00 localhost pluto[5069]: |   95 5e cf bc  8a 53 4a c4  20 d7 8d 9b  06 e0 0a 4e
Jul 23 10:16:00 localhost pluto[5069]: |   3f 0f 90 f6
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Message: 68
Jul 23 10:16:00 localhost pluto[5069]: | encrypting:
Jul 23 10:16:00 localhost pluto[5069]: |   0e 00 00 18  95 5e cf bc  8a 53 4a c4  20 d7 8d 9b
Jul 23 10:16:00 localhost pluto[5069]: |   06 e0 0a 4e  3f 0f 90 f6  00 00 00 10  02 00 ff ff
Jul 23 10:16:00 localhost pluto[5069]: |   00 01 00 04  c0 a8 00 03
Jul 23 10:16:00 localhost pluto[5069]: | IV:
Jul 23 10:16:00 localhost pluto[5069]: |   71 91 80 af  19 ef 64 70  93 7e 78 c9  cc 12 93 34
Jul 23 10:16:00 localhost pluto[5069]: | unpadded size is: 40
Jul 23 10:16:00 localhost pluto[5069]: | emitting 8 zero bytes of encryption padding into ISAKMP Message
Jul 23 10:16:00 localhost pluto[5069]: | encrypting 48 using OAKLEY_AES_CBC
Jul 23 10:16:00 localhost pluto[5069]: | next IV:  94 1c 0e a1  13 b2 ed 8b  55 21 35 a2  ae 5f 0c 91
Jul 23 10:16:00 localhost pluto[5069]: | emitting length of ISAKMP Message: 76
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: modecfg_inR0(STF_OK)
Jul 23 10:16:00 localhost pluto[5069]: | complete state transition with STF_OK
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
Jul 23 10:16:00 localhost pluto[5069]: | deleting event for #1
Jul 23 10:16:00 localhost pluto[5069]: | sending reply packet to 192.168.0.8:500 (from port 500)
Jul 23 10:16:00 localhost pluto[5069]: | sending 76 bytes for STATE_MODE_CFG_R0 through eth0:500 to 192.168.0.8:500 (using #1)
Jul 23 10:16:00 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:00 localhost pluto[5069]: |   08 10 06 01  1e da a0 ac  00 00 00 4c  e2 72 1f 83
Jul 23 10:16:00 localhost pluto[5069]: |   d4 3f 72 d6  c8 0a dd 06  96 54 62 db  e2 55 d0 5c
Jul 23 10:16:00 localhost pluto[5069]: |   5f 19 39 b4  1c 3b c1 cc  e2 1f 01 2e  94 1c 0e a1
Jul 23 10:16:00 localhost pluto[5069]: |   13 b2 ed 8b  55 21 35 a2  ae 5f 0c 91
Jul 23 10:16:00 localhost pluto[5069]: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #1
Jul 23 10:16:00 localhost pluto[5069]: | event added after event EVENT_REINIT_SECRET
Jul 23 10:16:00 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack
Jul 23 10:16:00 localhost pluto[5069]: | modecfg pull: quirk-poll policy:pull not-client
Jul 23 10:16:00 localhost pluto[5069]: | phase 1 is done, looking for phase 2 to unpend
Jul 23 10:16:00 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:16:00 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
Jul 23 10:16:00 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
Jul 23 10:16:02 localhost pluto[5069]: |  
Jul 23 10:16:02 localhost pluto[5069]: | *received 188 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |   08 10 20 01  1f 4f 10 a6  00 00 00 bc  64 03 44 b6
Jul 23 10:16:02 localhost pluto[5069]: |   e0 57 6b 73  75 1d d5 e5  bc 91 17 41  ae c0 99 c1
Jul 23 10:16:02 localhost pluto[5069]: |   64 ea 5d 7f  fc 84 eb 0c  5c 11 33 c8  ad 74 04 d4
Jul 23 10:16:02 localhost pluto[5069]: |   85 68 c2 6f  46 c0 5b 02  e5 ac ac e7  38 e1 77 8b
Jul 23 10:16:02 localhost pluto[5069]: |   dd 3b b2 1f  b7 5a 8c b2  02 90 6f 2c  ad 44 ea 27
Jul 23 10:16:02 localhost pluto[5069]: |   9c c8 a1 03  70 81 8a 96  dd 31 ed 76  b8 d2 a0 a7
Jul 23 10:16:02 localhost pluto[5069]: |   9f f3 78 e7  7b 23 92 84  74 0b 09 60  62 be 49 ea
Jul 23 10:16:02 localhost pluto[5069]: |   f0 e3 8c dd  37 7f ac 02  42 c5 f4 8d  16 fb f2 f1
Jul 23 10:16:02 localhost pluto[5069]: |   3f f4 15 bc  35 f7 90 3c  89 f2 19 99  a4 dd 19 86
Jul 23 10:16:02 localhost pluto[5069]: |   f3 42 88 1e  03 03 d8 cf  fa e0 67 75  d4 66 81 7c
Jul 23 10:16:02 localhost pluto[5069]: |   6f fa ff 76  64 c1 84 9a  64 29 26 16
Jul 23 10:16:02 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:16:02 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:02 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:02 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_QUICK
Jul 23 10:16:02 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:02 localhost pluto[5069]: |    message ID:  1f 4f 10 a6
Jul 23 10:16:02 localhost pluto[5069]: |    length: 188
Jul 23 10:16:02 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
