[vpn-help] Shrew 2.2.0 OS X build does not work on OSX 10.6.8
Jinyan Huang
jhuang.tongji at gmail.com
Wed Dec 21 01:50:56 CST 2011
Now have a new problem. I can connect the vpn. But can not do ssh. The
log file is in the attachment.
11/12/21 08:39:00 ## : IKE Daemon, ver 2.2.0
11/12/21 08:39:00 ## : Copyright 2009 Shrew Soft Inc.
11/12/21 08:39:00 ## : This product linked OpenSSL 0.9.8r 8 Feb 2011
11/12/21 08:39:00 ii : opened '/var/log/iked.log'
11/12/21 08:39:00 ii : network process thread begin ...
11/12/21 08:39:00 ii : pfkey process thread begin ...
11/12/21 08:39:00 K< : recv pfkey REGISTER AH message
11/12/21 08:39:00 K< : recv pfkey REGISTER ESP message
11/12/21 08:39:00 K< : recv pfkey REGISTER IPCOMP message
11/12/21 08:39:00 K< : recv pfkey X_SPDDUMP UNSPEC message
11/12/21 08:39:00 DB : policy added ( obj count = 1 )
11/12/21 08:39:00 K< : recv pfkey X_SPDDUMP UNSPEC message
11/12/21 08:39:00 DB : policy added ( obj count = 2 )
11/12/21 08:39:00 ii : ipc server process thread begin ...
11/12/21 08:39:10 ii : ipc client process thread begin ...
11/12/21 08:39:10 <A : peer config add message
11/12/21 08:39:10 <A : proposal config message
11/12/21 08:39:10 <A : proposal config message
11/12/21 08:39:10 <A : client config message
11/12/21 08:39:10 <A : local id 'jhuang at testb.fr' message
11/12/21 08:39:10 <A : remote id 'sauron.testb.fr' message
11/12/21 08:39:10 <A : remote certificate data message
11/12/21 08:39:10 !! : remote certificate read failed, requesting password
11/12/21 08:39:15 <A : file password
11/12/21 08:39:15 <A : remote certificate data message
11/12/21 08:39:15 ii : remote certificate read complete ( 796 bytes )
11/12/21 08:39:15 <A : local certificate data message
11/12/21 08:39:15 ii : local certificate read complete ( 732 bytes )
11/12/21 08:39:15 <A : local key data message
11/12/21 08:39:15 ii : local key read complete ( 608 bytes )
11/12/21 08:39:15 <A : remote resource message
11/12/21 08:39:15 <A : peer tunnel enable message
11/12/21 08:39:15 DB : peer added ( obj count = 1 )
11/12/21 08:39:15 ii : local address 172.16.1.214 selected for peer
11/12/21 08:39:15 DB : tunnel added ( obj count = 1 )
11/12/21 08:39:15 DB : new phase1 ( ISAKMP initiator )
11/12/21 08:39:15 DB : exchange type is aggressive
11/12/21 08:39:15 DB : 172.16.1.214:500 <-> 191.2.2.2:500
11/12/21 08:39:15 DB : 88df47186ad8974b:0000000000000000
11/12/21 08:39:15 DB : phase1 added ( obj count = 1 )
11/12/21 08:39:15 >> : security association payload
11/12/21 08:39:15 >> : - proposal #1 payload
11/12/21 08:39:15 >> : -- transform #1 payload
11/12/21 08:39:15 >> : key exchange payload
11/12/21 08:39:15 >> : nonce payload
11/12/21 08:39:15 >> : cert request payload
11/12/21 08:39:15 >> : identification payload
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports nat-t ( draft v00 )
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports nat-t ( draft v01 )
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports nat-t ( draft v02 )
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports nat-t ( draft v03 )
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports nat-t ( rfc )
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports FRAGMENTATION
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local supports DPDv1
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local is SHREW SOFT compatible
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local is NETSCREEN compatible
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local is SIDEWINDER compatible
11/12/21 08:39:15 >> : vendor id payload
11/12/21 08:39:15 ii : local is CISCO UNITY compatible
11/12/21 08:39:15 >= : cookies 88df47186ad8974b:0000000000000000
11/12/21 08:39:15 >= : message 00000000
11/12/21 08:39:15 -> : send IKE packet 172.16.1.214:500 ->
191.2.2.2:500 ( 544 bytes )
11/12/21 08:39:15 DB : phase1 resend event scheduled ( ref count = 2 )
11/12/21 08:39:15 <- : recv IKE packet 191.2.2.2:500 ->
172.16.1.214:500 ( 2017 bytes )
11/12/21 08:39:15 DB : phase1 found
11/12/21 08:39:15 ii : processing phase1 packet ( 2017 bytes )
11/12/21 08:39:15 =< : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:15 =< : message 00000000
11/12/21 08:39:15 << : security association payload
11/12/21 08:39:15 << : - propsal #1 payload
11/12/21 08:39:15 << : -- transform #1 payload
11/12/21 08:39:15 ii : matched isakmp proposal #1 transform #1
11/12/21 08:39:15 ii : - transform = ike
11/12/21 08:39:15 ii : - cipher type = 3des
11/12/21 08:39:15 ii : - key length = default
11/12/21 08:39:15 ii : - hash type = sha1
11/12/21 08:39:15 ii : - dh group = group2 ( modp-1024 )
11/12/21 08:39:15 ii : - auth type = sig-rsa
11/12/21 08:39:15 ii : - life seconds = 86400
11/12/21 08:39:15 ii : - life kbytes = 0
11/12/21 08:39:15 << : vendor id payload
11/12/21 08:39:15 ii : unknown vendor id ( 16 bytes )
11/12/21 08:39:15 0x : 6c0dcd48 1deae8ae 0b0a6838 4b3072f9
11/12/21 08:39:15 << : vendor id payload
11/12/21 08:39:15 ii : peer supports nat-t ( draft v02 )
11/12/21 08:39:15 << : vendor id payload
11/12/21 08:39:15 ii : peer supports nat-t ( draft v03 )
11/12/21 08:39:15 << : vendor id payload
11/12/21 08:39:15 ii : peer supports nat-t ( rfc )
11/12/21 08:39:15 << : vendor id payload
11/12/21 08:39:15 ii : peer supports DPDv1
11/12/21 08:39:15 << : key exchange payload
11/12/21 08:39:15 << : nonce payload
11/12/21 08:39:15 << : certificate payload
11/12/21 08:39:15 << : nat discovery payload
11/12/21 08:39:15 << : nat discovery payload
11/12/21 08:39:15 << : identification payload
11/12/21 08:39:15 ii : phase1 id match
11/12/21 08:39:15 ii : received = fqdn sauron.testb.fr
11/12/21 08:39:15 << : certificate payload
11/12/21 08:39:15 << : signature payload
11/12/21 08:39:15 ii : nat discovery - local address is translated
11/12/21 08:39:15 ii : switching to src nat-t udp port 4500
11/12/21 08:39:15 ii : switching to dst nat-t udp port 4500
11/12/21 08:39:16 == : DH shared secret ( 128 bytes )
11/12/21 08:39:16 == : SETKEYID ( 20 bytes )
11/12/21 08:39:16 == : SETKEYID_d ( 20 bytes )
11/12/21 08:39:16 == : SETKEYID_a ( 20 bytes )
11/12/21 08:39:16 == : SETKEYID_e ( 20 bytes )
11/12/21 08:39:16 == : cipher key ( 40 bytes )
11/12/21 08:39:16 == : cipher iv ( 8 bytes )
