[Openswan Users] ask for help for ipsec setup problem
袁建鹏
yuanjianpeng at tp-link.com.cn
Mon Feb 20 06:56:37 EST 2017
Dear all,
I want to setup a l2tp/IPsec VPN server on my router, and dial up on my windows 10 PC.
the WAN interface is eth0, ip is 192.168.137.1
my pc connect to WAN directly, pc's ip is 192.168.137.110
I have migrated openswan/gmp/xl2tpd/pppd to my router after solved thousands of problem.
now l2tp can dial ok without IPSec,
when I enable IPSec PSK on windows VPN interface and try dial, that fails. here is my config.
/etc/ipsec.secrets
192.168.137.1 %any : PSK "123456"
/etc/ipsec.conf
config setup
plutodebug="all"
plutoopts="--perpeerlog"
dumpdir=/var/run/pluto
nat_traversal=yes
oe=off
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
protostack=netkey
plutostderrlog=/dev/console
conn vpn
auto=add
authby=secret
pfs=no
type=transport
left=192.168.137.1
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rekey=no
keyingtries=5
here is the log:
ipsec_setup: Stopping Openswan IPsec...
|
| *received whack message
shutting down
forgetting secrets
| processing connection vpn
"vpn": deleting connection
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
shutting down interface lo/lo ::1:500
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface eth0/eth0 192.168.137.1:4500
shutting down interface eth0/eth0 192.168.137.1:500
shutting down interface br-lan/br-lan 192.168.0.1:4500
shutting down interface br-lan/br-lan 192.168.0.1:500
pluto_crypto_helper: helper [nonnss] (2) is exiting normally
pluto_crypto_helper: helper [nonnss] (1) is exiting normally
pluto_crypto_helper: helper [nonnss] (0) is exiting normally
xl2tpd[2816]: death_handler: Fatal signal 15 received
ipsec_setup: Starting Openswan IPsec U2.6.49/K4.1.27...
Plutorun started on Tue Feb 21 00:20:27 GMT+8 2017
root at Archer_C5400s:/data/l2tp-ipsec# xl2tpd[4026]: setsockopt recvref[30]: Protocol not available
xl2tpd[4026]: Using l2tp kernel support.
xl2tpd[4026]: xl2tpd version xl2tpd-1.3.9 started on Archer_C5400s PID:4026
xl2tpd[4026]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[4026]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[4026]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[4026]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[4026]: Listening on IP address 0.0.0.0, port 1701
pluto started 2
adjusting ipsec.d to /etc/ipsec.d
Labelled IPsec not enabled; value 32001 ignored.
Starting Pluto (Openswan Version 2.6.49; Vendor ID OSWy_DrezeGS) pid:4024
LEAK_DETECTIVE support [disabled]
OCF support for IKE [disabled]
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS support [disabled]
HAVE_STATSD notification support not compiled in
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_float=1
NAT-Traversal support [enabled]
| opening /dev/urandom
using /dev/urandom as source of random entropy
| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds (head of queue)
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
starting up 3 cryptographic helpers
started helper pid=4028 (fd:7)
started helper pid=4029 (fd:8)
started helper pid=4031 (fd:9)
Using Linux XFRM/NETKEY IPsec interface code on 4.1.27
| process 4024 listening for PF_KEY_V2 on file descriptor 12
| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
| 02 07 00 02 02 00 00 00 01 00 00 00 b8 0f 00 00
| opening /dev/urandom
using /dev/urandom as source of random entropy
| opening /dev/urandom
! helper 0 waiting on fd: 8
using /dev/urandom as source of random entropy
! helper 1 waiting on fd: 9
| opening /dev/urandom
using /dev/urandom as source of random entropy
! helper 2 waiting on fd: 10
| pfkey_get: K_SADB_REGISTER message 1
| AH registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
| 02 07 00 03 02 00 00 00 02 00 00 00 b8 0f 00 00
| pfkey_get: K_SADB_REGISTER message 2
| alg_init():memset(0xaac51294, 0, 2048) memset(0xaac51a94, 0, 2048)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=14 sadb_supported_len=56
| kernel_alg_add():satype=3, exttype=14, alg_id=251
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=2
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=3
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=5
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=6
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=7
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=14 sadb_supported_len=40
| kernel_alg_add():satype=3, exttype=15, alg_id=11
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=2
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=3
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=12
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=18
| kernel_alg_add():satype=3, exttype=15, alg_id=19
| kernel_alg_add():satype=3, exttype=15, alg_id=20
| kernel_alg_add():satype=3, exttype=15, alg_id=14
| kernel_alg_add():satype=3, exttype=15, alg_id=15
| kernel_alg_add():satype=3, exttype=15, alg_id=16
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
| ESP registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
| 02 07 00 09 02 00 00 00 03 00 00 00 b8 0f 00 00
| pfkey_get: K_SADB_REGISTER message 3
| IPCOMP registered with kernel.
| Changed path to directory '/etc/ipsec.d/cacerts'
| Changed path to directory '/etc/ipsec.d/aacerts'
| Changed path to directory '/etc/ipsec.d/ocspcerts'
| Found 0 items in directory '/etc/ipsec.d/crls'
| inserting event EVENT_LOG_DAILY, timeout in 85173 seconds
| event added after event EVENT_REINIT_SECRET
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
| find_host_pair: looking for me=<none>:500 %any him=<none>:500 any-match
| find_host_pair: concluded with <none>
| found_host_pair_conn (check_connection_end): %any:500 %any/%any:500 -> hp:none
| Added new connection vpn with policy PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK
| counting wild cards for 192.168.137.1 is 0
| counting wild cards for (none) is 15
| based upon port_wildcard policy, the connection is a template.
| orient vpn matching on public/private keys: this=no[%address] that=no[%any]
| orient vpn finished with: 0 [none]
| find_ID_host_pair: looking for me=192.168.137.1 him=<any> (exact)
| concluded with <none>
adding connection: "vpn"
| 192.168.137.1:17/1701...%any:17/%any
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 5; policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 60 seconds
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
listening for IKE messages
| found lo with address 127.0.0.1
| found eth0 with address 192.168.137.1
| found br-lan with address 192.168.0.1
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
adding interface br-lan/br-lan 192.168.0.1:500 (AF_INET)
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
adding interface br-lan/br-lan 192.168.0.1:4500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
adding interface eth0/eth0 192.168.137.1:500 (AF_INET)
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
adding interface eth0/eth0 192.168.137.1:4500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:500 (AF_INET)
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
adding interface lo/lo ::1:500 (AF_INET6)
| orient vpn checking against if: lo (AF_INET6:::1:500)
| orient vpn checking against if: lo (AF_INET:127.0.0.1:4500)
| orient vpn checking against if: lo (AF_INET:127.0.0.1:500)
| orient vpn checking against if: eth0 (AF_INET:192.168.137.1:4500)
| orient vpn checking against if: eth0 (AF_INET:192.168.137.1:500)
| orient matched on IP
| orient vpn checking against if: br-lan (AF_INET:192.168.0.1:4500)
| orient vpn checking against if: br-lan (AF_INET:192.168.0.1:500)
| orient vpn finished with: 1 [192.168.137.1]
| connection vpn is now oriented
| find_host_pair: looking for me=192.168.137.1:500 %any him=0.0.0.0:500 exact-match
| find_host_pair: concluded with <none>
| connect_to_host_pair: 192.168.137.1:500 %any 0.0.0.0:500 -> hp:none
| find_ID_host_pair: looking for me=192.168.137.1 him=<any> (exact)
| comparing to me=192.168.137.1 him=(none) (vpn)
| concluded with vpn
loading secrets from "/etc/ipsec.secrets"
| id type added to secret(0xaac63fd0) PPK_PSK: 192.168.137.1
| id type added to secret(0xaac63fd0) PPK_PSK: %any
| Processing PSK at line 1: passed
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 59 seconds
| next event EVENT_PENDING_DDNS in 59 seconds
|
| *received 408 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:40
| ff d1 ad 15 e4 c6 d1 d5 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 98 0d 00 00 d4
| 00 00 00 01 00 00 00 01 00 00 00 c8 01 01 00 05
| 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 14 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 28 02 01 00 00
| 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 13
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 24 04 01 00 00
| 80 01 00 05 80 02 00 02 80 04 00 0e 80 03 00 01
| 80 0b 00 01 00 0c 00 04 00 00 70 80 00 00 00 24
| 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 0d 00 00 18 01 52 8b bb c0 06 96 12 18 49 ab 9a
| 1c 5b 2a 51 00 00 00 01 0d 00 00 18 1e 2b 51 69
| 05 99 1c 7d 7c 96 fc bf b5 87 e4 61 00 00 00 09
| 0d 00 00 14 4a 13 1c 81 07 03 58 45 5c 57 28 f2
| 0e 95 45 2f 0d 00 00 14 90 cb 80 91 3e bb 69 6e
| 08 63 81 b5 ec 42 7b 1f 0d 00 00 14 40 48 b7 d5
| 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14
| fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
| 0d 00 00 14 26 24 4d 38 ed db 61 b3 17 2a 36 e3
| d0 cf b8 19 00 00 00 14 e3 a5 96 6a 76 37 9f e7
| 07 22 82 31 e5 ce 86 52
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| length: 408
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 212
| DOI: ISAKMP_DOI_IPSEC
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 20
packet from 192.168.137.110:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
packet from 192.168.137.110:500: received Vendor ID payload [RFC 3947] method set to=115
packet from 192.168.137.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from 192.168.137.110:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
packet from 192.168.137.110:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 192.168.137.110:500: ignoring Vendor ID payload [IKE CGA version 1]
| nat-t detected, sending nat-t VID
| find_host_connection2 called from main_inI1_outR1, me=192.168.137.1:500 him=192.168.137.110:500 policy=/!IKEv1
| find_host_pair: looking for me=192.168.137.1:500 %address him=192.168.137.110:500 any-match
| find_host_pair: comparing to me=192.168.137.1:500 %any him=0.0.0.0:500
| find_host_pair: concluded with vpn
| found_host_pair_conn (find_host_connection2): 192.168.137.1:500 %address/192.168.137.110:500 -> hp:vpn
| searching for connection with policy = /!IKEv1
| found policy = PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK (vpn)
| find_host_connection2 returns vpn (ike=none/none)
| creating state object #1 at 0xaac65310
| processing connection vpn
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| inserting state object #1 bucket: 24
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 (head of queue)
"vpn" #1: responding to Main Mode
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| DOI: ISAKMP_DOI_IPSEC
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 200
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 5
