Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 951970 Details for
Bug 1158748
[TAHI][IKEv2] IKEv2.EN.I.1.1.10.1: libreswan could not handle CERTREQ payload
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
pluto.log
pluto.log (text/plain), 65.62 KB, created by
Hangbin Liu
on 2014-10-30 05:58:55 UTC
(
hide
)
Description:
pluto.log
Filename:
MIME Type:
Creator:
Hangbin Liu
Created:
2014-10-30 05:58:55 UTC
Size:
65.62 KB
patch
obsolete
>nss directory plutomain: /etc/ipsec.d >NSS Initialized >libcap-ng support [enabled] >FIPS HMAC integrity verification test passed >FIPS: pluto daemon NOT running in FIPS mode >Linux audit support [disabled] >Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:21446 >core dump dir: /var/run/pluto >secrets file: /etc/ipsec.secrets >leak-detective disabled >SAref support [disabled]: Protocol not available >SAbind support [disabled]: Protocol not available >NSS crypto [enabled] >XAUTH PAM support [enabled] > NAT-Traversal support [enabled] >| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds >| event added at head of queue >| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds >| event added at head of queue >| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds >| event added after event EVENT_PENDING_DDNS >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) >starting up 3 crypto helpers >started thread for crypto helper 0 (master fd 7) >| status value returned by setting the priority of this thread (crypto helper 0) 22 >| crypto helper 0 waiting on fd 8 >| status value returned by setting the priority of this thread (crypto helper 1) 22 >| crypto helper 1 waiting on fd 10 >started thread for crypto helper 1 (master fd 9) >started thread for crypto helper 2 (master fd 11) >| status value returned by setting the priority of this thread (crypto helper 2) 22 >| crypto helper 2 waiting on fd 13 >Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-188.el7.x86_64 >| process 21446 listening for PF_KEY_V2 on file descriptor 16 >| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH >| 02 07 00 02 02 00 00 00 01 00 00 00 c6 53 00 00 >| pfkey_get: K_SADB_REGISTER message 1 >| AH registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP >| 02 07 00 03 02 00 00 00 02 00 00 00 c6 53 00 00 >| pfkey_get: K_SADB_REGISTER message 2 >| kernel_alg_init(): memset(0x7f618ef20840, 0, 2048) memset(0x7f618ef21040, 0, 2048) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72 >| kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88 >| kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR) >| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1 >| kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C) >| kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A) >| kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B) >| kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C) >ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) >Warning: failed to register algo_aes_ccm_8 for IKE >ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) >Warning: failed to register algo_aes_ccm_12 for IKE >ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) >Warning: failed to register algo_aes_ccm_16 for IKE >ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) >Warning: failed to register algo_aes_gcm_8 for IKE >ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) >Warning: failed to register algo_aes_gcm_12 for IKE >ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) >Warning: failed to register algo_aes_gcm_16 for IKE >| Registered AEAD AES CCM/GCM algorithms >| ESP registered with kernel. >| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP >| 02 07 00 09 02 00 00 00 03 00 00 00 c6 53 00 00 >| pfkey_get: K_SADB_REGISTER message 3 >| IPCOMP registered with kernel. >| Registered AH, ESP and IPCOMP >| Changed path to directory '/etc/ipsec.d/cacerts' > loading CA cert file 'cacert.pem' (956 bytes) >| cert blob content is not binary ASN.1 >| -----BEGIN CERTIFICATE----- >| -----END CERTIFICATE----- >| file coded in PEM format >| L0 - certificate: >| 30 82 02 96 30 82 01 ff a0 03 02 01 02 02 09 00 >| ef 50 7f d1 a6 a0 fd ea 30 0d 06 09 2a 86 48 86 >| f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 >| 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c >| 06 72 65 64 68 61 74 31 15 30 13 06 03 55 04 07 >| 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c >| 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 >| 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d >| 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 1e 17 >| 0d 31 34 30 31 31 36 30 38 34 35 34 35 5a 17 0d >| 32 34 30 31 31 34 30 38 34 35 34 35 5a 30 64 31 >| 0b 30 09 06 03 55 04 06 13 02 58 58 31 0f 30 0d >| 06 03 55 04 08 0c 06 72 65 64 68 61 74 31 15 30 >| 13 06 03 55 04 07 0c 0c 44 65 66 61 75 6c 74 20 >| 43 69 74 79 31 1c 30 1a 06 03 55 04 0a 0c 13 44 >| 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c >| 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 72 65 64 >| 68 61 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d >| 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 >| e0 1f 72 01 ac 86 92 f0 e5 3e 8e 6d fb cd d6 25 >| ef e9 d5 ca 5a 85 e6 7c 9d dc 96 1c 8c 5c 45 4f >| fb 44 c7 9f 7d a8 90 e0 7f d0 32 b6 44 60 9f ea >| 0b 60 29 3c f8 4a 12 6d 7e 7a d1 39 6c 96 3a 68 >| ad 57 4b 68 94 a7 a2 8a c0 53 79 be 3d 8d 78 cb >| 02 19 1c 31 98 77 fd 2e 28 05 34 f0 e4 ff d5 c0 >| a8 cd 5c 6b 62 4e 84 bd 03 f9 e4 d7 54 8f 69 44 >| 0c 98 c4 8f e7 ff 3e 63 5b 68 d4 d3 45 2a 90 a5 >| 02 03 01 00 01 a3 50 30 4e 30 1d 06 03 55 1d 0e >| 04 16 04 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 3f >| 04 72 0c 74 18 b1 62 62 30 1f 06 03 55 1d 23 04 >| 18 30 16 80 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 >| 3f 04 72 0c 74 18 b1 62 62 30 0c 06 03 55 1d 13 >| 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 >| 0d 01 01 05 05 00 03 81 81 00 93 fd 50 16 24 8b >| 16 d4 2a a0 76 26 d3 c4 54 24 60 8a ed 63 1d b7 >| 66 f2 05 dd 9c 3b 81 90 d4 36 bd 3a ea c9 3c 54 >| 72 54 94 bc 29 6d af f9 c9 7d b4 bf 39 1a 28 68 >| 9d 39 4b 56 14 3e 8e 9b 93 d5 94 8b 56 5d ae 20 >| a2 2a 2d 58 24 d0 98 5b 47 83 7f d2 ce 51 7b 65 >| d6 c3 4f 10 09 57 fa 80 c0 13 55 44 88 2a 90 f8 >| aa 1b c2 56 c7 f5 61 8d 4e b6 09 d9 35 0a 8b 16 >| a6 0d a7 cc 20 13 2f 7d 2a 30 >| L1 - tbsCertificate: >| 30 82 01 ff a0 03 02 01 02 02 09 00 ef 50 7f d1 >| a6 a0 fd ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 >| 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 13 02 >| 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 >| 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c 44 65 >| 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 >| 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d >| 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 >| 03 0c 06 72 65 64 68 61 74 30 1e 17 0d 31 34 30 >| 31 31 36 30 38 34 35 34 35 5a 17 0d 32 34 30 31 >| 31 34 30 38 34 35 34 