Attachment 887118 Details for Bug 1088038 – Pluto logs - permissive

Pluto logs - permissive

pluto_permissive.log (text/x-log), 124.55 KB, created by Ján Rusnačko on 2014-04-17 08:58:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ján Rusnačko

Created: 2014-04-17 08:58:23 UTC

Size: 124.55 KB

patch

obsolete

>nss directory plutomain: /etc/ipsec.d
>NSS Initialized
>FIPS HMAC integrity verification test passed
>FIPS: pluto daemon NOT running in FIPS mode
>libcap-ng support [enabled]
>Linux audit support [disabled]
>Starting Pluto (Libreswan Version 3.8 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:13262
>core dump dir: /var/run/pluto/
>secrets file: /etc/ipsec.secrets
>LEAK_DETECTIVE support [disabled]
>OCF support for IKE [disabled]
>SAref support [disabled]: Protocol not available
>SAbind support [disabled]: Protocol not available
>NSS crypto [enabled]
>XAUTH PAM support [enabled]
>Setting NAT-Traversal port-4500 floating to on
>   port floating activation criteria nat_t=1/port_float=1
>   NAT-Traversal support  [enabled]
>| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
>| event added at head of queue
>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
>| event added at head of queue
>| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
>| event added after event EVENT_PENDING_DDNS
>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
>starting up 3 cryptographic helpers
>started helper (thread) pid=140362053396224 (fd:7)
>| status value returned by setting the priority of this thread (id=0) 22
>| helper 0 waiting on fd: 8
>| status value returned by setting the priority of this thread (id=1) 22
>| helper 1 waiting on fd: 10
>started helper (thread) pid=140362045003520 (fd:9)
>started helper (thread) pid=140362036610816 (fd:11)
>| status value returned by setting the priority of this thread (id=2) 22
>| helper 2 waiting on fd: 13
>Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-121.el7.x86_64
>| process 13262 listening for PF_KEY_V2 on file descriptor 16
>| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH 
>|   02 07 00 02  02 00 00 00  01 00 00 00  ce 33 00 00
>| pfkey_get: K_SADB_REGISTER message 1
>| AH registered with kernel.
>| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP 
>|   02 07 00 03  02 00 00 00  02 00 00 00  ce 33 00 00
>| pfkey_get: K_SADB_REGISTER message 2
>| alg_init():memset(0x7fa89d741580, 0, 2048) memset(0x7fa89d741d80, 0, 2048) 
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
>| kernel_alg_add():satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=2(ESP_DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=3(ESP_3DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=5(ESP_IDEA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=6(ESP_CAST)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=8(ESP_3IDEA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=14, alg_id=9(ESP_DES_IV32)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
>| kernel_alg_add():satype=3, exttype=15, alg_id=11(ESP_NULL)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=2(ESP_DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=3(ESP_3DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=6(ESP_CAST)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=12(ESP_AES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=252(ESP_SERPENT)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=253(ESP_TWOFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=13(ESP_AES_CTR)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
>| kernel_alg_add():satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)
>| kernel_alg_add():satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)
>| kernel_alg_add():satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)
>| kernel_alg_add():satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)
>| kernel_alg_add():satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)
>| kernel_alg_add():satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)
>ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_8 for IKE
>ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_12 for IKE
>ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_16 for IKE
>ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_8 for IKE
>ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_12 for IKE
>ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_16 for IKE
>| Registered AEAD AES CCM/GCM algorithms
>| ESP registered with kernel.
>| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP 
>|   02 07 00 09  02 00 00 00  03 00 00 00  ce 33 00 00
>| pfkey_get: K_SADB_REGISTER message 3
>| IPCOMP registered with kernel.
>| Registered AH, ESP and IPCOMP
>| Changed path to directory '/etc/ipsec.d/cacerts'
>| Changing to directory '/etc/ipsec.d/crls'
>| selinux support is enabled. 
>| inserting event EVENT_LOG_DAILY, timeout in 47465 seconds
>| event added after event EVENT_REINIT_SECRET
>listening for IKE messages
>| Inspecting interface lo 
>| found lo with address 127.0.0.1
>| Inspecting interface wlp3s0 
>| found wlp3s0 with address 10.200.138.69
>| Inspecting interface virbr0 
>| found virbr0 with address 192.168.122.1
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
>adding interface virbr0/virbr0 192.168.122.1:500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
>adding interface virbr0/virbr0 192.168.122.1:4500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
>adding interface wlp3s0/wlp3s0 10.200.138.69:500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
>adding interface wlp3s0/wlp3s0 10.200.138.69:4500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
>adding interface lo/lo 127.0.0.1:500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
>adding interface lo/lo 127.0.0.1:4500
>| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
>adding interface lo/lo ::1:500
>| certs and keys locked by 'free_preshared_secrets'
>| certs and keys unlocked by 'free_preshard_secrets'
>loading secrets from "/etc/ipsec.secrets"
>loading secrets from "/etc/ipsec.d/ipsec-nm-conn1.secrets"
>| id type added to secret(0x7fa89f5c9340) PPK_PSK: @RH-standard
>| Processing PSK at line 1: passed
>| certs and keys locked by 'process_secret'
>| certs and keys unlocked by 'process_secret'
>| next event EVENT_PENDING_DDNS in 60 seconds
>| calling addconn helper using execve
>| next event EVENT_PENDING_DDNS in 59 seconds
>| reaped addconn helper child
>|  
>| *received whack message
>| alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=0  aklen=0
>| alg_enum_search_prefix() calling enum_search(0x7fa89d713e40, "OAKLEY_AES")
>| enum_search_ppfixi () calling enum_search(0x7fa89d713e40, "OAKLEY_AES_CBC")
>| parser_alg_info_add() ealg_getbyname("aes")=7
>| entering aalg_getbyname_ike()
>| alg_enum_search_prefix() calling enum_search(0x7fa89d713de0, "OAKLEY_SHA1")
>| parser_alg_info_add() aalg_getbyname("sha1")=2
>| raw_alg_info_ike_add() ealg=7 aalg=2 modp_id=5, cnt=1
>| raw_alg_info_ike_add() ealg=7 aalg=2 modp_id=2, cnt=2
>| Added new connection nm-conn1 with policy PSK+ENCRYPT+TUNNEL+PFS+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG
>| from whack: got --esp=aes-sha1;modp1024
>| alg_enum_search_prefix() calling enum_search(0x7fa89d713b40, "OAKLEY_GROUP_MODP1024")
>| alg_info_parse_str() ealg_buf=aes aalg_buf=sha1 eklen=0  aklen=0
>| alg_enum_search_prefix() calling enum_search(0x7fa89d7147e0, "ESP_AES")
>| parser_alg_info_add() ealg_getbyname("aes")=12
>| entering aalg_getbyname_esp()
>| alg_enum_search_prefix() calling enum_search(0x7fa89d7141e0, "AUTH_ALGORITHM_HMAC_SHA1")
>| parser_alg_info_add() aalg_getbyname("sha1")=2
>| raw_alg_info_esp_add() ealg=12 aalg=2 cnt=1
>| esp string values: AES(12)_000-SHA1(2)_000; pfsgroup=MODP1024(2)
>| ike (phase1) algorihtm values: AES_CBC(7)_000-SHA1(2)_000-MODP1536(5), AES_CBC(7)_000-SHA1(2)_000-MODP1024(2)
>| loopback=0, labeled_ipsec=0;
>| policy_label=(null);
>| counting wild cards for @RH-standard is 0
>| counting wild cards for 66.187.233.55 is 0
>| modecfgdomain=(null);
>| modecfgbanner=(null);
>| alg_info_addref() alg_info->ref_cnt=1
>| alg_info_addref() alg_info->ref_cnt=1
>| connect_to_host_pair: 10.200.138.69:500 66.187.233.55:500 -> hp:none 
>added connection description "nm-conn1"
>| 10.200.138.69[@RH-standard,+MC+XC+S=C]...66.187.233.55<66.187.233.55>[MS+XS+S=C]
>| ike_life: 86400s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+TUNNEL+PFS+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 58 seconds
>| next event EVENT_PENDING_DDNS in 58 seconds
>|  
>| *received whack message
>| processing connection nm-conn1
>| kernel_alg_db_new() initial trans_cnt=128
>| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
>| kernel_alg_db_new()     trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2
>| returning new proposal from esp_info
>| creating state object #1 at 0x7fa89f5cb3d0
>| processing connection nm-conn1
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 8
>| inserting state object #1
>| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
>| event added at head of queue
>"nm-conn1" #1: multiple DH groups were set in aggressive mode. Only first one used.
>"nm-conn1" #1: transform (7,2,2,0) ignored.
>| initiating aggressive mode with IKE=E=7-H=2-M=5
>| Queuing pending Quick Mode with 66.187.233.55 "nm-conn1"
>"nm-conn1" #1: initiating Aggressive Mode #1, connection "nm-conn1"
>| 1: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
>| asking helper 1 to do build_kenonce op on seq: 1 (len=2776, pcw_work=1)
>| crypto helper write of request: cnt=2776<wlen=2776.  
>| deleting event for #1
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
>| event added after event EVENT_PENDING_PHASE2
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 58 seconds
>| next event EVENT_PENDING_DDNS in 58 seconds
>| helper 1 read 2768+4/2776 bytes fd: 10
>| helper 1 doing build_kenonce op id: 1
>| NSS: Value of Prime:
>|   ff ff ff ff  ff ff ff ff  c9 0f da a2  21 68 c2 34
>|   c4 c6 62 8b  80 dc 1c d1  29 02 4e 08  8a 67 cc 74
>|   02 0b be a6  3b 13 9b 22  51 4a 08 79  8e 34 04 dd
>|   ef 95 19 b3  cd 3a 43 1b  30 2b 0a 6d  f2 5f 14 37
>|   4f e1 35 6d  6d 51 c2 45  e4 85 b5 76  62 5e 7e c6
>|   f4 4c 42 e9  a6 37 ed 6b  0b ff 5c b6  f4 06 b7 ed
>|   ee 38 6b fb  5a 89 9f a5  ae 9f 24 11  7c 4b 1f e6
>|   49 28 66 51  ec e4 5b 3d  c2 00 7c b8  a1 63 bf 05
>|   98 da 48 36  1c 55 d3 9a  69 16 3f a8  fd 24 cf 5f
>|   83 65 5d 23  dc a3 ad 96  1c 62 f3 56  20 85 52 bb
>|   9e d5 29 07  70 96 96 6d  67 0c 35 4e  4a bc 98 04
>|   f1 74 6c 08  ca 23 73 27  ff ff ff ff  ff ff ff ff
>| NSS: Value of base:
>|   02
>| NSS: generated dh priv and pub keys: 192 
>| NSS: Local DH secret (pointer):
>|   60 5c 00 88  a8 7f 00 00
>| NSS: Public DH value sent(computed in NSS):
>|   6b 24 b1 cf  a1 74 d6 a4  c4 57 19 8b  c8 5d 7d 87
>|   e8 87 01 a3  71 d8 95 0b  2b f9 2a 13  8b 02 2c 82
>|   35 dd 81 da  92 63 74 08  06 05 0c d8  5e 6f 0b 73
>|   a7 a9 75 97  a1 a3 3d cf  64 38 b3 38  bc c3 5d f4
>|   8d 7a 10 f0  20 ba ca 35  cf 33 59 db  97 cd 55 6a
>|   1a 83 6c f4  c5 19 9e e8  7f 7d ff 60  e9 c8 ea 5e
>|   f8 ae bd a1  58 32 79 0a  65 d9 28 ff  06 57 34 b7
>|   55 1f 51 25  d8 b2 52 12  55 9d e9 87  ed 07 27 9d
>|   55 8a 22 2a  49 3f 5c e4  40 e6 5c 8f  9b 97 32 07
>|   8f 44 b5 9f  eb d2 df 5f  8c c2 7d 64  fa 0c fa 3e
>|   e7 08 dc b9  1a 7f 7c 6b  5a d2 93 ec  da 09 a5 9e
>|   e1 a1 e5 87  95 c4 f3 ba  1b 61 60 8e  ed d7 44 72
>| NSS: Local DH public value (pointer):
>|   50 54 00 88  a8 7f 00 00
>| Generated nonce:
>|   1a c9 83 b9  87 63 f4 85  eb 35 0d 6e  91 cf 1d 28
>|  
>| helper 1 has finished work (cnt now 1)
>| helper 1 replies to id: q#1
>| calling callback function 0x7fa89d485980
>| aggr outI1: calculated ke+nonce, sending I1
>| processing connection nm-conn1
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   00 00 00 00  00 00 00 00
>|    next payload type: ISAKMP_NEXT_SA
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_AGGR
>|    flags: none
>|    message ID:  00 00 00 00
>"nm-conn1" #1: multiple DH groups were set in aggressive mode. Only first one used.
>"nm-conn1" #1: transform (7,2,2,0) ignored.
