SNgateway-v4_25_BETA-39 Mon Aug 29 10:35:01 CDT 2016 + _________________________ version + ipsec --version Linux Openswan U4.24-246-gdd1b493/K(no kernel code presently loaded) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.39 (captain@421a4ab8aecb) (gcc version 4.2.2) #1 Thu Aug 25 19:14:35 UTC 2016 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 10.10.10.4 0.0.0.0 255.255.255.252 U 0 0 0 lo 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.96.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.111.0 0.0.0.0 255.255.255.0 U 0 0 0 usb0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : cbc(des3_ede) driver : cbc(des3_ede-generic) module : kernel priority : 0 refcnt : 1 selftest : passed type : blkcipher blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 geniv : name : cbc(aes) driver : cbc(aes-generic) module : kernel priority : 100 refcnt : 1 selftest : passed type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : crc32c driver : crc32c-generic module : crc32c priority : 100 refcnt : 2 selftest : passed type : shash blocksize : 1 digestsize : 4 name : ecb(arc4) driver : ecb(arc4-generic) module : kernel priority : 0 refcnt : 1 selftest : passed type : blkcipher blocksize : 1 min keysize : 1 max keysize : 256 ivsize : 0 geniv : name : stdrng driver : krng module : kernel priority : 200 refcnt : 1 selftest : passed type : rng seedsize : 0 name : lzo driver : lzo-generic module : kernel priority : 0 refcnt : 2 selftest : passed type : compression name : deflate driver : deflate-generic module : kernel priority : 0 refcnt : 2 selftest : passed type : compression name : arc4 driver : arc4-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 1 min keysize : 1 max keysize : 256 name : aes driver : aes-generic module : kernel priority : 100 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : des3_ede driver : des3_ede-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : sha1 driver : sha1-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 20 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 16 + __________________________/proc/sys/net/core/xfrm-star /usr/local/lib/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 1 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status whack: is Pluto running? connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused) + _________________________ ifconfig-a + ifconfig -a can0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:16 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:30 dummy0 Link encap:Ethernet HWaddr E2:EB:1B:44:34:CE BROADCAST NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth0 Link encap:Ethernet HWaddr 00:13:47:01:02:03 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:23 errors:0 dropped:0 overruns:0 frame:0 TX packets:37 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3988 (3.8 KiB) TX bytes:5038 (4.9 KiB) Interrupt:24 Base address:0xc000 eth1 Link encap:Ethernet HWaddr 00:13:47:01:02:04 inet addr:192.168.96.117 Bcast:192.168.96.255 Mask:255.255.255.0 inet6 addr: fe80::213:47ff:fe01:204%58784/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1846 errors:0 dropped:2 overruns:0 frame:0 TX packets:572 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:100743 (98.3 KiB) TX bytes:136096 (132.9 KiB) Interrupt:27 ip6tnl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1452 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1%58784/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:29396 errors:0 dropped:0 overruns:0 frame:0 TX packets:29396 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3446944 (3.2 MiB) TX bytes:3446944 (3.2 MiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) usb0 Link encap:Ethernet HWaddr 6A:B6:D0:48:06:EB inet addr:192.168.111.1 Bcast:192.168.111.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wwan0 Link encap:Ethernet HWaddr B6:0C:E5:B6:FC:08 inet6 addr: fe80::b40c:e5ff:feb6:fc08%58784/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:77 errors:0 dropped:0 overruns:0 frame:0 TX packets:87 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7032 (6.8 KiB) TX bytes:7270 (7.0 KiB) wwan1 Link encap:Ethernet HWaddr B6:0C:E5:B6:FC:0A BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: can0: mtu 16 qdisc noop qlen 10 link/[280] 3: dummy0: mtu 1500 qdisc noop link/ether e2:eb:1b:44:34:ce brd ff:ff:ff:ff:ff:ff 4: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:47:01:02:03 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0 5: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:47:01:02:04 brd ff:ff:ff:ff:ff:ff inet 192.168.96.117/24 brd 192.168.96.255 scope global eth1 inet6 fe80::213:47ff:fe01:204/64 scope link valid_lft forever preferred_lft forever 6: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 7: ip6tnl0: mtu 1452 qdisc noop link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 8: usb0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 6a:b6:d0:48:06:eb brd ff:ff:ff:ff:ff:ff inet 192.168.111.1/24 brd 192.168.111.255 scope global usb0 9: wwan0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether b6:0c:e5:b6:fc:08 brd ff:ff:ff:ff:ff:ff inet6 fe80::b40c:e5ff:feb6:fc08/64 scope link valid_lft forever preferred_lft forever 10: wwan1: mtu 1500 qdisc noop qlen 1000 link/ether b6:0c:e5:b6:fc:0a brd ff:ff:ff:ff:ff:ff + _________________________ ip-route-list + ip route list default via 192.168.0.1 dev eth0 scope link 10.10.10.4/30 dev lo scope link metric 100 192.168.0.0/24 dev eth0 scope link 192.168.96.0/24 dev eth1 proto kernel scope link src 192.168.96.117 192.168.111.0/24 dev usb0 proto kernel scope link src 192.168.111.1 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 4: from 192.168.111.1 lookup usb0 5: from 192.168.202.5 lookup wwan0 10: from all lookup main 11: from 192.168.0.1 lookup eth0 12: from 192.168.96.117 lookup eth1 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour /sbin/ipsec: /usr/local/lib/ipsec/verify: /usr/bin/python: bad interpreter: No such file or directory /sbin/ipsec: line 148: /usr/local/lib/ipsec/verify: Success + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v SIOCGMIIPHY on 'eth0' failed: Operation not supported SIOCGMIIPHY on 'eth1' failed: Operation not supported no MII interfaces found + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn hostname: Unknown host + _________________________ hostname/ipaddress + hostname --ip-address hostname: Unknown host + _________________________ uptime + uptime 10:35:11 up 17 min, load average: 6.91, 6.29, 4.28 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 9242 6966 20 0 2740 1240 wait S+ ttyp0 0:00 \_ /bin/sh /usr/local/lib/ipsec/barf 0 0 9487 9242 20 0 1784 516 pipe_w S+ ttyp0 0:00 \_ egrep -i ppid|pluto|ipsec|klips 1 0 9180 1 20 0 3056 548 wait S ttyp0 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all raw crypt parsing emitting control lifecycle klips dns oppo oppoinfo controlmore x509 dpd pfkey natt nattraversal --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack auto --force_keepalive no --disable_port_floating no --virtual_private --listen --crlcheckinterval 0 --ocspuri --nhelpers 0 --secctx_attr_value 32001 --dump --opts --stderrlog --wait no --plutostderrlogtime no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 0 0 9213 9180 20 0 3056 1468 wait S ttyp0 0:00 \_ /bin/sh /usr/local/lib/ipsec/setup restart 1 0 9309 9213 20 0 3056 600 wait S ttyp0 0:00 \_ /bin/sh /usr/local/lib/ipsec/setup restart 0 0 9312 9309 20 0 3056 1420 wait S ttyp0 0:00 | \_ /bin/sh /usr/local/lib/ipsec/_realsetup start 0 0 9367 9312 20 0 3052 1312 wait S ttyp0 0:00 | \_ /bin/sh /usr/local/lib/ipsec/_startklips --info /var/run/pluto/ipsec.info --debug --omtu --fragicmp yes --hidetos yes --log daemon.error %defaultroute 0 0 9310 9213 20 0 2892 636 pipe_w S ttyp0 0:00 \_ logger -s -p daemon.error -t ipsec_setup + _________________________ ipsec/showdefaults + ipsec showdefaults ipsec showdefaults: defaults file is empty `/var/run/pluto/ipsec.info' + _________________________ ipsec/conf + ipsec _include /etc/ipsec/ipsec.conf + ipsec _keycensor #< /etc/ipsec/ipsec.conf 1 # File generated by /bin/ipsec_reformat.pl # Thu Aug 25 16:00:33 2016 # This is a GAU generated file, subsequent edits are not guaranteed to be retained. version 2.0 # conforms to second version of ipsec.conf # Basic configuration config setup # plutodebug / klipsdebug = "all", "none" or a combination # "raw crypt parsing emitting control kips pfkey x509 private" # eg: # pluto debug="control parsing" # # Only enable klipsdebug=all if you are a developer # # NAT-TRAVERSAL support, see README.NAT_Traversal # nat_traversal=yes # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 nhelpers=0 plutodebug=all #Openswan supports a mode called "opportunistic compression" #in the way of simple static tunnels. If you are just #VPN server using Openswan, add the following to disable OE. conn OEself auto=ignore conn clear auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn block auto=ignore conn packetdefault auto=ignore conn tunnel1 type=tunnel keylife=60m ikelifetime=480m authby=secret auth=esp ikev2=always esp=aes256-sha1 ike=aes256-sha1-modp2048 dpdaction=restart dpddelay=30 dpdtimeout=60 auto=start pfs=yes aggrmode=no keyingtries=%forever left=192.168.0.1 leftnexthop=192.168.0.2 leftsubnet=10.10.10.0/30 right=192.168.0.2 rightsubnet=10.10.10.4/30 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec/ipsec.secrets 1 # This is a GAU generated file, subsequent edits are not guaranteed to be retained. [sums to 68b3...]# the cipher in the "" should be the same on both sides #1.2.3.4 5.6.7.8 : PSK "[sums to 534f...]" 192.168.0.1 192.168.0.2 : PSK "[sums to 8a32...]" + _________________________ ipsec/listall + ipsec auto --listall whack: is Pluto running? connect() for "/var/run/pluto/pluto.ctl" failed (111 Connection refused) + '[' ']' + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec -rwxr-xr-x 1 root root 13120 Aug 25 16:05 _copyright -rwxr-xr-x 1 root root 2372 Aug 25 16:05 _include -rwxr-xr-x 1 root root 1410 Aug 25 16:05 _keycensor -rwxr-xr-x 1 root root 2747 Aug 25 16:05 _plutoload -rwxr-xr-x 1 root root 8783 Aug 25 16:19 _plutorun -rwxr-xr-x 1 root root 13851 Aug 25 16:05 _realsetup -rwxr-xr-x 1 root root 1906 Aug 25 16:05 _secretcensor -rwxr-xr-x 1 root root 12380 Aug 25 16:05 _startklips -rwxr-xr-x 1 root root 7982 Aug 25 16:05 _startnetkey -rwxr-xr-x 1 root root 4929 Aug 25 16:05 _updown -rwxr-xr-x 1 root root 18501 Aug 25 16:05 _updown.klips -rwxr-xr-x 1 root root 18263 Aug 25 16:05 _updown.mast -rwxr-xr-x 1 root root 14577 Aug 25 16:05 _updown.netkey -rwxr-xr-x 1 root root 520131 Aug 25 16:05 addconn -rwxr-xr-x 1 root root 5122 Aug 25 16:05 auto -rwxr-xr-x 1 root root 11297 Aug 25 16:05 barf -rwxr-xr-x 1 root root 292723 Aug 25 16:05 eroute -rwxr-xr-x 1 root root 257752 Aug 25 16:05 ikeping -rwxr-xr-x 1 root root 1034 Aug 25 16:05 initnss -rwxr-xr-x 1 root root 3848 Aug 25 16:05 ipsec -rwxr-xr-x 1 root root 246637 Aug 25 16:05 klipsdebug -rwxr-xr-x 1 root root 2783 Aug 25 16:05 look -rwxr-xr-x 1 root root 2480 Aug 25 16:05 newhostkey -rwxr-xr-x 1 root root 237322 Aug 25 16:05 pf_key -rwxr-xr-x 1 root root 3609993 Aug 25 16:05 pluto -rwxr-xr-x 1 root root 12349 Aug 25 16:05 policy -rwxr-xr-x 1 root root 21470 Aug 25 16:05 ranbits -rwxr-xr-x 1 root root 48085 Aug 25 16:05 rsasigkey -rwxr-xr-x 1 root root 704 Aug 25 16:05 secrets lrwxrwxrwx 1 root root 22 Aug 25 15:58 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1126 Aug 25 16:05 showdefaults -rwxr-xr-x 1 root root 631808 Aug 25 16:05 showhostkey -rwxr-xr-x 1 root root 376746 Aug 25 16:05 spi -rwxr-xr-x 1 root root 273174 Aug 25 16:05 spigrp -rwxr-xr-x 1 root root 248731 Aug 25 16:05 tncfg -rwxr-xr-x 1 root root 16843 Aug 25 16:05 verify -rwxr-xr-x 1 root root 328319 Aug 25 16:05 whack + _________________________ ipsec/ls-execdir + ls -l /usr/local/lib/ipsec -rwxr-xr-x 1 root root 13120 Aug 25 16:05 _copyright -rwxr-xr-x 1 root root 2372 Aug 25 16:05 _include -rwxr-xr-x 1 root root 1410 Aug 25 16:05 _keycensor -rwxr-xr-x 1 root root 2747 Aug 25 16:05 _plutoload -rwxr-xr-x 1 root root 8783 Aug 25 16:19 _plutorun -rwxr-xr-x 1 root root 13851 Aug 25 16:05 _realsetup -rwxr-xr-x 1 root root 1906 Aug 25 16:05 _secretcensor -rwxr-xr-x 1 root root 12380 Aug 25 16:05 _startklips -rwxr-xr-x 1 root root 7982 Aug 25 16:05 _startnetkey -rwxr-xr-x 1 root root 4929 Aug 25 16:05 _updown -rwxr-xr-x 1 root root 18501 Aug 25 16:05 _updown.klips -rwxr-xr-x 1 root root 18263 Aug 25 16:05 _updown.mast -rwxr-xr-x 1 root root 14577 Aug 25 16:05 _updown.netkey -rwxr-xr-x 1 root root 520131 Aug 25 16:05 addconn -rwxr-xr-x 1 root root 5122 Aug 25 16:05 auto -rwxr-xr-x 1 root root 11297 Aug 25 16:05 barf -rwxr-xr-x 1 root root 292723 Aug 25 16:05 eroute -rwxr-xr-x 1 root root 257752 Aug 25 16:05 ikeping -rwxr-xr-x 1 root root 1034 Aug 25 16:05 initnss -rwxr-xr-x 1 root root 3848 Aug 25 16:05 ipsec -rwxr-xr-x 1 root root 246637 Aug 25 16:05 klipsdebug -rwxr-xr-x 1 root root 2783 Aug 25 16:05 look -rwxr-xr-x 1 root root 2480 Aug 25 16:05 newhostkey -rwxr-xr-x 1 root root 237322 Aug 25 16:05 pf_key -rwxr-xr-x 1 root root 3609993 Aug 25 16:05 pluto -rwxr-xr-x 1 root root 12349 Aug 25 16:05 policy -rwxr-xr-x 1 root root 21470 Aug 25 16:05 ranbits -rwxr-xr-x 1 root root 48085 Aug 25 16:05 rsasigkey -rwxr-xr-x 1 root root 704 Aug 25 16:05 secrets lrwxrwxrwx 1 root root 22 Aug 25 15:58 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1126 Aug 25 16:05 showdefaults -rwxr-xr-x 1 root root 631808 Aug 25 16:05 showhostkey -rwxr-xr-x 1 root root 376746 Aug 25 16:05 spi -rwxr-xr-x 1 root root 273174 Aug 25 16:05 spigrp -rwxr-xr-x 1 root root 248731 Aug 25 16:05 tncfg -rwxr-xr-x 1 root root 16843 Aug 25 16:05 verify -rwxr-xr-x 1 root root 328319 Aug 25 16:05 whack + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 3496444 29820 0 0 0 0 0 0 3496444 29820 0 0 0 0 0 0 can0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 dummy0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth0: 3988 23 0 0 0 0 0 0 5038 37 0 0 0 0 0 0 eth1: 102125 1863 0 2 0 0 0 0 136096 572 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ip6tnl0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 usb0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 wwan0: 7032 77 0 0 0 0 0 0 7270 87 0 0 0 0 0 0 wwan1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 00000000 0100A8C0 0003 0 0 0 00000000 0 0 0 lo 040A0A0A 00000000 0001 0 0 100 FCFFFFFF 0 0 0 eth0 0000A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 0060A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 usb0 006FA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 2 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter can0/rp_filter default/rp_filter dummy0/rp_filter eth0/rp_filter eth1/rp_filter ip6tnl0/rp_filter lo/rp_filter sit0/rp_filter usb0/rp_filter wwan0/rp_filter wwan1/rp_filter all/rp_filter:1 can0/rp_filter:1 default/rp_filter:1 dummy0/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 ip6tnl0/rp_filter:1 lo/rp_filter:1 sit0/rp_filter:1 usb0/rp_filter:1 wwan0/rp_filter:0 wwan1/rp_filter:1 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects can0/accept_redirects can0/secure_redirects can0/send_redirects default/accept_redirects default/secure_redirects default/send_redirects dummy0/accept_redirects dummy0/secure_redirects dummy0/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects ip6tnl0/accept_redirects ip6tnl0/secure_redirects ip6tnl0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects sit0/accept_redirects sit0/secure_redirects sit0/send_redirects usb0/accept_redirects usb0/secure_redirects usb0/send_redirects wwan0/accept_redirects wwan0/secure_redirects wwan0/send_redirects wwan1/accept_redirects wwan1/secure_redirects wwan1/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:1 can0/accept_redirects:1 can0/secure_redirects:1 can0/send_redirects:1 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 dummy0/accept_redirects:1 dummy0/secure_redirects:1 dummy0/send_redirects:1 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 ip6tnl0/accept_redirects:1 ip6tnl0/secure_redirects:1 ip6tnl0/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 sit0/accept_redirects:1 sit0/secure_redirects:1 sit0/send_redirects:1 usb0/accept_redirects:1 usb0/secure_redirects:1 usb0/send_redirects:1 wwan0/accept_redirects:1 wwan0/secure_redirects:1 wwan0/send_redirects:1 wwan1/accept_redirects:1 wwan1/secure_redirects:1 wwan1/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux SNgateway-v4_25_BETA-39 2.6.39 #1 Thu Aug 25 19:14:35 UTC 2016 armv5tejl GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey + echo 'no KLIPS or NETKEY support detected' no KLIPS or NETKEY support detected + _________________________ iptables + test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save + iptables-save # Generated by iptables-save v1.4.2 on Mon Aug 29 10:35:18 2016 *mangle :PREROUTING ACCEPT [30884:3566063] :INPUT ACCEPT [30815:3558369] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [30480:3634764] :POSTROUTING ACCEPT [30480:3634764] -A PREROUTING -i ppp0 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x400/0xffffffff -A PREROUTING -i wwan0 -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x400/0xffffffff -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2022 -j MARK --set-xmark 0x400/0xffffffff -A PREROUTING -i wwan0 -p tcp -m tcp --dport 2022 -j MARK --set-xmark 