Plutorun started on Fri Oct 23 09:10:44 CST 2009 adjusting ipsec.d to /etc/ipsec.d nss directory plutomain: /etc/ipsec.d NSS Initialized Non-fips mode set in /proc/sys/crypto/fips_enabled Non-fips mode set in /proc/sys/crypto/fips_enabled Starting Pluto (Openswan Version 2.6.21; Vendor ID OE~q\177kZNr}Wk) pid:17499 Setting NAT-Traversal port-4500 floating to off port floating activation criteria nat_t=0/port_float=1 including NAT-Traversal patch (Version 0.6c) [disabled] | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds | event added at head of queue | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds | event added at head of queue ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) starting up 1 cryptographic helpers main fd(9) helper fd(10) started helper (thread) pid=-1208497264 (fd:9) Using Linux 2.6 IPsec interface code on 2.6.18-164.el5PAE (experimental code) | process 17499 listening for PF_KEY_V2 on file descriptor 13 | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH | 02 07 00 02 02 00 00 00 01 00 00 00 5b 44 00 00 | status value returned by setting the priority of this thread (id=0) 22 | helper 0 waiting on fd: 10 | pfkey_get: K_SADB_REGISTER message 1 | AH registered with kernel. | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP | 02 07 00 03 02 00 00 00 02 00 00 00 5b 44 00 00 | pfkey_get: K_SADB_REGISTER message 2 | alg_init():memset(0xcae660, 0, 2016) memset(0xcaee40, 0, 2048) | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=19 sadb_supported_len=56 | kernel_alg_add():satype=3, exttype=14, alg_id=251 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 | kernel_alg_add():satype=3, exttype=14, alg_id=2 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 | kernel_alg_add():satype=3, exttype=14, alg_id=3 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 | kernel_alg_add():satype=3, exttype=14, alg_id=5 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 | kernel_alg_add():satype=3, exttype=14, alg_id=8 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 | kernel_alg_add():satype=3, exttype=14, alg_id=9 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=19 sadb_supported_len=80 | kernel_alg_add():satype=3, exttype=15, alg_id=11 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=2 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=3 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=6 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=7 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=12 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=252 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=253 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=13 | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | kernel_alg_add():satype=3, exttype=15, alg_id=18 | kernel_alg_add():satype=3, exttype=15, alg_id=19 | kernel_alg_add():satype=3, exttype=15, alg_id=20 | kernel_alg_add():satype=3, exttype=15, alg_id=14 | kernel_alg_add():satype=3, exttype=15, alg_id=15 | kernel_alg_add():satype=3, exttype=15, alg_id=16 ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_register_enc(): Activating : Ok (ret=0) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) | ESP registered with kernel. | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP | 02 07 00 09 02 00 00 00 03 00 00 00 5b 44 00 00 | pfkey_get: K_SADB_REGISTER message 3 | IPCOMP registered with kernel. myid malformed: empty string "" Could not change to directory '/etc/ipsec.d/cacerts': /root Could not change to directory '/etc/ipsec.d/aacerts': /root Could not change to directory '/etc/ipsec.d/ocspcerts': /root Could not change to directory '/etc/ipsec.d/crls' | inserting event EVENT_LOG_DAILY, timeout in 53356 seconds | event added after event EVENT_REINIT_SECRET | next event EVENT_PENDING_PHASE2 in 120 seconds | | *received whack message | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0 | enum_search_prefix () calling enum_search(0xc93d80, "OAKLEY_3DES") | enum_search_ppfixi () calling enum_search(0xc93d80, "OAKLEY_3DES_CBC") | parser_alg_info_add() ealg_getbyname("3des")=5 | enum_search_prefix () calling enum_search(0xc93d90, "OAKLEY_SHA1") Non-fips mode set in /proc/sys/crypto/fips_enabled | parser_alg_info_add() aalg_getbyname("sha1")=2 | enum_search_prefix () calling enum_search(0xc93da0, "OAKLEY_GROUP_MODP1024") | parser_alg_info_add() modp_getbyname("modp1024")=2 | __alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1 | Added new connection host-host with policy PSK+ENCRYPT+PFS+IKEv2ALLOW+IKEv2Init | from whack: got --esp=3des-sha1 | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0 | enum_search_prefix () calling enum_search(0xc93d10, "ESP_3DES") | parser_alg_info_add() ealg_getbyname("3des")=3 | enum_search_prefix () calling enum_search(0xc909e8, "AUTH_ALGORITHM_HMAC_SHA1") Non-fips mode set in /proc/sys/crypto/fips_enabled | parser_alg_info_add() aalg_getbyname("sha1")=2 | __alg_info_esp_add() ealg=3 aalg=2 cnt=1 | esp string values: 3DES(3)_000-SHA1(2); flags=-strict | ike (phase1) algorihtm values: 3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=-strict | counting wild cards for 2001:db8:1:1::1234 is 0 | counting wild cards for 2001:db8:f:1::1 is 0 | alg_info_addref() alg_info->ref_cnt=1 | alg_info_addref() alg_info->ref_cnt=1 | alg_info_addref() alg_info->ref_cnt=2 | alg_info_addref() alg_info->ref_cnt=2 added connection description "host-host" | 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>[+S=C]...2001:db8:f:1::1<2001:0db8:000f:0001::1>[+S=C] | ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+PFS+IKEv2ALLOW+IKEv2Init | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_PHASE2 in 120 seconds | next event EVENT_PENDING_PHASE2 in 120 seconds | | *received whack message listening for IKE messages | found lo with address 127.0.0.1 | found eth0 with address 192.168.0.10 adding interface eth0/eth0 192.168.0.10:500 adding interface lo/lo 127.0.0.1:500 | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 | found eth0 with address 2001:0db8:0001:0001:0000:0000:0000:1234 adding interface eth0/eth0 2001:db8:1:1::1234:500 adding interface lo/lo ::1:500 | connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none loading secrets from "/etc/ipsec.secrets" | Processing PSK at line 1: passed | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_PHASE2 in 120 seconds | next event EVENT_PENDING_PHASE2 in 120 seconds | | *received whack message | processing connection host-host | route owner of "host-host" unrouted: NULL; eroute owner: NULL | could_route called for host-host (kind=CK_PERMANENT) | route owner of "host-host" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: host-host (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 | request to add a prospective erouted policy with netkey kernel --- experimental | route_and_eroute: firewall_notified: true | command executing prepare-host-v6 | executing prepare-host-v6: 2>&1 PLUTO_VERB='prepare-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-host' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:1::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/128' PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='2001:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1::1/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+IKEv2ALLOW+IKEv2Init' ipsec _updown | popen(): cmd is 748 chars long | cmd( 0):2>&1 PLUTO_VERB='prepare-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-hos: | cmd( 80):t' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:: | cmd( 160):1::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/12: | cmd( 240):8' PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff: | cmd( 320)::ffff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='2: | cmd( 400):001:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1:: | cmd( 480)::1/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:fff: | cmd( 560):f:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: | cmd( 640):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+IKEv2ALLO: | cmd( 720):W+IKEv2Init' ipsec _updown: | command executing