Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 946953 Details for
Bug 1152625
[TAHI][IKEv2] IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96 fail
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Test Log
37.html (text/html), 135.34 KB, created by
Hangbin Liu
on 2014-10-14 15:01:33 UTC
(
hide
)
Description:
Test Log
Filename:
MIME Type:
Creator:
Hangbin Liu
Created:
2014-10-14 15:01:33 UTC
Size:
135.34 KB
patch
obsolete
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN""http://www.w3c.org/TR/REC-html40/strict.dtd"> ><HTML> ><HEAD> ><TITLE>IPv6 Conformance Test Report</TITLE> ><META NAME="GENERATOR" CONTENT="TAHI IPv6 Conformance Test Kit"> ><script type="text/javascript"> > >var packets = new Array(); > >var POP_ID_PREFIX = "pop"; >var PACKET_INFO_PREFIX = "koiPacketInfo"; > >var COLOR_BG = "#ffdddd"; > >var WINDOW_HEIGHT = 300; >var WINDOW_WIDTH = 300; >var OFFSET_HEIGHT = 5; >var OFFSET_WIDTH = 20; > >var IE = false; >var FF = false; >var NN4 = false; >if (document.all) { > IE = true; >} >else if (document.getElementById) { > FF = true; >} >else if (document.layers) { > NN4 = true; >} > >function popup(id, event) { > var header, footer, pos_x, pos_y, str; > > if (NN4) { > return; > } > > header = '<div style="'; > // header += 'width:' + WINDOW_WIDTH + ';'; > header += 'background-color:' + COLOR_BG + ';'; > header += 'border-width:3pt;'; > header += 'border-style:solid;'; > header += 'border-color:' + COLOR_BG + ';'; > //header += 'padding:0;' > //header += 'margin:0;'; > header += '">'; > > footer = '</div>'; > > str = header; > str += '<pre style="line-height:90%">'; > str += getPacket(id); > str += '</pre>'; > str += footer; > > key = POP_ID_PREFIX + id; > > if (IE) { > pos_x = document.body.scrollLeft+event.clientX; > pos_y = document.body.scrollTop+event.clientY; > document.all(key).style.pixelLeft = pos_x+OFFSET_WIDTH; > document.all(key).style.pixelTop = pos_y+OFFSET_HEIGHT; > document.all(key).innerHTML = str; > document.all(key).style.visibility = 'visible'; > } > else if (FF) { > pos_x = event.pageX; > pos_y = event.pageY; > document.getElementById(key).style.left = pos_x+OFFSET_WIDTH + 'px'; > document.getElementById(key).style.top = pos_y+OFFSET_HEIGHT + 'px'; > document.getElementById(key).innerHTML = str; > document.getElementById(key).style.visibility = 'visible'; > } > else if (NN4) { > pos_x = event.pageX; > pos_y = event.pageY; > document.layers[key].moveTo(pos_x+OFFSET_WIDTH, pos_y+OFFSET_HEIGHT); > document.layers[key].document.open(); > document.layers[key].document.write(str); > document.layers[key].document.close(); > document.layers[key].visibility = 'show'; > } >} > >function popdown(id) { > key = POP_ID_PREFIX + id; > if (IE) { > document.all(key).style.visibility = "hidden"; > } > else if (FF) { > document.getElementById(key).style.visibility = "hidden"; > } > else if (NN4) { > document.layers[key].visibility = "hidden"; > } >} > >function getPacket(id) { > if (packets[id]) { > return packets[id]; > } > > var str = getInnerHTML(PACKET_INFO_PREFIX + id); > str = trimTag(str, 'pre'); > packets[id] = str; > return str; >} > >function getInnerHTML(id) { > if (IE) { > return document.all(id).innerHTML; > } > else if (FF) { > return document.getElementById(id).innerHTML; > } >} > >function trimTag(str, tagName) { > var index = str.indexOf('<' + tagName); > index = str.indexOf('>', index + 1); > > var lastIndex = str.lastIndexOf('</' + tagName + '>'); > lastIndex = (lastIndex < 0) ? str.length : lastIndex; > > return str.substring(index + 1, lastIndex); >} > ></script> ></HEAD> > ><BODY BGCOLOR="#F0F0F0"> ><H1>Test Information</H1> ><TABLE BORDER=1> ><TR><TD>Title</TD><TD>Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> ><TR><TD>CommandLine</TD><TD>./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> ><TR><TD>Script</TD><TD><A HREF="./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq">./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq</A></TD></TR> ><TR><TD>Packet</TD><TD><A HREF="./packets/EN-EN.def">./packets/EN-EN.def</A></TD></TR> ><TR><TD>TestVersion</TD><TD>REL_1_1_1</TD></TR> ><TR><TD>ToolVersion</TD><TD>REL_2_2_0</TD></TR> ><TR><TD>Start</TD><TD>2014/10/14 15:08:11</TD></TR> ><TR><TD>Tn</TD><TD>/usr/local/koi//etc//tn.def</TD></TR> ><TR><TD>Nu</TD><TD>/usr/local/koi//etc//nut.def</TD></TR> ></TABLE> > ><HR><H1>Test Sequence Execution Log</H1> ><TABLE BORDER=1> ><TR><TD>15:08:11</TD><TD>Start</TD></TR> ><TR><TD><br></TD><TD> ><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST SETUP</B></U></FONT><tr VALIGN="top"> ><td></td> ><td width="100%">initializing IKEv2 module ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">configuring Common Topology for End-Node: End-Node to End-Node ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">parsing ./config.pl ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>Link A prefix</TD><TD>2001:0db8:0001:0001</TD></TR><TR><TD>Link X prefix</TD><TD>2001:0db8:000f:0001</TD></TR><TR><TD>Link A link-local address (TR1)</TD><TD>fe80::f</TD></TR><TR><TD>Link A global address (NUT)</TD><TD>2001:0db8:0001:0001::1234</TD></TR><TR><TD>pre-shared key (TN)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>pre-shared key (NUT)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>IKE_SA Lifetime</TD><TD>64</TD></TR><TR><TD>CHILD_SA Lifetime</TD><TD>128</TD></TR><TR><TD>IKE_SA_INIT Request RetransTimer</TD><TD>41</TD></TR><TR><TD>IKE_AUTH Request RetransTimer</TD><TD>16</TD></TR><TR><TD>CREATE_CHILD_SA Request RetransTimer</TD><TD>16</TD></TR><TR><TD>INFORMATIONAL Request RetransTimer</TD><TD>16</TD></TR><TR><TD>Liveness Check Timer</TD><TD>32</TD></TR><TR><TD># of Half-Open IKE_SAs to contain N(COOKIE)</TD><TD>32</TD></TR></TABLE></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">setting up TN ...</td> ></tr> ><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")<BR> ><PRE>net.inet6.ip6.forwarding: 0 -> 1 ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 create")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 up")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:11</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:14</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > inet6 fe80::f%em1 prefixlen 64 scopeid 0xa > inet6 2001:db8:1:1::f prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 2001:db8:f:1::1 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:14</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -D")<BR> ><PRE>No SAD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:14</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -F")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:17</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -D")<BR> ><PRE>No SAD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:17</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -DP")<BR> ><PRE>No SPD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:17</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -FP")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:08:20</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -DP")<BR> ><PRE>No SPD entries. ></PRE></TD> ></TR><tr VALIGN="top"> ><td></td> ><td width="100%">setting up NUT ...</td> ></tr> ></TD> ></TR> ><TR VALIGN="TOP"><TD>15:08:20</TD> ><TD width="100%"> >kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76583sec preferred_lft 76583sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76578sec preferred_lft 76578sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 2001:db8:1:1::1234/64 scope global > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:08:43</TD> ><TD width="100%"> >kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 >[root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:09:09</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup stop >Redirecting to: systemctl stop ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:09:28</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# rpm -q libreswan >libreswan-3.10-2.el7.x86_64 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF >> %any %any : PSK 'IKETEST12345678!' >> EOF >[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets > 1 %any %any : PSK 'IKETEST12345678!' >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets > 1 %any %any : PSK 'IKETEST12345678!' >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets >-rw-------. 1 root wheel 35 Oct 14 22:58 /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF >> config setup >> protostack=netkey >> plutodebug="all crypt" >> plutostderrlog="/tmp/pluto.log" >> conn ikev2 >> left=2001:0db8:0001:0001::1234 >> right=2001:0db8:000f:0001::1 >> leftid=2001:0db8:0001:0001::1234 >> rightid=2001:0db8:000f:0001::1 >> type=transport >> auto=start >> connaddrfamily=ipv6 >> authby=secret >> phase2=esp >> phase2alg=3des-aes_xcbc >> ike=3des-sha1;modp1024 >> ikev2=insist >> EOF >[root@dhcp12-166 ~]# cat -n /etc/ipsec.conf > 1 config setup > 2 protostack=netkey > 3 plutodebug="all crypt" > 4 plutostderrlog="/tmp/pluto.log" > 5 conn ikev2 > 6 left=2001:0db8:0001:0001::1234 > 7 right=2001:0db8:000f:0001::1 > 8 leftid=2001:0db8:0001:0001::1234 > 9 rightid=2001:0db8:000f:0001::1 > 10 type=transport > 11 auto=start > 12 connaddrfamily=ipv6 > 13 authby=secret > 14 phase2=esp > 15 phase2alg=3des-aes_xcbc > 16 ike=3des-sha1;modp1024 > 17 ikev2=insist >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# echo > /tmp/pluto.log >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ls -l /etc/ipsec.conf >-rw-------. 1 root wheel 472 Oct 14 22:58 /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup start >Redirecting to: systemctl start ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR><TD><br></TD><TD> ><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST PROCEDURE</B></U></FONT><FONT COLOR="#000000" SIZE="+1"><U><B>Part D: Integrity Algorithm AUTH_AES_XCBC_96.</B></U></FONT><PRE> (I) (R) > NUT TN1 > | | > |-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>15:09:54</TD><TD> >Clear Buffer<BR> >done<BR> ></TD> ></TR> > ><TR VALIGN="TOP"><TD>15:09:54</TD> ><TD width="100%"> >kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate''<br> >kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate<br> > ><A NAME="kRemoteAsync13535"></A> ><A HREF="#kRemoteAsyncWait13535">Link to remote control log</A> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>15:09:54</TD><TD> >Listen<br> SrcAddr:2001:0db8:000f:0001::1 SrcPort:500<br> >done<BR> > listening at SocketID:3<br> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>15:09:54</TD><TD> >Receive<BR> > SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> >done<BR> > received from SocketID:4<br> ><A NAME="koiPacket1"></A> ><A HREF="#koiPacketDump1" onmouseover="popup(1,event);"onmouseout="popdown(1);">receive packet #1</A> ><div id="pop1" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre>Compare the received packet with packets('common_remote_index')</pre></td> ></tr> ><TR VALIGN="top"> ><TD></TD><TD><B>Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N)</B></TD></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>IKE Header</b> ><b>OK</b> initSPI: (received: 2b9e2976e4888c81, expected: 0000000000000000, comp: ne) ><b>OK</b> respSPI: (received: 0000000000000000, expected: 0000000000000000, comp: eq) ><b>OK</b> nexttype: (received: SA, expected: SA, comp: eq) ><b>OK</b> major: (received: 2, expected: 2, comp: eq) ><b>OK</b> minor: (received: 0, expected: 0, comp: eq) ><b>OK</b> exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> initiator: (received: 1, expected: 1, comp: eq) ><b>OK</b> higher: (received: 0, expected: 0, comp: eq) ><b>OK</b> response: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> messID: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 284, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Security Association Payload</b> ><b>OK</b> nexttype: (received: KE, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 44, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>SA Proposal Comparison</b> ><b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) ><b>OK</b> PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) ><b>OK</b> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) ><b>OK</b> D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) ><b>OK</b> ESN: (received:, expected:) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Proposal Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> proposalLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> number: (received: 1, expected: 1, comp: eq) ><b>OK</b> id: (received: IKE, expected: IKE, comp: eq) ><b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformCount: (received: 4, expected: 4, comp: eq) ><b>OK</b> spi: (received: , expected: , comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: PRF, expected: PRF, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: INTEG, expected: INTEG, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: D-H, expected: D-H, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Key Exchange Payload</b> ><b>OK</b> nexttype: (received: Ni, Nr, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 136, expected: any, comp: already checked) ><b>OK</b> group: (received: 2, expected: 2, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> publicKey: (received: 164433323839852007720260567486870006701328959574288093717591131064809643038667874319814917056016781305150513465270644123295341592026858578502230187169961729526960653025035769212504078431133835138377190740436510186183141862866904337029730765266496547695113283483619449679912216861241658911629747040229709050460, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Nonce Payload</b> ><b>OK</b> nexttype: (received: N, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 20, expected: (20, 260), comp: range) ><b>OK</b> nonce: (received: 114675264310958199027242078242273506070, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><b>Match with packet('common_remote_index')</b></td> ></tr> ><TR><TD><br></TD><TD> ><PRE> (I) (R) > NUT TN1 > | | > |<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>15:09:55</TD><TD> >Clear Buffer<BR> >done<BR> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>15:09:55</TD><TD> >Send<BR> >done<BR> > sent to SocketID:4<br> ><A NAME="koiPacket2"></A> ><A HREF="#koiPacketDump2" onmouseover="popup(2,event);"onmouseout="popdown(2);">send packet #2</A> ><div id="pop2" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>g^i</TD><TD>ea292be1849348eede51aa32f3413ca52e799eb07fd127e80b6d403331d5e14c564e5275e99d31fa11da84102da47805efdfe7c548d41eaf6ebbbaa590feba1c1383b8903bb8512cc2c929360d3b8cd051f87806348c50254fe8a611ae5ac449e8e19793e393d4b272aedcd974b85e444dda5a4018f15c1957d89b9682cff25c</TD></TR><TR><TD>g^r</TD><TD>baf15071535a2d74608ecc22c1d4ded019bd0ced40a5ba7689a8df49f99c7410608ddf379df6a72b48e908bb6fb5a3ec0eded75584f2ec7afcc6259a91c2338b669ffa011477a3080827e695018ff16849ba5318c3540c01a5840a9cb593c50416f3e756c437276a5c075ffd73da9a37ec750a89640cc62a6a191e368e9a23f6</TD></TR><TR><TD>g^ir</TD><TD>5b6c1b70967db4dfcaa49ba8a4cce913cf09922226566e9c282a70b4638567d2570d28f98a69f7558a376f847389e7546057c338233c456461ff5a15fd0f70365187dc40a3d9c97f19d2ad0434756f1c7942d4137a6f36a6b1ccce39327a00b497f6096df31a5f9c7b09f452a19e5285723ed28c82058423dc6bf05112d3f120</TD></TR><TR><TD>Ni</TD><TD>5645a70cf90ac1940648c7b51a7c3316</TD></TR><TR><TD>Nr</TD><TD>f94d4e97815868e903508765acbfb98d2cfa656bfa15bf28d70c951261fae4fcfab5e0</TD></TR><TR><TD>SPIi</TD><TD>2b9e2976e4888c81</TD></TR><TR><TD>SPIr</TD><TD>fb83ef30b2063530</TD></TR><TR><TD>IKEv2 Transform Type 1 Algorithms</TD><TD>3DES</TD></TR><TR><TD>IKEv2 Transform Type 2 Algorithms</TD><TD>HMAC_SHA1</TD></TR><TR><TD>IKEv2 Transform Type 3 Algorithms</TD><TD>HMAC_SHA1_96</TD></TR></TABLE></td> ></tr> ><TR><TD><br></TD><TD> ><PRE> (I) (R) > NUT TN1 > | | > |-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr}) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>15:09:55</TD><TD> >Receive<BR> > SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> >done<BR> > received from SocketID:4<br> ><A NAME="koiPacket3"></A> ><A HREF="#koiPacketDump3" onmouseover="popup(3,event);"onmouseout="popdown(3);">receive packet #3</A> ><div id="pop3" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre><b>Check Authentication: OK</b> >expected(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6) >received(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6)</pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">Compare the received packet with packets('EN-I-1-1-6-2.D.1')</td> ></tr> ><TR VALIGN="top"> ><TD></TD><TD><B>Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N))</B></TD></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>IKE Header</b> ><b>OK</b> initSPI: (received: 2b9e2976e4888c81, expected: 2b9e2976e4888c81, comp: eq) ><b>OK</b> respSPI: (received: fb83ef30b2063530, expected: fb83ef30b2063530, comp: eq) ><b>OK</b> nexttype: (received: E, expected: E, comp: eq) ><b>OK</b> major: (received: 2, expected: 2, comp: eq) ><b>OK</b> minor: (received: 0, expected: 0, comp: eq) ><b>OK</b> exchType: (received: IKE_AUTH, expected: IKE_AUTH, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> initiator: (received: 1, expected: 1, comp: eq) ><b>OK</b> higher: (received: 0, expected: 0, comp: eq) ><b>OK</b> response: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> messID: (received: 1, expected: 1, comp: eq) ><b>OK</b> length: (received: 252, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Encrypted Payload</b> ><b>OK</b> innerType: (received: IDi, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 28, expected: any, comp: already checked) ><b>OK</b> iv: (received: 7CEC0F67 CFD332F0, expected: any, comp: already checked) ><b>OK</b> checksum: (received: 6591A251 E9385344 3E542C39, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Identification Payload - Initiator</b> ><b>OK</b> nexttype: (received: AUTH, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 24, expected: any, comp: already checked) ><b>OK</b> type: (received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> value: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Authentication Payload</b> ><b>OK</b> nexttype: (received: SA, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 28, expected: any, comp: already checked) ><b>OK</b> method: (received: SK_MIC, expected: SK_MIC, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> data: (received: c0c39eccb3019f2822951da9fcf2fdb52d90c4d6, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Notify Payload</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 8, expected: any, comp: already checked) ><b>OK</b> id: (received: 0, expected: 0, comp: eq) ><b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) ><b>OK</b> type: (received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq) ><b>OK</b> spi: (received: , expected: , comp: eq) ><b>OK</b> data: (received: , expected: , comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Security Association Payload</b> ><b>OK</b> nexttype: (received: TSi, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 40, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>SA Proposal Comparison</b> ><b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) ><b>OK</b> PRF: (received:, expected:) ><font color='#ff0000'><b>NG</b></font> INTEG: (received:INTEG_NONE, expected:INTEG_AES_XCBC_96) ><b>OK</b> D-H: (received:, expected:) ><b>OK</b> ESN: (received:ESN_No ESN, expected:ESN_No ESN) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><font color='#ff0000'><b>NG</b></font> The number of matched SA Proposals is not enough. ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Proposal Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> proposalLen: (received: 36, expected: any, comp: already checked) ><b>OK</b> number: (received: 1, expected: 1, comp: eq) ><b>OK</b> id: (received: ESP, expected: ESP, comp: eq) ><b>OK</b> spiSize: (received: 4, expected: 4, comp: eq) ><b>OK</b> transformCount: (received: 3, expected: 3, comp: eq) ><b>OK</b> spi: (received: 4a7b2df0, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ESN, expected: ESN, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: No ESN, expected: No ESN, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector Payload - Initiator</b> ><b>OK</b> nexttype: (received: TSr, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 48, expected: any, comp: already checked) ><b>OK</b> count: (received: 1, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector</b> ><b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) ><b>OK</b> protocol: (received: 0, expected: 0, comp: eq) ><b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> sport: (received: 0, expected: 0, comp: eq) ><b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) ><b>OK</b> saddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ><b>OK</b> eaddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector Payload - Responder</b> ><b>OK</b> nexttype: (received: N, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 48, expected: any, comp: already checked) ><b>OK</b> count: (received: 1, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector</b> ><b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) ><b>OK</b> protocol: (received: 0, expected: 0, comp: eq) ><b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> sport: (received: 0, expected: 0, comp: eq) ><b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) ><b>OK</b> saddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) ><b>OK</b> eaddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><b>Not match with packet('EN-I-1-1-6-2.D.1')</b></td> ></tr> ><TR><TD><br></TD><TD> ><FONT COLOR="#ff0000">Can't observe IKE_AUTH request.</FONT><tr VALIGN="top"> ><td></td> ><td width="100%"><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST CLEANUP</B></U></FONT></td> ></tr> ></TD> ></TR> > ><TR VALIGN="TOP"><TD>15:09:55</TD> ><TD> >kRemoteAsyncWait() ><PRE><A NAME="kRemoteAsyncWait13535"></A> ><A HREF="#kRemoteAsync13535">Link to remote control start point</A> >DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1 >PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes >64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.194 ms > >--- 2001:0db8:000f:0001::1 ping statistics --- >1 packets transmitted, 1 received, 0% packet loss, time 0ms >rtt min/avg/max/mdev = 0.194/0.194/0.194/0.000 ms >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%">cleaning up NUT ...</td> ></tr> ><TR VALIGN="TOP"><TD>15:10:13</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >src 2001:db8:f:1::1 dst 2001:db8:1:1::1234 > proto esp spi 0x4a7b2df0 reqid 16385 mode tunnel > replay-window 0 > sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup stop >Redirecting to: systemctl stop ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:10:34</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat /tmp/pluto.log >nss directory plutomain: /etc/ipsec.d >NSS Initialized >libcap-ng support [enabled] >FIPS HMAC integrity verification test passed >FIPS: pluto daemon NOT running in FIPS mode >Linux audit support [disabled] >Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:952 >core dump dir: /var/run/pluto >secrets file: /etc/ipsec.secrets >leak-detective disabled >SAref support [disabled]: Protocol not available >SAbind support [disabled]: Protocol not available >NSS crypto [enabled] >XAUTH PAM support [enabled] > NAT-Traversal support [enabled] >| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds >| event added at head of queue >| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds >| event added at head of queue >| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds >| event added after event EVENT_PENDING_DDNS >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) >starting up 3 crypto helpers >started thread for crypto helper 0 (master fd 7) >| status value returned by setting the priority of this thread (crypto helper 0) 22 >| crypto helper 0 waiting on fd 8 >| status value returned by setting the priority of this thread (crypto helper 1) 22 >| crypto helper 1 waiting on fd 10 >started thread for crypto helper 1 (master fd 9) >started thread for crypto helper 2 (master fd 11) >| status value returned by setting the priority of this thread (crypto helper 2) 22 >Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64 >| crypto helper 2 waiting on fd 13 >| process 952 listening for PF_KEY_V2 on file descriptor 16 >| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH >| 02 07 00 02 02 00 00 00 01 00 00 00 b8 03 00 00 >| pfkey_get: K_SADB_REGISTER message 1 >| AH registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP >| 02 07 00 03 02 00 00 00 02 00 00 00 b8 03 00 00 >| pfkey_get: K_SADB_REGISTER message 2 >| kernel_alg_init(): memset(0x7fb1cc39d840, 0, 2048) memset(0x7fb1cc39e040, 0, 2048) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72 >| kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88 >| kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C) >| kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C) >ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) >Warning: failed to register algo_aes_ccm_8 for IKE >ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) >Warning: failed to register algo_aes_ccm_12 for IKE >ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) >Warning: failed to register algo_aes_ccm_16 for IKE >ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) >Warning: failed to register algo_aes_gcm_8 for IKE >ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) >Warning: failed to register algo_aes_gcm_12 for IKE >ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) >Warning: failed to register algo_aes_gcm_16 for IKE >| Registered AEAD AES CCM/GCM algorithms >| ESP registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP >| 02 07 00 09 02 00 00 00 03 00 00 00 b8 03 00 00 >| pfkey_get: K_SADB_REGISTER message 3 >| IPCOMP registered with kernel. >| Registered AH, ESP and IPCOMP >| Changed path to directory '/etc/ipsec.d/c >acerts' > loading CA cert file 'cacert.pem' (956 bytes) >| cert blob content is not binary ASN.1 >| -----BEGIN CERTIFICATE----- >| -----END CERTIFICATE----- >| file coded in PEM format >| L0 - certificate: >| 30 82 02 96 30 82 01 ff a0 03 02 01 02 02 09 00 >| e9 c4 8c 87 1a a6 61 03 30 0d 06 09 2a 86 48 86 >| f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 >| 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c >| 06 72 65 64 68 61 74 31 15 30 13 06 03 55 04 07 >| 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c >| 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 >| 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d >| 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 1e 17 >| 0d 31 34 30 31 31 36 30 37 32 31 30 31 5a 17 0d >| 32 34 30 31 31 34 30 37 32 31 30 31 5a 30 64 31 >| 0b 30 09 06 03 55 04 06 13 02 58 58 31 0f 30 0d >| 06 03 55 04 08 0c 06 72 65 64 68 61 74 31 15 30 >| 13 06 03 55 04 07 0c 0c 44 65 66 61 75 6c 74 20 >| 43 69 74 79 31 1c 30 1a 06 03 55 04 0a 0c 13 44 >| 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c >| 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 72 65 64 >| 68 61 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d >| 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 >| ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f ef >| 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f cb >| 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 9a >| 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 12 >| c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad 91 >| 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e d1 >| 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb 59 >| 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 df >| 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 1d 0e >| 04 16 04 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 >| 81 72 b6 01 9a 9a 8b 0c 30 1f 06 03 55 1d 23 04 >| 18 30 16 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 >| 85 81 72 b6 01 9a 9a 8b 0c 30 0c 06 03 55 1d 13 >| 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 >| 0d 01 01 05 05 00 03 81 81 00 38 fc 71 85 b3 9c >| b3 b8 87 36 39 ef c1 d3 95 ba c3 1f 60 51 83 f3 >| e6 04 16 97 3d f1 20 67 e0 db 11 f8 f5 e6 c0 c9 >| b1 1f ea 9b 4b 70 be 5d f7 86 5b 2a 1a 08 f5 19 >| b0 d2 53 70 cc 4b 1d b3 3a 64 2a 5d 9a 1e 94 97 >| 41 7d dd cb 0d 78 4a ff 81 95 de 8b c9 fc a6 86 >| 20 2a 40 38 60 ba 3c 00 cc a3 d8 d3 e8 2b 07 7c >| 6a cb 3d c3 4b f3 b4 3f e6 98 39 30 9b 8d ed e2 >| af 0e 10 6c d7 3a 3c d8 79 33 >| L1 - tbsCertificate: >| 30 82 01 ff a0 03 02 01 02 02 09 00 e9 c4 8c 87 >| 1a a6 61 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 >| 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 13 02 >| 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 >| 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c 44 65 >| 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 >| 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d >| 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 >| 03 0c 06 72 65 64 68 61 74 30 1e 17 0d 31 34 30 >| 31 31 36 30 37 32 31 30 31 5a 17 0d 32 34 30 31 >| 31 34 30 37 32 31 30 31 5a 30 64 31 0b 30 09 06 >| 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 >| 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 >| 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 >| 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 >| 00 03 81 8d 00 30 81 89 02 81 81 00 ae c7 47 c1 >| c6 91 cc 8c 11 9d e5 75 03 3a 0f ef 75 7d 06 a4 >| 9f 55 cc 1f ec cc 1e 53 94 ef 7f cb 20 76 2f 11 >| f1 40 f1 3c 7c dc a1 f6 bd 67 03 9a 81 64 a6 34 >| ed 04 5c 41 15 bc 8d a0 0a c9 c1 12 c2 65 >58 6a >| 4e d0 69 2a 58 53 23 3c 67 14 ad 91 60 7c 3d 6c >| c3 d7 34 bb 7a 17 f6 67 05 85 0e d1 02 f8 74 7b >| 32 33 c1 b7 11 3d 97 de 8f 25 eb 59 85 fa cf 50 >| 5a e6 7c 91 51 4b a3 d7 b1 20 b6 df 02 03 01 00 >| 01 a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14 >| 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 >| 9a 9a 8b 0c 30 1f 06 03 55 1d 23 04 18 30 16 80 >| 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 >| 01 9a 9a 8b 0c 30 0c 06 03 55 1d 13 04 05 30 03 >| 01 01 ff >| L2 - DEFAULT v1: >| L3 - version: >| 02 >| v3 >| L2 - serialNumber: >| 00 e9 c4 8c 87 1a a6 61 03 >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - validity: >| L3 - notBefore: >| L4 - utcTime: >| 'Jan 16 07:21:01 UTC 2014' >| L3 - notAfter: >| L4 - utcTime: >| 'Jan 14 07:21:01 UTC 2024' >| L2 - subject: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - subjectPublicKeyInfo: >| L3 - algorithm: >| L4 - algorithmIdentifier: >| L5 - algorithm: >| 'rsaEncryption' >| L3 - subjectPublicKey: >| L4 - RSAPublicKey: >| L5 - modulus: >| 00 ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f >| ef 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f >| cb 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 >| 9a 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 >| 12 c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad >| 91 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e >| d1 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb >| 59 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 >| df >| L5 - publicExponent: >| 01 00 01 >| L2 - optional extensions: >| L3 - extensions: >| L4 - extension: >| L5 - extnID: >| 'subjectKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 04 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 >| b6 01 9a 9a 8b 0c >| L6 - keyIdentifier: >| 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 >| 9a 9a 8b 0c >| L4 - extension: >| L5 - extnID: >| 'authorityKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 16 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 >| 81 72 b6 01 9a 9a 8b 0c >| L6 - authorityKeyIdentifier: >| L7 - keyIdentifier: >| 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 >| b6 01 9a 9a 8b 0c >| L8 - keyIdentifier: >| 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 >| 9a 9a 8b 0c >| L4 - extension: >| L5 - extnID: >| 'basicConstraints' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 03 01 01 ff >| L6 - basicConstraints: >| L7 - CA: >| ff >| TRUE >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 38 fc 71 85 b3 9c b3 b8 87 36 39 ef c1 d3 95 >| ba c3 1f 60 51 83 f3 e6 04 16 97 3d f1 20 67 e0 >| db 11 f8 f5 e6 c0 c9 b1 1f ea 9b 4b 70 be 5d f7 >| 86 5b 2a 1a 08 f5 19 b0 d2 53 70 cc 4b 1d b3 3a >| 64 2a 5d 9a 1e 94 97 41 7d dd cb 0d 78 4a ff 81 >| 95 de 8b c9 fc a6 86 20 2a 4 >0 38 60 ba 3c 00 cc >| a3 d8 d3 e8 2b 07 7c 6a cb 3d c3 4b f3 b4 3f e6 >| 98 39 30 9b 8d ed e2 af 0e 10 6c d7 3a 3c d8 79 >| 33 >| authcert list locked by 'add_authcert' >| authcert inserted >| authcert list unlocked by 'add_authcert' >| Changing to directory '/etc/ipsec.d/crls' > loading crl file 'crl.pem' (483 bytes) >| cert blob content is not binary ASN.1 >| -----BEGIN X509 CRL----- >| -----END X509 CRL----- >| file coded in PEM format >| L0 - certificateList: >| 30 82 01 3c 30 81 a6 02 01 01 30 0d 06 09 2a 86 >| 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 >| 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 >| 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 >| 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 17 >| 0d 31 34 30 31 31 36 30 37 32 31 30 33 5a 17 0d >| 31 34 30 32 31 35 30 37 32 31 30 33 5a a0 0e 30 >| 0c 30 0a 06 03 55 1d 14 04 03 02 01 01 30 0d 06 >| 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 >| 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 bf >| 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 12 >| c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f fe >| 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 97 >| a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 60 >| 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f a3 >| d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f 4a >| 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a 38 >| L1 - tbsCertList: >| 30 81 a6 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d >| 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 >| 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 >| 65 64 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c >| 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a >| 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 >| 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 >| 55 04 03 0c 06 72 65 64 68 61 74 17 0d 31 34 30 >| 31 31 36 30 37 32 31 30 33 5a 17 0d 31 34 30 32 >| 31 35 30 37 32 31 30 33 5a a0 0e 30 0c 30 0a 06 >| 03 55 1d 14 04 03 02 01 01 >| L2 - version: >| 01 >| v2 >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - thisUpdate: >| L3 - utcTime: >| 'Jan 16 07:21:03 UTC 2014' >| L2 - nextUpdate: >| L3 - utcTime: >| 'Feb 15 07:21:03 UTC 2014' >| L2 - optional extensions: >| L3 - crlExtensions: >| L4 - extension: >| L5 - extnID: >| 55 1d 14 >| L5 - critical: >| FALSE >| L5 - extnValue: >| 02 01 01 >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 >| bf 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 >| 12 c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f >| fe 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 >| 97 a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 >| 60 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f >| a3 d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f >| 4a 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a >| 38 >| authcert list locked by 'insert_crl' >| crl issuer cacert found >| signature algorithm: 'sha-1WithRSAEncryption' >| digest: 02 80 08 b9 93 f4 76 f6 5b e >3 07 9d 0a 7f 5e 40 >| digest: 13 77 6e df >| NSS cert: modulus : >| 00 ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f >| ef 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f >| cb 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 >| 9a 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 >| 12 c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad >| 91 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e >| d1 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb >| 59 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 >| df >| NSS cert: exponent : >| 01 00 01 >| NSS: input signature : >| 00 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 >| bf 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 >| 12 c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f >| fe 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 >| 97 a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 >| 60 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f >| a3 d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f >| 4a 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a >| 38 >| RSA Signature length is 128 >| NSS digest sig: 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 02 >| NSS digest sig: 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 13 >| NSS digest sig: 77 6e df >| NSS: length of digest sig = 35 >| NSS scratchpad plus computed digest sig: >| 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 02 >| 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 13 >| 77 6e df >| NSS adjusted digest sig: >| 02 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 >| 13 77 6e df >| NSS expected digest sig: >| 02 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 >| 13 77 6e df >| NSS: RSA Signature verified, hash values matched >| authcert list unlocked by 'insert_crl' >| valid crl signature >| crl list locked by 'insert_crl' >| crl list unlocked by 'insert_crl' >| selinux support is