Attachment 951970 Details for Bug 1158748 – pluto.log

pluto.log

pluto.log (text/plain), 65.62 KB, created by Hangbin Liu on 2014-10-30 05:58:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Hangbin Liu

Created: 2014-10-30 05:58:55 UTC

Size: 65.62 KB

patch

obsolete

>nss directory plutomain: /etc/ipsec.d
>NSS Initialized
>libcap-ng support [enabled]
>FIPS HMAC integrity verification test passed
>FIPS: pluto daemon NOT running in FIPS mode
>Linux audit support [disabled]
>Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:21446
>core dump dir: /var/run/pluto
>secrets file: /etc/ipsec.secrets
>leak-detective disabled
>SAref support [disabled]: Protocol not available
>SAbind support [disabled]: Protocol not available
>NSS crypto [enabled]
>XAUTH PAM support [enabled]
>   NAT-Traversal support  [enabled]
>| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
>| event added at head of queue
>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
>| event added at head of queue
>| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
>| event added after event EVENT_PENDING_DDNS
>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
>ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
>ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
>starting up 3 crypto helpers
>started thread for crypto helper 0 (master fd 7)
>| status value returned by setting the priority of this thread (crypto helper 0) 22
>| crypto helper 0 waiting on fd 8
>| status value returned by setting the priority of this thread (crypto helper 1) 22
>| crypto helper 1 waiting on fd 10
>started thread for crypto helper 1 (master fd 9)
>started thread for crypto helper 2 (master fd 11)
>| status value returned by setting the priority of this thread (crypto helper 2) 22
>| crypto helper 2 waiting on fd 13
>Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-188.el7.x86_64
>| process 21446 listening for PF_KEY_V2 on file descriptor 16
>| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH 
>|   02 07 00 02  02 00 00 00  01 00 00 00  c6 53 00 00
>| pfkey_get: K_SADB_REGISTER message 1
>| AH registered with kernel.
>| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP 
>|   02 07 00 03  02 00 00 00  02 00 00 00  c6 53 00 00
>| pfkey_get: K_SADB_REGISTER message 2
>| kernel_alg_init(): memset(0x7f618ef20840, 0, 2048) memset(0x7f618ef21040, 0, 2048)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
>| kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
>| kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR)
>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
>| kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)
>| kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)
>| kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)
>| kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)
>| kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)
>| kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)
>ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_8 for IKE
>ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_12 for IKE
>ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
>Warning: failed to register algo_aes_ccm_16 for IKE
>ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_8 for IKE
>ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_12 for IKE
>ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
>Warning: failed to register algo_aes_gcm_16 for IKE
>| Registered AEAD AES CCM/GCM algorithms
>| ESP registered with kernel.
>| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP 
>|   02 07 00 09  02 00 00 00  03 00 00 00  c6 53 00 00
>| pfkey_get: K_SADB_REGISTER message 3
>| IPCOMP registered with kernel.
>| Registered AH, ESP and IPCOMP
>| Changed path to directory '/etc/ipsec.d/cacerts'
>  loading CA cert file 'cacert.pem' (956 bytes)
>|   cert blob content is not binary ASN.1
>|   -----BEGIN CERTIFICATE-----
>|   -----END CERTIFICATE-----
>|   file coded in PEM format
>| L0 - certificate:
>|   30 82 02 96  30 82 01 ff  a0 03 02 01  02 02 09 00
>|   ef 50 7f d1  a6 a0 fd ea  30 0d 06 09  2a 86 48 86
>|   f7 0d 01 01  05 05 00 30  64 31 0b 30  09 06 03 55
>|   04 06 13 02  58 58 31 0f  30 0d 06 03  55 04 08 0c
>|   06 72 65 64  68 61 74 31  15 30 13 06  03 55 04 07
>|   0c 0c 44 65  66 61 75 6c  74 20 43 69  74 79 31 1c
>|   30 1a 06 03  55 04 0a 0c  13 44 65 66  61 75 6c 74
>|   20 43 6f 6d  70 61 6e 79  20 4c 74 64  31 0f 30 0d
>|   06 03 55 04  03 0c 06 72  65 64 68 61  74 30 1e 17
>|   0d 31 34 30  31 31 36 30  38 34 35 34  35 5a 17 0d
>|   32 34 30 31  31 34 30 38  34 35 34 35  5a 30 64 31
>|   0b 30 09 06  03 55 04 06  13 02 58 58  31 0f 30 0d
>|   06 03 55 04  08 0c 06 72  65 64 68 61  74 31 15 30
>|   13 06 03 55  04 07 0c 0c  44 65 66 61  75 6c 74 20
>|   43 69 74 79  31 1c 30 1a  06 03 55 04  0a 0c 13 44
>|   65 66 61 75  6c 74 20 43  6f 6d 70 61  6e 79 20 4c
>|   74 64 31 0f  30 0d 06 03  55 04 03 0c  06 72 65 64
>|   68 61 74 30  81 9f 30 0d  06 09 2a 86  48 86 f7 0d
>|   01 01 01 05  00 03 81 8d  00 30 81 89  02 81 81 00
>|   e0 1f 72 01  ac 86 92 f0  e5 3e 8e 6d  fb cd d6 25
>|   ef e9 d5 ca  5a 85 e6 7c  9d dc 96 1c  8c 5c 45 4f
>|   fb 44 c7 9f  7d a8 90 e0  7f d0 32 b6  44 60 9f ea
>|   0b 60 29 3c  f8 4a 12 6d  7e 7a d1 39  6c 96 3a 68
>|   ad 57 4b 68  94 a7 a2 8a  c0 53 79 be  3d 8d 78 cb
>|   02 19 1c 31  98 77 fd 2e  28 05 34 f0  e4 ff d5 c0
>|   a8 cd 5c 6b  62 4e 84 bd  03 f9 e4 d7  54 8f 69 44
>|   0c 98 c4 8f  e7 ff 3e 63  5b 68 d4 d3  45 2a 90 a5
>|   02 03 01 00  01 a3 50 30  4e 30 1d 06  03 55 1d 0e
>|   04 16 04 14  ac 93 3b f9  7c 7e 17 e7  47 64 68 3f
>|   04 72 0c 74  18 b1 62 62  30 1f 06 03  55 1d 23 04
>|   18 30 16 80  14 ac 93 3b  f9 7c 7e 17  e7 47 64 68
>|   3f 04 72 0c  74 18 b1 62  62 30 0c 06  03 55 1d 13
>|   04 05 30 03  01 01 ff 30  0d 06 09 2a  86 48 86 f7
>|   0d 01 01 05  05 00 03 81  81 00 93 fd  50 16 24 8b
>|   16 d4 2a a0  76 26 d3 c4  54 24 60 8a  ed 63 1d b7
>|   66 f2 05 dd  9c 3b 81 90  d4 36 bd 3a  ea c9 3c 54
>|   72 54 94 bc  29 6d af f9  c9 7d b4 bf  39 1a 28 68
>|   9d 39 4b 56  14 3e 8e 9b  93 d5 94 8b  56 5d ae 20
>|   a2 2a 2d 58  24 d0 98 5b  47 83 7f d2  ce 51 7b 65
>|   d6 c3 4f 10  09 57 fa 80  c0 13 55 44  88 2a 90 f8
>|   aa 1b c2 56  c7 f5 61 8d  4e b6 09 d9  35 0a 8b 16
>|   a6 0d a7 cc  20 13 2f 7d  2a 30
>| L1 - tbsCertificate:
>|   30 82 01 ff  a0 03 02 01  02 02 09 00  ef 50 7f d1
>|   a6 a0 fd ea  30 0d 06 09  2a 86 48 86  f7 0d 01 01
>|   05 05 00 30  64 31 0b 30  09 06 03 55  04 06 13 02
>|   58 58 31 0f  30 0d 06 03  55 04 08 0c  06 72 65 64
>|   68 61 74 31  15 30 13 06  03 55 04 07  0c 0c 44 65
>|   66 61 75 6c  74 20 43 69  74 79 31 1c  30 1a 06 03
>|   55 04 0a 0c  13 44 65 66  61 75 6c 74  20 43 6f 6d
>|   70 61 6e 79  20 4c 74 64  31 0f 30 0d  06 03 55 04
>|   03 0c 06 72  65 64 68 61  74 30 1e 17  0d 31 34 30
>|   31 31 36 30  38 34 35 34  35 5a 17 0d  32 34 30 31
>|   31 34 30 38  34 35 34 35  5a 30 64 31  0b 30 09 06
>|   03 55 04 06  13 02 58 58  31 0f 30 0d  06 03 55 04
>|   08 0c 06 72  65 64 68 61  74 31 15 30  13 06 03 55
>|   04 07 0c 0c  44 65 66 61  75 6c 74 20  43 69 74 79
>|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
>|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
>|   30 0d 06 03  55 04 03 0c  06 72 65 64  68 61 74 30
>|   81 9f 30 0d  06 09 2a 86  48 86 f7 0d  01 01 01 05
>|   00 03 81 8d  00 30 81 89  02 81 81 00  e0 1f 72 01
>|   ac 86 92 f0  e5 3e 8e 6d  fb cd d6 25  ef e9 d5 ca
>|   5a 85 e6 7c  9d dc 96 1c  8c 5c 45 4f  fb 44 c7 9f
>|   7d a8 90 e0  7f d0 32 b6  44 60 9f ea  0b 60 29 3c
>|   f8 4a 12 6d  7e 7a d1 39  6c 96 3a 68  ad 57 4b 68
>|   94 a7 a2 8a  c0 53 79 be  3d 8d 78 cb  02 19 1c 31
>|   98 77 fd 2e  28 05 34 f0  e4 ff d5 c0  a8 cd 5c 6b
>|   62 4e 84 bd  03 f9 e4 d7  54 8f 69 44  0c 98 c4 8f
>|   e7 ff 3e 63  5b 68 d4 d3  45 2a 90 a5  02 03 01 00
>|   01 a3 50 30  4e 30 1d 06  03 55 1d 0e  04 16 04 14
>|   ac 93 3b f9  7c 7e 17 e7  47 64 68 3f  04 72 0c 74
>|   18 b1 62 62  30 1f 06 03  55 1d 23 04  18 30 16 80
>|   14 ac 93 3b  f9 7c 7e 17  e7 47 64 68  3f 04 72 0c
>|   74 18 b1 62  62 30 0c 06  03 55 1d 13  04 05 30 03
>|   01 01 ff
>| L2 - DEFAULT v1:
>| L3 - version:
>|   02
>|   v3
>| L2 - serialNumber:
>|   00 ef 50 7f  d1 a6 a0 fd  ea