route-host-v6 | executing route-host-v6: 2>&1 PLUTO_VERB='route-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-host' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:1::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/128' PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='2001:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1::1/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+IKEv2ALLOW+IKEv2Init' ipsec _updown | popen(): cmd is 746 chars long | cmd( 0):2>&1 PLUTO_VERB='route-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-host': | cmd( 80): PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:1:: | cmd( 160)::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/128': | cmd( 240): PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff:f: | cmd( 320):fff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200: | cmd( 400):1:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1::1: | cmd( 480):/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:ffff:: | cmd( 560):ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: | cmd( 640):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+IKEv2ALLOW+: | cmd( 720):IKEv2Init' ipsec _updown: | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_PHASE2 in 120 seconds | next event EVENT_PENDING_PHASE2 in 120 seconds | | *received whack message | processing connection host-host | kernel_alg_db_new() initial trans_cnt=90 | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=2 | returning new proposal from esp_info | creating state object #1 at 0x86654c8 | processing connection host-host | ICOOKIE: 80 7b d6 90 63 cc b7 0f | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 22 | inserting state object #1 on chain 22 | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 | event added at head of queue | processing connection host-host | Queuing pending Quick Mode with 2001:db8:f:1::1 "host-host" "host-host" #1: initiating v2 parent SA | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 | asking helper 0 to do build_kenonce op on seq: 1 (len=2680, pcw_work=1) | helper 0 read 2676+4/2680 bytes fd: 10 | helper 0 doing build_kenonce op id: 1 | crypto helper write of request: cnt=2680 "host-host" #1 | sending 244 bytes for EVENT_v2_RETRANSMIT through eth0:500 to 2001:db8:f:1::1:500 (using #1) | 80 7b d6 90 63 cc b7 0f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 00 f4 22 80 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | 91 97 46 e4 f8 23 45 f4 8b 35 26 17 75 7c 76 c1 | 1d 6e 0a fb b2 1e 03 4d 63 64 18 18 c8 98 0b bf | a2 d5 3d 87 74 4e f4 0b c8 33 37 4b f2 cc 33 1b | 5c 38 78 4c ba 44 5b 6a 9b 05 ff 5a 34 06 dc 0e | 97 81 52 15 b0 69 ce 45 43 a6 9e 63 4f 3b 13 1b | 60 a2 ba 35 da a4 c4 94 d0 2a 33 6f 53 0e 21 cd | bd 25 37 cb 96 8b 75 29 91 b1 d4 3b 9d 81 ac 8e | 7b 4d e0 ed 96 6e 50 f4 ec ac e0 41 ba 21 54 c5 | 2b 80 00 14 b1 a5 7f a0 27 ba 15 a6 d5 f3 7e 50 | fc 34 6e 5f 00 00 00 10 4f 45 7e 71 7f 6b 5a 4e | 72 7d 57 6b | inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 20 seconds for #1 | | *received 40 bytes from 2001:db8:f:1::1:500 on eth0 (port=500) | 86 6c 31 f6 9b 1e 64 11 00 00 00 00 00 00 00 00 | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c | 00 00 00 00 01 00 00 01 | **parse ISAKMP Message: | initiator cookie: | 86 6c 31 f6 9b 1e 64 11 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_N | ISAKMP version: ISAKMP Version 1.0 (rfc2407) | exchange type: ISAKMP_XCHG_INFO | flags: none | message ID: 00 00 00 00 | length: 40 | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | ICOOKIE: 86 6c 31 f6 9b 1e 64 11 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 27 | p15 state object not found | ICOOKIE: 86 6c 31 f6 9b 1e 64 11 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 27 | v1 state object not found | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE | length: 12 | DOI: ISAKMP_DOI_ISAKMP | protocol ID: 1 | SPI size: 0 | Notify Message Type: INVALID_PAYLOAD_TYPE packet from 2001:db8:f:1::1:500: ignoring informational payload, type