[Swan-dev] problem with ikev2 for libreswan version 3.8

jeffchen Fri, 25 Apr 2014 07:49:11 -0700

Hi,

I am trying to use ikev2 for libreswan (version 3.8). I have someproblem (same problem happen for libreswan version 3.7) to connect theipsec tunnel between two libreswan endpoint using ikev2. I also tried touse ikev2=insist, it has the same problem.If I use ikev1, the tunnel is established successfully with the sameconfiguration.

My setup is quite simple, the two libreswan endpoint are back to backconnected. And I use preshared key to establish the tunnel.


Below is my configuration:
config setup
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=no
        nhelpers=0
        oe=off
        protostack=netkey

# Add connections here

# sample VPN connections, see /etc/ipsec.d/examples/

conn net32
        connaddrfamily=ipv4
        authby=secret
        auto=add
        ikev2=propose
        phase2=esp
        left=192.168.32.4
        leftsubnet=192.168.13.0/24
        leftupdown="ipsec _updown --route yes"
        pfs=no
        right=192.168.32.9
        rightsubnet=192.168.41.0/24
        rightupdown="ipsec _updown --route yes"
        type=tunnel

Basically the problem is that during the ikev2 negotiation, it can notfind the v2 state object for ICOOKIE and RCOOKIE pair, and it sendsv2N_INVALID_MESSAGE_ID message to the peer. The error message looks likethis:

Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet withexchange type=ISAKMP_v2_AUTH (35)

Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE:  57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE:  00 00 00 00  00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF

Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500: sendingnotification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500

And I found the problem is actually caused by a deletion of state justbefore the above messages:

Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition withSTF_INLINEApr 25 10:14:38 R4 pluto[25049]: | * processed 0 messages fromcryptographic helpersApr 25 10:14:38 R4 pluto[25049]: | next event EVENT_SO_DISCARD in 0seconds for #1

Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD

Apr 25 10:14:38 R4 pluto[25049]: | event after this isEVENT_PENDING_DDNS in 41 seconds

Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:  57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11

Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 41seconds

Looked at the source code, found in programs/pluto/state.c, functioninsert_state, it has this piece of code:

    if (st->st_event == NULL)
        event_schedule(EVENT_SO_DISCARD, 0, st);

It deletes the state and cause the state can not be found for theICOOKIE and RCOOKIE pair. If I comment this piece of code, the tunnel isestablished successfully.

Does anyone know what cause this problem? Maybe my configuration hassomething wrong?


Thanks

Jeff Chen

Below is the whole log message during the tunnel establishment:

Apr 25 10:14:31 R4 pluto[25049]: | base debugging =raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfoApr 25 10:14:31 R4 pluto[25049]: | * processed 0 messages fromcryptographic helpersApr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 48secondsApr 25 10:14:31 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 48seconds

Apr 25 10:14:38 R4 pluto[25049]: |

Apr 25 10:14:38 R4 pluto[25049]: | *received 820 bytes from192.168.32.9:500 on switch.0012 (port=500)Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 00 00 0000 00 00 00 00Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 08 00 00 00 00 00 00 0334 22 00 01 fcApr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 01 01 00 04 03 00 000c 01 00 00 0cApr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 0002 03 00 00 08Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 000e 02 00 00 2cApr 25 10:14:38 R4 pluto[25049]: | 02 01 00 04 03 00 00 0c 01 00 000c 80 0e 00 80Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 0008 02 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00 0028 03 01 00 04Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 0008 03 00 00 02Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00 0008 04 00 00 0eApr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 04 01 00 04 03 00 0008 01 00 00 03Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 0008 02 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 0e 02 00 002c 05 01 00 04Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 0c 01 00 00 0c 80 0e 0080 03 00 00 08Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 02 03 00 00 08 02 00 0002 00 00 00 08Apr 25 10:14:38 R4 pluto[25049]: | 04 00 00 05 02 00 00 2c 06 01 0004 03 00 00 0cApr 25 10:14:38 R4 pluto[25049]: | 01 00 00 0c 80 0e 00 80 03 00 0008 03 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00 0008 04 00 00 05Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 28 07 01 00 04 03 00 0008 01 00 00 03Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 02 03 00 0008 02 00 00 02Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 05 02 00 0028 08 01 00 04Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 0008 03 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 01 00 00 0008 04 00 00 05Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 2c 09 01 00 04 03 00 000c 01 00 00 0cApr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 0002 03 00 00 08Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 0002 02 00 00 2cApr 25 10:14:38 R4 pluto[25049]: | 0a 01 00 04 03 00 00 0c 01 00 000c 80 0e 00 80Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 0008 02 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 02 00 0028 0b 01 00 04Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 01 00 00 03 03 00 0008 03 00 00 02Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 02 00 00 02 00 00 0008 04 00 00 02Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 28 0c 01 00 04 03 00 0008 01 00 00 03Apr 25 10:14:38 R4 pluto[25049]: | 03 00 00 08 03 00 00 01 03 00 0008 02 00 00 01Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 08 04 00 00 02 28 00 0108 00 0e 00 00Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8 3dc7 9c e5 43 53Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b c0c9 c6 d2 a2 aaApr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc d3fb 76 c3 e1 c5Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05 7baa 98 14 e6 1dApr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77 ab12 cf 71 3b fbApr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28 fb76 be 1f 7e 8bApr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a 90f6 7a f7 42 d6Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30 e6e2 9f 0a bb cdApr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43 6654 da 85 7c 9bApr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2 7a1d 7d ed 05 69Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30 1c7c 35 d9 79 1eApr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37 4a31 87 8d 0f 39Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef 8d5f f0 f9 69 c6Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da f1e9 15 09 dc 8aApr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c 9401 00 3d 54 ceApr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e fd95 59 d5 17 eeApr 25 10:14:38 R4 pluto[25049]: | 00 00 00 14 1e 3c 63 b2 30 74 f39e d8 b3 c2 ec

