Hi, I am having a Road Warrior config wherein a 4G Access Point is connecting to Libreswan server behind a CGNAT. After the success of the Phase 1, the Pluto crashes, can someone please help here.
ipsec.conf version 2.0 config setup dumpdir=/var/run/pluto/ plutodebug=all logfile=/var/log/pluto.log nat_traversal=yes virtual_private=%v4: 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24 oe=off protostack=netkey nhelpers=0 interfaces=%defaultroute # aggressive=yes uniqueids=no conn vpnpsk connaddrfamily=ipv4 auto=add aggrmode=yes left=10.56.138.86 leftid=125.16.240.98 leftsubnet=10.56.138.86/32 leftnexthop=%defaultroute leftprotoport=17/%any rightprotoport=17/%any right=0.0.0.0 rightsubnetwithin=0.0.0.0/0 rightid=@huawei01 forceencaps=yes authby=secret keyexchange=ike pfs=no type=tunnel auth=esp ike=aes-md5;modp1536 phase2alg=3des-sha1 rekey=yes keyingtries=5 dpddelay=30 dpdtimeout=120 dpdaction=clear Pluto logs: Mar 18 06:34:52: | SKEYID_e prf: update byte 2 Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c5d0) bytes(0x7fff38e0e2dc/1) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(288) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 02 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(289) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c5d0 Mar 18 06:34:52: | SKEYID_e prf: final Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500) to symkey - derive(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(289) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c5d0) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500 Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb40262850) bytes(0x7fff38e0e280/64) - derive(XOR_BASE_AND_DATA) target(CONCATENATE_BASE_AND_DATA) Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(64) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2: 0x7ffb4025c5d0) - derive(CONCATENATE_BASE_AND_KEY) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c5d0) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | concat: key(0x7ffb40264020) length(80) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500 Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c5d0 Mar 18 06:34:52: | prf key: free key 0x7ffb40262850 Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40264020) to symkey - derive(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb40264020) length(80) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | prf outer hash key(0x7ffb40262850) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | prf outer: free key 0x7ffb40264020 Mar 18 06:34:52: | prf final result key(0x7ffb40262850) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | crypt key: symkey from symkey(0x7ffb40262850) - next-byte(0) key-size(16) flags(0x300) derive(EXTRACT_KEY_FROM_KEY) target(AES_CBC) Mar 18 06:34:52: | symkey: key(0x7ffb40262850) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | crypt key: key(0x7ffb40264020) length(16) type/mechanism(AES_CBC 0x00001082) Mar 18 06:34:52: | NSS: pointers skeyid_d 0x7ffb4025f7e0, skeyid_a 0x7ffb40260fc0, skeyid_e 0x7ffb40262850, enc_key 0x7ffb40264020 Mar 18 06:34:52: | DH_i: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2 a2 Mar 18 06:34:52: | DH_i: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb 79 Mar 18 06:34:52: | DH_i: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f c9 Mar 18 06:34:52: | DH_i: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a 59 Mar 18 06:34:52: | DH_i: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2 ba Mar 18 06:34:52: | DH_i: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11 c3 Mar 18 06:34:52: | DH_i: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a 32 Mar 18 06:34:52: | DH_i: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b 91 Mar 18 06:34:52: | DH_i: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3 71 Mar 18 06:34:52: | DH_i: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f d3 Mar 18 06:34:52: | DH_i: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c 1e Mar 18 06:34:52: | DH_i: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a d2 Mar 18 06:34:52: | DH_r: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b Mar 18 06:34:52: | DH_r: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e f2 Mar 18 06:34:52: | DH_r: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13 