35 5a 30 64 31 0b 30 09 06 >| 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 >| 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 >| 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 30 >| 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 >| 00 03 81 8d 00 30 81 89 02 81 81 00 e0 1f 72 01 >| ac 86 92 f0 e5 3e 8e 6d fb cd d6 25 ef e9 d5 ca >| 5a 85 e6 7c 9d dc 96 1c 8c 5c 45 4f fb 44 c7 9f >| 7d a8 90 e0 7f d0 32 b6 44 60 9f ea 0b 60 29 3c >| f8 4a 12 6d 7e 7a d1 39 6c 96 3a 68 ad 57 4b 68 >| 94 a7 a2 8a c0 53 79 be 3d 8d 78 cb 02 19 1c 31 >| 98 77 fd 2e 28 05 34 f0 e4 ff d5 c0 a8 cd 5c 6b >| 62 4e 84 bd 03 f9 e4 d7 54 8f 69 44 0c 98 c4 8f >| e7 ff 3e 63 5b 68 d4 d3 45 2a 90 a5 02 03 01 00 >| 01 a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14 >| ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 0c 74 >| 18 b1 62 62 30 1f 06 03 55 1d 23 04 18 30 16 80 >| 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 0c >| 74 18 b1 62 62 30 0c 06 03 55 1d 13 04 05 30 03 >| 01 01 ff >| L2 - DEFAULT v1: >| L3 - version: >| 02 >| v3 >| L2 - serialNumber: >| 00 ef 50 7f d1 a6 a0 fd ea >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - validity: >| L3 - notBefore: >| L4 - utcTime: >| 'Jan 16 08:45:45 UTC 2014' >| L3 - notAfter: >| L4 - utcTime: >| 'Jan 14 08:45:45 UTC 2024' >| L2 - subject: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - subjectPublicKeyInfo: >| L3 - algorithm: >| L4 - algorithmIdentifier: >| L5 - algorithm: >| 'rsaEncryption' >| L3 - subjectPublicKey: >| L4 - RSAPublicKey: >| L5 - modulus: >| 00 e0 1f 72 01 ac 86 92 f0 e5 3e 8e 6d fb cd d6 >| 25 ef e9 d5 ca 5a 85 e6 7c 9d dc 96 1c 8c 5c 45 >| 4f fb 44 c7 9f 7d a8 90 e0 7f d0 32 b6 44 60 9f >| ea 0b 60 29 3c f8 4a 12 6d 7e 7a d1 39 6c 96 3a >| 68 ad 57 4b 68 94 a7 a2 8a c0 53 79 be 3d 8d 78 >| cb 02 19 1c 31 98 77 fd 2e 28 05 34 f0 e4 ff d5 >| c0 a8 cd 5c 6b 62 4e 84 bd 03 f9 e4 d7 54 8f 69 >| 44 0c 98 c4 8f e7 ff 3e 63 5b 68 d4 d3 45 2a 90 >| a5 >| L5 - publicExponent: >| 01 00 01 >| L2 - optional extensions: >| L3 - extensions: >| L4 - extension: >| L5 - extnID: >| 'subjectKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 04 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 >| 0c 74 18 b1 62 62 >| L6 - keyIdentifier: >| ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 0c 74 >| 18 b1 62 62 >| L4 - extension: >| L5 - extnID: >| 'authorityKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 16 80 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 3f >| 04 72 0c 74 18 b1 62 62 >| L6 - authorityKeyIdentifier: >| L7 - keyIdentifier: >| 80 14 ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 >| 0c 74 18 b1 62 62 >| L8 - keyIdentifier: >| ac 93 3b f9 7c 7e 17 e7 47 64 68 3f 04 72 0c 74 >| 18 b1 62 62 >| L4 - extension: >| L5 - extnID: >| 'basicConstraints' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 03 01 01 ff >| L6 - basicConstraints: >| L7 - CA: >| ff >| TRUE >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 93 fd 50 16 24 8b 16 d4 2a a0 76 26 d3 c4 54 >| 24 60 8a ed 63 1d b7 66 f2 05 dd 9c 3b 81 90 d4 >| 36 bd 3a ea c9 3c 54 72 54 94 bc 29 6d af f9 c9 >| 7d b4 bf 39 1a 28 68 9d 39 4b 56 14 3e 8e 9b 93 >| d5 94 8b 56 5d ae 20 a2 2a 2d 58 24 d0 98 5b 47 >| 83 7f d2 ce 51 7b 65 d6 c3 4f 10 09 57 fa 80 c0 >| 13 55 44 88 2a 90 f8 aa 1b c2 56 c7 f5 61 8d 4e >| b6 09 d9 35 0a 8b 16 a6 0d a7 cc 20 13 2f 7d 2a >| 30 >| authcert list locked by 'add_authcert' >| authcert inserted >| authcert list unlocked by 'add_authcert' >| Changing to directory '/etc/ipsec.d/crls' > loading crl file 'crl.pem' (483 bytes) >| cert blob content is not binary ASN.1 >| -----BEGIN X509 CRL----- >| -----END X509 CRL----- >| file coded in PEM format >| L0 - certificateList: >| 30 82 01 3c 30 81 a6 02 01 01 30 0d 06 09 2a 86 >| 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 09 06 >| 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 55 04 >| 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 03 55 >| 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 74 79 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 74 17 >| 0d 31 34 30 31 31 36 30 39 33 34 30 32 5a 17 0d >| 31 34 30 32 31 35 30 39 33 34 30 32 5a a0 0e 30 >| 0c 30 0a 06 03 55 1d 14 04 03 02 01 01 30 0d 06 >| 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 >| 04 ef 34 0d c3 15 ac 28 9e 89 80 c7 24 95 26 19 >| f1 79 eb 1b a4 02 11 82 d6 50 95 81 7d 57 5d 7a >| 69 c8 25 9e 09 7e d9 df 88 55 a2 d2 01 6c dc fa >| a9 ca 74 dd ee 8a 4c f5 43 8b aa 0f b6 4b 6f ad >| 1c c6 6a 72 bf cf 97 52 9b ac cf f4 d6 4d a3 e0 >| 63 f2 89 d8 b3 a8 a0 fb cf b8 cf 80 e3 2a 9c ad >| bd e2 f2 8c 78 eb ba f7 d8 3f d6 cf 18 b5 7b c2 >| 55 c2 3f 79 26 a0 1a 98 2f b1 68 8e f0 30 9b 1c >| L1 - tbsCertList: >| 30 81 a6 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d >| 01 01 05 05 00 30 64 31 0b 30 09 06 03 55 04 06 >| 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 >| 65 64 68 61 74 31 15 30 13 06 03 55 04 07 0c 0c >| 44 65 66 61 75 6c 74 20 43 69 74 79 31 1c 30 1a >| 06 03 55 04 0a 0c 13 44 65 66 61 75 6c 74 20 43 >| 6f 6d 70 61 6e 79 20 4c 74 64 31 0f 30 0d 06 03 >| 55 04 03 0c 06 72 65 64 68 61 74 17 0d 31 34 30 >| 31 31 36 30 39 33 34 30 32 5a 17 0d 31 34 30 32 >| 31 35 30 39 33 34 30 32 5a a0 0e 30 0c 30 0a 06 >| 03 55 1d 14 04 03 02 01 01 >| L2 - version: >| 01 >| v2 >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - thisUpdate: >| L3 - utcTime: >| 'Jan 16 09:34:02 UTC 2014' >| L2 - nextUpdate: >| L3 - utcTime: >| 'Feb 15 09:34:02 UTC 2014' >| L2 - optional extensions: >| L3 - crlExtensions: >| L4 - extension: >| L5 - extnID: >| 55 1d 14 >| L5 - critical: >| FALSE >| L5 - extnValue: >| 02 01 01 >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 04 ef 34 0d c3 15 ac 28 9e 89 80 c7 24 95 26 >| 19 f1 79 eb 1b a4 02 11 82 d6 50 95 81 7d 57 5d >| 7a 69 c8 25 9e 09 7e d9 df 88 55 a2 d2 01 6c dc >| fa a9 ca 74 dd ee 8a 4c f5 43 8b aa 0f b6 4b 6f >| ad 1c c6 6a 72 bf cf 97 52 9b ac cf f4 d6 4d a3 >| e0 63 f2 89 d8 b3 a8 a0 fb cf b8 cf 80 e3 2a 9c >| ad bd e2 f2 8c 78 eb ba f7 d8 3f d6 cf 18 b5 7b >| c2 55 c2 3f 79 26 a0 1a 98 2f b1 68 8e f0 30 9b >| 1c >| authcert list locked by 'insert_crl' >| crl issuer cacert found >| signature algorithm: 'sha-1WithRSAEncryption' >| digest: a5 91 dc e6 f7 78 21 e9 df c2 f3 fc 2a ac 9f 0b >| digest: f5 e2 2b 6b >| NSS cert: modulus : >| 00 e0 1f 72 01 ac 86 92 f0 e5 3e 8e 6d fb cd d6 >| 25 ef e9 d5 ca 5a 85 e6 7c 9d dc 96 1c 8c 5c 45 >| 4f fb 44 c7 9f 7d a8 90 e0 7f d0 32 b6 44 60 9f >| ea 0b 60 29 3c f8 4a 12 6d 7e 7a d1 39 6c 96 3a >| 68 ad 57 4b 68 94 a7 a2 8a c0 53 79 be 3d 8d 78 >| cb 02 19 1c 31 98 77 fd 2e 28 05 34 f0 e4 ff d5 >| c0 a8 cd 5c 6b 62 4e 84 bd 03 f9 e4 d7 54 8f 69 >| 44 0c 98 c4 8f e7 ff 3e 63 5b 68 d4 d3 45 2a 90 >| a5 >| NSS cert: exponent : >| 01 00 01 >| NSS: input signature : >| 00 04 ef 34 0d c3 15 ac 28 9e 89 80 c7 24 95 26 >| 19 f1 79 eb 1b a4 02 11 82 d6 50 95 81 7d 57 5d >| 7a 