>| L2 - signature:
>| L3 - algorithmIdentifier:
>| L4 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L2 - issuer:
>|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
>|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
>|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
>|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
>|   72 65 64 68  61 74
>|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
>| L2 - validity:
>| L3 - notBefore:
>| L4 - utcTime:
>|   'Jan 16 08:45:45 UTC 2014'
>| L3 - notAfter:
>| L4 - utcTime:
>|   'Jan 14 08:45:45 UTC 2024'
>| L2 - subject:
>|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
>|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
>|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
>|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
>|   72 65 64 68  61 74
>|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
>| L2 - subjectPublicKeyInfo:
>| L3 - algorithm:
>| L4 - algorithmIdentifier:
>| L5 - algorithm:
>|   'rsaEncryption'
>| L3 - subjectPublicKey:
>| L4 - RSAPublicKey:
>| L5 - modulus:
>|   00 e0 1f 72  01 ac 86 92  f0 e5 3e 8e  6d fb cd d6
>|   25 ef e9 d5  ca 5a 85 e6  7c 9d dc 96  1c 8c 5c 45
>|   4f fb 44 c7  9f 7d a8 90  e0 7f d0 32  b6 44 60 9f
>|   ea 0b 60 29  3c f8 4a 12  6d 7e 7a d1  39 6c 96 3a
>|   68 ad 57 4b  68 94 a7 a2  8a c0 53 79  be 3d 8d 78
>|   cb 02 19 1c  31 98 77 fd  2e 28 05 34  f0 e4 ff d5
>|   c0 a8 cd 5c  6b 62 4e 84  bd 03 f9 e4  d7 54 8f 69
>|   44 0c 98 c4  8f e7 ff 3e  63 5b 68 d4  d3 45 2a 90
>|   a5
>| L5 - publicExponent:
>|   01 00 01
>| L2 - optional extensions:
>| L3 - extensions:
>| L4 - extension:
>| L5 - extnID:
>|   'subjectKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   04 14 ac 93  3b f9 7c 7e  17 e7 47 64  68 3f 04 72
>|   0c 74 18 b1  62 62
>| L6 - keyIdentifier:
>|   ac 93 3b f9  7c 7e 17 e7  47 64 68 3f  04 72 0c 74
>|   18 b1 62 62
>| L4 - extension:
>| L5 - extnID:
>|   'authorityKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 16 80 14  ac 93 3b f9  7c 7e 17 e7  47 64 68 3f
>|   04 72 0c 74  18 b1 62 62
>| L6 - authorityKeyIdentifier:
>| L7 - keyIdentifier:
>|   80 14 ac 93  3b f9 7c 7e  17 e7 47 64  68 3f 04 72
>|   0c 74 18 b1  62 62
>| L8 - keyIdentifier:
>|   ac 93 3b f9  7c 7e 17 e7  47 64 68 3f  04 72 0c 74
>|   18 b1 62 62
>| L4 - extension:
>| L5 - extnID:
>|   'basicConstraints'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 03 01 01  ff
>| L6 - basicConstraints:
>| L7 - CA:
>|   ff
>|   TRUE
>| L1 - signatureAlgorithm:
>| L2 - algorithmIdentifier:
>| L3 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L1 - signatureValue:
>|   00 93 fd 50  16 24 8b 16  d4 2a a0 76  26 d3 c4 54
>|   24 60 8a ed  63 1d b7 66  f2 05 dd 9c  3b 81 90 d4
>|   36 bd 3a ea  c9 3c 54 72  54 94 bc 29  6d af f9 c9
>|   7d b4 bf 39  1a 28 68 9d  39 4b 56 14  3e 8e 9b 93
>|   d5 94 8b 56  5d ae 20 a2  2a 2d 58 24  d0 98 5b 47
>|   83 7f d2 ce  51 7b 65 d6  c3 4f 10 09  57 fa 80 c0
>|   13 55 44 88  2a 90 f8 aa  1b c2 56 c7  f5 61 8d 4e
>|   b6 09 d9 35  0a 8b 16 a6  0d a7 cc 20  13 2f 7d 2a
>|   30
>| authcert list locked by 'add_authcert'
>|   authcert inserted
>| authcert list unlocked by 'add_authcert'
>| Changing to directory '/etc/ipsec.d/crls'
>  loading crl file 'crl.pem' (483 bytes)
>|   cert blob content is not binary ASN.1
>|   -----BEGIN X509 CRL-----
>|   -----END X509 CRL-----
>|   file coded in PEM format
>| L0 - certificateList:
>|   30 82 01 3c  30 81 a6 02  01 01 30 0d  06 09 2a 86
>|   48 86 f7 0d  01 01 05 05  00 30 64 31  0b 30 09 06
>|   03 55 04 06  13 02 58 58  31 0f 30 0d  06 03 55 04
>|   08 0c 06 72  65 64 68 61  74 31 15 30  13 06 03 55
>|   04 07 0c 0c  44 65 66 61  75 6c 74 20  43 69 74 79
>|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
>|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
>|   30 0d 06 03  55 04 03 0c  06 72 65 64  68 61 74 17
>|   0d 31 34 30  31 31 36 30  39 33 34 30  32 5a 17 0d
>|   31 34 30 32  31 35 30 39  33 34 30 32  5a a0 0e 30
>|   0c 30 0a 06  03 55 1d 14  04 03 02 01  01 30 0d 06
>|   09 2a 86 48  86 f7 0d 01  01 05 05 00  03 81 81 00
>|   04 ef 34 0d  c3 15 ac 28  9e 89 80 c7  24 95 26 19
>|   f1 79 eb 1b  a4 02 11 82  d6 50 95 81  7d 57 5d 7a
>|   69 c8 25 9e  09 7e d9 df  88 55 a2 d2  01 6c dc fa
>|   a9 ca 74 dd  ee 8a 4c f5  43 8b aa 0f  b6 4b 6f ad
>|   1c c6 6a 72  bf cf 97 52  9b ac cf f4  d6 4d a3 e0
>|   63 f2 89 d8  b3 a8 a0 fb  cf b8 cf 80  e3 2a 9c ad
>|   bd e2 f2 8c  78 eb ba f7  d8 3f d6 cf  18 b5 7b c2
>|   55 c2 3f 79  26 a0 1a 98  2f b1 68 8e  f0 30 9b 1c
>| L1 - tbsCertList:
>|   30 81 a6 02  01 01 30 0d  06 09 2a 86  48 86 f7 0d
>|   01 01 05 05  00 30 64 31  0b 30 09 06  03 55 04 06
>|   13 02 58 58  31 0f 30 0d  06 03 55 04  08 0c 06 72
>|   65 64 68 61  74 31 15 30  13 06 03 55  04 07 0c 0c
>|   44 65 66 61  75 6c 74 20  43 69 74 79  31 1c 30 1a
>|   06 03 55 04  0a 0c 13 44  65 66 61 75  6c 74 20 43
>|   6f 6d 70 61  6e 79 20 4c  74 64 31 0f  30 0d 06 03
>|   55 04 03 0c  06 72 65 64  68 61 74 17  0d 31 34 30
>|   31 31 36 30  39 33 34 30  32 5a 17 0d  31 34 30 32
>|   31 35 30 39  33 34 30 32  5a a0 0e 30  0c 30 0a 06
>|   03 55 1d 14  04 03 02 01  01
>| L2 - version:
>|   01
>|   v2
>| L2 - signature:
>| L3 - algorithmIdentifier:
>| L4 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L2 - issuer:
>|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
>|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
>|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
>|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
>|   72 65 64 68  61 74
>|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
>| L2 - thisUpdate:
>| L3 - utcTime:
>|   'Jan 16 09:34:02 UTC 2014'
>| L2 - nextUpdate:
>| L3 - utcTime:
>|   'Feb 15 09:34:02 UTC 2014'
>| L2 - optional extensions:
>| L3 - crlExtensions:
>| L4 - extension:
>| L5 - extnID:
>|   55 1d 14
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   02 01 01
>| L1 - signatureAlgorithm:
>| L2 - algorithmIdentifier:
>| L3 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L1 - signatureValue:
>|   00 04 ef 34  0d c3 15 ac  28 9e 89 80  c7 24 95 26
>|   19 f1 79 eb  1b a4 02 11  82 d6 50 95  81 7d 57 5d
>|   7a 69 c8 25  9e 09 7e d9  df 88 55 a2  d2 01 6c dc
>|   fa a9 ca 74  dd ee 8a 4c  f5 43 8b aa  0f b6 4b 6f
>|   ad 1c c6 6a  72 bf cf 97  52 9b ac cf  f4 d6 4d a3
>|   e0 63 f2 89  d8 b3 a8 a0  fb cf b8 cf  80 e3 2a 9c
>|   ad bd e2 f2  8c 78 eb ba  f7 d8 3f d6  cf 18 b5 7b
>|   c2 55 c2 3f  79 26 a0 1a  98 2f b1 68  8e f0 30 9b
>|   1c
>| authcert list locked by 'insert_crl'
>| crl issuer cacert found
>| signature algorithm: 'sha-1WithRSAEncryption'
>|   digest:  a5 91 dc e6  f7 78 21 e9  df c2 f3 fc  2a ac 9f 0b
>|   digest:  f5 e2 2b 6b
>| NSS cert: modulus : 
>|   00 e0 1f 72  01 ac 86 92  f0 e5 3e 8e  6d fb cd d6
>|   25 ef e9 d5  ca 5a 85 e6  7c 9d dc 96  1c 8c 5c 45
>|   4f fb 44 c7  9f 7d a8 90  e0 7f d0 32  b6 44 60 9f
>|   ea 0b 60 29  3c f8 4a 12  6d 7e 7a d1  39 6c 96 3a
>|   68 ad 57 4b  68 94 a7 a2  8a c0 53 79  be 3d 8d 78
>|   cb 02 19 1c  31 98 77 fd  2e 28 05 34  f0 e4 ff d5
>|   c0 a8 cd 5c  6b 62 4e 84  bd 03 f9 e4  d7 54 8f 69
>|   44 0c 98 c4  8f e7 ff 3e  63 5b 68 d4  d3 45 2a 90
>|   a5
>| NSS cert: exponent : 
>|   01 00 01
>| NSS: input signature : 
>|   00 04 ef 34  0d c3 15 ac  28 9e 89 80  c7 24 95 26
>|   19 f1 79 eb  1b a4 02 11  82 d6 50 95  81 7d 57 5d
>|   7a 69 c8 25  9e 09 7e d9  df 88 55 a2  d2 01 6c dc
>|   fa a9 ca 74  dd ee 8a 4c  f5 43 8b aa  0f b6 4b 6f
>|   ad 1c c6 6a  72 bf cf 97  52 9b ac cf  f4 d6 4d a3
>|   e0 63 f2 89  d8 b3 a8 a0  fb cf b8 cf  80 e3 2a 9c
>|   ad bd e2 f2  8c 78 eb ba  f7 d8 3f d6  cf 18 b5 7b
>|   c2 55 c2 3f  79 26 a0 1a  98 2f b1 68  8e f0 30 9b
>|   1c
>| RSA Signature length is 128
>NSS: PK11_VerifyRecover() failed (-8182)
>| NSS scratchpad plus computed digest sig: 
>| 
>| NSS adjusted digest sig: 
>|   ff ff ff ff  40 b7 c1 90  61 7f 00 00  91 00 00 00
>|   00 00 00 00
>| NSS expected digest sig: 
>|   a5 91 dc e6  f7 78 21 e9  df c2 f3 fc  2a ac 9f 0b
>|   f5 e2 2b 6b
>NSS: RSA Signature FAILED verification
> NSS: failure in verifying signature
>| authcert list unlocked by 'insert_crl'
>| selinux support is enabled. 