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 1
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 20
"vpn" #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 2
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 128
| ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 19
"vpn" #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 3
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 14
| [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 1
| [1 is OAKLEY_PRESHARED_KEY]
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 28800
| Oakley Transform 3 accepted
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 1
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 3
| transform ID: KEY_IKE
| emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
| attributes 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
| attributes 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| emitting length of ISAKMP Transform Payload (ISAKMP): 40
| emitting length of ISAKMP Proposal Payload: 48
| emitting length of ISAKMP Security Association Payload: 60
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID 4f 53 57 79 5f 44 72 65 7a 65 47 53
| emitting length of ISAKMP Vendor ID Payload: 16
| out_vendorid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| sender checking NAT-T: 1 and 115
| out_vendorid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| emitting length of ISAKMP Message: 144
| complete state transition with STF_OK
"vpn" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
| deleting event for #1
| sending reply packet to 192.168.137.110:500 (from port 500)
| sending 144 bytes for STATE_MAIN_R0 through eth0:500 to 192.168.137.110:500 (using #1)
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 (head of queue)
"vpn" #1: STATE_MAIN_R1: sent MR1, expecting MI2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 10 seconds for #1 (2017-02-21 00:20:41)
| next event EVENT_RETRANSMIT in 10 seconds for #1 (2017-02-21 00:20:41)
|
| *received 408 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:41
| ff d1 ad 15 e4 c6 d1 d5 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 98 0d 00 00 d4
| 00 00 00 01 00 00 00 01 00 00 00 c8 01 01 00 05
| 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 14 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 28 02 01 00 00
| 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 13
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 24 04 01 00 00
| 80 01 00 05 80 02 00 02 80 04 00 0e 80 03 00 01
| 80 0b 00 01 00 0c 00 04 00 00 70 80 00 00 00 24
| 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 0d 00 00 18 01 52 8b bb c0 06 96 12 18 49 ab 9a
| 1c 5b 2a 51 00 00 00 01 0d 00 00 18 1e 2b 51 69
| 05 99 1c 7d 7c 96 fc bf b5 87 e4 61 00 00 00 09
| 0d 00 00 14 4a 13 1c 81 07 03 58 45 5c 57 28 f2
| 0e 95 45 2f 0d 00 00 14 90 cb 80 91 3e bb 69 6e
| 08 63 81 b5 ec 42 7b 1f 0d 00 00 14 40 48 b7 d5
| 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14
| fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
| 0d 00 00 14 26 24 4d 38 ed db 61 b3 17 2a 36 e3
| d0 cf b8 19 00 00 00 14 e3 a5 96 6a 76 37 9f e7
| 07 22 82 31 e5 ce 86 52
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| length: 408
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 212
| DOI: ISAKMP_DOI_IPSEC
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 20
packet from 192.168.137.110:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
packet from 192.168.137.110:500: received Vendor ID payload [RFC 3947] method set to=115
packet from 192.168.137.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from 192.168.137.110:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
packet from 192.168.137.110:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 192.168.137.110:500: ignoring Vendor ID payload [IKE CGA version 1]
| nat-t detected, sending nat-t VID
| find_host_connection2 called from main_inI1_outR1, me=192.168.137.1:500 him=192.168.137.110:500 policy=/!IKEv1
| find_host_pair: looking for me=192.168.137.1:500 %address him=192.168.137.110:500 any-match
| find_host_pair: comparing to me=192.168.137.1:500 %any him=0.0.0.0:500
| find_host_pair: concluded with vpn
| found_host_pair_conn (find_host_connection2): 192.168.137.1:500 %address/192.168.137.110:500 -> hp:vpn
| searching for connection with policy = /!IKEv1
| found policy = PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK (vpn)
| find_host_connection2 returns vpn (ike=none/none)
| creating state object #2 at 0xaac66028
| processing connection vpn
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: ba 22 f4 5d 45 82 5a 91
| state hash entry 5
| inserting state object #2 bucket: 5
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 (head of queue)
"vpn" #2: responding to Main Mode
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| ba 22 f4 5d 45 82 5a 91
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| DOI: ISAKMP_DOI_IPSEC
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 200
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 5
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 1
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 20
"vpn" #2: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 2
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 128
| ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 19
"vpn" #2: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 3
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 14
| [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 1
| [1 is OAKLEY_PRESHARED_KEY]
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 28800
| Oakley Transform 3 accepted
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 1
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 3
| transform ID: KEY_IKE
| emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
| attributes 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
| attributes 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| emitting length of ISAKMP Transform Payload (ISAKMP): 40
| emitting length of ISAKMP Proposal Payload: 48
| emitting length of ISAKMP Security Association Payload: 60
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID 4f 53 57 79 5f 44 72 65 7a 65 47 53
| emitting length of ISAKMP Vendor ID Payload: 16
| out_vendorid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| sender checking NAT-T: 1 and 115
| out_vendorid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| emitting length of ISAKMP Message: 144
| complete state transition with STF_OK
"vpn" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
| deleting event for #2
| sending reply packet to 192.168.137.110:500 (from port 500)
| sending 144 bytes for STATE_MAIN_R0 through eth0:500 to 192.168.137.110:500 (using #2)
| ff d1 ad 15 e4 c6 d1 d5 ba 22 f4 5d 45 82 5a 91
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
| event added after event EVENT_RETRANSMIT for #1
"vpn" #2: STATE_MAIN_R1: sent MR1, expecting MI2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 9 seconds for #1 (2017-02-21 00:20:42)
| next event EVENT_RETRANSMIT in 9 seconds for #1 (2017-02-21 00:20:42)
|
| *received 388 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:42
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 04 10 02 00 00 00 00 00 00 00 01 84 0a 00 01 04
| d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
| f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
| ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
| 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
| 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
| 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
| 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
| 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
| 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
| e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
| 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
| 14 00 00 34 31 99 33 c0 c7 62 5c 09 b9 2a b9 e1
| 27 bb e9 43 83 34 7e 4b f9 3b 11 7c 61 f8 62 d9
| 78 aa 09 ae df 81 ce 56 26 02 5d 6c 6e 73 eb 8b
| 3c 76 f6 2c 14 00 00 18 ee 28 40 1b e7 e3 59 f3
| dc ac 99 27 aa cb 23 72 f6 f5 36 2d 00 00 00 18
| fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| b1 21 74 17
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_KE
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| length: 388
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R1
| processing connection vpn
| got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
| ***parse ISAKMP Key Exchange Payload:
| next payload type: ISAKMP_NEXT_NONCE
| length: 260
| got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
| ***parse ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_NAT-D
| length: 52
| got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NAT-D
| length: 24
| got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 24
| DH public value received:
| d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
| f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
| ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
| 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
| 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
| 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
| 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
| 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
| 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
| e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
| 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
| inI2: checking NAT-T: 1 and 16
| NAT_T_WITH_NATD detected
| _natd_hash: hasher=0xaac38138(20)
| _natd_hash: icookie=
| ff d1 ad 15 e4 c6 d1 d5
| _natd_hash: rcookie=
| de 4c a4 cb 74 31 1a 38
| _natd_hash: ip= c0 a8 89 01
| _natd_hash: port=500
| _natd_hash: hash= ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| _natd_hash: hash= f6 f5 36 2d
| _natd_hash: hasher=0xaac38138(20)
| _natd_hash: icookie=
| ff d1 ad 15 e4 c6 d1 d5
| _natd_hash: rcookie=
| de 4c a4 cb 74 31 1a 38
| _natd_hash: ip= c0 a8 89 6e
| _natd_hash: port=500
| _natd_hash: hash= fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| _natd_hash: hash= b1 21 74 17
| NAT_TRAVERSAL hash=0 (me:0) (him:0)
| expected NAT-D(me): ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| expected NAT-D(me): f6 f5 36 2d
| expected NAT-D(him):
| fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| b1 21 74 17
| received NAT-D: ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| received NAT-D: f6 f5 36 2d
| NAT_TRAVERSAL hash=1 (me:1) (him:0)
| expected NAT-D(me): ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| expected NAT-D(me): f6 f5 36 2d
| expected NAT-D(him):
| fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| b1 21 74 17
| received NAT-D: fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| received NAT-D: b1 21 74 17
| NAT_TRAVERSAL hash=2 (me:1) (him:1)
"vpn" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
| NAT_T_WITH_KA detected
| inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
| event added after event EVENT_RETRANSMIT for #2
| 1: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
| asking helper 1 to do build_kenonce op on seq: 1 (len=2672, pcw_work=1)
| crypto helper write of request: cnt=2672<wlen=2672.