>| ***emit ISAKMP Security Association Payload:
>|    next payload type: ISAKMP_NEXT_KE
>|    DOI: ISAKMP_DOI_IPSEC
>| ****emit IPsec DOI SIT:
>|    IPsec DOI SIT: SIT_IDENTITY_ONLY
>| out_sa pcn: 0 has 1 valid proposals
>| out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 1
>| ****emit ISAKMP Proposal Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    proposal number: 0
>|    protocol ID: PROTO_ISAKMP
>|    SPI size: 0
>|    number of transforms: 1
>| *****emit ISAKMP Transform Payload (ISAKMP):
>|    next payload type: ISAKMP_NEXT_NONE
>|    ISAKMP transform number: 0
>|    ISAKMP transform ID: KEY_IKE
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_LIFE_TYPE
>|    length/value: 1
>|     [1 is OAKLEY_LIFE_SECONDS]
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_LIFE_DURATION (variable length)
>| emitting 4 raw bytes of long attribute value into ISAKMP Oakley attribute
>| long attribute value
>|   00 01 51 80
>| emitting length of ISAKMP Oakley attribute: 4
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_ENCRYPTION_ALGORITHM
>|    length/value: 7
>|     [7 is OAKLEY_AES_CBC]
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_HASH_ALGORITHM
>|    length/value: 2
>|     [2 is OAKLEY_SHA1]
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_AUTHENTICATION_METHOD
>|    length/value: 65001
>|     [65001 is XAUTHInitPreShared]
>| ******emit ISAKMP Oakley attribute:
>|    af+type: OAKLEY_GROUP_DESCRIPTION
>|    length/value: 5
>|     [5 is OAKLEY_GROUP_MODP1536]
>| emitting length of ISAKMP Transform Payload (ISAKMP): 36
>| emitting length of ISAKMP Proposal Payload: 44
>| emitting length of ISAKMP Security Association Payload: 56
>| saving DH priv (local secret) and pub key into state struc
>| ***emit ISAKMP Key Exchange Payload:
>|    next payload type: ISAKMP_NEXT_NONCE
>| emitting 192 raw bytes of keyex value into ISAKMP Key Exchange Payload
>| keyex value  6b 24 b1 cf  a1 74 d6 a4  c4 57 19 8b  c8 5d 7d 87
>| keyex value  e8 87 01 a3  71 d8 95 0b  2b f9 2a 13  8b 02 2c 82
>| keyex value  35 dd 81 da  92 63 74 08  06 05 0c d8  5e 6f 0b 73
>| keyex value  a7 a9 75 97  a1 a3 3d cf  64 38 b3 38  bc c3 5d f4
>| keyex value  8d 7a 10 f0  20 ba ca 35  cf 33 59 db  97 cd 55 6a
>| keyex value  1a 83 6c f4  c5 19 9e e8  7f 7d ff 60  e9 c8 ea 5e
>| keyex value  f8 ae bd a1  58 32 79 0a  65 d9 28 ff  06 57 34 b7
>| keyex value  55 1f 51 25  d8 b2 52 12  55 9d e9 87  ed 07 27 9d
>| keyex value  55 8a 22 2a  49 3f 5c e4  40 e6 5c 8f  9b 97 32 07
>| keyex value  8f 44 b5 9f  eb d2 df 5f  8c c2 7d 64  fa 0c fa 3e
>| keyex value  e7 08 dc b9  1a 7f 7c 6b  5a d2 93 ec  da 09 a5 9e
>| keyex value  e1 a1 e5 87  95 c4 f3 ba  1b 61 60 8e  ed d7 44 72
>| emitting length of ISAKMP Key Exchange Payload: 196
>| ***emit ISAKMP Nonce Payload:
>|    next payload type: ISAKMP_NEXT_ID
>| emitting 16 raw bytes of Ni into ISAKMP Nonce Payload
>| Ni  1a c9 83 b9  87 63 f4 85  eb 35 0d 6e  91 cf 1d 28
>| emitting length of ISAKMP Nonce Payload: 20
>| setting sec: 1
>| ***emit ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_VID
>|    ID type: ID_FQDN
>|    Protocol ID: 0
>|    port: 0
>| emitting 11 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
>| my identity  52 48 2d 73  74 61 6e 64  61 72 64
>| emitting length of ISAKMP Identification Payload (IPsec DOI): 19
>| out_vid(): sending [Dead Peer Detection]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
>| emitting length of ISAKMP Vendor ID Payload: 20
>| nat add vid. port: 1 nonike: 1
>| out_vid(): sending [RFC 3947]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
>| emitting length of ISAKMP Vendor ID Payload: 20
>| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
>| emitting length of ISAKMP Vendor ID Payload: 20
>| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
>| emitting length of ISAKMP Vendor ID Payload: 20
>| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48
>| emitting length of ISAKMP Vendor ID Payload: 20
>| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-00]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  44 85 15 2d  18 b6 bb cd  0b e8 a8 46  95 79 dd cc
>| emitting length of ISAKMP Vendor ID Payload: 20
>| out_vid(): sending [XAUTH]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>| emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  09 00 26 89  df d6 b7 12
>| emitting length of ISAKMP Vendor ID Payload: 12
>| out_vid(): sending [FRAGMENTATION]
>| ***emit ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
>| V_ID  40 48 b7 d5  6e bc e8 85  25 e7 de 7f  00 d6 c2 d3
>| emitting length of ISAKMP Vendor ID Payload: 20
>| padding IKE message with 1 bytes
>| emitting 1 zero bytes of message padding into ISAKMP Message
>| emitting length of ISAKMP Message: 472
>| sending:
>|   82 a0 20 0f  0a fd b1 f1  00 00 00 00  00 00 00 00
>|   01 10 04 00  00 00 00 00  00 00 01 d8  04 00 00 38
>|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
>|   00 00 00 24  00 01 00 00  80 0b 00 01  00 0c 00 04
>|   00 01 51 80  80 01 00 07  80 02 00 02  80 03 fd e9
>|   80 04 00 05  0a 00 00 c4  6b 24 b1 cf  a1 74 d6 a4
>|   c4 57 19 8b  c8 5d 7d 87  e8 87 01 a3  71 d8 95 0b
>|   2b f9 2a 13  8b 02 2c 82  35 dd 81 da  92 63 74 08
>|   06 05 0c d8  5e 6f 0b 73  a7 a9 75 97  a1 a3 3d cf
>|   64 38 b3 38  bc c3 5d f4  8d 7a 10 f0  20 ba ca 35
>|   cf 33 59 db  97 cd 55 6a  1a 83 6c f4  c5 19 9e e8
>|   7f 7d ff 60  e9 c8 ea 5e  f8 ae bd a1  58 32 79 0a
>|   65 d9 28 ff  06 57 34 b7  55 1f 51 25  d8 b2 52 12
>|   55 9d e9 87  ed 07 27 9d  55 8a 22 2a  49 3f 5c e4
>|   40 e6 5c 8f  9b 97 32 07  8f 44 b5 9f  eb d2 df 5f
>|   8c c2 7d 64  fa 0c fa 3e  e7 08 dc b9  1a 7f 7c 6b
>|   5a d2 93 ec  da 09 a5 9e  e1 a1 e5 87  95 c4 f3 ba
>|   1b 61 60 8e  ed d7 44 72  05 00 00 14  1a c9 83 b9
>|   87 63 f4 85  eb 35 0d 6e  91 cf 1d 28  0d 00 00 13
>|   02 00 00 00  52 48 2d 73  74 61 6e 64  61 72 64 0d
>|   00 00 14 af  ca d7 13 68  a1 f1 c9 6b  86 96 fc 77
>|   57 01 00 0d  00 00 14 4a  13 1c 81 07  03 58 45 5c
>|   57 28 f2 0e  95 45 2f 0d  00 00 14 7d  94 19 a6 53
>|   10 ca 6f 2c  17 9d 92 15  52 9d 56 0d  00 00 14 90
>|   cb 80 91 3e  bb 69 6e 08  63 81 b5 ec  42 7b 1f 0d
>|   00 00 14 cd  60 46 43 35  df 21 f8 7c  fd b2 fc 68
>|   b6 a4 48 0d  00 00 14 44  85 15 2d 18  b6 bb cd 0b
>|   e8 a8 46 95  79 dd cc 0d  00 00 0c 09  00 26 89 df
>|   d6 b7 12 00  00 00 14 40  48 b7 d5 6e  bc e8 85 25
>|   e7 de 7f 00  d6 c2 d3 00
>| sending 472 bytes for aggr_outI1 through wlp3s0:500 to 66.187.233.55:500 (using #1)
>|   82 a0 20 0f  0a fd b1 f1  00 00 00 00  00 00 00 00
>|   01 10 04 00  00 00 00 00  00 00 01 d8  04 00 00 38
>|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
>|   00 00 00 24  00 01 00 00  80 0b 00 01  00 0c 00 04
>|   00 01 51 80  80 01 00 07  80 02 00 02  80 03 fd e9
>|   80 04 00 05  0a 00 00 c4  6b 24 b1 cf  a1 74 d6 a4
>|   c4 57 19 8b  c8 5d 7d 87  e8 87 01 a3  71 d8 95 0b
>|   2b f9 2a 13  8b 02 2c 82  35 dd 81 da  92 63 74 08
>|   06 05 0c d8  5e 6f 0b 73  a7 a9 75 97  a1 a3 3d cf
>|   64 38 b3 38  bc c3 5d f4  8d 7a 10 f0  20 ba ca 35
>|   cf 33 59 db  97 cd 55 6a  1a 83 6c f4  c5 19 9e e8
>|   7f 7d ff 60  e9 c8 ea 5e  f8 ae bd a1  58 32 79 0a
>|   65 d9 28 ff  06 57 34 b7  55 1f 51 25  d8 b2 52 12
>|   55 9d e9 87  ed 07 27 9d  55 8a 22 2a  49 3f 5c e4
>|   40 e6 5c 8f  9b 97 32 07  8f 44 b5 9f  eb d2 df 5f
>|   8c c2 7d 64  fa 0c fa 3e  e7 08 dc b9  1a 7f 7c 6b
>|   5a d2 93 ec  da 09 a5 9e  e1 a1 e5 87  95 c4 f3 ba
>|   1b 61 60 8e  ed d7 44 72  05 00 00 14  1a c9 83 b9
>|   87 63 f4 85  eb 35 0d 6e  91 cf 1d 28  0d 00 00 13
>|   02 00 00 00  52 48 2d 73  74 61 6e 64  61 72 64 0d
>|   00 00 14 af  ca d7 13 68  a1 f1 c9 6b  86 96 fc 77
>|   57 01 00 0d  00 00 14 4a  13 1c 81 07  03 58 45 5c
>|   57 28 f2 0e  95 45 2f 0d  00 00 14 7d  94 19 a6 53
>|   10 ca 6f 2c  17 9d 92 15  52 9d 56 0d  00 00 14 90
>|   cb 80 91 3e  bb 69 6e 08  63 81 b5 ec  42 7b 1f 0d
>|   00 00 14 cd  60 46 43 35  df 21 f8 7c  fd b2 fc 68
>|   b6 a4 48 0d  00 00 14 44  85 15 2d 18  b6 bb cd 0b
>|   e8 a8 46 95  79 dd cc 0d  00 00 0c 09  00 26 89 df
>|   d6 b7 12 00  00 00 14 40  48 b7 d5 6e  bc e8 85 25
>|   e7 de 7f 00  d6 c2 d3 00
>| deleting event for #1
>| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
>| event added at head of queue
>| complete state transition with STF_IGNORE
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_RETRANSMIT in 10 seconds for #1
>| next event EVENT_RETRANSMIT in 10 seconds for #1
>|  
>| *received 528 bytes from 66.187.233.55:500 on wlp3s0 (port=500)
>|   82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>|   01 10 04 00  00 00 00 00  00 00 02 10  04 00 00 3c
>|   00 00 00 01  00 00 00 01  00 00 00 30  01 01 00 01
>|   00 00 00 28  00 01 00 00  80 01 00 07  80 0e 00 80
>|   80 02 00 02  80 04 00 05  80 03 fd e9  80 0b 00 01
>|   00 0c 00 04  00 01 51 80  0a 00 00 c4  2b 85 c4 86
>|   80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d  3f 35 f3 b8
>|   e7 94 c7 2c  00 88 96 36  bf 63 08 94  08 40 90 06
>|   0d 35 3c 78  96 27 92 ea  49 f1 f4 76  56 4d ae 79
>|   b8 f1 44 9f  59 04 31 d4  d2 26 94 78  89 eb 13 20
>|   3e ba d0 07  5a 47 0a 18  fe 6a 24 c7  c2 9f ea 99
>|   16 e5 84 3a  2b 32 05 c8  cf c5 30 ba  e6 ad 22 e6
>|   3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1  14 2e ef a8
>|   76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a  f9 c8 94 d9
>|   6b f2 c5 db  9e ed 16 dc  31 e2 66 e1  19 c9 f4 cd
>|   3b 40 bd ab  33 e0 5c fc  77 95 99 5d  94 1d 73 0d
>|   50 50 1e f4  ed 9b a8 de  78 61 0c aa  38 1f 7e 3d
>|   4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd  05 00 00 18
>|   74 5e 97 51  7c 92 34 5c  f2 43 fb 48  dc bb 99 41
>|   d9 85 0b b6  08 00 00 0c  01 11 00 00  42 bb e9 37
>|   0d 00 00 18  75 4a 92 fe  74 e2 f8 2b  67 81 25 42
>|   91 90 09 1f  83 1f 57 2d  0d 00 00 14  12 f5 f2 8c
>|   45 71 68 a9  70 2d 9f e2  74 cc 01 00  0d 00 00 0c
>|   09 00 26 89  df d6 b7 12  0d 00 00 14  af ca d7 13
>|   68 a1 f1 c9  6b 86 96 fc  77 57 01 00  14 00 00 14
>|   4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
>|   14 00 00 18  7c 1c a2 d8  98 90 d9 41  98 a9 b1 7f
>|   7f fb 52 94  cf 7e 92 ac  0d 00 00 18  b9 eb e9 f4
>|   d9 c6 85 86  17 3c 0b 85  36 fb 70 81  b4 c4 d3 ee
>|   0d 00 00 18  40 48 b7 d5  6e bc e8 85  25 e7 de 7f
>|   00 d6 c2 d3  c0 00 00 00  0d 00 00 14  9a 4a c9 aa
>|   5e 72 64 7b  66 76 fd b1  08 8d 62 4d  00 00 00 14
>|   1f 07 f7 0e  aa 65 14 d3  b0 fa 96 54  2a 50 01 00
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_SA
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_AGGR
>|    flags: none
>|    message ID:  00 00 00 00
>|    length: 528
>|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_AGGR (4)
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| v1 state object not found
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 8
>| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
>| v1 state object #1 found, in STATE_AGGR_I1
>| processing connection nm-conn1
>| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x532opt: 0x102000
>| ***parse ISAKMP Security Association Payload:
>|    next payload type: ISAKMP_NEXT_KE
>|    length: 60
>|    DOI: ISAKMP_DOI_IPSEC
>| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x530opt: 0x102000