0x400/0xffffffff COMMIT # Completed on Mon Aug 29 10:35:20 2016 # Generated by iptables-save v1.4.2 on Mon Aug 29 10:35:20 2016 *nat :PREROUTING ACCEPT [114:18007] :INPUT ACCEPT [50:6908] :OUTPUT ACCEPT [41:2921] :POSTROUTING ACCEPT [12:909] -A PREROUTING -d 255.255.255.255/32 -i eth0 -p udp -m udp --dport 4101 -j REDIRECT -A PREROUTING -i ppp0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10000 -A PREROUTING -i wwan0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10000 -A PREROUTING -i ppp0 -p tcp -m tcp --dport 2022 -j REDIRECT --to-ports 22 -A PREROUTING -i wwan0 -p tcp -m tcp --dport 2022 -j REDIRECT --to-ports 22 -A OUTPUT -o usb0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth1 -j ACCEPT -A OUTPUT -o wlan0 -j ACCEPT -A OUTPUT -o br0 -j ACCEPT -A OUTPUT -o gre+ -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT -A POSTROUTING -o ppp0 -j MASQUERADE -A POSTROUTING -o wwan0 -j MASQUERADE COMMIT # Completed on Mon Aug 29 10:35:20 2016 # Generated by iptables-save v1.4.2 on Mon Aug 29 10:35:20 2016 *raw :PREROUTING ACCEPT [30938:3571484] :OUTPUT ACCEPT [30534:3640185] COMMIT # Completed on Mon Aug 29 10:35:20 2016 # Generated by iptables-save v1.4.2 on Mon Aug 29 10:35:20 2016 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :FLAGS - [0:0] :SCAN - [0:0] :TRAFFIC - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 0:19 -j DROP -A INPUT -i wwan0 -p tcp -m tcp --dport 0:19 -j DROP -A INPUT -i eth+ -p tcp -m tcp --sport 137:139 -j DROP -A INPUT -i eth+ -p udp -m udp --sport 137:139 -j DROP -A INPUT -i eth+ -p tcp -m tcp --dport 137:139 -j DROP -A INPUT -i eth+ -p udp -m udp --dport 137:139 -j DROP -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j SCAN -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j SCAN -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j SCAN -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j SCAN -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j FLAGS -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FLAGS -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j FLAGS -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j FLAGS -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j FLAGS -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j FLAGS -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j FLAGS -A INPUT -i ppp0 -f -m limit --limit 1/sec -j LOG --log-prefix "**FRAGMENT** " --log-level 7 -A INPUT -i ppp0 -f -j DROP -A INPUT -i wwan0 -f -m limit --limit 1/sec -j LOG --log-prefix "**FRAGMENT** " --log-level 7 -A INPUT -i wwan0 -f -j DROP -A INPUT -i ppp0 -p tcp -m tcp --dport 7785 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 7785 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -m state --state NEW -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -m state --state NEW -j DROP -A INPUT -i wwan0 -p tcp -m tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -m state --state NEW -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 22 -m state --state NEW -j DROP -A INPUT -i ppp0 -p tcp -m tcp --dport 502 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 502 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 502 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 502 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 20000 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 20000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 500 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 500 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 161 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 161 -j ACCEPT -A INPUT -i ppp0 -p icmp -f -m limit --limit 1/sec -j LOG --log-prefix "**ICMP FRAG** " --log-level 7 -A INPUT -i ppp0 -p icmp -f -j DROP -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 4 -j ACCEPT -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 12 -j ACCEPT -A INPUT -i ppp0 -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -i wwan0 -p icmp -f -m limit --limit 1/sec -j LOG --log-prefix "**ICMP FRAG** " --log-level 7 -A INPUT -i wwan0 -p icmp -f -j DROP -A INPUT -i wwan0 -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -i wwan0 -p icmp -m icmp --icmp-type 4 -j ACCEPT -A INPUT -i wwan0 -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -i wwan0 -p icmp -m icmp --icmp-type 12 -j ACCEPT -A INPUT -i wwan0 -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -i usb0 -p icmp -j ACCEPT -A INPUT -i eth0 -p icmp -j ACCEPT -A INPUT -i eth1 -p icmp -j ACCEPT -A INPUT -i wlan0 -p icmp -j ACCEPT -A INPUT -i br0 -p icmp -j ACCEPT -A INPUT -i gre+ -p icmp -j ACCEPT -A INPUT -i tun+ -p icmp -j ACCEPT -A INPUT -i ipsec+ -p icmp -j ACCEPT -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -m limit --limit 1/sec -j LOG --log-prefix "**ICMP DROP**" --log-level 7 -A INPUT -p icmp -j DROP -A INPUT -m mark --mark 0x400/0x400 -j ACCEPT -A INPUT -i ppp0 -p esp -j ACCEPT -A INPUT -i ppp0 -p vrrp -j ACCEPT -A INPUT -i wwan0 -p esp -j ACCEPT -A INPUT -i wwan0 -p vrrp -j ACCEPT -A INPUT -j TRAFFIC -A FORWARD -i lo -j ACCEPT -A FORWARD -o lo -j ACCEPT -A FORWARD -o ipsec+ -j ACCEPT -A FORWARD -i ipsec+ -j ACCEPT -A FORWARD -i br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT -A FORWARD -o br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o ppp0 -m state --state INVALID -j DROP -A FORWARD -i ppp0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i usb0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i usb0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i usb0 -o ppp0 -p tcp -j DROP -A FORWARD -i usb0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i eth0 -o ppp0 -p tcp -j DROP -A FORWARD -i eth0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i eth1 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i eth1 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i eth1 -o ppp0 -p tcp -j DROP -A FORWARD -i eth1 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i wlan0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i wlan0 -o ppp0 -p tcp -j DROP -A FORWARD -i wlan0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i br0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i br0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i br0 -o ppp0 -p tcp -j DROP -A FORWARD -i br0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o gre+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i gre+ -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i gre+ -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i gre+ -o ppp0 -p tcp -j DROP -A FORWARD -i gre+ -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o ppp0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD NON-SYN NEW**" --log-level 7 -A FORWARD -i tun+ -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i tun+ -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o ppp0 -p tcp -m limit --limit 1/sec -j LOG --log-prefix "**TCP FORWARD DROP**" --log-level 7 -A FORWARD -i tun+ -o ppp0 -p tcp -j DROP -A FORWARD -i tun+ -o ppp0 -j ACCEPT -A FORWARD -o wwan0 -m state --state INVALID -j DROP -A FORWARD -i wwan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o gre+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o wwan0 -j ACCEPT -A FORWARD -i usb0 -o usb0 -j ACCEPT -A FORWARD -i usb0 -o eth0 -j ACCEPT -A FORWARD -i usb0 -o eth1 -j ACCEPT -A FORWARD -i usb0 -o wlan0 -j ACCEPT -A FORWARD -i usb0 -o br0 -j ACCEPT -A FORWARD -i usb0 -o gre+ -j ACCEPT -A FORWARD -i usb0 -o tun+ -j ACCEPT -A FORWARD -i eth0 -o usb0 -j ACCEPT -A FORWARD -i eth0 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth1 -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i eth0 -o br0 -j ACCEPT -A FORWARD -i eth0 -o gre+ -j ACCEPT -A FORWARD -i eth0 -o tun+ -j ACCEPT -A FORWARD -i eth1 -o usb0 -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth1 -o eth1 -j ACCEPT -A FORWARD -i eth1 -o wlan0 -j ACCEPT -A FORWARD -i eth1 -o br0 -j ACCEPT -A FORWARD -i eth1 -o gre+ -j ACCEPT -A FORWARD -i eth1 -o tun+ -j ACCEPT -A FORWARD -i wlan0 -o usb0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT -A FORWARD -i wlan0 -o eth1 -j ACCEPT -A FORWARD -i wlan0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o br0 -j ACCEPT -A FORWARD -i wlan0 -o gre+ -j ACCEPT -A FORWARD -i wlan0 -o tun+ -j ACCEPT -A FORWARD -i br0 -o usb0 -j ACCEPT -A FORWARD -i br0 -o eth0 -j ACCEPT -A FORWARD -i br0 -o eth1 -j ACCEPT -A FORWARD -i br0 -o wlan0 -j ACCEPT -A FORWARD -i br0 -o br0 -j ACCEPT -A FORWARD -i br0 -o gre+ -j ACCEPT -A FORWARD -i br0 -o tun+ -j ACCEPT -A FORWARD -i gre+ -o usb0 -j ACCEPT -A FORWARD -i gre+ -o eth0 -j ACCEPT -A FORWARD -i gre+ -o eth1 -j ACCEPT -A FORWARD -i gre+ -o wlan0 -j ACCEPT -A FORWARD -i gre+ -o br0 -j ACCEPT -A FORWARD -i gre+ -o gre+ -j ACCEPT -A FORWARD -i gre+ -o tun+ -j ACCEPT -A FORWARD -i tun+ -o usb0 -j ACCEPT -A FORWARD -i tun+ -o eth0 -j ACCEPT -A FORWARD -i tun+ -o eth1 -j ACCEPT -A FORWARD -i tun+ -o wlan0 -j ACCEPT -A FORWARD -i tun+ -o br0 -j ACCEPT -A FORWARD -i tun+ -o gre+ -j ACCEPT -A FORWARD -i tun+ -o tun+ -j ACCEPT -A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "**FORWARD DROP** " --log-level 7 -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o br+ -p tcp -m tcp --tcp-flags SYN,RST SYN -j ACCEPT -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -p tcp -m tcp --sport 10000 -m state --state INVALID -j ACCEPT -A OUTPUT -o ppp0 -p icmp -m icmp --icmp-type 3 -j DROP -A OUTPUT -o wwan0 -p icmp -m icmp --icmp-type 3 -j DROP -A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p udp -m udp --dport 500 -j ACCEPT -A OUTPUT -o ppp0 -p esp -j ACCEPT -A OUTPUT -o wwan0 -p udp -m udp --dport 500 -j ACCEPT -A OUTPUT -o wwan0 -p esp -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW -j ACCEPT -A OUTPUT -o wwan0 -m state --state NEW -j ACCEPT -A OUTPUT -o usb0 -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth1 -j ACCEPT -A OUTPUT -o wlan0 -j ACCEPT -A OUTPUT -o br0 -j ACCEPT -A OUTPUT -o gre+ -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT -A OUTPUT -j TRAFFIC -A FLAGS -m limit --limit 2/sec -j LOG --log-prefix "**BADFLAGS** " --log-level 7 -A FLAGS -j DROP -A SCAN -m limit --limit 2/sec -j LOG --log-prefix "**PORTSCAN** " --log-level 7 -A SCAN -j DROP -A TRAFFIC -m state --state RELATED,ESTABLISHED -j ACCEPT -A TRAFFIC -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j SCAN -A TRAFFIC -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j SCAN -A TRAFFIC -d 255.255.255.255/32 -i eth0 -p udp -m udp --dport 4101 -j ACCEPT -A TRAFFIC -d 255.255.255.255/32 -o eth0 -p udp -m udp --sport 4101 -j ACCEPT -A TRAFFIC -i ipsec+ -j ACCEPT -A TRAFFIC -o ipsec+ -j ACCEPT -A TRAFFIC -i usb0 -m state --state NEW -j ACCEPT -A TRAFFIC -i eth0 -m state --state NEW -j ACCEPT -A TRAFFIC -i eth1 -m state --state NEW -j ACCEPT -A TRAFFIC -i wlan0 -m state --state NEW -j ACCEPT -A TRAFFIC -i br0 -m state --state NEW -j ACCEPT -A TRAFFIC -i gre+ -m state --state NEW -j ACCEPT -A TRAFFIC -i tun+ -m state --state NEW -j ACCEPT -A TRAFFIC -p gre -j ACCEPT -A TRAFFIC -d 255.255.255.255/32 -j DROP -A TRAFFIC -p udp -m udp --dport 53 -j DROP -A TRAFFIC -i eth+ -p udp -m udp --dport 137:139 -j DROP -A TRAFFIC -i eth+ -p tcp -m tcp --dport 137:139 -j DROP -A TRAFFIC -m limit --limit 3/sec -j LOG --log-prefix "**PACKET DROP** " --log-level 7 -A TRAFFIC -j DROP COMMIT # Completed on Mon Aug 29 10:35:21 2016 + _________________________ ip6tables + test -r /sbin/ip6tables-save -o -r /usr/sbin/ip6tables-save + ip6tables-save # Generated by ip6tables-save v1.4.2 on Mon Aug 29 10:35:22 2016 *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [28:1684] COMMIT # Completed on Mon Aug 29 10:35:22 2016 # Generated by ip6tables-save v1.4.2 on Mon Aug 29 10:35:22 2016 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [28:1684] :POSTROUTING ACCEPT [28:1684] COMMIT # Completed on Mon Aug 29 10:35:22 2016 # Generated by ip6tables-save v1.4.2 on Mon Aug 29 10:35:22 2016 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :SCAN - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i usb0 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i wlan0 -j ACCEPT -A INPUT -i br0 -j ACCEPT -A INPUT -i gre+ -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -m rt --rt-type 0 -j DROP -A INPUT -s fe80::/10 -j ACCEPT -A INPUT -d ff00::/10 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j SCAN -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j SCAN -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j SCAN -A INPUT -i wwan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j SCAN -A INPUT -i wwan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 7785 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 7785 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -m state --state NEW -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -m state --state NEW -j DROP -A INPUT -i wwan0 -p tcp -m tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -m state --state NEW -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 22 -m state --state NEW -j DROP -A INPUT -i ppp0 -p tcp -m tcp --dport 502 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 502 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 502 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 502 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 20000 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 20000 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 20000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 500 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 500 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -i wwan0 -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -i ppp0 -p udp -m udp --dport 161 -j ACCEPT -A INPUT -i wwan0 -p udp -m udp --dport 161 -j ACCEPT -A INPUT -i usb0 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i wlan0 -j ACCEPT -A INPUT -i br0 -j ACCEPT -A INPUT -i gre+ -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A INPUT -p ipv6-icmp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 144 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 145 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 146 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 147 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m hl --hl-eq 1 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m hl --hl-eq 1 -j ACCEPT -A INPUT -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m hl --hl-eq 1 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 150 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 139 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 140 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 138 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 100 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 101 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 200 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 201 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 127 -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 255 -j DROP -A INPUT -p ipv6-icmp -j DROP -A FORWARD -m rt --rt-type 0 -j DROP -A FORWARD -p ipv6-icmp -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i usb0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i eth1 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i br0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o gre+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i gre+ -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o ppp0 -j ACCEPT -A FORWARD -i ppp0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o ppp0 -m state --state NEW -j ACCEPT -A FORWARD -i tun+ -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o ppp0 -j ACCEPT -A FORWARD -i wwan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i usb0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o gre+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i gre+ -o wwan0 -j ACCEPT -A FORWARD -i wwan0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun+ -o wwan0 -j ACCEPT -A FORWARD -i usb0 -o usb0 -j ACCEPT -A FORWARD -i usb0 -o eth0 -j ACCEPT -A FORWARD -i usb0 -o eth1 -j ACCEPT -A FORWARD -i usb0 -o wlan0 -j ACCEPT -A FORWARD -i usb0 -o br0 -j ACCEPT -A FORWARD -i usb0 -o gre+ -j ACCEPT -A FORWARD -i usb0 -o tun+ -j ACCEPT -A FORWARD -i eth0 -o usb0 -j ACCEPT -A FORWARD -i eth0 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth1 -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i eth0 -o br0 -j ACCEPT -A FORWARD -i eth0 -o gre+ -j ACCEPT -A FORWARD -i eth0 -o tun+ -j ACCEPT -A FORWARD -i eth1 -o usb0 -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth1 -o eth1 -j ACCEPT -A FORWARD -i eth1 -o wlan0 -j ACCEPT -A FORWARD -i eth1 -o br0 -j ACCEPT -A FORWARD -i eth1 -o gre+ -j ACCEPT -A FORWARD -i eth1 -o tun+ -j ACCEPT -A FORWARD -i wlan0 -o usb0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT -A FORWARD -i wlan0 -o eth1 -j ACCEPT -A FORWARD -i wlan0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o br0 -j ACCEPT -A FORWARD -i wlan0 -o gre+ -j ACCEPT -A FORWARD -i wlan0 -o tun+ -j ACCEPT -A FORWARD -i br0 -o usb0 -j ACCEPT -A FORWARD -i br0 -o eth0 -j ACCEPT -A FORWARD -i br0 -o eth1 -j ACCEPT -A FORWARD -i br0 -o wlan0 -j ACCEPT -A FORWARD -i br0 -o br0 -j ACCEPT -A FORWARD -i br0 -o gre+ -j ACCEPT -A FORWARD -i br0 -o tun+ -j ACCEPT -A FORWARD -i gre+ -o usb0 -j ACCEPT -A FORWARD -i gre+ -o eth0 -j ACCEPT -A FORWARD -i gre+ -o eth1 -j ACCEPT -A FORWARD -i gre+ -o wlan0 -j ACCEPT -A FORWARD -i gre+ -o br0 -j ACCEPT -A