Apr 25 10:14:38 R4 pluto[25049]: |   b0 01 81 87
Apr 25 10:14:38 R4 pluto[25049]: | **parse ISAKMP Message:
Apr 25 10:14:38 R4 pluto[25049]: |    initiator cookie:
Apr 25 10:14:38 R4 pluto[25049]: |   44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: |    responder cookie:
Apr 25 10:14:38 R4 pluto[25049]: |   00 00 00 00  00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2SA

Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0(rfc4306/rfc5996)

Apr 25 10:14:38 R4 pluto[25049]: |    exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:38 R4 pluto[25049]: |    flags: ISAKMP_FLAG_INIT
Apr 25 10:14:38 R4 pluto[25049]: |    message ID:  00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: |    length: 820

Apr 25 10:14:38 R4 pluto[25049]: | processing version=2.0 packet withexchange type=ISAKMP_v2_SA_INIT (34)

Apr 25 10:14:38 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:  00 00 00 00  00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:  00 00 00 00  00 00 00 00
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:38 R4 pluto[25049]: | v2 state object not found

Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload(ISAKMP_NEXT_v2SA)Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Security AssociationPayload:

Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2KE
Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: |    length: 508

Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2SA(len=508)Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload(ISAKMP_NEXT_v2KE)

Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Key Exchange Payload:

Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:ISAKMP_NEXT_v2Ni

Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: |    length: 264
Apr 25 10:14:38 R4 pluto[25049]: |    DH group: OAKLEY_GROUP_MODP2048

Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2KE(len=264)Apr 25 10:14:38 R4 pluto[25049]: | Now let's proceed with payload(ISAKMP_NEXT_v2Ni)

Apr 25 10:14:38 R4 pluto[25049]: | ***parse IKEv2 Nonce Payload:
Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: |    length: 20

Apr 25 10:14:38 R4 pluto[25049]: | processing payload: ISAKMP_NEXT_v2Ni(len=20)Apr 25 10:14:38 R4 pluto[25049]: | Finished and now at the end ofikev2_process_payloadApr 25 10:14:38 R4 pluto[25049]: | Finished processingikev2_process_payloadsApr 25 10:14:38 R4 pluto[25049]: | Now lets proceed with state specificprocessingApr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 called fromikev2parent_inI1outR1, me=192.168.32.4:500 him=192.168.32.9:500policy=IKEv2ALLOWApr 25 10:14:38 R4 pluto[25049]: | find_host_pair: comparing to192.168.32.4:500 192.168.32.9:500Apr 25 10:14:38 R4 pluto[25049]: | find_host_pair_conn(find_host_connection2): 192.168.32.4:500 192.168.32.9:500 -> hp:net32Apr 25 10:14:38 R4 pluto[25049]: | searching for connection with policy= IKEv2ALLOWApr 25 10:14:38 R4 pluto[25049]: | found policy =PSK+ENCRYPT+TUNNEL+IKEv2ALLOW+IKEv2Init+SAREFTRACK+IKE_FRAG (net32)

Apr 25 10:14:38 R4 pluto[25049]: | find_host_connection2 returns net32
Apr 25 10:14:38 R4 pluto[25049]: | found connection: net32
Apr 25 10:14:38 R4 pluto[25049]: | creating state object #1 at 0x20fa8688
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:  57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:38 R4 pluto[25049]: | inserting state object #1

Apr 25 10:14:38 R4 pluto[25049]: | inserting event EVENT_SO_DISCARD,timeout in 0 seconds for #1

Apr 25 10:14:38 R4 pluto[25049]: | event added at head of queue
Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | will not send/process a dcookie
Apr 25 10:14:38 R4 pluto[25049]: | helper -1 doing build_kenonce op id: 0
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of Prime:

Apr 25 10:14:38 R4 pluto[25049]: | ff ff ff ff ff ff ff ff c9 0f daa2 21 68 c2 34Apr 25 10:14:38 R4 pluto[25049]: | c4 c6 62 8b 80 dc 1c d1 29 02 4e08 8a 67 cc 74Apr 25 10:14:38 R4 pluto[25049]: | 02 0b be a6 3b 13 9b 22 51 4a 0879 8e 34 04 ddApr 25 10:14:38 R4 pluto[25049]: | ef 95 19 b3 cd 3a 43 1b 30 2b 0a6d f2 5f 14 37Apr 25 10:14:38 R4 pluto[25049]: | 4f e1 35 6d 6d 51 c2 45 e4 85 b576 62 5e 7e c6Apr 25 10:14:38 R4 pluto[25049]: | f4 4c 42 e9 a6 37 ed 6b 0b ff 5cb6 f4 06 b7 edApr 25 10:14:38 R4 pluto[25049]: | ee 38 6b fb 5a 89 9f a5 ae 9f 2411 7c 4b 1f e6Apr 25 10:14:38 R4 pluto[25049]: | 49 28 66 51 ec e4 5b 3d c2 00 7cb8 a1 63 bf 05Apr 25 10:14:38 R4 pluto[25049]: | 98 da 48 36 1c 55 d3 9a 69 16 3fa8 fd 24 cf 5fApr 25 10:14:38 R4 pluto[25049]: | 83 65 5d 23 dc a3 ad 96 1c 62 f356 20 85 52 bbApr 25 10:14:38 R4 pluto[25049]: | 9e d5 29 07 70 96 96 6d 67 0c 354e 4a bc 98 04Apr 25 10:14:38 R4 pluto[25049]: | f1 74 6c 08 ca 18 21 7c 32 90 5e46 2e 36 ce 3bApr 25 10:14:38 R4 pluto[25049]: | e3 9e 77 2c 18 0e 86 03 9b 27 83a2 ec 07 a2 8fApr 25 10:14:38 R4 pluto[25049]: | b5 c5 5d f0 6f 4c 52 c9 de 2b cbf6 95 58 17 18Apr 25 10:14:38 R4 pluto[25049]: | 39 95 49 7c ea 95 6a e5 15 d2 2618 98 fa 05 10Apr 25 10:14:38 R4 pluto[25049]: | 15 72 8e 5a 8a ac aa 68 ff ff ffff ff ff ff ff

Apr 25 10:14:38 R4 pluto[25049]: | NSS: Value of base:
Apr 25 10:14:38 R4 pluto[25049]: |   02
Apr 25 10:14:38 R4 pluto[25049]: | NSS: generated dh priv and pub keys: 256
Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH secret (pointer):
Apr 25 10:14:38 R4 pluto[25049]: |   20 fa cc 60

Apr 25 10:14:38 R4 pluto[25049]: | NSS: Public DH value sent(computed inNSS):Apr 25 10:14:38 R4 pluto[25049]: | 4d 26 44 7e 77 d8 17 f5 f5 b3 eff2 5b 14 67 35Apr 25 10:14:38 R4 pluto[25049]: | fa c7 66 7e 62 d0 01 34 f2 c2 79b0 e6 f3 fe 8bApr 25 10:14:38 R4 pluto[25049]: | db 99 5a b9 0a fb 9a 08 bf 3c 9442 4c 15 8e 23Apr 25 10:14:38 R4 pluto[25049]: | b1 ee 3c ff ca ad 05 01 00 b5 3d1a 21 5f 4e b8Apr 25 10:14:38 R4 pluto[25049]: | 95 ba c4 a3 48 8f 43 c7 d4 6a 7703 93 0d 33 96Apr 25 10:14:38 R4 pluto[25049]: | f1 e0 d5 57 e8 e4 08 7b 80 36 5ce1 33 83 e7 d4Apr 25 10:14:38 R4 pluto[25049]: | 2d 91 30 c6 0f c3 f2 19 e6 a8 79ef 4e be 05 30Apr 25 10:14:38 R4 pluto[25049]: | de dd df 02 5f c9 cd 40 75 16 2991 08 55 29 4dApr 25 10:14:38 R4 pluto[25049]: | 88 eb 42 a0 f9 b2 cb ed 0e 4b 8a74 6d ca 7c 89Apr 25 10:14:38 R4 pluto[25049]: | de eb 3c 1e cc f6 f8 58 c8 27 b544 a1 21 2c 87Apr 25 10:14:38 R4 pluto[25049]: | 74 bc 85 e0 c8 50 c8 a0 67 10 bc72 e2 16 e2 c9Apr 25 10:14:38 R4 pluto[25049]: | 4e 81 87 ce 89 6d 70 bb f1 4d 14b9 70 9a 85 70Apr 25 10:14:38 R4 pluto[25049]: | d9 45 ca f3 25 d9 ac ed 0f fd 33cb 23 ed 82 0bApr 25 10:14:38 R4 pluto[25049]: | 17 0d fc ea c8 c5 1e 30 07 59 d5be eb ab 2a 39Apr 25 10:14:38 R4 pluto[25049]: | 9d 36 15 cb e4 0d 48 39 5e 2e 46f9 5f 10 0f 57Apr 25 10:14:38 R4 pluto[25049]: | 12 e6 e4 1f 23 e4 d8 2f 12 c8 2998 d6 99 62 75