>| inserting event EVENT_LOG_DAILY, timeout in 45694 seconds
>| event added after event EVENT_REINIT_SECRET
>| next event EVENT_PENDING_DDNS in 60 seconds
>| calling addconn helper using execve
>|  
>| *received whack message
>| entering aalg_getbyname_ike()
>| raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1
>| Added new connection ikev2 with policy PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
>| from whack: got --esp=3des-sha1
>| esp string values: 3DES(3)_000-SHA1(2)_000
>| ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
>| loading certificate clientKey.crt 
>| Found pointer to cert clientKey.crt now giving it to further processing
>| file coded in DER format
>| L0 - certificate:
>|   30 82 02 c1  30 82 02 2a  a0 03 02 01  02 02 01 04
>|   30 0d 06 09  2a 86 48 86  f7 0d 01 01  05 05 00 30
>|   64 31 0b 30  09 06 03 55  04 06 13 02  58 58 31 0f
>|   30 0d 06 03  55 04 08 0c  06 72 65 64  68 61 74 31
>|   15 30 13 06  03 55 04 07  0c 0c 44 65  66 61 75 6c
>|   74 20 43 69  74 79 31 1c  30 1a 06 03  55 04 0a 0c
>|   13 44 65 66  61 75 6c 74  20 43 6f 6d  70 61 6e 79
>|   20 4c 74 64  31 0f 30 0d  06 03 55 04  03 0c 06 72
>|   65 64 68 61  74 30 1e 17  0d 31 34 30  31 31 36 30
>|   39 30 35 32  36 5a 17 0d  31 35 30 31  31 36 30 39
>|   30 35 32 36  5a 30 4d 31  0b 30 09 06  03 55 04 06
>|   13 02 58 58  31 0f 30 0d  06 03 55 04  08 0c 06 72
>|   65 64 68 61  74 31 1c 30  1a 06 03 55  04 0a 0c 13
>|   44 65 66 61  75 6c 74 20  43 6f 6d 70  61 6e 79 20
>|   4c 74 64 31  0f 30 0d 06  03 55 04 03  0c 06 63 6c
>|   69 65 6e 74  30 81 9f 30  0d 06 09 2a  86 48 86 f7
>|   0d 01 01 01  05 00 03 81  8d 00 30 81  89 02 81 81
>|   00 d4 cc 34  1f c0 04 d0  0e df 24 9d  07 ad dc 86
>|   d4 f4 9e d5  e1 b4 89 f2  bc 22 23 5c  81 78 db 83
>|   a8 2c 92 7e  c2 18 5c e6  c9 51 3c b9  88 b1 da 99
>|   c6 25 b6 e7  8d 58 79 09  ad 62 95 d1  bd bc ad 3f
>|   30 e3 bd 11  12 11 34 82  02 e9 84 8e  3e 57 0d 26
>|   65 01 34 81  4d 68 f3 a9  dc 79 d6 e3  db 42 e4 0a
>|   1c 9d fd 3a  5c 14 b4 36  7e b7 84 da  97 c7 28 e2
>|   22 65 a7 6f  f0 42 57 ff  5b 00 f9 a9  64 e0 bd 21
>|   9d 02 03 01  00 01 a3 81  99 30 81 96  30 09 06 03
>|   55 1d 13 04  02 30 00 30  2c 06 09 60  86 48 01 86
>|   f8 42 01 0d  04 1f 16 1d  4f 70 65 6e  53 53 4c 20
>|   47 65 6e 65  72 61 74 65  64 20 43 65  72 74 69 66
>|   69 63 61 74  65 30 1d 06  03 55 1d 0e  04 16 04 14
>|   e9 06 bf b8  29 f9 79 04  52 40 d3 2b  07 bc fc 91
>|   bc ad 2e fe  30 1f 06 03  55 1d 23 04  18 30 16 80
>|   14 f4 ec b8  bb db c6 19  9f 20 11 e5  5a 13 17 95
>|   d0 8d f6 63  20 30 1b 06  03 55 1d 11  04 14 30 12
>|   87 10 20 01  0d b8 ff ff  00 01 02 15  17 ff fe 74
>|   5e 4a 30 0d  06 09 2a 86  48 86 f7 0d  01 01 05 05
>|   00 03 81 81  00 90 d9 b3  12 8d 3e 3d  b5 4f 04 0e
>|   16 6e f9 f0  9c 93 a6 f6  1b 4f 4f 6f  89 83 6f cf
>|   6b ce 63 82  dd bc 47 78  59 fd d8 79  b3 6c 18 c2
>|   b3 93 d7 d4  92 bd 80 11  b3 b0 ce 4d  47 e9 b9 86
>|   f9 7a 3d b4  4a d3 e7 12  b9 9c c6 4d  85 69 a5 0c
>|   88 b3 db 0d  4e f7 8b 78  a5 69 7c a3  d4 fa db 0b
>|   0b fd 69 44  2c 2d a6 d4  3c 5c b6 dc  47 18 b4 55
>|   6a 07 3c 99  d0 30 9e a4  ba 1e 10 34  aa c6 e6 72
>|   73 a7 b1 64  e7
>| L1 - tbsCertificate:
>|   30 82 02 2a  a0 03 02 01  02 02 01 04  30 0d 06 09
>|   2a 86 48 86  f7 0d 01 01  05 05 00 30  64 31 0b 30
>|   09 06 03 55  04 06 13 02  58 58 31 0f  30 0d 06 03
>|   55 04 08 0c  06 72 65 64  68 61 74 31  15 30 13 06
>|   03 55 04 07  0c 0c 44 65  66 61 75 6c  74 20 43 69
>|   74 79 31 1c  30 1a 06 03  55 04 0a 0c  13 44 65 66
>|   61 75 6c 74  20 43 6f 6d  70 61 6e 79  20 4c 74 64
>|   31 0f 30 0d  06 03 55 04  03 0c 06 72  65 64 68 61
>|   74 30 1e 17  0d 31 34 30  31 31 36 30  39 30 35 32
>|   36 5a 17 0d  31 35 30 31  31 36 30 39  30 35 32 36
>|   5a 30 4d 31  0b 30 09 06  03 55 04 06  13 02 58 58
>|   31 0f 30 0d  06 03 55 04  08 0c 06 72  65 64 68 61
>|   74 31 1c 30  1a 06 03 55  04 0a 0c 13  44 65 66 61
>|   75 6c 74 20  43 6f 6d 70  61 6e 79 20  4c 74 64 31
>|   0f 30 0d 06  03 55 04 03  0c 06 63 6c  69 65 6e 74
>|   30 81 9f 30  0d 06 09 2a  86 48 86 f7  0d 01 01 01
>|   05 00 03 81  8d 00 30 81  89 02 81 81  00 d4 cc 34
>|   1f c0 04 d0  0e df 24 9d  07 ad dc 86  d4 f4 9e d5
>|   e1 b4 89 f2  bc 22 23 5c  81 78 db 83  a8 2c 92 7e
>|   c2 18 5c e6  c9 51 3c b9  88 b1 da 99  c6 25 b6 e7
>|   8d 58 79 09  ad 62 95 d1  bd bc ad 3f  30 e3 bd 11
>|   12 11 34 82  02 e9 84 8e  3e 57 0d 26  65 01 34 81
>|   4d 68 f3 a9  dc 79 d6 e3  db 42 e4 0a  1c 9d fd 3a
>|   5c 14 b4 36  7e b7 84 da  97 c7 28 e2  22 65 a7 6f
>|   f0 42 57 ff  5b 00 f9 a9  64 e0 bd 21  9d 02 03 01
>|   00 01 a3 81  99 30 81 96  30 09 06 03  55 1d 13 04
>|   02 30 00 30  2c 06 09 60  86 48 01 86  f8 42 01 0d
>|   04 1f 16 1d  4f 70 65 6e  53 53 4c 20  47 65 6e 65
>|   72 61 74 65  64 20 43 65  72 74 69 66  69 63 61 74
>|   65 30 1d 06  03 55 1d 0e  04 16 04 14  e9 06 bf b8
>|   29 f9 79 04  52 40 d3 2b  07 bc fc 91  bc ad 2e fe
>|   30 1f 06 03  55 1d 23 04  18 30 16 80  14 f4 ec b8
>|   bb db c6 19  9f 20 11 e5  5a 13 17 95  d0 8d f6 63
>|   20 30 1b 06  03 55 1d 11  04 14 30 12  87 10 20 01
>|   0d b8 ff ff  00 01 02 15  17 ff fe 74  5e 4a
>| L2 - DEFAULT v1:
>| L3 - version:
>|   02
>|   v3
>| L2 - serialNumber:
>|   04
>| L2 - signature:
>| L3 - algorithmIdentifier:
>| L4 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L2 - issuer:
>|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
>|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
>|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
>|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
>|   72 65 64 68  61 74
>|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
>| L2 - validity:
>| L3 - notBefore:
>| L4 - utcTime:
>|   'Jan 16 09:05:26 UTC 2014'
>| L3 - notAfter:
>| L4 - utcTime:
>|   'Jan 16 09:05:26 UTC 2015'
>| L2 - subject:
>|   30 4d 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
>|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
>|   30 0d 06 03  55 04 03 0c  06 63 6c 69  65 6e 74
>|   'C=XX, ST=redhat, O=Default Company Ltd, CN=client'
>| L2 - subjectPublicKeyInfo:
>| L3 - algorithm:
>| L4 - algorithmIdentifier:
>| L5 - algorithm:
>|   'rsaEncryption'
>| L3 - subjectPublicKey:
>| L4 - RSAPublicKey:
>| L5 - modulus:
>|   00 d4 cc 34  1f c0 04 d0  0e df 24 9d  07 ad dc 86
>|   d4 f4 9e d5  e1 b4 89 f2  bc 22 23 5c  81 78 db 83
>|   a8 2c 92 7e  c2 18 5c e6  c9 51 3c b9  88 b1 da 99
>|   c6 25 b6 e7  8d 58 79 09  ad 62 95 d1  bd bc ad 3f
>|   30 e3 bd 11  12 11 34 82  02 e9 84 8e  3e 57 0d 26
>|   65 01 34 81  4d 68 f3 a9  dc 79 d6 e3  db 42 e4 0a
>|   1c 9d fd 3a  5c 14 b4 36  7e b7 84 da  97 c7 28 e2
>|   22 65 a7 6f  f0 42 57 ff  5b 00 f9 a9  64 e0 bd 21
>|   9d
>| L5 - publicExponent:
>|   01 00 01
>| L2 - optional extensions:
>| L3 - extensions:
>| L4 - extension:
>| L5 - extnID:
>|   'basicConstraints'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 00
>| L6 - basicConstraints:
>| L7 - CA:
>|   FALSE
>| L4 - extension:
>| L5 - extnID:
>|   'nsComment'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   16 1d 4f 70  65 6e 53 53  4c 20 47 65  6e 65 72 61
>|   74 65 64 20  43 65 72 74  69 66 69 63  61 74 65
>| L4 - extension:
>| L5 - extnID:
>|   'subjectKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   04 14 e9 06  bf b8 29 f9  79 04 52 40  d3 2b 07 bc
>|   fc 91 bc ad  2e fe
>| L6 - keyIdentifier:
>|   e9 06 bf b8  29 f9 79 04  52 40 d3 2b  07 bc fc 91
>|   bc ad 2e fe
>| L4 - extension:
>| L5 - extnID:
>|   'authorityKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 16 80 14  f4 ec b8 bb  db c6 19 9f  20 11 e5 5a