| deleting event for #1
| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
| event added after event EVENT_PENDING_PHASE2
| complete state transition with STF_SUSPEND
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:20:43)
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:20:43)
|
| *received 388 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:43
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 04 10 02 00 00 00 00 00 00 00 01 84 0a 00 01 04
| d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
| f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
| ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
| 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
| 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
| 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
| 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
| 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
| 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
| e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
| 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
| 14 00 00 34 31 99 33 c0 c7 62 5c 09 b9 2a b9 e1
| 27 bb e9 43 83 34 7e 4b f9 3b 11 7c 61 f8 62 d9
| 78 aa 09 ae df 81 ce 56 26 02 5d 6c 6e 73 eb 8b
| 3c 76 f6 2c 14 00 00 18 ee 28 40 1b e7 e3 59 f3
| dc ac 99 27 aa cb 23 72 f6 f5 36 2d 00 00 00 18
| fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| b1 21 74 17
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_KE
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| length: 388
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R1
| processing connection vpn
"vpn" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:20:43)
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:20:43)
! helper 1 read 2668+4/2672 bytesfd: 9
! helper 1 doing build_kenonce op id: 1
! Local DH secret:
! 49 0d f4 ab b6 bd b2 cf 2e 49 8f 43 2b ba 69 76
! 44 e6 8b 69 c2 3a 1d 79 73 33 fb 89 47 55 65 54
! Public DH value sent:
! 3a 78 34 ee f5 70 4a af f1 9f 8f 55 cd 89 3c 4b
! 11 c3 3a 06 8d e4 0d a4 49 41 e0 80 6f ef 99 d3
! c5 84 10 e1 84 8c cc 30 e5 0f c9 34 8d 98 ee 4e
! d0 77 1b d5 57 da 5d d0 30 c2 e5 9f ed e0 e2 d3
! 0f da 2c d0 65 a6 c2 f1 5b f9 84 78 c7 ce 71 24
! 58 b4 db 4a 2d 48 62 05 47 67 2d 57 a8 59 a6 95
! e1 93 48 bf fc 93 bf e4 da f9 2e d8 45 f2 73 a7
! e4 88 cf 20 08 d4 65 f1 a6 30 9f c1 ec da ff 79
! 5c 0f 1b 33 65 b3 6c 3e 0f e2 08 93 48 54 e0 50
! c7 74 49 e3 03 41 a9 da 11 45 ca 3c 48 76 3b b1
! de d3 6c e6 b5 b4 81 e5 8d 0b 0c 4f 8e 7a fa c5
! 00 60 58 6d dc b1 f7 e4 5b 5b 14 12 57 f5 95 fe
! bb 97 40 c9 77 d4 ce b0 24 b2 9b 9a 55 93 40 96
! ea 92 45 00 aa 70 d8 5c 1f c2 6c 3f c0 c9 76 5f
! c7 5a 71 64 f3 e8 c1 58 63 43 dd b6 7a 5d f7 6c
! 8d 17 6d da c3 2e 93 86 f4 c0 05 9f 96 41 18 d4
! Generated nonce:
! 40 1b b4 6a ca 52 eb 3e eb d3 67 da 2f bf 16 8e
|
| helper 1 has finished work (cnt now 1)
| helper 1 replies to id: q#1
| calling callback function 0xaab9b58c
| main inI2_outR2: calculated ke+nonce, sending R2
| processing connection vpn
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_KE
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Key Exchange Payload:
| next payload type: ISAKMP_NEXT_NONCE
| emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
| keyex value 3a 78 34 ee f5 70 4a af f1 9f 8f 55 cd 89 3c 4b
| keyex value 11 c3 3a 06 8d e4 0d a4 49 41 e0 80 6f ef 99 d3
| keyex value c5 84 10 e1 84 8c cc 30 e5 0f c9 34 8d 98 ee 4e
| keyex value d0 77 1b d5 57 da 5d d0 30 c2 e5 9f ed e0 e2 d3
| keyex value 0f da 2c d0 65 a6 c2 f1 5b f9 84 78 c7 ce 71 24
| keyex value 58 b4 db 4a 2d 48 62 05 47 67 2d 57 a8 59 a6 95
| keyex value e1 93 48 bf fc 93 bf e4 da f9 2e d8 45 f2 73 a7
| keyex value e4 88 cf 20 08 d4 65 f1 a6 30 9f c1 ec da ff 79
| keyex value 5c 0f 1b 33 65 b3 6c 3e 0f e2 08 93 48 54 e0 50
| keyex value c7 74 49 e3 03 41 a9 da 11 45 ca 3c 48 76 3b b1
| keyex value de d3 6c e6 b5 b4 81 e5 8d 0b 0c 4f 8e 7a fa c5
| keyex value 00 60 58 6d dc b1 f7 e4 5b 5b 14 12 57 f5 95 fe
| keyex value bb 97 40 c9 77 d4 ce b0 24 b2 9b 9a 55 93 40 96
| keyex value ea 92 45 00 aa 70 d8 5c 1f c2 6c 3f c0 c9 76 5f
| keyex value c7 5a 71 64 f3 e8 c1 58 63 43 dd b6 7a 5d f7 6c
| keyex value 8d 17 6d da c3 2e 93 86 f4 c0 05 9f 96 41 18 d4
| emitting length of ISAKMP Key Exchange Payload: 260
| ***emit ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
| Nr 40 1b b4 6a ca 52 eb 3e eb d3 67 da 2f bf 16 8e
| emitting length of ISAKMP Nonce Payload: 20
| sending NAT-D payloads
| _natd_hash: hasher=0xaac38138(20)
| _natd_hash: icookie=
| ff d1 ad 15 e4 c6 d1 d5
| _natd_hash: rcookie=
| de 4c a4 cb 74 31 1a 38
| _natd_hash: ip= c0 a8 89 6e
| _natd_hash: port=500
| _natd_hash: hash= fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| _natd_hash: hash= b1 21 74 17
| ***emit ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NAT-D
| emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
| NAT-D b1 21 74 17
| emitting length of ISAKMP NAT-D Payload: 24
| _natd_hash: hasher=0xaac38138(20)
| _natd_hash: icookie=
| ff d1 ad 15 e4 c6 d1 d5
| _natd_hash: rcookie=
| de 4c a4 cb 74 31 1a 38
| _natd_hash: ip= c0 a8 89 01
| _natd_hash: port=500
| _natd_hash: hash= ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| _natd_hash: hash= f6 f5 36 2d
| ***emit ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| NAT-D f6 f5 36 2d
| emitting length of ISAKMP NAT-D Payload: 24
| emitting length of ISAKMP Message: 356
| main inI2_outR2: starting async DH calculation (group=14)
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| parent1 type: 7 group: 14 len: 2672
| 2: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
| asking helper 2 to do compute dh+iv op on seq: 2 (len=2672, pcw_work=1)
| crypto helper write of request: cnt=2672<wlen=2672.
| deleting event for #1
| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
| event added after event EVENT_PENDING_PHASE2
| started dh_secretiv, returned: stf=STF_SUSPEND
! helper 2 read 2668+4/2672 bytesfd: 10
| complete state transition with STF_OK
! helper 2 doing compute dh+iv op id: 2
"vpn" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
| deleting event for #1
| sending reply packet to 192.168.137.110:500 (from port 500)
| sending 356 bytes for STATE_MAIN_R1 through eth0:500 to 192.168.137.110:500 (using #1)
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
! peer's g: d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
| 04 10 02 00 00 00 00 00 00 00 01 64 0a 00 01 04
! peer's g: f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| 3a 78 34 ee f5 70 4a af f1 9f 8f 55 cd 89 3c 4b
! peer's g: ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
| 11 c3 3a 06 8d e4 0d a4 49 41 e0 80 6f ef 99 d3
! peer's g: ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| c5 84 10 e1 84 8c cc 30 e5 0f c9 34 8d 98 ee 4e
! peer's g: f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
| d0 77 1b d5 57 da 5d d0 30 c2 e5 9f ed e0 e2 d3
! peer's g: 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
| 0f da 2c d0 65 a6 c2 f1 5b f9 84 78 c7 ce 71 24
! peer's g: 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
| 58 b4 db 4a 2d 48 62 05 47 67 2d 57 a8 59 a6 95
! peer's g: 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
| e1 93 48 bf fc 93 bf e4 da f9 2e d8 45 f2 73 a7
! peer's g: 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
| e4 88 cf 20 08 d4 65 f1 a6 30 9f c1 ec da ff 79
! peer's g: 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
| 5c 0f 1b 33 65 b3 6c 3e 0f e2 08 93 48 54 e0 50
! peer's g: 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| c7 74 49 e3 03 41 a9 da 11 45 ca 3c 48 76 3b b1
! peer's g: b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| de d3 6c e6 b5 b4 81 e5 8d 0b 0c 4f 8e 7a fa c5
! peer's g: 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| 00 60 58 6d dc b1 f7 e4 5b 5b 14 12 57 f5 95 fe
! peer's g: b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
| bb 97 40 c9 77 d4 ce b0 24 b2 9b 9a 55 93 40 96
! peer's g: e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
| ea 92 45 00 aa 70 d8 5c 1f c2 6c 3f c0 c9 76 5f
! peer's g: 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
| c7 5a 71 64 f3 e8 c1 58 63 43 dd b6 7a 5d f7 6c
! long term secret: 49 0d f4 ab b6 bd b2 cf 2e 49 8f 43 2b ba 69 76
| 8d 17 6d da c3 2e 93 86 f4 c0 05 9f 96 41 18 d4
! long term secret: 44 e6 8b 69 c2 3a 1d 79 73 33 fb 89 47 55 65 54
| 14 00 00 14 40 1b b4 6a ca 52 eb 3e eb d3 67 da
| 2f bf 16 8e 14 00 00 18 fc 81 68 d5 d9 d2 3e 49
| 59 0f 00 04 f2 10 c6 86 b1 21 74 17 00 00 00 18
| ee 28 40 1b e7 e3 59 f3 dc ac 99 27 aa cb 23 72
| f6 f5 36 2d
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| event added after event EVENT_RETRANSMIT for #2
"vpn" #1: STATE_MAIN_R2: sent MR2, expecting MI3
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 1 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
|
| *received 388 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:44
