Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 947484 Details for
Bug 1153548
[TAHI][IKEv2] IKEv2.EN.I.2.1.1.1: Sending IKE_AUTH request failed
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
pluto.log
pluto.log (text/plain), 48.78 KB, created by
Hangbin Liu
on 2014-10-16 07:59:15 UTC
(
hide
)
Description:
pluto.log
Filename:
MIME Type:
Creator:
Hangbin Liu
Created:
2014-10-16 07:59:15 UTC
Size:
48.78 KB
patch
obsolete
>nss directory plutomain: /etc/ipsec.d >NSS Initialized >libcap-ng support [enabled] >FIPS HMAC integrity verification test passed >FIPS: pluto daemon NOT running in FIPS mode >Linux audit support [disabled] >Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:18719 >core dump dir: /var/run/pluto >secrets file: /etc/ipsec.secrets >leak-detective disabled >SAref support [disabled]: Protocol not available >SAbind support [disabled]: Protocol not available >NSS crypto [enabled] >XAUTH PAM support [enabled] > NAT-Traversal support [enabled] >| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds >| event added at head of queue >| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds >| event added at head of queue >| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds >| event added after event EVENT_PENDING_DDNS >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) >starting up 3 crypto helpers >started thread for crypto helper 0 (master fd 7) >| status value returned by setting the priority of this thread (crypto helper 0) 22 >| crypto helper 0 waiting on fd 8 >| status value returned by setting the priority of this thread (crypto helper 1) 22 >| crypto helper 1 waiting on fd 10 >started thread for crypto helper 1 (master fd 9) >started thread for crypto helper 2 (master fd 11) >| status value returned by setting the priority of this thread (crypto helper 2) 22 >| crypto helper 2 waiting on fd 13 >Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64 >| process 18719 listening for PF_KEY_V2 on file descriptor 16 >| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH >| 02 07 00 02 02 00 00 00 01 00 00 00 1f 49 00 00 >| pfkey_get: K_SADB_REGISTER message 1 >| AH registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP >| 02 07 00 03 02 00 00 00 02 00 00 00 1f 49 00 00 >| pfkey_get: K_SADB_REGISTER message 2 >| kernel_alg_init(): memset(0x7f0d2b4d5840, 0, 2048) memset(0x7f0d2b4d6040, 0, 2048) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72 >| kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88 >| kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C) >| kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C) >ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) >Warning: failed to register algo_aes_ccm_8 for IKE >ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) >Warning: failed to register algo_aes_ccm_12 for IKE >ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) >Warning: failed to register algo_aes_ccm_16 for IKE >ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) >Warning: failed to register algo_aes_gcm_8 for IKE >ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) >Warning: failed to register algo_aes_gcm_12 for IKE >ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) >Warning: failed to register algo_aes_gcm_16 for IKE >| Registered AEAD AES CCM/GCM algorithms >| ESP registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP >| 02 07 00 09 02 00 00 00 03 00 00 00 1f 49 00 00 >| pfkey_get: K_SADB_REGISTER message 3 >| IPCOMP registered with kernel. >| Registered AH, ESP and IPCOMP >| Changed path to directory '/etc/ipsec.d/cacerts' >| Changing to directory '/etc/ipsec.d/crls' >| selinux support is enabled. >| inserting event EVENT_LOG_DAILY, timeout in 32001 seconds >| event added after event EVENT_REINIT_SECRET >| next event EVENT_PENDING_DDNS in 59 seconds >| calling addconn helper using execve >| >| *received whack message >| entering aalg_getbyname_ike() >| raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1 >| Added new connection ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| from whack: got --esp=3des-sha1 >| esp string values: 3DES(3)_000-SHA1(2)_000 >| ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2) >| counting wild cards for 2001:db8:1:1::1234 is 0 >| counting wild cards for 2001:db8:f:1::1 is 0 >added connection description "ikev2" >| 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1> >| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| >| *received whack message >listening for IKE messages >| Inspecting interface lo >| found lo with address 127.0.0.1 >| Inspecting interface p7p1 >| found p7p1 with address 10.66.13.22 >| Inspecting interface p6p1 >| found p6p1 with address 192.168.0.10 >adding interface p6p1/p6p1 192.168.0.10:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface p6p1/p6p1 192.168.0.10:4500 >adding interface p7p1/p7p1 10.66.13.22:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface p7p1/p7p1 10.66.13.22:4500 >adding interface lo/lo 127.0.0.1:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface lo/lo 127.0.0.1:4500 >| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 >| found p6p2 with address 3ffe:0501:ffff:0101:0215:17ff:fe3c:c669 >| found p6p1 with address 3ffe:0501:ffff:0100:0215:17ff:fe3c:c668 >| found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234 >adding interface p6p1/p6p1 2001:db8:1:1::1234:500 >adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >adding interface lo/lo ::1:500 >| connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none >| certs and keys locked by 'free_preshared_secrets' >| certs and keys unlocked by 'free_preshard_secrets' >loading secrets from "/etc/ipsec.secrets" >| id type added to secret(0x7f0d2c771290) PPK_PSK: %any >| id type added to secret(0x7f0d2c771290) PPK_PSK: %any >| Processing PSK at line 1: passed >| certs and keys locked by 'process_secret' >| certs and keys unlocked by 'process_secret' >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| >| *received whack message >| processing connection ikev2 >| kernel_alg_db_new() initial trans_cnt=128 >| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 >| kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2 >| returning new proposal from esp_info >| creating state object #1 at 0x7f0d2c7716e0 >| processing connection ikev2 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 29 >| inserting state object #1 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 >| event added at head of queue >| processing connection ikev2 >| Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2" >"ikev2" #1: initiating v2 parent SA >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0) >| crypto helper 0 read fd: 8 >| crypto helper 0 doing build_kenonce; request ID 1 >| NSS: Value of Prime: >| ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 >| c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 >| 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd >| ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 >| 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 >| f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed >| ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 >| 49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff >| NSS: Value of base: >| 02 >| #1 send_crypto_helper_request:519 st->st_calculating = TRUE; >| deleting event for #1 >| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 >| event added after event EVENT_PENDING_PHASE2 >| NSS: generated dh priv and pub keys: 128 >| NSS: Local DH secret (pointer): 0x7f0d1c005b20 >| NSS: Public DH value sent(computed in NSS): >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| NSS: Local DH public value (pointer): 0x7f0d1c005310 >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| Generated nonce: >| a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 86 4e 34 e4 >| reaped addconn helper child >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 1 >| calling continuation function 0x7f0d2b1fb2b0 >| ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1 >| processing connection ikev2 >| #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE; >| ikev2_parent_outI1_tail for #1 >| saving DH priv (local secret) and pub key into state struct >| **emit ISAKMP Message: >| initiator cookie: >| 77 2e f1 39 d7 5b 13 ed >| responder cookie: >| 00 00 00 00 00 00 00 00 >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 00 >| ***emit IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| ****emit IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| emitting length of IKEv2 Proposal Substructure Payload: 40 >| emitting length of IKEv2 Security