>| ***parse ISAKMP Key Exchange Payload:
>|    next payload type: ISAKMP_NEXT_NONCE
>|    length: 196
>| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x520opt: 0x102000
>| ***parse ISAKMP Nonce Payload:
>|    next payload type: ISAKMP_NEXT_ID
>|    length: 24
>| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x120opt: 0x102000
>| ***parse ISAKMP Identification Payload:
>|    next payload type: ISAKMP_NEXT_HASH
>|    length: 12
>|    ID type: ID_IPV4_ADDR
>|    DOI specific A: 17
>|    DOI specific B: 0
>|      obj:   42 bb e9 37
>| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x102000
>| ***parse ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 24
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 20
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 12
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 20
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_NATD_RFC
>|    length: 20
>| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
>| ***parse ISAKMP NAT-D Payload:
>|    next payload type: ISAKMP_NEXT_NATD_RFC
>|    length: 24
>| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0opt: 0x102000
>| ***parse ISAKMP NAT-D Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 24
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 24
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_VID
>|    length: 20
>| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0opt: 0x102000
>| ***parse ISAKMP Vendor ID Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 20
>"nm-conn1" #1: received Vendor ID payload [Cisco-Unity]
>"nm-conn1" #1: received Vendor ID payload [XAUTH]
>"nm-conn1" #1: received Vendor ID payload [Dead Peer Detection]
>| returning NATT method NAT_TRAVERSAL_METHOD_IETF_RFC
>|  method set to=RFC 3947 (NAT-Traversal) 
>"nm-conn1" #1: received Vendor ID payload [RFC 3947]
>"nm-conn1" #1: received Vendor ID payload [FRAGMENTATION c0000000]
>"nm-conn1" #1: ignoring unknown Vendor ID payload [9a4ac9aa5e72647b6676fdb1088d624d]
>"nm-conn1" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
>"nm-conn1" #1: protocol/port in Phase 1 ID Payload MUST be 0/0 or 17/500 but are 17/0 (attempting to continue)
>"nm-conn1" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '66.187.233.55'
>| refine_connection: starting with nm-conn1
>|    match_id a=66.187.233.55
>|             b=66.187.233.55
>|    results  matched
>|   trusted_ca called with a=(empty) b=(empty)
>| refine_connection: checking nm-conn1 against nm-conn1, best=(none) with match=1(id=1/ca=1/reqca=1)
>| refine_connection: checked nm-conn1 against nm-conn1, now for see if best
>| started looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| actually looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| line 1: key type PPK_PSK(@RH-standard) to type PPK_PSK 
>| 1: compared key @RH-standard to @RH-standard / 66.187.233.55 -> 8
>| line 1: match=9 
>| best_match 0>9 best=0x7fa89f5c9340 (line=1)
>| concluding with best_match=9 best=0x7fa89f5c9340 (lineno=1)
>| offered CA: '%none'
>| ****parse IPsec DOI SIT:
>|    IPsec DOI SIT: SIT_IDENTITY_ONLY
>| ****parse ISAKMP Proposal Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 48
>|    proposal number: 1
>|    protocol ID: PROTO_ISAKMP
>|    SPI size: 0
>|    number of transforms: 1
>| *****parse ISAKMP Transform Payload (ISAKMP):
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 40
>|    ISAKMP transform number: 0
>|    ISAKMP transform ID: KEY_IKE
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_ENCRYPTION_ALGORITHM
>|    length/value: 7
>|    [7 is OAKLEY_AES_CBC]
>| ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_KEY_LENGTH
>|    length/value: 128
>| ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_HASH_ALGORITHM
>|    length/value: 2
>|    [2 is OAKLEY_SHA1]
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_GROUP_DESCRIPTION
>|    length/value: 5
>|    [5 is OAKLEY_GROUP_MODP1536]
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_AUTHENTICATION_METHOD
>|    length/value: 65001
>|    [65001 is XAUTHInitPreShared]
>| started looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| actually looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| line 1: key type PPK_PSK(@RH-standard) to type PPK_PSK 
>| 1: compared key @RH-standard to @RH-standard / 66.187.233.55 -> 8
>| line 1: match=9 
>| best_match 0>9 best=0x7fa89f5c9340 (line=1)
>| concluding with best_match=9 best=0x7fa89f5c9340 (lineno=1)
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_LIFE_TYPE
>|    length/value: 1
>|    [1 is OAKLEY_LIFE_SECONDS]
>| ******parse ISAKMP Oakley attribute:
>|    af+type: OAKLEY_LIFE_DURATION (variable length)
>|    length/value: 4
>|    long duration: 86400
>| Oakley Transform 0 accepted
>| returning NATT method NAT_TRAVERSAL_METHOD_IETF_RFC
>| DH public value received:
>|   2b 85 c4 86  80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d
>|   3f 35 f3 b8  e7 94 c7 2c  00 88 96 36  bf 63 08 94
>|   08 40 90 06  0d 35 3c 78  96 27 92 ea  49 f1 f4 76
>|   56 4d ae 79  b8 f1 44 9f  59 04 31 d4  d2 26 94 78
>|   89 eb 13 20  3e ba d0 07  5a 47 0a 18  fe 6a 24 c7
>|   c2 9f ea 99  16 e5 84 3a  2b 32 05 c8  cf c5 30 ba
>|   e6 ad 22 e6  3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1
>|   14 2e ef a8  76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a
>|   f9 c8 94 d9  6b f2 c5 db  9e ed 16 dc  31 e2 66 e1
>|   19 c9 f4 cd  3b 40 bd ab  33 e0 5c fc  77 95 99 5d
>|   94 1d 73 0d  50 50 1e f4  ed 9b a8 de  78 61 0c aa
>|   38 1f 7e 3d  4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 8
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| inserting state object #1
>| inR1: checking NAT-t: 1 and 16
>| natd_hash: hasher=0x7fa89d7211a0(20)
>| natd_hash: icookie=  82 a0 20 0f  0a fd b1 f1
>| natd_hash: rcookie=  6f 8d 6e b7  5e 73 64 7b
>| natd_hash: ip=  0a c8 8a 45
>| natd_hash: port=500
>| natd_hash: hash=  d7 d2 74 88  bc 79 37 f7  5d 7d c1 af  2f 66 4f 54
>| natd_hash: hash=  eb bf 03 99
>| natd_hash: hasher=0x7fa89d7211a0(20)
>| natd_hash: icookie=  82 a0 20 0f  0a fd b1 f1
>| natd_hash: rcookie=  6f 8d 6e b7  5e 73 64 7b
>| natd_hash: ip=  42 bb e9 37
>| natd_hash: port=500
>| natd_hash: hash=  b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>| natd_hash: hash=  b4 c4 d3 ee
>| NAT_TRAVERSAL hash=0 (me:0) (him:0)
>| expected NAT-D(me):  d7 d2 74 88  bc 79 37 f7  5d 7d c1 af  2f 66 4f 54
>| expected NAT-D(me):  eb bf 03 99
>| expected NAT-D(him):
>|   b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>|   b4 c4 d3 ee
>| received NAT-D:  7c 1c a2 d8  98 90 d9 41  98 a9 b1 7f  7f fb 52 94
>| received NAT-D:  cf 7e 92 ac
>| NAT_TRAVERSAL hash=1 (me:0) (him:0)
>| expected NAT-D(me):  d7 d2 74 88  bc 79 37 f7  5d 7d c1 af  2f 66 4f 54
>| expected NAT-D(me):  eb bf 03 99
>| expected NAT-D(him):
>|   b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>|   b4 c4 d3 ee
>| received NAT-D:  b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>| received NAT-D:  b4 c4 d3 ee
>| NAT_TRAVERSAL hash=2 (me:0) (him:1)
>| NAT_TRAVERSAL nat_keepalive enabled
>"nm-conn1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
>| inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
>| event added after event EVENT_RETRANSMIT for #1
>| started looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| actually looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| line 1: key type PPK_PSK(@RH-standard) to type PPK_PSK 
>| 1: compared key @RH-standard to @RH-standard / 66.187.233.55 -> 8
>| line 1: match=9 
>| best_match 0>9 best=0x7fa89f5c9340 (line=1)
>| concluding with best_match=9 best=0x7fa89f5c9340 (lineno=1)
>| parent1 type: 7 group: 5 len: 2776 
>| Copying DH pub key pointer to be sent to a thread helper
>| 2: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
>| asking helper 2 to do compute dh+iv op on seq: 2 (len=2776, pcw_work=1)
>| helper 2 read 2768+4/2776 bytes fd: 13
>| helper 2 doing compute dh+iv op id: 2
>| peer's g:   2b 85 c4 86  80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d
>| peer's g:   3f 35 f3 b8  e7 94 c7 2c  00 88 96 36  bf 63 08 94
>| peer's g:   08 40 90 06  0d 35 3c 78  96 27 92 ea  49 f1 f4 76
>| peer's g:   56 4d ae 79  b8 f1 44 9f  59 04 31 d4  d2 26 94 78
>| peer's g:   89 eb 13 20  3e ba d0 07  5a 47 0a 18  fe 6a 24 c7
>| peer's g:   c2 9f ea 99  16 e5 84 3a  2b 32 05 c8  cf c5 30 ba
>| peer's g:   e6 ad 22 e6  3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1
>| peer's g:   14 2e ef a8  76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a
>| peer's g:   f9 c8 94 d9  6b f2 c5 db  9e ed 16 dc  31 e2 66 e1
>| peer's g:   19 c9 f4 cd  3b 40 bd ab  33 e0 5c fc  77 95 99 5d
>| peer's g:   94 1d 73 0d  50 50 1e f4  ed 9b a8 de  78 61 0c aa
>| peer's g:   38 1f 7e 3d  4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd
>| Started DH shared-secret computation in NSS: 
>| Dropped no leading zeros 192
>| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1536): 661 usec
>| DH shared-secret (pointer):
>|   e0 16 00 8c  a8 7f 00 00
>| NSS: skeyid inputs (pss+NI+NR+shared-secret) hasher: oakley_sha
>| shared-secret (pointer in chunk_t): 
>|   e0 16 00 8c  a8 7f 00 00
>| ni:   1a c9 83 b9  87 63 f4 85  eb 35 0d 6e  91 cf 1d 28
>| nr:   74 5e 97 51  7c 92 34 5c  f2 43 fb 48  dc bb 99 41
>| nr:   d9 85 0b b6
>| NSS: st_skeyid in skeyid_preshared() (pointer): 
>|   f0 ac 00 8c  a8 7f 00 00
>| NSS: Started key computation 
>| NSS: dh shared param len=8 
>| NSS: enc keysize=16 
>| NSS: copied skeyid_d_chunk 
>| NSS: copied skeyid_a_chunk 
>| NSS: copied skeyid_e_chunk 
>| NSS: copied enc_key_chunk 
>| NSS: Freed symkeys 1-23 
>| NSS: Freed padding chunks 
>| DH_i:  6b 24 b1 cf  a1 74 d6 a4  c4 57 19 8b  c8 5d 7d 87
>| DH_i:  e8 87 01 a3  71 d8 95 0b  2b f9 2a 13  8b 02 2c 82
>| DH_i:  35 dd 81 da  92 63 74 08  06 05 0c d8  5e 6f 0b 73
>| DH_i:  a7 a9 75 97  a1 a3 3d cf  64 38 b3 38  bc c3 5d f4
>| DH_i:  8d 7a 10 f0  20 ba ca 35  cf 33 59 db  97 cd 55 6a
>| DH_i:  1a 83 6c f4  c5 19 9e e8  7f 7d ff 60  e9 c8 ea 5e
>| DH_i:  f8 ae bd a1  58 32 79 0a  65 d9 28 ff  06 57 34 b7
>| DH_i:  55 1f 51 25  d8 b2 52 12  55 9d e9 87  ed 07 27 9d
>| DH_i:  55 8a 22 2a  49 3f 5c e4  40 e6 5c 8f  9b 97 32 07
>| DH_i:  8f 44 b5 9f  eb d2 df 5f  8c c2 7d 64  fa 0c fa 3e
>| DH_i:  e7 08 dc b9  1a 7f 7c 6b  5a d2 93 ec  da 09 a5 9e
>| DH_i:  e1 a1 e5 87  95 c4 f3 ba  1b 61 60 8e  ed d7 44 72
>| DH_r:  2b 85 c4 86  80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d
>| DH_r:  3f 35 f3 b8  e7 94 c7 2c  00 88 96 36  bf 63 08 94
>| DH_r:  08 40 90 06  0d 35 3c 78  96 27 92 ea  49 f1 f4 76
>| DH_r:  56 4d ae 79  b8 f1 44 9f  59 04 31 d4  d2 26 94 78
>| DH_r:  89 eb 13 20  3e ba d0 07  5a 47 0a 18  fe 6a 24 c7
>| DH_r:  c2 9f ea 99  16 e5 84 3a  2b 32 05 c8  cf c5 30 ba
>| DH_r:  e6 ad 22 e6  3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1
>| DH_r:  14 2e ef a8  76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a
>| DH_r:  f9 c8 94 d9  6b f2 c5 db  9e ed 16 dc  31 e2 66 e1
>| DH_r:  19 c9 f4 cd  3b 40 bd ab  33 e0 5c fc  77 95 99 5d
>| DH_r:  94 1d 73 0d  50 50 1e f4  ed 9b a8 de  78 61 0c aa
>| DH_r:  38 1f 7e 3d  4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd
>| end of IV generation 
>| crypto helper write of request: cnt=2776<wlen=2776.  