>|   13 17 95 d0  8d f6 63 20
>| L6 - authorityKeyIdentifier:
>| L7 - keyIdentifier:
>|   80 14 f4 ec  b8 bb db c6  19 9f 20 11  e5 5a 13 17
>|   95 d0 8d f6  63 20
>| L8 - keyIdentifier:
>|   f4 ec b8 bb  db c6 19 9f  20 11 e5 5a  13 17 95 d0
>|   8d f6 63 20
>| L4 - extension:
>| L5 - extnID:
>|   'subjectAltName'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 12 87 10  20 01 0d b8  ff ff 00 01  02 15 17 ff
>|   fe 74 5e 4a
>| L6 - generalNames:
>| L7 - generalName:
>| L8 - ipAddress:
>|   20 01 0d b8  ff ff 00 01  02 15 17 ff  fe 74 5e 4a
>|   '32.1.13.184'
>| L1 - signatureAlgorithm:
>| L2 - algorithmIdentifier:
>| L3 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L1 - signatureValue:
>|   00 90 d9 b3  12 8d 3e 3d  b5 4f 04 0e  16 6e f9 f0
>|   9c 93 a6 f6  1b 4f 4f 6f  89 83 6f cf  6b ce 63 82
>|   dd bc 47 78  59 fd d8 79  b3 6c 18 c2  b3 93 d7 d4
>|   92 bd 80 11  b3 b0 ce 4d  47 e9 b9 86  f9 7a 3d b4
>|   4a d3 e7 12  b9 9c c6 4d  85 69 a5 0c  88 b3 db 0d
>|   4e f7 8b 78  a5 69 7c a3  d4 fa db 0b  0b fd 69 44
>|   2c 2d a6 d4  3c 5c b6 dc  47 18 b4 55  6a 07 3c 99
>|   d0 30 9e a4  ba 1e 10 34  aa c6 e6 72  73 a7 b1 64
>|   e7
>|   not before  : Jan 16 09:05:26 UTC 2014
>|   current time: Oct 30 03:18:27 UTC 2014
>|   not after   : Jan 16 09:05:26 UTC 2015
>| certificate is valid
>| certs and keys locked by 'add_x509cert'
>| certs and keys unlocked by 'add_x509cert'
>| counting wild cards for 2001:db8:1:1::1234 is 0
>| loading certificate serverKey.crt 
>| Found pointer to cert serverKey.crt now giving it to further processing
>| file coded in DER format
>| L0 - certificate:
>|   30 82 02 c1  30 82 02 2a  a0 03 02 01  02 02 01 03
>|   30 0d 06 09  2a 86 48 86  f7 0d 01 01  05 05 00 30
>|   64 31 0b 30  09 06 03 55  04 06 13 02  58 58 31 0f
>|   30 0d 06 03  55 04 08 0c  06 72 65 64  68 61 74 31
>|   15 30 13 06  03 55 04 07  0c 0c 44 65  66 61 75 6c
>|   74 20 43 69  74 79 31 1c  30 1a 06 03  55 04 0a 0c
>|   13 44 65 66  61 75 6c 74  20 43 6f 6d  70 61 6e 79
>|   20 4c 74 64  31 0f 30 0d  06 03 55 04  03 0c 06 72
>|   65 64 68 61  74 30 1e 17  0d 31 34 30  31 31 36 30
>|   39 30 33 34  32 5a 17 0d  31 35 30 31  31 36 30 39
>|   30 33 34 32  5a 30 4d 31  0b 30 09 06  03 55 04 06
>|   13 02 58 58  31 0f 30 0d  06 03 55 04  08 0c 06 72
>|   65 64 68 61  74 31 1c 30  1a 06 03 55  04 0a 0c 13
>|   44 65 66 61  75 6c 74 20  43 6f 6d 70  61 6e 79 20
>|   4c 74 64 31  0f 30 0d 06  03 55 04 03  0c 06 73 65
>|   72 76 65 72  30 81 9f 30  0d 06 09 2a  86 48 86 f7
>|   0d 01 01 01  05 00 03 81  8d 00 30 81  89 02 81 81
>|   00 c0 f1 fa  81 08 70 3a  7b 8a 2a a4  a7 e6 84 2f
>|   18 aa a6 33  a6 e4 1b 84  ee 0a d5 73  25 37 f6 0b
>|   93 24 d2 38  78 ec 69 36  49 3f af 68  86 f2 15 08
>|   b8 dc db 34  76 fc 05 cc  af cb f0 d7  bd c1 df 67
>|   e6 58 be ff  6c 95 a1 0e  b8 a3 89 b2  04 f4 1f 3a
>|   d8 0b 9a ea  ff 32 75 56  e2 71 59 68  5e 4a ae 35
>|   37 44 fe b6  1a 3e 13 43  3b bc be 0e  a4 a0 e1 b8
>|   18 f5 a6 1c  33 5c 03 4e  14 72 45 14  fc 1f 17 16
>|   3d 02 03 01  00 01 a3 81  99 30 81 96  30 09 06 03
>|   55 1d 13 04  02 30 00 30  2c 06 09 60  86 48 01 86
>|   f8 42 01 0d  04 1f 16 1d  4f 70 65 6e  53 53 4c 20
>|   47 65 6e 65  72 61 74 65  64 20 43 65  72 74 69 66
>|   69 63 61 74  65 30 1d 06  03 55 1d 0e  04 16 04 14
>|   fc 67 26 68  b5 63 d6 67  71 7c 48 0d  78 8a 7d ab
>|   e5 40 6c 97  30 1f 06 03  55 1d 23 04  18 30 16 80
>|   14 f4 ec b8  bb db c6 19  9f 20 11 e5  5a 13 17 95
>|   d0 8d f6 63  20 30 1b 06  03 55 1d 11  04 14 30 12
>|   87 10 20 01  0d b8 ff ff  00 02 02 15  17 ff fe 5d
>|   2d 9e 30 0d  06 09 2a 86  48 86 f7 0d  01 01 05 05
>|   00 03 81 81  00 1b ad 72  c9 c4 88 0f  7f cd 0c 6e
>|   54 86 29 92  ce 74 39 f0  0f 06 fb df  00 90 f6 51
>|   e6 40 96 c6  3a fd d5 a2  bd 6a 24 d8  f0 87 97 a5
>|   c1 32 34 b9  64 a6 d8 08  7f f5 85 2b  69 d3 0c 78
>|   45 b2 9b 50  49 7c 5c 5c  2c 60 e6 94  db db f2 0d
>|   9a 2c 0a b0  36 97 f9 72  43 db f0 d9  83 e5 dc 38
>|   46 f2 bc 3b  35 c5 b0 2a  77 ac 58 49  31 0f 13 3e
>|   db 76 85 76  00 c3 13 97  95 f9 a6 a0  df 2b c9 91
>|   2a 62 d5 2b  71
>| L1 - tbsCertificate:
>|   30 82 02 2a  a0 03 02 01  02 02 01 03  30 0d 06 09
>|   2a 86 48 86  f7 0d 01 01  05 05 00 30  64 31 0b 30
>|   09 06 03 55  04 06 13 02  58 58 31 0f  30 0d 06 03
>|   55 04 08 0c  06 72 65 64  68 61 74 31  15 30 13 06
>|   03 55 04 07  0c 0c 44 65  66 61 75 6c  74 20 43 69
>|   74 79 31 1c  30 1a 06 03  55 04 0a 0c  13 44 65 66
>|   61 75 6c 74  20 43 6f 6d  70 61 6e 79  20 4c 74 64
>|   31 0f 30 0d  06 03 55 04  03 0c 06 72  65 64 68 61
>|   74 30 1e 17  0d 31 34 30  31 31 36 30  39 30 33 34
>|   32 5a 17 0d  31 35 30 31  31 36 30 39  30 33 34 32
>|   5a 30 4d 31  0b 30 09 06  03 55 04 06  13 02 58 58
>|   31 0f 30 0d  06 03 55 04  08 0c 06 72  65 64 68 61
>|   74 31 1c 30  1a 06 03 55  04 0a 0c 13  44 65 66 61
>|   75 6c 74 20  43 6f 6d 70  61 6e 79 20  4c 74 64 31
>|   0f 30 0d 06  03 55 04 03  0c 06 73 65  72 76 65 72
>|   30 81 9f 30  0d 06 09 2a  86 48 86 f7  0d 01 01 01
>|   05 00 03 81  8d 00 30 81  89 02 81 81  00 c0 f1 fa
>|   81 08 70 3a  7b 8a 2a a4  a7 e6 84 2f  18 aa a6 33
>|   a6 e4 1b 84  ee 0a d5 73  25 37 f6 0b  93 24 d2 38
>|   78 ec 69 36  49 3f af 68  86 f2 15 08  b8 dc db 34
>|   76 fc 05 cc  af cb f0 d7  bd c1 df 67  e6 58 be ff
>|   6c 95 a1 0e  b8 a3 89 b2  04 f4 1f 3a  d8 0b 9a ea
>|   ff 32 75 56  e2 71 59 68  5e 4a ae 35  37 44 fe b6
>|   1a 3e 13 43  3b bc be 0e  a4 a0 e1 b8  18 f5 a6 1c
>|   33 5c 03 4e  14 72 45 14  fc 1f 17 16  3d 02 03 01
>|   00 01 a3 81  99 30 81 96  30 09 06 03  55 1d 13 04
>|   02 30 00 30  2c 06 09 60  86 48 01 86  f8 42 01 0d
>|   04 1f 16 1d  4f 70 65 6e  53 53 4c 20  47 65 6e 65
>|   72 61 74 65  64 20 43 65  72 74 69 66  69 63 61 74
>|   65 30 1d 06  03 55 1d 0e  04 16 04 14  fc 67 26 68
>|   b5 63 d6 67  71 7c 48 0d  78 8a 7d ab  e5 40 6c 97
>|   30 1f 06 03  55 1d 23 04  18 30 16 80  14 f4 ec b8
>|   bb db c6 19  9f 20 11 e5  5a 13 17 95  d0 8d f6 63
>|   20 30 1b 06  03 55 1d 11  04 14 30 12  87 10 20 01
>|   0d b8 ff ff  00 02 02 15  17 ff fe 5d  2d 9e
>| L2 - DEFAULT v1:
>| L3 - version:
>|   02
>|   v3
>| L2 - serialNumber:
>|   03
>| L2 - signature:
>| L3 - algorithmIdentifier:
>| L4 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L2 - issuer:
>|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
>|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
>|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
>|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
>|   72 65 64 68  61 74
>|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
>| L2 - validity:
>| L3 - notBefore:
>| L4 - utcTime:
>|   'Jan 16 09:03:42 UTC 2014'
>| L3 - notAfter:
>| L4 - utcTime:
>|   'Jan 16 09:03:42 UTC 2015'
>| L2 - subject:
>|   30 4d 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
>|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
>|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
>|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
>|   30 0d 06 03  55 04 03 0c  06 73 65 72  76 65 72
>|   'C=XX, ST=redhat, O=Default Company Ltd, CN=server'
>| L2 - subjectPublicKeyInfo:
>| L3 - algorithm:
>| L4 - algorithmIdentifier:
>| L5 - algorithm:
>|   'rsaEncryption'
>| L3 - subjectPublicKey:
>| L4 - RSAPublicKey:
>| L5 - modulus:
>|   00 c0 f1 fa  81 08 70 3a  7b 8a 2a a4  a7 e6 84 2f
>|   18 aa a6 33  a6 e4 1b 84  ee 0a d5 73  25 37 f6 0b
>|   93 24 d2 38  78 ec 69 36  49 3f af 68  86 f2 15 08
>|   b8 dc db 34  76 fc 05 cc  af cb f0 d7  bd c1 df 67
>|   e6 58 be ff  6c 95 a1 0e  b8 a3 89 b2  04 f4 1f 3a
>|   d8 0b 9a ea  ff 32 75 56  e2 71 59 68  5e 4a ae 35