Jul 23 10:16:02 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:02 localhost pluto[5069]: | v1 peer and cookies match on #1, provided msgid 1f4f10a6 vs 00000000
Jul 23 10:16:02 localhost pluto[5069]: | v1 state object not found
Jul 23 10:16:02 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:02 localhost pluto[5069]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 23 10:16:02 localhost pluto[5069]: | v1 state object #1 found, in STATE_MODE_CFG_R1
Jul 23 10:16:02 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:02 localhost pluto[5069]: | last Phase 1 IV:  1a 71 27 97  71 36 b3 a2  e0 3d 58 a5  6c c5 d9 43
Jul 23 10:16:02 localhost pluto[5069]: | current Phase 1 IV:  94 1c 0e a1  13 b2 ed 8b  55 21 35 a2  ae 5f 0c 91
Jul 23 10:16:02 localhost pluto[5069]: | computed Phase 2 IV:
Jul 23 10:16:02 localhost pluto[5069]: |   ad 46 a0 8e  97 14 1b dd  b8 9f 73 69  80 33 86 7e
Jul 23 10:16:02 localhost pluto[5069]: |   6a 6e 02 7e
Jul 23 10:16:02 localhost pluto[5069]: | received encrypted packet from 192.168.0.8:500
Jul 23 10:16:02 localhost pluto[5069]: | decrypting 160 bytes using algorithm OAKLEY_AES_CBC
Jul 23 10:16:02 localhost pluto[5069]: | decrypted:
Jul 23 10:16:02 localhost pluto[5069]: |   01 00 00 18  28 72 03 52  8e 55 70 1e  95 1c 71 80
Jul 23 10:16:02 localhost pluto[5069]: |   ca ca 39 12  45 69 ef d9  0a 00 00 38  00 00 00 01
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 01  00 00 00 2c  00 03 04 01  3d 18 f6 34
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 20  00 0c 00 00  80 01 00 01  00 02 00 04
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 0e 10  80 04 00 01  80 05 00 02  80 06 01 00
Jul 23 10:16:02 localhost pluto[5069]: |   05 00 00 14  2d 4f a9 7e  da 4d 3c 49  e3 8e 45 fc
Jul 23 10:16:02 localhost pluto[5069]: |   2e df d7 db  05 00 00 0c  01 00 00 00  c0 a8 00 03
Jul 23 10:16:02 localhost pluto[5069]: |   0b 00 00 10  04 00 00 00  00 00 00 00  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 14  00 00 00 01  03 04 60 01  3d 18 f6 34
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | next IV:  d4 66 81 7c  6f fa ff 76  64 c1 84 9a  64 29 26 16
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Hash Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_SA
Jul 23 10:16:02 localhost pluto[5069]: |    length: 24
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Security Association Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONCE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 56
Jul 23 10:16:02 localhost pluto[5069]: |    DOI: ISAKMP_DOI_IPSEC
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Nonce Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_ID
Jul 23 10:16:02 localhost pluto[5069]: |    length: 20
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_ID
Jul 23 10:16:02 localhost pluto[5069]: |    length: 12
Jul 23 10:16:02 localhost pluto[5069]: |    ID type: ID_IPV4_ADDR
Jul 23 10:16:02 localhost pluto[5069]: |    Protocol ID: 0
Jul 23 10:16:02 localhost pluto[5069]: |    port: 0
Jul 23 10:16:02 localhost pluto[5069]: |      obj:   c0 a8 00 03  0b 00 00 10  04 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_N
Jul 23 10:16:02 localhost pluto[5069]: |    length: 16
Jul 23 10:16:02 localhost pluto[5069]: |    ID type: ID_IPV4_ADDR_SUBNET
Jul 23 10:16:02 localhost pluto[5069]: |    Protocol ID: 0
Jul 23 10:16:02 localhost pluto[5069]: |    port: 0
Jul 23 10:16:02 localhost pluto[5069]: |      obj:   00 00 00 00  00 00 00 00  00 00 00 14  00 00 00 01
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x200030
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Notification Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 20
Jul 23 10:16:02 localhost pluto[5069]: |    DOI: ISAKMP_DOI_IPSEC
Jul 23 10:16:02 localhost pluto[5069]: |    protocol ID: 3
Jul 23 10:16:02 localhost pluto[5069]: |    SPI size: 4
Jul 23 10:16:02 localhost pluto[5069]: |    Notify Message Type: IPSEC_REPLAY_STATUS
Jul 23 10:16:02 localhost pluto[5069]: | removing 12 bytes of padding
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: ignoring informational payload, type IPSEC_REPLAY_STATUS msgid=00000000
Jul 23 10:16:02 localhost pluto[5069]: | info:  3d 18 f6 34  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | HASH(1) computed:
Jul 23 10:16:02 localhost pluto[5069]: |   28 72 03 52  8e 55 70 1e  95 1c 71 80  ca ca 39 12
Jul 23 10:16:02 localhost pluto[5069]: |   45 69 ef d9
Jul 23 10:16:02 localhost pluto[5069]: | peer client is 192.168.0.3
Jul 23 10:16:02 localhost pluto[5069]: | peer client protocol/port is 0/0
Jul 23 10:16:02 localhost pluto[5069]: | our client is subnet 0.0.0.0/0
Jul 23 10:16:02 localhost pluto[5069]: | our client protocol/port is 0/0
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #1: the peer proposed: 0.0.0.0/0:0/0 -> 192.168.0.3/32:0/0
Jul 23 10:16:02 localhost pluto[5069]: | find_client_connection starting with e61
Jul 23 10:16:02 localhost pluto[5069]: |   looking for 0.0.0.0/0:0/0 -> 192.168.0.3/32:0/0
Jul 23 10:16:02 localhost pluto[5069]: |   concrete checking against sr#0 0.0.0.0/0 -> 192.168.0.3/32
Jul 23 10:16:02 localhost pluto[5069]: |    match_id a=@#0x4d6f62696c6547726f7570
Jul 23 10:16:02 localhost pluto[5069]: |             b=@#0x4d6f62696c6547726f7570
Jul 23 10:16:02 localhost pluto[5069]: |    results  matched
Jul 23 10:16:02 localhost pluto[5069]: |   trusted_ca called with a=(empty) b=(empty)
Jul 23 10:16:02 localhost pluto[5069]: |   fc_try trying e61:0.0.0.0/0:0/0 -> 192.168.0.3/32:0/0 vs e61:0.0.0.0/0:0/0 -> 192.168.0.3/32:0/0
Jul 23 10:16:02 localhost pluto[5069]: |   fc_try concluding with e61 [128]
Jul 23 10:16:02 localhost pluto[5069]: |   fc_try e61 gives e61
Jul 23 10:16:02 localhost pluto[5069]: |   concluding with d = e61
Jul 23 10:16:02 localhost pluto[5069]: | client wildcard: no  port wildcard: no  virtual: no
Jul 23 10:16:02 localhost pluto[5069]: | duplicating state object #1
Jul 23 10:16:02 localhost pluto[5069]: | creating state object #2 at 0x83e3638
Jul 23 10:16:02 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:02 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:02 localhost pluto[5069]: | inserting state object #2 on chain 19
Jul 23 10:16:02 localhost pluto[5069]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: | event added at head of queue
Jul 23 10:16:02 localhost pluto[5069]: | ****parse IPsec DOI SIT:
Jul 23 10:16:02 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:16:02 localhost pluto[5069]: | ****parse ISAKMP Proposal Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 44
Jul 23 10:16:02 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    protocol ID: PROTO_IPSEC_ESP
Jul 23 10:16:02 localhost pluto[5069]: |    SPI size: 4
Jul 23 10:16:02 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:16:02 localhost pluto[5069]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Jul 23 10:16:02 localhost pluto[5069]: | SPI  3d 18 f6 34
Jul 23 10:16:02 localhost pluto[5069]: | *****parse ISAKMP Transform Payload (ESP):
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 32
Jul 23 10:16:02 localhost pluto[5069]: |    transform number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    transform ID: ESP_AES
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: SA_LIFE_TYPE
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 1
Jul 23 10:16:02 localhost pluto[5069]: |    [1 is SA_LIFE_TYPE_SECONDS]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: SA_LIFE_DURATION (variable length)
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 4
Jul 23 10:16:02 localhost pluto[5069]: |    long duration: 3600
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: ENCAPSULATION_MODE
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 1
Jul 23 10:16:02 localhost pluto[5069]: |    [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: AUTH_ALGORITHM
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 2
Jul 23 10:16:02 localhost pluto[5069]: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: KEY_LENGTH
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 256
Jul 23 10:16:02 localhost pluto[5069]: | kernel_alg_esp_enc_ok(12,256): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:16:02 localhost pluto[5069]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 23 10:16:02 localhost pluto[5069]: | asking helper 0 to do build_nonce op on seq: 3 (len=2668, pcw_work=1)
Jul 23 10:16:02 localhost pluto[5069]: | crypto helper write of request: cnt=2668<wlen=2668.  