enabled. >| inserting event EVENT_LOG_DAILY, timeout in 3706 seconds >| event added after event EVENT_REINIT_SECRET >| next event EVENT_PENDING_DDNS in 60 seconds >| calling addconn helper using execve >| >| *received whack message >| entering aalg_getbyname_ike() >| raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1 >| Added new connection ikev2 with policy PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| from whack: got --esp=3des-aes_xcbc >| esp string values: 3DES(3)_000-AES_XCBC(9)_000 >| ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2) >| counting wild cards for 2001:db8:1:1::1234 is 0 >| counting wild cards for 2001:db8:f:1::1 is 0 >added connection description "ikev2" >| 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1> >| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 59 seconds >| next event EVENT_PENDING_DDNS in 59 seconds >| >| *received whack message >listening for IKE messages >| Inspecting interface lo >| found lo with address 127.0.0.1 >| Inspecting interface p7p1 >| found p7p1 with address 10.66.13.22 >| Inspecting interface p6p1 >| found p6p1 with address 192.168.0.10 >adding interface p6p1/p6p1 192.168.0.10:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface p6p1/p6p1 192.168.0.10:4500 >adding interface p7p1/p7p1 10.66.13.22:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface p7p1/p7p1 10.66.13.22:4500 >adding interface lo/lo 127.0.0.1:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface lo/lo 127.0.0.1:4500 >| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 >| found p6p2 with address 3ffe:0501:ffff:0101:0215:17ff:fe3c:c669 >| found p6p1 with address 3ffe:0501:ffff:0100:0215:17ff:fe3c:c668 >| found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234 >adding interface p6p1/p6p1 2001:db8:1:1::1234:500 >adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >adding interface lo/lo ::1:500 >| connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none >| certs and keys locked by 'free_preshared_secrets' >| certs and keys unlocked by 'free_preshard_secrets' >loading secrets from "/etc/ipsec.secrets" >| id type added to secret(0x7fb1cdedd540) PPK_PSK: %any >| id type added to secret(0x7fb1cdedd540) PPK_PSK: %any >| Processing PSK at line 1: passed >| certs and keys locked by 'process_secret' >| certs and keys unlocked by 'process_secret' >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 59 seconds >| next event EVENT_PENDING_DDNS in 59 seconds >| >| *received whack message >| processing connection ikev2 >| kernel_alg_db_new() initial trans_cnt=128 >| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 >| kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9 >| returning new proposal from esp_info >| creating state object #1 at 0x7fb1cdedd6d0 >| processing connection ikev2 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 9 >| inserting state object #1 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 >| event added at head of queue >| processing connection ikev2 >| Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2" >"ikev2" #1: initiating v2 parent SA >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0) >| #1 send_crypto_helper_request:519 st->st_calculating = TRUE; >| crypto helper 0 read fd: 8 >| crypto helper 0 doing build_kenonce; request ID 1 >| deleting event for #1 >| NSS: Value of Prime: >| ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 >| c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 >| 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd >| ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 >| 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 >| f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed >| ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 >| 49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff >| NSS: Value of base: >| 02 >| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 >| event added after event EVENT_PENDING_PHASE2 >| * processed 0 messages from cryptographic helpers >| NSS: generated dh priv and pub keys: 128 >| NSS: Local DH secret (pointer): 0x7fb1cded1bf0 >| NSS: Public DH value sent(computed in NSS): >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 8 >2 cf f2 5c >| NSS: Local DH public value (pointer): 0x7fb1cdec8a60 >| next event EVENT_PENDING_DDNS in 59 seconds >| next event EVENT_PENDING_DDNS in 59 seconds >| Generated nonce: >| 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 >| reaped addconn helper child >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 1 >| calling continuation function 0x7fb1cc0c32b0 >| ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1 >| processing connection ikev2 >| #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE; >| ikev2_parent_outI1_tail for #1 >| saving DH priv (local secret) and pub key into state struct >| **emit ISAKMP Message: >| initiator cookie: >| 2b 9e 29 76 e4 88 8c 81 >| responder cookie: >| 00 00 00 00 00 00 00 00 >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 00 >| ***emit IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| ****emit IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| emitting length of IKEv2 Proposal Substructure Payload: 40 >| emitting length of IKEv2 Security Association Payload: 44 >| ***emit IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| DH group: OAKLEY_GROUP_MODP1024 >| emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload >| ikev2 g^x ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| ikev2 g^x 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| ikev2 g^x 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ikev2 g^x ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| ikev2 g^x 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| ikev2 g^x 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| ikev2 g^x e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| ikev2 g^x 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| emitting length of IKEv2 Key Exchange Payload: 136 >| ***emit IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload >| IKEv2 nonce 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 >| emitting length of IKEv2 Nonce Payload: 20 >| NAT-Traversal support [enabled] add v2N payloads. >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7fb1cc3825c0(20) >| natd_hash: icookie= 2b 9e 29 76 e4 88 8c 81 >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= ea c6 11 df d3 0d d4 bd df 8a 4c c5 c7 59 50 13 >| natd_hash: hash= 81 b7 b0 65 >| Adding a v2N Paylo >ad >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data ea c6 11 df d3 0d d4 bd df 8a 4c c5 c7 59 50 13 >| Notify data 81 b7 b0 65 >| emitting length of IKEv2 Notify Payload: 28 >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7fb1cc3825c0(20) >| natd_hash: icookie= 2b 9e 29 76 e4 88 8c 81 >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= e5 c8 c5 9b d9 fb 64 77 6b 2c 95 2e 16 48 66 db >| natd_hash: hash= 3b 52 2a 40 >| Adding a v2N Payload >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data e5 c8 c5 9b d9 fb 64 77 6b 2c 95 2e 16 48 66 db >| Notify data 3b 52 2a 40 >| emitting length of IKEv2 Notify Payload: 28 >| no IKE message padding required >| emitting length of ISAKMP Message: 284 >| sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 >| 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df >| d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 >| 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 >| 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 >| deleting event for #1 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| complete v2 state transition with STF_OK >"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 >"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 >| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event >| * processed 1 messages from cryptographic helpers >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 49 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 >| 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df >| d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 >| 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 >| 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 39 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 >| 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df >| d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 >| 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 >| 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 >| inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 20 seconds for #1 >| >| *received 247 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500) >| 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 >| 21 20 22 20 00 00 00 00 00 00 00 f7 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ba f1 50 71 53 5a 2d 74 60 8e cc 22 c1 d4 de d0 >| 19 bd 0c ed 40 a5 ba 76 89 a8 df 49 f9 9c 74 10 >| 60 8d df 37 9d f6 a7 2b 48 e9 08 bb 6f b5 a3 ec >| 0e de d7 55 84 f2 ec 7a fc c6 25 9a 91 c2 33 8b >| 66 9f fa 01 14 77 a3 08 08 27 e6 95 01 8f f1 68 >| 49 ba 53 18 c3 54 0c 01 a5 84 0a 9c b5 93 c5 04 >| 16 f3 e7 56 c4 37 27 6a 5c 07 5f fd 73 da 9a 37 >| ec 75 0a 89 64 0c c6 2a 6a 19 1e 36 8e 9a 23 f6 >| 00 00 00 27 f9 4d 4e 97 81 58 68 e9 03 50 87 65 >| ac bf b9 8d 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 >| 61 fa e4 fc fa b5 e0 >| **parse ISAKMP Message: >| initiator cookie: >| 2b 9e 29 76 e4 88 8c 81 >| responder cookie: >| fb 83 ef 30 b2 06 35 30 >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_MSG_RESPONSE >| message ID: 00 00 00 00 >| length: 247 >| processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34) >| I am receiving an IKE Response >| I am the IKE SA Original Initiator >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: fb 83 ef 30 b2 06 35 30 >| state hash entry 25 >| parent v2 state object not found >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 9 >| parent v2 peer and cookies match on #1 >| v2 state object #1 found, in STATE_PARENT_I1 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 9 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: fb 83 ef 30 b2 06 35 30 >| state hash entry 25 >| inserting state object #1 >| state found and its state is STATE_PARENT_I1 >| selected state microcode Initiator: process anti-spoofing cookie >| #1 state_busy:1855 st != NULL && st->st_calculating == FALSE; >| processing connection ikev2 >| Now let's proceed with payload (ISAKMP_NEXT_v2SA) >| ***parse IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| length: 44 >| processing payload: ISAKMP_NEXT_v2SA (len=44) >| Now let's proceed with payload (ISAKMP_NEXT_v2KE) >| ***parse IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| length: 136 >| DH group: OAKLEY_GROUP_MODP1024 >| processing payload: ISAKMP_NEXT_v2KE (len=136) >| Now let's proceed with payload (ISAKMP_NEXT_v2Ni) >| ***parse IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| length: 39 >| processing payload: ISAKMP_NEXT_v2Ni (len=39) >| ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| Now lets proceed with state specific processing >| calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| ikev2 parent inR1: calculating g^{xy} in order to send I2 >| DH public value received: >| ba f1 50 71 53 5a 2d 74 60 8e cc 22 c1 d4 de d0 >| 19 bd 0c ed 40 a5 ba 76 89 a8 df 49 f9 9c 74 10 >| 60 8d df 37 9d f6 a7 2b 48 e9 08 bb 6f b5 a3 ec >| 0e de d7 55 84 f2 ec 7a fc c6 25 9a 91 c2 33 8b >| 66 9f fa 01 14 77 a3 08 08 27 e6 95 01 8f f1 68 >| 49 ba 53 18 c3 54 0c 01 a5 84 0a 9c b5 93 c5 04 >| 16 f3 e7 56 c4 37 27 6a 5c 07 5f fd 73 da 9a 37 >| ec 75 0a 89 64 0c c6 2a 6a 19 1e 36 8e 9a 23 f6 >| ****parse IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| length: 40 >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| ipprotoid is '1' >| considering Transform Type TRANS_TYPE_ENCR, TransID 3 >| encrid(3), keylen(-1), encr_keylen(-1) >| proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1)) >| considering Transform Type TRANS_TYPE_INTEG, TransID 2 >| succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1)) >| considering Transform Type TRANS_TYPE_PRF, TransID 2 >| succeeded prf= (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1)) >| considering Transform Type TRANS_TYPE_DH, TransID 2 >| succeeded dh= (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024) >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES >| Copying DH pub key pointer to be sent to a thread helper >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0) >| #1 ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:11:20</TD> ><TD width="100%"> >kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 > ><PRE>DEBUG : start kRemoteLogin >Connected >arted DH shared-secret computation in NSS: >| Dropped no leading zeros 128 >| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 746 usec >| NSS: Started key computation >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24 >| skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha >| ni: 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 >| nr: f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d >| nr: 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc >| nr: fa b5 e0 >| NSS: digisig skeyid pointer: 0x7fb1c000a7c0 >| PRF+ input >| Ni 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 >| Nr f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d >| Nr 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc >| Nr fa b5 e0 >| SPIi 2b 9e 29 76 e4 88 8c 81 >| SPIr fb 83 ef 30 b2 06 35 30 >| Total keysize needed 148 >| NSS ikev2: finished computing key material for IKEv2 SA >| NSS ikev2: finished computing individual keys for IKEv2 SA >| calc_skeyseed_v2 pointers: shared 0x7fb1c00043d0, skeyseed 0x7fb1c000a7c0, SK_d 0x7fb1c000c0c0, SK_ai 0x7fb1c0008f40, SK_ar 0x7fb1c000d890, SK_ei 0x7fb1c00075b0, SK_er 0x7fb1c0000d40, SK_pi 0x7fb1c000f1a0, SK_pr 0x7fb1c0010ab0 >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 2 >| calling continuation function 0x7fb1cc0c3e80 >| ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 >| processing connection ikev2 >| #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE; >| duplicating state object #1 >| creating state object #2 at 0x7fb1cdedf500 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: fb 83 ef 30 b2 06 35 30 >| state hash entry 25 >| inserting state object #2 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 >| event added at head of queue >| deleting event for #1 >| inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1 >| event added after event EVENT_LOG_DAILY >| **emit ISAKMP Message: >| initiator cookie: >| 2b 9e 29 76 e4 88 8c 81 >| responder cookie: >| fb 83 ef 30 b2 06 35 30 >| next payload type: ISAKMP_NEXT_v2E >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_AUTH >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 01 >| ***emit IKEv2 Encryption Payload: >| next payload type: ISAKMP_NEXT_v2IDi >| critical bit: none >| emitting 8 zero bytes of iv into IKEv2 Encryption Payload >| IKEv2 thinking whether to send my certificate: >| my policy has no RSASIG, the policy is : PSK+ENCRYPT+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| sendcert: CERT_ALWAYSSEND and I did not get a certificate request >| so do not send cert. >| I did not send a certificate because digital s > >ignatures are not being used. (PSK) >| *****emit IKEv2 Identification Payload: >| next payload type: ISAKMP_NEXT_v2AUTH >| critical bit: none >| id_type: ID_IPV6_ADDR >| emitting 16 raw bytes of my identity into IKEv2 Identification Payload >| my identity 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting length of IKEv2 Identification Payload: 24 >| idhash calc I2 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| idhash calc I2 00 00 12 34 >| hmac_update data value: >| 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| 00 00 12 34 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| *****emit IKEv2 Authentication Payload: >| next payload type: ISAKMP_NEXT_v2SA >| critical bit: none >| auth method: IKEv2_AUTH_SHARED >| started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_PSK >| 1: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 >| 2: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 >| line 1: match=2 >| best_match 0>2 best=0x7fb1cdedd540 (line=1) >| concluding with best_match=2 best=0x7fb1cdedd540 (lineno=1) >| hmac_update data value: >| 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 >| 32 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| negotiated prf: oakley_sha hash length: 20 >| inner prf output 39 cf c8 93 0c 25 cb 0e 02 cc 09 14 9e 4e 66 ea >| inner prf output 6b 6a a6 1e >| hmac_update data value: >| 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 >| 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df >| d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 >| 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 >| 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| hmac_update data value: >| f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d >| 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc >| fa b5 e0 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| hmac_update data value: >| fe 21 c7 df 19 a9 4d e3 ce 7f 5d a3 c9 59 e7 58 >| 62 c4 fa e8 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| inputs to hash1 (first packet) >| 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 >| 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c >| 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 >| ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c >| 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 >| 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 >| e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 >| 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c >| 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 >| 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df >| d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 >| 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 >| 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 >| inputs to hash2 (responder nonce) >| f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d >| 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc >| fa b5 e0 >| idhash fe 21 c7 df 19 a9 4d e3 ce 7f 5d a3 c9 59 e7 58 >| idhash 62 c4 fa e8 >| PSK auth octets c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 >| PSK auth octets 2d 90 c4 d6 >| emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload >| PSK auth c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 >| PSK auth 2d 90 c4 d6 >| emitting length of IKEv2 Authentication Payload: 28 >| getting first pending from state #1 >| kernel_alg_db_new() initial trans_cnt=128 >| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 >| kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9 >| returning new proposal from esp_info >| *****emit IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2TSi >| critical bit: none >| netlink_get_spi: allocated 0x4a7b2df0 for esp:0@2001:db8:1:1::1234 >| ******emit IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_ESP >| spi size: 4 >| # transforms: 3 >| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload >| our spi 4a 7b 2d f0 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_NONE >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| IKEv2 transform type: TRANS_TYPE_ESN >| IKEv2 transform ID: ESN_DISABLED >| emitting length of IKEv2 Transform Substructure Payload: 8 >| emitting length of IKEv2 Proposal Substructure Payload: 36 >| emitting length of IKEv2 Security Association Payload: 40 >| *****emit IKEv2 Traffic Selector Payload: >| next payload type: ISAKMP_NEXT_v2TSr >| critical bit: none >| number of TS: 1 >| ******emit IKEv2 Traffic Selector: >| TS type: IKEv2_TS_IPV6_ADDR_RANGE >| IP Protocol ID: 0 >| start port: 0 >| end port: 65535 >| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector >| ipv6 low 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector >| ipv6 high 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting length of IKEv2 Traffic Selector: 40 >| emitting length of IKEv2 Traffic Selector Payload: 48 >| *****emit IKEv2 Traffic Selector Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| number of TS: 1 >| ******emit IKEv2 Traffic Selector: >| TS type: IKEv2_TS_IPV6_ADDR_RANGE >| IP Protocol ID: 0 >| start port: 0 >| end port: 65535 >| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector >| ipv6 low 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 >| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector >| ipv6 high 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 >| emitting length of IKEv2 Traffic Selector: 40 >| emitting length of IKEv2 Traffic Selector Payload: 48 >| Initiator child policy is transport mode, sendin >g v2N_USE_TRANSPORT_MODE >| Adding a v2N Payload >| *****emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_USE_TRANSPORT_MODE >| emitting 0 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data >| emitting length of IKEv2 Notify Payload: 8 >| emitting 4 raw bytes of padding and length into cleartext >| padding and length 00 01 02 03 >| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload >| emitting length of IKEv2 Encryption Payload: 224 >| emitting length of ISAKMP Message: 252 >| data before encryption: >| 27 00 00 18 05 00 00 00 20 01 0d b8 00 01 00 01 >| 00 00 00 00 00 00 12 34 21 00 00 1c 02 00 00 00 >| c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 >| 2d 90 c4 d6 2c 00 00 28 00 00 00 24 01 03 04 03 >| 4a 7b 2d f0 03 00 00 08 01 00 00 03 03 00 00 08 >| 03 00 00 00 00 00 00 08 05 00 00 00 2d 00 00 30 >| 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 >| 00 01 00 01 00 00 00 00 00 00 12 34 20 01 0d b8 >| 00 01 00 01 00 00 00 00 00 00 12 34 29 00 00 30 >| 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 >| 00 0f 00 01 00 00 00 00 00 00 00 01 20 01 0d b8 >| 00 0f 00 01 00 00 00 00 00 00 00 01 00 00 00 08 >| 00 00 40 07 00 01 02 03 >| NSS: do_3des init start >| NSS: do_3des init end >| data after encryption: >| ab 26 26 ad 11 33 c4 19 72 43 dd 9c cd cf d8 64 >| 4f 7a 3c 83 5f f5 94 73 12 ed 2a 8c c1 32 41 71 >| f8 7c 03 98 68 e2 8c 5d 68 14 72 8c c1 5c 7b 3a >| 6a 61 c6 5c 15 cd e1 57 51 b1 4a 7d 50 6a 59 19 >| 4f e0 2f 75 db be 5a c3 ef 9f fc 57 51 d0 45 e7 >| a1 38 af 4f 50 a4 9f f7 16 f6 67 60 10 c8 89 0b >| 2e 14 f5 1f 9c cc dd c5 a9 52 3e 3e 63 32 07 d4 >| 68 37 51 2c 80 2c c9 9e d0 5d 5f fa 91 68 42 c0 >| c6 fd fe d5 bd bc 1a ec bc dc b0 11 79 9b 8a c2 >| 77 ad eb 76 55 52 06 26 5b b8 31 b9 45 4f 34 6e >| d6 3a 05 fe 25 0d 95 34 8c a1 c5 69 ab 4c 20 e6 >| 1e 76 a3 55 f1 31 c4 c1 62 59 f6 e3 1a a2 a9 82 >| cf 02 e4 f8 ce 6c 17 2f >| Inside authloc >| authkey pointer: 0x7fb1c0008f40 >| Inside authloc after init >| hmac_update data value: >| 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 >| 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 >| 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 >| 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 >| 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d >| 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 >| 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 >| ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 >| 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 >| a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e >| d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec >| bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 >| 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 >| 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 >| 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| Inside authloc after update >| Inside authloc after final >| data being hmac: 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 >| data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 >| data being hmac: 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 >| data being hmac: 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 >| data being hmac: 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d >| data being hmac: 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 >| data being hmac: 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 >| data being hmac: ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 >| data being hmac: > 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 >| data being hmac: a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e >| data being hmac: d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec >| data being hmac: bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 >| data being hmac: 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 >| data being hmac: 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 >| data being hmac: 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f >| out calculated auth: >| 65 91 a2 51 e9 38 53 44 3e 54 2c 39 >| deleting event for #2 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 >| event added at head of queue >| complete v2 state transition with STF_OK >"ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 >"ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024} >| sending reply packet to 2001:db8:f:1::1:500 (from port 500) >| sending 252 bytes for STATE_PARENT_I1 through p6p1:500 to 2001:db8:f:1::1:500 (using #2) >| 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 >| 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 >| 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 >| 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 >| 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d >| 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 >| 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 >| ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 >| 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 >| a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e >| d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec >| bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 >| 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 >| 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 >| 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f >| 65 91 a2 51 e9 38 53 44 3e 54 2c 39 >| V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event >| * processed 1 messages from cryptographic helpers >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #2 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 28 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #2 attempt 1 of 0 >| sending 252 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #2) >| 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 >| 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 >| 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 >| 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 >| 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d >| 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 >| 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 >| ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 >| 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 >| a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e >| d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec >| bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 >| 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 >| 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 >| 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f >| 65 91 a2 51 e9 38 53 44 3e 54 2c 39 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| >| *received whack message >shutting down >| certs and keys locked by 'free_preshared_secrets' >forgetting secrets >| certs and keys unlocked by 'free_preshard_secrets' >| process >ing connection ikev2 >"ikev2": deleting connection >| removing pending policy for "none" {0x7fb1cdedd300} >| processing connection ikev2 >"ikev2" #2: deleting state (STATE_PARENT_I2) >| deleting event for #2 >| deleting state #2 >| deleting event for #2 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: fb 83 ef 30 b2 06 35 30 >| state hash entry 25 >| processing connection ikev2 >"ikev2" #1: deleting state (STATE_PARENT_I2) >| deleting event for #1 >| deleting state #1 >| deleting event for #1 >| ICOOKIE: 2b 9e 29 76 e4 88 8c 81 >| RCOOKIE: fb 83 ef 30 b2 06 35 30 >| state hash entry 25 >| crl fetch request list locked by 'free_crl_fetch' >| crl fetch request list unlocked by 'free_crl_fetch' >| authcert list locked by 'free_authcerts' >| authcert list unlocked by 'free_authcerts' >| crl list locked by 'free_crls' >| crl list unlocked by 'free_crls' >shutting down interface lo/lo ::1:500 >shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 >shutting down interface lo/lo 127.0.0.1:4500 >shutting down interface lo/lo 127.0.0.1:500 >shutting down interface p7p1/p7p1 10.66.13.22:4500 >shutting down interface p7p1/p7p1 10.66.13.22:500 >shutting down interface p6p1/p6p1 192.168.0.10:4500 >shutting down interface p6p1/p6p1 192.168.0.10:500 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>15:12:01</TD> ><TD width="100%"> >kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76362sec preferred_lft 76362sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 2001:db8:1:1::1234/64 scope global > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76357sec preferred_lft 76357sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%">cleaning up TN ...</td> ></tr> ><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")<BR> ><PRE>net.inet6.ip6.forwarding: 1 -> 0 ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > inet6 fe80::f%em1 prefixlen 64 scopeid 0xa > inet6 2001:db8:1:1::f prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 2001:db8:f:1::1 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 down")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 destroy")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:24</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>15:12:27</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><FONT COLOR="#ff0000">FAIL</FONT></td> ></tr> ></TABLE> > ><HR><H1>Packet Reverse Log</H1> ><UL> ><A NAME="koiPacketDump1"></A><A HREF="#koiPacket1">packet #1 at 15:09:55</A> ><div id="koiPacketInfo1"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:1:1::1234 >| | Destination Address = 2001:db8:f:1::1 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 >| | | IKE_SA Responder's SPI = 0000000000000000 >| | | Next Payload = 33 (SA) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 34 (IKE_SA_INIT) >| | | Flags = 8 (0b00001000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 0 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 1 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 0 (0x0) >| | | Length = 284 (0x11c) >| | | SA Payload >| | | | Next Payload = 34 (KE) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 44 (0x2c) >| | | | Proposal #1 >| | | | | Next Payload = 0 (last) >| | | | | RESERVED = 0 >| | | | | Proposal Length = 40 >| | | | | Proposal # = 1 >| | | | | Proposal ID = IKE >| | | | | SPI Size = 0 >| | | | | # of Transforms = 4 >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 1 (ENCR) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 3 (3DES) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 3 (INTEG) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1_96) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 2 (PRF) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1) >| | | | | Transfrom >| | | | | | Next Payload = 0 (last) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 4 (D-H) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (1024 MODP Group) >| | | KE Payload >| | | | Next Payload = 40 (Ni, Nr) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 136 (0x88) >| | | | DH Group # = 2 >| | | | RESERVED = 0 >| | | | Key Exchange Data = 0xea292be1849348eede51aa32f3413ca52e799eb07fd127e80b6d403331d5e14c564e5275e99d31fa11da84102da47805efdfe7c548d41eaf6ebbbaa590feba1c1383b8903bb8512cc2c929360d3b8cd051f87806348c50254fe8a611ae5ac449e8e19793e393d4b272aedcd974b85e444dda5a4018f15c1957d89b9682cff25c >| | | Ni, Nr Payload >| | | | Next Payload = 41 (N) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 20 (0x14) >| | | | Nonce Data = 5645a70cf90ac1940648c7b51a7c3316 >| | | N Payload >| | | | Next Payload = 41 (N) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 28 (0x1c) >| | | | Protocol ID = 0 (no relation) >| | | | SPI Size = 0 >| | | | Notify Message Type = 16388 (NAT_DETECTION_SOURCE_IP) >| | | | Notification Data = eac611dfd30dd4bddf8a4cc5c759501381b7b065,40 >| | | N Payload >| | | | Next Payload = 0 (0) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 28 (0x1c) >| | | | Protocol ID = 0 (no relation) >| | | | SPI Size = 0 >| | | | Notify Message Type = 16389 (NAT_DETECTION_DESTINATION_IP) >| | | | Notification Data = e5c8c59bd9fb64776b2c952e164866db3b522a40,40 ></pre> ></div> ><hr> > ><A NAME="koiPacketDump2"></A><A HREF="#koiPacket2">packet #2 at 15:09:55</A> ><div id="koiPacketInfo2"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:f:1::1 >| | Destination Address = 2001:db8:1:1::1234 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 >| | | IKE_SA Responder's SPI = fb83ef30b2063530 >| | | Next Payload = 33 (SA) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 34 (IKE_SA_INIT) >| | | Flags = 32 (0b00100000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 1 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 0 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 0 (0x0) >| | | Length = 247 (0xf7) >| | | SA Payload >| | | | Next Payload = 34 (KE) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 44 (0x2c) >| | | | Proposal #1 >| | | | | Next Payload = 0 (last) >| | | | | RESERVED = 0 >| | | | | Proposal Length = 40 >| | | | | Proposal # = 1 >| | | | | Proposal ID = IKE >| | | | | SPI Size = 0 >| | | | | # of Transforms = 4 >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 1 (ENCR) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 3 (3DES) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 2 (PRF) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 3 (INTEG) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1_96) >| | | | | Transfrom >| | | | | | Next Payload = 0 (last) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 4 (D-H) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (1024 MODP Group) >| | | KE Payload >| | | | Next Payload = 40 (Ni, Nr) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 136 (0x88) >| | | | DH Group # = 2 >| | | | RESERVED = 0 >| | | | Key Exchange Data = 0xbaf15071535a2d74608ecc22c1d4ded019bd0ced40a5ba7689a8df49f99c7410608ddf379df6a72b48e908bb6fb5a3ec0eded75584f2ec7afcc6259a91c2338b669ffa011477a3080827e695018ff16849ba5318c3540c01a5840a9cb593c50416f3e756c437276a5c075ffd73da9a37ec750a89640cc62a6a191e368e9a23f6 >| | | Ni, Nr Payload >| | | | Next Payload = 0 (0) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 39 (0x27) >| | | | Nonce Data = f94d4e97815868e903508765acbfb98d2cfa656bfa15bf28d70c951261fae4fcfab5e0 ></pre> ></div> ><hr> > ><A NAME="koiPacketDump3"></A><A HREF="#koiPacket3">packet #3 at 15:09:55</A> ><div id="koiPacketInfo3"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:1:1::1234 >| | Destination Address = 2001:db8:f:1::1 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 >| | | IKE_SA Responder's SPI = fb83ef30b2063530 >| | | Next Payload = 46 (E) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 35 (IKE_AUTH) >| | | Flags = 8 (0b00001000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 0 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 1 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 1 (0x1) >| | | Length = 252 (0xfc) >| | | E Payload >| | | | Next Payload = 35 (IDi) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 224 (0xe0) >| | | | Initialization Vector = 7cec0f67cfd332f0 >| | | | Encrypted IKE Payloads >| | | | | IDi Payload >| | | | | | Next Payload = 39 (AUTH) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 24 (0x18) >| | | | | | ID Type = 5 (IPV6_ADDR) >| | | | | | RESERVED = 0 >| | | | | | Identification Data = 20010db8000100010000000000001234 (2001:db8:1:1::1234) >| | | | | AUTH Payload >| | | | | | Next Payload = 33 (SA) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 28 (0x1c) >| | | | | | Auth Method = 2 (SK_MIC) >| | | | | | RESERVED = 0 >| | | | | | Authentication Data = c0c39eccb3019f2822951da9fcf2fdb52d90c4d6 >| | | | | SA Payload >| | | | | | Next Payload = 44 (TSi) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 40 (0x28) >| | | | | | Proposal #1 >| | | | | | | Next Payload = 0 (last) >| | | | | | | RESERVED = 0 >| | | | | | | Proposal Length = 36 >| | | | | | | Proposal # = 1 >| | | | | | | Proposal ID = ESP >| | | | | | | SPI Size = 4 >| | | | | | | # of Transforms = 3 >| | | | | | | SPI = 4a7b2df0 >| | | | | | | Transfrom >| | | | | | | | Next Payload = 3 (Transform) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 1 (ENCR) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 3 (3DES) >| | | | | | | Transfrom >| | | | | | | | Next Payload = 3 (Transform) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 3 (INTEG) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 0 (NONE) >| | | | | | | Transfrom >| | | | | | | | Next Payload = 0 (last) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 5 (ESN) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 0 (No ESN) >| | | | | TSi Payload >| | | | | | Next Payload = 45 (TSr) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 48 (0x30) >| | | | | | Number of TSs = 1 >| | | | | | RESERVED = 0 >| | | | | | Traffic Selector >| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) >| | | | | | | IP Protocol ID = 0 (any) >| | | | | | | Selector Length = 40 >| | | | | | | Start Port = 0 >| | | | | | | End Port = 65535 >| | | | | | | Starting Address = 20010db8000100010000000000001234 >| | | | | | | Ending Address = 20010db8000100010000000000001234 >| | | | | TSr Payload >| | | | | | Next Payload = 41 (N) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 48 (0x30) >| | | | | | Number of TSs = 1 >| | | | | | RESERVED = 0 >| | | | | | Traffic Selector >| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) >| | | | | | | IP Protocol ID = 0 (any) >| | | | | | | Selector Length = 40 >| | | | | | | Start Port = 0 >| | | | | | | End Port = 65535 >| | | | | | | Starting Address = 20010db8000f00010000000000000001 >| | | | | | | Ending Address = 20010db8000f00010000000000000001 >| | | | | N Payload >| | | | | | Next Payload = 0 (0) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 8 (0x8) >| | | | | | Protocol ID = 0 (no relation) >| | | | | | SPI Size = 0 >| | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE) >| | | | Integrity Checksum Data = 6591a251e93853443e542c39 ></pre> ></div> ><hr> > ></UL> > ></BODY> ></HTML> ><!