>|   37 44 fe b6  1a 3e 13 43  3b bc be 0e  a4 a0 e1 b8
>|   18 f5 a6 1c  33 5c 03 4e  14 72 45 14  fc 1f 17 16
>|   3d
>| L5 - publicExponent:
>|   01 00 01
>| L2 - optional extensions:
>| L3 - extensions:
>| L4 - extension:
>| L5 - extnID:
>|   'basicConstraints'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 00
>| L6 - basicConstraints:
>| L7 - CA:
>|   FALSE
>| L4 - extension:
>| L5 - extnID:
>|   'nsComment'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   16 1d 4f 70  65 6e 53 53  4c 20 47 65  6e 65 72 61
>|   74 65 64 20  43 65 72 74  69 66 69 63  61 74 65
>| L4 - extension:
>| L5 - extnID:
>|   'subjectKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   04 14 fc 67  26 68 b5 63  d6 67 71 7c  48 0d 78 8a
>|   7d ab e5 40  6c 97
>| L6 - keyIdentifier:
>|   fc 67 26 68  b5 63 d6 67  71 7c 48 0d  78 8a 7d ab
>|   e5 40 6c 97
>| L4 - extension:
>| L5 - extnID:
>|   'authorityKeyIdentifier'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 16 80 14  f4 ec b8 bb  db c6 19 9f  20 11 e5 5a
>|   13 17 95 d0  8d f6 63 20
>| L6 - authorityKeyIdentifier:
>| L7 - keyIdentifier:
>|   80 14 f4 ec  b8 bb db c6  19 9f 20 11  e5 5a 13 17
>|   95 d0 8d f6  63 20
>| L8 - keyIdentifier:
>|   f4 ec b8 bb  db c6 19 9f  20 11 e5 5a  13 17 95 d0
>|   8d f6 63 20
>| L4 - extension:
>| L5 - extnID:
>|   'subjectAltName'
>| L5 - critical:
>|   FALSE
>| L5 - extnValue:
>|   30 12 87 10  20 01 0d b8  ff ff 00 02  02 15 17 ff
>|   fe 5d 2d 9e
>| L6 - generalNames:
>| L7 - generalName:
>| L8 - ipAddress:
>|   20 01 0d b8  ff ff 00 02  02 15 17 ff  fe 5d 2d 9e
>|   '32.1.13.184'
>| L1 - signatureAlgorithm:
>| L2 - algorithmIdentifier:
>| L3 - algorithm:
>|   'sha-1WithRSAEncryption'
>| L1 - signatureValue:
>|   00 1b ad 72  c9 c4 88 0f  7f cd 0c 6e  54 86 29 92
>|   ce 74 39 f0  0f 06 fb df  00 90 f6 51  e6 40 96 c6
>|   3a fd d5 a2  bd 6a 24 d8  f0 87 97 a5  c1 32 34 b9
>|   64 a6 d8 08  7f f5 85 2b  69 d3 0c 78  45 b2 9b 50
>|   49 7c 5c 5c  2c 60 e6 94  db db f2 0d  9a 2c 0a b0
>|   36 97 f9 72  43 db f0 d9  83 e5 dc 38  46 f2 bc 3b
>|   35 c5 b0 2a  77 ac 58 49  31 0f 13 3e  db 76 85 76
>|   00 c3 13 97  95 f9 a6 a0  df 2b c9 91  2a 62 d5 2b
>|   71
>|   not before  : Jan 16 09:03:42 UTC 2014
>|   current time: Oct 30 03:18:27 UTC 2014
>|   not after   : Jan 16 09:03:42 UTC 2015
>| certificate is valid
>| unreference key: 0x7f6190c25180 %any cnt 1--
>| certs and keys locked by 'add_x509cert'
>| certs and keys unlocked by 'add_x509cert'
>| counting wild cards for 2001:db8:f:1::1 is 0
>added connection description "ikev2"
>| 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1>
>| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 58 seconds
>| next event EVENT_PENDING_DDNS in 58 seconds
>|  
>| *received whack message
>listening for IKE messages
>| Inspecting interface lo 
>| found lo with address 127.0.0.1
>| Inspecting interface p7p1 
>| found p7p1 with address 10.66.13.22
>adding interface p7p1/p7p1 10.66.13.22:500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
>adding interface p7p1/p7p1 10.66.13.22:4500
>adding interface lo/lo 127.0.0.1:500
>| NAT-Traversal: Trying new style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
>| NAT-Traversal: Trying old style NAT-T
>| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
>adding interface lo/lo 127.0.0.1:4500
>| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
>| found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234
>adding interface p6p1/p6p1 2001:db8:1:1::1234:500
>adding interface lo/lo ::1:500
>| connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none 
>| certs and keys locked by 'free_preshared_secrets'
>| certs and keys unlocked by 'free_preshard_secrets'
>loading secrets from "/etc/ipsec.secrets"
>| NSS: extract_and_add_secret_from_nss_cert_file start
>| NSS: extract_and_add_secret_from_nss_cert_file: NSS Cert found
>| NSS: extract_and_add_secret_from_nss_cert_file: public key found
>| NSS: extract_and_add_secret_from_nss_cert_file: ckaid found
>| NSS: extract_and_add_secret_from_nss_cert_file: end
>loaded private key for keyid: PPK_RSA:AwEAAdTMN
>| certs and keys locked by 'process_secret'
>| certs and keys unlocked by 'process_secret'
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 58 seconds
>| next event EVENT_PENDING_DDNS in 58 seconds
>|  
>| *received whack message
>| processing connection ikev2
>| kernel_alg_db_new() initial trans_cnt=128
>| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
>| kernel_alg_db_new()     trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2
>| returning new proposal from esp_info
>| creating state object #1 at 0x7f6190c28fd0
>| processing connection ikev2
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 0
>| inserting state object #1
>| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
>| event added at head of queue
>| processing connection ikev2
>| Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2"
>"ikev2" #1: initiating v2 parent SA
>| crypto helper 0: pcw_work: 0
>| asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0)
>| #1 send_crypto_helper_request:519 st->st_calculating = TRUE;
>| deleting event for #1
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
>| event added after event EVENT_PENDING_PHASE2
>| crypto helper 0 read fd: 8
>| crypto helper 0 doing build_kenonce; request ID 1
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 58 seconds
>| next event EVENT_PENDING_DDNS in 58 seconds
>| NSS: Value of Prime:
>|   ff ff ff ff  ff ff ff ff  c9 0f da a2  21 68 c2 34
>|   c4 c6 62 8b  80 dc 1c d1  29 02 4e 08  8a 67 cc 74
>|   02 0b be a6  3b 13 9b 22  51 4a 08 79  8e 34 04 dd
>|   ef 95 19 b3  cd 3a 43 1b  30 2b 0a 6d  f2 5f 14 37
>|   4f e1 35 6d  6d 51 c2 45  e4 85 b5 76  62 5e 7e c6
>|   f4 4c 42 e9  a6 37 ed 6b  0b ff 5c b6  f4 06 b7 ed
>|   ee 38 6b fb  5a 89 9f a5  ae 9f 24 11  7c 4b 1f e6
>|   49 28 66 51  ec e6 53 81  ff ff ff ff  ff ff ff ff
>| NSS: Value of base:
>|   02
>| next event EVENT_PENDING_DDNS in 58 seconds
>| reaped addconn helper child
>| NSS: generated dh priv and pub keys: 128 
>| NSS: Local DH secret (pointer): 0x7f61800042f0 
>| NSS: Public DH value sent(computed in NSS):
>|   91 9e a4 30  0c f8 f8 86  02 d3 7f 50  26 9d d6 5b
>|   02 cf e0 94  bd 5c 59 8c  fe b9 9c 50  4e b8 d5 8c
>|   06 31 2d d4  69 5d c9 39  db 9d ea 12  d2 7d 4d a7
>|   1e 6a a6 25  ed 9d 40 e7  e6 7e cf 06  a3 39 ab a3
>|   37 d6 b8 03  16 82 5b 2c  51 d5 cb 6f  69 a0 9d 36
>|   23 91 c2 16  ab ad 63 13  e2 5b 09 d9  e3 82 2c 9b
>|   7c 74 a1 1b  06 72 53 3f  9b e9 5a 96  cc 95 cb 5b
>|   f8 36 81 1d  92 18 c0 be  a6 8c db 12  08 7c 31 4d
>| NSS: Local DH public value (pointer): 0x7f6190c2b800 
>| Generated nonce:
>|   0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8  5b 64 3d 72
>|  
>| crypto helper 0 has finished work (pcw_work now 1)
>| crypto helper 0 replies to request ID 1
>| calling continuation function 0x7f618ec462b0
>| ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1
>| processing connection ikev2
>| #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE;
>| ikev2_parent_outI1_tail for #1
>| saving DH priv (local secret) and pub key into state struct
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   e2 fe cc f2  9b 56 0c 07
>|    responder cookie:
>|   00 00 00 00  00 00 00 00
>|    next payload type: ISAKMP_NEXT_v2SA
>|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
>|    exchange type: ISAKMP_v2_SA_INIT
>|    flags: ISAKMP_FLAG_IKE_INIT
>|    message ID:  00 00 00 00
>| ***emit IKEv2 Security Association Payload:
>|    next payload type: ISAKMP_NEXT_v2KE