Association Payload: 44 >| ***emit IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| DH group: OAKLEY_GROUP_MODP1024 >| emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload >| ikev2 g^x ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| ikev2 g^x 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| ikev2 g^x 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| ikev2 g^x 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| ikev2 g^x 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| ikev2 g^x 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| ikev2 g^x 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| ikev2 g^x dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| emitting length of IKEv2 Key Exchange Payload: 136 >| ***emit IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload >| IKEv2 nonce a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 86 4e 34 e4 >| emitting length of IKEv2 Nonce Payload: 20 >| NAT-Traversal support [enabled] add v2N payloads. >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7f0d2b4ba5c0(20) >| natd_hash: icookie= 77 2e f1 39 d7 5b 13 ed >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= 0a c6 f5 b9 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 >| natd_hash: hash= 6a 1a 9d e1 >| Adding a v2N Payload >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data 0a c6 f5 b9 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 >| Notify data 6a 1a 9d e1 >| emitting length of IKEv2 Notify Payload: 28 >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7f0d2b4ba5c0(20) >| natd_hash: icookie= 77 2e f1 39 d7 5b 13 ed >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= c5 55 be 66 85 49 c6 9f 61 c5 c4 d5 4a 06 78 bd >| natd_hash: hash= a9 04 d0 75 >| Adding a v2N Payload >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data c5 55 be 66 85 49 c6 9f 61 c5 c4 d5 4a 06 78 bd >| Notify data a9 04 d0 75 >| emitting length of IKEv2 Notify Payload: 28 >| no IKE message padding required >| emitting length of ISAKMP Message: 284 >| sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 77 2e f1 39 d7 5b 13 ed 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| 29 00 00 14 a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 >| 86 4e 34 e4 29 00 00 1c 00 00 40 04 0a c6 f5 b9 >| 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 6a 1a 9d e1 >| 00 00 00 1c 00 00 40 05 c5 55 be 66 85 49 c6 9f >| 61 c5 c4 d5 4a 06 78 bd a9 04 d0 75 >| deleting event for #1 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| complete v2 state transition with STF_OK >"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 >"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 >| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event >| * processed 1 messages from cryptographic helpers >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 48 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 77 2e f1 39 d7 5b 13 ed 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| 29 00 00 14 a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 >| 86 4e 34 e4 29 00 00 1c 00 00 40 04 0a c6 f5 b9 >| 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 6a 1a 9d e1 >| 00 00 00 1c 00 00 40 05 c5 55 be 66 85 49 c6 9f >| 61 c5 c4 d5 4a 06 78 bd a9 04 d0 75 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 38 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| 77 2e f1 39 d7 5b 13 ed 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| 29 00 00 14 a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 >| 86 4e 34 e4 29 00 00 1c 00 00 40 04 0a c6 f5 b9 >| 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 6a 1a 9d e1 >| 00 00 00 1c 00 00 40 05 c5 55 be 66 85 49 c6 9f >| 61 c5 c4 d5 4a 06 78 bd a9 04 d0 75 >| inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 20 seconds for #1 >| >| *received 338 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500) >| 77 2e f1 39 d7 5b 13 ed ad 40 ae 5c 0d 2e 0e ae >| 21 20 22 20 00 00 00 00 00 00 01 52 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| 56 1d da 1a 9a 79 d2 2e 82 0a 81 bc 8e 7c 86 63 >| 48 19 de b2 2a 18 d2 5c aa 44 a5 f3 d6 4a 84 4e >| f4 b1 17 5e 36 e6 a3 d6 a0 2f bd 57 ce 83 f0 8e >| d3 61 63 cf 77 b7 d0 0a f2 a6 07 fd 1c 9d c6 69 >| ec c8 77 97 6a 25 18 57 c3 a2 86 c8 d6 93 cf 2d >| c3 b9 c3 21 12 63 d6 7a 45 