11/12/21 08:39:16 >> : certificate payload
11/12/21 08:39:16 == : phase1 hash_i ( computed ) ( 20 bytes )
11/12/21 08:39:16 >> : signature payload
11/12/21 08:39:16 >> : nat discovery payload
11/12/21 08:39:16 >> : nat discovery payload
11/12/21 08:39:16 >= : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 >= : message 00000000
11/12/21 08:39:16 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:16 == : encrypt packet ( 945 bytes )
11/12/21 08:39:16 == : stored iv ( 8 bytes )
11/12/21 08:39:16 DB : phase1 resend event canceled ( ref count = 1 )
11/12/21 08:39:16 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 980 bytes )
11/12/21 08:39:16 ii : unable to get certificate CRL(3) at depth:0
11/12/21 08:39:16 ii : subject :/C=FR/ST=Paris/L=Paris/O=Fondation
Jean Dausset-CEPH/OU=Fondation Jean Dausset-CEPH CA/CN=sauron.testb.fr
11/12/21 08:39:16 ii : unable to get certificate CRL(3) at depth:1
11/12/21 08:39:16 ii : subject :/C=FR/ST=Paris/O=Fondation Jean
Dausset-CEPH/OU=Fondation Jean Dausset-CEPH
CA/CN=ca.testb.fr/emailAddress=testinfo at testb.fr
11/12/21 08:39:16 == : phase1 hash_r ( computed ) ( 20 bytes )
11/12/21 08:39:16 == : phase1 hash_r ( received ) ( 20 bytes )
11/12/21 08:39:16 ii : phase1 sa established
11/12/21 08:39:16 ii : 191.2.2.2:4500 <-> 172.16.1.214:4500
11/12/21 08:39:16 ii : 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 ii : sending peer INITIAL-CONTACT notification
11/12/21 08:39:16 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:39:16 ii : - isakmp spi = 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 ii : - data size 0
11/12/21 08:39:16 >> : hash payload
11/12/21 08:39:16 >> : notification payload
11/12/21 08:39:16 == : new informational hash ( 20 bytes )
11/12/21 08:39:16 == : new informational iv ( 8 bytes )
11/12/21 08:39:16 >= : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 >= : message 7d503be5
11/12/21 08:39:16 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:16 == : encrypt packet ( 80 bytes )
11/12/21 08:39:16 == : stored iv ( 8 bytes )
11/12/21 08:39:16 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:16 DB : config added ( obj count = 1 )
11/12/21 08:39:16 ii : building config attribute list
11/12/21 08:39:16 ii : - IP4 Address
11/12/21 08:39:16 ii : - Address Expiry
11/12/21 08:39:16 ii : - IP4 Netamask
11/12/21 08:39:16 ii : - IP4 DNS Server
11/12/21 08:39:16 ii : - IP4 WINS Server
11/12/21 08:39:16 == : new config iv ( 8 bytes )
11/12/21 08:39:16 ii : sending config pull request
11/12/21 08:39:16 >> : hash payload
11/12/21 08:39:16 >> : attribute payload
11/12/21 08:39:16 == : new configure hash ( 20 bytes )
11/12/21 08:39:16 >= : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 >= : message 6ef52b61
11/12/21 08:39:16 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:16 == : encrypt packet ( 80 bytes )
11/12/21 08:39:16 == : stored iv ( 8 bytes )
11/12/21 08:39:16 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:16 DB : config resend event scheduled ( ref count = 2 )
11/12/21 08:39:16 DB : phase2 not found
11/12/21 08:39:16 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:16 DB : phase1 found
11/12/21 08:39:16 ii : processing config packet ( 92 bytes )
11/12/21 08:39:16 DB : config found
11/12/21 08:39:16 == : new config iv ( 8 bytes )
11/12/21 08:39:16 =< : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 =< : message a84daf0d
11/12/21 08:39:16 =< : decrypt iv ( 8 bytes )
11/12/21 08:39:16 == : decrypt packet ( 92 bytes )
11/12/21 08:39:16 <= : stored iv ( 8 bytes )
11/12/21 08:39:16 << : hash payload
11/12/21 08:39:16 << : attribute payload
11/12/21 08:39:16 == : configure hash_i ( computed ) ( 20 bytes )
11/12/21 08:39:16 == : configure hash_c ( computed ) ( 20 bytes )
11/12/21 08:39:16 ii : configure hash verified
11/12/21 08:39:16 !! : config message type is invalid for pull config
11/12/21 08:39:16 DB : phase1 soft event canceled ( ref count = 3 )
11/12/21 08:39:16 DB : phase1 hard event canceled ( ref count = 2 )
11/12/21 08:39:16 DB : phase1 dead event canceled ( ref count = 1 )
11/12/21 08:39:16 ii : sending peer DELETE message
11/12/21 08:39:16 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:39:16 ii : - isakmp spi = 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 ii : - data size 0
11/12/21 08:39:16 >> : hash payload
11/12/21 08:39:16 >> : delete payload
11/12/21 08:39:16 == : new informational hash ( 20 bytes )
11/12/21 08:39:16 == : new informational iv ( 8 bytes )
11/12/21 08:39:16 >= : cookies 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 >= : message 39dfa9e1
11/12/21 08:39:16 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:16 == : encrypt packet ( 80 bytes )
11/12/21 08:39:16 == : stored iv ( 8 bytes )
11/12/21 08:39:16 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:16 DB : config resend event canceled ( ref count = 1 )
11/12/21 08:39:16 DB : config deleted ( obj count = 0 )
11/12/21 08:39:16 ii : phase1 removal before expire time
11/12/21 08:39:16 DB : phase1 deleted ( obj count = 0 )
11/12/21 08:39:16 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 100 bytes )
11/12/21 08:39:16 DB : phase1 not found
11/12/21 08:39:16 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:16 ww : 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:16 DB : policy not found
11/12/21 08:39:16 DB : policy not found
11/12/21 08:39:16 DB : policy not found
11/12/21 08:39:16 DB : policy not found
11/12/21 08:39:16 DB : tunnel dpd event canceled ( ref count = 2 )
11/12/21 08:39:16 DB : tunnel natt event canceled ( ref count = 1 )
11/12/21 08:39:16 DB : removing tunnel config references
11/12/21 08:39:16 DB : removing tunnel phase2 references
11/12/21 08:39:16 DB : removing tunnel phase1 references
11/12/21 08:39:16 DB : tunnel deleted ( obj count = 0 )
11/12/21 08:39:16 DB : removing all peer tunnel refrences
11/12/21 08:39:16 DB : peer deleted ( obj count = 0 )
11/12/21 08:39:16 ii : ipc client process thread exit ...
11/12/21 08:39:23 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:23 DB : phase1 not found
11/12/21 08:39:23 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:23 ww : 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:24 ii : ipc client process thread begin ...