Jul 23 10:16:02 localhost pluto[5069]: | deleting event for #2
Jul 23 10:16:02 localhost pluto[5069]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: | event added after event EVENT_PENDING_PHASE2
Jul 23 10:16:02 localhost pluto[5069]: | complete state transition with STF_SUSPEND
Jul 23 10:16:02 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 17 seconds
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 17 seconds
Jul 23 10:16:02 localhost pluto[5071]: ! helper 0 read 2664+4/2668 bytesfd: 8
Jul 23 10:16:02 localhost pluto[5071]: ! helper 0 doing build_nonce op id: 3
Jul 23 10:16:02 localhost pluto[5071]: ! Generated nonce:
Jul 23 10:16:02 localhost pluto[5071]: !   f3 cd d7 56  c4 3c f9 5e  3e ec e7 e8  7f 6e 6f d4
Jul 23 10:16:02 localhost pluto[5069]: |  
Jul 23 10:16:02 localhost pluto[5069]: | helper 0 has finished work (cnt now 1)
Jul 23 10:16:02 localhost pluto[5069]: | helper 0 replies to id: q#3
Jul 23 10:16:02 localhost pluto[5069]: | calling callback function 0x8074847
Jul 23 10:16:02 localhost pluto[5069]: | quick inI1_outR1: calculated ke+nonce, calculating DH
Jul 23 10:16:02 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:02 localhost pluto[5069]: | **emit ISAKMP Message:
Jul 23 10:16:02 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:02 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:02 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_QUICK
Jul 23 10:16:02 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:02 localhost pluto[5069]: |    message ID:  1f 4f 10 a6
Jul 23 10:16:02 localhost pluto[5069]: | ***emit ISAKMP Hash Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_SA
Jul 23 10:16:02 localhost pluto[5069]: | emitting 20 zero bytes of HASH into ISAKMP Hash Payload
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Hash Payload: 24
Jul 23 10:16:02 localhost pluto[5069]: | ***emit ISAKMP Security Association Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONCE
Jul 23 10:16:02 localhost pluto[5069]: |    DOI: ISAKMP_DOI_IPSEC
Jul 23 10:16:02 localhost pluto[5069]: | ****parse IPsec DOI SIT:
Jul 23 10:16:02 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:16:02 localhost pluto[5069]: | ****parse ISAKMP Proposal Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 44
Jul 23 10:16:02 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    protocol ID: PROTO_IPSEC_ESP
Jul 23 10:16:02 localhost pluto[5069]: |    SPI size: 4
Jul 23 10:16:02 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:16:02 localhost pluto[5069]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Jul 23 10:16:02 localhost pluto[5069]: | SPI  3d 18 f6 34
Jul 23 10:16:02 localhost pluto[5069]: | *****parse ISAKMP Transform Payload (ESP):
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 32
Jul 23 10:16:02 localhost pluto[5069]: |    transform number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    transform ID: ESP_AES
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: SA_LIFE_TYPE
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 1
Jul 23 10:16:02 localhost pluto[5069]: |    [1 is SA_LIFE_TYPE_SECONDS]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: SA_LIFE_DURATION (variable length)
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 4
Jul 23 10:16:02 localhost pluto[5069]: |    long duration: 3600
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: ENCAPSULATION_MODE
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 1
Jul 23 10:16:02 localhost pluto[5069]: |    [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: AUTH_ALGORITHM
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 2
Jul 23 10:16:02 localhost pluto[5069]: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 23 10:16:02 localhost pluto[5069]: | ******parse ISAKMP IPsec DOI attribute:
Jul 23 10:16:02 localhost pluto[5069]: |    af+type: KEY_LENGTH
Jul 23 10:16:02 localhost pluto[5069]: |    length/value: 256
Jul 23 10:16:02 localhost pluto[5069]: | kernel_alg_esp_enc_ok(12,256): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 23 10:16:02 localhost pluto[5069]: | ****emit IPsec DOI SIT:
Jul 23 10:16:02 localhost pluto[5069]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 23 10:16:02 localhost pluto[5069]: | ****emit ISAKMP Proposal Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    proposal number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    protocol ID: PROTO_IPSEC_ESP
Jul 23 10:16:02 localhost pluto[5069]: |    SPI size: 4