FORWARD -i gre+ -o gre+ -j ACCEPT -A FORWARD -i gre+ -o tun+ -j ACCEPT -A FORWARD -i tun+ -o usb0 -j ACCEPT -A FORWARD -i tun+ -o eth0 -j ACCEPT -A FORWARD -i tun+ -o eth1 -j ACCEPT -A FORWARD -i tun+ -o wlan0 -j ACCEPT -A FORWARD -i tun+ -o br0 -j ACCEPT -A FORWARD -i tun+ -o gre+ -j ACCEPT -A FORWARD -i tun+ -o tun+ -j ACCEPT -A OUTPUT -m rt --rt-type 0 -j DROP -A OUTPUT -p ipv6-icmp -j ACCEPT -A SCAN -m limit --limit 2/sec -j LOG --log-prefix "**PORTSCAN** " --log-level 7 -A SCAN -j DROP COMMIT # Completed on Mon Aug 29 10:35:22 2016 + _________________________ ip6tables + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules cdc_acm 13947 0 - Live 0xbf350000 nf_conntrack_ipv6 5824 36 - Live 0xbf349000 nf_defrag_ipv6 5673 1 nf_conntrack_ipv6, Live 0xbf342000 xt_TCPMSS 2957 2 - Live 0xbf33c000 xt_state 901 90 - Live 0xbf336000 ipt_LOG 6649 23 - Live 0xbf32f000 xt_limit 1250 28 - Live 0xbf329000 iptable_mangle 1101 1 - Live 0xbf323000 ipt_MASQUERADE 1296 2 - Live 0xbf31d000 ipt_REDIRECT 885 5 - Live 0xbf317000 iptable_nat 3180 1 - Live 0xbf311000 ath9k_htc 56314 0 - Live 0xbf2fa000 mac80211 296326 1 ath9k_htc, Live 0xbf29b000 ath9k_common 1880 1 ath9k_htc, Live 0xbf295000 ath9k_hw 387464 2 ath9k_htc,ath9k_common, Live 0xbf224000 ath 15547 3 ath9k_htc,ath9k_common,ath9k_hw, Live 0xbf21a000 cfg80211 205570 3 ath9k_htc,mac80211,ath, Live 0xbf1d6000 compat 16434 5 ath9k_htc,mac80211,ath9k_common,ath9k_hw,cfg80211, Live 0xbf1ca000 GobiNet 48265 12 - Live 0xbf1b6000 usbnet 13148 1 GobiNet, Live 0xbf1ac000 GobiSerial 6306 0 - Live 0xbf1a5000 ftdi_sio 28663 0 - Live 0xbf193000 option 13311 0 - Live 0xbf186000 usb_wwan 8712 1 option, Live 0xbf17d000 sierra 9349 0 - Live 0xbf174000 usb_storage 29983 0 - Live 0xbf165000 scsi_mod 89754 1 usb_storage, Live 0xbf13f000 ohci_hcd 17983 0 - Live 0xbf134000 ehci_hcd 32854 0 - Live 0xbf124000 bridge 68655 0 - Live 0xbf108000 stp 1294 1 bridge, Live 0xbf102000 llc 3200 2 bridge,stp, Live 0xbf0fc000 nf_nat_proto_dccp 890 0 - Live 0xbf0f6000 nf_nat_pptp 1836 0 - Live 0xbf0f0000 nf_nat_h323 5141 0 - Live 0xbf0e9000 nf_conntrack_h323 36824 1 nf_nat_h323, Live 0xbf0d8000 nf_nat_proto_udplite 879 0 - Live 0xbf0d2000 nf_nat_amanda 858 0 - Live 0xbf0cc000 nf_nat_proto_gre 1023 1 nf_nat_pptp, Live 0xbf0c6000 nf_nat_snmp_basic 8708 0 - Live 0xbf0be000 nf_conntrack_snmp 833 1 nf_nat_snmp_basic, Live 0xbf0b8000 nf_nat_sip 5390 0 - Live 0xbf0b1000 nf_nat_tftp 652 0 - Live 0xbf0ab000 nf_nat_irc 1088 0 - Live 0xbf0a5000 nf_nat_ftp 1425 0 - Live 0xbf09f000 nf_conntrack_ftp 5080 1 nf_nat_ftp, Live 0xbf098000 nf_nat_proto_sctp 970 0 - Live 0xbf092000 nf_nat 13122 14 ipt_MASQUERADE,ipt_REDIRECT,iptable_nat,nf_nat_proto_dccp,nf_nat_pptp,nf_nat_h323,nf_nat_proto_udplite,nf_nat_amanda,nf_nat_proto_gre,nf_nat_sip,nf_nat_tftp,nf_nat_irc,nf_nat_ftp,nf_nat_proto_sctp, Live 0xbf088000 crc32c 2432 1 - Live 0xbf082000 libcrc32c 708 1 nf_nat_proto_sctp, Live 0xbf07c000 ledtrig_reg 1744 0 - Live 0xbf076000 ledtrig_uart 1683 0 - Live 0xbf070000 ledtrig_pwr 1548 0 - Live 0xbf06a000 ledtrig_wan 2069 3 GobiNet,usbnet,sierra, Live 0xbf064000 leds_at91 1541 0 - Live 0xbf05e000 leds_bt4650 1439 0 - Live 0xbf058000 bt_io 4732 0 - Live 0xbf051000 sram 6357 0 - Live 0xbf04a000 mmc_block 8506 2 - Live 0xbf041000 atmel_mci 11292 0 - Live 0xbf038000 pca953x 9900 0 - Live 0xbf030000 g_ether 32571 0 - Live 0xbf020000 tmp102 2988 0 - Live 0xbf01a000 ads1015 2474 0 - Live 0xbf014000 hwmon 991 2 tmp102,ads1015, Live 0xbf00e000 sxni_iodb 7759 6 - Live 0xbf007000 jbm_feature 5589 0 - Live 0xbf000000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 125100 kB MemFree: 66236 kB Buffers: 40 kB Cached: 33800 kB SwapCached: 0 kB Active: 21780 kB Inactive: 21948 kB Active(anon): 11572 kB Inactive(anon): 208 kB Active(file): 10208 kB Inactive(file): 21740 kB Unevictable: 1620 kB Mlocked: 1620 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 11528 kB Mapped: 7420 kB Shmem: 584 kB Slab: 7688 kB SReclaimable: 1856 kB SUnreclaim: 5832 kB KernelStack: 904 kB PageTables: 984 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 62548 kB Committed_AS: 67048 kB VmallocTotal: 890880 kB VmallocUsed: 266860 kB VmallocChunk: 620188 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.39/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: can't open '/etc/syslog-ng/syslog-ng.conf': No such file or directory + cat /etc/syslog.conf cat: can't open '/etc/syslog.conf': No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf # DO NOT EDIT THIS FILE. # # IT MUST CONTAIN THE SINGLE ENTRY: nameserver 127.0.0.1 # # USE /etc/dnsmasq/dnsmasq.servers.conf TO EFFECT DNS CHANGES. # # DO NOT EDIT THIS FILE. nameserver 127.0.0.1 + _________________________ lib/modules-ls + ls -ltr /lib/modules drwxr-xr-x 4 root root 0 Jan 3 2007 2.6.39 + _________________________ fipscheck + cat /proc/sys/crypto/fips_enabled cat: can't open '/proc/sys/crypto/fips_enabled': No such file or directory + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c0299a60 T netif_rx c029b5d0 T netif_rx_ni c04713a0 r __ksymtab_netif_rx_ni c04713a8 r __ksymtab_netif_rx c0483c78 r __kstrtab_netif_rx_ni c0483c84 r __kstrtab_netif_rx c0299a60 u netif_rx [ipsec] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.39: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + case "$1" in + cat + egrep -i 'ipsec|klips|pluto' + sed -n '2567,$p' /var/log/messages Aug 29 10:34:28 ipsec_setup: Starting Openswan IPsec 4.24-246-gdd1b493... Aug 29 10:34:29 ipsec_setup: Using KLIPS/legacy stack Aug 29 10:34:36 kernel: klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 4.24-246-gdd1b493 Aug 29 10:34:36 kernel: ipsec0: Features changed: 0x00004800 -> 0x00004000 Aug 29 10:34:36 kernel: ipsec1: Features changed: 0x00004800 -> 0x00004000 Aug 29 10:34:36 kernel: registered KLIPS /proc/sys/net Aug 29 10:34:36 kernel: klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=255) Aug 29 10:34:36 kernel: klips_info:ipsec_alg_init: calling ipsec_alg_static_init() Aug 29 10:34:36 kernel: ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0 Aug 29 10:34:36 kernel: ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0 Aug 29 10:34:36 kernel: ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0 Aug 29 10:34:36 kernel: KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0) Aug 29 10:34:37 kernel: KLIPS: lookup for ciphername=cbc(twofish): not found Aug 29 10:34:38 kernel: KLIPS: lookup for ciphername=cbc(serpent): not found Aug 29 10:34:38 kernel: KLIPS: lookup for ciphername=cbc(cast5): not found Aug 29 10:34:39 kernel: KLIPS: lookup for ciphername=cbc(blowfish): not found Aug 29 10:34:39 kernel: KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=192 keymaxbits=192, found(0) Aug 29 10:34:39 ipsec_setup: KLIPS debug `none' Aug 29 10:34:40 ipsec_setup: KLIPS ipsec0 on eth0 192.168.0.1/24 broadcast mtu 1500 Aug 29 10:34:40 ipsec_setup: ipsec0 -> NULL mtu=0(0) -> 0 Aug 29 10:34:41 ipsec__plutorun: Starting Pluto subsystem... Aug 29 10:34:41 ipsec_setup: ...Openswan IPsec started Aug 29 10:34:41 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec/ipsec.d Aug 29 10:34:41 pluto: adjusting ipsec.d to /etc/ipsec/ipsec.d Aug 29 10:34:42 ipsec__plutorun: Labelled IPsec not enabled; value 32001 ignored. Aug 29 10:34:42 pluto: Labelled IPsec not enabled; value 32001 ignored. Aug 29 10:34:42 pluto[9145]: Starting Pluto (Openswan Version 4.24-246-gdd1b493; Vendor ID OSW|EjlSpTfc) pid:9145 Aug 29 10:34:42 pluto[9145]: LEAK_DETECTIVE support [disabled] Aug 29 10:34:42 pluto[9145]: OCF support for IKE [disabled] Aug 29 10:34:42 pluto[9145]: SAref support [enabled] Aug 29 10:34:42 pluto[9145]: SAbind support [enabled] Aug 29 10:34:42 pluto[9145]: NSS support [disabled] Aug 29 10:34:42 pluto[9145]: HAVE_STATSD notification support not compiled in Aug 29 10:34:42 pluto[9145]: Setting NAT-Traversal port-4500 floating to off Aug 29 10:34:42 pluto[9145]: port floating activation criteria nat_t=0/port_float=1 Aug 29 10:34:42 pluto[9145]: NAT-Traversal support [disabled] Aug 29 10:34:42 pluto[9145]: | opening /dev/urandom Aug 29 10:34:42 pluto[9145]: using /dev/urandom as source of random entropy Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds (head of queue) Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue) Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_PENDING_DDNS Aug 29 10:34:42 pluto[9145]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: no helpers will be started, all cryptographic operations will be done inline Aug 29 10:34:42 pluto[9145]: Kernel interface auto-pick Aug 29 10:34:42 pluto[9145]: No Kernel XFRM/NETKEY interface detected Aug 29 10:34:42 pluto[9145]: Using KLIPS IPsec interface code on 2.6.39 Aug 29 10:34:42 pluto[9145]: | process 9145 listening for PF_KEY_V2 on file descriptor 8 Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH Aug 29 10:34:42 pluto[9145]: | 02 07 00 02 02 00 00 00 01 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 1 Aug 29 10:34:42 pluto[9145]: | AH registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP Aug 29 10:34:42 pluto[9145]: | 02 07 00 03 02 00 00 00 02 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 2 Aug 29 10:34:42 pluto[9145]: | alg_init():memset(0x40240628, 0, 2048) memset(0x40240e28, 0, 2048) Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=32 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=9 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=2 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=48 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=168, alg_maxbits=168, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | ESP registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP Aug 29 10:34:42 pluto[9145]: | 02 07 00 0a 02 00 00 00 03 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 3 Aug 29 10:34:42 pluto[9145]: | IPCOMP registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 4 for IPIP Aug 29 10:34:42 pluto[9145]: | 02 07 00 09 02 00 00 00 04 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 4 Aug 29 10:34:42 pluto[9145]: | IPIP registered with kernel. Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_PENDING_DDNS Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/aacerts' Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/ocspcerts' Aug 29 10:34:42 pluto[9145]: | Found 0 items in directory '/etc/ipsec/ipsec.d/crls' Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_LOG_DAILY, timeout in 48318 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_REINIT_SECRET Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:42 pluto[9145]: | Aug 29 10:34:42 pluto[9145]: | *received whack message Aug 29 10:34:42 pluto[9145]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=256 aklen=0 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020da34, "OAKLEY_AES") Aug 29 10:34:42 pluto[9145]: | enum_search_ppfixi () calling enum_search(0x4020da34, "OAKLEY_AES_CBC") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() ealg_getbyname("aes")=7 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020dad4, "OAKLEY_SHA1") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() aalg_getbyname("sha1")=2 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020dec4, "OAKLEY_GROUP_MODP2048") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() modp_getbyname("modp2048")=14 Aug 29 10:34:42 pluto[9145]: | __alg_info_ike_add() ealg=7 aalg=2 modp_id=14, cnt=1 Aug 29 10:34:42 pluto[9145]: | Added new connection tunnel1 with policy PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:42 pluto[9145]: | from whack: got --esp=aes256-sha1 Aug 29 10:34:42 pluto[9145]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=256 aklen=0 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020c984, "ESP_AES") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() ealg_getbyname("aes")=12 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020d4a8, "AUTH_ALGORITHM_HMAC_SHA1") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() aalg_getbyname("sha1")=2 Aug 29 10:34:42 pluto[9145]: | __alg_info_esp_add() ealg=12 aalg=2 cnt=1 Aug 29 10:34:42 pluto[9145]: | esp string values: AES(12)_256-SHA1(2)_000; flags=-strict Aug 29 10:34:42 pluto[9145]: | ike (phase1) algorihtm values: AES_CBC(7)_256-SHA1(2)_000-MODP2048(14); flags=-strict Aug 29 10:34:42 pluto[9145]: | counting wild cards for 192.168.0.1 is 0 Aug 29 10:34:42 pluto[9145]: | counting wild cards for 192.168.0.2 is 0 Aug 29 10:34:42 pluto[9145]: | alg_info_addref() alg_info->ref_cnt=1 Aug 29 10:34:42 pluto[9145]: | orient tunnel1 matching on public/private keys: this=no[%address] that=no[%address] Aug 29 10:34:42 pluto[9145]: | orient tunnel1 finished with: 0 [none] Aug 29 10:34:42 pluto[9145]: | find_ID_host_pair: looking for me=192.168.0.1 him=192.168.0.2 (exact) Aug 29 10:34:42 pluto[9145]: | concluded with Aug 29 10:34:42 pluto[9145]: adding connection: "tunnel1" Aug 29 10:34:42 ipsec__plutorun: 002 adding connection: "tunnel1" Aug 29 10:34:42 pluto[9145]: | 10.10.10.0/30===192.168.0.1...192.168.0.2===10.10.10.4/30 Aug 29 10:34:42 pluto[9145]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:42 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:42 pluto[9145]: | Aug 29 10:34:42 pluto[9145]: | *received whack message Aug 29 10:34:42 pluto[9145]: listening for IKE messages Aug 29 10:34:42 pluto[9145]: | found lo with address 127.0.0.1 Aug 29 10:34:42 pluto[9145]: | found eth0 with address 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | found eth1 with address 192.168.96.117 Aug 29 10:34:42 pluto[9145]: | found usb0 with address 192.168.111.1 Aug 29 10:34:42 pluto[9145]: | found ipsec0 with address 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | IP interface usb0 192.168.111.1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: | IP interface eth1 192.168.96.117 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: adding interface ipsec0/eth0 192.168.0.1:500 Aug 29 10:34:42 pluto[9145]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 ipsec__plutorun: 002 listening for IKE messages Aug 29 10:34:42 ipsec__plutorun: 002 adding interface ipsec0/eth0 192.168.0.1:500 Aug 29 10:34:42 pluto[9145]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 Aug 29 10:34:42 pluto[9145]: | IP interface lo ::1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: | orient tunnel1 checking against if: eth0 (AF_INET:192.168.0.1:500) Aug 29 10:34:42 pluto[9145]: | orient matched on IP Aug 29 10:34:42 pluto[9145]: | orient tunnel1 finished with: 1 [192.168.0.1] Aug 29 10:34:42 pluto[9145]: | connection tunnel1 is now oriented Aug 29 10:34:42 pluto[9145]: | find_host_pair: looking for me=192.168.0.1:500 %address him=192.168.0.2:500 exact-match Aug 29 10:34:42 pluto[9145]: | find_host_pair: concluded with Aug 29 10:34:42 pluto[9145]: | connect_to_host_pair: 192.168.0.1:500 %address 192.168.0.2:500 -> hp:none Aug 29 10:34:42 pluto[9145]: | find_ID_host_pair: looking for me=192.168.0.1 him=192.168.0.2 (exact) Aug 29 10:34:42 pluto[9145]: | comparing to me=192.168.0.1 him=192.168.0.2 (tunnel1) Aug 29 10:34:42 pluto[9145]: | concluded with tunnel1 Aug 29 10:34:42 pluto[9145]: loading secrets from "/etc/ipsec/ipsec.secrets" Aug 29 10:34:42 ipsec__plutorun: 002 loading secrets from "/etc/ipsec/ipsec.secrets" Aug 29 10:34:42 pluto[9145]: | id type added to secret(0x4094f9e8) PPK_PSK: 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | id type added to secret(0x4094f9e8) PPK_PSK: 192.168.0.2 Aug 29 10:34:42 pluto[9145]: | Processing PSK at line 7: passed Aug 29 10:34:42 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:43 pluto[9145]: | Aug 29 10:34:43 pluto[9145]: | *received whack message Aug 29 10:34:43 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:43 pluto[9145]: | route owner of "tunnel1" unrouted: NULL; eroute owner: NULL Aug 29 10:34:43 pluto[9145]: | could_route called for tunnel1 (kind=CK_PERMANENT) Aug 29 10:34:43 pluto[9145]: | route owner of "tunnel1" unrouted: NULL; eroute owner: NULL Aug 29 10:34:43 pluto[9145]: | route_and_eroute with c: tunnel1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Aug 29 10:34:43 pluto[9145]: | finish_pfkey_msg: K_SADB_X_ADDFLOW message 5 for flow eroute_connection add Aug 29 10:34:43 pluto[9145]: | 02 0e 00 0b 17 00 00 00 05 00 00 00 b9 23 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 01 00 00 00 01 04 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 c0 a8 00 01 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 06 00 00 00 00 00 02 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 15 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 0a 0a 0a 00 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 16 00 00 00 00 00 02 00 00 00 0a 0a 0a 04 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 17 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 ff ff ff fc 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 18 00 00 00 00 00 02 00 00 00 ff ff ff fc Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | pfkey_get: K_SADB_X_ADDFLOW message 5 Aug 29 10:34:43 pluto[9145]: | route_and_eroute: firewall_notified: true Aug 29 10:34:43 pluto[9145]: | command executing prepare-client Aug 29 10:34:43 pluto[9145]: | executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='tunnel1' PLUTO_INTERFACE='ipsec0' PLUTO_NEXT_HOP='192.168.0.2' PLUTO_ME='192.168.0.1' PLUTO_MY_ID='192.168.0.1' PLUTO_MY_CLIENT='10.10.10.0/30' PLUTO_MY_CLIENT_NET='10.10.10.0' PLUTO_MY_CLIENT_MASK='255.255.255.252' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.0.2' PLUTO_PEER_ID='192.168.0.2' PLUTO_PEER_CLIENT='10.10.10.4/30' PLUTO_PEER_CLIENT_NET='10.10.10.4' PLUTO_PEER_CLIENT_MASK='255.255.255.252' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown Aug 29 10:34:44 pluto[9145]: | command executing route-client Aug 29 10:34:44 pluto[9145]: | executing route-client: 2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='tunnel1' PLUTO_INTERFACE='ipsec0' PLUTO_NEXT_HOP='192.168.0.2' PLUTO_ME='192.168.0.1' PLUTO_MY_ID='192.168.0.1' PLUTO_MY_CLIENT='10.10.10.0/30' PLUTO_MY_CLIENT_NET='10.10.10.0' PLUTO_MY_CLIENT_MASK='255.255.255.252' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.0.2' PLUTO_PEER_ID='192.168.0.2' PLUTO_PEER_CLIENT='10.10.10.4/30' PLUTO_PEER_CLIENT_NET='10.10.10.4' PLUTO_PEER_CLIENT_MASK='255.255.255.252' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown Aug 29 10:34:44 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:44 pluto[9145]: | next event EVENT_PENDING_DDNS in 58 seconds Aug 29 10:34:44 pluto[9145]: | Aug 29 10:34:44 pluto[9145]: | *received whack message Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() initial trans_cnt=15 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2 Aug 29 10:34:44 pluto[9145]: | returning new proposal from esp_info Aug 29 10:34:44 pluto[9145]: | creating state object #1 at 0x4094fa70 Aug 29 10:34:44 pluto[9145]: | orient tunnel1 checking against if: eth0 (AF_INET:192.168.0.1:500) Aug 29 10:34:44 pluto[9145]: | orient matched on IP Aug 29 10:34:44 pluto[9145]: | orient tunnel1 finished with: 1 [192.168.0.1] Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:44 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:44 pluto[9145]: | state hash entry 25 Aug 29 10:34:44 pluto[9145]: | inserting state object #1 bucket: 25 Aug 29 10:34:44 pluto[9145]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 (head of queue) Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | Queuing pending Quick Mode with 192.168.0.2 "tunnel1" Aug 29 10:34:44 pluto[9145]: "tunnel1" #1: initiating v2 parent SA Aug 29 10:34:44 ipsec__plutorun: 002 "tunnel1" #1: initiating v2 parent SA Aug 29 10:34:44 pluto[9145]: "tunnel1" #1: STATE_PARENT_I1: initiate Aug 29 10:34:44 ipsec__plutorun: 134 "tunnel1" #1: STATE_PARENT_I1: initiate Aug 29 10:34:44 pluto[9145]: | helper -1 doing build_kenonce op id: 0 Aug 29 10:34:45 pluto[9145]: | Local DH secret: Aug 29 10:34:45 pluto[9145]: | 84 bb 42 77 4d 75 17 c1 30 00 88 89 0c bd 4e 56 Aug 29 10:34:45 pluto[9145]: | 4b 6a 18 75 df e7 55 19 87 1f 67 a9 90 f0 81 ee Aug 29 10:34:45 pluto[9145]: | Public DH value sent: Aug 29 10:34:45 pluto[9145]: | b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff d6 02 73 ae Aug 29 10:34:45 pluto[9145]: | 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 e5 34 66 d4 Aug 29 10:34:45 pluto[9145]: | 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a 14 c9 b1 30 Aug 29 10:34:45 pluto[9145]: | cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 7a 8e 28 fc Aug 29 10:34:45 pluto[9145]: | 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 dc 70 8b 02 Aug 29 10:34:45 pluto[9145]: | 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 6e b0 58 bb Aug 29 10:34:45 pluto[9145]: | 59 09 47 0c 19 88 b7 47 57 ee 6a 99 6a dc be d4 Aug 29 10:34:45 pluto[9145]: | dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 52 86 88 8b Aug 29 10:34:45 pluto[9145]: | fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c f6 ee 42 73 Aug 29 10:34:45 pluto[9145]: | 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e 41 b9 c5 dd Aug 29 10:34:45 pluto[9145]: | 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 fd 01 e9 fe Aug 29 10:34:45 pluto[9145]: | 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 7e 7a e6 99 Aug 29 10:34:45 pluto[9145]: | c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f 94 96 fa 3b Aug 29 10:34:45 pluto[9145]: | 11 c8 35 92 ea f5 9b 42 06 88 be 9c 74 4b 2d 79 Aug 29 10:34:45 pluto[9145]: | 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 81 79 64 fc Aug 29 10:34:45 pluto[9145]: | 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 af ed 22 68 Aug 29 10:34:45 pluto[9145]: | Generated nonce: Aug 29 10:34:45 pluto[9145]: | f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | ikev2 parent outI1: calculated ke+nonce, sending I1 Aug 29 10:34:45 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:45 pluto[9145]: | **emit ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_SA_INIT Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_INIT Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2KE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | ****emit IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 1 Aug 29 10:34:45 pluto[9145]: | spi size: 0 Aug 29 10:34:45 pluto[9145]: | # transforms: 4 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | [256 is 256??] Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 2 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | transform type: 4 Aug 29 10:34:45 pluto[9145]: | transform ID: 14 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Security Association Payload: 48 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Key Exchange Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2Ni Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | transform type: 14 Aug 29 10:34:45 pluto[9145]: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 29 10:34:45 pluto[9145]: | ikev2 g^x b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff d6 02 73 ae Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 e5 34 66 d4 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a 14 c9 b1 30 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 7a 8e 28 fc Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 dc 70 8b 02 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 6e b0 58 bb Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 59 09 47 0c 19 88 b7 47 57 ee 6a 99 6a dc be d4 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 52 86 88 8b Aug 29 10:34:45 pluto[9145]: | ikev2 g^x fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c f6 ee 42 73 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e 41 b9 c5 dd Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 fd 01 e9 fe Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 7e 7a e6 99 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f 94 96 fa 3b Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 11 c8 35 92 ea f5 9b 42 06 88 be 9c 74 4b 2d 79 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 81 79 64 fc Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 af ed 22 68 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Nonce Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2V Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 29 10:34:45 pluto[9145]: | IKEv2 nonce f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Nonce Payload: 20 Aug 29 10:34:45 pluto[9145]: | ***emit ISAKMP Vendor ID Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload Aug 29 10:34:45 pluto[9145]: | Vendor ID 4f 53 57 7c 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | emitting length of ISAKMP Vendor ID Payload: 16 Aug 29 10:34:45 pluto[9145]: | emitting length of ISAKMP Message: 376 Aug 29 10:34:45 pluto[9145]: | sending 376 bytes for ikev2_parent_outI1_common through eth0:500 to 192.168.0.2:500 (using #1) Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | 21 20 22 08 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff Aug 29 10:34:45 pluto[9145]: | d6 02 73 ae 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 Aug 29 10:34:45 pluto[9145]: | e5 34 66 d4 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a Aug 29 10:34:45 pluto[9145]: | 14 c9 b1 30 cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 Aug 29 10:34:45 pluto[9145]: | 7a 8e 28 fc 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 Aug 29 10:34:45 pluto[9145]: | dc 70 8b 02 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 Aug 29 10:34:45 pluto[9145]: | 6e b0 58 bb 59 09 47 0c 19 88 b7 47 57 ee 6a 99 Aug 29 10:34:45 pluto[9145]: | 6a dc be d4 dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 Aug 29 10:34:45 pluto[9145]: | 52 86 88 8b fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c Aug 29 10:34:45 pluto[9145]: | f6 ee 42 73 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e Aug 29 10:34:45 pluto[9145]: | 41 b9 c5 dd 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 Aug 29 10:34:45 pluto[9145]: | fd 01 e9 fe 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 Aug 29 10:34:45 pluto[9145]: | 7e 7a e6 99 c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f Aug 29 10:34:45 pluto[9145]: | 94 96 fa 3b 11 c8 35 92 ea f5 9b 42 06 88 be 9c Aug 29 10:34:45 pluto[9145]: | 74 4b 2d 79 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 Aug 29 10:34:45 pluto[9145]: | 81 79 64 fc 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 Aug 29 10:34:45 pluto[9145]: | af ed 22 68 2b 00 00 14 f0 b7 14 be 06 65 a0 50 Aug 29 10:34:45 pluto[9145]: | c5 ad 55 4c 80 09 14 34 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | deleting event for #1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 (head of queue) Aug 29 10:34:45 pluto[9145]: | complete v2 state transition with STF_OK Aug 29 10:34:45 pluto[9145]: "tunnel1" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 Aug 29 10:34:45 ipsec__plutorun: 002 "tunnel1" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 Aug 29 10:34:45 pluto[9145]: "tunnel1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000) Aug 29 10:34:45 ipsec__plutorun: 134 "tunnel1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000) Aug 29 10:34:45 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:45 pluto[9145]: | next event EVENT_v2_RETRANSMIT in 10 seconds for #1 (2016-08-29 10:34:45) Aug 29 10:34:45 pluto[9145]: | Aug 29 10:34:45 pluto[9145]: | *received 376 bytes from 192.168.0.2:500 on eth0 (port=500) at 2016-08-29 10:34:45 Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | 21 20 22 20 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 ad b6 06 09 44 23 f4 52 a7 7d bf df Aug 29 10:34:45 pluto[9145]: | 13 31 56 fe 43 12 69 3c 5e a4 3f d0 97 b7 20 4f Aug 29 10:34:45 pluto[9145]: | 30 33 fc 47 9a 11 48 40 04 de 68 c9 31 7f 58 e8 Aug 29 10:34:45 pluto[9145]: | f7 2d c5 d7 2a 17 af 23 71 91 47 e5 3e eb bd 8b Aug 29 10:34:45 pluto[9145]: | 8b 7c cb 37 25 53 9c 53 48 a7 00 3d 56 63 59 be Aug 29 10:34:45 pluto[9145]: | 51 9c 00 40 c6 d2 00 fc b5 da 61 02 87 24 4e 84 Aug 29 10:34:45 pluto[9145]: | 06 13 9c ff df 96 35 35 49 3e 2f bb da 9f 5f 24 Aug 29 10:34:45 pluto[9145]: | 82 d7 c9 2e c6 ca 34 0d 99 95 69 b1 49 94 76 6e Aug 29 10:34:45 pluto[9145]: | 65 c9 70 cf 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 Aug 29 10:34:45 pluto[9145]: | 74 2d 24 e8 bc 48 51 dc 04 51 8a 65 19 b8 5b d7 Aug 29 10:34:45 pluto[9145]: | 38 fd cb 11 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 Aug 29 10:34:45 pluto[9145]: | 50 3b 2e d4 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 Aug 29 10:34:45 pluto[9145]: | 2a 32 b5 a9 e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 Aug 29 10:34:45 pluto[9145]: | 48 a6 b4 fa 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c Aug 29 10:34:45 pluto[9145]: | c2 97 1f 5b 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae Aug 29 10:34:45 pluto[9145]: | 0a 32 18 35 5f 82 b7 55 4e da 94 f4 5a 42 74 8e Aug 29 10:34:45 pluto[9145]: | 70 95 83 8e 2b 00 00 14 68 ff d3 2a 70 f2 e8 87 Aug 29 10:34:45 pluto[9145]: | 83 ad 6f 36 12 d4 cf f3 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | **parse ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_SA_INIT Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_RESPONSE Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | length: 376 Aug 29 10:34:45 pluto[9145]: | processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000 Aug 29 10:34:45 pluto[9145]: | I am IKE SA Initiator Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | v2 state object not found Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | state hash entry 25 Aug 29 10:34:45 pluto[9145]: | v2 peer and cookies match on #1 Aug 29 10:34:45 pluto[9145]: | v2 state object #1 (tunnel1) found, in STATE_PARENT_I1 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | state hash entry 25 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | inserting state object #1 bucket: 1 Aug 29 10:34:45 pluto[9145]: | state found and its state is:STATE_PARENT_I1 msgid: 00000 Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2KE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 48 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2SA (len=48) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Key Exchange Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2Ni Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 264 Aug 29 10:34:45 pluto[9145]: | transform type: 14 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2KE (len=264) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Nonce Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2V Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 20 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2Ni (len=20) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Vendor ID Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 16 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2V (len=16) Aug 29 10:34:45 pluto[9145]: | considering state entry: 0 Aug 29 10:34:45 pluto[9145]: | Now lets proceed with state specific processing Aug 29 10:34:45 pluto[9145]: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 29 10:34:45 pluto[9145]: | DH public value received: Aug 29 10:34:45 pluto[9145]: | ad b6 06 09 44 23 f4 52 a7 7d bf df 13 31 56 fe Aug 29 10:34:45 pluto[9145]: | 43 12 69 3c 5e a4 3f d0 97 b7 20 4f 30 33 fc 47 Aug 29 10:34:45 pluto[9145]: | 9a 11 48 40 04 de 68 c9 31 7f 58 e8 f7 2d c5 d7 Aug 29 10:34:45 pluto[9145]: | 2a 17 af 23 71 91 47 e5 3e eb bd 8b 8b 7c cb 37 Aug 29 10:34:45 pluto[9145]: | 25 53 9c 53 48 a7 00 3d 56 63 59 be 51 9c 00 40 Aug 29 10:34:45 pluto[9145]: | c6 d2 00 fc b5 da 61 02 87 24 4e 84 06 13 9c ff Aug 29 10:34:45 pluto[9145]: | df 96 35 35 49 3e 2f bb da 9f 5f 24 82 d7 c9 2e Aug 29 10:34:45 pluto[9145]: | c6 ca 34 0d 99 95 69 b1 49 94 76 6e 65 c9 70 cf Aug 29 10:34:45 pluto[9145]: | 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 74 2d 24 e8 Aug 29 10:34:45 pluto[9145]: | bc 48 51 dc 04 51 8a 65 19 b8 5b d7 38 fd cb 11 Aug 29 10:34:45 pluto[9145]: | 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 50 3b 2e d4 Aug 29 10:34:45 pluto[9145]: | 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 2a 32 b5 a9 Aug 29 10:34:45 pluto[9145]: | e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 48 a6 b4 fa Aug 29 10:34:45 pluto[9145]: | 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c c2 97 1f 5b Aug 29 10:34:45 pluto[9145]: | 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae 0a 32 18 35 Aug 29 10:34:45 pluto[9145]: | 5f 82 b7 55 4e da 94 f4 5a 42 74 8e 70 95 83 8e Aug 29 10:34:45 pluto[9145]: | ****parse IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | length: 44 Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 1 Aug 29 10:34:45 pluto[9145]: | spi size: 0 Aug 29 10:34:45 pluto[9145]: | # transforms: 4 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 12 Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ******parse IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 2 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 4 Aug 29 10:34:45 pluto[9145]: | transform ID: 14 Aug 29 10:34:45 pluto[9145]: | calculating skeyseed using prf=prf-hmac-sha1 integ=auth-hmac-sha1-96 cipherkey=aes-cbc Aug 29 10:34:45 pluto[9145]: | helper -1 doing compute dh(v2) op id: 0 Aug 29 10:34:45 pluto[9145]: | long term secret: 84 bb 42 77 4d 75 17 c1 30 00 88 89 0c bd 4e 56 Aug 29 10:34:45 pluto[9145]: | long term secret: 4b 6a 18 75 df e7 55 19 87 1f 67 a9 90 f0 81 ee Aug 29 10:34:45 pluto[9145]: | peer's g: ad b6 06 09 44 23 f4 52 a7 7d bf df 13 31 56 fe Aug 29 10:34:45 pluto[9145]: | peer's g: 43 12 69 3c 5e a4 3f d0 97 b7 20 4f 30 33 fc 47 Aug 29 10:34:45 pluto[9145]: | peer's g: 9a 11 48 40 04 de 68 c9 31 7f 58 e8 f7 2d c5 d7 Aug 29 10:34:45 pluto[9145]: | peer's g: 2a 17 af 23 71 91 47 e5 3e eb bd 8b 8b 7c cb 37 Aug 29 10:34:45 pluto[9145]: | peer's g: 25 53 9c 53 48 a7 00 3d 56 63 59 be 51 9c 00 40 Aug 29 10:34:45 pluto[9145]: | peer's g: c6 d2 00 fc b5 da 61 02 87 24 4e 84 06 13 9c ff Aug 29 10:34:45 pluto[9145]: | peer's g: df 96 35 35 49 3e 2f bb da 9f 5f 24 82 d7 c9 2e Aug 29 10:34:45 pluto[9145]: | peer's g: c6 ca 34 0d 99 95 69 b1 49 94 76 6e 65 c9 70 cf Aug 29 10:34:45 pluto[9145]: | peer's g: 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 74 2d 24 e8 Aug 29 10:34:45 pluto[9145]: | peer's g: bc 48 51 dc 04 51 8a 65 19 b8 5b d7 38 fd cb 11 Aug 29 10:34:45 pluto[9145]: | peer's g: 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 50 3b 2e d4 Aug 29 10:34:45 pluto[9145]: | peer's g: 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 2a 32 b5 a9 Aug 29 10:34:45 pluto[9145]: | peer's g: e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 48 a6 b4 fa Aug 29 10:34:45 pluto[9145]: | peer's g: 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c c2 97 1f 5b Aug 29 10:34:45 pluto[9145]: | peer's g: 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae 0a 32 18 35 Aug 29 10:34:45 