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 04 10 02 00 00 00 00 00 00 00 01 84 0a 00 01 04
| d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
| f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
| ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
| 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
| 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
| 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
| 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
| 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
| 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
! calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP2048): 7120 usec
| e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
! DH shared-secret:
| 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
! be 8c 0f 30 72 24 47 13 39 5e ef d0 8a 46 69 20
| 14 00 00 34 31 99 33 c0 c7 62 5c 09 b9 2a b9 e1
! f7 63 e6 ec 29 5e 30 0b ad 91 dc f4 fa db 23 df
| 27 bb e9 43 83 34 7e 4b f9 3b 11 7c 61 f8 62 d9
! cc 9f 2b d2 3a 5b 88 e7 a0 65 5d 97 9c 5a 94 64
| 78 aa 09 ae df 81 ce 56 26 02 5d 6c 6e 73 eb 8b
! b2 7a b9 fa 71 4e d1 ac 3c b1 2d eb fa d5 c4 98
| 3c 76 f6 2c 14 00 00 18 ee 28 40 1b e7 e3 59 f3
! 6a 92 f2 3b db 7d 91 08 98 8c 82 82 40 f5 20 e0
| dc ac 99 27 aa cb 23 72 f6 f5 36 2d 00 00 00 18
! e6 78 14 7d 07 ee 55 5a fd 73 e2 a4 d0 68 60 b0
| fc 81 68 d5 d9 d2 3e 49 59 0f 00 04 f2 10 c6 86
! 04 5d f5 cd 4a da be 2b b8 fa fb f0 cd bf 16 8b
| b1 21 74 17
! 3f 9a 4d 2e 51 22 94 d8 a6 e9 a9 fc d0 be 6b 45
! 3f 02 4e 4c 33 2c ab d7 57 a2 e4 1c 03 48 a4 99
| **parse ISAKMP Message:
! 41 1c 89 bd 28 31 ae c5 ef bd c9 a1 d3 79 13 b0
| initiator cookie:
! a9 39 68 ee 49 55 a6 aa c6 a9 83 ea 06 1e cc df
| ff d1 ad 15 e4 c6 d1 d5
! 83 6c bc 0a a4 c6 45 b4 6c a7 3d 98 b5 5e 19 ca
| responder cookie:
! 94 76 bd 60 71 a6 4b 4e d4 fe 1c 41 25 a8 a0 b6
| de 4c a4 cb 74 31 1a 38
! 60 94 35 65 96 70 00 34 77 fd f4 55 de c9 03 e0
| next payload type: ISAKMP_NEXT_KE
! a7 6e 80 d5 5f a9 dc 8f a9 e7 11 0a f2 14 ab f1
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
! 56 4c de 63 dd 8c 12 11 69 51 65 aa 5d e2 5e ae
| exchange type: ISAKMP_XCHG_IDPROT
! Skey inputs (PSK+NI+NR)
| flags: none
! ni: 31 99 33 c0 c7 62 5c 09 b9 2a b9 e1 27 bb e9 43
| message ID: 00 00 00 00
! ni: 83 34 7e 4b f9 3b 11 7c 61 f8 62 d9 78 aa 09 ae
| length: 388
! ni: df 81 ce 56 26 02 5d 6c 6e 73 eb 8b 3c 76 f6 2c
! nr: 40 1b b4 6a ca 52 eb 3e eb d3 67 da 2f bf 16 8e
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
! keyid: 1e 05 4d 11 a3 b3 c4 f3 63 65 eb 1e 90 52 a9 17
| state hash entry 24
! keyid: 18 91 2b d6
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R2
| processing connection vpn
"vpn" #1: discarding duplicate packet; already STATE_MAIN_R2
! NSS: end of key computation
| * processed 0 messages from cryptographic helpers
! DH_i: d1 3b 57 94 30 76 11 91 d9 1b ab f8 d2 f8 9c 2b
! DH_i: f0 e3 d3 fb cd 5d 87 1a b5 d2 0a b6 50 b4 a5 85
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
! DH_i: ac 06 d4 46 79 29 1f 37 58 d2 fa d2 be f7 3b 7e
! DH_i: ae 91 59 21 91 bd 9e f3 9b b5 46 80 d3 1d 9e 7f
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
! DH_i: f9 6f e5 cc 56 89 d6 38 bb c3 c3 cb 60 dd a7 a6
! DH_i: 99 5c c3 b9 50 f7 68 f0 a6 b0 6b 57 35 45 16 bf
! DH_i: 20 ec 9f 98 b7 9f 8d 18 68 dd 0c 35 29 43 ad fa
|
! DH_i: 9e d3 e3 ff a6 e4 d7 57 1b 38 77 34 9f 35 f9 94
! DH_i: 0a fd d4 c5 4e ab d7 bd bf 12 b0 d7 e1 3d 6a b7
! DH_i: 91 b9 3c 92 86 f6 6b f8 92 bd 88 f4 fb a0 53 e5
! DH_i: 81 23 6d d9 de d3 b2 0a bb 71 7f 20 da 98 93 0f
| *received 76 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:44
! DH_i: b9 fb 52 e7 65 e8 50 38 d6 e2 6f e7 52 78 74 45
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
! DH_i: 4b 44 5e 02 b0 44 40 8f a6 a2 61 94 8b 59 97 05
| 05 10 02 01 00 00 00 00 00 00 00 4c 09 ad 67 02
! DH_i: b5 dd 21 1c 83 29 a3 1e f9 3e 85 0c c1 8e 03 1c
! DH_i: e3 c7 37 aa 65 7f 9e 7a fd 0f a0 4a ad 93 20 5f
! DH_i: 0b ba ea e1 6b ad b5 70 29 f2 29 87 bc 18 35 67
! DH_r: 3a 78 34 ee f5 70 4a af f1 9f 8f 55 cd 89 3c 4b
! DH_r: 11 c3 3a 06 8d e4 0d a4 49 41 e0 80 6f ef 99 d3
! DH_r: c5 84 10 e1 84 8c cc 30 e5 0f c9 34 8d 98 ee 4e
! DH_r: d0 77 1b d5 57 da 5d d0 30 c2 e5 9f ed e0 e2 d3
! DH_r: 0f da 2c d0 65 a6 c2 f1 5b f9 84 78 c7 ce 71 24
! DH_r: 58 b4 db 4a 2d 48 62 05 47 67 2d 57 a8 59 a6 95
! DH_r: e1 93 48 bf fc 93 bf e4 da f9 2e d8 45 f2 73 a7
! DH_r: e4 88 cf 20 08 d4 65 f1 a6 30 9f c1 ec da ff 79
! DH_r: 5c 0f 1b 33 65 b3 6c 3e 0f e2 08 93 48 54 e0 50
! DH_r: c7 74 49 e3 03 41 a9 da 11 45 ca 3c 48 76 3b b1
! DH_r: de d3 6c e6 b5 b4 81 e5 8d 0b 0c 4f 8e 7a fa c5
! DH_r: 00 60 58 6d dc b1 f7 e4 5b 5b 14 12 57 f5 95 fe
! DH_r: bb 97 40 c9 77 d4 ce b0 24 b2 9b 9a 55 93 40 96
! DH_r: ea 92 45 00 aa 70 d8 5c 1f c2 6c 3f c0 c9 76 5f
! DH_r: c7 5a 71 64 f3 e8 c1 58 63 43 dd b6 7a 5d f7 6c
! DH_r: 8d 17 6d da c3 2e 93 86 f4 c0 05 9f 96 41 18 d4
! end of IV generation
! Skeyid: 1e 05 4d 11 a3 b3 c4 f3 63 65 eb 1e 90 52 a9 17
! Skeyid: 18 91 2b d6
! Skeyid_d: c1 15 c4 fb 9a ae 91 44 bc 65 1b 0d 64 bf b3 ef
! Skeyid_d: 2f 75 aa d7
! Skeyid_a: 86 11 62 6c 6f 3a 00 fd e4 c5 a4 a4 89 fc 0a e1
! Skeyid_a: 2b ce c3 62
! Skeyid_e: ca 83 c2 8b 55 f7 46 cd af 71 dd 44 cd e5 d8 47
! Skeyid_e: b2 a6 22 81
! enc key: ba 6b 35 80 69 1a 14 27 71 60 9a 76 b3 b9 16 dc
! enc key: 1c 38 6d 15 2f 34 84 fe 46 2d e6 40 a1 b1 88 d5
! IV: 0a 18 81 93 d4 0d 9b 48 2c bf 9a b4 90 6b 65 7b
! IV: 73 d3 ca 04
| 41 89 5b 9a 18 ba 65 a9 12 8b 0b 20 0f 00 07 cf
| e0 f3 e0 b9 39 b4 60 b1 03 72 64 d5 e8 e3 e4 1c
| 49 b3 42 16 89 50 80 ab 9b 74 b5 f2
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_ID
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 00
| length: 76
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R2
| processing connection vpn
| received encrypted packet from 192.168.137.110:500 but exponentiation still in progress
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:20:44)
|
| helper 2 has finished work (cnt now 1)
| helper 2 replies to id: q#2
| calling callback function 0xaab9932c
| main inI2_outR2: calculated DH finished
| processing connection vpn
| received encrypted packet from 192.168.137.110:500
| decrypting 48 bytes using algorithm OAKLEY_AES_CBC
| decrypted:
| 08 00 00 0c 01 00 00 00 c0 a8 89 6e 00 00 00 18
| fa f7 62 43 43 15 f8 32 7a 03 7a 91 1b c3 39 c6
| cf 2f 28 7d 00 00 00 00 00 00 00 00 00 00 00 00
| next IV: e8 e3 e4 1c 49 b3 42 16 89 50 80 ab 9b 74 b5 f2
| got payload 0x20(ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
| ***parse ISAKMP Identification Payload:
| next payload type: ISAKMP_NEXT_HASH
| length: 12
| ID type: ID_IPV4_ADDR
| DOI specific A: 0
| DOI specific B: 0
| obj: c0 a8 89 6e
| got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
| ***parse ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 24
| removing 12 bytes of padding
"vpn" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.137.110'
| refine_connection: starting with vpn
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| match_id a=192.168.137.110
| b=(none)
| results matched
| trusted_ca called with a=(empty) b=(empty)
| refine_connection: checking vpn against vpn, best=(none) with match=1(id=1/ca=1/reqca=1)
| refine_connection: checked vpn against vpn, now for see if best
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| refine_connection: picking new best vpn (wild=15, peer_pathlen=0/our=0)
| find_host_pair: looking for me=192.168.137.1:500 %any him=<none>:500 any-match
| find_host_pair: comparing to me=192.168.137.1:500 %any him=0.0.0.0:500
| find_host_pair: concluded with vpn
| found_host_pair_conn (refine_host_connection): 192.168.137.1:500 %any/%any:500 -> hp:vpn
| match_id a=192.168.137.110
| b=(none)
| results matched
| trusted_ca called with a=(empty) b=(empty)
| refine_connection: checking vpn against vpn, best=vpn with match=1(id=1/ca=1/reqca=1)
| refine_connection: checked vpn against vpn, now for see if best
| started looking for secret for 192.168.137.1->(none) of kind PPK_PSK
| replace him to 0.0.0.0
| actually looking for secret for 192.168.137.1->%any of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / %any -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / %any -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| offered CA: '%none'
| match_id a=192.168.137.110
| b=(none)
| results matched
| find_host_pair: looking for me=192.168.137.1:500 %any him=192.168.137.110:500 exact-match
| find_host_pair: comparing to me=192.168.137.1:500 %any him=0.0.0.0:500
| find_host_pair: concluded with vpn
| connect_to_host_pair: 192.168.137.1:500 %any 192.168.137.110:500 -> hp:vpn
| instantiated "vpn" for 192.168.137.110
"vpn" #1: switched from "vpn" to "vpn"
| hashing 208 bytes of SA
| authentication succeeded
| thinking about whether to send my certificate:
| I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
| sendcert: CERT_ALWAYSSEND and I did not get a certificate request
| so do not send cert.