11/12/21 08:39:24 <A : peer config add message
11/12/21 08:39:24 <A : proposal config message
11/12/21 08:39:24 <A : proposal config message
11/12/21 08:39:24 <A : client config message
11/12/21 08:39:24 <A : local id 'jhuang at testb.fr' message
11/12/21 08:39:24 <A : remote id 'sauron.testb.fr' message
11/12/21 08:39:24 <A : remote certificate data message
11/12/21 08:39:24 !! : remote certificate read failed, requesting password
11/12/21 08:39:27 <A : file password
11/12/21 08:39:27 <A : remote certificate data message
11/12/21 08:39:27 ii : remote certificate read complete ( 796 bytes )
11/12/21 08:39:27 <A : local certificate data message
11/12/21 08:39:27 ii : local certificate read complete ( 732 bytes )
11/12/21 08:39:27 <A : local key data message
11/12/21 08:39:27 ii : local key read complete ( 608 bytes )
11/12/21 08:39:27 <A : remote resource message
11/12/21 08:39:27 <A : peer tunnel enable message
11/12/21 08:39:27 DB : peer added ( obj count = 1 )
11/12/21 08:39:27 ii : local address 172.16.1.214 selected for peer
11/12/21 08:39:27 DB : tunnel added ( obj count = 1 )
11/12/21 08:39:27 DB : new phase1 ( ISAKMP initiator )
11/12/21 08:39:27 DB : exchange type is aggressive
11/12/21 08:39:27 DB : 172.16.1.214:500 <-> 191.2.2.2:500
11/12/21 08:39:27 DB : 8105e5c1a599a684:0000000000000000
11/12/21 08:39:27 DB : phase1 added ( obj count = 1 )
11/12/21 08:39:27 >> : security association payload
11/12/21 08:39:27 >> : - proposal #1 payload
11/12/21 08:39:27 >> : -- transform #1 payload
11/12/21 08:39:27 >> : key exchange payload
11/12/21 08:39:27 >> : nonce payload
11/12/21 08:39:27 >> : cert request payload
11/12/21 08:39:27 >> : identification payload
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports nat-t ( draft v00 )
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports nat-t ( draft v01 )
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports nat-t ( draft v02 )
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports nat-t ( draft v03 )
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports nat-t ( rfc )
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports FRAGMENTATION
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local supports DPDv1
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local is SHREW SOFT compatible
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local is NETSCREEN compatible
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local is SIDEWINDER compatible
11/12/21 08:39:27 >> : vendor id payload
11/12/21 08:39:27 ii : local is CISCO UNITY compatible
11/12/21 08:39:27 >= : cookies 8105e5c1a599a684:0000000000000000
11/12/21 08:39:27 >= : message 00000000
11/12/21 08:39:27 -> : send IKE packet 172.16.1.214:500 ->
191.2.2.2:500 ( 544 bytes )
11/12/21 08:39:27 DB : phase1 resend event scheduled ( ref count = 2 )
11/12/21 08:39:27 <- : recv IKE packet 191.2.2.2:500 ->
172.16.1.214:500 ( 2017 bytes )
11/12/21 08:39:27 DB : phase1 found
11/12/21 08:39:27 ii : processing phase1 packet ( 2017 bytes )
11/12/21 08:39:27 =< : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 =< : message 00000000
11/12/21 08:39:27 << : security association payload
11/12/21 08:39:27 << : - propsal #1 payload
11/12/21 08:39:27 << : -- transform #1 payload
11/12/21 08:39:27 ii : matched isakmp proposal #1 transform #1
11/12/21 08:39:27 ii : - transform = ike
11/12/21 08:39:27 ii : - cipher type = 3des
11/12/21 08:39:27 ii : - key length = default
11/12/21 08:39:27 ii : - hash type = sha1
11/12/21 08:39:27 ii : - dh group = group2 ( modp-1024 )
11/12/21 08:39:27 ii : - auth type = sig-rsa
11/12/21 08:39:27 ii : - life seconds = 86400
11/12/21 08:39:27 ii : - life kbytes = 0
11/12/21 08:39:27 << : vendor id payload
11/12/21 08:39:27 ii : unknown vendor id ( 16 bytes )
11/12/21 08:39:27 0x : 6c0dcd48 1deae8ae 0b0a6838 4b3072f9
11/12/21 08:39:27 << : vendor id payload
11/12/21 08:39:27 ii : peer supports nat-t ( draft v02 )
11/12/21 08:39:27 << : vendor id payload
11/12/21 08:39:27 ii : peer supports nat-t ( draft v03 )
11/12/21 08:39:27 << : vendor id payload
11/12/21 08:39:27 ii : peer supports nat-t ( rfc )
11/12/21 08:39:27 << : vendor id payload
11/12/21 08:39:27 ii : peer supports DPDv1
11/12/21 08:39:27 << : key exchange payload
11/12/21 08:39:27 << : nonce payload
11/12/21 08:39:27 << : certificate payload
11/12/21 08:39:27 << : nat discovery payload
11/12/21 08:39:27 << : nat discovery payload
11/12/21 08:39:27 << : identification payload
11/12/21 08:39:27 ii : phase1 id match
11/12/21 08:39:27 ii : received = fqdn sauron.testb.fr
11/12/21 08:39:27 << : certificate payload
11/12/21 08:39:27 << : signature payload
11/12/21 08:39:27 ii : nat discovery - local address is translated
11/12/21 08:39:27 ii : switching to src nat-t udp port 4500
11/12/21 08:39:27 ii : switching to dst nat-t udp port 4500
11/12/21 08:39:27 == : DH shared secret ( 128 bytes )
11/12/21 08:39:27 == : SETKEYID ( 20 bytes )
11/12/21 08:39:27 == : SETKEYID_d ( 20 bytes )
11/12/21 08:39:27 == : SETKEYID_a ( 20 bytes )
11/12/21 08:39:27 == : SETKEYID_e ( 20 bytes )
11/12/21 08:39:27 == : cipher key ( 40 bytes )
11/12/21 08:39:27 == : cipher iv ( 8 bytes )
11/12/21 08:39:27 >> : certificate payload
11/12/21 08:39:27 == : phase1 hash_i ( computed ) ( 20 bytes )
11/12/21 08:39:27 >> : signature payload
11/12/21 08:39:27 >> : nat discovery payload
11/12/21 08:39:27 >> : nat discovery payload
11/12/21 08:39:27 >= : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 >= : message 00000000
11/12/21 08:39:27 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:27 == : encrypt packet ( 945 bytes )
11/12/21 08:39:27 == : stored iv ( 8 bytes )
11/12/21 08:39:27 DB : phase1 resend event canceled ( ref count = 1 )
11/12/21 08:39:27 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 980 bytes )
11/12/21 08:39:27 ii : unable to get certificate CRL(3) at depth:0
11/12/21 08:39:27 ii : subject :/C=FR/ST=Paris/L=Paris/O=Fondation
Jean Dausset-CEPH/OU=Fondation Jean Dausset-CEPH CA/CN=sauron.testb.fr
11/12/21 08:39:27 ii : unable to get certificate CRL(3) at depth:1
11/12/21 08:39:27 ii : subject :/C=FR/ST=Paris/O=Fondation Jean
Dausset-CEPH/OU=Fondation Jean Dausset-CEPH
CA/CN=ca.testb.fr/emailAddress=testinfo at testb.fr
11/12/21 08:39:27 == : phase1 hash_r ( computed ) ( 20 bytes )
11/12/21 08:39:27 == : phase1 hash_r ( received ) ( 20 bytes )
11/12/21 08:39:27 ii : phase1 sa established
11/12/21 08:39:27 ii : 191.2.2.2:4500 <-> 172.16.1.214:4500
11/12/21 08:39:27 ii : 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 ii : sending peer INITIAL-CONTACT notification
11/12/21 08:39:27 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:39:27 ii : - isakmp spi = 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 ii : - data size 0
11/12/21 08:39:27 >> : hash payload
11/12/21 08:39:27 >> : notification payload
11/12/21 08:39:27 == : new informational hash ( 20 bytes )
11/12/21 08:39:27 == : new informational iv ( 8 bytes )
11/12/21 08:39:27 >= : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 >= : message be582a6e
11/12/21 08:39:27 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:27 == : encrypt packet ( 80 bytes )
11/12/21 08:39:27 == : stored iv ( 8 bytes )
11/12/21 08:39:27 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:27 DB : config added ( obj count = 1 )
11/12/21 08:39:27 ii : building config attribute list
11/12/21 08:39:27 ii : - IP4 Address