INVALID_PAYLOAD_TYPE on st==NULL (deleted?) | info: | processing informational INVALID_PAYLOAD_TYPE (1) packet from 2001:db8:f:1::1:500: received and ignored informational message | complete state transition with STF_IGNORE | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 20 seconds for #1 | next event EVENT_v2_RETRANSMIT in 20 seconds for #1 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #1 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_PHASE2 in 90 seconds | processing connection host-host | handling event EVENT_RETRANSMIT for "host-host" #1 | sending 244 bytes for EVENT_v2_RETRANSMIT through eth0:500 to 2001:db8:f:1::1:500 (using #1) | 80 7b d6 90 63 cc b7 0f 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 00 f4 22 80 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | 91 97 46 e4 f8 23 45 f4 8b 35 26 17 75 7c 76 c1 | 1d 6e 0a fb b2 1e 03 4d 63 64 18 18 c8 98 0b bf | a2 d5 3d 87 74 4e f4 0b c8 33 37 4b f2 cc 33 1b | 5c 38 78 4c ba 44 5b 6a 9b 05 ff 5a 34 06 dc 0e | 97 81 52 15 b0 69 ce 45 43 a6 9e 63 4f 3b 13 1b | 60 a2 ba 35 da a4 c4 94 d0 2a 33 6f 53 0e 21 cd | bd 25 37 cb 96 8b 75 29 91 b1 d4 3b 9d 81 ac 8e | 7b 4d e0 ed 96 6e 50 f4 ec ac e0 41 ba 21 54 c5 | 2b 80 00 14 b1 a5 7f a0 27 ba 15 a6 d5 f3 7e 50 | fc 34 6e 5f 00 00 00 10 4f 45 7e 71 7f 6b 5a 4e | 72 7d 57 6b | inserting event EVENT_v2_RETRANSMIT, timeout in 40 seconds for #1 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 40 seconds for #1 | | *received 40 bytes from 2001:db8:f:1::1:500 on eth0 (port=500) | 55 0b f8 d8 77 41 04 04 00 00 00 00 00 00 00 00 | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c | 00 00 00 00 01 00 00 01 | **parse ISAKMP Message: | initiator cookie: | 55 0b f8 d8 77 41 04 04 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_N | ISAKMP version: ISAKMP Version 1.0 (rfc2407) | exchange type: ISAKMP_XCHG_INFO | flags: none | message ID: 00 00 00 00 | length: 40 | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | ICOOKIE: 55 0b f8 d8 77 41 04 04 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 0 | p15 state object not found | ICOOKIE: 55 0b f8 d8 77 41 04 04 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 0 | v1 state object not found | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE | length: 12 | DOI: ISAKMP_DOI_ISAKMP | protocol ID: 1 | SPI size: 0 | Notify Message Type: INVALID_PAYLOAD_TYPE packet from 2001:db8:f:1::1:500: ignoring informational payload, type INVALID_PAYLOAD_TYPE on st==NULL (deleted?) | info: | processing informational INVALID_PAYLOAD_TYPE (1) packet from 2001:db8:f:1::1:500: received and ignored informational message | complete state transition with STF_IGNORE | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 40 seconds for #1 | next event EVENT_v2_RETRANSMIT in 40 seconds for #1 | | *received kernel message | netlink_get: XFRM_MSG_ACQUIRE message | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 13 seconds for #1 | next event EVENT_v2_RETRANSMIT in 13 seconds for #1 | | *received whack message | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 | kernel_alg_esp_enc_keylen():alg_id=3, keylen=24 | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20 | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 5 seconds for #1 | next event EVENT_v2_RETRANSMIT in 5 seconds for #1 | | *received whack message | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 | kernel_alg_esp_enc_keylen():alg_id=3, keylen=24 | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20 | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 5 seconds for #1 | next event EVENT_v2_RETRANSMIT in 5 seconds for #1 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #1 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_PHASE2 in 50 seconds | processing connection host-host | handling event EVENT_RETRANSMIT for "host-host" #1 "host-host" #1: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #1: starting keying attempt 2 of at most 1 | creating state object #2 at 0x866a9a8 | processing connection host-host | ICOOKIE: e6 10 97 ce 