Jul 23 10:16:02 localhost pluto[5069]: |    number of transforms: 1
Jul 23 10:16:02 localhost pluto[5069]: | netlink_get_spi: allocated 0xadd0f789 for esp.0@192.168.0.3
Jul 23 10:16:02 localhost pluto[5069]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
Jul 23 10:16:02 localhost pluto[5069]: | SPI  ad d0 f7 89
Jul 23 10:16:02 localhost pluto[5069]: | *****emit ISAKMP Transform Payload (ESP):
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    transform number: 0
Jul 23 10:16:02 localhost pluto[5069]: |    transform ID: ESP_AES
Jul 23 10:16:02 localhost pluto[5069]: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP)
Jul 23 10:16:02 localhost pluto[5069]: | attributes  80 01 00 01  00 02 00 04  00 00 0e 10  80 04 00 01
Jul 23 10:16:02 localhost pluto[5069]: | attributes  80 05 00 02  80 06 01 00
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Transform Payload (ESP): 32
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Proposal Payload: 44
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Security Association Payload: 56
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2: responding to Quick Mode proposal {msgid:a6104f1f}
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2:     us: 0.0.0.0/0===192.168.0.3[@foo.mydomain.org,MS+S=C]
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2:   them: 192.168.0.8[@#0x4d6f62696c6547726f7570,+MC+S=C]===192.168.0.3/32
Jul 23 10:16:02 localhost pluto[5069]: | ***emit ISAKMP Nonce Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_ID
Jul 23 10:16:02 localhost pluto[5069]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
Jul 23 10:16:02 localhost pluto[5069]: | Nr  f3 cd d7 56  c4 3c f9 5e  3e ec e7 e8  7f 6e 6f d4
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Nonce Payload: 20
Jul 23 10:16:02 localhost pluto[5069]: | emitting 12 raw bytes of IDci into ISAKMP Message
Jul 23 10:16:02 localhost pluto[5069]: | IDci  05 00 00 0c  01 00 00 00  c0 a8 00 03
Jul 23 10:16:02 localhost pluto[5069]: | emitting 16 raw bytes of IDcr into ISAKMP Message
Jul 23 10:16:02 localhost pluto[5069]: | IDcr  0b 00 00 10  04 00 00 00  00 00 00 00  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | HASH(2) computed:
Jul 23 10:16:02 localhost pluto[5069]: |   84 e0 5c d3  f0 7d 40 aa  eb 29 4c c0  90 47 e2 19
Jul 23 10:16:02 localhost pluto[5069]: |   b1 10 d8 9e
Jul 23 10:16:02 localhost pluto[5069]: | compute_proto_keymat:needed_len (after ESP enc)=32
Jul 23 10:16:02 localhost pluto[5069]: | compute_proto_keymat:needed_len (after ESP auth)=52
Jul 23 10:16:02 localhost pluto[5069]: | ESP KEYMAT 
Jul 23 10:16:02 localhost pluto[5069]: |   KEYMAT computed:
Jul 23 10:16:02 localhost pluto[5069]: |   d7 12 93 79  b0 31 31 eb  97 90 8d 45  0b 01 07 69
Jul 23 10:16:02 localhost pluto[5069]: |   d8 91 0c 07  c9 e5 9e f1  30 18 22 11  9b 9f 40 bd
Jul 23 10:16:02 localhost pluto[5069]: |   27 e7 2b 38  19 ad 54 c3  9b 18 6a 03  65 07 3f 04
Jul 23 10:16:02 localhost pluto[5069]: |   27 5c 73 10
Jul 23 10:16:02 localhost pluto[5069]: |   Peer KEYMAT computed:
Jul 23 10:16:02 localhost pluto[5069]: |   2b 6c 1f 1a  ac 69 be 78  39 3a 9a 88  af f8 37 a7
Jul 23 10:16:02 localhost pluto[5069]: |   75 6f 25 06  0d 10 9f cd  d2 88 bc ab  1e f8 92 96
Jul 23 10:16:02 localhost pluto[5069]: |   9d 0b 23 d3  4e 1f 6c 00  14 92 bb f9  c9 63 f4 c1
Jul 23 10:16:02 localhost pluto[5069]: |   c4 aa 3a bb
Jul 23 10:16:02 localhost pluto[5069]: | route owner of "e61"[2] 192.168.0.8 unrouted: NULL
Jul 23 10:16:02 localhost pluto[5069]: | install_inbound_ipsec_sa() checking if we can route
Jul 23 10:16:02 localhost pluto[5069]: | route owner of "e61"[2] 192.168.0.8 unrouted: NULL; eroute owner: NULL
Jul 23 10:16:02 localhost pluto[5069]: | could_route called for e61 (kind=CK_INSTANCE)
Jul 23 10:16:02 localhost pluto[5069]: |    routing is easy, or has resolvable near-conflict
Jul 23 10:16:02 localhost pluto[5069]: | checking if this is a replacement state
Jul 23 10:16:02 localhost pluto[5069]: |   st=0x83e3638 ost=(nil) st->serialno=#2 ost->serialno=#0 
Jul 23 10:16:02 localhost pluto[5069]: | installing outgoing SA now as refhim=0
Jul 23 10:16:02 localhost pluto[5069]: | looking for alg with transid: 12 keylen: 256 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 11 keylen: 0 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 11 keylen: 0 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | kernel_alg_esp_info():transid=12, auth=2, ei=0x8138554, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