pluto[9145]: | peer's g: 5f 82 b7 55 4e da 94 f4 5a 42 74 8e 70 95 83 8e Aug 29 10:34:45 pluto[9145]: | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP2048): 106169 usec Aug 29 10:34:45 pluto[9145]: | DH shared-secret: Aug 29 10:34:45 pluto[9145]: | 7e 6d 9a 6a ec 63 aa 68 54 9d d1 d1 52 ef 86 27 Aug 29 10:34:45 pluto[9145]: | 41 39 f1 79 1b a4 d3 a7 ec 7d a5 35 fb 4a f3 07 Aug 29 10:34:45 pluto[9145]: | 6d bb 93 da 3b 15 3c 97 c7 d4 d5 55 0d ff 65 ba Aug 29 10:34:45 pluto[9145]: | 15 7d aa ad 9a f1 a8 62 10 9a 6c c3 9c dc 55 35 Aug 29 10:34:45 pluto[9145]: | 58 be 25 e2 59 a9 be bd 6f bd 65 32 58 a1 43 b7 Aug 29 10:34:45 pluto[9145]: | 23 1c ee a0 be 39 d2 d0 ae 39 98 41 30 fc d5 8d Aug 29 10:34:45 pluto[9145]: | d1 9c 82 e6 4e a0 0f c2 70 02 f5 dd 56 e4 68 ad Aug 29 10:34:45 pluto[9145]: | cf 8c fe e6 7c b1 ec d3 f6 a8 09 4b 40 c9 e4 b9 Aug 29 10:34:45 pluto[9145]: | 0c f0 2d e8 3a b8 af db de 83 ba 86 01 67 0d 42 Aug 29 10:34:45 pluto[9145]: | b4 fc af 09 f7 83 d8 60 bd 7b 79 bf b3 db d0 5c Aug 29 10:34:45 pluto[9145]: | 2e fb f6 f8 4a 12 85 61 51 a7 e8 fa c1 ce 7f e9 Aug 29 10:34:45 pluto[9145]: | bd f6 02 32 a0 03 75 a0 4d 10 b5 7b 19 ea 94 31 Aug 29 10:34:45 pluto[9145]: | 54 be 80 5b 46 2b 16 07 27 db ee ae 7a 11 b0 82 Aug 29 10:34:45 pluto[9145]: | 42 a7 61 88 43 23 ba 67 de f2 bf 27 91 c3 4b 13 Aug 29 10:34:45 pluto[9145]: | 59 b7 f3 02 75 56 b4 6a b5 e3 d6 fd ad cb 57 42 Aug 29 10:34:45 pluto[9145]: | cb 44 4c 0d aa 84 9e c0 13 e0 bc f1 83 54 53 28 Aug 29 10:34:45 pluto[9145]: | calculating skeyseed using prf=prf-hmac-sha1 integ=auth-hmac-sha1-96 cipherkey=32 Aug 29 10:34:45 pluto[9145]: | Input to SKEYSEED: f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | Input to SKEYSEED: 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | PRF+ input Aug 29 10:34:45 pluto[9145]: | Ni f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | Nr 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | SPIi 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | SPIr 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | Total keysize needed 164 Aug 29 10:34:45 pluto[9145]: | prf+[1]: 6e 69 13 ab 9e bd fe 68 96 e1 ca a2 f5 5e 9c 2e Aug 29 10:34:45 pluto[9145]: | prf+[1]: 2f 30 7e 61 Aug 29 10:34:45 pluto[9145]: | prf+[2]: 93 31 fb f8 f0 b4 b8 f3 d9 0f 83 4f 8a 67 bc ce Aug 29 10:34:45 pluto[9145]: | prf+[2]: 33 95 2f e9 Aug 29 10:34:45 pluto[9145]: | prf+[3]: 73 69 ab 7a a2 df b0 17 30 2f a2 28 68 1c c4 0e Aug 29 10:34:45 pluto[9145]: | prf+[3]: 0b 9f e8 5c Aug 29 10:34:45 pluto[9145]: | prf+[4]: a3 df c9 f4 a7 a3 1c a0 59 4c a8 dc 06 6b 18 0d Aug 29 10:34:45 pluto[9145]: | prf+[4]: cb 57 37 ec Aug 29 10:34:45 pluto[9145]: | prf+[5]: ef 6f fe d7 9d 25 ac 18 5c 8a fa a2 4f 39 19 0e Aug 29 10:34:45 pluto[9145]: | prf+[5]: 0d a2 ce 72 Aug 29 10:34:45 pluto[9145]: | prf+[6]: 5a 45 fd f2 98 ba 81 55 21 89 98 75 8d 16 f5 7e Aug 29 10:34:45 pluto[9145]: | prf+[6]: 9f d4 3d 99 Aug 29 10:34:45 pluto[9145]: | prf+[7]: b5 6c fa e8 75 18 49 9a 29 82 27 29 13 42 8c 02 Aug 29 10:34:45 pluto[9145]: | prf+[7]: 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | prf+[8]: a4 f5 f0 45 2f 05 8a 4b ca 1c 82 5c 07 d7 35 c5 Aug 29 10:34:45 pluto[9145]: | prf+[8]: ee 13 84 70 Aug 29 10:34:45 pluto[9145]: | prf+[9]: 97 30 68 22 1d 69 f6 64 eb 8c c3 b8 71 70 34 d9 Aug 29 10:34:45 pluto[9145]: | prf+[9]: 79 6e 3f 35 Aug 29 10:34:45 pluto[9145]: | shared: 7e 6d 9a 6a ec 63 aa 68 54 9d d1 d1 52 ef 86 27 Aug 29 10:34:45 pluto[9145]: | shared: 41 39 f1 79 1b a4 d3 a7 ec 7d a5 35 fb 4a f3 07 Aug 29 10:34:45 pluto[9145]: | shared: 6d bb 93 da 3b 15 3c 97 c7 d4 d5 55 0d ff 65 ba Aug 29 10:34:45 pluto[9145]: | shared: 15 7d aa ad 9a f1 a8 62 10 9a 6c c3 9c dc 55 35 Aug 29 10:34:45 pluto[9145]: | shared: 58 be 25 e2 59 a9 be bd 6f bd 65 32 58 a1 43 b7 Aug 29 10:34:45 pluto[9145]: | shared: 23 1c ee a0 be 39 d2 d0 ae 39 98 41 30 fc d5 8d Aug 29 10:34:45 pluto[9145]: | shared: d1 9c 82 e6 4e a0 0f c2 70 02 f5 dd 56 e4 68 ad Aug 29 10:34:45 pluto[9145]: | shared: cf 8c fe e6 7c b1 ec d3 f6 a8 09 4b 40 c9 e4 b9 Aug 29 10:34:45 pluto[9145]: | shared: 0c f0 2d e8 3a b8 af db de 83 ba 86 01 67 0d 42 Aug 29 10:34:45 pluto[9145]: | shared: b4 fc af 09 f7 83 d8 60 bd 7b 79 bf b3 db d0 5c Aug 29 10:34:45 pluto[9145]: | shared: 2e fb f6 f8 4a 12 85 61 51 a7 e8 fa c1 ce 7f e9 Aug 29 10:34:45 pluto[9145]: | shared: bd f6 02 32 a0 03 75 a0 4d 10 b5 7b 19 ea 94 31 Aug 29 10:34:45 pluto[9145]: | shared: 54 be 80 5b 46 2b 16 07 27 db ee ae 7a 11 b0 82 Aug 29 10:34:45 pluto[9145]: | shared: 42 a7 61 88 43 23 ba 67 de f2 bf 27 91 c3 4b 13 Aug 29 10:34:45 pluto[9145]: | shared: 59 b7 f3 02 75 56 b4 6a b5 e3 d6 fd ad cb 57 42 Aug 29 10:34:45 pluto[9145]: | shared: cb 44 4c 0d aa 84 9e c0 13 e0 bc f1 83 54 53 28 Aug 29 10:34:45 pluto[9145]: | skeyseed: 28 e6 04 76 da c0 87 c6 52 3b 10 11 4a 07 c9 b5 Aug 29 10:34:45 pluto[9145]: | skeyseed: 4c f4 31 3c Aug 29 10:34:45 pluto[9145]: | SK_d: 6e 69 13 ab 9e bd fe 68 96 e1 ca a2 f5 5e 9c 2e Aug 29 10:34:45 pluto[9145]: | SK_d: 2f 30 7e 61 Aug 29 10:34:45 pluto[9145]: | SK_ai: 93 31 fb f8 f0 b4 b8 f3 d9 0f 83 4f 8a 67 bc ce Aug 29 10:34:45 pluto[9145]: | SK_ai: 33 95 2f e9 Aug 29 10:34:45 pluto[9145]: | SK_ar: 73 69 ab 7a a2 df b0 17 30 2f a2 28 68 1c c4 0e Aug 29 10:34:45 pluto[9145]: | SK_ar: 0b 9f e8 5c Aug 29 10:34:45 pluto[9145]: | SK_ei: a3 df c9 f4 a7 a3 1c a0 59 4c a8 dc 06 6b 18 0d Aug 29 10:34:45 pluto[9145]: | SK_ei: cb 57 37 ec ef 6f fe d7 9d 25 ac 18 5c 8a fa a2 Aug 29 10:34:45 pluto[9145]: | SK_er: 4f 39 19 0e 0d a2 ce 72 5a 45 fd f2 98 ba 81 55 Aug 29 10:34:45 pluto[9145]: | SK_er: 21 89 98 75 8d 16 f5 7e 9f d4 3d 99 b5 6c fa e8 Aug 29 10:34:45 pluto[9145]: | SK_pi: 75 18 49 9a 29 82 27 29 13 42 8c 02 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | SK_pi: a4 f5 f0 45 Aug 29 10:34:45 pluto[9145]: | SK_pr: 2f 05 8a 4b ca 1c 82 5c 07 d7 35 c5 ee 13 84 70 Aug 29 10:34:45 pluto[9145]: | SK_pr: 97 30 68 22 Aug 29 10:34:45 pluto[9145]: | ikev2 parent inR1outI2: calculating g^{xy}, sending I2 Aug 29 10:34:45 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:45 pluto[9145]: | duplicating state object #1 Aug 29 10:34:45 pluto[9145]: | creating state object #2 at 0x40951680 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | inserting state object #2 bucket: 1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 (head of queue) Aug 29 10:34:45 pluto[9145]: | deleting event for #1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_SA_REPLACE, timeout in 28800 seconds for #1 Aug 29 10:34:45 pluto[9145]: | event added after event EVENT_REINIT_SECRET Aug 29 10:34:45 pluto[9145]: | **emit ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2E Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_AUTH Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_INIT Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 01 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Encryption Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2IDi Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | emitting 16 zero bytes of iv into IKEv2 Encryption Payload Aug 29 10:34:45 pluto[9145]: | IKEv2 thinking whether to send my certificate: Aug 29 10:34:45 pluto[9145]: | my policy has no RSASIG, the policy is : PSK+ENCRYPT+TUNNEL+PFS+UP+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:45 pluto[9145]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Aug 29 10:34:45 pluto[9145]: | so do not send cert. Aug 29 10:34:45 pluto[9145]: | I did not send a certificate because digital signatures are not being used. (PSK) Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Identification Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2AUTH Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | id_type: ID_IPV4_ADDR Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of my identity into IKEv2 Identification Payload Aug 29 10:34:45 pluto[9145]: | my identity c0 a8 00 01 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Identification Payload: 12 Aug 29 10:34:45 pluto[9145]: | idhash calc pi 75 18 49 9a 29 82 27 29 13 42 8c 02 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | idhash calc pi a4 f5 f0 45 Aug 29 10:34:45 pluto[9145]: | idhash calc I2 01 00 00 00 c0 a8 00 01 Aug 29 10:34:45 pluto[9145]: | getting first pending from state #1 Aug 29 10:34:45 pluto[9145]: | payload after AUTH will be ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Authentication Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | auth method: v2_AUTH_SHARED Aug 29 10:34:45 pluto[9145]: | started looking for secret for 192.168.0.1->192.168.0.2 of kind PPK_PSK Aug 29 10:34:45 pluto[9145]: | actually looking for secret for 192.168.0.1->192.168.0.2 of kind PPK_PSK Aug 29 10:34:45 pluto[9145]: | line 6: key type PPK_PSK(192.168.0.1) to type PPK_PSK Aug 29 10:34:45 pluto[9145]: | 1: compared key 192.168.0.2 to 192.168.0.1 / 192.168.0.2 -> 4 Aug 29 10:34:45 pluto[9145]: | 2: compared key 192.168.0.1 to 192.168.0.1 / 192.168.0.2 -> 12 Aug 29 10:34:45 pluto[9145]: | line 6: match=12 Aug 29 10:34:45 pluto[9145]: | best_match 0>12 best=0x4094f9e8 (line=6) Aug 29 10:34:45 pluto[9145]: | concluding with best_match=12 best=0x4094f9e8 (lineno=6) Aug 29 10:34:45 pluto[9145]: | negotiated prf: oakley_sha hash length: 20 Aug 29 10:34:45 pluto[9145]: | inner prf output 48 04 da e1 7c 85 b0 3b 5b 47 85 0d 96 a7 90 ed Aug 29 10:34:45 pluto[9145]: | inner prf output 45 7e c2 1c Aug 29 10:34:45 pluto[9145]: | inputs to hash1 (first packet) Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | 21 20 22 08 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff Aug 29 10:34:45 pluto[9145]: | d6 02 73 ae 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 Aug 29 10:34:45 pluto[9145]: | e5 34 66 d4 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a Aug 29 10:34:45 pluto[9145]: | 14 c9 b1 30 cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 Aug 29 10:34:45 pluto[9145]: | 7a 8e 28 fc 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 Aug 29 10:34:45 pluto[9145]: | dc 70 8b 02 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 Aug 29 10:34:45 pluto[9145]: | 6e b0 58 bb 59 09 47 0c 19 88 b7 47 57 ee 6a 99 Aug 29 10:34:45 pluto[9145]: | 6a dc be d4 dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 Aug 29 10:34:45 pluto[9145]: | 52 86 88 8b fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c Aug 29 10:34:45 pluto[9145]: | f6 ee 42 73 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e Aug 29 10:34:45 pluto[9145]: | 41 b9 c5 dd 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 Aug 29 10:34:45 pluto[9145]: | fd 01 e9 fe 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 Aug 29 10:34:45 pluto[9145]: | 7e 7a e6 99 c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f Aug 29 10:34:45 pluto[9145]: | 94 96 fa 3b 11 c8 35 92 ea f5 9b 42 06 88 be 9c Aug 29 10:34:45 pluto[9145]: | 74 4b 2d 79 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 Aug 29 10:34:45 pluto[9145]: | 81 79 64 fc 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 Aug 29 10:34:45 pluto[9145]: | af ed 22 68 2b 00 00 14 f0 b7 14 be 06 65 a0 50 Aug 29 10:34:45 pluto[9145]: | c5 ad 55 4c 80 09 14 34 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | inputs to hash2 (responder nonce) Aug 29 10:34:45 pluto[9145]: | 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | idhash 7f 3c 48 dc 19 d4 73 01 bf 9b d8 1f 7f 0e 7d 4e Aug 29 10:34:45 pluto[9145]: | idhash 5b ff 17 31 Aug 29 10:34:45 pluto[9145]: | PSK auth octets 3d 5e 2a c2 26 21 44 ff da 3e 97 60 20 87 1f 11 Aug 29 10:34:45 pluto[9145]: | PSK auth octets 06 5c 05 b9 Aug 29 10:34:45 pluto[9145]: | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 29 10:34:45 pluto[9145]: | PSK auth 3d 5e 2a c2 26 21 44 ff da 3e 97 60 20 87 1f 11 Aug 29 10:34:45 pluto[9145]: | PSK auth 06 5c 05 b9 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Authentication Payload: 28 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() initial trans_cnt=15 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2 Aug 29 10:34:45 pluto[9145]: | returning new proposal from esp_info Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2TSi Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | generate SPI: 8f 9f dc 27 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 3 Aug 29 10:34:45 pluto[9145]: | spi size: 4 Aug 29 10:34:45 pluto[9145]: | # transforms: 3 Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 29 10:34:45 pluto[9145]: | our spi 8f 9f dc 27 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ********emit IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | [256 is 256??] Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | transform type: 5 Aug 29 10:34:45 pluto[9145]: | transform ID: 0 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Security Association Payload: 44 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Traffic Selector Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2TSr Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | number of TS: 1 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Traffic Selector: Aug 29 10:34:45 pluto[9145]: | TS type: IKEv2_TS_IPV4_ADDR_RANGE Aug 29 10:34:45 pluto[9145]: | IP Protocol ID: 0 Aug 29 10:34:45 pluto[9145]: | start port: 0 Aug 29 10:34:45 pluto[9145]: | end port: 65535 Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector Aug 29 10:34:45 pluto[9145]: | ipv4 low 0a 0a 0a 00 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 high 0a 0a 0a 03 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector: 16 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector Payload: 24 Aug 29 10:34:46 pluto[9145]: | *****emit IKEv2 Traffic Selector Payload: Aug 29 10:34:46 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:46 pluto[9145]: | critical bit: none Aug 29 10:34:46 pluto[9145]: | number of TS: 1 Aug 29 10:34:46 pluto[9145]: | ******emit IKEv2 Traffic Selector: Aug 29 10:34:46 pluto[9145]: | TS type: IKEv2_TS_IPV4_ADDR_RANGE Aug 29 10:34:46 pluto[9145]: | IP Protocol ID: 0 Aug 29 10:34:46 pluto[9145]: | start port: 0 Aug 29 10:34:46 pluto[9145]: | end port: 65535 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 low 0a 0a 0a 04 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 high 0a 0a 0a 07 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector: 16 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector Payload: 24 Aug 29 10:34:46 pluto[9145]: | emitting 12 raw bytes of padding and length into cleartext Aug 29 10:34:46 pluto[9145]: | padding and length 00 01 02 03 04 05 06 07 08 09 0a 0b Aug 29 10:34:46 pluto[9145]: | emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Encryption Payload: 176 Aug 29 10:34:46 pluto[9145]: | emitting length of ISAKMP Message: 204 Aug 29 10:34:46 pluto[9145]: | data before encryption: Aug 29 10:34:46 pluto[9145]: | 27 00 00 0c 01 00 00 00 c0 a8 00 01 21 00 00 1c Aug 29 10:34:46 pluto[9145]: | 02 00 00 00 3d 5e 2a c2 26 21 44 ff da 3e 97 60 Aug 29 10:34:46 pluto[9145]: | 20 87 1f 11 06 5c 05 b9 2c 00 00 2c 00 00 00 28 Aug 29 10:34:46 pluto[9145]: | 01 03 04 03 8f 9f dc 27 03 00 00 0c 01 00 00 0c Aug 29 10:34:46 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 00 00 00 08 Aug 29 10:34:46 pluto[9145]: | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 Aug 29 10:34:46 pluto[9145]: | 00 00 ff ff 0a 0a 0a 00 0a 0a 0a 03 00 00 00 18 Aug 29 10:34:46 pluto[9145]: | 01 00 00 00 07 00 00 10 00 00 ff ff 0a 0a 0a 04 Aug 29 10:34:46 pluto[9145]: | 0a 0a 0a 07 00 01 02 03 04 05 06 07 08 09 0a 0b Aug 29 10:34:46 pluto[9145]: | data after encryption: Aug 29 10:34:46 pluto[9145]: | d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | data being hmac: 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:46 pluto[9145]: | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 Aug 29 10:34:46 pluto[9145]: | data being hmac: 02 81 1a 35 72 72 38 e1 85 4a 81 92 5f b0 1f 83 Aug 29 10:34:46 pluto[9145]: | data being hmac: d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | data being hmac: c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | data being hmac: 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | data being hmac: 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | data being hmac: 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | data being hmac: f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | data being hmac: a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | data being hmac: 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | data being hmac: f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | out calculated auth: Aug 29 10:34:46 pluto[9145]: | cc 6b 02 7f 7f 0d eb a5 b7 7e 5b f3 Aug 29 10:34:46 pluto[9145]: | deleting event for #2 Aug 29 10:34:46 pluto[9145]: | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 (head of queue) Aug 29 10:34:46 pluto[9145]: | complete v2 state transition with STF_OK Aug 29 10:34:46 pluto[9145]: "tunnel1" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 29 10:34:46 pluto[9145]: "tunnel1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000001) Aug 29 10:34:46 pluto[9145]: | sending reply packet to 192.168.0.2:500 (from port 500) Aug 29 10:34:46 pluto[9145]: | sending 204 bytes for STATE_PARENT_I1 through eth0:500 to 192.168.0.2:500 (using #2) Aug 29 10:34:46 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:46 pluto[9145]: | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 Aug 29 10:34:46 pluto[9145]: | 02 81 1a 35 72 72 38 e1 85 4a 81 92 5f b0 1f 83 Aug 29 10:34:46 pluto[9145]: | d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | cc 6b 02 7f 7f 0d eb a5 b7 7e 5b f3 Aug 29 10:34:46 pluto[9145]: | complete v2 state transition with STF_INLINE Aug 29 10:34:47 ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 258: 9145 Segmentation fault (core dumped) /usr/local/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-oppoinfo --debug-controlmore --debug-x509 --debug-dpd --debug-pfkey --debug-natt --debug-nattraversal --use-auto --uniqueids --nhelpers 0 --secctx_attr_value 32001 Aug 29 10:34:47 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11) Aug 29 10:34:47 ipsec__plutorun: restarting IPsec after pause... Aug 29 10:34:50 kernel: ipsec0: no IPv6 routers present Aug 29 10:34:59 ipsec_setup: Stopping Openswan IPsec... Aug 29 10:34:59 ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid: Aug 29 10:34:59 kernel: IPSEC EVENT: KLIPS device ipsec0 shut down. Aug 29 10:35:00 kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets. Aug 29 10:35:00 ipsec_setup: ...Openswan IPsec stopped Aug 29 10:35:04 ipsec_setup: Starting Openswan IPsec 4.24-246-gdd1b493... Aug 29 10:35:05 ipsec_setup: Using KLIPS/legacy stack Aug 29 10:35:17 syslog_watcher[9430]: Match entries for 'pluto.