>| deleting event for #1
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
>| event added after event EVENT_PENDING_PHASE2
>| peer supports fragmentation
>| peer supports dpd
>| complete state transition with STF_SUSPEND
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>|  
>| helper 2 has finished work (cnt now 1)
>| helper 2 replies to id: q#2
>| calling callback function 0x7fa89d483f20
>| aggr inR1_outI2: calculated DH, sending I2
>| processing connection nm-conn1
>| hmac_update data value: 
>|   2b 85 c4 86  80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d
>|   3f 35 f3 b8  e7 94 c7 2c  00 88 96 36  bf 63 08 94
>|   08 40 90 06  0d 35 3c 78  96 27 92 ea  49 f1 f4 76
>|   56 4d ae 79  b8 f1 44 9f  59 04 31 d4  d2 26 94 78
>|   89 eb 13 20  3e ba d0 07  5a 47 0a 18  fe 6a 24 c7
>|   c2 9f ea 99  16 e5 84 3a  2b 32 05 c8  cf c5 30 ba
>|   e6 ad 22 e6  3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1
>|   14 2e ef a8  76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a
>|   f9 c8 94 d9  6b f2 c5 db  9e ed 16 dc  31 e2 66 e1
>|   19 c9 f4 cd  3b 40 bd ab  33 e0 5c fc  77 95 99 5d
>|   94 1d 73 0d  50 50 1e f4  ed 9b a8 de  78 61 0c aa
>|   38 1f 7e 3d  4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   6b 24 b1 cf  a1 74 d6 a4  c4 57 19 8b  c8 5d 7d 87
>|   e8 87 01 a3  71 d8 95 0b  2b f9 2a 13  8b 02 2c 82
>|   35 dd 81 da  92 63 74 08  06 05 0c d8  5e 6f 0b 73
>|   a7 a9 75 97  a1 a3 3d cf  64 38 b3 38  bc c3 5d f4
>|   8d 7a 10 f0  20 ba ca 35  cf 33 59 db  97 cd 55 6a
>|   1a 83 6c f4  c5 19 9e e8  7f 7d ff 60  e9 c8 ea 5e
>|   f8 ae bd a1  58 32 79 0a  65 d9 28 ff  06 57 34 b7
>|   55 1f 51 25  d8 b2 52 12  55 9d e9 87  ed 07 27 9d
>|   55 8a 22 2a  49 3f 5c e4  40 e6 5c 8f  9b 97 32 07
>|   8f 44 b5 9f  eb d2 df 5f  8c c2 7d 64  fa 0c fa 3e
>|   e7 08 dc b9  1a 7f 7c 6b  5a d2 93 ec  da 09 a5 9e
>|   e1 a1 e5 87  95 c4 f3 ba  1b 61 60 8e  ed d7 44 72
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   6f 8d 6e b7  5e 73 64 7b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   82 a0 20 0f  0a fd b1 f1
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hashing 52 bytes of SA
>| hmac_update data value: 
>|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
>|   00 00 00 24  00 01 00 00  80 0b 00 01  00 0c 00 04
>|   00 01 51 80  80 01 00 07  80 02 00 02  80 03 fd e9
>|   80 04 00 05
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   01 11 00 00  42 bb e9 37
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| authentication succeeded
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_AGGR
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  00 00 00 00
>| sending NAT-D payloads
>| natd_hash: hasher=0x7fa89d7211a0(20)
>| natd_hash: icookie=  82 a0 20 0f  0a fd b1 f1
>| natd_hash: rcookie=  6f 8d 6e b7  5e 73 64 7b
>| natd_hash: ip=  42 bb e9 37
>| natd_hash: port=500
>| natd_hash: hash=  b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>| natd_hash: hash=  b4 c4 d3 ee
>| ***emit ISAKMP NAT-D Payload:
>|    next payload type: ISAKMP_NEXT_NATD_RFC
>| emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
>| NAT-D  b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85  36 fb 70 81
>| NAT-D  b4 c4 d3 ee
>| emitting length of ISAKMP NAT-D Payload: 24
>| natd_hash: hasher=0x7fa89d7211a0(20)
>| natd_hash: icookie=  82 a0 20 0f  0a fd b1 f1
>| natd_hash: rcookie=  6f 8d 6e b7  5e 73 64 7b
>| natd_hash: ip=  0a c8 8a 45
>| natd_hash: port=500
>| natd_hash: hash=  d7 d2 74 88  bc 79 37 f7  5d 7d c1 af  2f 66 4f 54
>| natd_hash: hash=  eb bf 03 99
>| ***emit ISAKMP NAT-D Payload:
>|    next payload type: ISAKMP_NEXT_HASH
>| emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
>| NAT-D  d7 d2 74 88  bc 79 37 f7  5d 7d c1 af  2f 66 4f 54
>| NAT-D  eb bf 03 99
>| emitting length of ISAKMP NAT-D Payload: 24
>| **emit ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 0
>|    ID type: ID_FQDN
>|    Protocol ID: 0
>|    port: 0
>| emitting length of ISAKMP Identification Payload (IPsec DOI): 8
>| emitting 11 raw bytes of my identity into identity payload
>| my identity  52 48 2d 73  74 61 6e 64  61 72 64
>| hmac_update data value: 
>|   6b 24 b1 cf  a1 74 d6 a4  c4 57 19 8b  c8 5d 7d 87
>|   e8 87 01 a3  71 d8 95 0b  2b f9 2a 13  8b 02 2c 82
>|   35 dd 81 da  92 63 74 08  06 05 0c d8  5e 6f 0b 73
>|   a7 a9 75 97  a1 a3 3d cf  64 38 b3 38  bc c3 5d f4
>|   8d 7a 10 f0  20 ba ca 35  cf 33 59 db  97 cd 55 6a
>|   1a 83 6c f4  c5 19 9e e8  7f 7d ff 60  e9 c8 ea 5e
>|   f8 ae bd a1  58 32 79 0a  65 d9 28 ff  06 57 34 b7
>|   55 1f 51 25  d8 b2 52 12  55 9d e9 87  ed 07 27 9d
>|   55 8a 22 2a  49 3f 5c e4  40 e6 5c 8f  9b 97 32 07
>|   8f 44 b5 9f  eb d2 df 5f  8c c2 7d 64  fa 0c fa 3e
>|   e7 08 dc b9  1a 7f 7c 6b  5a d2 93 ec  da 09 a5 9e
>|   e1 a1 e5 87  95 c4 f3 ba  1b 61 60 8e  ed d7 44 72
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   2b 85 c4 86  80 f2 ca 30  3c 9f 58 b5  6d e9 3b 8d
>|   3f 35 f3 b8  e7 94 c7 2c  00 88 96 36  bf 63 08 94
>|   08 40 90 06  0d 35 3c 78  96 27 92 ea  49 f1 f4 76
>|   56 4d ae 79  b8 f1 44 9f  59 04 31 d4  d2 26 94 78
>|   89 eb 13 20  3e ba d0 07  5a 47 0a 18  fe 6a 24 c7
>|   c2 9f ea 99  16 e5 84 3a  2b 32 05 c8  cf c5 30 ba
>|   e6 ad 22 e6  3e 07 a6 26  7f ca 2b 09  7c 56 c3 a1
>|   14 2e ef a8  76 f8 15 e2  3d 11 7b 21  c4 53 c9 3a
>|   f9 c8 94 d9  6b f2 c5 db  9e ed 16 dc  31 e2 66 e1
>|   19 c9 f4 cd  3b 40 bd ab  33 e0 5c fc  77 95 99 5d
>|   94 1d 73 0d  50 50 1e f4  ed 9b a8 de  78 61 0c aa
>|   38 1f 7e 3d  4d 84 0b 6a  9b e2 14 da  a4 ad a0 fd
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   82 a0 20 0f  0a fd b1 f1
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   6f 8d 6e b7  5e 73 64 7b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hashing 52 bytes of SA
>| hmac_update data value: 
>|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
>|   00 00 00 24  00 01 00 00  80 0b 00 01  00 0c 00 04
>|   00 01 51 80  80 01 00 07  80 02 00 02  80 03 fd e9
>|   80 04 00 05
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   02 00 00 00  52 48 2d 73  74 61 6e 64  61 72 64
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>| emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload
>| HASH_I  ac 4c 09 27  79 41 d6 44  e8 96 2d 12  a6 8d 4e 0b
>| HASH_I  95 18 6e 9f
>| emitting length of ISAKMP Hash Payload: 24
>| encrypting:
>|   14 00 00 18  b9 eb e9 f4  d9 c6 85 86  17 3c 0b 85
>|   36 fb 70 81  b4 c4 d3 ee  08 00 00 18  d7 d2 74 88
>|   bc 79 37 f7  5d 7d c1 af  2f 66 4f 54  eb bf 03 99
>|   00 00 00 18  ac 4c 09 27  79 41 d6 44  e8 96 2d 12
>|   a6 8d 4e 0b  95 18 6e 9f
>| IV:
>|   96 51 68 ee  10 b6 0d 4f  ae 66 86 47  3a 02 3a 52
>|   7c 45 49 9c
>| unpadded size is: 72
>| emitting 8 zero bytes of encryption padding into ISAKMP Message
>| encrypting 80 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| no IKE message padding required
>| emitting length of ISAKMP Message: 108
>| peer supports fragmentation
>| complete state transition with STF_OK
>"nm-conn1" #1: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2
>| deleting event for #1
>| NAT-T: floating to port 4500
>| NAT-T connection has wrong interface definition 10.200.138.69:4500 vs 10.200.138.69:500
>| NAT-T: using interface wlp3s0:4500
>| sending reply packet to 66.187.233.55:4500 (from port 4500)
>| sending 112 bytes for STATE_AGGR_I1 through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  14 10 04 01  00 00 00 00  00 00 00 6c
>|   b1 bf d9 39  a2 38 3c 8d  7a 89 51 bc  e0 95 2f 97
>|   80 a7 83 75  7a d2 0f 0d  89 92 46 64  67 f8 57 e3
>|   f0 79 36 9d  44 c6 bb 1b  54 14 c5 f4  64 e9 c4 bb
>|   0b fd 0b d4  7b 86 64 50  f2 09 74 61  46 46 8c 17
>|   91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| inserting event EVENT_SA_REPLACE, timeout in 85407 seconds for #1
>| event added after event EVENT_LOG_DAILY
>"nm-conn1" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1536}
>| XAUTH client is not yet authenticated
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>|  
>| *received 108 bytes from 66.187.233.55:4500 on wlp3s0 (port=4500)
>|   82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>|   08 10 06 01  4b 44 7c 9d  00 00 00 6c  09 70 1e 60
>|   77 97 0a f1  b2 51 34 99  a4 1f 25 c8  3d 13 29 4e
>|   01 51 c0 c4  34 e9 fa d2  70 97 6e 8a  bf 74 02 a1
>|   96 33 f6 18  8c b3 ca 50  26 3c e7 c5  dc 8c c7 3c
>|   22 a7 16 21  99 57 f4 86  5c fa 64 4f  e6 18 14 b9
>|   39 a8 cc 8c  00 6c 77 49  1e a6 1d 02
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  4b 44 7c 9d
>|    length: 108
>|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| peer and cookies match on #1, provided msgid 4b447c9d vs 00000000/00000000
>| p15 state object not found
>|  in process_v1_packet:1295 No appropriate Mode Config state yet.See if we have a Main Mode state
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
>| p15 state object #1 found, in STATE_AGGR_I2
>| processing connection nm-conn1
>|  processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG.
>|  this is a xauthclient modecfgclient
>|  call  init_phase2_iv
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| computed Phase 2 IV:
>|   6a 7c a8 14  cf ce c5 8b  48 41 02 9b  46 bf 6e e9
>|   fe 2d cf 57
>|  set from_state to STATE_AGGR_I2 this is xauthclient and IS_PHASE1() is TRUE
>| received encrypted packet from 66.187.233.55:4500
>| decrypting 80 bytes using algorithm OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| decrypted:
>|   0e 00 00 18  9a 93 21 75  73 c1 60 47  6e 15 7e 79
>|   55 29 b3 78  e2 a5 ee 90  00 00 00 34  01 00 00 00
>|   c0 88 00 00  40 89 00 00  40 8a 00 00  40 8c 00 1c
>|   45 6e 74 65  72 20 55 73  65 72 6e 61  6d 65 20 61
>|   6e 64 20 50  61 73 73 77  6f 72 64 2e  00 00 00 00
>| next IV:  e6 18 14 b9  39 a8 cc 8c  00 6c 77 49  1e a6 1d 02
>| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100opt: 0x2000
>| ***parse ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>|    length: 24
>| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000opt: 0x2000
>| ***parse ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 52
>|    Attr Msg Type: ISAKMP_CFG_REQUEST
>|    Identifier: 0
>| removing 4 bytes of padding
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  4b 44 7c 9d
>| arrived in xauth_inI0
>| hmac_update data value: 
>|   4b 44 7c 9d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 34  01 00 00 00  c0 88 00 00  40 89 00 00
>|   40 8a 00 00  40 8c 00 1c  45 6e 74 65  72 20 55 73
>|   65 72 6e 61  6d 65 20 61  6e 64 20 50  61 73 73 77
>|   6f 72 64 2e
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   9a 93 21 75  73 c1 60 47  6e 15 7e 79  55 29 b3 78
>|   e2 a5 ee 90
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 49288??
>|    length/value: 0
>| Received Cisco XAUTH type: Generic
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 16521??
>|    length/value: 0
>| Received Cisco XAUTH username
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 16522??
>|    length/value: 0
>| Received Cisco XAUTH password
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 16524??
>|    length/value: 28
>| Received Cisco XAUTH message
>"nm-conn1" #1: XAUTH Message: Enter Username and Password.
>| XAUTH: Username or password request received
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| ***emit ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    Attr Msg Type: ISAKMP_CFG_REPLY
>|    Identifier: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 49288??
>|    length/value: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 16521??
>| emitting 8 raw bytes of XAUTH username into ISAKMP ModeCfg attribute
>| XAUTH username  6a 72 75 73  6e 61 63 6b
>| emitting length of ISAKMP ModeCfg attribute: 8
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 16522??
>| started looking for xauth secret for jrusnack
>| line 1: key type PPK_XAUTH(@jrusnack) to type PPK_PSK 
>| concluding with best_match=0 best=(nil) (lineno=-1)
>| looked up username=jrusnack, got=(nil)
>| prompting for Password:
>| emitting 14 raw bytes of XAUTH password into ISAKMP ModeCfg attribute
>| XAUTH password  67 77 61 69  68 69 72 32  31 39 32 35  34 32
>| emitting length of ISAKMP ModeCfg attribute: 14
>| emitting length of ISAKMP Mode Attribute: 42
>"nm-conn1" #1: XAUTH: Answering XAUTH challenge with user='jrusnack'
>| hmac_update data value: 
>|   4b 44 7c 9d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 2a  02 00 00 00  c0 88 00 00  40 89 00 08
>|   6a 72 75 73  6e 61 63 6b  40 8a 00 0e  67 77 61 69
>|   68 69 72 32  31 39 32 35  34 32
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   d5 2a 81 bd  34 70 25 a2  f4 89 c8 bd  53 34 a8 b0
>|   bb 80 ac 23
>| padding IKE message with 2 bytes
>| emitting 2 zero bytes of message padding into ISAKMP Message
>| emitting length of ISAKMP Message: 96
>| encrypting:
>|   0e 00 00 18  d5 2a 81 bd  34 70 25 a2  f4 89 c8 bd
>|   53 34 a8 b0  bb 80 ac 23  00 00 00 2a  02 00 00 00
>|   c0 88 00 00  40 89 00 08  6a 72 75 73  6e 61 63 6b
>|   40 8a 00 0e  67 77 61 69  68 69 72 32  31 39 32 35
>|   34 32 00 00
>| IV:
>|   e6 18 14 b9  39 a8 cc 8c  00 6c 77 49  1e a6 1d 02
>| unpadded size is: 68
>| emitting 12 zero bytes of encryption padding into ISAKMP Message
>| encrypting 80 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  2a 3c 4c b1  a5 aa 32 19  15 ba 25 07  0a 91 b5 2d
>| no IKE message padding required
>| emitting length of ISAKMP Message: 108
>| xauth_inI0(STF_OK)
>| complete state transition with STF_OK
>"nm-conn1" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
>| deleting event for #1
>| sending reply packet to 66.187.233.55:4500 (from port 4500)
>| sending 112 bytes for STATE_XAUTH_I0 through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 06 01  4b 44 7c 9d  00 00 00 6c
>|   33 3f e7 d9  d6 be fb 8f  ea fb 07 79  63 ba 9f bb
>|   3d 30 68 66  f1 0b f5 58  f3 85 55 b6  67 69 a4 6c
>|   c8 e0 53 72  59 c5 2f 21  d2 ed c3 63  50 09 e8 35
>|   d3 77 ea 0b  04 aa 24 c8  eb 9d 63 c4  68 da 68 fc
>|   2a 3c 4c b1  a5 aa 32 19  15 ba 25 07  0a 91 b5 2d
>| inserting event EVENT_SA_REPLACE, timeout in 86130 seconds for #1
>| event added after event EVENT_LOG_DAILY
>"nm-conn1" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
>| XAUTH client is not yet authenticated
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>|  
>| *received 76 bytes from 66.187.233.55:4500 on wlp3s0 (port=4500)
>|   82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>|   08 10 06 01  27 54 5a 6e  00 00 00 4c  a6 62 48 a6
>|   9a 52 57 38  12 3c a7 fa  aa a6 fb 17  ac 0d d9 2c
>|   b9 70 12 42  aa 71 1f 50  98 85 97 30  ca af 75 0b
>|   34 c0 7c b7  23 79 b7 96  fb 42 2f d1
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  27 54 5a 6e
>|    length: 76
>|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| peer and cookies match on #1, provided msgid 27545a6e vs 00000000/00000000
>| p15 state object not found
>|  in process_v1_packet:1295 No appropriate Mode Config state yet.See if we have a Main Mode state
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
>| p15 state object #1 found, in STATE_XAUTH_I1
>| processing connection nm-conn1
>|  processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG.
>|  this is a xauthclient modecfgclient
>|  call  init_phase2_iv
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  2a 3c 4c b1  a5 aa 32 19  15 ba 25 07  0a 91 b5 2d
>| computed Phase 2 IV:
>|   0b c9 d5 00  9e 57 d1 03  10 23 e0 4f  ee 61 c0 88
>|   5e 5d 30 56
>|  set from_state to STATE_XAUTH_I1 this is xauthclient and state == STATE_XAUTH_I1
>| received encrypted packet from 66.187.233.55:4500
>| decrypting 48 bytes using algorithm OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| decrypted:
>|   0e 00 00 18  6e 6b 54 a7  9d 31 ea df  72 d3 c5 56
>|   6c 3b f4 46  d6 94 84 55  00 00 00 0c  03 00 00 00
>|   c0 8f 00 01  00 00 00 00  00 00 00 00  00 00 00 00
>| next IV:  ca af 75 0b  34 c0 7c b7  23 79 b7 96  fb 42 2f d1
>| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100opt: 0x2000
>| ***parse ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>|    length: 24
>| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000opt: 0x2000
>| ***parse ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 12
>|    Attr Msg Type: ISAKMP_CFG_SET
>|    Identifier: 0
>| removing 12 bytes of padding
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  27 54 5a 6e
>| arrived in xauth_inI0
>| hmac_update data value: 
>|   27 54 5a 6e
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 0c  03 00 00 00  c0 8f 00 01
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   6e 6b 54 a7  9d 31 ea df  72 d3 c5 56  6c 3b f4 46
>|   d6 94 84 55
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 49295??