11/12/21 08:39:27 ii : - Address Expiry
11/12/21 08:39:27 ii : - IP4 Netamask
11/12/21 08:39:27 ii : - IP4 DNS Server
11/12/21 08:39:27 ii : - IP4 WINS Server
11/12/21 08:39:27 == : new config iv ( 8 bytes )
11/12/21 08:39:27 ii : sending config pull request
11/12/21 08:39:27 >> : hash payload
11/12/21 08:39:27 >> : attribute payload
11/12/21 08:39:27 == : new configure hash ( 20 bytes )
11/12/21 08:39:27 >= : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:27 >= : message 5e532b98
11/12/21 08:39:27 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:27 == : encrypt packet ( 80 bytes )
11/12/21 08:39:27 == : stored iv ( 8 bytes )
11/12/21 08:39:27 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:27 DB : config resend event scheduled ( ref count = 2 )
11/12/21 08:39:27 DB : phase2 not found
11/12/21 08:39:28 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:28 DB : phase1 found
11/12/21 08:39:28 ii : processing config packet ( 92 bytes )
11/12/21 08:39:28 DB : config found
11/12/21 08:39:28 == : new config iv ( 8 bytes )
11/12/21 08:39:28 =< : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:28 =< : message 067724d7
11/12/21 08:39:28 =< : decrypt iv ( 8 bytes )
11/12/21 08:39:28 == : decrypt packet ( 92 bytes )
11/12/21 08:39:28 <= : stored iv ( 8 bytes )
11/12/21 08:39:28 << : hash payload
11/12/21 08:39:28 << : attribute payload
11/12/21 08:39:28 == : configure hash_i ( computed ) ( 20 bytes )
11/12/21 08:39:28 == : configure hash_c ( computed ) ( 20 bytes )
11/12/21 08:39:28 ii : configure hash verified
11/12/21 08:39:28 !! : config message type is invalid for pull config
11/12/21 08:39:28 DB : phase1 soft event canceled ( ref count = 3 )
11/12/21 08:39:28 DB : phase1 hard event canceled ( ref count = 2 )
11/12/21 08:39:28 DB : phase1 dead event canceled ( ref count = 1 )
11/12/21 08:39:28 ii : sending peer DELETE message
11/12/21 08:39:28 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:39:28 ii : - isakmp spi = 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:28 ii : - data size 0
11/12/21 08:39:28 >> : hash payload
11/12/21 08:39:28 >> : delete payload
11/12/21 08:39:28 == : new informational hash ( 20 bytes )
11/12/21 08:39:28 == : new informational iv ( 8 bytes )
11/12/21 08:39:28 >= : cookies 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:28 >= : message dac6cafc
11/12/21 08:39:28 >= : encrypt iv ( 8 bytes )
11/12/21 08:39:28 == : encrypt packet ( 80 bytes )
11/12/21 08:39:28 == : stored iv ( 8 bytes )
11/12/21 08:39:28 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:39:28 DB : config resend event canceled ( ref count = 1 )
11/12/21 08:39:28 DB : config deleted ( obj count = 0 )
11/12/21 08:39:28 ii : phase1 removal before expire time
11/12/21 08:39:28 DB : phase1 deleted ( obj count = 0 )
11/12/21 08:39:28 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 100 bytes )
11/12/21 08:39:28 DB : phase1 not found
11/12/21 08:39:28 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:28 ww : 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:28 DB : policy not found
11/12/21 08:39:28 DB : policy not found
11/12/21 08:39:28 DB : policy not found
11/12/21 08:39:28 DB : policy not found
11/12/21 08:39:28 DB : tunnel dpd event canceled ( ref count = 2 )
11/12/21 08:39:28 DB : tunnel natt event canceled ( ref count = 1 )
11/12/21 08:39:28 DB : removing tunnel config references
11/12/21 08:39:28 DB : removing tunnel phase2 references
11/12/21 08:39:28 DB : removing tunnel phase1 references
11/12/21 08:39:28 DB : tunnel deleted ( obj count = 0 )
11/12/21 08:39:28 DB : removing all peer tunnel refrences
11/12/21 08:39:28 DB : peer deleted ( obj count = 0 )
11/12/21 08:39:28 ii : ipc client process thread exit ...
11/12/21 08:39:32 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:32 DB : phase1 not found
11/12/21 08:39:32 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:32 ww : 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:35 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:35 DB : phase1 not found
11/12/21 08:39:35 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:35 ww : 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:43 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:43 DB : phase1 not found
11/12/21 08:39:43 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:43 ww : 88df47186ad8974b:4fe89a1895e87481
11/12/21 08:39:44 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:44 DB : phase1 not found
11/12/21 08:39:44 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:44 ww : 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:55 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 92 bytes )
11/12/21 08:39:55 DB : phase1 not found
11/12/21 08:39:55 ww : ike packet from 191.2.2.2 ignored, unknown
phase1 sa for peer
11/12/21 08:39:55 ww : 8105e5c1a599a684:7df23fa06f654fde
11/12/21 08:39:56 ii : ipc client process thread begin ...
11/12/21 08:39:56 <A : peer config add message
11/12/21 08:39:56 <A : proposal config message
11/12/21 08:39:56 <A : proposal config message
11/12/21 08:39:56 <A : client config message
11/12/21 08:39:56 <A : local id 'jhuang at testb.fr' message
11/12/21 08:39:56 <A : remote id 'sauron.testb.fr' message
11/12/21 08:39:56 <A : remote certificate data message
11/12/21 08:39:56 !! : remote certificate read failed, requesting password
11/12/21 08:39:59 <A : file password
11/12/21 08:39:59 <A : remote certificate data message
11/12/21 08:39:59 !! : remote certificate read failed, requesting password
11/12/21 08:40:02 <A : file password
11/12/21 08:40:02 <A : remote certificate data message
11/12/21 08:40:02 !! : remote certificate read failed, requesting password
11/12/21 08:40:05 ii : ipc client process thread exit ...
11/12/21 08:40:31 ii : ipc client process thread begin ...
11/12/21 08:40:31 <A : peer config add message
11/12/21 08:40:31 <A : proposal config message
11/12/21 08:40:31 <A : proposal config message
11/12/21 08:40:31 <A : client config message
11/12/21 08:40:31 <A : local id 'jhuang at testb.fr' message
11/12/21 08:40:31 <A : remote id 'sauron.testb.fr' message
11/12/21 08:40:31 <A : remote certificate data message
11/12/21 08:40:31 !! : remote certificate read failed, requesting password
11/12/21 08:40:34 <A : file password
11/12/21 08:40:34 <A : remote certificate data message
11/12/21 08:40:34 ii : remote certificate read complete ( 796 bytes )
11/12/21 08:40:34 <A : local certificate data message
11/12/21 08:40:34 ii : local certificate read complete ( 732 bytes )
11/12/21 08:40:34 <A : local key data message
11/12/21 08:40:34 ii : local key read complete ( 608 bytes )
11/12/21 08:40:34 <A : remote resource message
11/12/21 08:40:34 <A : peer tunnel enable message
11/12/21 08:40:34 DB : peer added ( obj count = 1 )
11/12/21 08:40:34 ii : local address 172.16.1.214 selected for peer
11/12/21 08:40:34 DB : tunnel added ( obj count = 1 )
11/12/21 08:40:34 DB : new phase1 ( ISAKMP initiator )
11/12/21 08:40:34 DB : exchange type is aggressive
11/12/21 08:40:34 DB : 172.16.1.214:500 <-> 191.2.2.2:500
11/12/21 08:40:34 DB : ad47e3b4dc041cd7:0000000000000000
11/12/21 08:40:34 DB : phase1 added ( obj count = 1 )
11/12/21 08:40:34 >> : security association payload
11/12/21 08:40:34 >> : - proposal #1 payload
11/12/21 08:40:34 >> : -- transform #1 payload
11/12/21 08:40:34 >> : key exchange payload
11/12/21 08:40:34 >> : nonce payload