Apr 25 10:14:38 R4 pluto[25049]: | NSS: Local DH public value (pointer):
Apr 25 10:14:38 R4 pluto[25049]: |   20 fa c4 58
Apr 25 10:14:38 R4 pluto[25049]: | Generated nonce:

Apr 25 10:14:38 R4 pluto[25049]: | 96 c8 96 22 3d 1d 9e 99 3e 7c e6c9 12 e8 3e f7Apr 25 10:14:38 R4 pluto[25049]: | ikev2 parent inI1outR1: calculatedke+nonce, sending R1

Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | **emit ISAKMP Message:
Apr 25 10:14:38 R4 pluto[25049]: |    initiator cookie:
Apr 25 10:14:38 R4 pluto[25049]: |   44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: |    responder cookie:
Apr 25 10:14:38 R4 pluto[25049]: |   57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2SA

Apr 25 10:14:38 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0(rfc4306/rfc5996)

Apr 25 10:14:38 R4 pluto[25049]: |    exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:38 R4 pluto[25049]: |    flags: ISAKMP_FLAG_RESPONSE
Apr 25 10:14:38 R4 pluto[25049]: |    message ID:  00 00 00 00

Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Security AssociationPayload:

Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2KE
Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: | no IKE algorithms for this connection

Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal SubstructurePayload:

Apr 25 10:14:38 R4 pluto[25049]: |    last proposal: v2_PROPOSAL_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 44
Apr 25 10:14:38 R4 pluto[25049]: |    prop #: 1
Apr 25 10:14:38 R4 pluto[25049]: |    proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: |    spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: |    # transforms: 4

Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 12
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_ENCR
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 12

Apr 25 10:14:38 R4 pluto[25049]: | ******parse IKEv2 AttributeSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    af+type: IKEv2_KEY_LENGTH
Apr 25 10:14:38 R4 pluto[25049]: |    length/value: 128

Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 8
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_INTEG
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 2

Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 8
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_PRF
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 2

Apr 25 10:14:38 R4 pluto[25049]: | *****parse IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 8
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_DH
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 14
Apr 25 10:14:38 R4 pluto[25049]: | ipprotoid is '1'

Apr 25 10:14:38 R4 pluto[25049]: | proposal 1 succeeded encr=(policy:AES_CBC vs offered:AES_CBC)Apr 25 10:14:38 R4 pluto[25049]: | succeededinteg=(policy:AUTH_HMAC_SHA1_96 vs offered:AUTH_HMAC_SHA1_96)Apr 25 10:14:38 R4 pluto[25049]: | succeeded prf=(policy:PRF_HMAC_SHA1 vs offered:PRF_HMAC_SHA1)Apr 25 10:14:38 R4 pluto[25049]: | succeeded dh=(policy:OAKLEY_GROUP_MODP2048 vs offered:OAKLEY_GROUP_MODP2048)Apr 25 10:14:38 R4 pluto[25049]: | ****parse IKEv2 Proposal SubstructurePayload:

Apr 25 10:14:38 R4 pluto[25049]: |    last proposal: v2_PROPOSAL_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    length: 44
Apr 25 10:14:38 R4 pluto[25049]: |    prop #: 2
Apr 25 10:14:38 R4 pluto[25049]: |    proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: |    spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: |    # transforms: 4

Apr 25 10:14:38 R4 pluto[25049]: | ****emit IKEv2 Proposal SubstructurePayload:

Apr 25 10:14:38 R4 pluto[25049]: |    last proposal: v2_PROPOSAL_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    prop #: 1
Apr 25 10:14:38 R4 pluto[25049]: |    proto ID: IKEv2_SEC_PROTO_IKE
Apr 25 10:14:38 R4 pluto[25049]: |    spi size: 0
Apr 25 10:14:38 R4 pluto[25049]: |    # transforms: 4

Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_ENCR
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 12

Apr 25 10:14:38 R4 pluto[25049]: | ******emit IKEv2 AttributeSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    af+type: IKEv2_KEY_LENGTH
Apr 25 10:14:38 R4 pluto[25049]: |    length/value: 128
Apr 25 10:14:38 R4 pluto[25049]: |     [128 is 128??]

Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 TransformSubstructure Payload: 12Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_INTEG
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 2

Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 TransformSubstructure Payload: 8Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_NON_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_PRF
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 2

Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 TransformSubstructure Payload: 8Apr 25 10:14:38 R4 pluto[25049]: | *****emit IKEv2 TransformSubstructure Payload:

Apr 25 10:14:38 R4 pluto[25049]: |    last transform: v2_TRANSFORM_LAST
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform type: TRANS_TYPE_DH
Apr 25 10:14:38 R4 pluto[25049]: |    IKEv2 transform ID: 14

Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 TransformSubstructure Payload: 8Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 ProposalSubstructure Payload: 44Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 SecurityAssociation Payload: 48

Apr 25 10:14:38 R4 pluto[25049]: | DH public value received:

Apr 25 10:14:38 R4 pluto[25049]: | f7 3f 4d 0a 1b d5 1e db 7c f8 3dc7 9c e5 43 53Apr 25 10:14:38 R4 pluto[25049]: | 2c 91 77 0f a2 17 bc 46 82 3b c0c9 c6 d2 a2 aaApr 25 10:14:38 R4 pluto[25049]: | d3 cf e6 d0 f0 0b ca 26 10 cc d3fb 76 c3 e1 c5Apr 25 10:14:38 R4 pluto[25049]: | 3b 04 da d1 59 fc 70 40 97 05 7baa 98 14 e6 1dApr 25 10:14:38 R4 pluto[25049]: | 7c cc e6 f5 d0 9b b5 32 74 77 ab12 cf 71 3b fbApr 25 10:14:38 R4 pluto[25049]: | 78 40 3d 03 56 cd 36 b1 ae 28 fb76 be 1f 7e 8bApr 25 10:14:38 R4 pluto[25049]: | 67 9a eb 2e e9 15 41 99 91 7a 90f6 7a f7 42 d6Apr 25 10:14:38 R4 pluto[25049]: | 4b 28 e2 47 c5 e5 54 7e b1 30 e6e2 9f 0a bb cdApr 25 10:14:38 R4 pluto[25049]: | 54 ed 18 2b 3e 34 d5 83 64 43 6654 da 85 7c 9bApr 25 10:14:38 R4 pluto[25049]: | b2 af db 2b c3 10 fc 38 44 c2 7a1d 7d ed 05 69Apr 25 10:14:38 R4 pluto[25049]: | 22 9a 1e 10 ab 4e ab b0 be 30 1c7c 35 d9 79 1eApr 25 10:14:38 R4 pluto[25049]: | cf 88 30 fe 1b 06 a1 43 8d 37 4a31 87 8d 0f 39Apr 25 10:14:38 R4 pluto[25049]: | b2 09 ef a0 f1 99 8b 7d 4d ef 8d5f f0 f9 69 c6Apr 25 10:14:38 R4 pluto[25049]: | fb e8 3d 30 40 50 fe c4 97 da f1e9 15 09 dc 8aApr 25 10:14:38 R4 pluto[25049]: | fa 88 2c 60 49 36 52 fc 47 8c 9401 00 3d 54 ceApr 25 10:14:38 R4 pluto[25049]: | 55 eb 42 19 ad 74 47 3c f2 9e fd95 59 d5 17 eeApr 25 10:14:38 R4 pluto[25049]: | saving DH priv (local secret) and pubkey into state struc

Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Key Exchange Payload:

Apr 25 10:14:38 R4 pluto[25049]: | IKEv2 next payload type:ISAKMP_NEXT_v2Ni

Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:38 R4 pluto[25049]: |    DH group: OAKLEY_GROUP_MODP2048

Apr 25 10:14:38 R4 pluto[25049]: | emitting 256 raw bytes of ikev2 g^xinto IKEv2 Key Exchange PayloadApr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4d 26 44 7e 77 d8 17 f5f5 b3 ef f2 5b 14 67 35Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x fa c7 66 7e 62 d0 01 34f2 c2 79 b0 e6 f3 fe 8bApr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x db 99 5a b9 0a fb 9a 08bf 3c 94 42 4c 15 8e 23Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x b1 ee 3c ff ca ad 05 0100 b5 3d 1a 21 5f 4e b8Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 95 ba c4 a3 48 8f 43 c7d4 6a 77 03 93 0d 33 96Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x f1 e0 d5 57 e8 e4 08 7b80 36 5c e1 33 83 e7 d4Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 2d 91 30 c6 0f c3 f2 19e6 a8 79 ef 4e be 05 30Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de dd df 02 5f c9 cd 4075 16 29 91 08 55 29 4dApr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 88 eb 42 a0 f9 b2 cb ed0e 4b 8a 74 6d ca 7c 89Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x de eb 3c 1e cc f6 f8 58c8 27 b5 44 a1 21 2c 87Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 74 bc 85 e0 c8 50 c8 a067 10 bc 72 e2 16 e2 c9Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 4e 81 87 ce 89 6d 70 bbf1 4d 14 b9 70 9a 85 70Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x d9 45 ca f3 25 d9 ac ed0f fd 33 cb 23 ed 82 0bApr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 17 0d fc ea c8 c5 1e 3007 59 d5 be eb ab 2a 39Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 9d 36 15 cb e4 0d 48 395e 2e 46 f9 5f 10 0f 57Apr 25 10:14:38 R4 pluto[25049]: | ikev2 g^x 12 e6 e4 1f 23 e4 d8 2f12 c8 29 98 d6 99 62 75Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 Key ExchangePayload: 264