>|    critical bit: none
>| ****emit IKEv2 Proposal Substructure Payload:
>|    last proposal: v2_PROPOSAL_LAST
>|    prop #: 1
>|    proto ID: IKEv2_SEC_PROTO_IKE
>|    spi size: 0
>|    # transforms: 4
>| *****emit IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    IKEv2 transform type: TRANS_TYPE_ENCR
>|    IKEv2 transform ID: 3DES
>| emitting length of IKEv2 Transform Substructure Payload: 8
>| *****emit IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    IKEv2 transform type: TRANS_TYPE_INTEG
>|    IKEv2 transform ID: AUTH_HMAC_SHA1_96
>| emitting length of IKEv2 Transform Substructure Payload: 8
>| *****emit IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    IKEv2 transform type: TRANS_TYPE_PRF
>|    IKEv2 transform ID: PRF_HMAC_SHA1
>| emitting length of IKEv2 Transform Substructure Payload: 8
>| *****emit IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_LAST
>|    IKEv2 transform type: TRANS_TYPE_DH
>|    IKEv2 transform ID: OAKLEY_GROUP_MODP1024
>| emitting length of IKEv2 Transform Substructure Payload: 8
>| emitting length of IKEv2 Proposal Substructure Payload: 40
>| emitting length of IKEv2 Security Association Payload: 44
>| ***emit IKEv2 Key Exchange Payload:
>|    IKEv2 next payload type: ISAKMP_NEXT_v2Ni
>|    critical bit: none
>|    DH group: OAKLEY_GROUP_MODP1024
>| emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
>| ikev2 g^x  91 9e a4 30  0c f8 f8 86  02 d3 7f 50  26 9d d6 5b
>| ikev2 g^x  02 cf e0 94  bd 5c 59 8c  fe b9 9c 50  4e b8 d5 8c
>| ikev2 g^x  06 31 2d d4  69 5d c9 39  db 9d ea 12  d2 7d 4d a7
>| ikev2 g^x  1e 6a a6 25  ed 9d 40 e7  e6 7e cf 06  a3 39 ab a3
>| ikev2 g^x  37 d6 b8 03  16 82 5b 2c  51 d5 cb 6f  69 a0 9d 36
>| ikev2 g^x  23 91 c2 16  ab ad 63 13  e2 5b 09 d9  e3 82 2c 9b
>| ikev2 g^x  7c 74 a1 1b  06 72 53 3f  9b e9 5a 96  cc 95 cb 5b
>| ikev2 g^x  f8 36 81 1d  92 18 c0 be  a6 8c db 12  08 7c 31 4d
>| emitting length of IKEv2 Key Exchange Payload: 136
>| ***emit IKEv2 Nonce Payload:
>|    next payload type: ISAKMP_NEXT_v2N
>|    critical bit: none
>| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
>| IKEv2 nonce  0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8  5b 64 3d 72
>| emitting length of IKEv2 Nonce Payload: 20
>|  NAT-Traversal support  [enabled] add v2N payloads.
>| natd_hash: Warning, rcookie is zero !!
>| natd_hash: hasher=0x7f618ef055c0(20)
>| natd_hash: icookie=  e2 fe cc f2  9b 56 0c 07
>| natd_hash: rcookie=  00 00 00 00  00 00 00 00
>| natd_hash: port=500
>| natd_hash: hash=  a8 21 a6 2b  89 23 64 31  35 c0 62 e0  a6 2a c7 80
>| natd_hash: hash=  e2 61 69 59
>| Adding a v2N Payload
>| ***emit IKEv2 Notify Payload:
>|    next payload type: ISAKMP_NEXT_v2N
>|    critical bit: none
>|    Protocol ID: PROTO_RESERVED
>|    SPI size: 0
>|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP
>| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
>| Notify data  a8 21 a6 2b  89 23 64 31  35 c0 62 e0  a6 2a c7 80
>| Notify data  e2 61 69 59
>| emitting length of IKEv2 Notify Payload: 28
>| natd_hash: Warning, rcookie is zero !!
>| natd_hash: hasher=0x7f618ef055c0(20)
>| natd_hash: icookie=  e2 fe cc f2  9b 56 0c 07
>| natd_hash: rcookie=  00 00 00 00  00 00 00 00
>| natd_hash: port=500
>| natd_hash: hash=  20 1e 12 a7  9d 09 ef ce  5f 25 78 14  a0 9a 2f 3e
>| natd_hash: hash=  c6 a9 c9 37
>| Adding a v2N Payload
>| ***emit IKEv2 Notify Payload:
>|    next payload type: ISAKMP_NEXT_v2NONE
>|    critical bit: none
>|    Protocol ID: PROTO_RESERVED
>|    SPI size: 0
>|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP
>| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
>| Notify data  20 1e 12 a7  9d 09 ef ce  5f 25 78 14  a0 9a 2f 3e
>| Notify data  c6 a9 c9 37
>| emitting length of IKEv2 Notify Payload: 28
>| no IKE message padding required
>| emitting length of ISAKMP Message: 284
>| sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
>|   e2 fe cc f2  9b 56 0c 07  00 00 00 00  00 00 00 00
>|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
>|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
>|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
>|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
>|   91 9e a4 30  0c f8 f8 86  02 d3 7f 50  26 9d d6 5b
>|   02 cf e0 94  bd 5c 59 8c  fe b9 9c 50  4e b8 d5 8c
>|   06 31 2d d4  69 5d c9 39  db 9d ea 12  d2 7d 4d a7
>|   1e 6a a6 25  ed 9d 40 e7  e6 7e cf 06  a3 39 ab a3
>|   37 d6 b8 03  16 82 5b 2c  51 d5 cb 6f  69 a0 9d 36
>|   23 91 c2 16  ab ad 63 13  e2 5b 09 d9  e3 82 2c 9b
>|   7c 74 a1 1b  06 72 53 3f  9b e9 5a 96  cc 95 cb 5b
>|   f8 36 81 1d  92 18 c0 be  a6 8c db 12  08 7c 31 4d
>|   29 00 00 14  0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8
>|   5b 64 3d 72  29 00 00 1c  00 00 40 04  a8 21 a6 2b
>|   89 23 64 31  35 c0 62 e0  a6 2a c7 80  e2 61 69 59
>|   00 00 00 1c  00 00 40 05  20 1e 12 a7  9d 09 ef ce
>|   5f 25 78 14  a0 9a 2f 3e  c6 a9 c9 37
>| deleting event for #1
>| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1
>| event added at head of queue
>| complete v2 state transition with STF_OK
>"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1
>"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
>| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
>| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
>|  
>| next event EVENT_v2_RETRANSMIT in 0 seconds for #1
>| *time to handle event
>| handling event EVENT_v2_RETRANSMIT
>| event after this is EVENT_PENDING_DDNS in 48 seconds
>| processing connection ikev2
>| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0
>| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
>|   e2 fe cc f2  9b 56 0c 07  00 00 00 00  00 00 00 00
>|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
>|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
>|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
>|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
>|   91 9e a4 30  0c f8 f8 86  02 d3 7f 50  26 9d d6 5b
>|   02 cf e0 94  bd 5c 59 8c  fe b9 9c 50  4e b8 d5 8c
>|   06 31 2d d4  69 5d c9 39  db 9d ea 12  d2 7d 4d a7
>|   1e 6a a6 25  ed 9d 40 e7  e6 7e cf 06  a3 39 ab a3
>|   37 d6 b8 03  16 82 5b 2c  51 d5 cb 6f  69 a0 9d 36
>|   23 91 c2 16  ab ad 63 13  e2 5b 09 d9  e3 82 2c 9b
>|   7c 74 a1 1b  06 72 53 3f  9b e9 5a 96  cc 95 cb 5b
>|   f8 36 81 1d  92 18 c0 be  a6 8c db 12  08 7c 31 4d
>|   29 00 00 14  0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8
>|   5b 64 3d 72  29 00 00 1c  00 00 40 04  a8 21 a6 2b
>|   89 23 64 31  35 c0 62 e0  a6 2a c7 80  e2 61 69 59
>|   00 00 00 1c  00 00 40 05  20 1e 12 a7  9d 09 ef ce
>|   5f 25 78 14  a0 9a 2f 3e  c6 a9 c9 37
>| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1
>| event added at head of queue
>| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
>|  
>| next event EVENT_v2_RETRANSMIT in 0 seconds for #1
>| *time to handle event
>| handling event EVENT_v2_RETRANSMIT
>| event after this is EVENT_PENDING_DDNS in 38 seconds
>| processing connection ikev2
>| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0
>| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
>|   e2 fe cc f2  9b 56 0c 07  00 00 00 00  00 00 00 00
>|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
>|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
>|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
>|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
>|   91 9e a4 30  0c f8 f8 86  02 d3 7f 50  26 9d d6 5b
>|   02 cf e0 94  bd 5c 59 8c  fe b9 9c 50  4e b8 d5 8c
>|   06 31 2d d4  69 5d c9 39  db 9d ea 12  d2 7d 4d a7
>|   1e 6a a6 25  ed 9d 40 e7  e6 7e cf 06  a3 39 ab a3