>|    length/value: 1
>| Received Cisco XAUTH status
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| ***emit ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    Attr Msg Type: ISAKMP_CFG_ACK
>|    Identifier: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: 49295??
>|    length/value: 1
>| no IKE message padding required
>| emitting length of ISAKMP Mode Attribute: 12
>| hmac_update data value: 
>|   27 54 5a 6e
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 0c  04 00 00 00  c0 8f 00 01
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   59 0e fc f7  19 d9 eb 18  92 84 41 94  4e 99 77 96
>|   b7 c9 5a ff
>| no IKE message padding required
>| emitting length of ISAKMP Message: 64
>| encrypting:
>|   0e 00 00 18  59 0e fc f7  19 d9 eb 18  92 84 41 94
>|   4e 99 77 96  b7 c9 5a ff  00 00 00 0c  04 00 00 00
>|   c0 8f 00 01
>| IV:
>|   ca af 75 0b  34 c0 7c b7  23 79 b7 96  fb 42 2f d1
>| unpadded size is: 36
>| emitting 12 zero bytes of encryption padding into ISAKMP Message
>| encrypting 48 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  a0 07 11 d9  d5 54 c1 ae  43 3b 8b dd  49 ba 66 82
>| no IKE message padding required
>| emitting length of ISAKMP Message: 76
>"nm-conn1" #1: XAUTH: Successfully Authenticated
>| complete state transition with STF_OK
>"nm-conn1" #1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
>| deleting event for #1
>| sending reply packet to 66.187.233.55:4500 (from port 4500)
>| sending 80 bytes for STATE_XAUTH_I0 through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 06 01  27 54 5a 6e  00 00 00 4c
>|   65 f4 d1 4a  c2 d0 95 30  65 8f da d9  22 60 ca 52
>|   2d df 97 2c  e8 15 1a c5  14 ae 6d 40  72 d4 64 99
>|   a0 07 11 d9  d5 54 c1 ae  43 3b 8b dd  49 ba 66 82
>| inserting event EVENT_SA_REPLACE, timeout in 86130 seconds for #1
>| event added after event EVENT_LOG_DAILY
>"nm-conn1" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
>| modecfg pull: quirk-poll policy:push modecfg-client
>| modecfg client is starting due to quirk
>"nm-conn1" #1: modecfg: Sending IP request (MODECFG_I1)
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  36 e6 6c 9e
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| ***emit ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    Attr Msg Type: ISAKMP_CFG_REQUEST
>|    Identifier: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_ADDRESS
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_NETMASK
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_DNS
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: MODECFG_BANNER
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: MODECFG_DOMAIN
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| ****emit ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: CISCO_SPLIT_INC
>|    length/value: 0
>| emitting length of ISAKMP ModeCfg attribute: 0
>| no IKE message padding required
>| emitting length of ISAKMP Mode Attribute: 32
>| hmac_update data value: 
>|   36 e6 6c 9e
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 20  01 00 00 00  00 01 00 00  00 02 00 00
>|   00 03 00 00  70 00 00 00  70 02 00 00  70 04 00 00
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   99 21 42 9d  3c 9d 5b d3  64 c6 ac 2b  e3 35 9d 3b
>|   11 52 09 97
>| no IKE message padding required
>| emitting length of ISAKMP Message: 84
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  a0 07 11 d9  d5 54 c1 ae  43 3b 8b dd  49 ba 66 82
>| computed Phase 2 IV:
>|   9d 04 e3 ab  35 91 e0 01  1f 2c 8a 32  1c f3 7d 47
>|   e4 4c 06 5e
>| encrypting:
>|   0e 00 00 18  99 21 42 9d  3c 9d 5b d3  64 c6 ac 2b
>|   e3 35 9d 3b  11 52 09 97  00 00 00 20  01 00 00 00
>|   00 01 00 00  00 02 00 00  00 03 00 00  70 00 00 00
>|   70 02 00 00  70 04 00 00
>| IV:
>|   9d 04 e3 ab  35 91 e0 01  1f 2c 8a 32  1c f3 7d 47
>|   e4 4c 06 5e
>| unpadded size is: 56
>| emitting 8 zero bytes of encryption padding into ISAKMP Message
>| encrypting 64 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  54 6a 2a 18  6b f1 c6 1f  e1 7d fb 2e  01 6d d8 57
>| no IKE message padding required
>| emitting length of ISAKMP Message: 92
>| sending 96 bytes for modecfg: req through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 06 01  36 e6 6c 9e  00 00 00 5c
>|   6d 07 df 4d  d3 6c d9 54  bd 20 d3 e5  a1 a5 95 d6
>|   e9 22 e7 dc  b6 de 62 a4  53 ea 87 f6  fa f4 56 50
>|   bd 35 66 11  ce 13 dd 51  71 ed a8 1d  23 39 cc 70
>|   54 6a 2a 18  6b f1 c6 1f  e1 7d fb 2e  01 6d d8 57
>| deleting event for #1
>| inserting event EVENT_RETRANSMIT, timeout in 30 seconds for #1
>| event added after event EVENT_NAT_T_KEEPALIVE
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>|  
>| *received 252 bytes from 66.187.233.55:4500 on wlp3s0 (port=4500)
>|   82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>|   08 10 06 01  36 e6 6c 9e  00 00 00 fc  bc 6a 38 ad
>|   1a fe 91 51  31 19 62 74  03 78 81 86  16 f1 92 9b
>|   99 77 34 bf  76 a2 d4 64  6b 0a 62 62  b6 b1 2f 39
>|   43 b1 29 4c  19 57 b0 21  b6 bc ba 6e  20 94 29 7e
>|   e0 8b ac f9  f2 98 40 b7  19 a0 d8 fc  ec c2 20 0d
>|   c4 3c 6e 3a  1e f2 0b 9d  b2 67 51 33  d9 de f5 9a
>|   22 d8 f0 22  31 0c 2b 24  74 81 49 a0  20 c7 9b ef
>|   3c f5 32 c4  4e 84 3a 5f  56 66 bf b4  f1 15 f1 f3
>|   d1 87 81 9b  77 ff 80 43  db 02 a2 16  82 41 0f 40
>|   7e 93 c7 57  92 97 4a a9  a3 5f 4c d8  ff c2 d9 76
>|   c8 f4 11 81  e2 00 97 2e  31 2f d5 1a  11 a3 f4 63
>|   0e f4 75 e8  d3 ba e5 a8  e1 b2 f9 55  82 4e c3 68
>|   96 13 c1 3c  d8 7a 32 d4  af 32 4c af  19 7a 47 79
>|   fb a0 6b 91  86 82 d9 4d  93 60 07 29  a4 c2 8e e5
>|   05 02 b7 81  fd ef 4f 65  58 bb 96 f3
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  36 e6 6c 9e
>|    length: 252
>|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| peer and cookies match on #1, provided msgid 36e66c9e vs 00000000/36e66c9e
>| p15 state object #1 found, in STATE_MODE_CFG_I1
>| processing connection nm-conn1
>| received encrypted packet from 66.187.233.55:4500
>| decrypting 224 bytes using algorithm OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| decrypted:
>|   0e 00 00 18  ff f2 05 0c  55 74 4a bb  b1 cc 2c 76
>|   d5 b7 7c 8a  cd 87 49 4e  00 00 00 bf  02 00 00 00
>|   00 01 00 04  0a 0a 3f 2a  00 02 00 04  ff ff ff ff
>|   00 03 00 04  0a 0b 05 13  00 03 00 04  0a 05 1e a0
>|   70 00 00 73  55 6e 61 75  74 68 6f 72  69 7a 65 64
>|   20 41 63 63  65 73 73 20  74 6f 20 74  68 69 73 20
>|   6f 72 20 61  6e 79 20 6f  74 68 65 72  20 52 65 64
>|   20 48 61 74  20 49 6e 63  2e 20 64 65  76 69 63 65
>|   0a 69 73 20  73 74 72 69  63 74 6c 79  20 70 72 6f
>|   68 69 62 69  74 65 64 2e  20 56 69 6f  6c 61 74 6f
>|   72 73 20 77  69 6c 6c 20  62 65 20 70  72 6f 73 65
>|   63 75 74 65  64 2e 0a 70  04 00 0e 0a  00 00 00 ff
>|   00 00 00 00  00 00 00 00  00 70 02 00  0a 72 65 64
>|   68 61 74 2e  63 6f 6d 00  00 00 00 00  00 00 00 00
>| next IV:  a4 c2 8e e5  05 02 b7 81  fd ef 4f 65  58 bb 96 f3
>| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100opt: 0x2000
>| ***parse ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_MODECFG
>|    length: 24
>| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000opt: 0x2000
>| ***parse ISAKMP Mode Attribute:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 191
>|    Attr Msg Type: ISAKMP_CFG_REPLY
>|    Identifier: 0
>| removing 9 bytes of padding
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_MODE_CFG
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  36 e6 6c 9e
>| modecfg_inR1
>"nm-conn1" #1: received mode cfg reply
>| hmac_update data value: 
>|   36 e6 6c 9e
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 bf  02 00 00 00  00 01 00 04  0a 0a 3f 2a
>|   00 02 00 04  ff ff ff ff  00 03 00 04  0a 0b 05 13
>|   00 03 00 04  0a 05 1e a0  70 00 00 73  55 6e 61 75
>|   74 68 6f 72  69 7a 65 64  20 41 63 63  65 73 73 20
>|   74 6f 20 74  68 69 73 20  6f 72 20 61  6e 79 20 6f
>|   74 68 65 72  20 52 65 64  20 48 61 74  20 49 6e 63
>|   2e 20 64 65  76 69 63 65  0a 69 73 20  73 74 72 69
>|   63 74 6c 79  20 70 72 6f  68 69 62 69  74 65 64 2e
>|   20 56 69 6f  6c 61 74 6f  72 73 20 77  69 6c 6c 20
>|   62 65 20 70  72 6f 73 65  63 75 74 65  64 2e 0a 70
>|   04 00 0e 0a  00 00 00 ff  00 00 00 00  00 00 00 00
>|   00 70 02 00  0a 72 65 64  68 61 74 2e  63 6f 6d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| XAUTH: HASH computed:
>|   ff f2 05 0c  55 74 4a bb  b1 cc 2c 76  d5 b7 7c 8a
>|   cd 87 49 4e
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_ADDRESS
>|    length/value: 4
>"nm-conn1" #1: Received IPv4 address: 10.10.63.42/32
>"nm-conn1" #1: setting ip source address to 10.10.63.42/32
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_NETMASK
>|    length/value: 4
>"nm-conn1" #1: Received IP4 NETMASK 255.255.255.255
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_DNS
>|    length/value: 4
>"nm-conn1" #1: Received DNS 10.11.5.19
>| ModeCFG DNS info: 10.11.5.19, len=10
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: INTERNAL_IP4_DNS
>|    length/value: 4
>"nm-conn1" #1: Received DNS 10.5.30.160
>| ModeCFG DNS info: 10.11.5.19 10.5.30.160, len=22
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: MODECFG_BANNER
>|    length/value: 115
>"nm-conn1" #1: Received Cisco ModeCFG Banner: Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Violators will be prosecuted. 
>"nm-conn1" #1: Received Banner: Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Violators will be prosecuted. 
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: CISCO_SPLIT_INC
>|    length/value: 14
>| Received Cisco Split tunnel route(s)
>"nm-conn1" #1: Received subnet 10.0.0.0/8, maskbits 8
>| ****parse ISAKMP ModeCfg attribute:
>|    ModeCfg attr type: MODECFG_DOMAIN
>|    length/value: 10
>"nm-conn1" #1: Received Cisco ModeCFG Domain: redhat.com
>"nm-conn1" #1: Received Domain: redhat.com
>| modecfg_inR1(STF_OK)
>| complete state transition with STF_OK
>"nm-conn1" #1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4
>| deleting event for #1
>| inserting event EVENT_SA_REPLACE, timeout in 86130 seconds for #1
>| event added after event EVENT_LOG_DAILY
>"nm-conn1" #1: STATE_MAIN_I4: ISAKMP SA established
>| modecfg pull: quirk-poll policy:push modecfg-client
>| phase 1 is done, looking for phase 2 to unpend
>| unpending state #1
>| unqueuing pending Quick Mode with 66.187.233.55 "nm-conn1" import:admin initiate
>| duplicating state object #1
>| creating state object #2 at 0x7fa89f5cd440
>| processing connection nm-conn1
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| inserting state object #2
>| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
>| event added at head of queue
>| kernel_alg_esp_enc_ok(12,0): OK
>| kernel_alg_esp_enc_max_keylen():alg_id=12, keylen=32
>| kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
>"nm-conn1" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG {using isakmp#1 msgid:057c0857 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
>| 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
>| asking helper 0 to do build_kenonce op on seq: 3 (len=2776, pcw_work=1)
>| helper 0 read 2768+4/2776 bytes fd: 8
>| helper 0 doing build_kenonce op id: 3
>| NSS: Value of Prime:
>|   ff ff ff ff  ff ff ff ff  c9 0f da a2  21 68 c2 34
>|   c4 c6 62 8b  80 dc 1c d1  29 02 4e 08  8a 67 cc 74
>|   02 0b be a6  3b 13 9b 22  51 4a 08 79  8e 34 04 dd
>|   ef 95 19 b3  cd 3a 43 1b  30 2b 0a 6d  f2 5f 14 37
>|   4f e1 35 6d  6d 51 c2 45  e4 85 b5 76  62 5e 7e c6
>|   f4 4c 42 e9  a6 37 ed 6b  0b ff 5c b6  f4 06 b7 ed
>|   ee 38 6b fb  5a 89 9f a5  ae 9f 24 11  7c 4b 1f e6
>|   49 28 66 51  ec e6 53 81  ff ff ff ff  ff ff ff ff
>| NSS: Value of base:
>|   02
>| NSS: generated dh priv and pub keys: 128 
>| NSS: Local DH secret (pointer):
>|   10 53 00 90  a8 7f 00 00
>| NSS: Public DH value sent(computed in NSS):
>|   95 8a 2e a9  5a b8 60 1f  bd 64 4e 3b  37 c0 c4 26
>|   6e a4 36 db  d8 7b ae a5  be 6c a1 39  6e 2d 28 22
>|   5e 94 0b 71  16 bd 8f cd  78 80 0e ac  8d 85 3d 97
>|   bc fd 41 15  23 e7 7b f3  d6 a1 75 36  4a 66 71 91
>|   e7 31 b7 ac  76 1b c6 8c  5a d0 48 b5  fb 32 7a b2
>|   a2 86 67 da  69 1b c4 73  82 6a 29 93  19 de b0 5e
>|   ac d0 30 d2  ec 0c 61 ef  9c b6 79 7f  c4 9d c0 05
>|   fa d2 cc 41  62 46 bc 48  15 e4 47 ff  4a be cb 6f
>| NSS: Local DH public value (pointer):
>|   00 4b 00 90  a8 7f 00 00
>| Generated nonce:
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| crypto helper write of request: cnt=2776<wlen=2776.  