Apr 25 10:14:38 R4 pluto[25049]: | ***emit IKEv2 Nonce Payload:
Apr 25 10:14:38 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:38 R4 pluto[25049]: |    critical bit: none

Apr 25 10:14:38 R4 pluto[25049]: | emitting 16 raw bytes of IKEv2 nonceinto IKEv2 Nonce PayloadApr 25 10:14:38 R4 pluto[25049]: | IKEv2 nonce 96 c8 96 22 3d 1d 9e99 3e 7c e6 c9 12 e8 3e f7Apr 25 10:14:38 R4 pluto[25049]: | emitting length of IKEv2 NoncePayload: 20

Apr 25 10:14:38 R4 pluto[25049]: | no IKE message padding required
Apr 25 10:14:38 R4 pluto[25049]: | emitting length of ISAKMP Message: 360
Apr 25 10:14:38 R4 pluto[25049]: | complete v2 state transition with STF_OK

Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: transition from stateSTATE_IKEv2_START to state STATE_PARENT_R1Apr 25 10:14:38 R4 pluto[25049]: "net32" #1: STATE_PARENT_R1: receivedv2I1, sent v2R1 {auth=IKEv2 cipher=aes_128 integ=sha1_96 prf=oakley_shagroup=modp2048}Apr 25 10:14:38 R4 pluto[25049]: | sending reply packet to192.168.32.9:500 (from port 500)Apr 25 10:14:38 R4 pluto[25049]: | sending 360 bytes forSTATE_IKEv2_START through switch.0012:500 to 192.168.32.9:500 (using #1)Apr 25 10:14:38 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3dad 75 3a 79 c9Apr 25 10:14:38 R4 pluto[25049]: | 21 20 22 20 00 00 00 00 00 00 0168 22 00 00 30Apr 25 10:14:38 R4 pluto[25049]: | 00 00 00 2c 01 01 00 04 03 00 000c 01 00 00 0cApr 25 10:14:38 R4 pluto[25049]: | 80 0e 00 80 03 00 00 08 03 00 0002 03 00 00 08Apr 25 10:14:38 R4 pluto[25049]: | 02 00 00 02 00 00 00 08 04 00 000e 28 00 01 08Apr 25 10:14:38 R4 pluto[25049]: | 00 0e 00 00 4d 26 44 7e 77 d8 17f5 f5 b3 ef f2Apr 25 10:14:38 R4 pluto[25049]: | 5b 14 67 35 fa c7 66 7e 62 d0 0134 f2 c2 79 b0Apr 25 10:14:38 R4 pluto[25049]: | e6 f3 fe 8b db 99 5a b9 0a fb 9a08 bf 3c 94 42Apr 25 10:14:38 R4 pluto[25049]: | 4c 15 8e 23 b1 ee 3c ff ca ad 0501 00 b5 3d 1aApr 25 10:14:38 R4 pluto[25049]: | 21 5f 4e b8 95 ba c4 a3 48 8f 43c7 d4 6a 77 03Apr 25 10:14:38 R4 pluto[25049]: | 93 0d 33 96 f1 e0 d5 57 e8 e4 087b 80 36 5c e1Apr 25 10:14:38 R4 pluto[25049]: | 33 83 e7 d4 2d 91 30 c6 0f c3 f219 e6 a8 79 efApr 25 10:14:38 R4 pluto[25049]: | 4e be 05 30 de dd df 02 5f c9 cd40 75 16 29 91Apr 25 10:14:38 R4 pluto[25049]: | 08 55 29 4d 88 eb 42 a0 f9 b2 cbed 0e 4b 8a 74Apr 25 10:14:38 R4 pluto[25049]: | 6d ca 7c 89 de eb 3c 1e cc f6 f858 c8 27 b5 44Apr 25 10:14:38 R4 pluto[25049]: | a1 21 2c 87 74 bc 85 e0 c8 50 c8a0 67 10 bc 72Apr 25 10:14:38 R4 pluto[25049]: | e2 16 e2 c9 4e 81 87 ce 89 6d 70bb f1 4d 14 b9Apr 25 10:14:38 R4 pluto[25049]: | 70 9a 85 70 d9 45 ca f3 25 d9 aced 0f fd 33 cbApr 25 10:14:38 R4 pluto[25049]: | 23 ed 82 0b 17 0d fc ea c8 c5 1e30 07 59 d5 beApr 25 10:14:38 R4 pluto[25049]: | eb ab 2a 39 9d 36 15 cb e4 0d 4839 5e 2e 46 f9Apr 25 10:14:38 R4 pluto[25049]: | 5f 10 0f 57 12 e6 e4 1f 23 e4 d82f 12 c8 29 98Apr 25 10:14:38 R4 pluto[25049]: | d6 99 62 75 00 00 00 14 96 c8 9622 3d 1d 9e 99