11/12/21 08:40:34 >> : cert request payload
11/12/21 08:40:34 >> : identification payload
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports nat-t ( draft v00 )
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports nat-t ( draft v01 )
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports nat-t ( draft v02 )
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports nat-t ( draft v03 )
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports nat-t ( rfc )
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports FRAGMENTATION
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local supports DPDv1
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local is SHREW SOFT compatible
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local is NETSCREEN compatible
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local is SIDEWINDER compatible
11/12/21 08:40:34 >> : vendor id payload
11/12/21 08:40:34 ii : local is CISCO UNITY compatible
11/12/21 08:40:34 >= : cookies ad47e3b4dc041cd7:0000000000000000
11/12/21 08:40:34 >= : message 00000000
11/12/21 08:40:34 -> : send IKE packet 172.16.1.214:500 ->
191.2.2.2:500 ( 544 bytes )
11/12/21 08:40:34 DB : phase1 resend event scheduled ( ref count = 2 )
11/12/21 08:40:35 <- : recv IKE packet 191.2.2.2:500 ->
172.16.1.214:500 ( 2017 bytes )
11/12/21 08:40:35 DB : phase1 found
11/12/21 08:40:35 ii : processing phase1 packet ( 2017 bytes )
11/12/21 08:40:35 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 =< : message 00000000
11/12/21 08:40:35 << : security association payload
11/12/21 08:40:35 << : - propsal #1 payload
11/12/21 08:40:35 << : -- transform #1 payload
11/12/21 08:40:35 ii : matched isakmp proposal #1 transform #1
11/12/21 08:40:35 ii : - transform = ike
11/12/21 08:40:35 ii : - cipher type = 3des
11/12/21 08:40:35 ii : - key length = default
11/12/21 08:40:35 ii : - hash type = sha1
11/12/21 08:40:35 ii : - dh group = group2 ( modp-1024 )
11/12/21 08:40:35 ii : - auth type = sig-rsa
11/12/21 08:40:35 ii : - life seconds = 86400
11/12/21 08:40:35 ii : - life kbytes = 0
11/12/21 08:40:35 << : vendor id payload
11/12/21 08:40:35 ii : unknown vendor id ( 16 bytes )
11/12/21 08:40:35 0x : 6c0dcd48 1deae8ae 0b0a6838 4b3072f9
11/12/21 08:40:35 << : vendor id payload
11/12/21 08:40:35 ii : peer supports nat-t ( draft v02 )
11/12/21 08:40:35 << : vendor id payload
11/12/21 08:40:35 ii : peer supports nat-t ( draft v03 )
11/12/21 08:40:35 << : vendor id payload
11/12/21 08:40:35 ii : peer supports nat-t ( rfc )
11/12/21 08:40:35 << : vendor id payload
11/12/21 08:40:35 ii : peer supports DPDv1
11/12/21 08:40:35 << : key exchange payload
11/12/21 08:40:35 << : nonce payload
11/12/21 08:40:35 << : certificate payload
11/12/21 08:40:35 << : nat discovery payload
11/12/21 08:40:35 << : nat discovery payload
11/12/21 08:40:35 << : identification payload
11/12/21 08:40:35 ii : phase1 id match
11/12/21 08:40:35 ii : received = fqdn sauron.testb.fr
11/12/21 08:40:35 << : certificate payload
11/12/21 08:40:35 << : signature payload
11/12/21 08:40:35 ii : nat discovery - local address is translated
11/12/21 08:40:35 ii : switching to src nat-t udp port 4500
11/12/21 08:40:35 ii : switching to dst nat-t udp port 4500
11/12/21 08:40:35 == : DH shared secret ( 128 bytes )
11/12/21 08:40:35 == : SETKEYID ( 20 bytes )
11/12/21 08:40:35 == : SETKEYID_d ( 20 bytes )
11/12/21 08:40:35 == : SETKEYID_a ( 20 bytes )
11/12/21 08:40:35 == : SETKEYID_e ( 20 bytes )
11/12/21 08:40:35 == : cipher key ( 40 bytes )
11/12/21 08:40:35 == : cipher iv ( 8 bytes )
11/12/21 08:40:35 >> : certificate payload
11/12/21 08:40:35 == : phase1 hash_i ( computed ) ( 20 bytes )
11/12/21 08:40:35 >> : signature payload
11/12/21 08:40:35 >> : nat discovery payload
11/12/21 08:40:35 >> : nat discovery payload
11/12/21 08:40:35 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 >= : message 00000000
11/12/21 08:40:35 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:35 == : encrypt packet ( 945 bytes )
11/12/21 08:40:35 == : stored iv ( 8 bytes )
11/12/21 08:40:35 DB : phase1 resend event canceled ( ref count = 1 )
11/12/21 08:40:35 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 980 bytes )
11/12/21 08:40:35 ii : unable to get certificate CRL(3) at depth:0
11/12/21 08:40:35 ii : subject :/C=FR/ST=Paris/L=Paris/O=Fondation
Jean Dausset-CEPH/OU=Fondation Jean Dausset-CEPH CA/CN=sauron.testb.fr
11/12/21 08:40:35 ii : unable to get certificate CRL(3) at depth:1
11/12/21 08:40:35 ii : subject :/C=FR/ST=Paris/O=Fondation Jean
Dausset-CEPH/OU=Fondation Jean Dausset-CEPH
CA/CN=ca.testb.fr/emailAddress=testinfo at testb.fr
11/12/21 08:40:35 == : phase1 hash_r ( computed ) ( 20 bytes )
11/12/21 08:40:35 == : phase1 hash_r ( received ) ( 20 bytes )
11/12/21 08:40:35 ii : phase1 sa established
11/12/21 08:40:35 ii : 191.2.2.2:4500 <-> 172.16.1.214:4500
11/12/21 08:40:35 ii : ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 ii : sending peer INITIAL-CONTACT notification
11/12/21 08:40:35 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:40:35 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 ii : - data size 0
11/12/21 08:40:35 >> : hash payload
11/12/21 08:40:35 >> : notification payload
11/12/21 08:40:35 == : new informational hash ( 20 bytes )
11/12/21 08:40:35 == : new informational iv ( 8 bytes )
11/12/21 08:40:35 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 >= : message ad204779
11/12/21 08:40:35 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:35 == : encrypt packet ( 80 bytes )
11/12/21 08:40:35 == : stored iv ( 8 bytes )
11/12/21 08:40:35 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:40:35 DB : config added ( obj count = 1 )
11/12/21 08:40:35 ii : building config attribute list
11/12/21 08:40:35 ii : - IP4 Address
11/12/21 08:40:35 ii : - Address Expiry
11/12/21 08:40:35 ii : - IP4 Netamask
11/12/21 08:40:35 ii : - IP4 DNS Server
11/12/21 08:40:35 ii : - IP4 WINS Server
11/12/21 08:40:35 == : new config iv ( 8 bytes )
11/12/21 08:40:35 ii : sending config pull request
11/12/21 08:40:35 >> : hash payload
11/12/21 08:40:35 >> : attribute payload
11/12/21 08:40:35 == : new configure hash ( 20 bytes )
11/12/21 08:40:35 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 >= : message 61d4283e
11/12/21 08:40:35 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:35 == : encrypt packet ( 80 bytes )
11/12/21 08:40:35 == : stored iv ( 8 bytes )
11/12/21 08:40:35 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:40:35 DB : config resend event scheduled ( ref count = 2 )
11/12/21 08:40:35 DB : phase2 not found
11/12/21 08:40:35 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 100 bytes )
11/12/21 08:40:35 DB : phase1 found
11/12/21 08:40:35 ii : processing config packet ( 100 bytes )
11/12/21 08:40:35 DB : config found
11/12/21 08:40:35 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:35 =< : message 61d4283e
11/12/21 08:40:35 =< : decrypt iv ( 8 bytes )
11/12/21 08:40:35 == : decrypt packet ( 100 bytes )
11/12/21 08:40:35 <= : stored iv ( 8 bytes )
11/12/21 08:40:35 << : hash payload
11/12/21 08:40:35 << : attribute payload
11/12/21 08:40:35 == : configure hash_i ( computed ) ( 20 bytes )
11/12/21 08:40:35 == : configure hash_c ( computed ) ( 20 bytes )
11/12/21 08:40:35 ii : configure hash verified
11/12/21 08:40:35 ii : received config pull response
11/12/21 08:40:35 ii : - IP4 WINS Server = 10.10.2.16