7f b1 e5 f5 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 27 | inserting state object #2 on chain 27 | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 | event added at head of queue | processing connection host-host "host-host" #2: initiating v2 parent SA to replace #1 | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 | asking helper 0 to do build_kenonce op on seq: 2 (len=2680, pcw_work=1) | crypto helper write of request: cnt=2680 "host-host" #2 | sending 244 bytes for EVENT_v2_RETRANSMIT through eth0:500 to 2001:db8:f:1::1:500 (using #2) | e6 10 97 ce 7f b1 e5 f5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 00 f4 22 80 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | 29 bc 93 f3 c1 39 75 f1 a9 bf 23 35 7c 96 f2 34 | e5 a8 98 e4 9c 70 b0 2a d5 7b 27 5c 39 ac 12 e6 | 83 54 af ed c3 ad 5b c4 8e 48 f0 f2 c9 49 09 11 | fb c9 c0 af f1 dd 6c 69 4e 7f 8a f4 7c 8d ac 5c | a3 85 2c 31 eb 3d 1f e9 33 6d c0 70 74 01 46 6e | 47 43 06 34 fe 2d 77 1f 74 ac 3c 5c 62 b0 0e f7 | 28 94 09 37 72 87 36 82 27 99 75 8f f7 47 93 8a | e8 a8 9f 99 b1 8e ca c2 d0 97 0b a3 34 8d 6c 48 | 2b 80 00 14 26 f3 86 97 9d d2 16 72 04 7b 8d 67 | 3f ac 1e 90 00 00 00 10 4f 45 7e 71 7f 6b 5a 4e | 72 7d 57 6b | inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #2 | event added at head of queue | next event EVENT_v2_RETRANSMIT in 20 seconds for #2 | | *received 40 bytes from 2001:db8:f:1::1:500 on eth0 (port=500) | 76 25 d1 1f de 4b 84 37 00 00 00 00 00 00 00 00 | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c | 00 00 00 00 01 00 00 01 | **parse ISAKMP Message: | initiator cookie: | 76 25 d1 1f de 4b 84 37 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_N | ISAKMP version: ISAKMP Version 1.0 (rfc2407) | exchange type: ISAKMP_XCHG_INFO | flags: none | message ID: 00 00 00 00 | length: 40 | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | ICOOKIE: 76 25 d1 1f de 4b 84 37 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 21 | p15 state object not found | ICOOKIE: 76 25 d1 1f de 4b 84 37 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 21 | v1 state object not found | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE | length: 12 | DOI: ISAKMP_DOI_ISAKMP | protocol ID: 1 | SPI size: 0 | Notify Message Type: INVALID_PAYLOAD_TYPE packet from 2001:db8:f:1::1:500: ignoring informational payload, type INVALID_PAYLOAD_TYPE on st==NULL (deleted?) | info: | processing informational INVALID_PAYLOAD_TYPE (1) packet from 2001:db8:f:1::1:500: received and ignored informational message | complete state transition with STF_IGNORE | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 20 seconds for #2 | next event EVENT_v2_RETRANSMIT in 20 seconds for #2 | | *received whack message | * processed 0 messages from cryptographic helpers | next event EVENT_v2_RETRANSMIT in 6 seconds for #2 | next event EVENT_v2_RETRANSMIT in 6 seconds for #2 | | next event EVENT_v2_RETRANSMIT in 0 seconds for #2 | *time to handle event | handling event EVENT_v2_RETRANSMIT | event after this is EVENT_PENDING_PHASE2 in 20 seconds | processing connection host-host | handling event EVENT_RETRANSMIT for "host-host" #2 | sending 244 bytes for EVENT_v2_RETRANSMIT through eth0:500 to 2001:db8:f:1::1:500 (using #2) | e6 10 97 ce 7f b1 e5 f5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 00 f4 22 80 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 | 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 | 29 bc 93 f3 c1 39 75 f1 a9 bf 23 35 7c 96 f2 34 | e5 a8 98 e4 9c 70 b0 2a d5 7b 27 5c 39 ac 12 e6 | 83 54 af ed c3 ad 5b c4 8e 48 f0 f2 c9 49 09 11 | fb c9 c0 af f1 dd 6c 69 4e 7f 8a f4 7c 8d ac 5c | a3 85 2c 31 eb 3d 1f e9 33 6d c0 70 74 01 46 6e | 47 43 06 34 fe 2d 77 1f 74 ac 3c 5c 62 b0 0e f7 | 28 94 09 37 72 87 36 82 27 99 75 8f f7 47 93 8a | e8 a8 9f 99 b1 8e ca c2 d0 97 0b a3 34 8d 6c 48 | 2b 80 00 14 26 f3 86 97 9d d2 16 72 04 7b 8d 67 | 3f ac 1e 90 00 00 00 10 4f 45 7e 71 7f 6b 5a 4e | 72 7d 57 6b | inserting event EVENT_v2_RETRANSMIT, timeout in 40 seconds for #2 | event added