| I did not send a certificate because digital signatures are not being used. (PSK)
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_ID
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 00
| ***emit ISAKMP Identification Payload (IPsec DOI):
| next payload type: ISAKMP_NEXT_HASH
| ID type: ID_IPV4_ADDR
| Protocol ID: 0
| port: 0
| emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
| my identity c0 a8 89 01
| emitting length of ISAKMP Identification Payload (IPsec DOI): 12
| hashing 208 bytes of SA
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload
| HASH_R f8 3f 73 ad ba 56 50 0c bf 9a 6d 09 bb 27 8d 47
| HASH_R 37 11 c7 eb
| emitting length of ISAKMP Hash Payload: 24
| out_vendorid(): sending [CAN-IKEv2]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 5 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 49 4b 45 76 32
| emitting length of ISAKMP Vendor ID Payload: 9
| encrypting:
| 08 00 00 0c 01 00 00 00 c0 a8 89 01 0d 00 00 18
| f8 3f 73 ad ba 56 50 0c bf 9a 6d 09 bb 27 8d 47
| 37 11 c7 eb 00 00 00 09 49 4b 45 76 32
| IV:
| e8 e3 e4 1c 49 b3 42 16 89 50 80 ab 9b 74 b5 f2
| unpadded size is: 45
| emitting 3 zero bytes of encryption padding into ISAKMP Message
| encrypting 48 using OAKLEY_AES_CBC
| next IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| emitting length of ISAKMP Message: 76
| last encrypted block of Phase 1:
| a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| complete state transition with STF_OK
"vpn"[1] 192.168.137.110 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
| deleting event for #1
| sending reply packet to 192.168.137.110:500 (from port 500)
| sending 76 bytes for STATE_MAIN_R2 through eth0:500 to 192.168.137.110:500 (using #1)
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 05 10 02 01 00 00 00 00 00 00 00 4c 35 70 ab 20
| f6 e3 34 f2 31 86 f0 e5 77 33 df 27 42 2b ce 2a
| 7d 81 7e 32 61 a2 40 4b ff c8 8e ab a4 1a 3f 22
| 51 90 00 46 2a 07 4c 4b af e8 ae 60
| inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #1
| event added after event EVENT_REINIT_SECRET
"vpn"[1] 192.168.137.110 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| unpending state #1
| * processed 1 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 7 seconds for #2 (2017-02-21 00:20:45)
| next event EVENT_RETRANSMIT in 7 seconds for #2 (2017-02-21 00:20:45)
|
| *received 76 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:45
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 05 10 02 01 00 00 00 00 00 00 00 4c 09 ad 67 02
| 41 89 5b 9a 18 ba 65 a9 12 8b 0b 20 0f 00 07 cf
| e0 f3 e0 b9 39 b4 60 b1 03 72 64 d5 e8 e3 e4 1c
| 49 b3 42 16 89 50 80 ab 9b 74 b5 f2
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_ID
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 00
| length: 76
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R3
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
| sending 76 bytes for retransmit in response to duplicate through eth0:500 to 192.168.137.110:500 (using #1)
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 05 10 02 01 00 00 00 00 00 00 00 4c 35 70 ab 20
| f6 e3 34 f2 31 86 f0 e5 77 33 df 27 42 2b ce 2a
| 7d 81 7e 32 61 a2 40 4b ff c8 8e ab a4 1a 3f 22
| 51 90 00 46 2a 07 4c 4b af e8 ae 60
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 7 seconds for #2 (2017-02-21 00:20:45)
| next event EVENT_RETRANSMIT in 7 seconds for #2 (2017-02-21 00:20:45)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:45
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000001 vs 00000000
| v1 state object not found
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R3
| processing connection vpn[1] 192.168.137.110
| last Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| current Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| computed Phase 2 IV:
| 7d cb de c2 e9 d1 c7 7c e1 98 da 75 ad eb 48 fa
| 79 0f 1b c7
| received encrypted packet from 192.168.137.110:500
| decrypting 448 bytes using algorithm OAKLEY_AES_CBC
| decrypted:
| 01 00 00 18 cd 0e 72 cc 9e 73 71 6d 8b a3 6c e4
| 5e 1a f6 42 df 78 40 fc 0a 00 01 4c 00 00 00 01
| 00 00 00 01 02 00 00 38 01 03 04 01 34 f7 da 80
| 00 00 00 2c 01 0c 00 00 80 04 00 02 80 06 01 00
| 80 05 00 02 80 01 00 01 00 02 00 04 00 00 0e 10
| 80 01 00 02 00 02 00 04 00 03 d0 90 02 00 00 38
| 02 03 04 01 34 f7 da 80 00 00 00 2c 01 0c 00 00
| 80 04 00 02 80 06 00 80 80 05 00 02 80 01 00 01
| 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
| 00 03 d0 90 02 00 00 34 03 03 04 01 34 f7 da 80
| 00 00 00 28 01 03 00 00 80 04 00 02 80 05 00 02
| 80 01 00 01 00 02 00 04 00 00 0e 10 80 01 00 02
| 00 02 00 04 00 03 d0 90 02 00 00 34 04 03 04 01
| 34 f7 da 80 00 00 00 28 01 02 00 00 80 04 00 02
| 80 05 00 02 80 01 00 01 00 02 00 04 00 00 0e 10
| 80 01 00 02 00 02 00 04 00 03 d0 90 02 00 00 34
| 05 03 04 01 34 f7 da 80 00 00 00 28 01 0b 00 00
| 80 04 00 02 80 05 00 02 80 01 00 01 00 02 00 04
| 00 00 0e 10 80 01 00 02 00 02 00 04 00 03 d0 90
| 00 00 00 34 06 02 04 01 34 f7 da 80 00 00 00 28
| 01 03 00 00 80 04 00 02 80 05 00 02 80 01 00 01
| 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
| 00 03 d0 90 05 00 00 34 cf 28 89 d8 f3 2c 56 8a
| 46 7c 55 e5 d3 f5 ab 04 cc 1b 2c 11 30 aa 0c 51
| 54 c0 7e 5b e4 6d 19 e7 86 09 39 71 b9 1e d7 26
| d9 c1 39 6e 4c 33 21 32 05 00 00 0c 01 11 06 a5
| c0 a8 89 6e 00 00 00 0c 01 11 06 a5 c0 a8 89 01
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| next IV: 99 96 21 c9 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
| ***parse ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_SA
| length: 24
| got payload 0x2(ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
| ***parse ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_NONCE
| length: 332
| DOI: ISAKMP_DOI_IPSEC
| got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
| ***parse ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_ID
| length: 52
| got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
| next payload type: ISAKMP_NEXT_ID
| length: 12
| ID type: ID_IPV4_ADDR
| Protocol ID: 17
| port: 1701
| obj: c0 a8 89 6e
| got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
| next payload type: ISAKMP_NEXT_NONE
| length: 12
| ID type: ID_IPV4_ADDR
| Protocol ID: 17
| port: 1701
| obj: c0 a8 89 01
| removing 16 bytes of padding
| HASH(1) computed:
| cd 0e 72 cc 9e 73 71 6d 8b a3 6c e4 5e 1a f6 42
| df 78 40 fc
| peer client is 192.168.137.110
| peer client protocol/port is 17/1701
| our client is 192.168.137.1
| our client protocol/port is 17/1701
"vpn"[1] 192.168.137.110 #1: the peer proposed: 192.168.137.1/32:17/1701 -> 192.168.137.110/32:17/1701
| find_client_connection starting with vpn
| looking for 192.168.137.1/32:17/1701 -> 192.168.137.110/32:17/1701
| concrete checking against sr#0 192.168.137.1/32 -> 192.168.137.110/32
| match_id a=192.168.137.110
| b=192.168.137.110
| results matched
| trusted_ca called with a=(empty) b=(empty)
| fc_try trying vpn:192.168.137.1/32:17/1701 -> 192.168.137.110/32:17/1701 vs vpn:<type:%address:17/1701 -> %self/3:17/0
| match_id a=192.168.137.110
| b=(none)
| results matched
| trusted_ca called with a=(empty) b=(empty)
| fc_try trying vpn:192.168.137.1/32:17/1701 -> 192.168.137.110/32:17/1701 vs vpn:<type:%address:17/1701 -> %self/3:17/0
| fc_try concluding with vpn [128]
| fc_try vpn gives vpn
| concluding with d = vpn
| client wildcard: no port wildcard: yes virtual: no
| duplicating state object #1
| creating state object #3 at 0xaac68250
| processing connection vpn[1] 192.168.137.110
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| inserting state object #3 bucket: 24
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3 (head of queue)
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_P
| length: 56
| proposal number: 1
| protocol ID: PROTO_IPSEC_ESP
| SPI size: 4
| number of transforms: 1
| parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
| SPI 34 f7 da 80
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_P
| length: 56
| proposal number: 2
| protocol ID: PROTO_IPSEC_ESP
| SPI size: 4
| number of transforms: 1
| *****parse ISAKMP Transform Payload (ESP):
| next payload type: ISAKMP_NEXT_NONE
| length: 44
| transform number: 1
| transform ID: ESP_AES
| ******parse ISAKMP IPsec DOI attribute:
| af+type: ENCAPSULATION_MODE
| length/value: 2
| [2 is ENCAPSULATION_MODE_TRANSPORT]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: KEY_LENGTH
| length/value: 256
| ******parse ISAKMP IPsec DOI attribute:
| af+type: AUTH_ALGORITHM
| length/value: 2
| [2 is AUTH_ALGORITHM_HMAC_SHA1]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_TYPE
| length/value: 1
| [1 is SA_LIFE_TYPE_SECONDS]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 3600
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_TYPE
| length/value: 2
| [2 is SA_LIFE_TYPE_KBYTES]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 250000
| 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
| asking helper 0 to do build_nonce op on seq: 3 (len=2672, pcw_work=1)
| crypto helper write of request: cnt=2672<wlen=2672.
| deleting event for #3
| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #3
| event added after event EVENT_PENDING_PHASE2
| complete state transition with STF_SUSPEND
! helper 0 read 2668+4/2672 bytesfd: 8
| * processed 0 messages from cryptographic helpers
! helper 0 doing build_nonce op id: 3
| next event EVENT_RETRANSMIT in 6 seconds for #2 (2017-02-21 00:20:46)
| next event EVENT_RETRANSMIT in 6 seconds for #2 (2017-02-21 00:20:46)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:46
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
! Generated nonce:
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
! 0f 6c 89 46 35 04 e3 a8 04 49 70 2e 04 e9 c7 6a
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: message received while calculating. Ignored.