-- 142ae69553b977bbcc14f928f642b1de --> ><!-- fcc3a8184c211968b5f5e186883bdd26 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN""http://www.w3c.org/TR/REC-html40/strict.dtd"> <HTML> <HEAD> <TITLE>IPv6 Conformance Test Report</TITLE> <META NAME="GENERATOR" CONTENT="TAHI IPv6 Conformance Test Kit"> <script type="text/javascript"> var packets = new Array(); var POP_ID_PREFIX = "pop"; var PACKET_INFO_PREFIX = "koiPacketInfo"; var COLOR_BG = "#ffdddd"; var WINDOW_HEIGHT = 300; var WINDOW_WIDTH = 300; var OFFSET_HEIGHT = 5; var OFFSET_WIDTH = 20; var IE = false; var FF = false; var NN4 = false; if (document.all) { IE = true; } else if (document.getElementById) { FF = true; } else if (document.layers) { NN4 = true; } function popup(id, event) { var header, footer, pos_x, pos_y, str; if (NN4) { return; } header = '<div style="'; // header += 'width:' + WINDOW_WIDTH + ';'; header += 'background-color:' + COLOR_BG + ';'; header += 'border-width:3pt;'; header += 'border-style:solid;'; header += 'border-color:' + COLOR_BG + ';'; //header += 'padding:0;' //header += 'margin:0;'; header += '">'; footer = '</div>'; str = header; str += '<pre style="line-height:90%">'; str += getPacket(id); str += '</pre>'; str += footer; key = POP_ID_PREFIX + id; if (IE) { pos_x = document.body.scrollLeft+event.clientX; pos_y = document.body.scrollTop+event.clientY; document.all(key).style.pixelLeft = pos_x+OFFSET_WIDTH; document.all(key).style.pixelTop = pos_y+OFFSET_HEIGHT; document.all(key).innerHTML = str; document.all(key).style.visibility = 'visible'; } else if (FF) { pos_x = event.pageX; pos_y = event.pageY; document.getElementById(key).style.left = pos_x+OFFSET_WIDTH + 'px'; document.getElementById(key).style.top = pos_y+OFFSET_HEIGHT + 'px'; document.getElementById(key).innerHTML = str; document.getElementById(key).style.visibility = 'visible'; } else if (NN4) { pos_x = event.pageX; pos_y = event.pageY; document.layers[key].moveTo(pos_x+OFFSET_WIDTH, pos_y+OFFSET_HEIGHT); document.layers[key].document.open(); document.layers[key].document.write(str); document.layers[key].document.close(); document.layers[key].visibility = 'show'; } } function popdown(id) { key = POP_ID_PREFIX + id; if (IE) { document.all(key).style.visibility = "hidden"; } else if (FF) { document.getElementById(key).style.visibility = "hidden"; } else if (NN4) { document.layers[key].visibility = "hidden"; } } function getPacket(id) { if (packets[id]) { return packets[id]; } var str = getInnerHTML(PACKET_INFO_PREFIX + id); str = trimTag(str, 'pre'); packets[id] = str; return str; } function getInnerHTML(id) { if (IE) { return document.all(id).innerHTML; } else if (FF) { return document.getElementById(id).innerHTML; } } function trimTag(str, tagName) { var index = str.indexOf('<' + tagName); index = str.indexOf('>', index + 1); var lastIndex = str.lastIndexOf('</' + tagName + '>'); lastIndex = (lastIndex < 0) ? str.length : lastIndex; return str.substring(index + 1, lastIndex); } </script> </HEAD> <BODY BGCOLOR="#F0F0F0"> <H1>Test Information</H1> <TABLE BORDER=1> <TR><TD>Title</TD><TD>Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> <TR><TD>CommandLine</TD><TD>./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> <TR><TD>Script</TD><TD><A HREF="./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq">./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq</A></TD></TR> <TR><TD>Packet</TD><TD><A HREF="./packets/EN-EN.def">./packets/EN-EN.def</A></TD></TR> <TR><TD>TestVersion</TD><TD>REL_1_1_1</TD></TR> <TR><TD>ToolVersion</TD><TD>REL_2_2_0</TD></TR> <TR><TD>Start</TD><TD>2014/10/14 15:08:11</TD></TR> <TR><TD>Tn</TD><TD>/usr/local/koi//etc//tn.def</TD></TR> <TR><TD>Nu</TD><TD>/usr/local/koi//etc//nut.def</TD></TR> </TABLE> <HR><H1>Test Sequence Execution Log</H1> <TABLE BORDER=1> <TR><TD>15:08:11</TD><TD>Start</TD></TR> <TR><TD><br></TD><TD> <FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST SETUP</B></U></FONT><tr VALIGN="top"> <td></td> <td width="100%">initializing IKEv2 module ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">configuring Common Topology for End-Node: End-Node to End-Node ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">parsing ./config.pl ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>Link A prefix</TD><TD>2001:0db8:0001:0001</TD></TR><TR><TD>Link X prefix</TD><TD>2001:0db8:000f:0001</TD></TR><TR><TD>Link A link-local address (TR1)</TD><TD>fe80::f</TD></TR><TR><TD>Link A global address (NUT)</TD><TD>2001:0db8:0001:0001::1234</TD></TR><TR><TD>pre-shared key (TN)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>pre-shared key (NUT)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>IKE_SA Lifetime</TD><TD>64</TD></TR><TR><TD>CHILD_SA Lifetime</TD><TD>128</TD></TR><TR><TD>IKE_SA_INIT Request RetransTimer</TD><TD>41</TD></TR><TR><TD>IKE_AUTH Request RetransTimer</TD><TD>16</TD></TR><TR><TD>CREATE_CHILD_SA Request RetransTimer</TD><TD>16</TD></TR><TR><TD>INFORMATIONAL Request RetransTimer</TD><TD>16</TD></TR><TR><TD>Liveness Check Timer</TD><TD>32</TD></TR><TR><TD># of Half-Open IKE_SAs to contain N(COOKIE)</TD><TD>32</TD></TR></TABLE></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">setting up TN ...</td> </tr> <TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")<BR> <PRE>net.inet6.ip6.forwarding: 0 -> 1 </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 create")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 up")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:11</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:14</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:14</TD> <TD width="100%"> ikev2Local("/sbin/setkey -D")<BR> <PRE>No SAD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:14</TD> <TD width="100%"> ikev2Local("/sbin/setkey -F")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:17</TD> <TD width="100%"> ikev2Local("/sbin/setkey -D")<BR> <PRE>No SAD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:17</TD> <TD width="100%"> ikev2Local("/sbin/setkey -DP")<BR> <PRE>No SPD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:17</TD> <TD width="100%"> ikev2Local("/sbin/setkey -FP")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:08:20</TD> <TD width="100%"> ikev2Local("/sbin/setkey -DP")<BR> <PRE>No SPD entries. </PRE></TD> </TR><tr VALIGN="top"> <td></td> <td width="100%">setting up NUT ...</td> </tr> </TD> </TR> <TR VALIGN="TOP"><TD>15:08:20</TD> <TD width="100%"> kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76583sec preferred_lft 76583sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76578sec preferred_lft 76578sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 2001:db8:1:1::1234/64 scope global valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:08:43</TD> <TD width="100%"> kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 [root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:09:09</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:09:28</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# rpm -q libreswan libreswan-3.10-2.el7.x86_64 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF > %any %any : PSK 'IKETEST12345678!' > EOF [root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets 1 %any %any : PSK 'IKETEST12345678!' [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets 1 %any %any : PSK 'IKETEST12345678!' [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets -rw-------. 1 root wheel 35 Oct 14 22:58 /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF > config setup > protostack=netkey > plutodebug="all crypt" > plutostderrlog="/tmp/pluto.log" > conn ikev2 > left=2001:0db8:0001:0001::1234 > right=2001:0db8:000f:0001::1 > leftid=2001:0db8:0001:0001::1234 > rightid=2001:0db8:000f:0001::1 > type=transport > auto=start > connaddrfamily=ipv6 > authby=secret > phase2=esp > phase2alg=3des-aes_xcbc > ike=3des-sha1;modp1024 > ikev2=insist > EOF [root@dhcp12-166 ~]# cat -n /etc/ipsec.conf 1 config setup 2 protostack=netkey 3 plutodebug="all crypt" 4 plutostderrlog="/tmp/pluto.log" 5 conn ikev2 6 left=2001:0db8:0001:0001::1234 7 right=2001:0db8:000f:0001::1 8 leftid=2001:0db8:0001:0001::1234 9 rightid=2001:0db8:000f:0001::1 10 type=transport 11 auto=start 12 connaddrfamily=ipv6 13 authby=secret 14 phase2=esp 15 phase2alg=3des-aes_xcbc 16 ike=3des-sha1;modp1024 17 ikev2=insist [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# echo > /tmp/pluto.log [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ls -l /etc/ipsec.conf -rw-------. 1 root wheel 472 Oct 14 22:58 /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup start Redirecting to: systemctl start ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR><TD><br></TD><TD> <FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST PROCEDURE</B></U></FONT><FONT COLOR="#000000" SIZE="+1"><U><B>Part D: Integrity Algorithm AUTH_AES_XCBC_96.</B></U></FONT><PRE> (I) (R) NUT TN1 | | |-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni) | | V V</PRE><TR VALIGN="TOP"> <TD>15:09:54</TD><TD> Clear Buffer<BR> done<BR> </TD> </TR> <TR VALIGN="TOP"><TD>15:09:54</TD> <TD width="100%"> kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate''<br> kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate<br> <A NAME="kRemoteAsync13535"></A> <A HREF="#kRemoteAsyncWait13535">Link to remote control log</A> </TD> </TR> <TR VALIGN="TOP"> <TD>15:09:54</TD><TD> Listen<br> SrcAddr:2001:0db8:000f:0001::1 SrcPort:500<br> done<BR> listening at SocketID:3<br> </TD> </TR> <TR VALIGN="TOP"> <TD>15:09:54</TD><TD> Receive<BR> SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> done<BR> received from SocketID:4<br> <A NAME="koiPacket1"></A> <A HREF="#koiPacketDump1" onmouseover="popup(1,event);"onmouseout="popdown(1);">receive packet #1</A> <div id="pop1" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><pre>Compare the received packet with packets('common_remote_index')</pre></td> </tr> <TR VALIGN="top"> <TD></TD><TD><B>Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N)</B></TD></TR><tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>IKE Header</b> <b>OK</b> initSPI: (received: 2b9e2976e4888c81, expected: 0000000000000000, comp: ne) <b>OK</b> respSPI: (received: 0000000000000000, expected: 0000000000000000, comp: eq) <b>OK</b> nexttype: (received: SA, expected: SA, comp: eq) <b>OK</b> major: (received: 2, expected: 2, comp: eq) <b>OK</b> minor: (received: 0, expected: 0, comp: eq) <b>OK</b> exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> initiator: (received: 1, expected: 1, comp: eq) <b>OK</b> higher: (received: 0, expected: 0, comp: eq) <b>OK</b> response: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> messID: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 284, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Security Association Payload</b> <b>OK</b> nexttype: (received: KE, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 44, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>SA Proposal Comparison</b> <b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) <b>OK</b> PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) <b>OK</b> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) <b>OK</b> D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) <b>OK</b> ESN: (received:, expected:) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Proposal Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> proposalLen: (received: 40, expected: any, comp: already checked) <b>OK</b> number: (received: 1, expected: 1, comp: eq) <b>OK</b> id: (received: IKE, expected: IKE, comp: eq) <b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) <b>OK</b> transformCount: (received: 4, expected: 4, comp: eq) <b>OK</b> spi: (received: , expected: , comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: PRF, expected: PRF, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: INTEG, expected: INTEG, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: D-H, expected: D-H, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Key Exchange Payload</b> <b>OK</b> nexttype: (received: Ni, Nr, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 136, expected: any, comp: already checked) <b>OK</b> group: (received: 2, expected: 2, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> publicKey: (received: 164433323839852007720260567486870006701328959574288093717591131064809643038667874319814917056016781305150513465270644123295341592026858578502230187169961729526960653025035769212504078431133835138377190740436510186183141862866904337029730765266496547695113283483619449679912216861241658911629747040229709050460, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Nonce Payload</b> <b>OK</b> nexttype: (received: N, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 20, expected: (20, 260), comp: range) <b>OK</b> nonce: (received: 114675264310958199027242078242273506070, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><b>Match with packet('common_remote_index')</b></td> </tr> <TR><TD><br></TD><TD> <PRE> (I) (R) NUT TN1 | | |<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr) | | V V</PRE><TR VALIGN="TOP"> <TD>15:09:55</TD><TD> Clear Buffer<BR> done<BR> </TD> </TR> <TR VALIGN="TOP"> <TD>15:09:55</TD><TD> Send<BR> done<BR> sent to SocketID:4<br> <A NAME="koiPacket2"></A> <A HREF="#koiPacketDump2" onmouseover="popup(2,event);"onmouseout="popdown(2);">send packet #2</A> <div id="pop2" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>g^i</TD><TD>ea292be1849348eede51aa32f3413ca52e799eb07fd127e80b6d403331d5e14c564e5275e99d31fa11da84102da47805efdfe7c548d41eaf6ebbbaa590feba1c1383b8903bb8512cc2c929360d3b8cd051f87806348c50254fe8a611ae5ac449e8e19793e393d4b272aedcd974b85e444dda5a4018f15c1957d89b9682cff25c</TD></TR><TR><TD>g^r</TD><TD>baf15071535a2d74608ecc22c1d4ded019bd0ced40a5ba7689a8df49f99c7410608ddf379df6a72b48e908bb6fb5a3ec0eded75584f2ec7afcc6259a91c2338b669ffa011477a3080827e695018ff16849ba5318c3540c01a5840a9cb593c50416f3e756c437276a5c075ffd73da9a37ec750a89640cc62a6a191e368e9a23f6</TD></TR><TR><TD>g^ir</TD><TD>5b6c1b70967db4dfcaa49ba8a4cce913cf09922226566e9c282a70b4638567d2570d28f98a69f7558a376f847389e7546057c338233c456461ff5a15fd0f70365187dc40a3d9c97f19d2ad0434756f1c7942d4137a6f36a6b1ccce39327a00b497f6096df31a5f9c7b09f452a19e5285723ed28c82058423dc6bf05112d3f120</TD></TR><TR><TD>Ni</TD><TD>5645a70cf90ac1940648c7b51a7c3316</TD></TR><TR><TD>Nr</TD><TD>f94d4e97815868e903508765acbfb98d2cfa656bfa15bf28d70c951261fae4fcfab5e0</TD></TR><TR><TD>SPIi</TD><TD>2b9e2976e4888c81</TD></TR><TR><TD>SPIr</TD><TD>fb83ef30b2063530</TD></TR><TR><TD>IKEv2 Transform Type 1 Algorithms</TD><TD>3DES</TD></TR><TR><TD>IKEv2 Transform Type 2 Algorithms</TD><TD>HMAC_SHA1</TD></TR><TR><TD>IKEv2 Transform Type 3 Algorithms</TD><TD>HMAC_SHA1_96</TD></TR></TABLE></td> </tr> <TR><TD><br></TD><TD> <PRE> (I) (R) NUT TN1 | | |-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr}) | | V V</PRE><TR VALIGN="TOP"> <TD>15:09:55</TD><TD> Receive<BR> SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> done<BR> received from SocketID:4<br> <A NAME="koiPacket3"></A> <A HREF="#koiPacketDump3" onmouseover="popup(3,event);"onmouseout="popdown(3);">receive packet #3</A> <div id="pop3" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><pre><b>Check Authentication: OK</b> expected(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6) received(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6)</pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">Compare the received packet with packets('EN-I-1-1-6-2.D.1')</td> </tr> <TR VALIGN="top"> <TD></TD><TD><B>Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N))</B></TD></TR><tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>IKE Header</b> <b>OK</b> initSPI: (received: 2b9e2976e4888c81, expected: 2b9e2976e4888c81, comp: eq) <b>OK</b> respSPI: (received: fb83ef30b2063530, expected: fb83ef30b2063530, comp: eq) <b>OK</b> nexttype: (received: E, expected: E, comp: eq) <b>OK</b> major: (received: 2, expected: 2, comp: eq) <b>OK</b> minor: (received: 0, expected: 0, comp: eq) <b>OK</b> exchType: (received: IKE_AUTH, expected: IKE_AUTH, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> initiator: (received: 1, expected: 1, comp: eq) <b>OK</b> higher: (received: 0, expected: 0, comp: eq) <b>OK</b> response: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> messID: (received: 1, expected: 1, comp: eq) <b>OK</b> length: (received: 252, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Encrypted Payload</b> <b>OK</b> innerType: (received: IDi, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 28, expected: any, comp: already checked) <b>OK</b> iv: (received: 7CEC0F67 CFD332F0, expected: any, comp: already checked) <b>OK</b> checksum: (received: 6591A251 E9385344 3E542C39, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Identification Payload - Initiator</b> <b>OK</b> nexttype: (received: AUTH, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 24, expected: any, comp: already checked) <b>OK</b> type: (received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> value: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Authentication Payload</b> <b>OK</b> nexttype: (received: SA, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 28, expected: any, comp: already checked) <b>OK</b> method: (received: SK_MIC, expected: SK_MIC, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> data: (received: c0c39eccb3019f2822951da9fcf2fdb52d90c4d6, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Notify Payload</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 8, expected: any, comp: already