after event EVENT_PENDING_PHASE2 | next event EVENT_PENDING_PHASE2 in 20 seconds | | *received 40 bytes from 2001:db8:f:1::1:500 on eth0 (port=500) | 67 3f c3 34 ba bf 4f fa 00 00 00 00 00 00 00 00 | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c | 00 00 00 00 01 00 00 01 | **parse ISAKMP Message: | initiator cookie: | 67 3f c3 34 ba bf 4f fa | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_N | ISAKMP version: ISAKMP Version 1.0 (rfc2407) | exchange type: ISAKMP_XCHG_INFO | flags: none | message ID: 00 00 00 00 | length: 40 | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | ICOOKIE: 67 3f c3 34 ba bf 4f fa | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 17 | p15 state object not found | ICOOKIE: 67 3f c3 34 ba bf 4f fa | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 17 | v1 state object not found | got payload 0x800(ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE | length: 12 | DOI: ISAKMP_DOI_ISAKMP | protocol ID: 1 | SPI size: 0 | Notify Message Type: INVALID_PAYLOAD_TYPE packet from 2001:db8:f:1::1:500: ignoring informational payload, type INVALID_PAYLOAD_TYPE on st==NULL (deleted?) | info: | processing informational INVALID_PAYLOAD_TYPE (1) packet from 2001:db8:f:1::1:500: received and ignored informational message | complete state transition with STF_IGNORE | * processed 0 messages from cryptographic helpers | next event EVENT_PENDING_PHASE2 in 20 seconds | next event EVENT_PENDING_PHASE2 in 20 seconds | | next event EVENT_PENDING_PHASE2 in 0 seconds | *time to handle event | handling event EVENT_PENDING_PHASE2 | event after this is EVENT_v2_RETRANSMIT in 20 seconds | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds | event added after event EVENT_v2_RETRANSMIT for #2 | pending review: connection "host-host" checked | next event EVENT_v2_RETRANSMIT in 20 seconds for #2 | | *received whack message shutting down forgetting secrets | processing connection host-host "host-host": deleting connection | processing connection host-host "host-host" #2: deleting state (STATE_PARENT_I1) | deleting event for #2 | deleting state #2 | deleting event for #2 | no suspended cryptographic state for 2 | ICOOKIE: e6 10 97 ce 7f b1 e5 f5 | RCOOKIE: 00 00 00 00 00 00 00 00 | state hash entry 27 | request to delete a unrouted policy with netkey kernel --- experimental | route owner of "host-host" unrouted: NULL | command executing unroute-host-v6 | executing unroute-host-v6: 2>&1 PLUTO_VERB='unroute-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-host' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:1::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/128' PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='2001:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1::1/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+UP+IKEv2ALLOW+IKEv2Init' ipsec _updown | popen(): cmd is 751 chars long | cmd( 0):2>&1 PLUTO_VERB='unroute-host-v6' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-hos: | cmd( 80):t' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='2001:db8:f:1::1' PLUTO_ME='2001:db8:1:: | cmd( 160):1::1234' PLUTO_MY_ID='2001:db8:1:1::1234' PLUTO_MY_CLIENT='2001:db8:1:1::1234/12: | cmd( 240):8' PLUTO_MY_CLIENT_NET='2001:db8:1:1::1234' PLUTO_MY_CLIENT_MASK='ffff:ffff:ffff: | cmd( 320)::ffff:ffff:ffff:ffff:ffff' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='2: | cmd( 400):001:db8:f:1::1' PLUTO_PEER_ID='2001:db8:f:1::1' PLUTO_PEER_CLIENT='2001:db8:f:1:: | cmd( 480)::1/128' PLUTO_PEER_CLIENT_NET='2001:db8:f:1::1' PLUTO_PEER_CLIENT_MASK='ffff:fff: | cmd( 560):f:ffff:ffff:ffff:ffff:ffff:ffff' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: | cmd( 640):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+PFS+UP+IKEv2A: | cmd( 720):LLOW+IKEv2Init' ipsec _updown: | alg_info_delref(0x8660128) alg_info->ref_cnt=2 | alg_info_delref(0x865f8d0) alg_info->ref_cnt=2 shutting down interface lo/lo ::1:500 shutting down interface eth0/eth0 2001:db8:1:1::1234:500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.168.0.10:500