11/12/21 08:40:35 ii : - IP4 DNS Server = 10.10.2.16
11/12/21 08:40:35 ii : - IP4 Netmask = 255.255.255.0
11/12/21 08:40:35 ii : - Address Expiry = -1341915136
11/12/21 08:40:35 ii : - IP4 Address = 10.2.2.5
11/12/21 08:40:35 DB : config resend event canceled ( ref count = 1 )
11/12/21 08:40:35 ii : opened tap device tap0
11/12/21 08:40:35 ii : configured adapter tap0
11/12/21 08:40:35 ii : generating IPSEC security policies at UNIQUE level
11/12/21 08:40:35 ii : creating NONE INBOUND policy ANY:191.2.2.2:* ->
ANY:172.16.1.214:*
11/12/21 08:40:35 DB : policy added ( obj count = 3 )
11/12/21 08:40:35 K> : send pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 ii : creating NONE OUTBOUND policy
ANY:172.16.1.214:* -> ANY:191.2.2.2:*
11/12/21 08:40:35 ii : created NONE policy route for 191.2.2.2/32
11/12/21 08:40:35 DB : policy added ( obj count = 4 )
11/12/21 08:40:35 K> : send pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 ii : creating IPSEC INBOUND policy ANY:0.0.0.10/0:*
-> ANY:10.2.2.5:*
11/12/21 08:40:35 DB : policy added ( obj count = 5 )
11/12/21 08:40:35 K> : send pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 ii : creating IPSEC OUTBOUND policy ANY:10.2.2.5:*
-> ANY:0.0.0.10/0:*
11/12/21 08:40:35 ii : created IPSEC policy route for 0.0.0.10
11/12/21 08:40:35 DB : policy added ( obj count = 6 )
11/12/21 08:40:35 K> : send pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 K< : recv pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 DB : policy found
11/12/21 08:40:35 K< : recv pfkey X_SPDADD UNSPEC message
11/12/21 08:40:35 DB : policy found
11/12/21 08:40:35 K! : recv X_SPDADD message failure ( errno = 17 )
11/12/21 08:40:35 K! : recv X_SPDADD message failure ( errno = 17 )
11/12/21 08:40:37 K< : recv pfkey ACQUIRE ESP message
11/12/21 08:40:37 DB : policy found
11/12/21 08:40:37 DB : policy found
11/12/21 08:40:37 DB : tunnel found
11/12/21 08:40:37 DB : new phase2 ( IPSEC initiator )
11/12/21 08:40:37 DB : phase2 added ( obj count = 1 )
11/12/21 08:40:37 K> : send pfkey GETSPI ESP message
11/12/21 08:40:37 K< : recv pfkey GETSPI ESP message
11/12/21 08:40:37 DB : phase2 found
11/12/21 08:40:37 ii : updated spi for 1 ipsec-esp proposal
11/12/21 08:40:37 DB : phase1 found
11/12/21 08:40:37 >> : hash payload
11/12/21 08:40:37 >> : security association payload
11/12/21 08:40:37 >> : - proposal #1 payload
11/12/21 08:40:37 >> : -- transform #1 payload
11/12/21 08:40:37 >> : nonce payload
11/12/21 08:40:37 >> : identification payload
11/12/21 08:40:37 >> : identification payload
11/12/21 08:40:37 == : phase2 hash_i ( input ) ( 108 bytes )
11/12/21 08:40:37 == : phase2 hash_i ( computed ) ( 20 bytes )
11/12/21 08:40:37 == : new phase2 iv ( 8 bytes )
11/12/21 08:40:37 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:37 >= : message a9b41409
11/12/21 08:40:37 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:37 == : encrypt packet ( 156 bytes )
11/12/21 08:40:37 == : stored iv ( 8 bytes )
11/12/21 08:40:37 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 188 bytes )
11/12/21 08:40:37 DB : phase2 resend event scheduled ( ref count = 2 )
11/12/21 08:40:37 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 156 bytes )
11/12/21 08:40:37 DB : phase1 found
11/12/21 08:40:37 ii : processing phase2 packet ( 156 bytes )
11/12/21 08:40:37 DB : phase2 found
11/12/21 08:40:37 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:37 =< : message a9b41409
11/12/21 08:40:37 =< : decrypt iv ( 8 bytes )
11/12/21 08:40:37 == : decrypt packet ( 156 bytes )
11/12/21 08:40:37 <= : stored iv ( 8 bytes )
11/12/21 08:40:37 << : hash payload
11/12/21 08:40:37 << : security association payload
11/12/21 08:40:37 << : - propsal #1 payload
11/12/21 08:40:37 << : -- transform #1 payload
11/12/21 08:40:37 << : nonce payload
11/12/21 08:40:37 << : identification payload
11/12/21 08:40:37 << : identification payload
11/12/21 08:40:37 == : phase2 hash_r ( input ) ( 128 bytes )
11/12/21 08:40:37 == : phase2 hash_r ( computed ) ( 20 bytes )
11/12/21 08:40:37 == : phase2 hash_r ( received ) ( 20 bytes )
11/12/21 08:40:37 ii : matched ipsec-esp proposal #1 transform #1
11/12/21 08:40:37 ii : - transform = esp-3des
11/12/21 08:40:37 ii : - key length = default
11/12/21 08:40:37 ii : - encap mode = udp-tunnel ( rfc )
11/12/21 08:40:37 ii : - msg auth = hmac-sha1
11/12/21 08:40:37 ii : - pfs dh group = none
11/12/21 08:40:37 ii : - life seconds = 3600
11/12/21 08:40:37 ii : - life kbytes = 0
11/12/21 08:40:37 DB : policy found
11/12/21 08:40:37 K> : send pfkey GETSPI ESP message
11/12/21 08:40:37 ii : phase2 ids accepted
11/12/21 08:40:37 ii : - loc ANY:10.2.2.5:* -> ANY:0.0.0.10/0:*
11/12/21 08:40:37 ii : - rmt ANY:0.0.0.10/0:* -> ANY:10.2.2.5:*
11/12/21 08:40:37 ii : phase2 sa established
11/12/21 08:40:37 ii : 172.16.1.214:4500 <-> 191.2.2.2:4500
11/12/21 08:40:37 == : phase2 hash_p ( input ) ( 45 bytes )
11/12/21 08:40:37 == : phase2 hash_p ( computed ) ( 20 bytes )
11/12/21 08:40:37 >> : hash payload
11/12/21 08:40:37 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:37 >= : message a9b41409
11/12/21 08:40:37 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:37 == : encrypt packet ( 52 bytes )
11/12/21 08:40:37 == : stored iv ( 8 bytes )
11/12/21 08:40:37 DB : phase2 resend event canceled ( ref count = 1 )
11/12/21 08:40:37 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 84 bytes )
11/12/21 08:40:37 == : spi cipher key data ( 24 bytes )
11/12/21 08:40:37 == : spi hmac key data ( 20 bytes )
11/12/21 08:40:37 K> : send pfkey UPDATE ESP message
11/12/21 08:40:37 == : spi cipher key data ( 24 bytes )
11/12/21 08:40:37 == : spi hmac key data ( 20 bytes )
11/12/21 08:40:37 K> : send pfkey UPDATE ESP message
11/12/21 08:40:37 K< : recv pfkey GETSPI ESP message
11/12/21 08:40:37 DB : phase2 found
11/12/21 08:40:37 K< : recv pfkey UPDATE ESP message
11/12/21 08:40:37 K< : recv pfkey UPDATE ESP message
11/12/21 08:40:50 DB : phase1 found
11/12/21 08:40:50 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:40:50 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:40:50 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:50 ii : - data size 4
11/12/21 08:40:50 >> : hash payload
11/12/21 08:40:50 >> : notification payload
11/12/21 08:40:50 == : new informational hash ( 20 bytes )
11/12/21 08:40:50 == : new informational iv ( 8 bytes )
11/12/21 08:40:50 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:50 >= : message a1ccc09e
11/12/21 08:40:50 >= : encrypt iv ( 8 bytes )
11/12/21 08:40:50 == : encrypt packet ( 84 bytes )
11/12/21 08:40:50 == : stored iv ( 8 bytes )
11/12/21 08:40:50 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:40:50 ii : DPD ARE-YOU-THERE sequence 39302b53 requested
11/12/21 08:40:50 DB : phase1 found
11/12/21 08:40:50 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:40:50 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:40:50 DB : phase1 found
11/12/21 08:40:50 ii : processing informational packet ( 84 bytes )
11/12/21 08:40:50 == : new informational iv ( 8 bytes )
11/12/21 08:40:50 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:50 =< : message 93151c67
11/12/21 08:40:50 =< : decrypt iv ( 8 bytes )
11/12/21 08:40:50 == : decrypt packet ( 84 bytes )
11/12/21 08:40:50 <= : stored iv ( 8 bytes )
11/12/21 08:40:50 << : hash payload
11/12/21 08:40:50 << : notification payload