69 c8 25 9e 09 7e d9 df 88 55 a2 d2 01 6c dc >| fa a9 ca 74 dd ee 8a 4c f5 43 8b aa 0f b6 4b 6f >| ad 1c c6 6a 72 bf cf 97 52 9b ac cf f4 d6 4d a3 >| e0 63 f2 89 d8 b3 a8 a0 fb cf b8 cf 80 e3 2a 9c >| ad bd e2 f2 8c 78 eb ba f7 d8 3f d6 cf 18 b5 7b >| c2 55 c2 3f 79 26 a0 1a 98 2f b1 68 8e f0 30 9b >| 1c >| RSA Signature length is 128 >NSS: PK11_VerifyRecover() failed (-8182) >| NSS scratchpad plus computed digest sig: >| >| NSS adjusted digest sig: >| ff ff ff ff 40 b7 c1 90 61 7f 00 00 91 00 00 00 >| 00 00 00 00 >| NSS expected digest sig: >| a5 91 dc e6 f7 78 21 e9 df c2 f3 fc 2a ac 9f 0b >| f5 e2 2b 6b >NSS: RSA Signature FAILED verification > NSS: failure in verifying signature >| authcert list unlocked by 'insert_crl' >| selinux support is enabled. >| inserting event EVENT_LOG_DAILY, timeout in 45694 seconds >| event added after event EVENT_REINIT_SECRET >| next event EVENT_PENDING_DDNS in 60 seconds >| calling addconn helper using execve >| >| *received whack message >| entering aalg_getbyname_ike() >| raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1 >| Added new connection ikev2 with policy PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| from whack: got --esp=3des-sha1 >| esp string values: 3DES(3)_000-SHA1(2)_000 >| ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2) >| loading certificate clientKey.crt >| Found pointer to cert clientKey.crt now giving it to further processing >| file coded in DER format >| L0 - certificate: >| 30 82 02 c1 30 82 02 2a a0 03 02 01 02 02 01 04 >| 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 >| 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 0f >| 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 31 >| 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 6c >| 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a 0c >| 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 >| 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 72 >| 65 64 68 61 74 30 1e 17 0d 31 34 30 31 31 36 30 >| 39 30 35 32 36 5a 17 0d 31 35 30 31 31 36 30 39 >| 30 35 32 36 5a 30 4d 31 0b 30 09 06 03 55 04 06 >| 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 >| 65 64 68 61 74 31 1c 30 1a 06 03 55 04 0a 0c 13 >| 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 >| 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 63 6c >| 69 65 6e 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 >| 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 >| 00 d4 cc 34 1f c0 04 d0 0e df 24 9d 07 ad dc 86 >| d4 f4 9e d5 e1 b4 89 f2 bc 22 23 5c 81 78 db 83 >| a8 2c 92 7e c2 18 5c e6 c9 51 3c b9 88 b1 da 99 >| c6 25 b6 e7 8d 58 79 09 ad 62 95 d1 bd bc ad 3f >| 30 e3 bd 11 12 11 34 82 02 e9 84 8e 3e 57 0d 26 >| 65 01 34 81 4d 68 f3 a9 dc 79 d6 e3 db 42 e4 0a >| 1c 9d fd 3a 5c 14 b4 36 7e b7 84 da 97 c7 28 e2 >| 22 65 a7 6f f0 42 57 ff 5b 00 f9 a9 64 e0 bd 21 >| 9d 02 03 01 00 01 a3 81 99 30 81 96 30 09 06 03 >| 55 1d 13 04 02 30 00 30 2c 06 09 60 86 48 01 86 >| f8 42 01 0d 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 >| 47 65 6e 65 72 61 74 65 64 20 43 65 72 74 69 66 >| 69 63 61 74 65 30 1d 06 03 55 1d 0e 04 16 04 14 >| e9 06 bf b8 29 f9 79 04 52 40 d3 2b 07 bc fc 91 >| bc ad 2e fe 30 1f 06 03 55 1d 23 04 18 30 16 80 >| 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 95 >| d0 8d f6 63 20 30 1b 06 03 55 1d 11 04 14 30 12 >| 87 10 20 01 0d b8 ff ff 00 01 02 15 17 ff fe 74 >| 5e 4a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 >| 00 03 81 81 00 90 d9 b3 12 8d 3e 3d b5 4f 04 0e >| 16 6e f9 f0 9c 93 a6 f6 1b 4f 4f 6f 89 83 6f cf >| 6b ce 63 82 dd bc 47 78 59 fd d8 79 b3 6c 18 c2 >| b3 93 d7 d4 92 bd 80 11 b3 b0 ce 4d 47 e9 b9 86 >| f9 7a 3d b4 4a d3 e7 12 b9 9c c6 4d 85 69 a5 0c >| 88 b3 db 0d 4e f7 8b 78 a5 69 7c a3 d4 fa db 0b >| 0b fd 69 44 2c 2d a6 d4 3c 5c b6 dc 47 18 b4 55 >| 6a 07 3c 99 d0 30 9e a4 ba 1e 10 34 aa c6 e6 72 >| 73 a7 b1 64 e7 >| L1 - tbsCertificate: >| 30 82 02 2a a0 03 02 01 02 02 01 04 30 0d 06 09 >| 2a 86 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 >| 09 06 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 >| 55 04 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 >| 03 55 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 >| 74 79 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 >| 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 >| 31 0f 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 >| 74 30 1e 17 0d 31 34 30 31 31 36 30 39 30 35 32 >| 36 5a 17 0d 31 35 30 31 31 36 30 39 30 35 32 36 >| 5a 30 4d 31 0b 30 09 06 03 55 04 06 13 02 58 58 >| 31 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 >| 74 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 >| 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 >| 0f 30 0d 06 03 55 04 03 0c 06 63 6c 69 65 6e 74 >| 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 >| 05 00 03 81 8d 00 30 81 89 02 81 81 00 d4 cc 34 >| 1f c0 04 d0 0e df 24 9d 07 ad dc 86 d4 f4 9e d5 >| e1 b4 89 f2 bc 22 23 5c 81 78 db 83 a8 2c 92 7e >| c2 18 5c e6 c9 51 3c b9 88 b1 da 99 c6 25 b6 e7 >| 8d 58 79 09 ad 62 95 d1 bd bc ad 3f 30 e3 bd 11 >| 12 11 34 82 02 e9 84 8e 3e 57 0d 26 65 01 34 81 >| 4d 68 f3 a9 dc 79 d6 e3 db 42 e4 0a 1c 9d fd 3a >| 5c 14 b4 36 7e b7 84 da 97 c7 28 e2 22 65 a7 6f >| f0 42 57 ff 5b 00 f9 a9 64 e0 bd 21 9d 02 03 01 >| 00 01 a3 81 99 30 81 96 30 09 06 03 55 1d 13 04 >| 02 30 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d >| 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 >| 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 >| 65 30 1d 06 03 55 1d 0e 04 16 04 14 e9 06 bf b8 >| 29 f9 79 04 52 40 d3 2b 07 bc fc 91 bc ad 2e fe >| 30 1f 06 03 55 1d 23 04 18 30 16 80 14 f4 ec b8 >| bb db c6 19 9f 20 11 e5 5a 13 17 95 d0 8d f6 63 >| 20 30 1b 06 03 55 1d 11 04 14 30 12 87 10 20 01 >| 0d b8 ff ff 00 01 02 15 17 ff fe 74 5e 4a >| L2 - DEFAULT v1: >| L3 - version: >| 02 >| v3 >| L2 - serialNumber: >| 04 >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - validity: >| L3 - notBefore: >| L4 - utcTime: >| 'Jan 16 09:05:26 UTC 2014' >| L3 - notAfter: >| L4 - utcTime: >| 'Jan 16 09:05:26 UTC 2015' >| L2 - subject: >| 30 4d 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 63 6c 69 65 6e 74 >| 'C=XX, ST=redhat, O=Default Company Ltd, CN=client' >| L2 - subjectPublicKeyInfo: >| L3 - algorithm: >| L4 - algorithmIdentifier: >| L5 - algorithm: >| 'rsaEncryption' >| L3 - subjectPublicKey: >| L4 - RSAPublicKey: >| L5 - modulus: >| 00 d4 cc 34 1f c0 04 d0 0e df 24 9d 07 ad dc 86 >| d4 f4 9e d5 e1 b4 89 f2 bc 22 23 5c 81 78 db 83 >| a8 2c 92 7e c2 18 5c e6 c9 51 3c b9 88 b1 da 99 >| c6 25 b6 e7 8d 58 79 09 ad 62 95 d1 bd bc ad 3f >| 30 e3 bd 11 12 11 34 82 02 e9 84 8e 3e 57 0d 26 >| 65 01 34 81 4d 68 f3 a9 dc 79 d6 e3 db 42 e4 0a >| 1c 9d fd 3a 5c 14 b4 36 7e b7 84 da 97 c7 28 e2 >| 22 65 a7 6f f0 42 57 ff 5b 00 f9 a9 64 e0 bd 21 >| 9d >| L5 - publicExponent: >| 01 00 01 >| L2 - optional extensions: >| L3 - extensions: >| L4 - extension: >| L5 - extnID: >| 'basicConstraints' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 00 >| L6 - basicConstraints: >| L7 - CA: >| FALSE >| L4 - extension: >| L5 - extnID: >| 'nsComment' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61 >| 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 >| L4 - extension: >| L5 - extnID: >| 'subjectKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 04 14 e9 06 bf b8 29 f9 79 04 52 40 d3 2b 07 bc >| fc 91 bc ad 2e fe >| L6 - keyIdentifier: >| e9 06 bf b8 29 f9 79 04 52 40 d3 2b 07 bc fc 91 >| bc ad 2e fe >| L4 - extension: >| L5 - extnID: >| 'authorityKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 16 80 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a >| 13 17 95 d0 8d f6 63 20 >| L6 - authorityKeyIdentifier: >| L7 - keyIdentifier: >| 80 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 >| 95 d0 8d f6 63 20 >| L8 - keyIdentifier: >| f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 95 d0 >| 8d f6 63 20 >| L4 - extension: >| L5 - extnID: >| 'subjectAltName' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 12 87 10 20 01 0d b8 ff ff 00 01 02 15 17 ff >| fe 74 5e 4a >| L6 - generalNames: >| L7 - generalName: >| L8 - ipAddress: >| 20 01 0d b8 ff ff 00 01 02 15 17 ff fe 74 5e 4a >| '32.1.13.184' >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 90 d9 b3 12 8d 3e 3d b5 4f 04 0e 16 6e f9 f0 >| 9c 93 a6 f6 1b 4f 4f 6f 89 83 6f cf 6b ce 63 82 >| dd bc 47 78 59 fd d8 79 b3 6c 18 c2 b3 93 d7 d4 >| 92 bd 80 11 b3 b0 ce 4d 47 e9 b9 86 f9 7a 3d b4 >| 4a d3 e7 12 b9 9c c6 4d 85 69 a5 0c 88 b3 db 0d >| 4e f7 8b 78 a5 69 7c a3 d4 fa db 0b 0b fd 69 44 >| 2c 2d a6 d4 3c 5c b6 dc 47 18 b4 55 6a 07 3c 99 >| d0 30 9e a4 ba 1e 10 34 aa c6 e6 72 73 a7 b1 64 >| e7 >| not before : Jan 16 09:05:26 UTC 2014 >| current time: Oct 30 03:18:27 UTC 2014 >| not after : Jan 16 09:05:26 UTC 2015 >| certificate is valid >| certs and keys locked by 'add_x509cert' >| certs and keys unlocked by 'add_x509cert' >| counting wild cards for 2001:db8:1:1::1234 is 0 >| loading certificate serverKey.crt >| Found pointer to cert serverKey.crt now giving it to further processing >| file coded in DER format >| L0 - certificate: >| 30 82 02 c1 30 82 02 2a a0 03 02 01 02 02 01 03 >| 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 >| 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 0f >| 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 31 >| 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 6c >| 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a 0c >| 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 >| 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 72 >| 65 64 68 61 74 30 1e 17 0d 31 34 30 31 31 36 30 >| 39 30 33 34 32 5a 17 0d 31 35 30 31 31 36 30 39 >| 30 33 34 32 5a 30 4d 31 0b 30 09 06 03 55 04 06 >| 13 02 58 58 31 0f 30 0d 06 03 55 04 08 0c 06 72 >| 65 64 68 61 74 31 1c 30 1a 06 03 55 04 0a 0c 13 >| 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 >| 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 73 65 >| 72 76 65 72 30 81 9f 30 0d 06 09 2a 86 48 86 f7 >| 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 >| 00 c0 f1 fa 81 08 70 3a 7b 8a 2a a4 a7 e6 84 2f >| 18 aa a6 33 a6 e4 1b 84 ee 0a d5 73 25 37 f6 0b >| 93 24 d2 38 78 ec 69 36 49 3f af 68 86 f2 15 08 >| b8 dc db 34 76 fc 05 cc af cb f0 d7 bd c1 df 67 >| e6 58 be ff 6c 95 a1 0e b8 a3 89 b2 04 f4 1f 3a >| d8 0b 9a ea ff 32 75 56 e2 71 59 68 5e 4a ae 35 >| 37 44 fe b6 1a 3e 13 43 3b bc be 0e a4 a0 e1 b8 >| 18 f5 a6 1c 33 5c 03 4e 14 72 45 14 fc 1f 17 16 >| 3d 02 03 01 00 01 a3 81 99 30 81 96 30 09 06 03 >| 55 1d 13 04 02 30 00 30 2c 06 09 60 86 48 01 86 >| f8 42 01 0d 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 >| 47 65 6e 65 72 61 74 65 64 20 43 65 72 74 69 66 >| 69 63 61 74 65 30 1d 06 03 55 1d 0e 04 16 04 14 >| fc 67 26 68 b5 63 d6 67 71 7c 48 0d 78 8a 7d ab >| e5 40 6c 97 30 1f 06 03 55 1d 23 04 18 30 16 80 >| 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 95 >| d0 8d f6 63 20 30 1b 06 03 55 1d 11 04 14 30 12 >| 87 10 20 01 0d b8 ff ff 00 02 02 15 17 ff fe 5d >| 2d 9e 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 >| 00 03 81 81 00 1b ad 72 c9 c4 88 0f 7f cd 0c 6e >| 54 86 29 92 ce 74 39 f0 0f 06 fb df 00 90 f6 51 >| e6 40 96 c6 3a fd d5 a2 bd 6a 24 d8 f0 87 97 a5 >| c1 32 34 b9 64 a6 d8 08 7f f5 85 2b 69 d3 0c 78 >| 45 b2 9b 50 49 7c 5c 5c 2c 60 e6 94 db db f2 0d >| 9a 2c 0a b0 36 97 f9 72 43 db f0 d9 83 e5 dc 38 >| 46 f2 bc 3b 35 c5 b0 2a 77 ac 58 49 31 0f 13 3e >| db 76 85 76 00 c3 13 97 95 f9 a6 a0 df 2b c9 91 >| 2a 62 d5 2b 71 >| L1 - tbsCertificate: >| 30 82 02 2a a0 03 02 01 02 02 01 03 30 0d 06 09 >| 2a 86 48 86 f7 0d 01 01 05 05 00 30 64 31 0b 30 >| 09 06 03 55 04 06 13 02 58 58 31 0f 30 0d 06 03 >| 55 04 08 0c 06 72 65 64 68 61 74 31 15 30 13 06 >| 03 55 04 07 0c 0c 44 65 66 61 75 6c 74 20 43 69 >| 74 79 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 >| 61 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 >| 31 0f 30 0d 06 03 55 04 03 0c 06 72 65 64 68 61 >| 74 30 1e 17 0d 31 34 30 31 31 36 30 39 30 33 34 >| 32 5a 17 0d 31 35 30 31 31 36 30 39 30 33 34 32 >| 5a 30 4d 31 0b 30 09 06 03 55 04 06 13 02 58 58 >| 31 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 >| 74 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 >| 75 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 >| 0f 30 0d 06 03 55 04 03 0c 06 73 65 72 76 65 72 >| 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 >| 05 00 03 81 8d 00 30 81 89 02 81 81 00 c0 f1 fa >| 81 08 70 3a 7b 8a 2a a4 a7 e6 84 2f 18 aa a6 33 >| a6 e4 1b 84 ee 0a d5 73 25 37 f6 0b 93 24 d2 38 >| 78 ec 69 36 49 3f af 68 86 f2 15 08 b8 dc db 34 >| 76 fc 05 cc af cb f0 d7 bd c1 df 67 e6 58 be ff >| 6c 95 a1 0e b8 a3 89 b2 04 f4 1f 3a d8 0b 9a ea >| ff 32 75 56 e2 71 59 68 5e 4a ae 35 37 44 fe b6 >| 1a 3e 13 43 3b bc be 0e a4 a0 e1 b8 18 f5 a6 1c >| 33 5c 03 4e 14 72 45 14 fc 1f 17 16 3d 02 03 01 >| 00 01 a3 81 99 30 81 96 30 09 06 03 55 1d 13 04 >| 02 30 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d >| 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 >| 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 >| 65 30 1d 06 03 55 1d 0e 04 16 04 14 fc 67 26 68 >| b5 63 d6 67 71 7c 48 0d 78 8a 7d ab e5 40 6c 97 >| 30 1f 06 03 55 1d 23 04 18 30 16 80 14 f4 ec b8 >| bb db c6 19 9f 20 11 e5 5a 13 17 95 d0 8d f6 63 >| 20 30 1b 06 03 55 1d 11 04 14 30 12 87 10 20 01 >| 0d b8 ff ff 00 02 02 15 17 ff fe 5d 2d 9e >| L2 - DEFAULT v1: >| L3 - version: >| 02 >| v3 >| L2 - serialNumber: >| 03 >| L2 - signature: >| L3 - algorithmIdentifier: >| L4 - algorithm: >| 'sha-1WithRSAEncryption' >| L2 - issuer: >| 30 64 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 15 30 13 06 03 55 04 07 0c 0c 44 65 66 61 75 >| 6c 74 20 43 69 74 79 31 1c 30 1a 06 03 55 04 0a >| 0c 13 44 65 66 61 75 6c 74 20 43 6f 6d 70 61 6e >| 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 0c 06 >| 72 65 