checked) <b>OK</b> id: (received: 0, expected: 0, comp: eq) <b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) <b>OK</b> type: (received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq) <b>OK</b> spi: (received: , expected: , comp: eq) <b>OK</b> data: (received: , expected: , comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Security Association Payload</b> <b>OK</b> nexttype: (received: TSi, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 40, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>SA Proposal Comparison</b> <b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) <b>OK</b> PRF: (received:, expected:) <font color='#ff0000'><b>NG</b></font> INTEG: (received:INTEG_NONE, expected:INTEG_AES_XCBC_96) <b>OK</b> D-H: (received:, expected:) <b>OK</b> ESN: (received:ESN_No ESN, expected:ESN_No ESN) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <font color='#ff0000'><b>NG</b></font> The number of matched SA Proposals is not enough. </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Proposal Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> proposalLen: (received: 36, expected: any, comp: already checked) <b>OK</b> number: (received: 1, expected: 1, comp: eq) <b>OK</b> id: (received: ESP, expected: ESP, comp: eq) <b>OK</b> spiSize: (received: 4, expected: 4, comp: eq) <b>OK</b> transformCount: (received: 3, expected: 3, comp: eq) <b>OK</b> spi: (received: 4a7b2df0, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ESN, expected: ESN, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: No ESN, expected: No ESN, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector Payload - Initiator</b> <b>OK</b> nexttype: (received: TSr, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 48, expected: any, comp: already checked) <b>OK</b> count: (received: 1, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector</b> <b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) <b>OK</b> protocol: (received: 0, expected: 0, comp: eq) <b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) <b>OK</b> sport: (received: 0, expected: 0, comp: eq) <b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) <b>OK</b> saddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) <b>OK</b> eaddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector Payload - Responder</b> <b>OK</b> nexttype: (received: N, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 48, expected: any, comp: already checked) <b>OK</b> count: (received: 1, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector</b> <b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) <b>OK</b> protocol: (received: 0, expected: 0, comp: eq) <b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) <b>OK</b> sport: (received: 0, expected: 0, comp: eq) <b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) <b>OK</b> saddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) <b>OK</b> eaddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><b>Not match with packet('EN-I-1-1-6-2.D.1')</b></td> </tr> <TR><TD><br></TD><TD> <FONT COLOR="#ff0000">Can't observe IKE_AUTH request.</FONT><tr VALIGN="top"> <td></td> <td width="100%"><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST CLEANUP</B></U></FONT></td> </tr> </TD> </TR> <TR VALIGN="TOP"><TD>15:09:55</TD> <TD> kRemoteAsyncWait() <PRE><A NAME="kRemoteAsyncWait13535"></A> <A HREF="#kRemoteAsync13535">Link to remote control start point</A> DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1 PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes 64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.194 ms --- 2001:0db8:000f:0001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.194/0.194/0.194/0.000 ms [root@dhcp12-166 ~]# </PRE> </TD></TR> <tr VALIGN="top"> <td></td> <td width="100%">cleaning up NUT ...</td> </tr> <TR VALIGN="TOP"><TD>15:10:13</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list src 2001:db8:f:1::1 dst 2001:db8:1:1::1234 proto esp spi 0x4a7b2df0 reqid 16385 mode tunnel replay-window 0 sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:10:34</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat /tmp/pluto.log nss directory plutomain: /etc/ipsec.d NSS Initialized libcap-ng support [enabled] FIPS HMAC integrity verification test passed FIPS: pluto daemon NOT running in FIPS mode Linux audit support [disabled] Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:952 core dump dir: /var/run/pluto secrets file: /etc/ipsec.secrets leak-detective disabled SAref support [disabled]: Protocol not available SAbind support [disabled]: Protocol not available NSS crypto [enabled] XAUTH PAM support [enabled] NAT-Traversal support [enabled] | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds | event added at head of queue | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds | event added at head of queue | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds | event added after event EVENT_PENDING_DDNS ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) starting up 3 crypto helpers started thread for crypto helper 0 (master fd 7) | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting on fd 8 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting on fd 10 started thread for crypto helper 1 (master fd 9) started thread for crypto helper 2 (master fd 11) | status value returned by setting the priority of this thread (crypto helper 2) 22 Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64 | crypto helper 2 waiting on fd 13 | process 952 listening for PF_KEY_V2 on file descriptor 16 | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH | 02 07 00 02 02 00 00 00 01 00 00 00 b8 03 00 00 | pfkey_get: K_SADB_REGISTER message 1 | AH registered with kernel. | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP | 02 07 00 03 02 00 00 00 02 00 00 00 b8 03 00 00 | pfkey_get: K_SADB_REGISTER message 2 | kernel_alg_init(): memset(0x7fb1cc39d840, 0, 2048) memset(0x7fb1cc39e040, 0, 2048) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72 | kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88 | kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1 | kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A) | kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B) | kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C) | kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A) | kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B) | kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C) ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) Warning: failed to register algo_aes_ccm_8 for IKE ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) Warning: failed to register algo_aes_ccm_12 for IKE ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) Warning: failed to register algo_aes_ccm_16 for IKE ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) Warning: failed to register algo_aes_gcm_8 for IKE ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) Warning: failed to register algo_aes_gcm_12 for IKE ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) Warning: failed to register algo_aes_gcm_16 for IKE | Registered AEAD AES CCM/GCM algorithms | ESP registered with kernel. | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP | 02 07 00 09 02 00 00 00 03 00 00 00 b8 03 00 00 | pfkey_get: K_SADB_REGISTER message 3 | IPCOMP registered with kernel. | Registered AH, ESP and IPCOMP | Changed path to directory '/etc/ipsec.d/c acerts' loading CA cert file 'cacert.pem' (956 bytes) | cert blob content is not binary ASN.1 | -----BEGIN CERTIFICATE----- | -----END CERTIFICATE----- | file coded in PEM format | L0 - certificate: | 30 82 02 96 30 82 01 ff a0 03 02 01 02 02 09 00 | e9 c4 8c 87 1a a6 61 03 30 0d 06 09 2a 86 48 86 | f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 | 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c | 06 72 65 64 68 61 74 31 15 30 13 06 03 55 04 07 | 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c | 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 | 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d | 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 1e 17 | 0d 31 34 30 31 31 36 30 37 32 31 30 31 5a 17 0d | 32 34 30 31 31 34 30 37 32 31 30 31 5a 30 64 31 | 0b 30 09 06 03 55 04 06 13 02 58 58 31 0f 30 0d | 06 03 55 04 08 0c 06 72 65 64 68 61 74 31 15 30 | 13 06 03 55 04 07 0c 0c 44 65 66 61 75 6c 74 20 | 43 69 74 79 31 1c 30 1a 06 03 55 04 0a 0c 13 44 | 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c | 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 72 65 64 | 68 61 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d | 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 | ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f ef | 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f cb | 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 9a | 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 12 | c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad 91 | 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e d1 | 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb 59 | 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 df | 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 1d 0e | 04 16 04 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 | 81 72 b6 01 9a 9a 8b 0c 30 1f 06 03 55 1d 23 04 | 18 30 16 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 | 85 81 72 b6 01 9a 9a 8b 0c 30 0c 06 03 55 1d 13 | 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 | 0d 01 01 05 05 00 03 81 81 00 38 fc 71 85 b3 9c | b3 b8 87 36 39 ef c1 d3 95 ba c3 1f 60 51 83 f3 | e6 04 16 97 3d f1 20 67 e0 db 11 f8 f5 e6 c0 c9 | b1 1f ea 9b 4b 70 be 5d f7 86 5b 2a 1a 08 f5 19 | b0 d2 53 70 cc 4b 1d b3 3a 64 2a 5d 9a 1e 94 97 | 41 7d dd cb 0d 78 4a ff 81 95 de 8b c9 fc a6 86 | 20 2a 40 38 60 ba 3c 00 cc a3 d8 d3 e8 2b 07 7c | 6a cb 3d c3 4b f3 b4 3f e6 98 39 30 9b 8d ed e2 | af 0e 10 6c d7 3a 3c d8 79 33 | L1 - tbsCertificate: | 30 82 01 ff a0 03 02 01 02 02 09 00 e9 c4 8c 87 | 1a a6 61 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 | 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 13 02 | 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 | 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c 44 65 | 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 | 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d | 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 | 03 0c 06 72 65 64 68 61 74 30 1e 17 0d 31 34 30 | 31 31 36 30 37 32 31 30 31 5a 17 0d 32 34 30 31 | 31 34 30 37 32 31 30 31 5a 30 64 31 0b 30 09 06 | 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 | 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 | 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 | 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 | 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f | 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 | 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 | 00 03 81 8d 00 30 81 89 02 81 81 00 ae c7 47 c1 | c6 91 cc 8c 11 9d e5 75 03 3a 0f ef 75 7d 06 a4 | 9f 55 cc 1f ec cc 1e 53 94 ef 7f cb 20 76 2f 11 | f1 40 f1 3c 7c dc a1 f6 bd 67 03 9a 81 64 a6 34 | ed 04 5c 41 15 bc 8d a0 0a c9 c1 12 c2 65 58 6a | 4e d0 69 2a 58 53 23 3c 67 14 ad 91 60 7c 3d 6c | c3 d7 34 bb 7a 17 f6 67 05 85 0e d1 02 f8 74 7b | 32 33 c1 b7 11 3d 97 de 8f 25 eb 59 85 fa cf 50 | 5a e6 7c 91 51 4b a3 d7 b1 20 b6 df 02 03 01 00 | 01 a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14 | 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 | 9a 9a 8b 0c 30 1f 06 03 55 1d 23 04 18 30 16 80 | 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 | 01 9a 9a 8b 0c 30 0c 06 03 55 1d 13 04 05 30 03 | 01 01 ff | L2 - DEFAULT v1: | L3 - version: | 02 | v3 | L2 - serialNumber: | 00 e9 c4 8c 87 1a a6 61 03 | L2 - signature: | L3 - algorithmIdentifier: | L4 - algorithm: | 'sha-1WithRSAEncryption' | L2 - issuer: | 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 | 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 | 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 | 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a | 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e | 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 | 72 65 64 68 61 74 | 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' | L2 - validity: | L3 - notBefore: | L4 - utcTime: | 'Jan 16 07:21:01 UTC 2014' | L3 - notAfter: | L4 - utcTime: | 'Jan 14 07:21:01 UTC 2024' | L2 - subject: | 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 | 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 | 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 | 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a | 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e | 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 | 72 65 64 68 61 74 | 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' | L2 - subjectPublicKeyInfo: | L3 - algorithm: | L4 - algorithmIdentifier: | L5 - algorithm: | 'rsaEncryption' | L3 - subjectPublicKey: | L4 - RSAPublicKey: | L5 - modulus: | 00 ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f | ef 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f | cb 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 | 9a 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 | 12 c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad | 91 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e | d1 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb | 59 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 | df | L5 - publicExponent: | 01 00 01 | L2 - optional extensions: | L3 - extensions: | L4 - extension: | L5 - extnID: | 'subjectKeyIdentifier' | L5 - critical: | FALSE | L5 - extnValue: | 04 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 | b6 01 9a 9a 8b 0c | L6 - keyIdentifier: | 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 | 9a 9a 8b 0c | L4 - extension: | L5 - extnID: | 'authorityKeyIdentifier' | L5 - critical: | FALSE | L5 - extnValue: | 30 16 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 | 81 72 b6 01 9a 9a 8b 0c | L6 - authorityKeyIdentifier: | L7 - keyIdentifier: | 80 14 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 | b6 01 9a 9a 8b 0c | L8 - keyIdentifier: | 68 51 8c 45 43 31 4b a0 0d fd f1 85 81 72 b6 01 | 9a 9a 8b 0c | L4 - extension: | L5 - extnID: | 'basicConstraints' | L5 - critical: | FALSE | L5 - extnValue: | 30 03 01 01 ff | L6 - basicConstraints: | L7 - CA: | ff | TRUE | L1 - signatureAlgorithm: | L2 - algorithmIdentifier: | L3 - algorithm: | 'sha-1WithRSAEncryption' | L1 - signatureValue: | 00 38 fc 71 85 b3 9c b3 b8 87 36 39 ef c1 d3 95 | ba c3 1f 60 51 83 f3 e6 04 16 97 3d f1 20 67 e0 | db 11 f8 f5 e6 c0 c9 b1 1f ea 9b 4b 70 be 5d f7 | 86 5b 2a 1a 08 f5 19 b0 d2 53 70 cc 4b 1d b3 3a | 64 2a 5d 9a 1e 94 97 41 7d dd cb 0d 78 4a ff 81 | 95 de 8b c9 fc a6 86 20 2a 4 0 38 60 ba 3c 00 cc | a3 d8 d3 e8 2b 07 7c 6a cb 3d c3 4b f3 b4 3f e6 | 98 39 30 9b 8d ed e2 af 0e 10 6c d7 3a 3c d8 79 | 33 | authcert list locked by 'add_authcert' | authcert inserted | authcert list unlocked by 'add_authcert' | Changing to directory '/etc/ipsec.d/crls' loading crl file 'crl.pem' (483 bytes) | cert blob content is not binary ASN.1 | -----BEGIN X509 CRL----- | -----END X509 CRL----- | file coded in PEM format | L0 - certificateList: | 30 82 01 3c 30 81 a6 02 01 01 30 0d 06 09 2a 86 | 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 | 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 | 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 | 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 | 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 | 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f | 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 17 | 0d 31 34 30 31 31 36 30 37 32 31 30 33 5a 17 0d | 31 34 30 32 31 35 30 37 32 31 30 33 5a a0 0e 30 | 0c 30 0a 06 03 55 1d 14 04 03 02 01 01 30 0d 06 | 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 | 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 bf | 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 12 | c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f fe | 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 97 | a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 60 | 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f a3 | d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f 4a | 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a 38 | L1 - tbsCertList: | 30 81 a6 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d | 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 | 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 | 65 64 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c | 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a | 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 | 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 | 55 04 03 0c 06 72 65 64 68 61 74 17 0d 31 34 30 | 31 31 36 30 37 32 31 30 33 5a 17 0d 31 34 30 32 | 31 35 30 37 32 31 30 33 5a a0 0e 30 0c 30 0a 06 | 03 55 1d 14 04 03 02 01 01 | L2 - version: | 01 | v2 | L2 - signature: | L3 - algorithmIdentifier: | L4 - algorithm: | 'sha-1WithRSAEncryption' | L2 - issuer: | 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 | 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 | 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 | 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a | 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e | 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 | 72 65 64 68 61 74 | 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' | L2 - thisUpdate: | L3 - utcTime: | 'Jan 16 07:21:03 UTC 2014' | L2 - nextUpdate: | L3 - utcTime: | 'Feb 15 07:21:03 UTC 2014' | L2 - optional extensions: | L3 - crlExtensions: | L4 - extension: | L5 - extnID: | 55 1d 14 | L5 - critical: | FALSE | L5 - extnValue: | 02 01 01 | L1 - signatureAlgorithm: | L2 - algorithmIdentifier: | L3 - algorithm: | 'sha-1WithRSAEncryption' | L1 - signatureValue: | 00 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 | bf 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 | 12 c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f | fe 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 | 97 a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 | 60 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f | a3 d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f | 4a 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a | 38 | authcert list locked by 'insert_crl' | crl issuer cacert found | signature algorithm: 'sha-1WithRSAEncryption' | digest: 02 80 08 b9 93 f4 76 f6 5b e 3 07 9d 0a 7f 5e 40 | digest: 13 77 6e df | NSS cert: modulus : | 00 ae c7 47 c1 c6 91 cc 8c 11 9d e5 75 03 3a 0f | ef 75 7d 06 a4 9f 55 cc 1f ec cc 1e 53 94 ef 7f | cb 20 76 