>|   37 d6 b8 03  16 82 5b 2c  51 d5 cb 6f  69 a0 9d 36
>|   23 91 c2 16  ab ad 63 13  e2 5b 09 d9  e3 82 2c 9b
>|   7c 74 a1 1b  06 72 53 3f  9b e9 5a 96  cc 95 cb 5b
>|   f8 36 81 1d  92 18 c0 be  a6 8c db 12  08 7c 31 4d
>|   29 00 00 14  0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8
>|   5b 64 3d 72  29 00 00 1c  00 00 40 04  a8 21 a6 2b
>|   89 23 64 31  35 c0 62 e0  a6 2a c7 80  e2 61 69 59
>|   00 00 00 1c  00 00 40 05  20 1e 12 a7  9d 09 ef ce
>|   5f 25 78 14  a0 9a 2f 3e  c6 a9 c9 37
>| inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1
>| event added at head of queue
>| next event EVENT_v2_RETRANSMIT in 20 seconds for #1
>|  
>| *received 438 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500)
>|   e2 fe cc f2  9b 56 0c 07  ba b0 d9 f6  66 42 da 49
>|   21 20 22 20  00 00 00 00  00 00 01 b6  22 00 00 2c
>|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
>|   03 00 00 08  02 00 00 02  03 00 00 08  03 00 00 02
>|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
>|   57 ae 15 49  e0 16 05 58  34 12 a4 02  47 27 23 74
>|   56 ee a6 ba  12 ad fb 42  10 ab d8 ff  d1 8d f6 eb
>|   a4 fe b6 7a  8d bc 9a 5b  5f 00 d7 a4  56 c8 12 ac
>|   12 9b 7f 6b  5f fe ab dc  31 9e f6 c4  20 e5 eb e9
>|   c3 fa 56 ca  59 5c 54 ac  51 0f eb 67  5f 45 39 9a
>|   a4 61 c5 5f  b0 1e c2 9d  b6 d1 6b d8  96 01 88 c7
>|   2e 7d 0b 61  14 b0 b7 cf  98 42 1d a6  40 d3 09 42
>|   7e a5 d2 3f  ee 00 b4 1f  77 45 98 72  e2 28 5f 3d
>|   26 00 00 e1  dc e9 02 22  9e b3 94 ae  6e 8a 04 4a
>|   14 69 8c 7f  58 75 1a d5  c2 66 3c 89  97 b6 94 78
>|   54 12 12 95  aa 2b 52 5a  a6 67 42 6a  0a 6b e7 c1
>|   2d 4c 8e a2  5d d1 91 96  94 a7 3a 90  f2 ae c4 3a
>|   26 c1 42 b8  99 36 33 9f  e1 86 47 14  13 1b 4f 0c
>|   78 c6 ad 09  5d 4e 22 26  f2 d1 26 16  6c 59 26 47
>|   1a b3 59 7f  0c 61 ce ea  b0 bf 0f 77  d4 de 96 a9
>|   9f 9c 9e fe  2f 88 c7 ce  a3 e8 ae 19  e6 38 38 42
>|   31 2f c7 f9  10 8c be 33  fa 4a a0 4e  25 a7 17 7b
>|   cf 9c 61 0a  68 f4 03 9b  f2 94 45 10  e6 19 e4 38
>|   b6 09 61 20  a4 42 32 18  d1 f0 02 60  b2 9e b6 43
>|   d6 ad 28 6c  0a 5d 88 f1  f2 40 85 72  a8 18 69 ed
>|   bd 71 f9 16  bc 8f 28 71  4e 60 26 7d  87 b5 21 c0
>|   90 f5 60 1f  8b b6 15 17  96 52 58 10  fa 30 0b 7b
>|   3a 00 00 00  05 04
>| **parse ISAKMP Message:
>|    initiator cookie:
>|   e2 fe cc f2  9b 56 0c 07
>|    responder cookie:
>|   ba b0 d9 f6  66 42 da 49
>|    next payload type: ISAKMP_NEXT_v2SA
>|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
>|    exchange type: ISAKMP_v2_SA_INIT
>|    flags: ISAKMP_FLAG_MSG_RESPONSE
>|    message ID:  00 00 00 00
>|    length: 438
>|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
>| I am receiving an IKE Response
>| I am the IKE SA Original Initiator
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  ba b0 d9 f6  66 42 da 49
>| state hash entry 6
>| parent v2 state object not found
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 0
>| parent v2 peer and cookies match on #1
>| v2 state object #1 found, in STATE_PARENT_I1
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  00 00 00 00  00 00 00 00
>| state hash entry 0
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  ba b0 d9 f6  66 42 da 49
>| state hash entry 6
>| inserting state object #1
>| state found and its state is STATE_PARENT_I1
>| selected state microcode Initiator: process anti-spoofing cookie
>| #1 state_busy:1855 st != NULL && st->st_calculating == FALSE;
>| processing connection ikev2
>| Now let's proceed with payload (ISAKMP_NEXT_v2SA)
>| ***parse IKEv2 Security Association Payload:
>|    next payload type: ISAKMP_NEXT_v2KE
>|    critical bit: none
>|    length: 44
>| processing payload: ISAKMP_NEXT_v2SA (len=44) 
>| Now let's proceed with payload (ISAKMP_NEXT_v2KE)
>| ***parse IKEv2 Key Exchange Payload:
>|    IKEv2 next payload type: ISAKMP_NEXT_v2Ni
>|    critical bit: none
>|    length: 136
>|    DH group: OAKLEY_GROUP_MODP1024
>| processing payload: ISAKMP_NEXT_v2KE (len=136) 
>| Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
>| ***parse IKEv2 Nonce Payload:
>|    next payload type: ISAKMP_NEXT_v2CERTREQ
>|    critical bit: none
>|    length: 225
>| processing payload: ISAKMP_NEXT_v2Ni (len=225) 
>| Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ)
>| ***parse IKEv2 Certificate Request Payload:
>|    next payload type: ISAKMP_NEXT_v2NONE
>|    critical bit: none
>|    length: 5
>|    ikev2 cert encoding: CERT_X509_SIGNATURE
>| processing payload: ISAKMP_NEXT_v2CERTREQ (len=5) 
>| ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
>| Now lets proceed with state specific processing
>| calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
>| ikev2 parent inR1: calculating g^{xy} in order to send I2
>| DH public value received:
>|   57 ae 15 49  e0 16 05 58  34 12 a4 02  47 27 23 74
>|   56 ee a6 ba  12 ad fb 42  10 ab d8 ff  d1 8d f6 eb
>|   a4 fe b6 7a  8d bc 9a 5b  5f 00 d7 a4  56 c8 12 ac
>|   12 9b 7f 6b  5f fe ab dc  31 9e f6 c4  20 e5 eb e9
>|   c3 fa 56 ca  59 5c 54 ac  51 0f eb 67  5f 45 39 9a
>|   a4 61 c5 5f  b0 1e c2 9d  b6 d1 6b d8  96 01 88 c7
>|   2e 7d 0b 61  14 b0 b7 cf  98 42 1d a6  40 d3 09 42
>|   7e a5 d2 3f  ee 00 b4 1f  77 45 98 72  e2 28 5f 3d
>| ****parse IKEv2 Proposal Substructure Payload:
>|    last proposal: v2_PROPOSAL_LAST
>|    length: 40
>|    prop #: 1
>|    proto ID: IKEv2_SEC_PROTO_IKE
>|    spi size: 0
>|    # transforms: 4
>| *****parse IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    length: 8
>|    IKEv2 transform type: TRANS_TYPE_ENCR
>|    IKEv2 transform ID: 3DES
>| *****parse IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    length: 8
>|    IKEv2 transform type: TRANS_TYPE_PRF
>|    IKEv2 transform ID: PRF_HMAC_SHA1
>| *****parse IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_NON_LAST
>|    length: 8
>|    IKEv2 transform type: TRANS_TYPE_INTEG
>|    IKEv2 transform ID: AUTH_HMAC_SHA1_96
>| *****parse IKEv2 Transform Substructure Payload:
>|    last transform: v2_TRANSFORM_LAST
>|    length: 8
>|    IKEv2 transform type: TRANS_TYPE_DH
>|    IKEv2 transform ID: OAKLEY_GROUP_MODP1024
>| ipprotoid is '1'
>| considering Transform Type TRANS_TYPE_ENCR, TransID 3
>| encrid(3), keylen(-1), encr_keylen(-1)
>| proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1))
>| considering Transform Type TRANS_TYPE_INTEG, TransID 2
>|             succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1))
>| considering Transform Type TRANS_TYPE_PRF, TransID 2
>|             succeeded prf=  (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1))
>| considering Transform Type TRANS_TYPE_DH, TransID 2
>|             succeeded dh=   (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024)
>| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES
>| Copying DH pub key pointer to be sent to a thread helper
>| crypto helper 0: pcw_work: 0
>| asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0)
>| #1 send_crypto_helper_request:519 st->st_calculating = TRUE;
>| deleting event for #1
>| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
>| event added after event EVENT_PENDING_PHASE2
>| complete v2 state transition with STF_SUSPEND
>| * processed 0 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 38 seconds
>| next event EVENT_PENDING_DDNS in 38 seconds
>| crypto helper 0 read fd: 8
>| crypto helper 0 doing compute dh (V2); request ID 2
>| peer's g:   57 ae 15 49  e0 16 05 58  34 12 a4 02  47 27 23 74
>| peer's g:   56 ee a6 ba  12 ad fb 42  10 ab d8 ff  d1 8d f6 eb
>| peer's g:   a4 fe b6 7a  8d bc 9a 5b  5f 00 d7 a4  56 c8 12 ac