>| deleting event for #2
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
>| event added after event EVENT_PENDING_PHASE2
>| removing pending policy for "none" {0x7fa89f5cbbe0}
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>|  
>| helper 0 has finished work (cnt now 1)
>| helper 0 replies to id: q#3
>| calling callback function 0x7fa89d44a580
>| quick outI1: calculated ke+nonce, sending I1
>| processing connection nm-conn1
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_QUICK
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  57 08 7c 05
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_SA
>| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| kernel_alg_db_new() initial trans_cnt=128
>| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
>| kernel_alg_db_new()     trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2
>| returning new proposal from esp_info
>| ***emit ISAKMP Security Association Payload:
>|    next payload type: ISAKMP_NEXT_NONCE
>|    DOI: ISAKMP_DOI_IPSEC
>| ****emit IPsec DOI SIT:
>|    IPsec DOI SIT: SIT_IDENTITY_ONLY
>| out_sa pcn: 0 has 1 valid proposals
>| out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 1
>| ****emit ISAKMP Proposal Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    proposal number: 0
>|    protocol ID: PROTO_IPSEC_ESP
>|    SPI size: 4
>|    number of transforms: 1
>| netlink_get_spi: allocated 0xb1344e6d for esp.0@10.200.138.69
>| emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
>| SPI  b1 34 4e 6d
>| *****emit ISAKMP Transform Payload (ESP):
>|    next payload type: ISAKMP_NEXT_NONE
>|    ESP transform number: 0
>|    ESP transform ID: ESP_AES
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: GROUP_DESCRIPTION
>|    length/value: 2
>|     [2 is OAKLEY_GROUP_MODP1024]
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: ENCAPSULATION_MODE
>|    length/value: 3
>|     [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC]
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: SA_LIFE_TYPE
>|    length/value: 1
>|     [1 is SA_LIFE_TYPE_SECONDS]
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: SA_LIFE_DURATION
>| emitting 4 raw bytes of long attribute value into ISAKMP IPsec DOI attribute
>| long attribute value
>|   00 01 51 80
>| emitting length of ISAKMP IPsec DOI attribute: 4
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: AUTH_ALGORITHM
>|    length/value: 2
>|     [2 is AUTH_ALGORITHM_HMAC_SHA1]
>| ******emit ISAKMP IPsec DOI attribute:
>|    af+type: KEY_LENGTH
>|    length/value: 256
>| emitting length of ISAKMP Transform Payload (ESP): 36
>| emitting length of ISAKMP Proposal Payload: 48
>| emitting length of ISAKMP Security Association Payload: 60
>| ***emit ISAKMP Nonce Payload:
>|    next payload type: ISAKMP_NEXT_KE
>| emitting 16 raw bytes of Ni into ISAKMP Nonce Payload
>| Ni  fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| emitting length of ISAKMP Nonce Payload: 20
>| saving DH priv (local secret) and pub key into state struc
>| ***emit ISAKMP Key Exchange Payload:
>|    next payload type: ISAKMP_NEXT_ID
>| emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
>| keyex value  95 8a 2e a9  5a b8 60 1f  bd 64 4e 3b  37 c0 c4 26
>| keyex value  6e a4 36 db  d8 7b ae a5  be 6c a1 39  6e 2d 28 22
>| keyex value  5e 94 0b 71  16 bd 8f cd  78 80 0e ac  8d 85 3d 97
>| keyex value  bc fd 41 15  23 e7 7b f3  d6 a1 75 36  4a 66 71 91
>| keyex value  e7 31 b7 ac  76 1b c6 8c  5a d0 48 b5  fb 32 7a b2
>| keyex value  a2 86 67 da  69 1b c4 73  82 6a 29 93  19 de b0 5e
>| keyex value  ac d0 30 d2  ec 0c 61 ef  9c b6 79 7f  c4 9d c0 05
>| keyex value  fa d2 cc 41  62 46 bc 48  15 e4 47 ff  4a be cb 6f
>| emitting length of ISAKMP Key Exchange Payload: 132
>| ***emit ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_ID
>|    ID type: ID_IPV4_ADDR
>|    Protocol ID: 0
>|    port: 0
>| emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
>| client network  0a 0a 3f 2a
>| emitting length of ISAKMP Identification Payload (IPsec DOI): 12
>| ***emit ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_NONE
>|    ID type: ID_IPV4_ADDR_SUBNET
>|    Protocol ID: 0
>|    port: 0
>| emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
>| client network  00 00 00 00
>| emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
>| client mask  00 00 00 00
>| emitting length of ISAKMP Identification Payload (IPsec DOI): 16
>| hmac_update data value: 
>|   57 08 7c 05
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   0a 00 00 3c  00 00 00 01  00 00 00 01  00 00 00 30
>|   00 03 04 01  b1 34 4e 6d  00 00 00 24  00 0c 00 00
>|   80 03 00 02  80 04 00 03  80 01 00 01  00 02 00 04
>|   00 01 51 80  80 05 00 02  80 06 01 00  04 00 00 14
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>|   05 00 00 84  95 8a 2e a9  5a b8 60 1f  bd 64 4e 3b
>|   37 c0 c4 26  6e a4 36 db  d8 7b ae a5  be 6c a1 39
>|   6e 2d 28 22  5e 94 0b 71  16 bd 8f cd  78 80 0e ac
>|   8d 85 3d 97  bc fd 41 15  23 e7 7b f3  d6 a1 75 36
>|   4a 66 71 91  e7 31 b7 ac  76 1b c6 8c  5a d0 48 b5
>|   fb 32 7a b2  a2 86 67 da  69 1b c4 73  82 6a 29 93
>|   19 de b0 5e  ac d0 30 d2  ec 0c 61 ef  9c b6 79 7f
>|   c4 9d c0 05  fa d2 cc 41  62 46 bc 48  15 e4 47 ff
>|   4a be cb 6f  05 00 00 0c  01 00 00 00  0a 0a 3f 2a
>|   00 00 00 10  04 00 00 00  00 00 00 00  00 00 00 00
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| HASH(1) computed:
>|   5c d7 04 0f  f2 be 03 f6  4c 71 0f 1a  de ab 05 1f
>|   c5 ae 1e b9
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  54 6a 2a 18  6b f1 c6 1f  e1 7d fb 2e  01 6d d8 57
>| computed Phase 2 IV:
>|   12 a2 c6 cc  ab 42 e5 99  a9 50 77 d4  38 b6 72 0e
>|   b9 01 21 53
>| encrypting:
>|   01 00 00 18  5c d7 04 0f  f2 be 03 f6  4c 71 0f 1a
>|   de ab 05 1f  c5 ae 1e b9  0a 00 00 3c  00 00 00 01
>|   00 00 00 01  00 00 00 30  00 03 04 01  b1 34 4e 6d
>|   00 00 00 24  00 0c 00 00  80 03 00 02  80 04 00 03
>|   80 01 00 01  00 02 00 04  00 01 51 80  80 05 00 02
>|   80 06 01 00  04 00 00 14  fd db 56 1a  df c7 82 f2
>|   93 78 d7 aa  22 ae 14 1d  05 00 00 84  95 8a 2e a9
>|   5a b8 60 1f  bd 64 4e 3b  37 c0 c4 26  6e a4 36 db
>|   d8 7b ae a5  be 6c a1 39  6e 2d 28 22  5e 94 0b 71
>|   16 bd 8f cd  78 80 0e ac  8d 85 3d 97  bc fd 41 15
>|   23 e7 7b f3  d6 a1 75 36  4a 66 71 91  e7 31 b7 ac
>|   76 1b c6 8c  5a d0 48 b5  fb 32 7a b2  a2 86 67 da
>|   69 1b c4 73  82 6a 29 93  19 de b0 5e  ac d0 30 d2
>|   ec 0c 61 ef  9c b6 79 7f  c4 9d c0 05  fa d2 cc 41
>|   62 46 bc 48  15 e4 47 ff  4a be cb 6f  05 00 00 0c
>|   01 00 00 00  0a 0a 3f 2a  00 00 00 10  04 00 00 00
>|   00 00 00 00  00 00 00 00
>| IV:
>|   12 a2 c6 cc  ab 42 e5 99  a9 50 77 d4  38 b6 72 0e
>|   b9 01 21 53
>| unpadded size is: 264
>| emitting 8 zero bytes of encryption padding into ISAKMP Message
>| encrypting 272 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  86 8b 0f 52  c3 5a 19 3e  80 c3 ee 7f  d4 b5 f4 ed
>| no IKE message padding required
>| emitting length of ISAKMP Message: 300
>| sending 304 bytes for quick_outI1 through wlp3s0:4500 to 66.187.233.55:4500 (using #2)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 20 01  57 08 7c 05  00 00 01 2c
>|   91 bf d4 ed  ae 6e 63 ed  e1 40 91 96  3f 08 11 ef
>|   8f 87 82 bf  1a 7b c6 6f  60 1f e8 fd  c9 49 ea cb
>|   48 be b8 72  7f cc c3 56  00 5a d2 1e  1f 24 a9 30
>|   7b 1e c5 cd  ed f1 01 cc  85 8c 8c 99  94 ad 20 9c
>|   88 ff f6 4b  30 52 ef bd  2d fb 06 b2  20 40 20 4f
>|   32 0f bb 2e  0a fc d9 bc  9e 5e b9 38  8e b3 f2 6c
>|   43 22 a1 96  77 9e e9 5a  1e 74 ef c6  3a a9 d7 00
>|   0e 65 8d c2  06 88 89 47  ad 39 0c 11  4c 29 33 1d
>|   6a 65 9b 09  6e fc 42 60  fe 81 37 ca  c9 eb f6 68
>|   d7 6a 03 b4  1b 47 ea 34  4f 3e 2e 09  79 2a b0 8e
>|   e7 ed 56 15  10 90 3f 54  b0 33 7a cd  e9 0a 3d d8
>|   8f 32 f4 48  d0 a7 9d 53  1a 6a 71 72  fc f5 ab 9c
>|   67 ee a4 e9  5f e3 a6 08  20 4e 82 f0  5a fd d2 b7
>|   0a 0f 7a 0b  12 0f 84 c7  fc 73 90 60  e9 6c 74 c7
>|   64 e8 7a 4e  88 1b 2d 2c  c3 50 4f 8d  1c 20 e7 8b
>|   0f 4c d7 50  cb 13 47 88  99 cf b7 d7  af 23 b6 b6
>|   86 8b 0f 52  c3 5a 19 3e  80 c3 ee 7f  d4 b5 f4 ed
>| deleting event for #2
>| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
>| event added at head of queue
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_RETRANSMIT in 10 seconds for #2
>| next event EVENT_RETRANSMIT in 10 seconds for #2
>|  
>| *received 332 bytes from 66.187.233.55:4500 on wlp3s0 (port=4500)
>|   82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>|   08 10 20 01  57 08 7c 05  00 00 01 4c  5b 31 32 23
>|   d0 83 e4 bd  c9 cf 3c 71  6f 0b 17 a2  88 b3 2e fb
>|   81 2a 12 83  0a 3d 89 47  ba 45 6a 7d  0f 35 db 18
>|   24 e1 de 82  ef 09 49 c2  a1 22 de f5  a6 dd f0 de
>|   bf 17 35 3f  dd 19 15 49  17 79 17 e8  bd 43 be 56
>|   e2 3f 61 17  53 4e d3 6a  8b e4 21 9d  60 6c 7d 60
>|   80 1c 54 e8  ac f4 c3 a3  85 ef 92 d2  9e 15 60 b4
>|   8e 14 ff 36  d0 28 44 bd  cb 56 39 29  37 05 ea 77
>|   9f 13 94 a7  9f 32 1d 74  75 60 28 b9  55 d5 7f 14
>|   ae 4f dd 76  af 56 e0 aa  81 e0 8c 05  0b c3 bc 7f
>|   ab e6 d3 ad  55 61 0a 83  3e c4 fd 3e  d4 6f f4 9a
>|   e4 12 20 98  cb 6f da f3  4c 89 ec 24  99 3f 0f e2
>|   99 04 42 14  8d 01 db 63  14 c1 b8 04  9c 04 be 74
>|   ad 1d e2 9e  a9 c6 eb cc  0b 2a 61 17  70 c0 bd d0
>|   12 16 36 dd  1a eb d3 a5  65 59 fa c3  a6 24 0f 05
>|   81 5b 22 ea  ac fa e8 44  ba ff bd 62  31 37 24 b9
>|   dc dc ea de  30 9b d9 1b  bf 00 bb 6d  43 50 df 28
>|   8a 8f df 02  7b 06 14 29  da 8d cb 28  5e eb 26 2c
>|   e0 89 cb d3  88 5f 65 fd  6c 24 4e 67  37 0f 0c d7
>|   71 db 2f cd  02 43 cf d1  02 f2 56 62
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_QUICK
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  57 08 7c 05
>|    length: 332
>|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| v1 peer and cookies match on #2, provided msgid 57087c05 vs 57087c05
>| v1 state object #2 found, in STATE_QUICK_I1
>| processing connection nm-conn1
>| received encrypted packet from 66.187.233.55:4500
>| decrypting 304 bytes using algorithm OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| decrypted:
>|   01 00 00 18  dc 25 18 44  64 be 4c 47  7d 1e 48 01
>|   38 7d a7 3a  56 d8 97 6b  0a 00 00 3c  00 00 00 01
>|   00 00 00 01  00 00 00 30  01 03 04 01  f6 d9 e9 5b
>|   00 00 00 24  01 0c 00 00  80 01 00 01  00 02 00 04
>|   00 01 51 80  80 04 00 03  80 05 00 02  80 03 00 02
>|   80 06 01 00  04 00 00 18  97 6b c8 f1  4e 11 c7 e4
>|   33 50 0c 6e  3d 5c b8 8a  75 44 96 f5  05 00 00 84
>|   03 9b 5e 42  58 df 08 11  0d 8f fe 65  af dd 10 a0
>|   94 2c f8 54  a0 97 9f 52  85 8e 95 e8  ce 3f c8 cf
>|   1c d5 3f 33  fe ec c7 35  33 fa fb 8f  1f c2 76 e5
>|   48 d7 62 66  db af 10 65  1b a1 a7 97  e0 38 67 3c
>|   1c 68 0d b5  f1 73 5a c0  39 ea 28 db  f5 5e 26 73
>|   e6 1f 4f d0  4e b4 cb 42  e7 80 8b 04  01 18 f3 bc
>|   74 4b 04 d5  62 b2 a8 05  93 f2 bf 49  5f 31 32 d3
>|   55 48 3e 28  34 85 1f 86  a6 f4 f5 2b  c8 d9 51 38
>|   05 00 00 0c  01 00 00 00  0a 0a 3f 2a  0b 00 00 10
>|   04 00 00 00  00 00 00 00  00 00 00 00  00 00 00 24
>|   00 00 00 01  03 04 60 00  f6 d9 e9 5b  80 01 00 01
>|   80 02 e1 00  80 01 00 02  00 02 00 04  04 00 00 00
>| next IV:  37 0f 0c d7  71 db 2f cd  02 43 cf d1  02 f2 56 62
>| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502opt: 0x200030
>| ***parse ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_SA
>|    length: 24
>| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402opt: 0x200030
>| ***parse ISAKMP Security Association Payload:
>|    next payload type: ISAKMP_NEXT_NONCE
>|    length: 60
>|    DOI: ISAKMP_DOI_IPSEC
>| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400opt: 0x200030
>| ***parse ISAKMP Nonce Payload:
>|    next payload type: ISAKMP_NEXT_KE
>|    length: 24
>| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x0opt: 0x200030
>| ***parse ISAKMP Key Exchange Payload:
>|    next payload type: ISAKMP_NEXT_ID
>|    length: 132
>| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0opt: 0x200030
>| ***parse ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_ID
>|    length: 12
>|    ID type: ID_IPV4_ADDR
>|    Protocol ID: 0
>|    port: 0
>|      obj:   0a 0a 3f 2a
>| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0opt: 0x200030
>| ***parse ISAKMP Identification Payload (IPsec DOI):
>|    next payload type: ISAKMP_NEXT_N
>|    length: 16
>|    ID type: ID_IPV4_ADDR_SUBNET
>|    Protocol ID: 0
>|    port: 0
>|      obj:   00 00 00 00  00 00 00 00
>| got payload 0x800  (ISAKMP_NEXT_N) needed: 0x0opt: 0x200030
>| ***parse ISAKMP Notification Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 36
>|    DOI: ISAKMP_DOI_IPSEC