2f 11 f1 40 f1 3c 7c dc a1 f6 bd 67 03 | 9a 81 64 a6 34 ed 04 5c 41 15 bc 8d a0 0a c9 c1 | 12 c2 65 58 6a 4e d0 69 2a 58 53 23 3c 67 14 ad | 91 60 7c 3d 6c c3 d7 34 bb 7a 17 f6 67 05 85 0e | d1 02 f8 74 7b 32 33 c1 b7 11 3d 97 de 8f 25 eb | 59 85 fa cf 50 5a e6 7c 91 51 4b a3 d7 b1 20 b6 | df | NSS cert: exponent : | 01 00 01 | NSS: input signature : | 00 4f 5c bd c4 00 fc a5 6f 62 bd c6 db 69 c2 44 | bf 5b 5d 6d 03 3a 17 eb 91 b5 fe 40 a5 25 c2 a2 | 12 c0 ac ba d1 ce 63 fc 18 eb 56 56 a5 12 eb 8f | fe 77 fd c0 4e a0 90 22 18 12 40 fa f9 aa 0e f3 | 97 a9 94 35 ae eb f9 aa 22 bf 4b 0d c5 d0 4d c1 | 60 78 59 5c dd cb 0e 16 64 b5 94 b1 a3 c9 83 5f | a3 d5 1b 94 2d c4 8e ed 10 01 ec f1 46 77 49 5f | 4a 9e 4a 7f 34 5b 15 c5 d3 e0 85 d7 40 51 0b 6a | 38 | RSA Signature length is 128 | NSS digest sig: 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 02 | NSS digest sig: 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 13 | NSS digest sig: 77 6e df | NSS: length of digest sig = 35 | NSS scratchpad plus computed digest sig: | 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 02 | 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 13 | 77 6e df | NSS adjusted digest sig: | 02 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 | 13 77 6e df | NSS expected digest sig: | 02 80 08 b9 93 f4 76 f6 5b e3 07 9d 0a 7f 5e 40 | 13 77 6e df | NSS: RSA Signature verified, hash values matched | authcert list unlocked by 'insert_crl' | valid crl signature | crl list locked by 'insert_crl' | crl list unlocked by 'insert_crl' | selinux support is enabled. | inserting event EVENT_LOG_DAILY, timeout in 3706 seconds | event added after event EVENT_REINIT_SECRET | next event EVENT_PENDING_DDNS in 60 seconds | calling addconn helper using execve | | *received whack message | entering aalg_getbyname_ike() | raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1 | Added new connection ikev2 with policy PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW | from whack: got --esp=3des-aes_xcbc | esp string values: 3DES(3)_000-AES_XCBC(9)_000 | ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2) | counting wild cards for 2001:db8:1:1::1234 is 0 | counting wild cards for 2001:db8:f:1::1 is 0 added connection description "ikev2" | 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1> | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_DDNS in 59 seconds | next event EVENT_PENDING_DDNS in 59 seconds | | *received whack message listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface p7p1 | found p7p1 with address 10.66.13.22 | Inspecting interface p6p1 | found p6p1 with address 192.168.0.10 adding interface p6p1/p6p1 192.168.0.10:500 | NAT-Traversal: Trying new style NAT-T | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) | NAT-Traversal: Trying old style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 adding interface p6p1/p6p1 192.168.0.10:4500 adding interface p7p1/p7p1 10.66.13.22:500 | NAT-Traversal: Trying new style NAT-T | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) | NAT-Traversal: Trying old style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 adding interface p7p1/p7p1 10.66.13.22:4500 adding interface lo/lo 127.0.0.1:500 | NAT-Traversal: Trying new style NAT-T | NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) | NAT-Traversal: Trying old style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 | found p6p2 with address 3ffe:0501:ffff:0101:0215:17ff:fe3c:c669 | found p6p1 with address 3ffe:0501:ffff:0100:0215:17ff:fe3c:c668 | found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234 adding interface p6p1/p6p1 2001:db8:1:1::1234:500 adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 adding interface lo/lo ::1:500 | connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshard_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x7fb1cdedd540) PPK_PSK: %any | id type added to secret(0x7fb1cdedd540) PPK_PSK: %any | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_DDNS in 59 seconds | next event EVENT_PENDING_DDNS in 59 seconds | | *received whack message | processing connection ikev2 | kernel_alg_db_new() initial trans_cnt=128 | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9 | returning new proposal from esp_info | creating state object #1 at 0x7fb1cdedd6d0 | processing connection ikev2 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 9 | inserting state object #1 | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 | event added at head of queue | processing connection ikev2 | Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2" "ikev2" #1: initiating v2 parent SA | crypto helper 0: pcw_work: 0 | asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0) | #1 send_crypto_helper_request:519 st->st_calculating = TRUE; | crypto helper 0 read fd: 8 | crypto helper 0 doing build_kenonce; request ID 1 | deleting event for #1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff | NSS: Value of base: | 02 | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 | event added after event EVENT_PENDING_PHASE2 | * processed 0 messages from cryptographic helpers | NSS: generated dh priv and pub keys: 128 | NSS: Local DH secret (pointer): 0x7fb1cded1bf0 | NSS: Public DH value sent(computed in NSS): | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 8 2 cf f2 5c | NSS: Local DH public value (pointer): 0x7fb1cdec8a60 | next event EVENT_PENDING_DDNS in 59 seconds | next event EVENT_PENDING_DDNS in 59 seconds | Generated nonce: | 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 | reaped addconn helper child | | crypto helper 0 has finished work (pcw_work now 1) | crypto helper 0 replies to request ID 1 | calling continuation function 0x7fb1cc0c32b0 | ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1 | processing connection ikev2 | #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE; | ikev2_parent_outI1_tail for #1 | saving DH priv (local secret) and pub key into state struct | **emit ISAKMP Message: | initiator cookie: | 2b 9e 29 76 e4 88 8c 81 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) | exchange type: ISAKMP_v2_SA_INIT | flags: ISAKMP_FLAG_IKE_INIT | message ID: 00 00 00 00 | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE | critical bit: none | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST | prop #: 1 | proto ID: IKEv2_SEC_PROTO_IKE | spi size: 0 | # transforms: 4 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | IKEv2 transform type: TRANS_TYPE_ENCR | IKEv2 transform ID: 3DES | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | IKEv2 transform type: TRANS_TYPE_INTEG | IKEv2 transform ID: AUTH_HMAC_SHA1_96 | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | IKEv2 transform type: TRANS_TYPE_PRF | IKEv2 transform ID: PRF_HMAC_SHA1 | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST | IKEv2 transform type: TRANS_TYPE_DH | IKEv2 transform ID: OAKLEY_GROUP_MODP1024 | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | emitting length of IKEv2 Security Association Payload: 44 | ***emit IKEv2 Key Exchange Payload: | IKEv2 next payload type: ISAKMP_NEXT_v2Ni | critical bit: none | DH group: OAKLEY_GROUP_MODP1024 | emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | ikev2 g^x 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | ikev2 g^x 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ikev2 g^x ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | ikev2 g^x 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | ikev2 g^x 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | ikev2 g^x e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | ikev2 g^x 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | emitting length of IKEv2 Key Exchange Payload: 136 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N | critical bit: none | emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 | emitting length of IKEv2 Nonce Payload: 20 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: Warning, rcookie is zero !! | natd_hash: hasher=0x7fb1cc3825c0(20) | natd_hash: icookie= 2b 9e 29 76 e4 88 8c 81 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: port=500 | natd_hash: hash= ea c6 11 df d3 0d d4 bd df 8a 4c c5 c7 59 50 13 | natd_hash: hash= 81 b7 b0 65 | Adding a v2N Paylo ad | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N | critical bit: none | Protocol ID: PROTO_RESERVED | SPI size: 0 | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ea c6 11 df d3 0d d4 bd df 8a 4c c5 c7 59 50 13 | Notify data 81 b7 b0 65 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: Warning, rcookie is zero !! | natd_hash: hasher=0x7fb1cc3825c0(20) | natd_hash: icookie= 2b 9e 29 76 e4 88 8c 81 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: port=500 | natd_hash: hash= e5 c8 c5 9b d9 fb 64 77 6b 2c 95 2e 16 48 66 db | natd_hash: hash= 3b 52 2a 40 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE | critical bit: none | Protocol ID: PROTO_RESERVED | SPI size: 0 | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e5 c8 c5 9b d9 fb 64 77 6b 2c 95 2e 16 48 66 db | Notify data 3b 52 2a 40 | emitting length of IKEv2 Notify Payload: 28 | no IKE message padding required | emitting length of ISAKMP Message: 284 | sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1) | 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 | 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df | d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 | 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 | 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 | deleting event for #1 | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 | event added at head of queue | complete v2 state transition with STF_OK "ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event | * processed 1 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 10 seconds for #1 | next event EVENT_v2_RETRANSMIT in 10 seconds for #1 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #1 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_DDNS in 49 seconds | processing connection ikev2 | handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 | sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) | 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 | 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df | d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 | 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 | 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 10 seconds for #1 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #1 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_DDNS in 39 seconds | processing connection ikev2 | handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 | sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) | 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 | 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df | d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 | 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 | 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 | inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 20 seconds for #1 | | *received 247 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500) | 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 | 21 20 22 20 00 00 00 00 00 00 00 f7 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ba f1 50 71 53 5a 2d 74 60 8e cc 22 c1 d4 de d0 | 19 bd 0c ed 40 a5 ba 76 89 a8 df 49 f9 9c 74 10 | 60 8d df 37 9d f6 a7 2b 48 e9 08 bb 6f b5 a3 ec | 0e de d7 55 84 f2 ec 7a fc c6 25 9a 91 c2 33 8b | 66 9f fa 01 14 77 a3 08 08 27 e6 95 01 8f f1 68 | 49 ba 53 18 c3 54 0c 01 a5 84 0a 9c b5 93 c5 04 | 16 f3 e7 56 c4 37 27 6a 5c 07 5f fd 73 da 9a 37 | ec 75 0a 89 64 0c c6 2a 6a 19 1e 36 8e 9a 23 f6 | 00 00 00 27 f9 4d 4e 97 81 58 68 e9 03 50 87 65 | ac bf b9 8d 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 | 61 fa e4 fc fa b5 e0 | **parse ISAKMP Message: | initiator cookie: | 2b 9e 29 76 e4 88 8c 81 | responder cookie: | fb 83 ef 30 b2 06 35 30 | next payload type: ISAKMP_NEXT_v2SA | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) | exchange type: ISAKMP_v2_SA_INIT | flags: ISAKMP_FLAG_MSG_RESPONSE | message ID: 00 00 00 00 | length: 247 | processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34) | I am receiving an IKE Response | I am the IKE SA Original Initiator | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: fb 83 ef 30 b2 06 35 30 | state hash entry 25 | parent v2 state object not found | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 9 | parent v2 peer and cookies match on #1 | v2 state object #1 found, in STATE_PARENT_I1 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 9 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: fb 83 ef 30 b2 06 35 30 | state hash entry 25 | inserting state object #1 | state found and its state is STATE_PARENT_I1 | selected state microcode Initiator: process anti-spoofing cookie | #1 state_busy:1855 st != NULL && st->st_calculating == FALSE; | processing connection ikev2 | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE | critical bit: none | length: 44 | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | IKEv2 next payload type: ISAKMP_NEXT_v2Ni | critical bit: none | length: 136 | DH group: OAKLEY_GROUP_MODP1024 | processing payload: ISAKMP_NEXT_v2KE (len=136) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2NONE | critical bit: none | length: 39 | processing payload: ISAKMP_NEXT_v2Ni (len=39) | ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now lets proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | ba f1 50 71 53 5a 2d 74 60 8e cc 22 c1 d4 de d0 | 19 bd 0c ed 40 a5 ba 76 89 a8 df 49 f9 9c 74 10 | 60 8d df 37 9d f6 a7 2b 48 e9 08 bb 6f b5 a3 ec | 0e de d7 55 84 f2 ec 7a fc c6 25 9a 91 c2 33 8b | 66 9f fa 01 14 77 a3 08 08 27 e6 95 01 8f f1 68 | 49 ba 53 18 c3 54 0c 01 a5 84 0a 9c b5 93 c5 04 | 16 f3 e7 56 c4 37 27 6a 5c 07 5f fd 73 da 9a 37 | ec 75 0a 89 64 0c c6 2a 6a 19 1e 36 8e 9a 23 f6 | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST | length: 40 | prop #: 1 | proto ID: IKEv2_SEC_PROTO_IKE | spi size: 0 | # transforms: 4 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | length: 8 | IKEv2 transform type: TRANS_TYPE_ENCR | IKEv2 transform ID: 3DES | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | length: 8 | IKEv2 transform type: TRANS_TYPE_PRF | IKEv2 transform ID: PRF_HMAC_SHA1 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | length: 8 | IKEv2 transform type: TRANS_TYPE_INTEG | IKEv2 transform ID: AUTH_HMAC_SHA1_96 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST | length: 8 | IKEv2 transform type: TRANS_TYPE_DH | IKEv2 transform ID: OAKLEY_GROUP_MODP1024 | ipprotoid is '1' | considering Transform Type TRANS_TYPE_ENCR, TransID 3 | encrid(3), keylen(-1), encr_keylen(-1) | proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1)) | considering Transform Type TRANS_TYPE_INTEG, TransID 2 | succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1)) | considering Transform Type TRANS_TYPE_PRF, TransID 2 | succeeded prf= (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1)) | considering Transform Type TRANS_TYPE_DH, TransID 2 | succeeded dh= (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024) | calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES | Copying DH pub key pointer to be sent to a thread helper | crypto helper 0: pcw_work: 0 | asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0) | #1 </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:11:20</TD> <TD width="100%"> kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 <PRE>DEBUG : start kRemoteLogin Connected arted DH shared-secret computation in NSS: | Dropped no leading zeros 128 | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 746 usec | NSS: Started key computation | calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24 | skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha | ni: 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 | nr: f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d | nr: 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc | nr: fa b5 e0 | NSS: digisig skeyid pointer: 0x7fb1c000a7c0 | PRF+ input | Ni 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 1a 7c 33 16 | Nr f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d | Nr 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc | Nr fa b5 e0 | SPIi 2b 9e 29 76 e4 88 8c 81 | SPIr fb 83 ef 30 b2 06 35 30 | Total keysize needed 148 | NSS ikev2: finished computing key material for IKEv2 SA | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2 pointers: shared 0x7fb1c00043d0, skeyseed 0x7fb1c000a7c0, SK_d 0x7fb1c000c0c0, SK_ai 0x7fb1c0008f40, SK_ar 0x7fb1c000d890, SK_ei 0x7fb1c00075b0, SK_er 0x7fb1c0000d40, SK_pi 0x7fb1c000f1a0, SK_pr 0x7fb1c0010ab0 | | crypto helper 0 has finished work (pcw_work now 1) | crypto helper 0 replies to request ID 2 | calling continuation function 0x7fb1cc0c3e80 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | processing connection ikev2 | #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE; | duplicating state object #1 | creating state object #2 at 0x7fb1cdedf500 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: fb 83 ef 30 b2 06 35 30 | state hash entry 25 | inserting state object #2 | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 | event added at head of queue | deleting event for #1 | inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1 | event added after event EVENT_LOG_DAILY | **emit ISAKMP Message: | initiator cookie: | 2b 9e 29 76 e4 88 8c 81 | responder cookie: | fb 83 ef 30 b2 06 35 30 | next payload type: ISAKMP_NEXT_v2E | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) | exchange type: ISAKMP_v2_AUTH | flags: ISAKMP_FLAG_IKE_INIT | message ID: 00 00 00 01 | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi | critical bit: none | emitting 8 zero bytes of iv into IKEv2 Encryption Payload | IKEv2 thinking whether to send my certificate: | my policy has no RSASIG, the policy is : PSK+ENCRYPT+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because digital s ignatures are not being used. (PSK) | *****emit IKEv2 Identification Payload: | next payload type: ISAKMP_NEXT_v2AUTH | critical bit: none | id_type: ID_IPV6_ADDR | emitting 16 raw bytes of my identity into IKEv2 Identification Payload | my identity 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 | emitting length of IKEv2 Identification Payload: 24 | idhash calc I2 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 | idhash calc I2 00 00 12 34 | hmac_update data value: | 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 | 00 00 12 34 | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | *****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA | critical bit: none | auth method: IKEv2_AUTH_SHARED | started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK | actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK | line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_PSK | 1: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 | 2: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 | line 1: match=2 | best_match 0>2 best=0x7fb1cdedd540 (line=1) | concluding with best_match=2 best=0x7fb1cdedd540 (lineno=1) | hmac_update data value: | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | negotiated prf: oakley_sha hash length: 20 | inner prf output 39 cf c8 93 0c 25 cb 0e 02 cc 09 14 9e 4e 66 ea | inner prf output 6b 6a a6 1e | hmac_update data value: | 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 | 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df | d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 | 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 | 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | hmac_update data value: | f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d | 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc | fa b5 e0 | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | hmac_update data value: | fe 21 c7 df 19 a9 4d e3 ce 7f 5d a3 c9 59 e7 58 | 62 c4 fa e8 | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | inputs to hash1 (first packet) | 2b 9e 29 76 e4 88 8c 81 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | ea 29 2b e1 84 93 48 ee de 51 aa 32 f3 41 3c a5 | 2e 79 9e b0 7f d1 27 e8 0b 6d 40 33 31 d5 e1 4c | 56 4e 52 75 e9 9d 31 fa 11 da 84 10 2d a4 78 05 | ef df e7 c5 48 d4 1e af 6e bb ba a5 90 fe ba 1c | 13 83 b8 90 3b b8 51 2c c2 c9 29 36 0d 3b 8c d0 | 51 f8 78 06 34 8c 50 25 4f e8 a6 11 ae 5a c4 49 | e8 e1 97 93 e3 93 d4 b2 72 ae dc d9 74 b8 5e 44 | 4d da 5a 40 18 f1 5c 19 57 d8 9b 96 82 cf f2 5c | 29 00 00 14 56 45 a7 0c f9 0a c1 94 06 48 c7 b5 | 1a 7c 33 16 29 00 00 1c 00 00 40 04 ea c6 11 df | d3 0d d4 bd df 8a 4c c5 c7 59 50 13 81 b7 b0 65 | 00 00 00 1c 00 00 40 05 e5 c8 c5 9b d9 fb 64 77 | 6b 2c 95 2e 16 48 66 db 3b 52 2a 40 | inputs to hash2 (responder nonce) | f9 4d 4e 97 81 58 68 e9 03 50 87 65 ac bf b9 8d | 2c fa 65 6b fa 15 bf 28 d7 0c 95 12 61 fa e4 fc | fa b5 e0 | idhash fe 21 c7 df 19 a9 4d e3 ce 7f 5d a3 c9 59 e7 58 | idhash 62 c4 fa e8 | PSK auth octets c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 | PSK auth octets 2d 90 c4 d6 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 | PSK auth 2d 90 c4 d6 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #1 | kernel_alg_db_new() initial trans_cnt=128 | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9 | returning new proposal from esp_info | *****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi | critical bit: none | netlink_get_spi: allocated 0x4a7b2df0 for esp:0@2001:db8:1:1::1234 | ******emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST | prop #: 1 | proto ID: IKEv2_SEC_PROTO_ESP | spi size: 4 | # transforms: 3 | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 4a 7b 2d f0 | *******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | IKEv2 transform type: TRANS_TYPE_ENCR | IKEv2 transform ID: 3DES | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST | IKEv2 transform type: TRANS_TYPE_INTEG | IKEv2 transform ID: AUTH_NONE | emitting length of IKEv2 Transform Substructure Payload: 8 | *******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST | IKEv2 transform type: TRANS_TYPE_ESN | IKEv2 transform ID: ESN_DISABLED | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | emitting length of IKEv2 Security Association Payload: 40 | *****emit IKEv2 Traffic Selector Payload: | next payload type: ISAKMP_NEXT_v2TSr | critical bit: none | number of TS: 1 | ******emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV6_ADDR_RANGE | IP Protocol ID: 0 | start port: 0 | end port: 65535 | emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector | ipv6 low 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 | emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector | ipv6 high 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 | emitting length of IKEv2 Traffic Selector: 40 | emitting length of IKEv2 Traffic Selector Payload: 48 | *****emit IKEv2 Traffic Selector Payload: | next payload type: ISAKMP_NEXT_v2N | critical bit: none | number of TS: 1 | ******emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV6_ADDR_RANGE | IP Protocol ID: 0 | start port: 0 | end port: 65535 | emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector | ipv6 low 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 | emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector | ipv6 high 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 | emitting length of IKEv2 Traffic Selector: 40 | emitting length of IKEv2 Traffic Selector Payload: 48 | Initiator child policy is transport mode, sendin g v2N_USE_TRANSPORT_MODE | Adding a v2N Payload | *****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE | critical bit: none | Protocol ID: PROTO_RESERVED | SPI size: 0 | Notify Message Type: v2N_USE_TRANSPORT_MODE | emitting 0 raw bytes of Notify data into IKEv2 Notify Payload | Notify data | emitting length of IKEv2 Notify Payload: 8 | emitting 4 raw bytes of padding and length into cleartext | padding and length 00 01 02 03 | emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 224 | emitting length of ISAKMP Message: 252 | data before encryption: | 27 00 00 18 05 00 00 00 20 01 0d b8 00 01 00 01 | 00 00 00 00 00 00 12 34 21 00 00 1c 02 00 00 00 | c0 c3 9e cc b3 01 9f 28 22 95 1d a9 fc f2 fd b5 | 2d 90 c4 d6 2c 00 00 28 00 00 00 24 01 03 04 03 | 4a 7b 2d f0 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 00 00 00 00 08 05 00 00 00 2d 00 00 30 | 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 | 00 01 00 01 00 00 00 00 00 00 12 34 20 01 0d b8 | 00 01 00 01 00 00 00 00 00 00 12 34 29 00 00 30 | 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 | 00 0f 00 01 00 00 00 00 00 00 00 01 20 01 0d b8 | 00 0f 00 01 00 00 00 00 00 00 00 01 00 00 00 08 | 00 00 40 07 00 01 02 03 | NSS: do_3des init start | NSS: do_3des init end | data after encryption: | ab 26 26 ad 11 33 c4 19 72 43 dd 9c cd cf d8 64 | 4f 7a 3c 83 5f f5 94 73 12 ed 2a 8c c1 32 41 71 | f8 7c 03 98 68 e2 8c 5d 68 14 72 8c c1 5c 7b 3a | 6a 61 c6 5c 15 cd e1 57 51 b1 4a 7d 50 6a 59 19 | 4f e0 2f 75 db be 5a c3 ef 9f fc 57 51 d0 45 e7 | a1 38 af 4f 50 a4 9f f7 16 f6 67 60 10 c8 89 0b | 2e 14 f5 1f 9c cc dd c5 a9 52 3e 3e 63 32 07 d4 | 68 37 51 2c 80 2c c9 9e d0 5d 5f fa 91 68 42 c0 | c6 fd fe d5 bd bc 1a ec bc dc b0 11 79 9b 8a c2 | 77 ad eb 76 55 52 06 26 5b b8 31 b9 45 4f 34 6e | d6 3a 05 fe 25 0d 95 34 8c a1 c5 69 ab 4c 20 e6 | 1e 76 a3 55 f1 31 c4 c1 62 59 f6 e3 1a a2 a9 82 | cf 02 e4 f8 ce 6c 17 2f | Inside authloc | authkey pointer: 0x7fb1c0008f40 | Inside authloc after init | hmac_update data value: | 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 | 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 | 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 | 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 | 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d | 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 | 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 | ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 | 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 | a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e | d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec | bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 | 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 | 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 | 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f | hmac_update: inside if | hmac_update: after digest | hmac_update: after assert | Inside authloc after update | Inside authloc after final | data being hmac: 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 | data being hmac: 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 | data being hmac: 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 | data being hmac: 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d | data being hmac: 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 | data being hmac: 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 | data being hmac: ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 | data being hmac: 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 | data being hmac: a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e | data being hmac: d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec | data being hmac: bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 | data being hmac: 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 | data being hmac: 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 | data being hmac: 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f | out calculated auth: | 65 91 a2 51 e9 38 53 44 3e 54 2c 39 | deleting event for #2 | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 | event added at head of queue | complete v2 state transition with STF_OK "ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 "ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024} | sending reply packet to 2001:db8:f:1::1:500 (from port 500) | sending 252 bytes for STATE_PARENT_I1 through p6p1:500 to 2001:db8:f:1::1:500 (using #2) | 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 | 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 | 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 | 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 | 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d | 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 | 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 | ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 | 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 | a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e | d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec | bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 | 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 | 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 | 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f | 65 91 a2 51 e9 38 53 44 3e 54 2c 39 | V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event | * processed 1 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 10 seconds for #2 | next event EVENT_v2_RETRANSMIT in 10 seconds for #2 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #2 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_DDNS in 28 seconds | processing connection ikev2 | handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #2 attempt 1 of 0 | sending 252 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #2) | 2b 9e 29 76 e4 88 8c 81 fb 83 ef 30 b2 06 35 30 | 2e 20 23 08 00 00 00 01 00 00 00 fc 23 00 00 e0 | 7c ec 0f 67 cf d3 32 f0 ab 26 26 ad 11 33 c4 19 | 72 43 dd 9c cd cf d8 64 4f 7a 3c 83 5f f5 94 73 | 12 ed 2a 8c c1 32 41 71 f8 7c 03 98 68 e2 8c 5d | 68 14 72 8c c1 5c 7b 3a 6a 61 c6 5c 15 cd e1 57 | 51 b1 4a 7d 50 6a 59 19 4f e0 2f 75 db be 5a c3 | ef 9f fc 57 51 d0 45 e7 a1 38 af 4f 50 a4 9f f7 | 16 f6 67 60 10 c8 89 0b 2e 14 f5 1f 9c cc dd c5 | a9 52 3e 3e 63 32 07 d4 68 37 51 2c 80 2c c9 9e | d0 5d 5f fa 91 68 42 c0 c6 fd fe d5 bd bc 1a ec | bc dc b0 11 79 9b 8a c2 77 ad eb 76 55 52 06 26 | 5b b8 31 b9 45 4f 34 6e d6 3a 05 fe 25 0d 95 34 | 8c a1 c5 69 ab 4c 20 e6 1e 76 a3 55 f1 31 c4 c1 | 62 59 f6 e3 1a a2 a9 82 cf 02 e4 f8 ce 6c 17 2f | 65 91 a2 51 e9 38 53 44 3e 54 2c 39 | inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 10 seconds for #2 | | *received whack message shutting down | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshard_secrets' | process ing connection ikev2 "ikev2": deleting connection | removing pending policy for "none" {0x7fb1cdedd300} | processing connection ikev2 "ikev2" #2: deleting state (STATE_PARENT_I2) | deleting event for #2 | deleting state #2 | deleting event for #2 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: fb 83 ef 30 b2 06 35 30 | state hash entry 25 | processing connection ikev2 "ikev2" #1: deleting state (STATE_PARENT_I2) | deleting event for #1 | deleting state #1 | deleting event for #1 | ICOOKIE: 2b 9e 29 76 e4 88 8c 81 | RCOOKIE: fb 83 ef 30 b2 06 35 30 | state hash entry 25 | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' | authcert list locked by 'free_authcerts' | authcert list unlocked by 'free_authcerts' | crl list locked by 'free_crls' | crl list unlocked by 'free_crls' shutting down interface lo/lo ::1:500 shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface p7p1/p7p1 10.66.13.22:4500 shutting down interface p7p1/p7p1 10.66.13.22:500 shutting down interface p6p1/p6p1 192.168.0.10:4500 shutting down interface p6p1/p6p1 192.168.0.10:500 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>15:12:01</TD> <TD width="100%"> kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76362sec preferred_lft 76362sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 2001:db8:1:1::1234/64 scope global valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76357sec preferred_lft 76357sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# </PRE> </TD></TR> <tr VALIGN="top"> <td></td> <td width="100%">cleaning up TN ...</td> </tr> <TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")<BR> <PRE>net.inet6.ip6.forwarding: 1 -> 0 </PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 down")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 destroy")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:24</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>15:12:27</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><tr VALIGN="top"> <td></td> <td width="100%"><FONT COLOR="#ff0000">FAIL</FONT></td> </tr> </TABLE> <HR><H1>Packet Reverse Log</H1> <UL> <A NAME="koiPacketDump1"></A><A HREF="#koiPacket1">packet #1 at 15:09:55</A> <div id="koiPacketInfo1"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 | | | IKE_SA Responder's SPI = 0000000000000000 | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 284 (0x11c) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xea292be1849348eede51aa32f3413ca52e799eb07fd127e80b6d403331d5e14c564e5275e99d31fa11da84102da47805efdfe7c548d41eaf6ebbbaa590feba1c1383b8903bb8512cc2c929360d3b8cd051f87806348c50254fe8a611ae5ac449e8e19793e393d4b272aedcd974b85e444dda5a4018f15c1957d89b9682cff25c | | | Ni, Nr Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 20 (0x14) | | | | Nonce Data = 5645a70cf90ac1940648c7b51a7c3316 | | | N Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16388 (NAT_DETECTION_SOURCE_IP) | | | | Notification Data = eac611dfd30dd4bddf8a4cc5c759501381b7b065,40 | | | N Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16389 (NAT_DETECTION_DESTINATION_IP) | | | | Notification Data = e5c8c59bd9fb64776b2c952e164866db3b522a40,40 </pre> </div> <hr> <A NAME="koiPacketDump2"></A><A HREF="#koiPacket2">packet #2 at 15:09:55</A> <div id="koiPacketInfo2"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:f:1::1 | | Destination Address = 2001:db8:1:1::1234 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 | | | IKE_SA Responder's SPI = fb83ef30b2063530 | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 32 (0b00100000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 1 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 0 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 247 (0xf7) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xbaf15071535a2d74608ecc22c1d4ded019bd0ced40a5ba7689a8df49f99c7410608ddf379df6a72b48e908bb6fb5a3ec0eded75584f2ec7afcc6259a91c2338b669ffa011477a3080827e695018ff16849ba5318c3540c01a5840a9cb593c50416f3e756c437276a5c075ffd73da9a37ec750a89640cc62a6a191e368e9a23f6 | | | Ni, Nr Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 39 (0x27) | | | | Nonce Data = f94d4e97815868e903508765acbfb98d2cfa656bfa15bf28d70c951261fae4fcfab5e0 </pre> </div> <hr> <A NAME="koiPacketDump3"></A><A HREF="#koiPacket3">packet #3 at 15:09:55</A> <div id="koiPacketInfo3"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = 2b9e2976e4888c81 | | | IKE_SA Responder's SPI = fb83ef30b2063530 | | | Next Payload = 46 (E) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 35 (IKE_AUTH) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 1 (0x1) | | | Length = 252 (0xfc) | | | E Payload | | | | Next Payload = 35 (IDi) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 224 (0xe0) | | | | Initialization Vector = 7cec0f67cfd332f0 | | | | Encrypted IKE Payloads | | | | | IDi Payload | | | | | | Next Payload = 39 (AUTH) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 24 (0x18) | | | | | | ID Type = 5 (IPV6_ADDR) | | | | | | RESERVED = 0 | | | | | | Identification Data = 20010db8000100010000000000001234 (2001:db8:1:1::1234) | | | | | AUTH Payload | | | | | | Next Payload = 33 (SA) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 28 (0x1c) | | | | | | Auth Method = 2 (SK_MIC) | | | | | | RESERVED = 0 | | | | | | Authentication Data = c0c39eccb3019f2822951da9fcf2fdb52d90c4d6 | | | | | SA Payload | | | | | | Next Payload = 44 (TSi) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 40 (0x28) | | | | | | Proposal #1 | | | | | | | Next Payload = 0 (last) | | | | | | | RESERVED = 0 | | | | | | | Proposal Length = 36 | | | | | | | Proposal # = 1 | | | | | | | Proposal ID = ESP | | | | | | | SPI Size = 4 | | | | | | | # of Transforms = 3 | | | | | | | SPI = 4a7b2df0 | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 1 (ENCR) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 3 (3DES) | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 3 (INTEG) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 0 (NONE) | | | | | | | Transfrom | | | | | | | | Next Payload = 0 (last) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 5 (ESN) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 0 (No ESN) | | | | | TSi Payload | | | | | | Next Payload = 45 (TSr) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000100010000000000001234 | | | | | | | Ending Address = 20010db8000100010000000000001234 | | | | | TSr Payload | | | | | | Next Payload = 41 (N) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000f00010000000000000001 | | | | | | | Ending Address = 20010db8000f00010000000000000001 | | | | | N Payload | | | | | | Next Payload = 0 (0) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 8 (0x8) | | | | | | Protocol ID = 0 (no relation) | | | | | | SPI Size = 0 | | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE) | | | | Integrity Checksum Data = 6591a251e93853443e542c39 </pre> </div> <hr> </UL> </BODY> </HTML> <!-- 142ae69553b977bbcc14f928f642b1de --> <!-- fcc3a8184c211968b5f5e186883bdd26 -->
View Attachment As Raw
Actions:
View
Attachments on
bug 1152625
:
946946
| 946953