Apr 25 10:14:38 R4 pluto[25049]: |   3e 7c e6 c9  12 e8 3e f7

Apr 25 10:14:38 R4 pluto[25049]: | *time to handle event
Apr 25 10:14:38 R4 pluto[25049]: | handling event EVENT_SO_DISCARD

Apr 25 10:14:38 R4 pluto[25049]: | event after this isEVENT_PENDING_DDNS in 41 seconds

Apr 25 10:14:38 R4 pluto[25049]: | processing connection net32
Apr 25 10:14:38 R4 pluto[25049]: | deleting state #1
Apr 25 10:14:38 R4 pluto[25049]: | deleting event for #1
Apr 25 10:14:38 R4 pluto[25049]: | no suspended cryptographic state for 1
Apr 25 10:14:38 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:38 R4 pluto[25049]: | RCOOKIE:  57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:38 R4 pluto[25049]: | state hash entry 11

Apr 25 10:14:38 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 41seconds

Apr 25 10:14:39 R4 pluto[25049]: |

Apr 25 10:14:39 R4 pluto[25049]: | *received 316 bytes from192.168.32.9:500 on switch.0012 (port=500)Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3dad 75 3a 79 c9Apr 25 10:14:39 R4 pluto[25049]: | 2e 20 23 08 00 00 00 01 00 00 013c 23 00 01 20Apr 25 10:14:39 R4 pluto[25049]: | f3 53 aa ba ee 28 bc f3 28 fc 3752 53 8c 64 40Apr 25 10:14:39 R4 pluto[25049]: | 8e 74 39 49 53 83 30 ec 77 43 cd05 79 ef a0 07Apr 25 10:14:39 R4 pluto[25049]: | 14 64 ef 3b 08 e8 a1 f2 58 1a 446a de c9 10 b1Apr 25 10:14:39 R4 pluto[25049]: | e7 e3 08 42 4e 90 cf f0 84 75 b32b a2 0c 74 37Apr 25 10:14:39 R4 pluto[25049]: | 1e b9 4f 65 b7 06 4d 36 13 f0 bff6 41 2a a1 e8Apr 25 10:14:39 R4 pluto[25049]: | bf 8d 0f 0c 9c a9 16 10 3a 63 34f8 e4 09 52 8fApr 25 10:14:39 R4 pluto[25049]: | 35 f9 d0 2c d0 60 1f 37 40 16 8d62 b0 d9 f4 a1Apr 25 10:14:39 R4 pluto[25049]: | a3 f0 ba 7f f4 a1 8b 4c 2b 20 46be de 61 55 51Apr 25 10:14:39 R4 pluto[25049]: | 53 05 9f e3 7b 37 f6 15 df a8 5532 04 ba 32 33Apr 25 10:14:39 R4 pluto[25049]: | d5 57 19 7a b3 cd 99 20 71 6d 859d 77 13 91 82Apr 25 10:14:39 R4 pluto[25049]: | 9b 77 e0 04 21 24 a7 a9 84 b4 2654 da b2 e2 8dApr 25 10:14:39 R4 pluto[25049]: | 7f 39 1f 50 0b 6d a7 4d c1 21 0330 36 8b 5e caApr 25 10:14:39 R4 pluto[25049]: | 9b a2 ec 31 69 47 33 fe ee 60 577e 5f 93 a1 31Apr 25 10:14:39 R4 pluto[25049]: | 2a de 2a 37 56 e2 59 3e f7 d5 3241 f3 1d 91 e8Apr 25 10:14:39 R4 pluto[25049]: | 5c f1 5a 25 b3 cf e1 aa cd db 8f03 42 2b fc b7Apr 25 10:14:39 R4 pluto[25049]: | d2 31 d1 8e b7 32 d3 b8 05 b2 ae87 dc 1c 5b a2Apr 25 10:14:39 R4 pluto[25049]: | 53 d6 6b 86 1c 98 3a 1c 0c b3 1bba 1a 9a ef 59