>| peer's g:   12 9b 7f 6b  5f fe ab dc  31 9e f6 c4  20 e5 eb e9
>| peer's g:   c3 fa 56 ca  59 5c 54 ac  51 0f eb 67  5f 45 39 9a
>| peer's g:   a4 61 c5 5f  b0 1e c2 9d  b6 d1 6b d8  96 01 88 c7
>| peer's g:   2e 7d 0b 61  14 b0 b7 cf  98 42 1d a6  40 d3 09 42
>| peer's g:   7e a5 d2 3f  ee 00 b4 1f  77 45 98 72  e2 28 5f 3d
>| Started DH shared-secret computation in NSS: 
>| Dropped no leading zeros 128
>| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 716 usec
>| NSS: Started key computation 
>| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24
>| skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha
>| ni:   0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8  5b 64 3d 72
>| nr:   dc e9 02 22  9e b3 94 ae  6e 8a 04 4a  14 69 8c 7f
>| nr:   58 75 1a d5  c2 66 3c 89  97 b6 94 78  54 12 12 95
>| nr:   aa 2b 52 5a  a6 67 42 6a  0a 6b e7 c1  2d 4c 8e a2
>| nr:   5d d1 91 96  94 a7 3a 90  f2 ae c4 3a  26 c1 42 b8
>| nr:   99 36 33 9f  e1 86 47 14  13 1b 4f 0c  78 c6 ad 09
>| nr:   5d 4e 22 26  f2 d1 26 16  6c 59 26 47  1a b3 59 7f
>| nr:   0c 61 ce ea  b0 bf 0f 77  d4 de 96 a9  9f 9c 9e fe
>| nr:   2f 88 c7 ce  a3 e8 ae 19  e6 38 38 42  31 2f c7 f9
>| nr:   10 8c be 33  fa 4a a0 4e  25 a7 17 7b  cf 9c 61 0a
>| nr:   68 f4 03 9b  f2 94 45 10  e6 19 e4 38  b6 09 61 20
>| nr:   a4 42 32 18  d1 f0 02 60  b2 9e b6 43  d6 ad 28 6c
>| nr:   0a 5d 88 f1  f2 40 85 72  a8 18 69 ed  bd 71 f9 16
>| nr:   bc 8f 28 71  4e 60 26 7d  87 b5 21 c0  90 f5 60 1f
>| nr:   8b b6 15 17  96 52 58 10  fa 30 0b 7b  3a
>| NSS: digisig skeyid pointer: 0x7f618000b840
>| PRF+ input
>| Ni  0e 98 32 f4  c2 d7 2c 90  5c 4a 8b f8  5b 64 3d 72
>| Nr  dc e9 02 22  9e b3 94 ae  6e 8a 04 4a  14 69 8c 7f
>| Nr  58 75 1a d5  c2 66 3c 89  97 b6 94 78  54 12 12 95
>| Nr  aa 2b 52 5a  a6 67 42 6a  0a 6b e7 c1  2d 4c 8e a2
>| Nr  5d d1 91 96  94 a7 3a 90  f2 ae c4 3a  26 c1 42 b8
>| Nr  99 36 33 9f  e1 86 47 14  13 1b 4f 0c  78 c6 ad 09
>| Nr  5d 4e 22 26  f2 d1 26 16  6c 59 26 47  1a b3 59 7f
>| Nr  0c 61 ce ea  b0 bf 0f 77  d4 de 96 a9  9f 9c 9e fe
>| Nr  2f 88 c7 ce  a3 e8 ae 19  e6 38 38 42  31 2f c7 f9
>| Nr  10 8c be 33  fa 4a a0 4e  25 a7 17 7b  cf 9c 61 0a
>| Nr  68 f4 03 9b  f2 94 45 10  e6 19 e4 38  b6 09 61 20
>| Nr  a4 42 32 18  d1 f0 02 60  b2 9e b6 43  d6 ad 28 6c
>| Nr  0a 5d 88 f1  f2 40 85 72  a8 18 69 ed  bd 71 f9 16
>| Nr  bc 8f 28 71  4e 60 26 7d  87 b5 21 c0  90 f5 60 1f
>| Nr  8b b6 15 17  96 52 58 10  fa 30 0b 7b  3a
>| SPIi  e2 fe cc f2  9b 56 0c 07
>| SPIr  ba b0 d9 f6  66 42 da 49
>| Total keysize needed 148
>| NSS ikev2: finished computing key material for IKEv2 SA 
>| NSS ikev2: finished computing individual keys for IKEv2 SA 
>| calc_skeyseed_v2 pointers: shared 0x7f6180005430, skeyseed 0x7f618000b840, SK_d 0x7f618000d0c0, SK_ai 0x7f6180009f00, SK_ar 0x7f618000ea90, SK_ei 0x7f6180008570, SK_er 0x7f6180004220, SK_pi 0x7f6180010460, SK_pr 0x7f6180011e50
>|  
>| crypto helper 0 has finished work (pcw_work now 1)
>| crypto helper 0 replies to request ID 2
>| calling continuation function 0x7f618ec46e80
>| ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2
>| processing connection ikev2
>| #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE;
>| duplicating state object #1
>| creating state object #2 at 0x7f6190c2d0b0
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  ba b0 d9 f6  66 42 da 49
>| state hash entry 6
>| inserting state object #2
>| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
>| event added at head of queue
>| deleting event for #1
>| inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1
>| event added after event EVENT_REINIT_SECRET
>| **emit ISAKMP Message:
>|    initiator cookie:
>|   e2 fe cc f2  9b 56 0c 07
>|    responder cookie:
>|   ba b0 d9 f6  66 42 da 49
>|    next payload type: ISAKMP_NEXT_v2E
>|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
>|    exchange type: ISAKMP_v2_AUTH
>|    flags: ISAKMP_FLAG_IKE_INIT
>|    message ID:  00 00 00 01
>| ***emit IKEv2 Encryption Payload:
>|    next payload type: ISAKMP_NEXT_v2IDi
>|    critical bit: none
>| emitting 8 zero bytes of iv into IKEv2 Encryption Payload
>| IKEv2 thinking whether to send my certificate:
>|  my policy has no RSASIG, the policy is : PSK+ENCRYPT+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
>|  sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
>|  so do not send cert.
>| I did not send a certificate because digital signatures are not being used. (PSK)
>| *****emit IKEv2 Identification Payload:
>|    next payload type: ISAKMP_NEXT_v2AUTH
>|    critical bit: none
>|    id_type: ID_IPV6_ADDR
>| emitting 16 raw bytes of my identity into IKEv2 Identification Payload
>| my identity  20 01 0d b8  00 01 00 01  00 00 00 00  00 00 12 34
>| emitting length of IKEv2 Identification Payload: 24
>| idhash calc I2  05 00 00 00  20 01 0d b8  00 01 00 01  00 00 00 00
>| idhash calc I2  00 00 12 34
>| hmac_update data value: 
>|   05 00 00 00  20 01 0d b8  00 01 00 01  00 00 00 00
>|   00 00 12 34
>| hmac_update: inside if
>| hmac_update: after digest
>| hmac_update: after assert
>| *****emit IKEv2 Authentication Payload:
>|    next payload type: ISAKMP_NEXT_v2SA
>|    critical bit: none
>|    auth method: IKEv2_AUTH_SHARED
>| started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK
>| actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK
>| line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_RSA 
>| concluding with best_match=0 best=(nil) (lineno=-1)
>"ikev2" #1: No matching PSK found for connection:ikev2
>"ikev2" #1: Failed to find our PreShared Key
>| complete v2 state transition with STF_FATAL
>| deleting event for #2
>| deleting state #2
>| deleting event for #2
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  ba b0 d9 f6  66 42 da 49
>| state hash entry 6
>| * processed 1 messages from cryptographic helpers 
>| next event EVENT_PENDING_DDNS in 38 seconds
>| next event EVENT_PENDING_DDNS in 38 seconds
>|  
>| *received whack message
>shutting down
>| certs and keys locked by 'free_preshared_secrets'
>forgetting secrets
>| certs and keys unlocked by 'free_preshard_secrets'
>| unreference key: 0x7f6190c1e6f0 2001:db8:f:1::1 cnt 1--
>| unreference key: 0x7f6190c26990 %any cnt 1--
>| unreference key: 0x7f6190c1e640 C=XX, ST=redhat, O=Default Company Ltd, CN=server cnt 1--
>| unreference key: 0x7f6190c1e380 2001:db8:1:1::1234 cnt 1--
>| unreference key: 0x7f6190c25040 C=XX, ST=redhat, O=Default Company Ltd, CN=client cnt 1--
>| processing connection ikev2
>"ikev2": deleting connection
>| removing pending policy for "none" {0x7f6190c2a630}
>| processing connection ikev2
>"ikev2" #1: deleting state (STATE_PARENT_I2)
>| deleting event for #1
>| deleting state #1
>| deleting event for #1
>| ICOOKIE:  e2 fe cc f2  9b 56 0c 07
>| RCOOKIE:  ba b0 d9 f6  66 42 da 49
>| state hash entry 6
>| certs and keys locked by 'release_x509cert'
>| certs and keys unlocked by 'release_x509cert'
>| certs and keys locked by 'release_x509cert'
>| certs and keys unlocked by 'release_x509cert'
>| crl fetch request list locked by 'free_crl_fetch'
>| crl fetch request list unlocked by 'free_crl_fetch'
>| authcert list locked by 'free_authcerts'
>| authcert list unlocked by 'free_authcerts'
>| crl list locked by 'free_crls'
>| crl list unlocked by 'free_crls'
>shutting down interface lo/lo ::1:500
>shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500
>shutting down interface lo/lo 127.0.0.1:4500
>shutting down interface lo/lo 127.0.0.1:500
>shutting down interface p7p1/p7p1 10.66.13.22:4500
>shutting down interface p7p1/p7p1 10.66.13.22:500

Actions: View

Attachments on bug 1158748: 951970