7b 7a a6 a3 87 62 a9 >| bd 87 8b 98 f5 fb 81 33 df 0f b9 cd 1e 92 7d f6 >| 03 92 62 ff 90 96 24 f3 c1 5e 3b 09 da b4 0c 9b >| 00 00 00 82 c3 3e 5d 19 7b f5 7a fc f9 b6 7e 7c >| 84 40 5c ed 12 9e ef 37 fe 50 cc 51 fb 24 77 19 >| df 96 88 c9 4b c2 b5 6b 30 8b db f1 e7 23 84 88 >| f6 86 40 84 60 40 35 3e e6 90 5d 58 4d c0 64 a3 >| 29 13 ff ea ec 18 e1 27 77 c3 c6 8d 25 05 9f 35 >| 51 dc e0 f0 86 a0 e9 ae 2b e2 2e 8f cb ad 63 ff >| fb 1c 29 61 4d bd bf fa 95 cd 31 43 70 1d 50 ba >| 0f 63 ba 7f 3b 5c fe 5c f3 e7 c3 d9 41 5d 65 14 >| af f8 >| **parse ISAKMP Message: >| initiator cookie: >| 77 2e f1 39 d7 5b 13 ed >| responder cookie: >| ad 40 ae 5c 0d 2e 0e ae >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_MSG_RESPONSE >| message ID: 00 00 00 00 >| length: 338 >| processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34) >| I am receiving an IKE Response >| I am the IKE SA Original Initiator >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: ad 40 ae 5c 0d 2e 0e ae >| state hash entry 15 >| parent v2 state object not found >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 29 >| parent v2 peer and cookies match on #1 >| v2 state object #1 found, in STATE_PARENT_I1 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 29 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: ad 40 ae 5c 0d 2e 0e ae >| state hash entry 15 >| inserting state object #1 >| state found and its state is STATE_PARENT_I1 >| selected state microcode Initiator: process anti-spoofing cookie >| #1 state_busy:1855 st != NULL && st->st_calculating == FALSE; >| processing connection ikev2 >| Now let's proceed with payload (ISAKMP_NEXT_v2SA) >| ***parse IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| length: 44 >| processing payload: ISAKMP_NEXT_v2SA (len=44) >| Now let's proceed with payload (ISAKMP_NEXT_v2KE) >| ***parse IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| length: 136 >| DH group: OAKLEY_GROUP_MODP1024 >| processing payload: ISAKMP_NEXT_v2KE (len=136) >| Now let's proceed with payload (ISAKMP_NEXT_v2Ni) >| ***parse IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| length: 130 >| processing payload: ISAKMP_NEXT_v2Ni (len=130) >| ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| Now lets proceed with state specific processing >| calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| ikev2 parent inR1: calculating g^{xy} in order to send I2 >| DH public value received: >| 56 1d da 1a 9a 79 d2 2e 82 0a 81 bc 8e 7c 86 63 >| 48 19 de b2 2a 18 d2 5c aa 44 a5 f3 d6 4a 84 4e >| f4 b1 17 5e 36 e6 a3 d6 a0 2f bd 57 ce 83 f0 8e >| d3 61 63 cf 77 b7 d0 0a f2 a6 07 fd 1c 9d c6 69 >| ec c8 77 97 6a 25 18 57 c3 a2 86 c8 d6 93 cf 2d >| c3 b9 c3 21 12 63 d6 7a 45 7b 7a a6 a3 87 62 a9 >| bd 87 8b 98 f5 fb 81 33 df 0f b9 cd 1e 92 7d f6 >| 03 92 62 ff 90 96 24 f3 c1 5e 3b 09 da b4 0c 9b >| ****parse IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| length: 40 >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| ipprotoid is '1' >| considering Transform Type TRANS_TYPE_ENCR, TransID 3 >| encrid(3), keylen(-1), encr_keylen(-1) >| proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1)) >| considering Transform Type TRANS_TYPE_INTEG, TransID 2 >| succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1)) >| considering Transform Type TRANS_TYPE_PRF, TransID 2 >| succeeded prf= (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1)) >| considering Transform Type TRANS_TYPE_DH, TransID 2 >| succeeded dh= (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024) >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES >| Copying DH pub key pointer to be sent to a thread helper >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0) >| #1 send_crypto_helper_request:519 st->st_calculating = TRUE; >| deleting event for #1 >| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 >| event added after event EVENT_PENDING_PHASE2 >| complete v2 state transition with STF_SUSPEND >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 38 seconds >| next event EVENT_PENDING_DDNS in 38 seconds >| crypto helper 0 read fd: 8 >| crypto helper 0 doing compute dh (V2); request ID 2 >| peer's g: 56 1d da 1a 9a 79 d2 2e 82 0a 81 bc 8e 7c 86 63 >| peer's g: 48 19 de b2 2a 18 d2 5c aa 44 a5 f3 d6 4a 84 4e >| peer's g: f4 b1 17 5e 36 e6 a3 d6 a0 