*K_SADB_X_ADDFLOW' was 6, running action 'service ipsec restart' Aug 29 10:35:21 ipsec_setup: Stopping Openswan IPsec... Aug 29 10:35:21 ipsec_setup: ...Openswan IPsec stopped Aug 29 10:35:21 ipsec: succeeded Aug 29 10:35:24 kernel: klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 4.24-246-gdd1b493 Aug 29 10:35:24 kernel: ipsec0: Features changed: 0x00004800 -> 0x00004000 Aug 29 10:35:24 kernel: ipsec1: Features changed: 0x00004800 -> 0x00004000 Aug 29 10:35:24 kernel: registered KLIPS /proc/sys/net Aug 29 10:35:24 kernel: klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=255) Aug 29 10:35:24 kernel: klips_info:ipsec_alg_init: calling ipsec_alg_static_init() Aug 29 10:35:24 kernel: ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0 Aug 29 10:35:24 kernel: ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0 Aug 29 10:35:24 kernel: ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0 Aug 29 10:35:24 kernel: KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 keymaxbits=256, found(0) Aug 29 10:35:26 kernel: KLIPS: lookup for ciphername=cbc(twofish): not found + _________________________ plog + sed -n '2589,$p' /var/log/messages + egrep -i pluto + case "$1" in + cat Aug 29 10:34:41 ipsec__plutorun: Starting Pluto subsystem... Aug 29 10:34:41 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec/ipsec.d Aug 29 10:34:41 pluto: adjusting ipsec.d to /etc/ipsec/ipsec.d Aug 29 10:34:42 ipsec__plutorun: Labelled IPsec not enabled; value 32001 ignored. Aug 29 10:34:42 pluto: Labelled IPsec not enabled; value 32001 ignored. Aug 29 10:34:42 pluto[9145]: Starting Pluto (Openswan Version 4.24-246-gdd1b493; Vendor ID OSW|EjlSpTfc) pid:9145 Aug 29 10:34:42 pluto[9145]: LEAK_DETECTIVE support [disabled] Aug 29 10:34:42 pluto[9145]: OCF support for IKE [disabled] Aug 29 10:34:42 pluto[9145]: SAref support [enabled] Aug 29 10:34:42 pluto[9145]: SAbind support [enabled] Aug 29 10:34:42 pluto[9145]: NSS support [disabled] Aug 29 10:34:42 pluto[9145]: HAVE_STATSD notification support not compiled in Aug 29 10:34:42 pluto[9145]: Setting NAT-Traversal port-4500 floating to off Aug 29 10:34:42 pluto[9145]: port floating activation criteria nat_t=0/port_float=1 Aug 29 10:34:42 pluto[9145]: NAT-Traversal support [disabled] Aug 29 10:34:42 pluto[9145]: | opening /dev/urandom Aug 29 10:34:42 pluto[9145]: using /dev/urandom as source of random entropy Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds (head of queue) Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue) Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_PENDING_DDNS Aug 29 10:34:42 pluto[9145]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Aug 29 10:34:42 pluto[9145]: no helpers will be started, all cryptographic operations will be done inline Aug 29 10:34:42 pluto[9145]: Kernel interface auto-pick Aug 29 10:34:42 pluto[9145]: No Kernel XFRM/NETKEY interface detected Aug 29 10:34:42 pluto[9145]: Using KLIPS IPsec interface code on 2.6.39 Aug 29 10:34:42 pluto[9145]: | process 9145 listening for PF_KEY_V2 on file descriptor 8 Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH Aug 29 10:34:42 pluto[9145]: | 02 07 00 02 02 00 00 00 01 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 1 Aug 29 10:34:42 pluto[9145]: | AH registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP Aug 29 10:34:42 pluto[9145]: | 02 07 00 03 02 00 00 00 02 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 2 Aug 29 10:34:42 pluto[9145]: | alg_init():memset(0x40240628, 0, 2048) memset(0x40240e28, 0, 2048) Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=32 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=9 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=14, alg_id=2 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=48 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=1 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=12 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3 Aug 29 10:34:42 pluto[9145]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=168, alg_maxbits=168, res=0, ret=0 Aug 29 10:34:42 pluto[9145]: | ESP registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP Aug 29 10:34:42 pluto[9145]: | 02 07 00 0a 02 00 00 00 03 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 3 Aug 29 10:34:42 pluto[9145]: | IPCOMP registered with kernel. Aug 29 10:34:42 pluto[9145]: | finish_pfkey_msg: K_SADB_REGISTER message 4 for IPIP Aug 29 10:34:42 pluto[9145]: | 02 07 00 09 02 00 00 00 04 00 00 00 b9 23 00 00 Aug 29 10:34:42 pluto[9145]: | pfkey_get: K_SADB_REGISTER message 4 Aug 29 10:34:42 pluto[9145]: | IPIP registered with kernel. Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_PENDING_DDNS Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/aacerts' Aug 29 10:34:42 pluto[9145]: | Changed path to directory '/etc/ipsec/ipsec.d/ocspcerts' Aug 29 10:34:42 pluto[9145]: | Found 0 items in directory '/etc/ipsec/ipsec.d/crls' Aug 29 10:34:42 pluto[9145]: | inserting event EVENT_LOG_DAILY, timeout in 48318 seconds Aug 29 10:34:42 pluto[9145]: | event added after event EVENT_REINIT_SECRET Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:42 pluto[9145]: | Aug 29 10:34:42 pluto[9145]: | *received whack message Aug 29 10:34:42 pluto[9145]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=256 aklen=0 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020da34, "OAKLEY_AES") Aug 29 10:34:42 pluto[9145]: | enum_search_ppfixi () calling enum_search(0x4020da34, "OAKLEY_AES_CBC") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() ealg_getbyname("aes")=7 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020dad4, "OAKLEY_SHA1") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() aalg_getbyname("sha1")=2 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020dec4, "OAKLEY_GROUP_MODP2048") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() modp_getbyname("modp2048")=14 Aug 29 10:34:42 pluto[9145]: | __alg_info_ike_add() ealg=7 aalg=2 modp_id=14, cnt=1 Aug 29 10:34:42 pluto[9145]: | Added new connection tunnel1 with policy PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:42 pluto[9145]: | from whack: got --esp=aes256-sha1 Aug 29 10:34:42 pluto[9145]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=256 aklen=0 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020c984, "ESP_AES") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() ealg_getbyname("aes")=12 Aug 29 10:34:42 pluto[9145]: | enum_search_prefix () calling enum_search(0x4020d4a8, "AUTH_ALGORITHM_HMAC_SHA1") Aug 29 10:34:42 pluto[9145]: | parser_alg_info_add() aalg_getbyname("sha1")=2 Aug 29 10:34:42 pluto[9145]: | __alg_info_esp_add() ealg=12 aalg=2 cnt=1 Aug 29 10:34:42 pluto[9145]: | esp string values: AES(12)_256-SHA1(2)_000; flags=-strict Aug 29 10:34:42 pluto[9145]: | ike (phase1) algorihtm values: AES_CBC(7)_256-SHA1(2)_000-MODP2048(14); flags=-strict Aug 29 10:34:42 pluto[9145]: | counting wild cards for 192.168.0.1 is 0 Aug 29 10:34:42 pluto[9145]: | counting wild cards for 192.168.0.2 is 0 Aug 29 10:34:42 pluto[9145]: | alg_info_addref() alg_info->ref_cnt=1 Aug 29 10:34:42 pluto[9145]: | orient tunnel1 matching on public/private keys: this=no[%address] that=no[%address] Aug 29 10:34:42 pluto[9145]: | orient tunnel1 finished with: 0 [none] Aug 29 10:34:42 pluto[9145]: | find_ID_host_pair: looking for me=192.168.0.1 him=192.168.0.2 (exact) Aug 29 10:34:42 pluto[9145]: | concluded with Aug 29 10:34:42 pluto[9145]: adding connection: "tunnel1" Aug 29 10:34:42 ipsec__plutorun: 002 adding connection: "tunnel1" Aug 29 10:34:42 pluto[9145]: | 10.10.10.0/30===192.168.0.1...192.168.0.2===10.10.10.4/30 Aug 29 10:34:42 pluto[9145]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:42 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:42 pluto[9145]: | Aug 29 10:34:42 pluto[9145]: | *received whack message Aug 29 10:34:42 pluto[9145]: listening for IKE messages Aug 29 10:34:42 pluto[9145]: | found lo with address 127.0.0.1 Aug 29 10:34:42 pluto[9145]: | found eth0 with address 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | found eth1 with address 192.168.96.117 Aug 29 10:34:42 pluto[9145]: | found usb0 with address 192.168.111.1 Aug 29 10:34:42 pluto[9145]: | found ipsec0 with address 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | IP interface usb0 192.168.111.1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: | IP interface eth1 192.168.96.117 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: adding interface ipsec0/eth0 192.168.0.1:500 Aug 29 10:34:42 pluto[9145]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 ipsec__plutorun: 002 listening for IKE messages Aug 29 10:34:42 ipsec__plutorun: 002 adding interface ipsec0/eth0 192.168.0.1:500 Aug 29 10:34:42 pluto[9145]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 Aug 29 10:34:42 pluto[9145]: | IP interface lo ::1 has no matching ipsec* interface -- ignored Aug 29 10:34:42 pluto[9145]: | orient tunnel1 checking against if: eth0 (AF_INET:192.168.0.1:500) Aug 29 10:34:42 pluto[9145]: | orient matched on IP Aug 29 10:34:42 pluto[9145]: | orient tunnel1 finished with: 1 [192.168.0.1] Aug 29 10:34:42 pluto[9145]: | connection tunnel1 is now oriented Aug 29 10:34:42 pluto[9145]: | find_host_pair: looking for me=192.168.0.1:500 %address him=192.168.0.2:500 exact-match Aug 29 10:34:42 pluto[9145]: | find_host_pair: concluded with Aug 29 10:34:42 pluto[9145]: | connect_to_host_pair: 192.168.0.1:500 %address 192.168.0.2:500 -> hp:none Aug 29 10:34:42 pluto[9145]: | find_ID_host_pair: looking for me=192.168.0.1 him=192.168.0.2 (exact) Aug 29 10:34:42 pluto[9145]: | comparing to me=192.168.0.1 him=192.168.0.2 (tunnel1) Aug 29 10:34:42 pluto[9145]: | concluded with tunnel1 Aug 29 10:34:42 pluto[9145]: loading secrets from "/etc/ipsec/ipsec.secrets" Aug 29 10:34:42 ipsec__plutorun: 002 loading secrets from "/etc/ipsec/ipsec.secrets" Aug 29 10:34:42 pluto[9145]: | id type added to secret(0x4094f9e8) PPK_PSK: 192.168.0.1 Aug 29 10:34:42 pluto[9145]: | id type added to secret(0x4094f9e8) PPK_PSK: 192.168.0.2 Aug 29 10:34:42 pluto[9145]: | Processing PSK at line 7: passed Aug 29 10:34:42 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:42 pluto[9145]: | next event EVENT_PENDING_DDNS in 60 seconds Aug 29 10:34:43 pluto[9145]: | Aug 29 10:34:43 pluto[9145]: | *received whack message Aug 29 10:34:43 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:43 pluto[9145]: | route owner of "tunnel1" unrouted: NULL; eroute owner: NULL Aug 29 10:34:43 pluto[9145]: | could_route called for tunnel1 (kind=CK_PERMANENT) Aug 29 10:34:43 pluto[9145]: | route owner of "tunnel1" unrouted: NULL; eroute owner: NULL Aug 29 10:34:43 pluto[9145]: | route_and_eroute with c: tunnel1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Aug 29 10:34:43 pluto[9145]: | finish_pfkey_msg: K_SADB_X_ADDFLOW message 5 for flow eroute_connection add Aug 29 10:34:43 pluto[9145]: | 02 0e 00 0b 17 00 00 00 05 00 00 00 b9 23 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 01 00 00 00 01 04 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 c0 a8 00 01 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 06 00 00 00 00 00 02 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 15 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 0a 0a 0a 00 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 16 00 00 00 00 00 02 00 00 00 0a 0a 0a 04 Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 03 00 17 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 02 00 00 00 ff ff ff fc 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | 03 00 18 00 00 00 00 00 02 00 00 00 ff ff ff fc Aug 29 10:34:43 pluto[9145]: | 00 00 00 00 00 00 00 00 Aug 29 10:34:43 pluto[9145]: | pfkey_get: K_SADB_X_ADDFLOW message 5 Aug 29 10:34:43 pluto[9145]: | route_and_eroute: firewall_notified: true Aug 29 10:34:43 pluto[9145]: | command executing prepare-client Aug 29 10:34:43 pluto[9145]: | executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='tunnel1' PLUTO_INTERFACE='ipsec0' PLUTO_NEXT_HOP='192.168.0.2' PLUTO_ME='192.168.0.1' PLUTO_MY_ID='192.168.0.1' PLUTO_MY_CLIENT='10.10.10.0/30' PLUTO_MY_CLIENT_NET='10.10.10.0' PLUTO_MY_CLIENT_MASK='255.255.255.252' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.0.2' PLUTO_PEER_ID='192.168.0.2' PLUTO_PEER_CLIENT='10.10.10.4/30' PLUTO_PEER_CLIENT_NET='10.10.10.4' PLUTO_PEER_CLIENT_MASK='255.255.255.252' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown Aug 29 10:34:44 pluto[9145]: | command executing route-client Aug 29 10:34:44 pluto[9145]: | executing route-client: 2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='tunnel1' PLUTO_INTERFACE='ipsec0' PLUTO_NEXT_HOP='192.168.0.2' PLUTO_ME='192.168.0.1' PLUTO_MY_ID='192.168.0.1' PLUTO_MY_CLIENT='10.10.10.0/30' PLUTO_MY_CLIENT_NET='10.10.10.0' PLUTO_MY_CLIENT_MASK='255.255.255.252' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.0.2' PLUTO_PEER_ID='192.168.0.2' PLUTO_PEER_CLIENT='10.10.10.4/30' PLUTO_PEER_CLIENT_NET='10.10.10.4' PLUTO_PEER_CLIENT_MASK='255.255.255.252' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='klips' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown Aug 29 10:34:44 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:44 pluto[9145]: | next event EVENT_PENDING_DDNS in 58 seconds Aug 29 10:34:44 pluto[9145]: | Aug 29 10:34:44 pluto[9145]: | *received whack message Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() initial trans_cnt=15 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Aug 29 10:34:44 pluto[9145]: | kernel_alg_db_new() trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2 Aug 29 10:34:44 pluto[9145]: | returning new proposal from esp_info Aug 29 10:34:44 pluto[9145]: | creating state object #1 at 0x4094fa70 Aug 29 10:34:44 pluto[9145]: | orient tunnel1 checking against if: eth0 (AF_INET:192.168.0.1:500) Aug 29 10:34:44 pluto[9145]: | orient matched on IP Aug 29 10:34:44 pluto[9145]: | orient tunnel1 finished with: 1 [192.168.0.1] Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:44 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:44 pluto[9145]: | state hash entry 25 Aug 29 10:34:44 pluto[9145]: | inserting state object #1 bucket: 25 Aug 29 10:34:44 pluto[9145]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 (head of queue) Aug 29 10:34:44 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:44 pluto[9145]: | Queuing pending Quick Mode with 192.168.0.2 "tunnel1" Aug 29 10:34:44 pluto[9145]: "tunnel1" #1: initiating v2 parent SA Aug 29 10:34:44 ipsec__plutorun: 002 "tunnel1" #1: initiating v2 parent SA Aug 29 10:34:44 pluto[9145]: "tunnel1" #1: STATE_PARENT_I1: initiate Aug 29 10:34:44 ipsec__plutorun: 134 "tunnel1" #1: STATE_PARENT_I1: initiate Aug 29 10:34:44 pluto[9145]: | helper -1 doing build_kenonce op id: 0 Aug 29 10:34:45 pluto[9145]: | Local DH secret: Aug 29 10:34:45 pluto[9145]: | 84 bb 42 77 4d 75 17 c1 30 00 88 89 0c bd 4e 56 Aug 29 10:34:45 pluto[9145]: | 4b 6a 18 75 df e7 55 19 87 1f 67 a9 90 f0 81 ee Aug 29 10:34:45 pluto[9145]: | Public DH value sent: Aug 29 10:34:45 pluto[9145]: | b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff d6 02 73 ae Aug 29 10:34:45 pluto[9145]: | 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 e5 34 66 d4 Aug 29 10:34:45 pluto[9145]: | 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a 14 c9 b1 30 Aug 29 10:34:45 pluto[9145]: | cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 7a 8e 28 fc Aug 29 10:34:45 pluto[9145]: | 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 dc 70 8b 02 Aug 29 10:34:45 pluto[9145]: | 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 6e b0 58 bb Aug 29 10:34:45 pluto[9145]: | 59 09 47 0c 19 88 b7 47 57 ee 6a 99 6a dc be d4 Aug 29 10:34:45 pluto[9145]: | dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 52 86 88 8b Aug 29 10:34:45 pluto[9145]: | fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c f6 ee 42 73 Aug 29 10:34:45 pluto[9145]: | 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e 41 b9 c5 dd Aug 29 10:34:45 pluto[9145]: | 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 fd 01 e9 fe Aug 29 10:34:45 pluto[9145]: | 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 7e 7a e6 99 Aug 29 10:34:45 pluto[9145]: | c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f 94 96 fa 3b Aug 29 10:34:45 pluto[9145]: | 11 c8 35 92 ea f5 9b 42 06 88 be 9c 74 4b 2d 79 Aug 29 10:34:45 pluto[9145]: | 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 81 79 64 fc Aug 29 10:34:45 pluto[9145]: | 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 af ed 22 68 Aug 29 10:34:45 pluto[9145]: | Generated nonce: Aug 29 10:34:45 pluto[9145]: | f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | ikev2 parent outI1: calculated ke+nonce, sending I1 Aug 29 10:34:45 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:45 pluto[9145]: | **emit ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_SA_INIT Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_INIT Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2KE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | ****emit IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 1 Aug 29 10:34:45 pluto[9145]: | spi size: 0 Aug 29 10:34:45 pluto[9145]: | # transforms: 4 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | [256 is 256??] Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 2 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | transform type: 4 Aug 29 10:34:45 pluto[9145]: | transform ID: 14 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Security Association Payload: 48 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Key Exchange Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2Ni Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | transform type: 14 Aug 29 10:34:45 pluto[9145]: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 29 10:34:45 pluto[9145]: | ikev2 g^x b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff d6 02 73 ae Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 e5 34 66 d4 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a 14 c9 b1 30 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 7a 8e 28 fc Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 dc 70 8b 02 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 6e b0 58 bb Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 59 09 47 0c 19 88 b7 47 57 ee 6a 99 6a dc be d4 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 52 86 88 8b Aug 29 10:34:45 pluto[9145]: | ikev2 g^x fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c f6 ee 42 73 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e 41 b9 c5 dd Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 fd 01 e9 fe Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 7e 7a e6 99 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f 94 96 fa 3b Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 11 c8 35 92 ea f5 9b 42 06 88 be 9c 74 4b 2d 79 Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 81 79 64 fc Aug 29 10:34:45 pluto[9145]: | ikev2 g^x 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 af ed 22 68 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Nonce Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2V Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 29 10:34:45 pluto[9145]: | IKEv2 nonce f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Nonce Payload: 20 Aug 29 10:34:45 pluto[9145]: | ***emit ISAKMP Vendor ID Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload Aug 29 10:34:45 pluto[9145]: | Vendor ID 4f 53 57 7c 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | emitting length of ISAKMP Vendor ID Payload: 16 Aug 29 10:34:45 pluto[9145]: | emitting length of ISAKMP Message: 376 Aug 29 10:34:45 pluto[9145]: | sending 376 bytes for ikev2_parent_outI1_common through eth0:500 to 192.168.0.2:500 (using #1) Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | 21 20 22 08 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff Aug 29 10:34:45 pluto[9145]: | d6 02 73 ae 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 Aug 29 10:34:45 pluto[9145]: | e5 34 66 d4 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a Aug 29 10:34:45 pluto[9145]: | 14 c9 b1 30 cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 Aug 29 10:34:45 pluto[9145]: | 7a 8e 28 fc 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 Aug 29 10:34:45 pluto[9145]: | dc 70 8b 02 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 Aug 29 10:34:45 pluto[9145]: | 6e b0 58 bb 59 09 47 0c 19 88 b7 47 57 ee 6a 99 Aug 29 10:34:45 pluto[9145]: | 6a dc be d4 dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 Aug 29 10:34:45 pluto[9145]: | 52 86 88 8b fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c Aug 29 10:34:45 pluto[9145]: | f6 ee 42 73 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e Aug 29 10:34:45 pluto[9145]: | 41 b9 c5 dd 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 Aug 29 10:34:45 pluto[9145]: | fd 01 e9 fe 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 Aug 29 10:34:45 pluto[9145]: | 7e 7a e6 99 c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f Aug 29 10:34:45 pluto[9145]: | 94 96 fa 3b 11 c8 35 92 ea f5 9b 42 06 88 be 9c Aug 29 10:34:45 pluto[9145]: | 74 4b 2d 79 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 Aug 29 10:34:45 pluto[9145]: | 81 79 64 fc 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 Aug 29 10:34:45 pluto[9145]: | af ed 22 68 2b 00 00 14 f0 b7 14 be 06 65 a0 50 Aug 29 10:34:45 pluto[9145]: | c5 ad 55 4c 80 09 14 34 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | deleting event for #1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 (head of queue) Aug 29 10:34:45 pluto[9145]: | complete v2 state transition with STF_OK Aug 29 10:34:45 pluto[9145]: "tunnel1" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 Aug 29 10:34:45 ipsec__plutorun: 002 "tunnel1" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 Aug 29 10:34:45 pluto[9145]: "tunnel1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000) Aug 29 10:34:45 ipsec__plutorun: 134 "tunnel1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 (msgid: 00000000) Aug 29 10:34:45 pluto[9145]: | * processed 0 messages from cryptographic helpers Aug 29 10:34:45 pluto[9145]: | next event EVENT_v2_RETRANSMIT in 10 seconds for #1 (2016-08-29 10:34:45) Aug 29 10:34:45 pluto[9145]: | Aug 29 10:34:45 pluto[9145]: | *received 376 bytes from 192.168.0.2:500 on eth0 (port=500) at 2016-08-29 10:34:45 Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | 21 20 22 20 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 ad b6 06 09 44 23 f4 52 a7 7d bf df Aug 29 10:34:45 pluto[9145]: | 13 31 56 fe 43 12 69 3c 5e a4 3f d0 97 b7 20 4f Aug 29 10:34:45 pluto[9145]: | 30 33 fc 47 9a 11 48 40 04 de 68 c9 31 7f 58 e8 Aug 29 10:34:45 pluto[9145]: | f7 2d c5 d7 2a 17 af 23 71 91 47 e5 3e eb bd 8b Aug 29 10:34:45 pluto[9145]: | 8b 7c cb 37 25 53 9c 53 48 a7 00 3d 56 63 59 be Aug 29 10:34:45 pluto[9145]: | 51 9c 00 40 c6 d2 00 fc b5 da 61 02 87 24 4e 84 Aug 29 10:34:45 pluto[9145]: | 06 13 9c ff df 96 35 35 49 3e 2f bb da 9f 5f 24 Aug 29 10:34:45 pluto[9145]: | 82 d7 c9 2e c6 ca 34 0d 99 95 69 b1 49 94 76 6e Aug 29 10:34:45 pluto[9145]: | 65 c9 70 cf 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 Aug 29 10:34:45 pluto[9145]: | 74 2d 24 e8 bc 48 51 dc 04 51 8a 65 19 b8 5b d7 Aug 29 10:34:45 pluto[9145]: | 38 fd cb 11 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 Aug 29 10:34:45 pluto[9145]: | 50 3b 2e d4 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 Aug 29 10:34:45 pluto[9145]: | 2a 32 b5 a9 e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 Aug 29 10:34:45 pluto[9145]: | 48 a6 b4 fa 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c Aug 29 10:34:45 pluto[9145]: | c2 97 1f 5b 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae Aug 29 10:34:45 pluto[9145]: | 0a 32 18 35 5f 82 b7 55 4e da 94 f4 5a 42 74 8e Aug 29 10:34:45 pluto[9145]: | 70 95 83 8e 2b 00 00 14 68 ff d3 2a 70 f2 e8 87 Aug 29 10:34:45 pluto[9145]: | 83 ad 6f 36 12 d4 cf f3 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | **parse ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_SA_INIT Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_RESPONSE Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | length: 376 Aug 29 10:34:45 pluto[9145]: | processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34), msgid: 00000000 Aug 29 10:34:45 pluto[9145]: | I am IKE SA Initiator Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | v2 state object not found Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | state hash entry 25 Aug 29 10:34:45 pluto[9145]: | v2 peer and cookies match on #1 Aug 29 10:34:45 pluto[9145]: | v2 state object #1 (tunnel1) found, in STATE_PARENT_I1 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | state hash entry 25 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | inserting state object #1 bucket: 1 Aug 29 10:34:45 pluto[9145]: | state found and its state is:STATE_PARENT_I1 msgid: 00000 Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2KE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 48 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2SA (len=48) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Key Exchange Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2Ni Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 264 Aug 29 10:34:45 pluto[9145]: | transform type: 14 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2KE (len=264) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Nonce Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2V Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 20 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2Ni (len=20) Aug 29 10:34:45 pluto[9145]: | ***parse IKEv2 Vendor ID Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | length: 16 Aug 29 10:34:45 pluto[9145]: | processing payload: ISAKMP_NEXT_v2V (len=16) Aug 29 10:34:45 pluto[9145]: | considering state entry: 0 Aug 29 10:34:45 pluto[9145]: | Now lets proceed with state specific processing Aug 29 10:34:45 pluto[9145]: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 29 10:34:45 pluto[9145]: | DH public value received: Aug 29 10:34:45 pluto[9145]: | ad b6 06 09 44 23 f4 52 a7 7d bf df 13 31 56 fe Aug 29 10:34:45 pluto[9145]: | 43 12 69 3c 5e a4 3f d0 97 b7 20 4f 30 33 fc 47 Aug 29 10:34:45 pluto[9145]: | 9a 11 48 40 04 de 68 c9 31 7f 58 e8 f7 2d c5 d7 Aug 29 10:34:45 pluto[9145]: | 2a 17 af 23 71 91 47 e5 3e eb bd 8b 8b 7c cb 37 Aug 29 10:34:45 pluto[9145]: | 25 53 9c 53 48 a7 00 3d 56 63 59 be 51 9c 00 40 Aug 29 10:34:45 pluto[9145]: | c6 d2 00 fc b5 da 61 02 87 24 4e 84 06 13 9c ff Aug 29 10:34:45 pluto[9145]: | df 96 35 35 49 3e 2f bb da 9f 5f 24 82 d7 c9 2e Aug 29 10:34:45 pluto[9145]: | c6 ca 34 0d 99 95 69 b1 49 94 76 6e 65 c9 70 cf Aug 29 10:34:45 pluto[9145]: | 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 74 2d 24 e8 Aug 29 10:34:45 pluto[9145]: | bc 48 51 dc 04 51 8a 65 19 b8 5b d7 38 fd cb 11 Aug 29 10:34:45 pluto[9145]: | 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 50 3b 2e d4 Aug 29 10:34:45 pluto[9145]: | 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 2a 32 b5 a9 Aug 29 10:34:45 pluto[9145]: | e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 48 a6 b4 fa Aug 29 10:34:45 pluto[9145]: | 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c c2 97 1f 5b Aug 29 10:34:45 pluto[9145]: | 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae 0a 32 18 35 Aug 29 10:34:45 pluto[9145]: | 5f 82 b7 55 4e da 94 f4 5a 42 74 8e 70 95 83 8e Aug 29 10:34:45 pluto[9145]: | ****parse IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | length: 44 Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 1 Aug 29 10:34:45 pluto[9145]: | spi size: 0 Aug 29 10:34:45 pluto[9145]: | # transforms: 4 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 12 Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ******parse IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 2 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | *****parse IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | length: 8 Aug 29 10:34:45 pluto[9145]: | transform type: 4 Aug 29 10:34:45 pluto[9145]: | transform ID: 14 Aug 29 10:34:45 pluto[9145]: | calculating skeyseed using prf=prf-hmac-sha1 integ=auth-hmac-sha1-96 cipherkey=aes-cbc Aug 29 10:34:45 pluto[9145]: | helper -1 doing compute dh(v2) op id: 0 Aug 29 10:34:45 pluto[9145]: | long term secret: 84 bb 42 77 4d 75 17 c1 30 00 88 89 0c bd 4e 56 Aug 29 10:34:45 pluto[9145]: | long term secret: 4b 6a 18 75 df e7 55 19 87 1f 67 a9 90 f0 81 ee Aug 29 10:34:45 pluto[9145]: | peer's g: ad b6 06 09 44 23 f4 52 a7 7d bf df 13 31 56 fe Aug 29 10:34:45 pluto[9145]: | peer's g: 43 12 69 3c 5e a4 3f d0 97 b7 20 4f 30 33 fc 47 Aug 29 10:34:45 pluto[9145]: | peer's g: 9a 11 48 40 04 de 68 c9 31 7f 58 e8 f7 2d c5 d7 Aug 29 10:34:45 pluto[9145]: | peer's g: 2a 17 af 23 71 91 47 e5 3e eb bd 8b 8b 7c cb 37 Aug 29 10:34:45 pluto[9145]: | peer's g: 25 53 9c 53 48 a7 00 3d 56 63 59 be 51 9c 00 40 Aug 29 10:34:45 pluto[9145]: | peer's g: c6 d2 00 fc b5 da 61 02 87 24 4e 84 06 13 9c ff Aug 29 10:34:45 pluto[9145]: | peer's g: df 96 35 35 49 3e 2f bb da 9f 5f 24 82 d7 c9 2e Aug 29 10:34:45 pluto[9145]: | peer's g: c6 ca 34 0d 99 95 69 b1 49 94 76 6e 65 c9 70 cf Aug 29 10:34:45 pluto[9145]: | peer's g: 35 81 ed 61 50 3b 4b 9e 96 ab 8a 42 74 2d 24 e8 Aug 29 10:34:45 pluto[9145]: | peer's g: bc 48 51 dc 04 51 8a 65 19 b8 5b d7 38 fd cb 11 Aug 29 10:34:45 pluto[9145]: | peer's g: 70 79 1a bf 49 60 ed 46 c9 c0 9f 26 50 3b 2e d4 Aug 29 10:34:45 pluto[9145]: | peer's g: 9d f4 b9 53 bd d3 d0 06 d2 07 df 98 2a 32 b5 a9 Aug 29 10:34:45 pluto[9145]: | peer's g: e5 96 29 fa 81 a5 5d 0f ab 28 36 d8 48 a6 b4 fa Aug 29 10:34:45 pluto[9145]: | peer's g: 08 2d 71 6a 19 cb 75 18 cd b8 3b 7c c2 97 1f 5b Aug 29 10:34:45 pluto[9145]: | peer's g: 16 c2 e3 d3 28 14 79 d4 ca f9 59 ae 0a 32 18 35 Aug 29 10:34:45 pluto[9145]: | peer's g: 5f 82 b7 55 4e da 94 f4 5a 42 74 8e 70 95 83 8e Aug 29 10:34:45 pluto[9145]: | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP2048): 106169 usec Aug 29 10:34:45 pluto[9145]: | DH shared-secret: Aug 29 10:34:45 pluto[9145]: | 7e 6d 9a 6a ec 63 aa 68 54 9d d1 d1 52 ef 86 27 Aug 29 10:34:45 pluto[9145]: | 41 39 f1 79 1b a4 d3 a7 ec 7d a5 35 fb 4a f3 07 Aug 29 10:34:45 pluto[9145]: | 6d bb 93 da 3b 15 3c 97 c7 d4 d5 55 0d ff 65 ba Aug 29 10:34:45 pluto[9145]: | 15 7d aa ad 9a f1 a8 62 10 9a 6c c3 9c dc 55 35 Aug 29 10:34:45 pluto[9145]: | 58 be 25 e2 59 a9 be bd 6f bd 65 32 58 a1 43 b7 Aug 29 10:34:45 pluto[9145]: | 23 1c ee a0 be 39 d2 d0 ae 39 98 41 30 fc d5 8d Aug 29 10:34:45 pluto[9145]: | d1 9c 82 e6 4e a0 0f c2 70 02 f5 dd 56 e4 68 ad Aug 29 10:34:45 pluto[9145]: | cf 8c fe e6 7c b1 ec d3 f6 a8 09 4b 40 c9 e4 b9 Aug 29 10:34:45 pluto[9145]: | 0c f0 2d e8 3a b8 af db de 83 ba 86 01 67 0d 42 Aug 29 10:34:45 pluto[9145]: | b4 fc af 09 f7 83 d8 60 bd 7b 79 bf b3 db d0 5c Aug 29 10:34:45 pluto[9145]: | 2e fb f6 f8 4a 12 85 61 51 a7 e8 fa c1 ce 7f e9 Aug 29 10:34:45 pluto[9145]: | bd f6 02 32 a0 03 75 a0 4d 10 b5 7b 19 ea 94 31 Aug 29 10:34:45 pluto[9145]: | 54 be 80 5b 46 2b 16 07 27 db ee ae 7a 11 b0 82 Aug 29 10:34:45 pluto[9145]: | 42 a7 61 88 43 23 ba 67 de f2 bf 27 91 c3 4b 13 Aug 29 10:34:45 pluto[9145]: | 59 b7 f3 02 75 56 b4 6a b5 e3 d6 fd ad cb 57 42 Aug 29 10:34:45 pluto[9145]: | cb 44 4c 0d aa 84 9e c0 13 e0 bc f1 83 54 53 28 Aug 29 10:34:45 pluto[9145]: | calculating skeyseed using prf=prf-hmac-sha1 integ=auth-hmac-sha1-96 cipherkey=32 Aug 29 10:34:45 pluto[9145]: | Input to SKEYSEED: f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | Input to SKEYSEED: 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | PRF+ input Aug 29 10:34:45 pluto[9145]: | Ni f0 b7 14 be 06 65 a0 50 c5 ad 55 4c 80 09 14 34 Aug 29 10:34:45 pluto[9145]: | Nr 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | SPIi 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | SPIr 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | Total keysize needed 164 Aug 29 10:34:45 pluto[9145]: | prf+[1]: 6e 69 13 ab 9e bd fe 68 96 e1 ca a2 f5 5e 9c 2e Aug 29 10:34:45 pluto[9145]: | prf+[1]: 2f 30 7e 61 Aug 29 10:34:45 pluto[9145]: | prf+[2]: 93 31 fb f8 f0 b4 b8 f3 d9 0f 83 4f 8a 67 bc ce Aug 29 10:34:45 pluto[9145]: | prf+[2]: 33 95 2f e9 Aug 29 10:34:45 pluto[9145]: | prf+[3]: 73 69 ab 7a a2 df b0 17 30 2f a2 28 68 1c c4 0e Aug 29 10:34:45 pluto[9145]: | prf+[3]: 0b 9f e8 5c Aug 29 10:34:45 pluto[9145]: | prf+[4]: a3 df c9 f4 a7 a3 1c a0 59 4c a8 dc 06 6b 18 0d Aug 29 10:34:45 pluto[9145]: | prf+[4]: cb 57 37 ec Aug 29 10:34:45 pluto[9145]: | prf+[5]: ef 6f fe d7 9d 25 ac 18 5c 8a fa a2 4f 39 19 0e Aug 29 10:34:45 pluto[9145]: | prf+[5]: 0d a2 ce 72 Aug 29 10:34:45 pluto[9145]: | prf+[6]: 5a 45 fd f2 98 ba 81 55 21 89 98 75 8d 16 f5 7e Aug 29 10:34:45 pluto[9145]: | prf+[6]: 9f d4 3d 99 Aug 29 10:34:45 pluto[9145]: | prf+[7]: b5 6c fa e8 75 18 49 9a 29 82 27 29 13 42 8c 02 Aug 29 10:34:45 pluto[9145]: | prf+[7]: 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | prf+[8]: a4 f5 f0 45 2f 05 8a 4b ca 1c 82 5c 07 d7 35 c5 Aug 29 10:34:45 pluto[9145]: | prf+[8]: ee 13 84 70 Aug 29 10:34:45 pluto[9145]: | prf+[9]: 97 30 68 22 1d 69 f6 64 eb 8c c3 b8 71 70 34 d9 Aug 29 10:34:45 pluto[9145]: | prf+[9]: 79 6e 3f 35 Aug 29 10:34:45 pluto[9145]: | shared: 7e 6d 9a 6a ec 63 aa 68 54 9d d1 d1 52 ef 86 27 Aug 29 10:34:45 pluto[9145]: | shared: 41 39 f1 79 1b a4 d3 a7 ec 7d a5 35 fb 4a f3 07 Aug 29 10:34:45 pluto[9145]: | shared: 6d bb 93 da 3b 15 3c 97 c7 d4 d5 55 0d ff 65 ba Aug 29 10:34:45 pluto[9145]: | shared: 15 7d aa ad 9a f1 a8 62 10 9a 6c c3 9c dc 55 35 Aug 29 10:34:45 pluto[9145]: | shared: 58 be 25 e2 59 a9 be bd 6f bd 65 32 58 a1 43 b7 Aug 29 10:34:45 pluto[9145]: | shared: 23 1c ee a0 be 39 d2 d0 ae 39 98 41 30 fc d5 8d Aug 29 10:34:45 pluto[9145]: | shared: d1 9c 82 e6 4e a0 0f c2 70 02 f5 dd 56 e4 68 ad Aug 29 10:34:45 pluto[9145]: | shared: cf 8c fe e6 7c b1 ec d3 f6 a8 09 4b 40 c9 e4 b9 Aug 29 10:34:45 pluto[9145]: | shared: 0c f0 2d e8 3a b8 af db de 83 ba 86 01 67 0d 42 Aug 29 10:34:45 pluto[9145]: | shared: b4 fc af 09 f7 83 d8 60 bd 7b 79 bf b3 db d0 5c Aug 29 10:34:45 pluto[9145]: | shared: 2e fb f6 f8 4a 12 85 61 51 a7 e8 fa c1 ce 7f e9 Aug 29 10:34:45 pluto[9145]: | shared: bd f6 02 32 a0 03 75 a0 4d 10 b5 7b 19 ea 94 31 Aug 29 10:34:45 pluto[9145]: | shared: 54 be 80 5b 46 2b 16 07 27 db ee ae 7a 11 b0 82 Aug 29 10:34:45 pluto[9145]: | shared: 42 a7 61 88 43 23 ba 67 de f2 bf 27 91 c3 4b 13 Aug 29 10:34:45 pluto[9145]: | shared: 59 b7 f3 02 75 56 b4 6a b5 e3 d6 fd ad cb 57 42 Aug 29 10:34:45 pluto[9145]: | shared: cb 44 4c 0d aa 84 9e c0 13 e0 bc f1 83 54 53 28 Aug 29 10:34:45 pluto[9145]: | skeyseed: 28 e6 04 76 da c0 87 c6 52 3b 10 11 4a 07 c9 b5 Aug 29 10:34:45 pluto[9145]: | skeyseed: 4c f4 31 3c Aug 29 10:34:45 pluto[9145]: | SK_d: 6e 69 13 ab 9e bd fe 68 96 e1 ca a2 f5 5e 9c 2e Aug 29 10:34:45 pluto[9145]: | SK_d: 2f 30 7e 61 Aug 29 10:34:45 pluto[9145]: | SK_ai: 93 31 fb f8 f0 b4 b8 f3 d9 0f 83 4f 8a 67 bc ce Aug 29 10:34:45 pluto[9145]: | SK_ai: 33 95 2f e9 Aug 29 10:34:45 pluto[9145]: | SK_ar: 73 69 ab 7a a2 df b0 17 30 2f a2 28 68 1c c4 0e Aug 29 10:34:45 pluto[9145]: | SK_ar: 0b 9f e8 5c Aug 29 10:34:45 pluto[9145]: | SK_ei: a3 df c9 f4 a7 a3 1c a0 59 4c a8 dc 06 6b 18 0d Aug 29 10:34:45 pluto[9145]: | SK_ei: cb 57 37 ec ef 6f fe d7 9d 25 ac 18 5c 8a fa a2 Aug 29 10:34:45 pluto[9145]: | SK_er: 4f 39 19 0e 0d a2 ce 72 5a 45 fd f2 98 ba 81 55 Aug 29 10:34:45 pluto[9145]: | SK_er: 21 89 98 75 8d 16 f5 7e 9f d4 3d 99 b5 6c fa e8 Aug 29 10:34:45 pluto[9145]: | SK_pi: 75 18 49 9a 29 82 27 29 13 42 8c 02 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | SK_pi: a4 f5 f0 45 Aug 29 10:34:45 pluto[9145]: | SK_pr: 2f 05 8a 4b ca 1c 82 5c 07 d7 35 c5 ee 13 84 70 Aug 29 10:34:45 pluto[9145]: | SK_pr: 97 30 68 22 Aug 29 10:34:45 pluto[9145]: | ikev2 parent inR1outI2: calculating g^{xy}, sending I2 Aug 29 10:34:45 pluto[9145]: | processing connection tunnel1 Aug 29 10:34:45 pluto[9145]: | duplicating state object #1 Aug 29 10:34:45 pluto[9145]: | creating state object #2 at 0x40951680 Aug 29 10:34:45 pluto[9145]: | ICOOKIE: 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | RCOOKIE: 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | state hash entry 1 Aug 29 10:34:45 pluto[9145]: | inserting state object #2 bucket: 1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 (head of queue) Aug 29 10:34:45 pluto[9145]: | deleting event for #1 Aug 29 10:34:45 pluto[9145]: | inserting event EVENT_SA_REPLACE, timeout in 28800 seconds for #1 Aug 29 10:34:45 pluto[9145]: | event added after event EVENT_REINIT_SECRET Aug 29 10:34:45 pluto[9145]: | **emit ISAKMP Message: Aug 29 10:34:45 pluto[9145]: | initiator cookie: Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b Aug 29 10:34:45 pluto[9145]: | responder cookie: Aug 29 10:34:45 pluto[9145]: | 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2E Aug 29 10:34:45 pluto[9145]: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) Aug 29 10:34:45 pluto[9145]: | exchange type: ISAKMP_v2_AUTH Aug 29 10:34:45 pluto[9145]: | flags: ISAKMP_FLAG_INIT Aug 29 10:34:45 pluto[9145]: | message ID: 00 00 00 01 Aug 29 10:34:45 pluto[9145]: | ***emit IKEv2 Encryption Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2IDi Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | emitting 16 zero bytes of iv into IKEv2 Encryption Payload Aug 29 10:34:45 pluto[9145]: | IKEv2 thinking whether to send my certificate: Aug 29 10:34:45 pluto[9145]: | my policy has no RSASIG, the policy is : PSK+ENCRYPT+TUNNEL+PFS+UP+!IKEv1+IKEv2ALLOW+IKEv2Init+SAREFTRACK Aug 29 10:34:45 pluto[9145]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Aug 29 10:34:45 pluto[9145]: | so do not send cert. Aug 29 10:34:45 pluto[9145]: | I did not send a certificate because digital signatures are not being used. (PSK) Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Identification Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2AUTH Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | id_type: ID_IPV4_ADDR Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of my identity into IKEv2 Identification Payload Aug 29 10:34:45 pluto[9145]: | my identity c0 a8 00 01 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Identification Payload: 12 Aug 29 10:34:45 pluto[9145]: | idhash calc pi 75 18 49 9a 29 82 27 29 13 42 8c 02 82 74 3b 49 Aug 29 10:34:45 pluto[9145]: | idhash calc pi a4 f5 f0 45 Aug 29 10:34:45 pluto[9145]: | idhash calc I2 01 00 00 00 c0 a8 00 01 Aug 29 10:34:45 pluto[9145]: | getting first pending from state #1 Aug 29 10:34:45 pluto[9145]: | payload after AUTH will be ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Authentication Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2SA Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | auth method: v2_AUTH_SHARED Aug 29 10:34:45 pluto[9145]: | started looking for secret for 192.168.0.1->192.168.0.2 of kind PPK_PSK Aug 29 10:34:45 pluto[9145]: | actually looking for secret for 192.168.0.1->192.168.0.2 of kind PPK_PSK Aug 29 10:34:45 pluto[9145]: | line 6: key type PPK_PSK(192.168.0.1) to type PPK_PSK Aug 29 10:34:45 pluto[9145]: | 1: compared key 192.168.0.2 to 192.168.0.1 / 192.168.0.2 -> 4 Aug 29 10:34:45 pluto[9145]: | 2: compared key 192.168.0.1 to 192.168.0.1 / 192.168.0.2 -> 12 Aug 29 10:34:45 pluto[9145]: | line 6: match=12 Aug 29 10:34:45 pluto[9145]: | best_match 0>12 best=0x4094f9e8 (line=6) Aug 29 10:34:45 pluto[9145]: | concluding with best_match=12 best=0x4094f9e8 (lineno=6) Aug 29 10:34:45 pluto[9145]: | negotiated prf: oakley_sha hash length: 20 Aug 29 10:34:45 pluto[9145]: | inner prf output 48 04 da e1 7c 85 b0 3b 5b 47 85 0d 96 a7 90 ed Aug 29 10:34:45 pluto[9145]: | inner prf output 45 7e c2 1c Aug 29 10:34:45 pluto[9145]: | inputs to hash1 (first packet) Aug 29 10:34:45 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 00 00 00 00 00 00 00 00 Aug 29 10:34:45 pluto[9145]: | 21 20 22 08 00 00 00 00 00 00 01 78 22 00 00 30 Aug 29 10:34:45 pluto[9145]: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 29 10:34:45 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 03 00 00 08 Aug 29 10:34:45 pluto[9145]: | 02 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 29 10:34:45 pluto[9145]: | 00 0e 00 00 b0 08 2b e0 b0 95 e7 fa 43 3c b7 ff Aug 29 10:34:45 pluto[9145]: | d6 02 73 ae 11 b5 c8 6e 3c 42 5d 87 a4 e7 fc 41 Aug 29 10:34:45 pluto[9145]: | e5 34 66 d4 41 c9 a3 1d 8f c8 46 8f 14 bf c0 3a Aug 29 10:34:45 pluto[9145]: | 14 c9 b1 30 cc 3c 0e 05 29 9b 66 a7 e9 9c 3e 76 Aug 29 10:34:45 pluto[9145]: | 7a 8e 28 fc 97 52 7c 15 0a 75 f4 6d af 7a e8 c2 Aug 29 10:34:45 pluto[9145]: | dc 70 8b 02 1b 64 57 4a fd 33 90 2f 8f f9 c0 39 Aug 29 10:34:45 pluto[9145]: | 6e b0 58 bb 59 09 47 0c 19 88 b7 47 57 ee 6a 99 Aug 29 10:34:45 pluto[9145]: | 6a dc be d4 dd a4 73 7f 83 2c 68 c9 cf c3 f0 56 Aug 29 10:34:45 pluto[9145]: | 52 86 88 8b fb 88 e1 ac 84 b6 56 71 e1 f4 56 3c Aug 29 10:34:45 pluto[9145]: | f6 ee 42 73 97 93 1a 97 36 6e 07 d9 a7 9f 85 9e Aug 29 10:34:45 pluto[9145]: | 41 b9 c5 dd 88 52 c4 ed c7 b7 12 ed bc 7f ba 47 Aug 29 10:34:45 pluto[9145]: | fd 01 e9 fe 4a 4f 0d f1 ee db 1c 85 8d b5 f1 57 Aug 29 10:34:45 pluto[9145]: | 7e 7a e6 99 c0 33 9b 06 d1 c2 45 89 b0 7b 6b 0f Aug 29 10:34:45 pluto[9145]: | 94 96 fa 3b 11 c8 35 92 ea f5 9b 42 06 88 be 9c Aug 29 10:34:45 pluto[9145]: | 74 4b 2d 79 2f 05 bb 4c 0a cd 8f 18 a0 66 82 07 Aug 29 10:34:45 pluto[9145]: | 81 79 64 fc 7d 12 51 b5 37 ad 3d 42 0a 91 16 b9 Aug 29 10:34:45 pluto[9145]: | af ed 22 68 2b 00 00 14 f0 b7 14 be 06 65 a0 50 Aug 29 10:34:45 pluto[9145]: | c5 ad 55 4c 80 09 14 34 00 00 00 10 4f 53 57 7c Aug 29 10:34:45 pluto[9145]: | 45 6a 6c 53 70 54 66 63 Aug 29 10:34:45 pluto[9145]: | inputs to hash2 (responder nonce) Aug 29 10:34:45 pluto[9145]: | 68 ff d3 2a 70 f2 e8 87 83 ad 6f 36 12 d4 cf f3 Aug 29 10:34:45 pluto[9145]: | idhash 7f 3c 48 dc 19 d4 73 01 bf 9b d8 1f 7f 0e 7d 4e Aug 29 10:34:45 pluto[9145]: | idhash 5b ff 17 31 Aug 29 10:34:45 pluto[9145]: | PSK auth octets 3d 5e 2a c2 26 21 44 ff da 3e 97 60 20 87 1f 11 Aug 29 10:34:45 pluto[9145]: | PSK auth octets 06 5c 05 b9 Aug 29 10:34:45 pluto[9145]: | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 29 10:34:45 pluto[9145]: | PSK auth 3d 5e 2a c2 26 21 44 ff da 3e 97 60 20 87 1f 11 Aug 29 10:34:45 pluto[9145]: | PSK auth 06 5c 05 b9 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Authentication Payload: 28 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() initial trans_cnt=15 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Aug 29 10:34:45 pluto[9145]: | kernel_alg_db_new() trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2 Aug 29 10:34:45 pluto[9145]: | returning new proposal from esp_info Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Security Association Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2TSi Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | generate SPI: 8f 9f dc 27 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Proposal Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | prop #: 1 Aug 29 10:34:45 pluto[9145]: | proto ID: 3 Aug 29 10:34:45 pluto[9145]: | spi size: 4 Aug 29 10:34:45 pluto[9145]: | # transforms: 3 Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 29 10:34:45 pluto[9145]: | our spi 8f 9f dc 27 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 1 Aug 29 10:34:45 pluto[9145]: | transform ID: 12 Aug 29 10:34:45 pluto[9145]: | ********emit IKEv2 Attribute Substructure Payload: Aug 29 10:34:45 pluto[9145]: | af+type: KEY_LENGTH Aug 29 10:34:45 pluto[9145]: | length/value: 256 Aug 29 10:34:45 pluto[9145]: | [256 is 256??] Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_T Aug 29 10:34:45 pluto[9145]: | transform type: 3 Aug 29 10:34:45 pluto[9145]: | transform ID: 2 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | *******emit IKEv2 Transform Substructure Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:45 pluto[9145]: | transform type: 5 Aug 29 10:34:45 pluto[9145]: | transform ID: 0 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 29 10:34:45 pluto[9145]: | emitting length of IKEv2 Security Association Payload: 44 Aug 29 10:34:45 pluto[9145]: | *****emit IKEv2 Traffic Selector Payload: Aug 29 10:34:45 pluto[9145]: | next payload type: ISAKMP_NEXT_v2TSr Aug 29 10:34:45 pluto[9145]: | critical bit: none Aug 29 10:34:45 pluto[9145]: | number of TS: 1 Aug 29 10:34:45 pluto[9145]: | ******emit IKEv2 Traffic Selector: Aug 29 10:34:45 pluto[9145]: | TS type: IKEv2_TS_IPV4_ADDR_RANGE Aug 29 10:34:45 pluto[9145]: | IP Protocol ID: 0 Aug 29 10:34:45 pluto[9145]: | start port: 0 Aug 29 10:34:45 pluto[9145]: | end port: 65535 Aug 29 10:34:45 pluto[9145]: | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector Aug 29 10:34:45 pluto[9145]: | ipv4 low 0a 0a 0a 00 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 high 0a 0a 0a 03 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector: 16 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector Payload: 24 Aug 29 10:34:46 pluto[9145]: | *****emit IKEv2 Traffic Selector Payload: Aug 29 10:34:46 pluto[9145]: | next payload type: ISAKMP_NEXT_NONE Aug 29 10:34:46 pluto[9145]: | critical bit: none Aug 29 10:34:46 pluto[9145]: | number of TS: 1 Aug 29 10:34:46 pluto[9145]: | ******emit IKEv2 Traffic Selector: Aug 29 10:34:46 pluto[9145]: | TS type: IKEv2_TS_IPV4_ADDR_RANGE Aug 29 10:34:46 pluto[9145]: | IP Protocol ID: 0 Aug 29 10:34:46 pluto[9145]: | start port: 0 Aug 29 10:34:46 pluto[9145]: | end port: 65535 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 low into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 low 0a 0a 0a 04 Aug 29 10:34:46 pluto[9145]: | emitting 4 raw bytes of ipv4 high into IKEv2 Traffic Selector Aug 29 10:34:46 pluto[9145]: | ipv4 high 0a 0a 0a 07 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector: 16 Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Traffic Selector Payload: 24 Aug 29 10:34:46 pluto[9145]: | emitting 12 raw bytes of padding and length into cleartext Aug 29 10:34:46 pluto[9145]: | padding and length 00 01 02 03 04 05 06 07 08 09 0a 0b Aug 29 10:34:46 pluto[9145]: | emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload Aug 29 10:34:46 pluto[9145]: | emitting length of IKEv2 Encryption Payload: 176 Aug 29 10:34:46 pluto[9145]: | emitting length of ISAKMP Message: 204 Aug 29 10:34:46 pluto[9145]: | data before encryption: Aug 29 10:34:46 pluto[9145]: | 27 00 00 0c 01 00 00 00 c0 a8 00 01 21 00 00 1c Aug 29 10:34:46 pluto[9145]: | 02 00 00 00 3d 5e 2a c2 26 21 44 ff da 3e 97 60 Aug 29 10:34:46 pluto[9145]: | 20 87 1f 11 06 5c 05 b9 2c 00 00 2c 00 00 00 28 Aug 29 10:34:46 pluto[9145]: | 01 03 04 03 8f 9f dc 27 03 00 00 0c 01 00 00 0c Aug 29 10:34:46 pluto[9145]: | 80 0e 01 00 03 00 00 08 03 00 00 02 00 00 00 08 Aug 29 10:34:46 pluto[9145]: | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 Aug 29 10:34:46 pluto[9145]: | 00 00 ff ff 0a 0a 0a 00 0a 0a 0a 03 00 00 00 18 Aug 29 10:34:46 pluto[9145]: | 01 00 00 00 07 00 00 10 00 00 ff ff 0a 0a 0a 04 Aug 29 10:34:46 pluto[9145]: | 0a 0a 0a 07 00 01 02 03 04 05 06 07 08 09 0a 0b Aug 29 10:34:46 pluto[9145]: | data after encryption: Aug 29 10:34:46 pluto[9145]: | d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | data being hmac: 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:46 pluto[9145]: | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 Aug 29 10:34:46 pluto[9145]: | data being hmac: 02 81 1a 35 72 72 38 e1 85 4a 81 92 5f b0 1f 83 Aug 29 10:34:46 pluto[9145]: | data being hmac: d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | data being hmac: c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | data being hmac: 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | data being hmac: 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | data being hmac: 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | data being hmac: f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | data being hmac: a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | data being hmac: 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | data being hmac: f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | out calculated auth: Aug 29 10:34:46 pluto[9145]: | cc 6b 02 7f 7f 0d eb a5 b7 7e 5b f3 Aug 29 10:34:46 pluto[9145]: | deleting event for #2 Aug 29 10:34:46 pluto[9145]: | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 (head of queue) Aug 29 10:34:46 pluto[9145]: | complete v2 state transition with STF_OK Aug 29 10:34:46 pluto[9145]: "tunnel1" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 29 10:34:46 pluto[9145]: "tunnel1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=aes_256 integ=sha1_96 prf=oakley_sha group=modp2048} (msgid: 00000001) Aug 29 10:34:46 pluto[9145]: | sending reply packet to 192.168.0.2:500 (from port 500) Aug 29 10:34:46 pluto[9145]: | sending 204 bytes for STATE_PARENT_I1 through eth0:500 to 192.168.0.2:500 (using #2) Aug 29 10:34:46 pluto[9145]: | 69 ed 6a 87 9f ea ee 0b 30 04 72 60 b0 6d 15 a6 Aug 29 10:34:46 pluto[9145]: | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 Aug 29 10:34:46 pluto[9145]: | 02 81 1a 35 72 72 38 e1 85 4a 81 92 5f b0 1f 83 Aug 29 10:34:46 pluto[9145]: | d6 5f ec 67 e7 66 cd ec 83 b3 d2 e9 de 42 10 00 Aug 29 10:34:46 pluto[9145]: | c7 43 a9 1f 1a 17 3a e0 14 bd 23 cf e5 47 2e 9e Aug 29 10:34:46 pluto[9145]: | 1d c9 42 5e 87 b3 f8 c1 43 4d 72 92 da b7 1a ad Aug 29 10:34:46 pluto[9145]: | 29 0e ef 71 4b f3 bc 12 e2 83 95 31 22 6e 1b f7 Aug 29 10:34:46 pluto[9145]: | 2f 09 84 62 9c 11 90 6d 71 82 59 45 d6 c0 4d 16 Aug 29 10:34:46 pluto[9145]: | f3 ee f4 91 85 0d 06 21 97 d8 48 5c 1b ed 45 60 Aug 29 10:34:46 pluto[9145]: | a4 00 7a 66 aa fa 53 20 d6 1c b9 f9 58 2e ff 46 Aug 29 10:34:46 pluto[9145]: | 63 ce 2c ed aa 30 32 01 13 68 3d 2d af 86 c8 f1 Aug 29 10:34:46 pluto[9145]: | f4 57 e1 7b 58 4b 89 45 aa ff a7 34 b2 d7 62 16 Aug 29 10:34:46 pluto[9145]: | cc 6b 02 7f 7f 0d eb a5 b7 7e 5b f3 Aug 29 10:34:46 pluto[9145]: | complete v2 state transition with STF_INLINE Aug 29 10:34:47 ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line 258: 9145 Segmentation fault (core dumped) /usr/local/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --debug-all --debug-raw --debug-crypt --debug-parsing --debug-emitting --debug-control --debug-lifecycle --debug-klips --debug-dns --debug-oppo --debug-oppoinfo --debug-controlmore --debug-x509 --debug-dpd --debug-pfkey --debug-natt --debug-nattraversal --use-auto --uniqueids --nhelpers 0 --secctx_attr_value 32001 Aug 29 10:34:47 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11) Aug 29 10:34:47 ipsec__plutorun: restarting IPsec after pause... Aug 29 10:34:59 ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid: Aug 29 10:35:17 syslog_watcher[9430]: Match entries for 'pluto.*K_SADB_X_ADDFLOW' was 6, running action 'service ipsec restart' + _________________________ date + date Mon Aug 29 10:35:27 CDT 2016