Jul 23 10:16:02 localhost pluto[5069]: | esp enckey:  2b 6c 1f 1a  ac 69 be 78  39 3a 9a 88  af f8 37 a7
Jul 23 10:16:02 localhost pluto[5069]: | esp enckey:  75 6f 25 06  0d 10 9f cd  d2 88 bc ab  1e f8 92 96
Jul 23 10:16:02 localhost pluto[5069]: | esp authkey:  9d 0b 23 d3  4e 1f 6c 00  14 92 bb f9  c9 63 f4 c1
Jul 23 10:16:02 localhost pluto[5069]: | esp authkey:  c4 aa 3a bb
Jul 23 10:16:02 localhost pluto[5069]: | netlink: ignoring out of sequence (3/4) message NLMSG_ERROR
Jul 23 10:16:02 localhost pluto[5069]: | outgoing SA has refhim=4294901761
Jul 23 10:16:02 localhost pluto[5069]: | looking for alg with transid: 12 keylen: 256 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 11 keylen: 0 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 11 keylen: 0 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 2 keylen: 8 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 3 keylen: 24 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 0 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 1 
Jul 23 10:16:02 localhost pluto[5069]: | checking transid: 12 keylen: 16 auth: 2 
Jul 23 10:16:02 localhost pluto[5069]: | kernel_alg_esp_info():transid=12, auth=2, ei=0x8138554, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
Jul 23 10:16:02 localhost pluto[5069]: | esp enckey:  d7 12 93 79  b0 31 31 eb  97 90 8d 45  0b 01 07 69
Jul 23 10:16:02 localhost pluto[5069]: | esp enckey:  d8 91 0c 07  c9 e5 9e f1  30 18 22 11  9b 9f 40 bd
Jul 23 10:16:02 localhost pluto[5069]: | esp authkey:  27 e7 2b 38  19 ad 54 c3  9b 18 6a 03  65 07 3f 04
Jul 23 10:16:02 localhost pluto[5069]: | esp authkey:  27 5c 73 10
Jul 23 10:16:02 localhost pluto[5069]: | add inbound eroute 192.168.0.3/32:0 --0-> 0.0.0.0/0:0 => tun.10000@192.168.0.3 (raw_eroute)
Jul 23 10:16:02 localhost pluto[5069]: | raw_eroute result=1 
Jul 23 10:16:02 localhost pluto[5069]: | encrypting:
Jul 23 10:16:02 localhost pluto[5069]: |   01 00 00 18  84 e0 5c d3  f0 7d 40 aa  eb 29 4c c0
Jul 23 10:16:02 localhost pluto[5069]: |   90 47 e2 19  b1 10 d8 9e  0a 00 00 38  00 00 00 01
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 01  00 00 00 2c  00 03 04 01  ad d0 f7 89
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 20  00 0c 00 00  80 01 00 01  00 02 00 04
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 0e 10  80 04 00 01  80 05 00 02  80 06 01 00
Jul 23 10:16:02 localhost pluto[5069]: |   05 00 00 14  f3 cd d7 56  c4 3c f9 5e  3e ec e7 e8
Jul 23 10:16:02 localhost pluto[5069]: |   7f 6e 6f d4  05 00 00 0c  01 00 00 00  c0 a8 00 03
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 10  04 00 00 00  00 00 00 00  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | IV:
Jul 23 10:16:02 localhost pluto[5069]: |   d4 66 81 7c  6f fa ff 76  64 c1 84 9a  64 29 26 16
Jul 23 10:16:02 localhost pluto[5069]: | unpadded size is: 128
Jul 23 10:16:02 localhost pluto[5069]: | encrypting 128 using OAKLEY_AES_CBC
Jul 23 10:16:02 localhost pluto[5069]: | next IV:  75 a0 da c6  10 88 b5 e9  16 23 40 e0  ad 4c 83 c2
Jul 23 10:16:02 localhost pluto[5069]: | emitting length of ISAKMP Message: 156
Jul 23 10:16:02 localhost pluto[5069]: | finished processing quick inI1
Jul 23 10:16:02 localhost pluto[5069]: | complete state transition with STF_OK
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 23 10:16:02 localhost pluto[5069]: | deleting event for #2
Jul 23 10:16:02 localhost pluto[5069]: | sending reply packet to 192.168.0.8:500 (from port 500)
Jul 23 10:16:02 localhost pluto[5069]: | sending 156 bytes for STATE_QUICK_R0 through eth0:500 to 192.168.0.8:500 (using #2)
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |   08 10 20 01  1f 4f 10 a6  00 00 00 9c  36 f3 97 81
Jul 23 10:16:02 localhost pluto[5069]: |   e0 1c cb 6d  3b 9b 33 1f  29 fa 31 b9  96 a8 51 e8
Jul 23 10:16:02 localhost pluto[5069]: |   0a 06 dd d2  9b 82 43 b0  a1 17 d4 8d  07 cf 99 e2
Jul 23 10:16:02 localhost pluto[5069]: |   2d e0 37 36  ef d5 af ef  34 8c 77 5c  d9 ad 33 e2
Jul 23 10:16:02 localhost pluto[5069]: |   9a 5c ee b0  f5 66 26 01  db 3f d8 d0  b6 7d d0 68
Jul 23 10:16:02 localhost pluto[5069]: |   14 c8 79 c8  80 96 ad 63  1d 1f c5 60  68 28 75 c5
Jul 23 10:16:02 localhost pluto[5069]: |   90 e8 7f a2  54 8c 53 ae  7d 3f d8 c5  28 e1 1f 41
Jul 23 10:16:02 localhost pluto[5069]: |   6c 93 d8 17  db 62 ea 2d  a1 c9 72 43  75 a0 da c6
Jul 23 10:16:02 localhost pluto[5069]: |   10 88 b5 e9  16 23 40 e0  ad 4c 83 c2