Apr 25 10:14:39 R4 pluto[25049]: |   84 84 a9 98  86 df 4f 5c  8f ad 19 ec
Apr 25 10:14:39 R4 pluto[25049]: | **parse ISAKMP Message:
Apr 25 10:14:39 R4 pluto[25049]: |    initiator cookie:
Apr 25 10:14:39 R4 pluto[25049]: |   44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: |    responder cookie:
Apr 25 10:14:39 R4 pluto[25049]: |   57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2E

Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0(rfc4306/rfc5996)

Apr 25 10:14:39 R4 pluto[25049]: |    exchange type: ISAKMP_v2_AUTH
Apr 25 10:14:39 R4 pluto[25049]: |    flags: ISAKMP_FLAG_INIT
Apr 25 10:14:39 R4 pluto[25049]: |    message ID:  00 00 00 01
Apr 25 10:14:39 R4 pluto[25049]: |    length: 316

Apr 25 10:14:39 R4 pluto[25049]: | processing version=2.0 packet withexchange type=ISAKMP_v2_AUTH (35)

Apr 25 10:14:39 R4 pluto[25049]: | I am IKE SA Responder
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE:  57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 11
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ICOOKIE:  44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: | RCOOKIE:  00 00 00 00  00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | state hash entry 28
Apr 25 10:14:39 R4 pluto[25049]: | v2 state object not found
Apr 25 10:14:39 R4 pluto[25049]: | ended up with STATE_IKEv2_ROOF

Apr 25 10:14:39 R4 pluto[25049]: packet from 192.168.32.9:500: sendingnotification v2N_INVALID_MESSAGE_ID to 192.168.32.9:500

Apr 25 10:14:39 R4 pluto[25049]: | **emit ISAKMP Message:
Apr 25 10:14:39 R4 pluto[25049]: |    initiator cookie:
Apr 25 10:14:39 R4 pluto[25049]: |   44 4c 4d a9  d2 2c bb 89
Apr 25 10:14:39 R4 pluto[25049]: |    responder cookie:
Apr 25 10:14:39 R4 pluto[25049]: |   57 c1 3d ad  75 3a 79 c9
Apr 25 10:14:39 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2N

Apr 25 10:14:39 R4 pluto[25049]: | ISAKMP version: IKEv2 version 2.0(rfc4306/rfc5996)

Apr 25 10:14:39 R4 pluto[25049]: |    exchange type: ISAKMP_v2_SA_INIT
Apr 25 10:14:39 R4 pluto[25049]: |    flags: ISAKMP_FLAG_RESPONSE
Apr 25 10:14:39 R4 pluto[25049]: |    message ID:  00 00 00 00
Apr 25 10:14:39 R4 pluto[25049]: | Adding a v2N Payload
Apr 25 10:14:39 R4 pluto[25049]: | ***emit IKEv2 Notify Payload:
Apr 25 10:14:39 R4 pluto[25049]: |    next payload type: ISAKMP_NEXT_v2NONE
Apr 25 10:14:39 R4 pluto[25049]: |    critical bit: none
Apr 25 10:14:39 R4 pluto[25049]: |    Protocol ID: PROTO_ISAKMP
Apr 25 10:14:39 R4 pluto[25049]: |    SPI size: 0

Apr 25 10:14:39 R4 pluto[25049]: | Notify Message Type:v2N_INVALID_MESSAGE_IDApr 25 10:14:39 R4 pluto[25049]: | emitting length of IKEv2 NotifyPayload: 8

Apr 25 10:14:39 R4 pluto[25049]: | no IKE message padding required
Apr 25 10:14:39 R4 pluto[25049]: | emitting length of ISAKMP Message: 36

Apr 25 10:14:39 R4 pluto[25049]: | sending 36 bytes forsend_v2_notification through switch.0012:500 to 192.168.32.9:500 (using #0)Apr 25 10:14:39 R4 pluto[25049]: | 44 4c 4d a9 d2 2c bb 89 57 c1 3dad 75 3a 79 c9Apr 25 10:14:39 R4 pluto[25049]: | 29 20 22 20 00 00 00 00 00 00 0024 00 00 00 08

Apr 25 10:14:39 R4 pluto[25049]: |   01 00 00 09

Apr 25 10:14:39 R4 pluto[25049]: | * processed 0 messages fromcryptographic helpersApr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 40secondsApr 25 10:14:39 R4 pluto[25049]: | next event EVENT_PENDING_DDNS in 40seconds


--
Jeff Chen

_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev

[Swan-dev] problem with ikev2 for libreswan version 3.8

Reply via email to