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 6 seconds for #2 (2017-02-21 00:20:46)
| next event EVENT_RETRANSMIT in 6 seconds for #2 (2017-02-21 00:20:46)
|
| helper 0 has finished work (cnt now 1)
| helper 0 replies to id: q#3
| calling callback function 0xaab9e770
| quick inI1_outR1: calculated ke+nonce, calculating DH
| processing connection vpn[1] 192.168.137.110
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_SA
| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 24
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_NONCE
| DOI: ISAKMP_DOI_IPSEC
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_P
| length: 56
| proposal number: 1
| protocol ID: PROTO_IPSEC_ESP
| SPI size: 4
| number of transforms: 1
| parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
| SPI 34 f7 da 80
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_P
| length: 56
| proposal number: 2
| protocol ID: PROTO_IPSEC_ESP
| SPI size: 4
| number of transforms: 1
| *****parse ISAKMP Transform Payload (ESP):
| next payload type: ISAKMP_NEXT_NONE
| length: 44
| transform number: 1
| transform ID: ESP_AES
| ******parse ISAKMP IPsec DOI attribute:
| af+type: ENCAPSULATION_MODE
| length/value: 2
| [2 is ENCAPSULATION_MODE_TRANSPORT]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: KEY_LENGTH
| length/value: 256
| ******parse ISAKMP IPsec DOI attribute:
| af+type: AUTH_ALGORITHM
| length/value: 2
| [2 is AUTH_ALGORITHM_HMAC_SHA1]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_TYPE
| length/value: 1
| [1 is SA_LIFE_TYPE_SECONDS]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 3600
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_TYPE
| length/value: 2
| [2 is SA_LIFE_TYPE_KBYTES]
| ******parse ISAKMP IPsec DOI attribute:
| af+type: SA_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 250000
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 1
| protocol ID: PROTO_IPSEC_ESP
| SPI size: 4
| number of transforms: 1
"vpn"[1] 192.168.137.110 #3: ERROR: netlink_get_spi for esp.0 at 192.168.137.1 failed with errno 524: Unknown error 524
| emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
| SPI 00 00 00 00
| *****emit ISAKMP Transform Payload (ESP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 1
| transform ID: ESP_AES
| emitting 36 raw bytes of attributes into ISAKMP Transform Payload (ESP)
| attributes 80 04 00 02 80 06 01 00 80 05 00 02 80 01 00 01
| attributes 00 02 00 04 00 00 0e 10 80 01 00 02 00 02 00 04
| attributes 00 03 d0 90
| emitting length of ISAKMP Transform Payload (ESP): 44
| emitting length of ISAKMP Proposal Payload: 56
| emitting length of ISAKMP Security Association Payload: 68
"vpn"[1] 192.168.137.110 #3: responding to Quick Mode proposal {msgid:01000000}
"vpn"[1] 192.168.137.110 #3: us: 192.168.137.1:17/1701
"vpn"[1] 192.168.137.110 #3: them: 192.168.137.110:17/1701
| ***emit ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_ID
| emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
| Nr 0f 6c 89 46 35 04 e3 a8 04 49 70 2e 04 e9 c7 6a
| emitting length of ISAKMP Nonce Payload: 20
| emitting 12 raw bytes of IDci into ISAKMP Message
| IDci 05 00 00 0c 01 11 06 a5 c0 a8 89 6e
| emitting 12 raw bytes of IDcr into ISAKMP Message
| IDcr 00 00 00 0c 01 11 06 a5 c0 a8 89 01
| HASH(2) computed:
| ef aa 7c 6f be 2b 1d 64 8c 01 ae 64 bb 94 48 7f
| 8c 92 e2 78
| compute_proto_keymat:needed_len (after ESP enc)=32
| compute_proto_keymat:needed_len (after ESP auth)=52
| ESP KEYMAT
| KEYMAT computed:
| 6c 77 2f 3d 6a c3 65 08 52 0d 8a b9 f8 63 00 5a
| 12 51 dc 6d f2 35 5b f5 95 bb 76 ee 90 f0 46 08
| ee d6 78 ba 58 5c 9c 98 a5 6d 7a 42 25 b5 b8 fc
| 43 f8 a5 d1
| Peer KEYMAT computed:
| 42 a4 e1 97 ce 54 ea be 31 aa 0e 27 61 6a a7 2e
| c0 e9 59 37 08 57 4b d0 74 0b 08 fe c3 dc 25 5c
| 20 7c 01 3f 3d 2c d0 a9 b6 0f a1 03 9b 71 a3 3c
| c8 25 65 06
| install_inbound_ipsec_sa() checking if we can route
| route owner of "vpn"[1] 192.168.137.110 unrouted: NULL; eroute owner: NULL
| could_route called for vpn (kind=CK_INSTANCE)
| routing is easy, or has resolvable near-conflict
| checking if this is a replacement state
| st=0xaac68250 ost=(nil) st->serialno=#3 ost->serialno=#0
| installing outgoing SA now as refhim=0
| state #3(vpn): setup outbound ipsec between 192.168.137.1<->192.168.137.110 for 192.168.137.1/32...192.168.137.110/32
| ipcomp maybe
| esp outbound maybe
| looking for outbound alg with transid: 12 keylen: 256 auth: 2 for spi=80daf734 [192.168.137.1->192.168.137.110]
| checking transid: 11 keylen: 0 auth: 1
| checking transid: 11 keylen: 0 auth: 2
| checking transid: 2 keylen: 8 auth: 0
| checking transid: 2 keylen: 8 auth: 1
| checking transid: 2 keylen: 8 auth: 2
| checking transid: 3 keylen: 24 auth: 0
| checking transid: 3 keylen: 24 auth: 1
| checking transid: 3 keylen: 24 auth: 2
| checking transid: 12 keylen: 16 auth: 0
| checking transid: 12 keylen: 16 auth: 1
| checking transid: 12 keylen: 16 auth: 2
| kernel_alg_esp_info():transid=12, auth=2, ei=0xaac3ea1c, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
| ESP enckey: 42 a4 e1 97 ce 54 ea be 31 aa 0e 27 61 6a a7 2e
| ESP enckey: c0 e9 59 37 08 57 4b d0 74 0b 08 fe c3 dc 25 5c
| ESP authkey: 20 7c 01 3f 3d 2c d0 a9 b6 0f a1 03 9b 71 a3 3c
| ESP authkey: c8 25 65 06
| creating SA spi=34f7da80 at c0a8896e proto=50 family=2
"vpn"[1] 192.168.137.110 #3: ERROR: netlink response for Add SA esp.34f7da80 at 192.168.137.110 included errno 524: Unknown error 524
| setup_half_ipsec_sa() hit fail failed to add sa
| failed to install outgoing SA: 0
| * processed 1 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 5 seconds for #2 (2017-02-21 00:20:47)
| next event EVENT_RETRANSMIT in 5 seconds for #2 (2017-02-21 00:20:47)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:47
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: discarding duplicate packet; already STATE_QUICK_R0
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 5 seconds for #2 (2017-02-21 00:20:47)
| next event EVENT_RETRANSMIT in 5 seconds for #2 (2017-02-21 00:20:47)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:50
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: discarding duplicate packet; already STATE_QUICK_R0
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 2 seconds for #2 (2017-02-21 00:20:50)
| next event EVENT_RETRANSMIT in 2 seconds for #2 (2017-02-21 00:20:50)
|
| next event EVENT_RETRANSMIT in 0 seconds for #2 (2017-02-21 00:20:52)
| *time to handle event
| at 2017-02-21 00:20:52 handling event EVENT_RETRANSMIT
| event after this is EVENT_NAT_T_KEEPALIVE in 11 seconds
| processing connection vpn
| handling event EVENT_RETRANSMIT for 0.0.0.0 "vpn" #2
| sending 144 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.137.110:500 (using #2)
| ff d1 ad 15 e4 c6 d1 d5 ba 22 f4 5d 45 82 5a 91
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2
| event added after event EVENT_NAT_T_KEEPALIVE
| next event EVENT_NAT_T_KEEPALIVE in 11 seconds
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:20:57
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: discarding duplicate packet; already STATE_QUICK_R0
| * processed 0 messages from cryptographic helpers
| next event EVENT_NAT_T_KEEPALIVE in 6 seconds
| next event EVENT_NAT_T_KEEPALIVE in 6 seconds
|
| next event EVENT_NAT_T_KEEPALIVE in 0 seconds
| *time to handle event
| at 2017-02-21 00:21:03 handling event EVENT_NAT_T_KEEPALIVE
| event after this is EVENT_RETRANSMIT in 9 seconds
| processing connection vpn
| processing connection vpn[1] 192.168.137.110
| processing connection vpn[1] 192.168.137.110
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:21:03)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:21:12
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: discarding duplicate packet; already STATE_QUICK_R0
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 0 seconds for #2 (2017-02-21 00:21:12)
| *time to handle event
| at 2017-02-21 00:21:12 handling event EVENT_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 15 seconds
| processing connection vpn
| handling event EVENT_RETRANSMIT for 0.0.0.0 "vpn" #2
| sending 144 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.137.110:500 (using #2)
| ff d1 ad 15 e4 c6 d1 d5 ba 22 f4 5d 45 82 5a 91
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #2
| event added after event EVENT_PENDING_DDNS
| next event EVENT_PENDING_DDNS in 15 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:21:27 handling event EVENT_PENDING_DDNS
| event after this is EVENT_RETRANSMIT in 25 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_RETRANSMIT for #2
| next event EVENT_RETRANSMIT in 25 seconds for #2 (2017-02-21 00:21:27)
|
| *received 476 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:21:28
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 20 01 00 00 00 01 00 00 01 dc 60 92 9c ec
| 99 e6 68 90 75 78 7c 43 86 b8 ae 2a 54 43 8e 4c
| 93 3c 39 ee fc 06 6a 63 7a c6 03 2f 18 cf 6f f9
| ed 71 9b 84 4c a6 53 8e e3 5e 6f 59 c1 62 fa c8
| d2 61 7a 02 45 34 34 f6 2c af c5 50 fd 85 85 1c
| 03 10 86 c3 34 24 c5 cb 9e bb 2f e0 c8 fb 23 1b
| 96 19 d6 61 ed d4 fd 2c 40 bd 92 5b 0a dd 41 d0
| a4 00 5a 94 fa ba eb ed 31 34 a9 44 f7 8c ac 0b
| 4d 2e 13 a6 d5 b1 b5 97 bb fe c8 80 0b fa c6 ed
| 62 92 53 5d b1 7c 1a 46 76 71 a2 66 c4 b4 be ea
| b5 51 d0 3a 7d 7b 64 8c 0a a4 6d 50 31 2f c7 16
| a5 9c 34 0b 41 1d e5 4c dd 8f e1 70 b0 0f 56 39
| d4 5b cf 34 22 d9 c3 1d 49 37 66 78 8f b7 ac 85
| 6b b2 57 a5 75 ca 61 0b 5c f4 f7 4f 93 27 ae b1
| 25 ba 92 b0 85 74 17 26 f5 91 25 d3 b7 4c bc 89
| c7 fd 9a ba 52 40 3d 16 c3 c7 c2 4c 44 d7 ae 54
| c9 64 57 eb 8e e6 39 b7 55 4b 50 28 e7 ca d2 5f
| b4 b4 56 f6 c0 cd 2c 9f c8 f8 a4 7a 88 a0 f6 a2
| 12 84 fe ee f2 2c 2f f2 b2 c9 10 5e 17 33 37 e6
| c6 1f 5d be e1 1d 2b a5 01 db 08 86 4d 4c d8 10
| aa 4f e5 89 48 95 3b 9d 4f 91 e2 6f 6a 5b 00 ba
| d2 ea 1d 50 be c2 b7 86 5f 18 f6 68 cb ce c1 ca