2f bd 57 ce 83 f0 8e >| peer's g: d3 61 63 cf 77 b7 d0 0a f2 a6 07 fd 1c 9d c6 69 >| peer's g: ec c8 77 97 6a 25 18 57 c3 a2 86 c8 d6 93 cf 2d >| peer's g: c3 b9 c3 21 12 63 d6 7a 45 7b 7a a6 a3 87 62 a9 >| peer's g: bd 87 8b 98 f5 fb 81 33 df 0f b9 cd 1e 92 7d f6 >| peer's g: 03 92 62 ff 90 96 24 f3 c1 5e 3b 09 da b4 0c 9b >| Started DH shared-secret computation in NSS: >| Dropped no leading zeros 128 >| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 731 usec >| NSS: Started key computation >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24 >| skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha >| ni: a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 86 4e 34 e4 >| nr: c3 3e 5d 19 7b f5 7a fc f9 b6 7e 7c 84 40 5c ed >| nr: 12 9e ef 37 fe 50 cc 51 fb 24 77 19 df 96 88 c9 >| nr: 4b c2 b5 6b 30 8b db f1 e7 23 84 88 f6 86 40 84 >| nr: 60 40 35 3e e6 90 5d 58 4d c0 64 a3 29 13 ff ea >| nr: ec 18 e1 27 77 c3 c6 8d 25 05 9f 35 51 dc e0 f0 >| nr: 86 a0 e9 ae 2b e2 2e 8f cb ad 63 ff fb 1c 29 61 >| nr: 4d bd bf fa 95 cd 31 43 70 1d 50 ba 0f 63 ba 7f >| nr: 3b 5c fe 5c f3 e7 c3 d9 41 5d 65 14 af f8 >| NSS: digisig skeyid pointer: 0x7f0d1c00d060 >| PRF+ input >| Ni a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 86 4e 34 e4 >| Nr c3 3e 5d 19 7b f5 7a fc f9 b6 7e 7c 84 40 5c ed >| Nr 12 9e ef 37 fe 50 cc 51 fb 24 77 19 df 96 88 c9 >| Nr 4b c2 b5 6b 30 8b db f1 e7 23 84 88 f6 86 40 84 >| Nr 60 40 35 3e e6 90 5d 58 4d c0 64 a3 29 13 ff ea >| Nr ec 18 e1 27 77 c3 c6 8d 25 05 9f 35 51 dc e0 f0 >| Nr 86 a0 e9 ae 2b e2 2e 8f cb ad 63 ff fb 1c 29 61 >| Nr 4d bd bf fa 95 cd 31 43 70 1d 50 ba 0f 63 ba 7f >| Nr 3b 5c fe 5c f3 e7 c3 d9 41 5d 65 14 af f8 >| SPIi 77 2e f1 39 d7 5b 13 ed >| SPIr ad 40 ae 5c 0d 2e 0e ae >| Total keysize needed 148 >| NSS ikev2: finished computing key material for IKEv2 SA >| NSS ikev2: finished computing individual keys for IKEv2 SA >| calc_skeyseed_v2 pointers: shared 0x7f0d1c006c60, skeyseed 0x7f0d1c00d060, SK_d 0x7f0d1c00e8e0, SK_ai 0x7f0d1c00b720, SK_ar 0x7f0d1c010290, SK_ei 0x7f0d1c009d90, SK_er 0x7f0d1c005240, SK_pi 0x7f0d1c011c40, SK_pr 0x7f0d1c013610 >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 2 >| calling continuation function 0x7f0d2b1fbe80 >| ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 >| processing connection ikev2 >| #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE; >| duplicating state object #1 >| creating state object #2 at 0x7f0d2c7735e0 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: ad 40 ae 5c 0d 2e 0e ae >| state hash entry 15 >| inserting state object #2 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 >| event added at head of queue >| deleting event for #1 >| inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1 >| event added after event EVENT_REINIT_SECRET >| **emit ISAKMP Message: >| initiator cookie: >| 77 2e f1 39 d7 5b 13 ed >| responder cookie: >| ad 40 ae 5c 0d 2e 0e ae >| next payload type: ISAKMP_NEXT_v2E >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_AUTH >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 01 >| ***emit IKEv2 Encryption Payload: >| next payload type: ISAKMP_NEXT_v2IDi >| critical bit: none >| emitting 8 zero bytes of iv into IKEv2 Encryption Payload >| IKEv2 thinking whether to send my certificate: >| my policy has no RSASIG, the policy is : PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| sendcert: CERT_ALWAYSSEND and I did not get a certificate request >| so do not send cert. >| I did not send a certificate because digital signatures are not being used. (PSK) >| *****emit IKEv2 Identification Payload: >| next payload type: ISAKMP_NEXT_v2AUTH >| critical bit: none >| id_type: ID_IPV6_ADDR >| emitting 16 raw bytes of my identity into IKEv2 Identification Payload >| my identity 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting length of IKEv2 Identification Payload: 24 >| idhash calc I2 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| idhash calc I2 00 00 12 34 >| hmac_update data value: >| 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| 00 00 12 34 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| *****emit IKEv2 Authentication Payload: >| next payload type: ISAKMP_NEXT_v2SA >| critical bit: none >| auth method: IKEv2_AUTH_SHARED >| started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_PSK >| 1: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 >| 2: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2 >| line 1: match=2 >| best_match 0>2 best=0x7f0d2c771290 (line=1) >| concluding with best_match=2 best=0x7f0d2c771290 (lineno=1) >| hmac_update data value: >| 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 >| 32 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| negotiated prf: oakley_sha hash length: 20 >| inner prf output 39 cf c8 93 0c 25 cb 0e 02 cc 09 14 9e 4e 66 ea >| inner prf output 6b 6a a6 1e >| hmac_update data value: >| 77 2e f1 39 d7 5b 13 ed 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| 29 00 00 14 a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 >| 86 4e 34 e4 29 00 00 1c 00 00 40 04 0a c6 f5 b9 >| 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 6a 1a 9d e1 >| 00 00 00 1c 00 00 40 05 c5 55 be 66 85 49 c6 9f >| 61 c5 c4 d5 4a 06 78 bd a9 04 d0 75 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| hmac_update data value: >| c3 3e 5d 19 7b f5 7a fc f9 b6 7e 7c 84 40 5c ed >| 12 9e ef 37 fe 50 cc 51 fb 24 77 19 df 96 88 c9 >| 4b c2 b5 6b 30 8b db f1 e7 23 84 88 f6 86 40 84 >| 60 40 35 3e e6 90 5d 58 4d c0 64 a3 29 13 ff ea >| ec 18 e1 27 77 c3 c6 8d 25 05 9f 35 51 dc e0 f0 >| 86 a0 e9 ae 2b e2 2e 8f cb ad 63 ff fb 1c 29 61 >| 4d bd bf fa 95 cd 31 43 70 1d 50 ba 0f 63 ba 7f >| 3b 5c fe 5c f3 e7 c3 d9 41 5d 65 14 af f8 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| hmac_update data value: >| d4 85 af 3c 82 49 64 15 b8 42 72 68 14 cb eb f0 >| 9b 24 d7 7b >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| inputs to hash1 (first packet) >| 77 2e f1 39 d7 5b 13 ed 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| ea ef 3e db f0 29 f9 0c f6 93 68 a2 83 ca 83 06 >| 5d b1 c4 1c 27 a0 a7 4c 2a 26 11 64 1c 10 c3 54 >| 9c f1 35 b0 83 70 94 0c 84 63 5b 8e b5 c7 da 36 >| 5a 34 78 56 49 50 73 58 e7 2a 49 5c e6 0f 67 0b >| 64 e5 e5 c8 f4 fb 13 95 25 2e 5a 0a b4 33 fc f8 >| 25 3b d3 86 1e 2c c4 10 60 f4 3a 38 eb 99 0c 65 >| 80 29 8b 25 0c 69 95 44 02 3c e7 cf 60 5a 60 14 >| dc 0a 25 14 f7 b2 37 2b ec 6a d9 98 2e 73 e2 b8 >| 29 00 00 14 a1 23 d7 0a 41 90 9a f9 d8 e3 55 09 >| 86 4e 34 e4 29 00 00 1c 00 00 40 04 0a c6 f5 b9 >| 8f 34 b7 c0 ab ca 31 3c 12 3b 35 16 6a 1a 9d e1 >| 00 00 00 1c 00 00 40 05 c5 55 be 66 85 49 c6 9f >| 61 c5 c4 d5 4a 06 78 bd a9 04 d0 75 >| inputs to hash2 (responder nonce) >| c3 3e 5d 19 7b f5 7a fc f9 b6 7e 7c 84 40 5c ed >| 12 9e ef 37 fe 50 cc 51 fb 24 77 19 df 96 88 c9 >| 4b c2 b5 6b 30 8b db f1 e7 23 84 88 f6 86 40 84 >| 60 40 35 3e e6 90 5d 58 4d c0 64 a3 29 13 ff ea >| ec 18 e1 27 77 c3 c6 8d 25 05 9f 35 51 dc e0 f0 >| 86 a0 e9 ae 2b e2 2e 8f cb ad 63 ff fb 1c 29 61 >| 4d bd bf fa 95 cd 31 43 70 1d 50 ba 0f 63 ba 7f >| 3b 5c fe 5c f3 e7 c3 d9 41 5d 65 14 af f8 >| idhash d4 85 af 3c 82 49 64 15 b8 42 72 68 14 cb eb f0 >| idhash 9b 24 d7 7b >| PSK auth octets 2a c2 42 6d d3 6c 0f 73 f1 f0 61 09 1d 94 83 c4 >| PSK auth octets e1 db b1 05 >| emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload >| PSK auth 2a c2 42 6d d3 6c 0f 73 f1 f0 61 09 1d 94 83 c4 >| PSK auth e1 db b1 05 >| emitting length of IKEv2 Authentication Payload: 28 >| getting first pending from state #1 >| kernel_alg_db_new() initial trans_cnt=128 >| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 >| kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2 >| returning new proposal from esp_info >| *****emit IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2TSi >| critical bit: none >| netlink_get_spi: allocated 0x9f8a9380 for esp:0@2001:db8:1:1::1234 >| ******emit IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_ESP >| spi size: 4 >| # transforms: 3 >| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload >| our spi 9f 8a 93 80 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *******emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| IKEv2 transform type: TRANS_TYPE_ESN >| IKEv2 transform ID: ESN_DISABLED >| emitting length of IKEv2 Transform Substructure Payload: 8 >| emitting length of IKEv2 Proposal Substructure Payload: 36 >| emitting length of IKEv2 Security Association Payload: 40 >| *****emit IKEv2 Traffic Selector Payload: >| next payload type: ISAKMP_NEXT_v2TSr >| critical bit: none >| number of TS: 1 >| ******emit