>|    protocol ID: 3
>|    SPI size: 4
>|    Notify Message Type: IPSEC_RESPONDER_LIFETIME
>"nm-conn1" #2: ignoring informational payload IPSEC_RESPONDER_LIFETIME, msgid=057c0857, length=36
>| ISAKMP Notification Payload
>|   00 00 00 24  00 00 00 01  03 04 60 00
>| info:  f6 d9 e9 5b  80 01 00 01  80 02 e1 00  80 01 00 02
>| info:  00 02 00 04  04 00 00 00
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_QUICK
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  57 08 7c 05
>| hmac_update data value: 
>|   57 08 7c 05
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   0a 00 00 3c  00 00 00 01  00 00 00 01  00 00 00 30
>|   01 03 04 01  f6 d9 e9 5b  00 00 00 24  01 0c 00 00
>|   80 01 00 01  00 02 00 04  00 01 51 80  80 04 00 03
>|   80 05 00 02  80 03 00 02  80 06 01 00  04 00 00 18
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5  05 00 00 84  03 9b 5e 42  58 df 08 11
>|   0d 8f fe 65  af dd 10 a0  94 2c f8 54  a0 97 9f 52
>|   85 8e 95 e8  ce 3f c8 cf  1c d5 3f 33  fe ec c7 35
>|   33 fa fb 8f  1f c2 76 e5  48 d7 62 66  db af 10 65
>|   1b a1 a7 97  e0 38 67 3c  1c 68 0d b5  f1 73 5a c0
>|   39 ea 28 db  f5 5e 26 73  e6 1f 4f d0  4e b4 cb 42
>|   e7 80 8b 04  01 18 f3 bc  74 4b 04 d5  62 b2 a8 05
>|   93 f2 bf 49  5f 31 32 d3  55 48 3e 28  34 85 1f 86
>|   a6 f4 f5 2b  c8 d9 51 38  05 00 00 0c  01 00 00 00
>|   0a 0a 3f 2a  0b 00 00 10  04 00 00 00  00 00 00 00
>|   00 00 00 00  00 00 00 24  00 00 00 01  03 04 60 00
>|   f6 d9 e9 5b  80 01 00 01  80 02 e1 00  80 01 00 02
>|   00 02 00 04  04 00 00 00
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| HASH(2) computed:
>|   dc 25 18 44  64 be 4c 47  7d 1e 48 01  38 7d a7 3a
>|   56 d8 97 6b
>| ****parse IPsec DOI SIT:
>|    IPsec DOI SIT: SIT_IDENTITY_ONLY
>| ****parse ISAKMP Proposal Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 48
>|    proposal number: 1
>|    protocol ID: PROTO_IPSEC_ESP
>|    SPI size: 4
>|    number of transforms: 1
>| parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
>| SPI  f6 d9 e9 5b
>| *****parse ISAKMP Transform Payload (ESP):
>|    next payload type: ISAKMP_NEXT_NONE
>|    length: 36
>|    ESP transform number: 1
>|    ESP transform ID: ESP_AES
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: SA_LIFE_TYPE
>|    length/value: 1
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: SA_LIFE_DURATION
>|    length/value: 4
>|    long duration: 86400
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: ENCAPSULATION_MODE
>|    length/value: 3
>|    [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC]
>| NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is '1073741840'
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: AUTH_ALGORITHM
>|    length/value: 2
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: GROUP_DESCRIPTION
>|    length/value: 2
>| ******parse ISAKMP IPsec DOI attribute:
>|    af+type: KEY_LENGTH
>|    length/value: 256
>| kernel_alg_esp_enc_ok(12,256): OK
>| DH public value received:
>|   03 9b 5e 42  58 df 08 11  0d 8f fe 65  af dd 10 a0
>|   94 2c f8 54  a0 97 9f 52  85 8e 95 e8  ce 3f c8 cf
>|   1c d5 3f 33  fe ec c7 35  33 fa fb 8f  1f c2 76 e5
>|   48 d7 62 66  db af 10 65  1b a1 a7 97  e0 38 67 3c
>|   1c 68 0d b5  f1 73 5a c0  39 ea 28 db  f5 5e 26 73
>|   e6 1f 4f d0  4e b4 cb 42  e7 80 8b 04  01 18 f3 bc
>|   74 4b 04 d5  62 b2 a8 05  93 f2 bf 49  5f 31 32 d3
>|   55 48 3e 28  34 85 1f 86  a6 f4 f5 2b  c8 d9 51 38
>| started looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| actually looking for secret for @RH-standard->66.187.233.55 of kind PPK_PSK
>| line 1: key type PPK_PSK(@RH-standard) to type PPK_PSK 
>| 1: compared key @RH-standard to @RH-standard / 66.187.233.55 -> 8
>| line 1: match=9 
>| best_match 0>9 best=0x7fa89f5c9340 (line=1)
>| concluding with best_match=9 best=0x7fa89f5c9340 (lineno=1)
>| Copying DH pub key pointer to be sent to a thread helper
>| 1: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
>| asking helper 1 to do compute dh(p2) op on seq: 4 (len=2776, pcw_work=1)
>| crypto helper write of request: cnt=2776<wlen=2776.  
>| deleting event for #2
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
>| event added after event EVENT_PENDING_PHASE2
>| complete state transition with STF_SUSPEND
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 19 seconds
>| helper 1 read 2768+4/2776 bytes fd: 10
>| helper 1 doing compute dh(p2) op id: 4
>| peer's g:   03 9b 5e 42  58 df 08 11  0d 8f fe 65  af dd 10 a0
>| peer's g:   94 2c f8 54  a0 97 9f 52  85 8e 95 e8  ce 3f c8 cf
>| peer's g:   1c d5 3f 33  fe ec c7 35  33 fa fb 8f  1f c2 76 e5
>| peer's g:   48 d7 62 66  db af 10 65  1b a1 a7 97  e0 38 67 3c
>| peer's g:   1c 68 0d b5  f1 73 5a c0  39 ea 28 db  f5 5e 26 73
>| peer's g:   e6 1f 4f d0  4e b4 cb 42  e7 80 8b 04  01 18 f3 bc
>| peer's g:   74 4b 04 d5  62 b2 a8 05  93 f2 bf 49  5f 31 32 d3
>| peer's g:   55 48 3e 28  34 85 1f 86  a6 f4 f5 2b  c8 d9 51 38
>| Started DH shared-secret computation in NSS: 
>| Dropped no leading zeros 128
>| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 237 usec
>| DH shared-secret (pointer):
>|   30 8e 02 8c  a8 7f 00 00
>|  
>| helper 1 has finished work (cnt now 1)
>| helper 1 replies to id: q#4
>| calling callback function 0x7fa89d44a240
>| quick inI1_outR1: calculated ke+nonce, calculating DH
>| processing connection nm-conn1
>| NAT-Traversal: received 0 NAT-OA.
>| our client is 10.10.63.42
>| our client protocol/port is 0/0
>| peer client is subnet 0.0.0.0/0
>| peer client protocol/port is 0/0
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>| emitting 20 zero bytes of HASH into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| hmac_update data value: 
>|   00
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   57 08 7c 05
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| HASH(3) computed:  d0 a7 6a ab  f5 67 f3 7a  b7 42 af fa  64 9d ec f5
>| HASH(3) computed:  e5 fc 25 65
>| compute_proto_keymat:needed_len (after ESP enc)=32
>| compute_proto_keymat:needed_len (after ESP auth)=52
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   b1 34 4e 6d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   f6 d9 e9 5b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   ed fb 92 ff  eb f7 40 82  44 cc 7f ab  91 d0 7b 41
>|   39 e5 91 9c
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   1a c0 d9 5a  25 8b 77 6b  23 ad f4 3c  2c 91 4f f0
>|   fb 91 a7 b5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   b1 34 4e 6d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   f6 d9 e9 5b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   d6 c1 f0 e1  43 14 49 12  42 64 44 2c  33 f2 cd c3
>|   ba 88 66 ef
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   e5 95 82 76  c0 64 66 a7  30 62 4c f9  06 84 9a 21
>|   8c 16 25 0c
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   03
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   b1 34 4e 6d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   f6 d9 e9 5b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   fd db 56 1a  df c7 82 f2  93 78 d7 aa  22 ae 14 1d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   97 6b c8 f1  4e 11 c7 e4  33 50 0c 6e  3d 5c b8 8a
>|   75 44 96 f5
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| ESP KEYMAT 
>|   KEYMAT computed:
>|   ed fb 92 ff  eb f7 40 82  44 cc 7f ab  91 d0 7b 41
>|   39 e5 91 9c  d6 c1 f0 e1  43 14 49 12  42 64 44 2c
>|   33 f2 cd c3  ba 88 66 ef  ee 44 98 73  04 71 af 0c
>|   f1 96 f1 2c
>|   Peer KEYMAT computed:
>|   1a c0 d9 5a  25 8b 77 6b  23 ad f4 3c  2c 91 4f f0
>|   fb 91 a7 b5  e5 95 82 76  c0 64 66 a7  30 62 4c f9
>|   06 84 9a 21  8c 16 25 0c  a2 5f b9 cc  5c a9 4a 99
>|   34 c0 85 af
>| install_ipsec_sa() for #2: inbound and outbound
>| route owner of "nm-conn1" unrouted: NULL; eroute owner: NULL
>| could_route called for nm-conn1 (kind=CK_PERMANENT)
>| looking for alg with transid: 12 keylen: 256 auth: 2 
>| checking transid: 11 keylen: 0 auth: 1 
>| checking transid: 11 keylen: 0 auth: 2 
>| checking transid: 3 keylen: 24 auth: 0 
>| checking transid: 3 keylen: 24 auth: 1 
>| checking transid: 3 keylen: 24 auth: 2 
>| checking transid: 12 keylen: 16 auth: 0 
>| checking transid: 12 keylen: 16 auth: 1 
>| checking transid: 12 keylen: 16 auth: 2 
>| kernel_alg_esp_info():transid=12, auth=2, ei=0x7fa89d72c920, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
>| esp enckey:  1a c0 d9 5a  25 8b 77 6b  23 ad f4 3c  2c 91 4f f0
>| esp enckey:  fb 91 a7 b5  e5 95 82 76  c0 64 66 a7  30 62 4c f9
>| esp authkey:  06 84 9a 21  8c 16 25 0c  a2 5f b9 cc  5c a9 4a 99
>| esp authkey:  34 c0 85 af
>| set up outgoing SA, ref=0/4294901761
>| looking for alg with transid: 12 keylen: 256 auth: 2 
>| checking transid: 11 keylen: 0 auth: 1 
>| checking transid: 11 keylen: 0 auth: 2 
>| checking transid: 3 keylen: 24 auth: 0 
>| checking transid: 3 keylen: 24 auth: 1 
>| checking transid: 3 keylen: 24 auth: 2 
>| checking transid: 12 keylen: 16 auth: 0 
>| checking transid: 12 keylen: 16 auth: 1 
>| checking transid: 12 keylen: 16 auth: 2 
>| kernel_alg_esp_info():transid=12, auth=2, ei=0x7fa89d72c920, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
>| esp enckey:  ed fb 92 ff  eb f7 40 82  44 cc 7f ab  91 d0 7b 41
>| esp enckey:  39 e5 91 9c  d6 c1 f0 e1  43 14 49 12  42 64 44 2c
>| esp authkey:  33 f2 cd c3  ba 88 66 ef  ee 44 98 73  04 71 af 0c
>| esp authkey:  f1 96 f1 2c
>| add inbound eroute 0.0.0.0/0:0 --0-> 10.10.63.42/32:0 => tun.10000@10.200.138.69 (raw_eroute)
>| satype(9) is not used in netlink_raw_eroute.
>| raw_eroute result=1 
>| set up incoming SA, ref=0/4294901761
>| sr for #2: unrouted
>| route owner of "nm-conn1" unrouted: NULL; eroute owner: NULL
>| route_and_eroute with c: nm-conn1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
>| eroute_connection add eroute 10.10.63.42/32:0 --0-> 10.0.0.0/8:0 => tun.0@66.187.233.55 (raw_eroute)
>| satype(9) is not used in netlink_raw_eroute.
>| raw_eroute result=1 
>| command executing up-client
>| executing up-client: 2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Violat
>| popen cmd is 1062 chars long
>| cmd(   0):2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUT:
>| cmd(  80):O_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLU:
>| cmd( 160):TO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' :
>| cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P:
>| cmd( 320):LUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' P:
>| cmd( 400):LUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT:
>| cmd( 480):_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
>| cmd( 560):LUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESS:
>| cmd( 640):IVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 :
>| cmd( 720):PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CI:
>| cmd( 800):SCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='red:
>| cmd( 880):hat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc:
>| cmd( 960):. device is strictly prohibited. Violators will be prosecuted. ' PLUTO_NM_CONFIG:
>| cmd(1040):URED='1' ipsec _updown:
>"nm-conn1" #2: up-client output: updating local nameserver for redhat.com with 10.11.5.19 10.5.30.160
>"nm-conn1" #2: up-client output: ok
>"nm-conn1" #2: up-client output: ok removed 0 rrsets, 0 messages and 0 key entries
>"nm-conn1" #2: up-client output: ok
>| route_and_eroute: firewall_notified: true
>| command executing prepare-client
>| executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibit
>| popen cmd is 1067 chars long
>| cmd(   0):2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1':
>| cmd(  80): PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69:
>| cmd( 160):' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63:
>| cmd( 240):.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=:
>| cmd( 320):'0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.:
>| cmd( 400):55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_C:
>| cmd( 480):LIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA:
>| cmd( 560):='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AG:
>| cmd( 640):GRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL:
>| cmd( 720):ED=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PE:
>| cmd( 800):ER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO:
>| cmd( 880):='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Ha:
>| cmd( 960):t Inc. device is strictly prohibited. Violators will be prosecuted. ' PLUTO_NM_C:
>| cmd(1040):ONFIGURED='1' ipsec _updown:
>| command executing route-client
>| executing route-client: 2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. 