| 52 77 9a 91 79 fb b1 61 58 be 60 bd b5 15 68 26
| 80 18 ad c0 03 5a 5f cf cb df c3 b4 c3 86 cf 93
| d3 12 61 db fb 85 8d 16 22 4c 34 5a f3 ac 9d 88
| eb b1 3a f6 1f 19 66 b6 4d 7b 1e 4a bc 5e 02 81
| 15 f6 5b 0d 22 2a 05 98 4d e9 a7 f9 00 56 19 bf
| f3 5e 31 6f 84 d6 fa d0 90 7a 8e c8 99 96 21 c9
| 33 95 bd 9a 42 40 6e ae 1d 52 b1 36
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_QUICK
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 00 00 00 01
| length: 476
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 00000001
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000001 vs 00000001
| v1 state object #3 found, in STATE_QUICK_R0
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #3: discarding duplicate packet; already STATE_QUICK_R0
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 24 seconds for #2 (2017-02-21 00:21:28)
| next event EVENT_RETRANSMIT in 24 seconds for #2 (2017-02-21 00:21:28)
|
| *received 92 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:21:43
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 05 01 ba 69 d2 2c 00 00 00 5c 59 0a 79 b5
| e1 08 09 8a 95 0c 99 85 03 5f 08 76 2b fd bd 14
| 83 b0 c5 10 07 17 5f b1 ea ce 02 e2 40 17 0a fb
| a7 78 52 69 72 cd b0 ad 40 a6 82 76 f7 da 98 91
| a4 21 d9 5f 20 02 bb 0b 3b 0c 50 e6
| **parse ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_INFO
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: ba 69 d2 2c
| length: 92
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5), msgid: 3127497260
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| peer and cookies match on #3, provided msgid 00000000 vs 00000001/00000000
| peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
| p15 state object #1 found, in STATE_MAIN_R3
| processing connection vpn[1] 192.168.137.110
| last Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| current Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| computed Phase 2 IV:
| f3 b3 26 f4 2e 26 da f1 eb 4a c1 aa 06 83 b8 89
| 5c da 3a 78
| received encrypted packet from 192.168.137.110:500
| decrypting 64 bytes using algorithm OAKLEY_AES_CBC
| decrypted:
| 0c 00 00 18 4f 4e 8c 58 ae a5 a6 78 35 0e 99 4d
| fe c4 79 f3 bc f7 58 55 00 00 00 1c 00 00 00 01
| 01 10 00 01 ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb
| 74 31 1a 38 00 00 00 00 00 00 00 00 00 00 00 00
| next IV: f7 da 98 91 a4 21 d9 5f 20 02 bb 0b 3b 0c 50 e6
| got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_D
| length: 24
| got payload 0x1000(ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
| ***parse ISAKMP Delete Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 28
| DOI: ISAKMP_DOI_IPSEC
| protocol ID: 1
| SPI size: 16
| number of SPIs: 1
| removing 12 bytes of padding
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| v1 peer and cookies match on #3, provided msgid 00000000 vs 00000001
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R3
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110 #1: received Delete SA payload: deleting ISAKMP State #1
"vpn"[1] 192.168.137.110 #1: deleting state #1 (STATE_MAIN_R3)
| **emit ISAKMP Message:
| initiator cookie:
| ff d1 ad 15 e4 c6 d1 d5
| responder cookie:
| de 4c a4 cb 74 31 1a 38
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_INFO
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 62 2b df 63
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_D
| emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 24
| ***emit ISAKMP Delete Payload:
| next payload type: ISAKMP_NEXT_NONE
| DOI: ISAKMP_DOI_IPSEC
| protocol ID: 1
| SPI size: 16
| number of SPIs: 1
| emitting 16 raw bytes of delete payload into ISAKMP Delete Payload
| delete payload ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| emitting length of ISAKMP Delete Payload: 28
| HASH(1) computed:
| 60 e1 78 12 5b bf 67 34 b7 e0 6d c3 c2 84 d1 fe
| 3e 84 25 8f
| last Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| current Phase 1 IV: a4 1a 3f 22 51 90 00 46 2a 07 4c 4b af e8 ae 60
| computed Phase 2 IV:
| 16 a5 73 ed 70 db 00 e1 b4 10 c5 c7 6f c1 83 8f
| dd fa 41 dc
| encrypting:
| 0c 00 00 18 60 e1 78 12 5b bf 67 34 b7 e0 6d c3
| c2 84 d1 fe 3e 84 25 8f 00 00 00 1c 00 00 00 01
| 01 10 00 01 ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb
| 74 31 1a 38
| IV:
| 16 a5 73 ed 70 db 00 e1 b4 10 c5 c7 6f c1 83 8f
| dd fa 41 dc
| unpadded size is: 52
| emitting 12 zero bytes of encryption padding into ISAKMP Message
| encrypting 64 using OAKLEY_AES_CBC
| next IV: 42 e4 ca 62 f5 d6 b4 0c 6d af 2c 95 a6 0b 10 8b
| emitting length of ISAKMP Message: 92
| sending 92 bytes for delete notify through eth0:500 to 192.168.137.110:500 (using #1)
| ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
| 08 10 05 01 62 2b df 63 00 00 00 5c 6f 35 71 71
| ec 52 70 40 11 fb 2d c8 03 7f 03 2f c2 76 18 7d
| 25 5e 47 c4 f7 f9 55 4c cb dc 5e 76 97 05 f6 85
| 5c bd d2 e8 5e a5 0d a7 e9 49 1a 86 42 e4 ca 62
| f5 d6 b4 0c 6d af 2c 95 a6 0b 10 8b
| deleting event for #1
| no suspended cryptographic state for 1
| del: ff d1 ad 15 e4 c6 d1 d5 de 4c a4 cb 74 31 1a 38
packet from 192.168.137.110:500: received and ignored informational message
| complete state transition with STF_IGNORE
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:21:43)
| next event EVENT_RETRANSMIT in 9 seconds for #2 (2017-02-21 00:21:43)
|
| *received 408 bytes from 192.168.137.110:500 on eth0 (port=500) at 2017-02-21 00:21:43
| ad 09 e0 1a ce 5d 83 4d 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 01 98 0d 00 00 d4
| 00 00 00 01 00 00 00 01 00 00 00 c8 01 01 00 05
| 03 00 00 28 01 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 14 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 28 02 01 00 00
| 80 01 00 07 80 0e 00 80 80 02 00 02 80 04 00 13
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 03 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 03 00 00 24 04 01 00 00
| 80 01 00 05 80 02 00 02 80 04 00 0e 80 03 00 01
| 80 0b 00 01 00 0c 00 04 00 00 70 80 00 00 00 24
| 05 01 00 00 80 01 00 05 80 02 00 02 80 04 00 02
| 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| 0d 00 00 18 01 52 8b bb c0 06 96 12 18 49 ab 9a
| 1c 5b 2a 51 00 00 00 01 0d 00 00 18 1e 2b 51 69
| 05 99 1c 7d 7c 96 fc bf b5 87 e4 61 00 00 00 09
| 0d 00 00 14 4a 13 1c 81 07 03 58 45 5c 57 28 f2
| 0e 95 45 2f 0d 00 00 14 90 cb 80 91 3e bb 69 6e
| 08 63 81 b5 ec 42 7b 1f 0d 00 00 14 40 48 b7 d5
| 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14
| fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
| 0d 00 00 14 26 24 4d 38 ed db 61 b3 17 2a 36 e3
| d0 cf b8 19 00 00 00 14 e3 a5 96 6a 76 37 9f e7
| 07 22 82 31 e5 ce 86 52
| **parse ISAKMP Message:
| initiator cookie:
| ad 09 e0 1a ce 5d 83 4d
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| length: 408
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2), msgid: 00000000
| got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 212
| DOI: ISAKMP_DOI_IPSEC
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 24
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| length: 20
| got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 20
packet from 192.168.137.110:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
packet from 192.168.137.110:500: received Vendor ID payload [RFC 3947] method set to=115
packet from 192.168.137.110:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from 192.168.137.110:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 192.168.137.110:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
packet from 192.168.137.110:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 192.168.137.110:500: ignoring Vendor ID payload [IKE CGA version 1]
| nat-t detected, sending nat-t VID
| find_host_connection2 called from main_inI1_outR1, me=192.168.137.1:500 him=192.168.137.110:500 policy=/!IKEv1
| find_host_pair: looking for me=192.168.137.1:500 %address him=192.168.137.110:500 any-match
| find_host_pair: comparing to me=192.168.137.1:500 %any him=0.0.0.0:500
| find_host_pair: concluded with vpn
| found_host_pair_conn (find_host_connection2): 192.168.137.1:500 %address/192.168.137.110:500 -> hp:vpn
| searching for connection with policy = /!IKEv1
| found policy = PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+SAREFTRACK (vpn)
| find_host_connection2 returns vpn (ike=none/none)
| creating state object #4 at 0xaac691e8
| processing connection vpn[1] 192.168.137.110
| ICOOKIE: ad 09 e0 1a ce 5d 83 4d
| RCOOKIE: a9 21 11 34 65 9d 0d 2f
| state hash entry 4
| inserting state object #4 bucket: 4
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #4 (head of queue)
"vpn"[1] 192.168.137.110 #4: responding to Main Mode from unknown peer 192.168.137.110
| **emit ISAKMP Message:
| initiator cookie:
| ad 09 e0 1a ce 5d 83 4d
| responder cookie:
| a9 21 11 34 65 9d 0d 2f
| next payload type: ISAKMP_NEXT_SA
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_IDPROT
| flags: none
| message ID: 00 00 00 00
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID
| DOI: ISAKMP_DOI_IPSEC
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 200
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 5
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 1
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 20
"vpn"[1] 192.168.137.110 #4: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 2
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 128
| ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 19
"vpn"[1] 192.168.137.110 #4: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T
| length: 40
| transform number: 3
| transform ID: KEY_IKE
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM
| length/value: 7
| [7 is OAKLEY_AES_CBC]
| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_KEY_LENGTH
| length/value: 256
| ike_alg_enc_ok(ealg=7,key_len=256): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_HASH_ALGORITHM
| length/value: 2