11/12/21 08:40:50 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:40:50 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:40:50 ii : informational hash verified
11/12/21 08:40:50 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:40:50 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:40:50 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:40:50 ii : - data size 4
11/12/21 08:40:50 ii : DPD ARE-YOU-THERE-ACK sequence 39302b53 accepted
11/12/21 08:40:50 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:41:05 DB : phase1 found
11/12/21 08:41:05 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:41:05 DB : phase1 found
11/12/21 08:41:05 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:41:05 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:41:05 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:05 ii : - data size 4
11/12/21 08:41:05 >> : hash payload
11/12/21 08:41:05 >> : notification payload
11/12/21 08:41:05 == : new informational hash ( 20 bytes )
11/12/21 08:41:05 == : new informational iv ( 8 bytes )
11/12/21 08:41:05 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:05 >= : message 11f092f7
11/12/21 08:41:05 >= : encrypt iv ( 8 bytes )
11/12/21 08:41:05 == : encrypt packet ( 84 bytes )
11/12/21 08:41:05 == : stored iv ( 8 bytes )
11/12/21 08:41:05 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:41:05 ii : DPD ARE-YOU-THERE sequence 39302b54 requested
11/12/21 08:41:05 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:41:05 DB : phase1 found
11/12/21 08:41:05 ii : processing informational packet ( 84 bytes )
11/12/21 08:41:05 == : new informational iv ( 8 bytes )
11/12/21 08:41:05 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:05 =< : message 5796fbaf
11/12/21 08:41:05 =< : decrypt iv ( 8 bytes )
11/12/21 08:41:05 == : decrypt packet ( 84 bytes )
11/12/21 08:41:05 <= : stored iv ( 8 bytes )
11/12/21 08:41:05 << : hash payload
11/12/21 08:41:05 << : notification payload
11/12/21 08:41:05 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:41:05 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:41:05 ii : informational hash verified
11/12/21 08:41:05 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:41:05 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:41:05 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:05 ii : - data size 4
11/12/21 08:41:05 ii : DPD ARE-YOU-THERE-ACK sequence 39302b54 accepted
11/12/21 08:41:05 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:41:20 DB : phase1 found
11/12/21 08:41:20 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:41:20 DB : phase1 found
11/12/21 08:41:20 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:41:20 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:41:20 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:20 ii : - data size 4
11/12/21 08:41:20 >> : hash payload
11/12/21 08:41:20 >> : notification payload
11/12/21 08:41:20 == : new informational hash ( 20 bytes )
11/12/21 08:41:20 == : new informational iv ( 8 bytes )
11/12/21 08:41:20 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:20 >= : message 9e5c6cd5
11/12/21 08:41:20 >= : encrypt iv ( 8 bytes )
11/12/21 08:41:20 == : encrypt packet ( 84 bytes )
11/12/21 08:41:20 == : stored iv ( 8 bytes )
11/12/21 08:41:20 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:41:20 ii : DPD ARE-YOU-THERE sequence 39302b55 requested
11/12/21 08:41:20 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:41:20 DB : phase1 found
11/12/21 08:41:20 ii : processing informational packet ( 84 bytes )
11/12/21 08:41:20 == : new informational iv ( 8 bytes )
11/12/21 08:41:20 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:20 =< : message 1792a55d
11/12/21 08:41:20 =< : decrypt iv ( 8 bytes )
11/12/21 08:41:20 == : decrypt packet ( 84 bytes )
11/12/21 08:41:20 <= : stored iv ( 8 bytes )
11/12/21 08:41:20 << : hash payload
11/12/21 08:41:20 << : notification payload
11/12/21 08:41:20 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:41:20 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:41:20 ii : informational hash verified
11/12/21 08:41:20 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:41:20 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:41:20 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:20 ii : - data size 4
11/12/21 08:41:20 ii : DPD ARE-YOU-THERE-ACK sequence 39302b55 accepted
11/12/21 08:41:20 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:41:35 DB : phase1 found
11/12/21 08:41:35 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:41:35 DB : phase1 found
11/12/21 08:41:35 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:41:35 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:41:35 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:35 ii : - data size 4
11/12/21 08:41:35 >> : hash payload
11/12/21 08:41:35 >> : notification payload
11/12/21 08:41:35 == : new informational hash ( 20 bytes )
11/12/21 08:41:35 == : new informational iv ( 8 bytes )
11/12/21 08:41:35 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:35 >= : message 8e89b541
11/12/21 08:41:35 >= : encrypt iv ( 8 bytes )
11/12/21 08:41:35 == : encrypt packet ( 84 bytes )
11/12/21 08:41:35 == : stored iv ( 8 bytes )
11/12/21 08:41:35 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:41:35 ii : DPD ARE-YOU-THERE sequence 39302b56 requested
11/12/21 08:41:35 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:41:35 DB : phase1 found
11/12/21 08:41:35 ii : processing informational packet ( 84 bytes )
11/12/21 08:41:35 == : new informational iv ( 8 bytes )
11/12/21 08:41:35 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:35 =< : message 4381a85a
11/12/21 08:41:35 =< : decrypt iv ( 8 bytes )
11/12/21 08:41:35 == : decrypt packet ( 84 bytes )
11/12/21 08:41:35 <= : stored iv ( 8 bytes )
11/12/21 08:41:35 << : hash payload
11/12/21 08:41:35 << : notification payload
11/12/21 08:41:35 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:41:35 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:41:35 ii : informational hash verified
11/12/21 08:41:35 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:41:35 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:41:35 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:35 ii : - data size 4
11/12/21 08:41:35 ii : DPD ARE-YOU-THERE-ACK sequence 39302b56 accepted
11/12/21 08:41:35 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:41:50 DB : phase1 found
11/12/21 08:41:50 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:41:50 DB : phase1 found
11/12/21 08:41:50 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:41:50 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:41:50 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:50 ii : - data size 4
11/12/21 08:41:50 >> : hash payload
11/12/21 08:41:50 >> : notification payload
11/12/21 08:41:50 == : new informational hash ( 20 bytes )
11/12/21 08:41:50 == : new informational iv ( 8 bytes )
11/12/21 08:41:50 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:50 >= : message aaff8b3b
11/12/21 08:41:50 >= : encrypt iv ( 8 bytes )
11/12/21 08:41:50 == : encrypt packet ( 84 bytes )
11/12/21 08:41:50 == : stored iv ( 8 bytes )
11/12/21 08:41:50 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:41:50 ii : DPD ARE-YOU-THERE sequence 39302b57 requested
11/12/21 08:41:51 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:41:51 DB : phase1 found