IKEv2 Traffic Selector: >| TS type: IKEv2_TS_IPV6_ADDR_RANGE >| IP Protocol ID: 0 >| start port: 0 >| end port: 65535 >| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector >| ipv6 low 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector >| ipv6 high 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting length of IKEv2 Traffic Selector: 40 >| emitting length of IKEv2 Traffic Selector Payload: 48 >| *****emit IKEv2 Traffic Selector Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| number of TS: 1 >| ******emit IKEv2 Traffic Selector: >| TS type: IKEv2_TS_IPV6_ADDR_RANGE >| IP Protocol ID: 0 >| start port: 0 >| end port: 65535 >| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector >| ipv6 low 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 >| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector >| ipv6 high 20 01 0d b8 00 0f 00 01 00 00 00 00 00 00 00 01 >| emitting length of IKEv2 Traffic Selector: 40 >| emitting length of IKEv2 Traffic Selector Payload: 48 >| emitting 4 raw bytes of padding and length into cleartext >| padding and length 00 01 02 03 >| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload >| emitting length of IKEv2 Encryption Payload: 216 >| emitting length of ISAKMP Message: 244 >| data before encryption: >| 27 00 00 18 05 00 00 00 20 01 0d b8 00 01 00 01 >| 00 00 00 00 00 00 12 34 21 00 00 1c 02 00 00 00 >| 2a c2 42 6d d3 6c 0f 73 f1 f0 61 09 1d 94 83 c4 >| e1 db b1 05 2c 00 00 28 00 00 00 24 01 03 04 03 >| 9f 8a 93 80 03 00 00 08 01 00 00 03 03 00 00 08 >| 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 30 >| 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 >| 00 01 00 01 00 00 00 00 00 00 12 34 20 01 0d b8 >| 00 01 00 01 00 00 00 00 00 00 12 34 00 00 00 30 >| 01 00 00 00 08 00 00 28 00 00 ff ff 20 01 0d b8 >| 00 0f 00 01 00 00 00 00 00 00 00 01 20 01 0d b8 >| 00 0f 00 01 00 00 00 00 00 00 00 01 00 01 02 03 >| NSS: do_3des init start >| NSS: do_3des init end >| data after encryption: >| 4f 26 a6 0e f3 74 33 46 9c 78 ac d2 f6 0b 6c 13 >| 8d d1 36 55 7c f0 4c 0e 38 16 ee 75 fe ad 97 09 >| ae b9 8c cc fe 57 9e 09 dd 49 64 fe 71 3e 0e 2c >| e1 b8 fa ed 7b d9 91 3a b3 39 5f 9c ea ce 59 7f >| f0 39 b6 3f ec de 0e 35 a3 59 80 ae c3 4f 28 19 >| de e7 e0 43 d6 4c 87 09 5d b1 35 48 12 fc ee 53 >| 4b 14 71 08 35 97 1b b9 64 1b bb 81 50 40 19 9a >| 94 d8 34 a0 bd 15 c7 ae f3 7e 8f b9 3a 87 e6 01 >| 17 fb 86 70 d6 67 f3 5c fa e9 43 33 5e f7 c3 e9 >| 99 05 cd ee 5a b8 0c bf 4f 8d ba 2b 56 24 68 5f >| 13 24 ff f4 b7 9f 43 87 71 26 6c 86 ae a2 af c3 >| 52 6a 73 50 c0 66 a8 0e 66 6b 45 02 5d 09 51 84 >| Inside authloc >| authkey pointer: 0x7f0d1c00b720 >| Inside authloc after init >| hmac_update data value: >| 77 2e f1 39 d7 5b 13 ed ad 40 ae 5c 0d 2e 0e ae >| 2e 20 23 08 00 00 00 01 00 00 00 f4 23 00 00 d8 >| d4 5d 41 cc c1 6d 5d f1 4f 26 a6 0e f3 74 33 46 >| 9c 78 ac d2 f6 0b 6c 13 8d d1 36 55 7c f0 4c 0e >| 38 16 ee 75 fe ad 97 09 ae b9 8c cc fe 57 9e 09 >| dd 49 64 fe 71 3e 0e 2c e1 b8 fa ed 7b d9 91 3a >| b3 39 5f 9c ea ce 59 7f f0 39 b6 3f ec de 0e 35 >| a3 59 80 ae c3 4f 28 19 de e7 e0 43 d6 4c 87 09 >| 5d b1 35 48 12 fc ee 53 4b 14 71 08 35 97 1b b9 >| 64 1b bb 81 50 40 19 9a 94 d8 34 a0 bd 15 c7 ae >| f3 7e 8f b9 3a 87 e6 01 17 fb 86 70 d6 67 f3 5c >| fa e9 43 33 5e f7 c3 e9 99 05 cd ee 5a b8 0c bf >| 4f 8d ba 2b 56 24 68 5f 13 24 ff f4 b7 9f 43 87 >| 71 26 6c 86 ae a2 af c3 52 6a 73 50 c0 66 a8 0e >| 66 6b 45 02 5d 09 51 84 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| Inside authloc after update >| Inside authloc after final >| data being hmac: 77 2e f1 39 d7 5b 13 ed ad 40 ae 5c 0d 2e 0e ae >| data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 f4 23 00 00 d8 >| data being hmac: d4 5d 41 cc c1 6d 5d f1 4f 26 a6 0e f3 74 33 46 >| data being hmac: 9c 78 ac d2 f6 0b 6c 13 8d d1 36 55 7c f0 4c 0e >| data being hmac: 38 16 ee 75 fe ad 97 09 ae b9 8c cc fe 57 9e 09 >| data being hmac: dd 49 64 fe 71 3e 0e 2c e1 b8 fa ed 7b d9 91 3a >| data being hmac: b3 39 5f 9c ea ce 59 7f f0 39 b6 3f ec de 0e 35 >| data being hmac: a3 59 80 ae c3 4f 28 19 de e7 e0 43 d6 4c 87 09 >| data being hmac: 5d b1 35 48 12 fc ee 53 4b 14 71 08 35 97 1b b9 >| data being hmac: 64 1b bb 81 50 40 19 9a 94 d8 34 a0 bd 15 c7 ae >| data being hmac: f3 7e 8f b9 3a 87 e6 01 17 fb 86 70 d6 67 f3 