Jul 23 10:16:02 localhost pluto[5069]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: | event added at head of queue
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jul 23 10:16:02 localhost pluto[5069]: | modecfg pull: quirk-poll policy:pull not-client
Jul 23 10:16:02 localhost pluto[5069]: | phase 1 is done, looking for phase 2 to unpend
Jul 23 10:16:02 localhost pluto[5069]: | * processed 1 messages from cryptographic helpers 
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: |  
Jul 23 10:16:02 localhost pluto[5069]: | *received 60 bytes from 192.168.0.8:500 on eth0 (port=500)
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |   08 10 20 01  1f 4f 10 a6  00 00 00 3c  a3 d2 49 b3
Jul 23 10:16:02 localhost pluto[5069]: |   26 33 16 df  73 1b 13 60  e7 41 47 4a  e0 08 8b 7a
Jul 23 10:16:02 localhost pluto[5069]: |   14 17 fe 42  07 a7 26 23  85 ca 0b 9c
Jul 23 10:16:02 localhost pluto[5069]: | **parse ISAKMP Message:
Jul 23 10:16:02 localhost pluto[5069]: |    initiator cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: |    responder cookie:
Jul 23 10:16:02 localhost pluto[5069]: |   f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_HASH
Jul 23 10:16:02 localhost pluto[5069]: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Jul 23 10:16:02 localhost pluto[5069]: |    exchange type: ISAKMP_XCHG_QUICK
Jul 23 10:16:02 localhost pluto[5069]: |    flags: ISAKMP_FLAG_ENCRYPTION
Jul 23 10:16:02 localhost pluto[5069]: |    message ID:  1f 4f 10 a6
Jul 23 10:16:02 localhost pluto[5069]: |    length: 60
Jul 23 10:16:02 localhost pluto[5069]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
Jul 23 10:16:02 localhost pluto[5069]: | ICOOKIE:  5a 23 00 f9  03 e0 13 f7
Jul 23 10:16:02 localhost pluto[5069]: | RCOOKIE:  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:02 localhost pluto[5069]: | state hash entry 19
Jul 23 10:16:02 localhost pluto[5069]: | v1 peer and cookies match on #2, provided msgid 1f4f10a6 vs 1f4f10a6
Jul 23 10:16:02 localhost pluto[5069]: | v1 state object #2 found, in STATE_QUICK_R1
Jul 23 10:16:02 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:02 localhost pluto[5069]: | received encrypted packet from 192.168.0.8:500
Jul 23 10:16:02 localhost pluto[5069]: | decrypting 32 bytes using algorithm OAKLEY_AES_CBC
Jul 23 10:16:02 localhost pluto[5069]: | decrypted:
Jul 23 10:16:02 localhost pluto[5069]: |   00 00 00 18  21 0d dc e6  4b 14 a1 2c  8f f6 8d 55
Jul 23 10:16:02 localhost pluto[5069]: |   6f 98 0a 9e  f1 c2 1a fd  00 00 00 00  00 00 00 00
Jul 23 10:16:02 localhost pluto[5069]: | next IV:  e0 08 8b 7a  14 17 fe 42  07 a7 26 23  85 ca 0b 9c
Jul 23 10:16:02 localhost pluto[5069]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
Jul 23 10:16:02 localhost pluto[5069]: | ***parse ISAKMP Hash Payload:
Jul 23 10:16:02 localhost pluto[5069]: |    next payload type: ISAKMP_NEXT_NONE
Jul 23 10:16:02 localhost pluto[5069]: |    length: 24
Jul 23 10:16:02 localhost pluto[5069]: | removing 8 bytes of padding
Jul 23 10:16:02 localhost pluto[5069]: | HASH(3) computed:  21 0d dc e6  4b 14 a1 2c  8f f6 8d 55  6f 98 0a 9e
Jul 23 10:16:02 localhost pluto[5069]: | HASH(3) computed:  f1 c2 1a fd
Jul 23 10:16:02 localhost pluto[5069]: | install_ipsec_sa() for #2: outbound only
Jul 23 10:16:02 localhost pluto[5069]: | route owner of "e61"[2] 192.168.0.8 unrouted: NULL; eroute owner: NULL
Jul 23 10:16:02 localhost pluto[5069]: | could_route called for e61 (kind=CK_INSTANCE)
Jul 23 10:16:02 localhost pluto[5069]: | sr for #2: unrouted
Jul 23 10:16:02 localhost pluto[5069]: | route owner of "e61"[2] 192.168.0.8 unrouted: NULL; eroute owner: NULL
Jul 23 10:16:02 localhost pluto[5069]: | route_and_eroute with c: e61 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Jul 23 10:16:02 localhost pluto[5069]: | eroute_connection add eroute 0.0.0.0/0:0 --0-> 192.168.0.3/32:0 => tun.0@192.168.0.8 (raw_eroute)
Jul 23 10:16:02 localhost pluto[5069]: | raw_eroute result=1 
Jul 23 10:16:02 localhost pluto[5069]: | command executing up-client
Jul 23 10:16:02 localhost pluto[5069]: | executing up-client: 2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.168.0.8' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@foo.mydomain.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.0.8' PLUTO_PEER_ID='@#0x4d6f62696c6547726f7570' PLUTO_PEER_CLIENT='192.168.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW' PLUTO_XAUTH_USERNAME=''  ipsec _updown
Jul 23 10:16:02 localhost pluto[5069]: | popen(): cmd is 680 chars long