11/12/21 08:41:51 ii : processing informational packet ( 84 bytes )
11/12/21 08:41:51 == : new informational iv ( 8 bytes )
11/12/21 08:41:51 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:51 =< : message 134bc6ed
11/12/21 08:41:51 =< : decrypt iv ( 8 bytes )
11/12/21 08:41:51 == : decrypt packet ( 84 bytes )
11/12/21 08:41:51 <= : stored iv ( 8 bytes )
11/12/21 08:41:51 << : hash payload
11/12/21 08:41:51 << : notification payload
11/12/21 08:41:51 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:41:51 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:41:51 ii : informational hash verified
11/12/21 08:41:51 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:41:51 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:41:51 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:41:51 ii : - data size 4
11/12/21 08:41:51 ii : DPD ARE-YOU-THERE-ACK sequence 39302b57 accepted
11/12/21 08:41:51 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:42:05 DB : phase1 found
11/12/21 08:42:05 -> : send NAT-T:KEEP-ALIVE packet 172.16.1.214:4500
-> 191.2.2.2:4500
11/12/21 08:42:06 DB : phase1 found
11/12/21 08:42:06 ii : sending peer DPDV1-R-U-THERE notification
11/12/21 08:42:06 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:42:06 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:06 ii : - data size 4
11/12/21 08:42:06 >> : hash payload
11/12/21 08:42:06 >> : notification payload
11/12/21 08:42:06 == : new informational hash ( 20 bytes )
11/12/21 08:42:06 == : new informational iv ( 8 bytes )
11/12/21 08:42:06 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:06 >= : message bc6daf30
11/12/21 08:42:06 >= : encrypt iv ( 8 bytes )
11/12/21 08:42:06 == : encrypt packet ( 84 bytes )
11/12/21 08:42:06 == : stored iv ( 8 bytes )
11/12/21 08:42:06 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:42:06 ii : DPD ARE-YOU-THERE sequence 39302b58 requested
11/12/21 08:42:06 <- : recv NAT-T:IKE packet 191.2.2.2:4500 ->
172.16.1.214:4500 ( 84 bytes )
11/12/21 08:42:06 DB : phase1 found
11/12/21 08:42:06 ii : processing informational packet ( 84 bytes )
11/12/21 08:42:06 == : new informational iv ( 8 bytes )
11/12/21 08:42:06 =< : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:06 =< : message 147a5cc0
11/12/21 08:42:06 =< : decrypt iv ( 8 bytes )
11/12/21 08:42:06 == : decrypt packet ( 84 bytes )
11/12/21 08:42:06 <= : stored iv ( 8 bytes )
11/12/21 08:42:06 << : hash payload
11/12/21 08:42:06 << : notification payload
11/12/21 08:42:06 == : informational hash_i ( computed ) ( 20 bytes )
11/12/21 08:42:06 == : informational hash_c ( received ) ( 20 bytes )
11/12/21 08:42:06 ii : informational hash verified
11/12/21 08:42:06 ii : received peer DPDV1-R-U-THERE-ACK notification
11/12/21 08:42:06 ii : - 191.2.2.2:4500 -> 172.16.1.214:4500
11/12/21 08:42:06 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:06 ii : - data size 4
11/12/21 08:42:06 ii : DPD ARE-YOU-THERE-ACK sequence 39302b58 accepted
11/12/21 08:42:06 ii : next tunnel DPD request in 15 secs for peer
191.2.2.2:4500
11/12/21 08:42:15 <A : peer tunnel disable message
11/12/21 08:42:15 DB : policy not found
11/12/21 08:42:15 DB : policy not found
11/12/21 08:42:15 DB : policy found
11/12/21 08:42:15 ii : removing NONE INBOUND policy ANY:191.2.2.2:* ->
ANY:172.16.1.214:*
11/12/21 08:42:15 K> : send pfkey X_SPDDELETE2 UNSPEC message
11/12/21 08:42:15 DB : policy found
11/12/21 08:42:15 ii : removing NONE OUTBOUND policy
ANY:172.16.1.214:* -> ANY:191.2.2.2:*
11/12/21 08:42:15 K> : send pfkey X_SPDDELETE2 UNSPEC message
11/12/21 08:42:15 ii : removed NONE policy route for ANY:191.2.2.2:*
11/12/21 08:42:15 ii : closed tap device tap0
11/12/21 08:42:15 DB : tunnel dpd event canceled ( ref count = 6 )
11/12/21 08:42:15 DB : tunnel natt event canceled ( ref count = 5 )
11/12/21 08:42:15 DB : tunnel stats event canceled ( ref count = 4 )
11/12/21 08:42:15 DB : removing tunnel config references
11/12/21 08:42:15 DB : config deleted ( obj count = 0 )
11/12/21 08:42:15 DB : removing tunnel phase2 references
11/12/21 08:42:15 DB : phase2 soft event canceled ( ref count = 2 )
11/12/21 08:42:15 DB : phase2 hard event canceled ( ref count = 1 )
11/12/21 08:42:15 DB : phase1 found
11/12/21 08:42:15 ii : sending peer DELETE message
11/12/21 08:42:15 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:42:15 ii : - ipsec-esp spi = 0x0d8b631d
11/12/21 08:42:15 ii : - data size 0
11/12/21 08:42:15 >> : hash payload
11/12/21 08:42:15 >> : delete payload
11/12/21 08:42:15 == : new informational hash ( 20 bytes )
11/12/21 08:42:15 == : new informational iv ( 8 bytes )
11/12/21 08:42:15 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:15 >= : message 8ef9f5ae
11/12/21 08:42:15 >= : encrypt iv ( 8 bytes )
11/12/21 08:42:15 == : encrypt packet ( 68 bytes )
11/12/21 08:42:15 == : stored iv ( 8 bytes )
11/12/21 08:42:15 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 100 bytes )
11/12/21 08:42:15 K> : send pfkey DELETE ESP message
11/12/21 08:42:15 K> : send pfkey DELETE ESP message
11/12/21 08:42:15 ii : phase2 removal before expire time
11/12/21 08:42:15 DB : phase2 deleted ( obj count = 0 )
11/12/21 08:42:15 DB : removing tunnel phase1 references
11/12/21 08:42:15 DB : phase1 soft event canceled ( ref count = 3 )
11/12/21 08:42:15 DB : phase1 hard event canceled ( ref count = 2 )
11/12/21 08:42:15 DB : phase1 dead event canceled ( ref count = 1 )
11/12/21 08:42:15 ii : sending peer DELETE message
11/12/21 08:42:15 ii : - 172.16.1.214:4500 -> 191.2.2.2:4500
11/12/21 08:42:15 ii : - isakmp spi = ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:15 ii : - data size 0
11/12/21 08:42:15 >> : hash payload
11/12/21 08:42:15 >> : delete payload
11/12/21 08:42:15 == : new informational hash ( 20 bytes )
11/12/21 08:42:15 == : new informational iv ( 8 bytes )
11/12/21 08:42:15 >= : cookies ad47e3b4dc041cd7:841951cb888fa665
11/12/21 08:42:15 >= : message 3b80e688
11/12/21 08:42:15 >= : encrypt iv ( 8 bytes )
11/12/21 08:42:15 == : encrypt packet ( 80 bytes )
11/12/21 08:42:15 == : stored iv ( 8 bytes )
11/12/21 08:42:15 -> : send NAT-T:IKE packet 172.16.1.214:4500 ->
191.2.2.2:4500 ( 116 bytes )
11/12/21 08:42:15 ii : phase1 removal before expire time
11/12/21 08:42:15 DB : phase1 deleted ( obj count = 0 )
11/12/21 08:42:15 DB : tunnel deleted ( obj count = 0 )
11/12/21 08:42:15 DB : removing all peer tunnel refrences
11/12/21 08:42:15 DB : peer deleted ( obj count = 0 )
11/12/21 08:42:15 ii : ipc client process thread exit ...
11/12/21 08:42:15 K< : recv pfkey X_SPDDELETE2 UNSPEC message
11/12/21 08:42:15 DB : policy found
11/12/21 08:42:15 DB : policy deleted ( obj count = 5 )
11/12/21 08:42:15 K< : recv pfkey X_SPDDELETE2 UNSPEC message
11/12/21 08:42:15 DB : policy found
11/12/21 08:42:15 DB : policy deleted ( obj count = 4 )
11/12/21 08:42:15 K< : recv pfkey DELETE ESP message
11/12/21 08:42:15 K< : recv pfkey DELETE ESP message
11/12/21 08:42:22 ii : halt signal received, shutting down
11/12/21 08:42:22 ii : ipc server process thread exit ...
11/12/21 08:42:22 ii : pfkey process thread exit ...
11/12/21 08:42:22 ii : network process thread exit ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked.log
Type: application/octet-stream
Size: 59010 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20111221/5036af5c/attachment-0001.obj>
More information about the vpn-help
mailing list