64 68 61 74 >| 'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat' >| L2 - validity: >| L3 - notBefore: >| L4 - utcTime: >| 'Jan 16 09:03:42 UTC 2014' >| L3 - notAfter: >| L4 - utcTime: >| 'Jan 16 09:03:42 UTC 2015' >| L2 - subject: >| 30 4d 31 0b 30 09 06 03 55 04 06 13 02 58 58 31 >| 0f 30 0d 06 03 55 04 08 0c 06 72 65 64 68 61 74 >| 31 1c 30 1a 06 03 55 04 0a 0c 13 44 65 66 61 75 >| 6c 74 20 43 6f 6d 70 61 6e 79 20 4c 74 64 31 0f >| 30 0d 06 03 55 04 03 0c 06 73 65 72 76 65 72 >| 'C=XX, ST=redhat, O=Default Company Ltd, CN=server' >| L2 - subjectPublicKeyInfo: >| L3 - algorithm: >| L4 - algorithmIdentifier: >| L5 - algorithm: >| 'rsaEncryption' >| L3 - subjectPublicKey: >| L4 - RSAPublicKey: >| L5 - modulus: >| 00 c0 f1 fa 81 08 70 3a 7b 8a 2a a4 a7 e6 84 2f >| 18 aa a6 33 a6 e4 1b 84 ee 0a d5 73 25 37 f6 0b >| 93 24 d2 38 78 ec 69 36 49 3f af 68 86 f2 15 08 >| b8 dc db 34 76 fc 05 cc af cb f0 d7 bd c1 df 67 >| e6 58 be ff 6c 95 a1 0e b8 a3 89 b2 04 f4 1f 3a >| d8 0b 9a ea ff 32 75 56 e2 71 59 68 5e 4a ae 35 >| 37 44 fe b6 1a 3e 13 43 3b bc be 0e a4 a0 e1 b8 >| 18 f5 a6 1c 33 5c 03 4e 14 72 45 14 fc 1f 17 16 >| 3d >| L5 - publicExponent: >| 01 00 01 >| L2 - optional extensions: >| L3 - extensions: >| L4 - extension: >| L5 - extnID: >| 'basicConstraints' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 00 >| L6 - basicConstraints: >| L7 - CA: >| FALSE >| L4 - extension: >| L5 - extnID: >| 'nsComment' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61 >| 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 >| L4 - extension: >| L5 - extnID: >| 'subjectKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 04 14 fc 67 26 68 b5 63 d6 67 71 7c 48 0d 78 8a >| 7d ab e5 40 6c 97 >| L6 - keyIdentifier: >| fc 67 26 68 b5 63 d6 67 71 7c 48 0d 78 8a 7d ab >| e5 40 6c 97 >| L4 - extension: >| L5 - extnID: >| 'authorityKeyIdentifier' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 16 80 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a >| 13 17 95 d0 8d f6 63 20 >| L6 - authorityKeyIdentifier: >| L7 - keyIdentifier: >| 80 14 f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 >| 95 d0 8d f6 63 20 >| L8 - keyIdentifier: >| f4 ec b8 bb db c6 19 9f 20 11 e5 5a 13 17 95 d0 >| 8d f6 63 20 >| L4 - extension: >| L5 - extnID: >| 'subjectAltName' >| L5 - critical: >| FALSE >| L5 - extnValue: >| 30 12 87 10 20 01 0d b8 ff ff 00 02 02 15 17 ff >| fe 5d 2d 9e >| L6 - generalNames: >| L7 - generalName: >| L8 - ipAddress: >| 20 01 0d b8 ff ff 00 02 02 15 17 ff fe 5d 2d 9e >| '32.1.13.184' >| L1 - signatureAlgorithm: >| L2 - algorithmIdentifier: >| L3 - algorithm: >| 'sha-1WithRSAEncryption' >| L1 - signatureValue: >| 00 1b ad 72 c9 c4 88 0f 7f cd 0c 6e 54 86 29 92 >| ce 74 39 f0 0f 06 fb df 00 90 f6 51 e6 40 96 c6 >| 3a fd d5 a2 bd 6a 24 d8 f0 87 97 a5 c1 32 34 b9 >| 64 a6 d8 08 7f f5 85 2b 69 d3 0c 78 45 b2 9b 50 >| 49 7c 5c 5c 2c 60 e6 94 db db f2 0d 9a 2c 0a b0 >| 36 97 f9 72 43 db f0 d9 83 e5 dc 38 46 f2 bc 3b >| 35 c5 b0 2a 77 ac 58 49 31 0f 13 3e db 76 85 76 >| 00 c3 13 97 95 f9 a6 a0 df 2b c9 91 2a 62 d5 2b >| 71 >| not before : Jan 16 09:03:42 UTC 2014 >| current time: Oct 30 03:18:27 UTC 2014 >| not after : Jan 16 09:03:42 UTC 2015 >| certificate is valid >| unreference key: 0x7f6190c25180 %any cnt 1-- >| certs and keys locked by 'add_x509cert' >| certs and keys unlocked by 'add_x509cert' >| counting wild cards for 2001:db8:f:1::1 is 0 >added connection description "ikev2" >| 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1> >| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| >| *received whack message >listening for IKE messages >| Inspecting interface lo >| found lo with address 127.0.0.1 >| Inspecting interface p7p1 >| found p7p1 with address 10.66.13.22 >adding interface p7p1/p7p1 10.66.13.22:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface p7p1/p7p1 10.66.13.22:4500 >adding interface lo/lo 127.0.0.1:500 >| NAT-Traversal: Trying new style NAT-T >| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19) >| NAT-Traversal: Trying old style NAT-T >| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4 >adding interface lo/lo 127.0.0.1:4500 >| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 >| found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234 >adding interface p6p1/p6p1 2001:db8:1:1::1234:500 >adding interface lo/lo ::1:500 >| connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none >| certs and keys locked by 'free_preshared_secrets' >| certs and keys unlocked by 'free_preshard_secrets' >loading secrets from "/etc/ipsec.secrets" >| NSS: extract_and_add_secret_from_nss_cert_file start >| NSS: extract_and_add_secret_from_nss_cert_file: NSS Cert found >| NSS: extract_and_add_secret_from_nss_cert_file: public key found >| NSS: extract_and_add_secret_from_nss_cert_file: ckaid found >| NSS: extract_and_add_secret_from_nss_cert_file: end >loaded private key for keyid: PPK_RSA:AwEAAdTMN >| certs and keys locked by 'process_secret' >| certs and keys unlocked by 'process_secret' >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| >| *received whack message >| processing connection ikev2 >| kernel_alg_db_new() initial trans_cnt=128 >| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 >| kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2 >| returning new proposal from esp_info >| creating state object #1 at 0x7f6190c28fd0 >| processing connection ikev2 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 0 >| inserting state object #1 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 >| event added at head of queue >| processing connection ikev2 >| Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2" >"ikev2" #1: initiating v2 parent SA >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0) >| #1 send_crypto_helper_request:519 st->st_calculating = TRUE; >| deleting event for #1 >| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 >| event added after event EVENT_PENDING_PHASE2 >| crypto helper 0 read fd: 8 >| crypto helper 0 doing build_kenonce; request ID 1 >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 58 seconds >| next event EVENT_PENDING_DDNS in 58 seconds >| NSS: Value of Prime: >| ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 >| c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 >| 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd >| ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 >| 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 >| f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed >| ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 >| 49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff >| NSS: Value of base: >| 02 >| next event EVENT_PENDING_DDNS in 58 seconds >| reaped addconn helper child >| NSS: generated dh priv and pub keys: 128 >| NSS: Local DH secret (pointer): 0x7f61800042f0 >| NSS: Public DH value sent(computed in NSS): >| 91 9e a4 30 0c f8 f8 86 02 d3 7f 50 26 9d d6 5b >| 02 cf e0 94 bd 5c 59 8c fe b9 9c 50 4e b8 d5 8c >| 06 31 2d d4 69 5d c9 39 db 9d ea 12 d2 7d 4d a7 >| 1e 6a a6 25 ed 9d 40 e7 e6 7e cf 06 a3 39 ab a3 >| 37 d6 b8 03 16 82 5b 2c 51 d5 cb 6f 69 a0 9d 36 >| 23 91 c2 16 ab ad 63 13 e2 5b 09 d9 e3 82 2c 9b >| 7c 74 a1 1b 06 72 53 3f 9b e9 5a 96 cc 95 cb 5b >| f8 36 81 1d 92 18 c0 be a6 8c db 12 08 7c 31 4d >| NSS: Local DH public value (pointer): 0x7f6190c2b800 >| Generated nonce: >| 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 5b 64 3d 72 >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 1 >| calling continuation function 0x7f618ec462b0 >| ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1 >| processing connection ikev2 >| #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE; >| ikev2_parent_outI1_tail for #1 >| saving DH priv (local secret) and pub key into state struct >| **emit ISAKMP Message: >| initiator cookie: >| e2 fe cc f2 9b 56 0c 07 >| responder cookie: >| 00 00 00 00 00 00 00 00 >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 00 >| ***emit IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| ****emit IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| *****emit IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| emitting length of IKEv2 Transform Substructure Payload: 8 >| emitting length of IKEv2 Proposal Substructure Payload: 40 >| emitting length of IKEv2 Security Association Payload: 44 >| ***emit IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| DH group: OAKLEY_GROUP_MODP1024 >| emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload >| ikev2 g^x 91 9e a4 30 0c f8 f8 86 02 d3 7f 50 26 9d d6 5b >| ikev2 g^x 02 cf e0 94 bd 5c 59 8c fe b9 9c 50 4e b8 d5 8c >| ikev2 g^x 06 31 2d d4 69 5d c9 39 db 9d ea 12 d2 7d 4d a7 >| ikev2 g^x 1e 6a a6 25 ed 9d 40 e7 e6 7e cf 06 a3 39 ab a3 >| ikev2 g^x 37 d6 b8 03 16 82 5b 2c 51 d5 cb 6f 69 a0 9d 36 >| ikev2 g^x 23 91 c2 16 ab ad 63 13 e2 5b 09 d9 e3 82 2c 9b >| ikev2 g^x 7c 74 a1 1b 06 72 53 3f 9b e9 5a 96 cc 95 cb 5b >| ikev2 g^x f8 36 81 1d 92 18 c0 be a6 8c db 12 08 7c 31 4d >| emitting length of IKEv2 Key Exchange Payload: 136 >| ***emit IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload >| IKEv2 nonce 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 5b 64 3d 72 >| emitting length of IKEv2 Nonce Payload: 20 >| NAT-Traversal support [enabled] add v2N payloads. >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7f618ef055c0(20) >| natd_hash: icookie= e2 fe cc f2 9b 56 0c 07 >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= a8 21 a6 2b 89 23 64 31 35 c0 62 e0 a6 2a c7 80 >| natd_hash: hash= e2 61 69 59 >| Adding a v2N Payload >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2N >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data a8 21 a6 2b 89 23 64 31 35 c0 62 e0 a6 2a c7 80 >| Notify data e2 61 69 59 >| emitting length of IKEv2 Notify Payload: 28 >| natd_hash: Warning, rcookie is zero !! >| natd_hash: hasher=0x7f618ef055c0(20) >| natd_hash: icookie= e2 fe cc f2 9b 56 0c 07 >| natd_hash: rcookie= 00 00 00 00 00 00 00 00 >| natd_hash: port=500 >| natd_hash: hash= 20 1e 12 a7 9d 09 ef ce 5f 25 78 14 a0 9a 2f 3e >| natd_hash: hash= c6 a9 c9 37 >| Adding a v2N Payload >| ***emit IKEv2 Notify Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| Protocol ID: PROTO_RESERVED >| SPI size: 0 >| Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP >| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload >| Notify data 20 1e 12 a7 9d 09 ef ce 5f 25 78 14 a0 9a 2f 3e >| Notify data c6 a9 c9 37 >| emitting length of IKEv2 Notify Payload: 28 >| no IKE message padding required >| emitting length of ISAKMP Message: 284 >| sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| e2 fe cc f2 9b 56 0c 07 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| 91 9e a4 30 0c f8 f8 86 02 d3 7f 50 26 9d d6 5b >| 02 cf e0 94 bd 5c 59 8c fe b9 9c 50 4e b8 d5 8c >| 06 31 2d d4 69 5d c9 39 db 9d ea 12 d2 7d 4d a7 >| 1e 6a a6 25 ed 9d 40 e7 e6 7e cf 06 a3 39 ab a3 >| 37 d6 b8 03 16 82 5b 2c 51 d5 cb 6f 69 a0 9d 36 >| 23 91 c2 16 ab ad 63 13 e2 5b 09 d9 e3 82 2c 9b >| 7c 74 a1 1b 06 72 53 3f 9b e9 5a 96 cc 95 cb 5b >| f8 36 81 1d 92 18 c0 be a6 8c db 12 08 7c 31 4d >| 29 00 00 14 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 >| 5b 64 3d 72 29 00 00 1c 00 00 40 04 a8 21 a6 2b >| 89 23 64 31 35 c0 62 e0 a6 2a c7 80 e2 61 69 59 >| 00 00 00 1c 00 00 40 05 20 1e 12 a7 9d 09 ef ce >| 5f 25 78 14 a0 9a 2f 3e c6 a9 c9 37 >| deleting event for #1 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| complete v2 state transition with STF_OK >"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 >"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 >| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event >| * processed 1 messages from cryptographic helpers >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 48 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| e2 fe cc f2 9b 56 0c 07 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| 91 9e a4 30 0c f8 f8 86 02 d3 7f 50 26 9d d6 5b >| 02 cf e0 94 bd 5c 59 8c fe b9 9c 50 4e b8 d5 8c >| 06 31 2d d4 69 5d c9 39 db 9d ea 12 d2 7d 4d a7 >| 1e 6a a6 25 ed 9d 40 e7 e6 7e cf 06 a3 39 ab a3 >| 37 d6 b8 03 16 82 5b 2c 51 d5 cb 6f 69 a0 9d 36 >| 23 91 c2 16 ab ad 63 13 e2 5b 09 d9 e3 82 2c 9b >| 7c 74 a1 1b 06 72 53 3f 9b e9 5a 96 cc 95 cb 5b >| f8 36 81 1d 92 18 c0 be a6 8c db 12 08 7c 31 4d >| 29 00 00 14 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 >| 5b 64 3d 72 29 00 00 1c 00 00 40 04 a8 21 a6 2b >| 89 23 64 31 35 c0 62 e0 a6 2a c7 80 e2 61 69 59 >| 00 00 00 1c 00 00 40 05 20 1e 12 a7 9d 09 ef ce >| 5f 25 78 14 a0 9a 2f 3e c6 a9 c9 37 >| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 10 seconds for #1 >| >| next event EVENT_v2_RETRANSMIT in 0 seconds for #1 >| *time to handle event >| handling event EVENT_v2_RETRANSMIT >| event after this is EVENT_PENDING_DDNS in 38 seconds >| processing connection ikev2 >| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0 >| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1) >| e2 fe cc f2 9b 56 0c 07 00 00 00 00 00 00 00 00 >| 21 20 22 08 00 00 00 00 00 00 01 1c 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| 91 9e a4 30 0c f8 f8 86 02 d3 7f 50 26 9d d6 5b >| 02 cf e0 94 bd 5c 59 8c fe b9 9c 50 4e b8 d5 8c >| 06 31 2d d4 69 5d c9 39 db 9d ea 12 d2 7d 4d a7 >| 1e 6a a6 25 ed 9d 40 e7 e6 7e cf 06 a3 39 ab a3 >| 37 d6 b8 03 16 82 5b 2c 51 d5 cb 6f 69 a0 9d 36 >| 23 91 c2 16 ab ad 63 13 e2 5b 09 d9 e3 82 2c 9b >| 7c 74 a1 1b 06 72 53 3f 9b e9 5a 96 cc 95 cb 5b >| f8 36 81 1d 92 18 c0 be a6 8c db 12 08 7c 31 4d >| 29 00 00 14 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 >| 5b 64 3d 72 29 00 00 1c 00 00 40 04 a8 21 a6 2b >| 89 23 64 31 35 c0 62 e0 a6 2a c7 80 e2 61 69 59 >| 00 00 00 1c 00 00 40 05 20 1e 12 a7 9d 09 ef ce >| 5f 25 78 14 a0 9a 2f 3e c6 a9 c9 37 >| inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1 >| event