Jul 23 10:16:02 localhost pluto[5069]: | cmd(   0):2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='e61' PLUTO_INT:
Jul 23 10:16:02 localhost pluto[5069]: | cmd(  80):ERFACE='eth0' PLUTO_NEXT_HOP='192.168.0.8' PLUTO_ME='192.168.0.3' PLUTO_MY_ID='@:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 160):foo.mydomain.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUT:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 240):O_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='1:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 320):92.168.0.8' PLUTO_PEER_ID='@#0x4d6f62696c6547726f7570' PLUTO_PEER_CLIENT='192.16:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 400):8.0.3/32' PLUTO_PEER_CLIENT_NET='192.168.0.3' PLUTO_PEER_CLIENT_MASK='255.255.25:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 480):5.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 560):'netkey'  PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONTREKEY+MODECFGPULL+IKEv2ALLOW:
Jul 23 10:16:02 localhost pluto[5069]: | cmd( 640):' PLUTO_XAUTH_USERNAME=''  ipsec _updown:
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2: up-client output: /usr/local/libexec/ipsec/_updown: unknown interface version `2.0'
Jul 23 10:16:02 localhost pluto[5069]: "e61"[2] 192.168.0.8 #2: up-client command exited with status 2
Jul 23 10:16:02 localhost pluto[5069]: | route_and_eroute: firewall_notified: false
Jul 23 10:16:02 localhost pluto[5069]: | eroute_connection delete eroute 0.0.0.0/0:0 --0-> 192.168.0.3/32:0 => tun.0@192.168.0.8 (raw_eroute)
Jul 23 10:16:02 localhost pluto[5069]: | raw_eroute result=1 
Jul 23 10:16:02 localhost pluto[5069]: | delete esp.3d18f634@192.168.0.8
Jul 23 10:16:02 localhost pluto[5069]: | delete inbound eroute 192.168.0.3/32:0 --0-> 0.0.0.0/0:0 => unk255.10000@192.168.0.3 (raw_eroute)
Jul 23 10:16:02 localhost pluto[5069]: | raw_eroute result=1 
Jul 23 10:16:02 localhost pluto[5069]: | delete esp.add0f789@192.168.0.3
Jul 23 10:16:02 localhost pluto[5069]: | complete state transition with STF_INTERNAL_ERROR
Jul 23 10:16:02 localhost pluto[5069]: | state transition function for STATE_QUICK_R1 had internal error
Jul 23 10:16:02 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Jul 23 10:16:02 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Jul 23 10:16:12 localhost pluto[5069]: |  
Jul 23 10:16:12 localhost pluto[5069]: | next event EVENT_RETRANSMIT in 0 seconds for #2
Jul 23 10:16:12 localhost pluto[5069]: | *time to handle event
Jul 23 10:16:12 localhost pluto[5069]: | handling event EVENT_RETRANSMIT
Jul 23 10:16:12 localhost pluto[5069]: | event after this is EVENT_NAT_T_KEEPALIVE in 7 seconds
Jul 23 10:16:12 localhost pluto[5069]: | processing connection e61[2] 192.168.0.8
Jul 23 10:16:12 localhost pluto[5069]: | handling event EVENT_RETRANSMIT for <invalid> "e61" #2
Jul 23 10:16:12 localhost pluto[5069]: | sending 156 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.0.8:500 (using #2)
Jul 23 10:16:12 localhost pluto[5069]: |   5a 23 00 f9  03 e0 13 f7  f7 24 ca 55  ad db 4e 68
Jul 23 10:16:12 localhost pluto[5069]: |   08 10 20 01  1f 4f 10 a6  00 00 00 9c  36 f3 97 81
Jul 23 10:16:12 localhost pluto[5069]: |   e0 1c cb 6d  3b 9b 33 1f  29 fa 31 b9  96 a8 51 e8
Jul 23 10:16:12 localhost pluto[5069]: |   0a 06 dd d2  9b 82 43 b0  a1 17 d4 8d  07 cf 99 e2
Jul 23 10:16:12 localhost pluto[5069]: |   2d e0 37 36  ef d5 af ef  34 8c 77 5c  d9 ad 33 e2
Jul 23 10:16:12 localhost pluto[5069]: |   9a 5c ee b0  f5 66 26 01  db 3f d8 d0  b6 7d d0 68
Jul 23 10:16:12 localhost pluto[5069]: |   14 c8 79 c8  80 96 ad 63  1d 1f c5 60  68 28 75 c5
Jul 23 10:16:12 localhost pluto[5069]: |   90 e8 7f a2  54 8c 53 ae  7d 3f d8 c5  28 e1 1f 41
Jul 23 10:16:12 localhost pluto[5069]: |   6c 93 d8 17  db 62 ea 2d  a1 c9 72 43  75 a0 da c6
Jul 23 10:16:12 localhost pluto[5069]: |   10 88 b5 e9  16 23 40 e0  ad 4c 83 c2
Jul 23 10:16:12 localhost pluto[5069]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2
Jul 23 10:16:12 localhost pluto[5069]: | event added after event EVENT_NAT_T_KEEPALIVE
Jul 23 10:16:12 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 7 seconds
Jul 23 10:16:14 localhost pluto[5069]: |  
Jul 23 10:16:14 localhost pluto[5069]: | *received whack message
Jul 23 10:16:14 localhost pluto[5069]: | * processed 0 messages from cryptographic helpers 
Jul 23 10:16:14 localhost pluto[5069]: | next event EVENT_NAT_T_KEEPALIVE in 5 seconds
+ _________________________ date
+ date
Thu Jul 23 10:16:14 IST 2009