5c >| data being hmac: fa e9 43 33 5e f7 c3 e9 99 05 cd ee 5a b8 0c bf >| data being hmac: 4f 8d ba 2b 56 24 68 5f 13 24 ff f4 b7 9f 43 87 >| data being hmac: 71 26 6c 86 ae a2 af c3 52 6a 73 50 c0 66 a8 0e >| data being hmac: 66 6b 45 02 5d 09 51 84 >| out calculated auth: >| 7c e1 3d 1e 1a c3 d4 47 d1 6b af 4d >| deleting event for #2 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 >| event added at head of queue >| complete v2 state transition with STF_OK >"ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 >"ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024} >| sending reply packet to 2001:db8:f:1::1:500 (from port 500) >| sending 244 bytes for STATE_PARENT_I1 through p6p1:500 to 2001:db8:f:1::1:500 (using #2) >| 77 2e f1 39 d7 5b 13 ed ad 40 ae 5c 0d 2e 0e ae >| 2e 20 23 08 00 00 00 01 00 00 00 f4 23 00 00 d8 >| d4 5d 41 cc c1 6d 5d f1 4f 26 a6 0e f3 74 33 46 >| 9c 78 ac d2 f6 0b 6c 13 8d d1 36 55 7c f0 4c 0e >| 38 16 ee 75 fe ad 97 09 ae b9 8c cc fe 57 9e 09 >| dd 49 64 fe 71 3e 0e 2c e1 b8 fa ed 7b d9 91 3a >| b3 39 5f 9c ea ce 59 7f f0 39 b6 3f ec de 0e 35 >| a3 59 80 ae c3 4f 28 19 de e7 e0 43 d6 4c 87 09 >| 5d b1 35 48 12 fc ee 53 4b 14 71 08 35 97 1b b9 >| 64 1b bb 81 50 40 19 9a 94 d8 34 a0 bd 15 c7 ae >| f3 7e 8f b9 3a 87 e6 01 17 fb 86 70 d6 67 f3 5c >| fa e9 43 33 5e f7 c3 e9 99 05 cd ee 5a b8 0c bf >| 4f 8d ba 2b 56 24 68 5f 13 24 ff f4 b7 9f 43 87 >| 71 26 6c 86 ae a2 af c3 52 6a 73 50 c0 66 a8 0e >| 66 6b 45 02 5d 09 51 84 7c e1 3d 1e 1a c3 d4 47 >| d1 6b af 4d >| V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event >| * processed 1 messages from cryptographic helpers >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #2 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 28 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #2 attempt 1 of 0 >| sending 244 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #2) >| 77 2e f1 39 d7 5b 13 ed ad 40 ae 5c 0d 2e 0e ae >| 2e 20 23 08 00 00 00 01 00 00 00 f4 23 00 00 d8 >| d4 5d 41 cc c1 6d 5d f1 4f 26 a6 0e f3 74 33 46 >| 9c 78 ac d2 f6 0b 6c 13 8d d1 36 55 7c f0 4c 0e >| 38 16 ee 75 fe ad 97 09 ae b9 8c cc fe 57 9e 09 >| dd 49 64 fe 71 3e 0e 2c e1 b8 fa ed 7b d9 91 3a >| b3 39 5f 9c ea ce 59 7f f0 39 b6 3f ec de 0e 35 >| a3 59 80 ae c3 4f 28 19 de e7 e0 43 d6 4c 87 09 >| 5d b1 35 48 12 fc ee 53 4b 14 71 08 35 97 1b b9 >| 64 1b bb 81 50 40 19 9a 94 d8 34 a0 bd 15 c7 ae >| f3 7e 8f b9 3a 87 e6 01 17 fb 86 70 d6 67 f3 5c >| fa e9 43 33 5e f7 c3 e9 99 05 cd ee 5a b8 0c bf >| 4f 8d ba 2b 56 24 68 5f 13 24 ff f4 b7 9f 43 87 >| 71 26 6c 86 ae a2 af c3 52 6a 73 50 c0 66 a8 0e >| 66 6b 45 02 5d 09 51 84 7c e1 3d 1e 1a c3 d4 47 >| d1 6b af 4d >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 10 seconds for #2 >| >| *received whack message >shutting down >| certs and keys locked by 'free_preshared_secrets' >forgetting secrets >| certs and keys unlocked by 'free_preshard_secrets' >| processing connection ikev2 >"ikev2": deleting connection >| removing pending policy for "none" {0x7f0d2c7713e0} >| processing connection ikev2 >"ikev2" #2: deleting state (STATE_PARENT_I2) >| deleting event for #2 >| deleting state #2 >| deleting event for #2 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: ad 40 ae 5c 0d 2e 0e ae >| state hash entry 15 >| processing connection ikev2 >"ikev2" #1: deleting state (STATE_PARENT_I2) >| deleting event for #1 >| deleting state #1 >| deleting event for #1 >| ICOOKIE: 77 2e f1 39 d7 5b 13 ed >| RCOOKIE: ad 40 ae 5c 0d 2e 0e ae >| state hash entry 15 >| crl fetch request list locked by 'free_crl_fetch' >| crl fetch request list unlocked by 'free_crl_fetch' >| authcert list locked by 'free_authcerts' >| authcert list unlocked by 'free_authcerts' >| crl list locked by 'free_crls' >| crl list unlocked by 'free_crls' >shutting down interface lo/lo ::1:500 >shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 >shutting down interface lo/lo 127.0.0.1:4500 >shutting down interface lo/lo 127.0.0.1:500 >shutting down interface p7p1/p7p1 10.66.13.22:4500 >shutting down interface p7p1/p7p1 10.66.13.22:500 >shutting down interface p6p1/p6p1 192.168.0.10:4500 >shutting down interface p6p1/p6p1 192.168.0.10:500
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=947484">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1153548
: 947484