added at head of queue >| next event EVENT_v2_RETRANSMIT in 20 seconds for #1 >| >| *received 438 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500) >| e2 fe cc f2 9b 56 0c 07 ba b0 d9 f6 66 42 da 49 >| 21 20 22 20 00 00 00 00 00 00 01 b6 22 00 00 2c >| 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 >| 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 >| 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 >| 57 ae 15 49 e0 16 05 58 34 12 a4 02 47 27 23 74 >| 56 ee a6 ba 12 ad fb 42 10 ab d8 ff d1 8d f6 eb >| a4 fe b6 7a 8d bc 9a 5b 5f 00 d7 a4 56 c8 12 ac >| 12 9b 7f 6b 5f fe ab dc 31 9e f6 c4 20 e5 eb e9 >| c3 fa 56 ca 59 5c 54 ac 51 0f eb 67 5f 45 39 9a >| a4 61 c5 5f b0 1e c2 9d b6 d1 6b d8 96 01 88 c7 >| 2e 7d 0b 61 14 b0 b7 cf 98 42 1d a6 40 d3 09 42 >| 7e a5 d2 3f ee 00 b4 1f 77 45 98 72 e2 28 5f 3d >| 26 00 00 e1 dc e9 02 22 9e b3 94 ae 6e 8a 04 4a >| 14 69 8c 7f 58 75 1a d5 c2 66 3c 89 97 b6 94 78 >| 54 12 12 95 aa 2b 52 5a a6 67 42 6a 0a 6b e7 c1 >| 2d 4c 8e a2 5d d1 91 96 94 a7 3a 90 f2 ae c4 3a >| 26 c1 42 b8 99 36 33 9f e1 86 47 14 13 1b 4f 0c >| 78 c6 ad 09 5d 4e 22 26 f2 d1 26 16 6c 59 26 47 >| 1a b3 59 7f 0c 61 ce ea b0 bf 0f 77 d4 de 96 a9 >| 9f 9c 9e fe 2f 88 c7 ce a3 e8 ae 19 e6 38 38 42 >| 31 2f c7 f9 10 8c be 33 fa 4a a0 4e 25 a7 17 7b >| cf 9c 61 0a 68 f4 03 9b f2 94 45 10 e6 19 e4 38 >| b6 09 61 20 a4 42 32 18 d1 f0 02 60 b2 9e b6 43 >| d6 ad 28 6c 0a 5d 88 f1 f2 40 85 72 a8 18 69 ed >| bd 71 f9 16 bc 8f 28 71 4e 60 26 7d 87 b5 21 c0 >| 90 f5 60 1f 8b b6 15 17 96 52 58 10 fa 30 0b 7b >| 3a 00 00 00 05 04 >| **parse ISAKMP Message: >| initiator cookie: >| e2 fe cc f2 9b 56 0c 07 >| responder cookie: >| ba b0 d9 f6 66 42 da 49 >| next payload type: ISAKMP_NEXT_v2SA >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_SA_INIT >| flags: ISAKMP_FLAG_MSG_RESPONSE >| message ID: 00 00 00 00 >| length: 438 >| processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34) >| I am receiving an IKE Response >| I am the IKE SA Original Initiator >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: ba b0 d9 f6 66 42 da 49 >| state hash entry 6 >| parent v2 state object not found >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 0 >| parent v2 peer and cookies match on #1 >| v2 state object #1 found, in STATE_PARENT_I1 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: 00 00 00 00 00 00 00 00 >| state hash entry 0 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: ba b0 d9 f6 66 42 da 49 >| state hash entry 6 >| inserting state object #1 >| state found and its state is STATE_PARENT_I1 >| selected state microcode Initiator: process anti-spoofing cookie >| #1 state_busy:1855 st != NULL && st->st_calculating == FALSE; >| processing connection ikev2 >| Now let's proceed with payload (ISAKMP_NEXT_v2SA) >| ***parse IKEv2 Security Association Payload: >| next payload type: ISAKMP_NEXT_v2KE >| critical bit: none >| length: 44 >| processing payload: ISAKMP_NEXT_v2SA (len=44) >| Now let's proceed with payload (ISAKMP_NEXT_v2KE) >| ***parse IKEv2 Key Exchange Payload: >| IKEv2 next payload type: ISAKMP_NEXT_v2Ni >| critical bit: none >| length: 136 >| DH group: OAKLEY_GROUP_MODP1024 >| processing payload: ISAKMP_NEXT_v2KE (len=136) >| Now let's proceed with payload (ISAKMP_NEXT_v2Ni) >| ***parse IKEv2 Nonce Payload: >| next payload type: ISAKMP_NEXT_v2CERTREQ >| critical bit: none >| length: 225 >| processing payload: ISAKMP_NEXT_v2Ni (len=225) >| Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) >| ***parse IKEv2 Certificate Request Payload: >| next payload type: ISAKMP_NEXT_v2NONE >| critical bit: none >| length: 5 >| ikev2 cert encoding: CERT_X509_SIGNATURE >| processing payload: ISAKMP_NEXT_v2CERTREQ (len=5) >| ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| Now lets proceed with state specific processing >| calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH >| ikev2 parent inR1: calculating g^{xy} in order to send I2 >| DH public value received: >| 57 ae 15 49 e0 16 05 58 34 12 a4 02 47 27 23 74 >| 56 ee a6 ba 12 ad fb 42 10 ab d8 ff d1 8d f6 eb >| a4 fe b6 7a 8d bc 9a 5b 5f 00 d7 a4 56 c8 12 ac >| 12 9b 7f 6b 5f fe ab dc 31 9e f6 c4 20 e5 eb e9 >| c3 fa 56 ca 59 5c 54 ac 51 0f eb 67 5f 45 39 9a >| a4 61 c5 5f b0 1e c2 9d b6 d1 6b d8 96 01 88 c7 >| 2e 7d 0b 61 14 b0 b7 cf 98 42 1d a6 40 d3 09 42 >| 7e a5 d2 3f ee 00 b4 1f 77 45 98 72 e2 28 5f 3d >| ****parse IKEv2 Proposal Substructure Payload: >| last proposal: v2_PROPOSAL_LAST >| length: 40 >| prop #: 1 >| proto ID: IKEv2_SEC_PROTO_IKE >| spi size: 0 >| # transforms: 4 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_ENCR >| IKEv2 transform ID: 3DES >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_PRF >| IKEv2 transform ID: PRF_HMAC_SHA1 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_NON_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_INTEG >| IKEv2 transform ID: AUTH_HMAC_SHA1_96 >| *****parse IKEv2 Transform Substructure Payload: >| last transform: v2_TRANSFORM_LAST >| length: 8 >| IKEv2 transform type: TRANS_TYPE_DH >| IKEv2 transform ID: OAKLEY_GROUP_MODP1024 >| ipprotoid is '1' >| considering Transform Type TRANS_TYPE_ENCR, TransID 3 >| encrid(3), keylen(-1), encr_keylen(-1) >| proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1)) >| considering Transform Type TRANS_TYPE_INTEG, TransID 2 >| succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1)) >| considering Transform Type TRANS_TYPE_PRF, TransID 2 >| succeeded prf= (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1)) >| considering Transform Type TRANS_TYPE_DH, TransID 2 >| succeeded dh= (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024) >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES >| Copying DH pub key pointer to be sent to a thread helper >| crypto helper 0: pcw_work: 0 >| asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0) >| #1 send_crypto_helper_request:519 st->st_calculating = TRUE; >| deleting event for #1 >| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 >| event added after event EVENT_PENDING_PHASE2 >| complete v2 state transition with STF_SUSPEND >| * processed 0 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 38 seconds >| next event EVENT_PENDING_DDNS in 38 seconds >| crypto helper 0 read fd: 8 >| crypto helper 0 doing compute dh (V2); request ID 2 >| peer's g: 57 ae 15 49 e0 16 05 58 34 12 a4 02 47 27 23 74 >| peer's g: 56 ee a6 ba 12 ad fb 42 10 ab d8 ff d1 8d f6 eb >| peer's g: a4 fe b6 7a 8d bc 9a 5b 5f 00 d7 a4 56 c8 12 ac >| peer's g: 12 9b 7f 6b 5f fe ab dc 31 9e f6 c4 20 e5 eb e9 >| peer's g: c3 fa 56 ca 59 5c 54 ac 51 0f eb 67 5f 45 39 9a >| peer's g: a4 61 c5 5f b0 1e c2 9d b6 d1 6b d8 96 01 88 c7 >| peer's g: 2e 7d 0b 61 14 b0 b7 cf 98 42 1d a6 40 d3 09 42 >| peer's g: 7e a5 d2 3f ee 00 b4 1f 77 45 98 72 e2 28 5f 3d >| Started DH shared-secret computation in NSS: >| Dropped no leading zeros 128 >| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 