| [2 is OAKLEY_SHA1]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_GROUP_DESCRIPTION
| length/value: 14
| [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_AUTHENTICATION_METHOD
| length/value: 1
| [1 is OAKLEY_PRESHARED_KEY]
| started looking for secret for 192.168.137.1->192.168.137.110 of kind PPK_PSK
| actually looking for secret for 192.168.137.1->192.168.137.110 of kind PPK_PSK
| line 1: key type PPK_PSK(192.168.137.1) to type PPK_PSK
| 1: compared key %any to 192.168.137.1 / 192.168.137.110 -> 2
| 2: compared key 192.168.137.1 to 192.168.137.1 / 192.168.137.110 -> 10
| line 1: match=10
| best_match 0>10 best=0xaac63fd0 (line=1)
| concluding with best_match=10 best=0xaac63fd0 (lineno=1)
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_TYPE
| length/value: 1
| [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
| af+type: OAKLEY_LIFE_DURATION (variable length)
| length/value: 4
| long duration: 28800
| Oakley Transform 3 accepted
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE
| proposal number: 1
| protocol ID: PROTO_ISAKMP
| SPI size: 0
| number of transforms: 1
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE
| transform number: 3
| transform ID: KEY_IKE
| emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
| attributes 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
| attributes 80 03 00 01 80 0b 00 01 00 0c 00 04 00 00 70 80
| emitting length of ISAKMP Transform Payload (ISAKMP): 40
| emitting length of ISAKMP Proposal Payload: 48
| emitting length of ISAKMP Security Association Payload: 60
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
| Vendor ID 4f 53 57 79 5f 44 72 65 7a 65 47 53
| emitting length of ISAKMP Vendor ID Payload: 16
| out_vendorid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| sender checking NAT-T: 1 and 115
| out_vendorid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| emitting length of ISAKMP Message: 144
| complete state transition with STF_OK
"vpn"[1] 192.168.137.110 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
| deleting event for #4
| sending reply packet to 192.168.137.110:500 (from port 500)
| sending 144 bytes for STATE_MAIN_R0 through eth0:500 to 192.168.137.110:500 (using #4)
| ad 09 e0 1a ce 5d 83 4d a9 21 11 34 65 9d 0d 2f
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4
| event added after event EVENT_RETRANSMIT for #2
"vpn"[1] 192.168.137.110 #4: STATE_MAIN_R1: sent MR1, expecting MI2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:21:44)
| next event EVENT_RETRANSMIT in 8 seconds for #2 (2017-02-21 00:21:44)
|
| next event EVENT_RETRANSMIT in 0 seconds for #2 (2017-02-21 00:21:52)
| *time to handle event
| at 2017-02-21 00:21:52 handling event EVENT_RETRANSMIT
| event after this is EVENT_RETRANSMIT in 2 seconds
| processing connection vpn
| handling event EVENT_RETRANSMIT for 0.0.0.0 "vpn" #2
"vpn" #2: max number of retransmissions (2) reached STATE_MAIN_R1
"vpn" #2: deleting state #2 (STATE_MAIN_R1)
| deleting event for #2
| no suspended cryptographic state for 2
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: ba 22 f4 5d 45 82 5a 91
| state hash entry 5
| next event EVENT_RETRANSMIT in 2 seconds for #4 (2017-02-21 00:21:52)
|
| next event EVENT_RETRANSMIT in 0 seconds for #4 (2017-02-21 00:21:54)
| *time to handle event
| at 2017-02-21 00:21:54 handling event EVENT_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 33 seconds
| processing connection vpn[1] 192.168.137.110
| handling event EVENT_RETRANSMIT for 192.168.137.110 "vpn" #4
| sending 144 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.137.110:500 (using #4)
| ad 09 e0 1a ce 5d 83 4d a9 21 11 34 65 9d 0d 2f
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #4 (head of queue)
| next event EVENT_RETRANSMIT in 20 seconds for #4 (2017-02-21 00:21:54)
|
| next event EVENT_RETRANSMIT in 0 seconds for #4 (2017-02-21 00:22:14)
| *time to handle event
| at 2017-02-21 00:22:14 handling event EVENT_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 13 seconds
| processing connection vpn[1] 192.168.137.110
| handling event EVENT_RETRANSMIT for 192.168.137.110 "vpn" #4
| sending 144 bytes for EVENT_RETRANSMIT through eth0:500 to 192.168.137.110:500 (using #4)
| ad 09 e0 1a ce 5d 83 4d a9 21 11 34 65 9d 0d 2f
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 3c
| 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01
| 00 00 00 28 03 01 00 00 80 01 00 07 80 0e 01 00
| 80 02 00 02 80 04 00 0e 80 03 00 01 80 0b 00 01
| 00 0c 00 04 00 00 70 80 0d 00 00 10 4f 53 57 79
| 5f 44 72 65 7a 65 47 53 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #4
| event added after event EVENT_PENDING_PHASE2
| next event EVENT_PENDING_DDNS in 13 seconds
root at Archer_C5400s:/data/l2tp-ipsec# |
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:22:27 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_RETRANSMIT for #4
| at 2017-02-21 00:22:27 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_RETRANSMIT in 27 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "vpn" was not up, skipped
| pending review: connection "vpn" was not up, skipped
| next event EVENT_RETRANSMIT in 27 seconds for #4 (2017-02-21 00:22:27)
root at Archer_C5400s:/data/l2tp-ipsec# |
| next event EVENT_RETRANSMIT in 0 seconds for #4 (2017-02-21 00:22:54)
| *time to handle event
| at 2017-02-21 00:22:54 handling event EVENT_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 33 seconds
| processing connection vpn[1] 192.168.137.110
| handling event EVENT_RETRANSMIT for 192.168.137.110 "vpn" #4
"vpn"[1] 192.168.137.110 #4: max number of retransmissions (2) reached STATE_MAIN_R1
"vpn"[1] 192.168.137.110 #4: deleting state #4 (STATE_MAIN_R1)
| deleting event for #4
| no suspended cryptographic state for 4
| ICOOKIE: ad 09 e0 1a ce 5d 83 4d
| RCOOKIE: a9 21 11 34 65 9d 0d 2f
| state hash entry 4
| next event EVENT_PENDING_DDNS in 33 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:23:27 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 60 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:24:27 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| at 2017-02-21 00:24:27 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_CRYPTO_FAILED for #3
| pending review: connection "vpn" was not up, skipped
| pending review: connection "vpn" was not up, skipped
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:25:27 handling event EVENT_PENDING_DDNS
| event after this is EVENT_CRYPTO_FAILED in 19 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_CRYPTO_FAILED for #3
| next event EVENT_CRYPTO_FAILED in 19 seconds for #3 (2017-02-21 00:25:27)
|
| next event EVENT_CRYPTO_FAILED in 0 seconds for #3 (2017-02-21 00:25:46)
| *time to handle event
| at 2017-02-21 00:25:46 handling event EVENT_CRYPTO_FAILED
| event after this is EVENT_PENDING_DDNS in 41 seconds
| processing connection vpn[1] 192.168.137.110
| event crypto_failed on state #3, aborting
"vpn"[1] 192.168.137.110 #3: deleting state #3 (STATE_QUICK_R0)
| deleting event for #3
| no suspended cryptographic state for 3
| ICOOKIE: ff d1 ad 15 e4 c6 d1 d5
| RCOOKIE: de 4c a4 cb 74 31 1a 38
| state hash entry 24
| processing connection vpn[1] 192.168.137.110
"vpn"[1] 192.168.137.110: deleting connection "vpn" [whackfd=4294967295] instance with peer 192.168.137.110 {isakmp=#0/ipsec=#0}
| pass 0: considering CHILD SAs to delete
| pass 1: considering PARENT SAs to delete
| next event EVENT_PENDING_DDNS in 41 seconds
|
| next event EVENT_PENDING_DDNS in -1 seconds
| *time to handle event
| at 2017-02-21 00:26:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in -1 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| at 2017-02-21 00:26:28 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "vpn" was not up, skipped
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:27:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 60 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:28:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| at 2017-02-21 00:28:28 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "vpn" was not up, skipped
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:29:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 60 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| next event EVENT_PENDING_DDNS in 60 seconds
CONSOLE: 028540.076 wlc_mimops_action_ht_complete(): no ACK received!
CONSOLE: 028540.241 wlc_mimops_action_ht_complete(): no ACK received!
CONSOLE: 028541.250 wlc_mimops_action_ht_complete(): no ACK received!
CONSOLE: 028548.241 wl1: wlc_lq_chanim_update: WLC_CHANIM upd blocked scan/detect
CONSOLE: 028548.241 wl1: wlc_watchdog: WLC_CHANIM upd fail -25
CONSOLE: 028548.806 wl1: wlc_ht_send_action_obss_coex: Not STA
CONSOLE: 028550.076 wl2: wlc_lq_chanim_update: WLC_CHANIM upd blocked scan/detect
CONSOLE: 028550.076 wl2: wlc_watchdog: WLC_CHANIM upd fail -25
CONSOLE: 028548.250 wl0: wlc_lq_chanim_update: WLC_CHANIM upd blocked scan/detect
CONSOLE: 028548.250 wl0: wlc_watchdog: WLC_CHANIM upd fail -25
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:30:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| at 2017-02-21 00:30:28 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "vpn" was not up, skipped
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:31:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 60 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| next event EVENT_PENDING_DDNS in 60 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| at 2017-02-21 00:32:28 handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| at 2017-02-21 00:32:28 handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "vpn" was not up, skipped
| next event EVENT_PENDING_DDNS in 60 seconds
I have been suffered by this problem a lot, I can't sleep.
can any one help me, thanks very much :)
With Best Regards,
YUAN Jianpeng
More information about the Users
mailing list