>| popen cmd is 1065 chars long
>| cmd(   0):2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' P:
>| cmd(  80):LUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' :
>| cmd( 160):PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.4:
>| cmd( 240):2' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0:
>| cmd( 320):' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55:
>| cmd( 400):' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLI:
>| cmd( 480):ENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=':
>| cmd( 560):' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGR:
>| cmd( 640):ESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED:
>| cmd( 720):=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER:
>| cmd( 800):_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO=':
>| cmd( 880):redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat :
>| cmd( 960):Inc. device is strictly prohibited. Violators will be prosecuted. ' PLUTO_NM_CON:
>| cmd(1040):FIGURED='1' ipsec _updown:
>| route_and_eroute: instance "nm-conn1", setting eroute_owner {spd=0x7fa89f5ca5a0,sr=0x7fa89f5ccff0} to #2 (was #0) (newest_ipsec_sa=#0)
>| encrypting:
>|   00 00 00 18  d0 a7 6a ab  f5 67 f3 7a  b7 42 af fa
>|   64 9d ec f5  e5 fc 25 65
>| IV:
>|   37 0f 0c d7  71 db 2f cd  02 43 cf d1  02 f2 56 62
>| unpadded size is: 24
>| emitting 8 zero bytes of encryption padding into ISAKMP Message
>| encrypting 32 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  f1 55 62 a0  d6 c7 6c 8a  13 02 53 3e  6e 40 0c 6a
>| no IKE message padding required
>| emitting length of ISAKMP Message: 60
>| inR1_outI2: instance nm-conn1[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
>| complete state transition with STF_OK
>"nm-conn1" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
>| deleting event for #2
>| sending reply packet to 66.187.233.55:4500 (from port 4500)
>| sending 64 bytes for STATE_QUICK_I1 through wlp3s0:4500 to 66.187.233.55:4500 (using #2)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 20 01  57 08 7c 05  00 00 00 3c
>|   ec 1c d0 b5  cb eb 93 91  ad 5b d2 ff  4d 54 1b ea
>|   f1 55 62 a0  d6 c7 6c 8a  13 02 53 3e  6e 40 0c 6a
>| inserting event EVENT_SA_REPLACE, timeout in 85648 seconds for #2
>| event added after event EVENT_LOG_DAILY
>| NAT-T: their IKE port is '500'
>| NAT-T: forceencaps is 'disabled'
>"nm-conn1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xf6d9e95b <0xb1344e6d xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none XAUTHuser=jrusnack}
>| modecfg pull: quirk-poll policy:push modecfg-client
>| phase 1 is done, looking for phase 2 to unpend
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_NAT_T_KEEPALIVE in 18 seconds
>| next event EVENT_NAT_T_KEEPALIVE in 18 seconds
>|  
>| next event EVENT_NAT_T_KEEPALIVE in 0 seconds
>| *time to handle event
>| handling event EVENT_NAT_T_KEEPALIVE
>| event after this is EVENT_PENDING_DDNS in 37 seconds
>| processing connection nm-conn1
>| Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
>| processing connection nm-conn1
>| ka_event: send NAT-KA to 66.187.233.55:4500 (state=#2)
>| sending NAT-T Keep Alive
>| sending 1 bytes for NAT-T Keep Alive through wlp3s0:4500 to 66.187.233.55:4500 (using #2)
>|   ff
>| processing connection nm-conn1
>| Sending of NAT-T KEEP-ALIVE enabled by per-conn configuration (nat_keepalive=yes)
>| processing connection nm-conn1
>| ka_event: send NAT-KA to 66.187.233.55:4500 (state=#1)
>| sending NAT-T Keep Alive
>| sending 1 bytes for NAT-T Keep Alive through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   ff
>| inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
>| event added at head of queue
>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
>|  
>| *received whack message
>shutting down
>| certs and keys locked by 'free_preshared_secrets'
>forgetting secrets
>| certs and keys unlocked by 'free_preshard_secrets'
>| processing connection nm-conn1
>"nm-conn1": deleting connection
>| processing connection nm-conn1
>"nm-conn1" #2: deleting state (STATE_QUICK_I2)
>| deleting event for #2
>| deleting state #2
>"nm-conn1" #2: ESP traffic information: in=0B out=0B XAUTHuser=jrusnack
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_INFO
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  7b fd 0d 52
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_D
>| emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| ***emit ISAKMP Delete Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    DOI: ISAKMP_DOI_IPSEC
>|    protocol ID: 3
>|    SPI size: 4
>|    number of SPIs: 1
>| emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
>| delete payload  b1 34 4e 6d
>| emitting length of ISAKMP Delete Payload: 16
>| hmac_update data value: 
>|   7b fd 0d 52
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 10  00 00 00 01  03 04 00 01  b1 34 4e 6d
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| HASH(1) computed:
>|   d7 6f 35 26  3d 6c f8 82  15 16 2c 4a  99 77 b1 0c
>|   b4 a5 fb 9e
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  54 6a 2a 18  6b f1 c6 1f  e1 7d fb 2e  01 6d d8 57
>| computed Phase 2 IV:
>|   d7 01 5b 2c  3e 88 54 8c  b5 df d7 9e  c9 7a cf 2f
>|   7e 42 57 fc
>| encrypting:
>|   0c 00 00 18  d7 6f 35 26  3d 6c f8 82  15 16 2c 4a
>|   99 77 b1 0c  b4 a5 fb 9e  00 00 00 10  00 00 00 01
>|   03 04 00 01  b1 34 4e 6d
>| IV:
>|   d7 01 5b 2c  3e 88 54 8c  b5 df d7 9e  c9 7a cf 2f
>|   7e 42 57 fc
>| unpadded size is: 40
>| emitting 8 zero bytes of encryption padding into ISAKMP Message
>| encrypting 48 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  5e 9c e0 19  6a 55 56 30  ea 44 3e 52  4e d3 fd 28
>| no IKE message padding required
>| emitting length of ISAKMP Message: 76
>| sending 80 bytes for delete notify through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 05 01  7b fd 0d 52  00 00 00 4c
>|   69 bd c2 5b  65 ab 9b 2b  aa ee b2 ec  4f ff 4c 28
>|   05 0e e6 85  e8 3c 55 c1  84 78 58 4a  3a d3 56 05
>|   5e 9c e0 19  6a 55 56 30  ea 44 3e 52  4e d3 fd 28
>| deleting event for #2
>| no suspended cryptographic state for 2 
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>| command executing down-client
>| executing down-client: 2>&1 PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Vi
>| popen cmd is 1064 chars long
>| cmd(   0):2>&1 PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PL:
>| cmd(  80):UTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' P:
>| cmd( 160):LUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42:
>| cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
>| cmd( 320): PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55':
>| cmd( 400): PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIE:
>| cmd( 480):NT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
>| cmd( 560): PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRE:
>| cmd( 640):SSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=:
>| cmd( 720):0 PLUTO_XAUTH_USERNAME='jrusnack' PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_:
>| cmd( 800):CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='r:
>| cmd( 880):edhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat I:
>| cmd( 960):nc. device is strictly prohibited. Violators will be prosecuted. ' PLUTO_NM_CONF:
>| cmd(1040):IGURED='1' ipsec _updown:
>"nm-conn1" #2: down-client output: flushing local nameserver of redhat.com
>"nm-conn1" #2: down-client output: ok
>"nm-conn1" #2: down-client output: ok removed 0 rrsets, 0 messages and 0 key entries
>"nm-conn1" #2: down-client output: ok
>| delete esp.f6d9e95b@66.187.233.55
>| delete inbound eroute 0.0.0.0/0:0 --0-> 10.10.63.42/32:0 => unk255.10000@10.200.138.69 (raw_eroute)
>| raw_eroute result=1 
>| delete esp.b1344e6d@10.200.138.69
>| processing connection nm-conn1
>"nm-conn1" #1: deleting state (STATE_MAIN_I4)
>| deleting event for #1
>| deleting state #1
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   82 a0 20 0f  0a fd b1 f1
>|    responder cookie:
>|   6f 8d 6e b7  5e 73 64 7b
>|    next payload type: ISAKMP_NEXT_HASH
>|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
>|    exchange type: ISAKMP_XCHG_INFO
>|    flags: ISAKMP_FLAG_ENCRYPTION
>|    message ID:  29 3d 5c cd
>| ***emit ISAKMP Hash Payload:
>|    next payload type: ISAKMP_NEXT_D
>| emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
>| emitting length of ISAKMP Hash Payload: 24
>| ***emit ISAKMP Delete Payload:
>|    next payload type: ISAKMP_NEXT_NONE
>|    DOI: ISAKMP_DOI_IPSEC
>|    protocol ID: 1
>|    SPI size: 16
>|    number of SPIs: 1
>| emitting 16 raw bytes of delete payload into ISAKMP Delete Payload
>| delete payload  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>| emitting length of ISAKMP Delete Payload: 28
>| hmac_update data value: 
>|   29 3d 5c cd
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| hmac_update data value: 
>|   00 00 00 1c  00 00 00 01  01 10 00 01  82 a0 20 0f
>|   0a fd b1 f1  6f 8d 6e b7  5e 73 64 7b
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| HASH(1) computed:
>|   44 42 3b 10  d3 f4 79 b0  fc 48 56 93  3d 6c ae 99
>|   c9 a4 64 26
>| last Phase 1 IV:  91 67 12 98  8b a1 84 b9  42 bb ba 36  7f 78 06 9d
>| current Phase 1 IV:  54 6a 2a 18  6b f1 c6 1f  e1 7d fb 2e  01 6d d8 57
>| computed Phase 2 IV:
>|   56 55 13 c8  90 ca a3 ee  9b 1c 14 17  45 a0 da e7
>|   ad bb b7 cc
>| encrypting:
>|   0c 00 00 18  44 42 3b 10  d3 f4 79 b0  fc 48 56 93
>|   3d 6c ae 99  c9 a4 64 26  00 00 00 1c  00 00 00 01
>|   01 10 00 01  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b
>| IV:
>|   56 55 13 c8  90 ca a3 ee  9b 1c 14 17  45 a0 da e7
>|   ad bb b7 cc
>| unpadded size is: 52
>| emitting 12 zero bytes of encryption padding into ISAKMP Message
>| encrypting 64 using OAKLEY_AES_CBC
>| NSS do_aes: enter
>| NSS do_aes: exit
>| next IV:  3a 0c d1 6e  0c 4e 88 61  83 25 01 2b  38 14 e6 48
>| no IKE message padding required
>| emitting length of ISAKMP Message: 92
>| sending 96 bytes for delete notify through wlp3s0:4500 to 66.187.233.55:4500 (using #1)
>|   00 00 00 00  82 a0 20 0f  0a fd b1 f1  6f 8d 6e b7
>|   5e 73 64 7b  08 10 05 01  29 3d 5c cd  00 00 00 5c
>|   01 24 c2 f1  6d 9a 18 90  ad ef 0a 1c  1a 8d f1 1c
>|   54 bc 6b 81  6c bc ed 5c  32 13 62 92  8d 3f b3 14
>|   0f 03 26 94  f9 db bc fb  db dc 65 35  25 bf 62 50
>|   3a 0c d1 6e  0c 4e 88 61  83 25 01 2b  38 14 e6 48
>| deleting event for #1
>| no suspended cryptographic state for 1 
>| ICOOKIE:  82 a0 20 0f  0a fd b1 f1
>| RCOOKIE:  6f 8d 6e b7  5e 73 64 7b
>| state hash entry 19
>"nm-conn1": ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
>| route owner of "nm-conn1" unrouted: NULL
>| command executing unroute-client
>| executing unroute-client: 2>&1 PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@RH-standard' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0  PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Violators will be pr
>| popen cmd is 1043 chars long
>| cmd(   0):2>&1 PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1':
>| cmd(  80): PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69:
>| cmd( 160):' PLUTO_MY_ID='@RH-standard' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NE:
>| cmd( 240):T='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_M:
>| cmd( 320):Y_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID=':
>| cmd( 400):66.187.233.55' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLU:
>| cmd( 480):TO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_:
>| cmd( 560):PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+X:
>| cmd( 640):AUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAU:
>| cmd( 720):TH_FAILED=0  PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_:
>| cmd( 800):DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER:
>| cmd( 880):_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictl:
>| cmd( 960):y prohibited. Violators will be prosecuted. ' PLUTO_NM_CONFIGURED='1' ipsec _upd:
>| cmd(1040):own:
>"nm-conn1": unroute-client output: need at least a destination address
>| route owner of "nm-conn1" unrouted: NULL
>| command executing unroute-client
>| executing unroute-client: 2>&1 PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1' PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_CLIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0  PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INFO='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohibited. Violators will be prosecute
>| popen cmd is 1036 chars long
>| cmd(   0):2>&1 PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='nm-conn1':
>| cmd(  80): PLUTO_INTERFACE='wlp3s0' PLUTO_NEXT_HOP='66.187.233.55' PLUTO_ME='10.200.138.69:
>| cmd( 160):' PLUTO_MY_ID='@' PLUTO_MY_CLIENT='10.10.63.42/32' PLUTO_MY_CLIENT_NET='10.10.63:
>| cmd( 240):.42' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=:
>| cmd( 320):'0' PLUTO_SA_REQID='16384' PLUTO_PEER='66.187.233.55' PLUTO_PEER_ID='66.187.233.:
>| cmd( 400):55' PLUTO_PEER_CLIENT='10.0.0.0/8' PLUTO_PEER_CLIENT_NET='10.0.0.0' PLUTO_PEER_C:
>| cmd( 480):LIENT_MASK='255.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA:
>| cmd( 560):='' PLUTO_STACK='netkey'   PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+AG:
>| cmd( 640):GRESSIVE+IKEv2ALLOW+SAREFTRACK+IKE_FRAG' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL:
>| cmd( 720):ED=0  PLUTO_MY_SOURCEIP='10.10.63.42' PLUTO_IS_PEER_CISCO='1' PLUTO_PEER_DNS_INF:
>| cmd( 800):O='10.11.5.19 10.5.30.160' PLUTO_PEER_DOMAIN_INFO='redhat.com' PLUTO_PEER_BANNER:
>| cmd( 880):='Unauthorized Access to this or any other Red Hat Inc. device is strictly prohi:
>| cmd( 960):bited. Violators will be prosecuted. ' PLUTO_NM_CONFIGURED='1' ipsec _updown:
>| alg_info_delref(0x7fa89f5ca9b0) alg_info->ref_cnt=1
>| alg_info_delref(0x7fa89f5ca9b0) freeing alg_info
>| alg_info_delref(0x7fa89f5c94b0) alg_info->ref_cnt=1
>| alg_info_delref(0x7fa89f5c94b0) freeing alg_info
>| crl fetch request list locked by 'free_crl_fetch'
>| crl fetch request list unlocked by 'free_crl_fetch'
>| authcert list locked by 'free_authcerts'
>| authcert list unlocked by 'free_authcerts'
>| crl list locked by 'free_crls'
>| crl list unlocked by 'free_crls'
>shutting down interface lo/lo ::1:500
>shutting down interface lo/lo 127.0.0.1:4500
>shutting down interface lo/lo 127.0.0.1:500
>shutting down interface wlp3s0/wlp3s0 10.200.138.69:4500
>shutting down interface wlp3s0/wlp3s0 10.200.138.69:500
>shutting down interface virbr0/virbr0 192.168.122.1:4500
>shutting down interface virbr0/virbr0 192.168.122.1:500

Actions: View

Attachments on bug 1088038: 887115 | 887116 | 887117 | 887118