716 usec >| NSS: Started key computation >| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24 >| skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha >| ni: 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 5b 64 3d 72 >| nr: dc e9 02 22 9e b3 94 ae 6e 8a 04 4a 14 69 8c 7f >| nr: 58 75 1a d5 c2 66 3c 89 97 b6 94 78 54 12 12 95 >| nr: aa 2b 52 5a a6 67 42 6a 0a 6b e7 c1 2d 4c 8e a2 >| nr: 5d d1 91 96 94 a7 3a 90 f2 ae c4 3a 26 c1 42 b8 >| nr: 99 36 33 9f e1 86 47 14 13 1b 4f 0c 78 c6 ad 09 >| nr: 5d 4e 22 26 f2 d1 26 16 6c 59 26 47 1a b3 59 7f >| nr: 0c 61 ce ea b0 bf 0f 77 d4 de 96 a9 9f 9c 9e fe >| nr: 2f 88 c7 ce a3 e8 ae 19 e6 38 38 42 31 2f c7 f9 >| nr: 10 8c be 33 fa 4a a0 4e 25 a7 17 7b cf 9c 61 0a >| nr: 68 f4 03 9b f2 94 45 10 e6 19 e4 38 b6 09 61 20 >| nr: a4 42 32 18 d1 f0 02 60 b2 9e b6 43 d6 ad 28 6c >| nr: 0a 5d 88 f1 f2 40 85 72 a8 18 69 ed bd 71 f9 16 >| nr: bc 8f 28 71 4e 60 26 7d 87 b5 21 c0 90 f5 60 1f >| nr: 8b b6 15 17 96 52 58 10 fa 30 0b 7b 3a >| NSS: digisig skeyid pointer: 0x7f618000b840 >| PRF+ input >| Ni 0e 98 32 f4 c2 d7 2c 90 5c 4a 8b f8 5b 64 3d 72 >| Nr dc e9 02 22 9e b3 94 ae 6e 8a 04 4a 14 69 8c 7f >| Nr 58 75 1a d5 c2 66 3c 89 97 b6 94 78 54 12 12 95 >| Nr aa 2b 52 5a a6 67 42 6a 0a 6b e7 c1 2d 4c 8e a2 >| Nr 5d d1 91 96 94 a7 3a 90 f2 ae c4 3a 26 c1 42 b8 >| Nr 99 36 33 9f e1 86 47 14 13 1b 4f 0c 78 c6 ad 09 >| Nr 5d 4e 22 26 f2 d1 26 16 6c 59 26 47 1a b3 59 7f >| Nr 0c 61 ce ea b0 bf 0f 77 d4 de 96 a9 9f 9c 9e fe >| Nr 2f 88 c7 ce a3 e8 ae 19 e6 38 38 42 31 2f c7 f9 >| Nr 10 8c be 33 fa 4a a0 4e 25 a7 17 7b cf 9c 61 0a >| Nr 68 f4 03 9b f2 94 45 10 e6 19 e4 38 b6 09 61 20 >| Nr a4 42 32 18 d1 f0 02 60 b2 9e b6 43 d6 ad 28 6c >| Nr 0a 5d 88 f1 f2 40 85 72 a8 18 69 ed bd 71 f9 16 >| Nr bc 8f 28 71 4e 60 26 7d 87 b5 21 c0 90 f5 60 1f >| Nr 8b b6 15 17 96 52 58 10 fa 30 0b 7b 3a >| SPIi e2 fe cc f2 9b 56 0c 07 >| SPIr ba b0 d9 f6 66 42 da 49 >| Total keysize needed 148 >| NSS ikev2: finished computing key material for IKEv2 SA >| NSS ikev2: finished computing individual keys for IKEv2 SA >| calc_skeyseed_v2 pointers: shared 0x7f6180005430, skeyseed 0x7f618000b840, SK_d 0x7f618000d0c0, SK_ai 0x7f6180009f00, SK_ar 0x7f618000ea90, SK_ei 0x7f6180008570, SK_er 0x7f6180004220, SK_pi 0x7f6180010460, SK_pr 0x7f6180011e50 >| >| crypto helper 0 has finished work (pcw_work now 1) >| crypto helper 0 replies to request ID 2 >| calling continuation function 0x7f618ec46e80 >| ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 >| processing connection ikev2 >| #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE; >| duplicating state object #1 >| creating state object #2 at 0x7f6190c2d0b0 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: ba b0 d9 f6 66 42 da 49 >| state hash entry 6 >| inserting state object #2 >| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 >| event added at head of queue >| deleting event for #1 >| inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1 >| event added after event EVENT_REINIT_SECRET >| **emit ISAKMP Message: >| initiator cookie: >| e2 fe cc f2 9b 56 0c 07 >| responder cookie: >| ba b0 d9 f6 66 42 da 49 >| next payload type: ISAKMP_NEXT_v2E >| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) >| exchange type: ISAKMP_v2_AUTH >| flags: ISAKMP_FLAG_IKE_INIT >| message ID: 00 00 00 01 >| ***emit IKEv2 Encryption Payload: >| next payload type: ISAKMP_NEXT_v2IDi >| critical bit: none >| emitting 8 zero bytes of iv into IKEv2 Encryption Payload >| IKEv2 thinking whether to send my certificate: >| my policy has no RSASIG, the policy is : PSK+ENCRYPT+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW >| sendcert: CERT_ALWAYSSEND and I did not get a certificate request >| so do not send cert. >| I did not send a certificate because digital signatures are not being used. (PSK) >| *****emit IKEv2 Identification Payload: >| next payload type: ISAKMP_NEXT_v2AUTH >| critical bit: none >| id_type: ID_IPV6_ADDR >| emitting 16 raw bytes of my identity into IKEv2 Identification Payload >| my identity 20 01 0d b8 00 01 00 01 00 00 00 00 00 00 12 34 >| emitting length of IKEv2 Identification Payload: 24 >| idhash calc I2 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| idhash calc I2 00 00 12 34 >| hmac_update data value: >| 05 00 00 00 20 01 0d b8 00 01 00 01 00 00 00 00 >| 00 00 12 34 >| hmac_update: inside if >| hmac_update: after digest >| hmac_update: after assert >| *****emit IKEv2 Authentication Payload: >| next payload type: ISAKMP_NEXT_v2SA >| critical bit: none >| auth method: IKEv2_AUTH_SHARED >| started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK >| line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_RSA >| concluding with best_match=0 best=(nil) (lineno=-1) >"ikev2" #1: No matching PSK found for connection:ikev2 >"ikev2" #1: Failed to find our PreShared Key >| complete v2 state transition with STF_FATAL >| deleting event for #2 >| deleting state #2 >| deleting event for #2 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: ba b0 d9 f6 66 42 da 49 >| state hash entry 6 >| * processed 1 messages from cryptographic helpers >| next event EVENT_PENDING_DDNS in 38 seconds >| next event EVENT_PENDING_DDNS in 38 seconds >| >| *received whack message >shutting down >| certs and keys locked by 'free_preshared_secrets' >forgetting secrets >| certs and keys unlocked by 'free_preshard_secrets' >| unreference key: 0x7f6190c1e6f0 2001:db8:f:1::1 cnt 1-- >| unreference key: 0x7f6190c26990 %any cnt 1-- >| unreference key: 0x7f6190c1e640 C=XX, ST=redhat, O=Default Company Ltd, CN=server cnt 1-- >| unreference key: 0x7f6190c1e380 2001:db8:1:1::1234 cnt 1-- >| unreference key: 0x7f6190c25040 C=XX, ST=redhat, O=Default Company Ltd, CN=client cnt 1-- >| processing connection ikev2 >"ikev2": deleting connection >| removing pending policy for "none" {0x7f6190c2a630} >| processing connection ikev2 >"ikev2" #1: deleting state (STATE_PARENT_I2) >| deleting event for #1 >| deleting state #1 >| deleting event for #1 >| ICOOKIE: e2 fe cc f2 9b 56 0c 07 >| RCOOKIE: ba b0 d9 f6 66 42 da 49 >| state hash entry 6 >| certs and keys locked by 'release_x509cert' >| certs and keys unlocked by 'release_x509cert' >| certs and keys locked by 'release_x509cert' >| certs and keys unlocked by 'release_x509cert' >| crl fetch request list locked by 'free_crl_fetch' >| crl fetch request list unlocked by 'free_crl_fetch' >| authcert list locked by 'free_authcerts' >| authcert list unlocked by 'free_authcerts' >| crl list locked by 'free_crls' >| crl list unlocked by 'free_crls' >shutting down interface lo/lo ::1:500 >shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 >shutting down interface lo/lo 127.0.0.1:4500 >shutting down interface lo/lo 127.0.0.1:500 >shutting down interface p7p1/p7p1 10.66.13.22:4500 >shutting down interface p7p1/p7p1 10.66.13.22:500
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1158748
: 951970