66 Mar 18 06:34:52: | DH_r: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 Mar 18 06:34:52: | DH_r: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6 ad Mar 18 06:34:52: | DH_r: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17 1c Mar 18 06:34:52: | DH_r: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05 33 Mar 18 06:34:52: | DH_r: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 Mar 18 06:34:52: | DH_r: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da 1d Mar 18 06:34:52: | DH_r: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02 02 Mar 18 06:34:52: | DH_r: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f 16 Mar 18 06:34:52: | DH_r: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51 2c Mar 18 06:34:52: | end of IV generation Mar 18 06:34:52: | crypto helper -1 finished compute dh+iv (V1 Phase 1); request ID 4227595259 time elapsed 5006 usec Mar 18 06:34:52: | aggr_inI1_outR1_continue2 for #1: calculated ke+nonce+DH, sending R1 Mar 18 06:34:52: | processing connection "vpnpsk"[1] 106.220.15.162 Mar 18 06:34:52: | #1 aggr_inI1_outR1_continue2:139 st->st_calculating = FALSE; Mar 18 06:34:52: | thinking about whether to send my certificate: Mar 18 06:34:52: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0?? Mar 18 06:34:52: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Mar 18 06:34:52: | so do not send cert. Mar 18 06:34:52: | I did not send a certificate because digital signatures are not being used. (PSK) Mar 18 06:34:52: | I am not sending a certificate request Mar 18 06:34:52: | **emit ISAKMP Message: Mar 18 06:34:52: | initiator cookie: Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25 Mar 18 06:34:52: | responder cookie: Mar 18 06:34:52: | 91 3a 72 a7 ff 28 5a 10 Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_SA (0x1) Mar 18 06:34:52: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Mar 18 06:34:52: | exchange type: ISAKMP_XCHG_AGGR (0x4) Mar 18 06:34:52: | flags: none (0x0) Mar 18 06:34:52: | message ID: 00 00 00 00 Mar 18 06:34:52: | ***emit ISAKMP Security Association Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_KE (0x4) Mar 18 06:34:52: | DOI: ISAKMP_DOI_IPSEC (0x1) Mar 18 06:34:52: | ****parse IPsec DOI SIT: Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Mar 18 06:34:52: | ****parse ISAKMP Proposal Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0) Mar 18 06:34:52: | length: 48 (0x30) Mar 18 06:34:52: | proposal number: 1 (0x1) Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1) Mar 18 06:34:52: | SPI size: 0 (0x0) Mar 18 06:34:52: | number of transforms: 1 (0x1) Mar 18 06:34:52: | *****parse ISAKMP Transform Payload (ISAKMP): Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0) Mar 18 06:34:52: | length: 40 (0x28) Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0) Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1) Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Mar 18 06:34:52: | length/value: 7 (0x7) Mar 18 06:34:52: | [7 is OAKLEY_AES_CBC] Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=0): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1 Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_KEY_LENGTH (0x800e) Mar 18 06:34:52: | length/value: 128 (0x80) Mar 18 06:34:52: | ike_alg_enc_ok(ealg=7,key_len=128): blocksize=16, keyminlen=128, keydeflen=128, keymaxlen=256, ret=1 Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_HASH_ALGORITHM (0x8002) Mar 18 06:34:52: | length/value: 1 (0x1) Mar 18 06:34:52: | [1 is OAKLEY_MD5] Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003) Mar 18 06:34:52: | length/value: 1 (0x1) Mar 18 06:34:52: | [1 is OAKLEY_PRESHARED_KEY] Mar 18 06:34:52: | started looking for secret for 125.16.240.98->@huawei01 of kind PPK_PSK Mar 18 06:34:52: | actually looking for secret for 125.16.240.98->@huawei01 of kind PPK_PSK Mar 18 06:34:52: | line 2: key type PPK_PSK(125.16.240.98) to type PPK_PSK Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2 Mar 18 06:34:52: | 2: compared key 10.56.138.86 to 125.16.240.98 / @huawei01 -> 2 Mar 18 06:34:52: | line 2: match=2 Mar 18 06:34:52: | best_match 0>2 best=0x7ffb40254310 (line=2) Mar 18 06:34:52: | line 1: key type PPK_PSK(125.16.240.98) to type PPK_PSK Mar 18 06:34:52: | 1: compared key %any to 125.16.240.98 / @huawei01 -> 2 Mar 18 06:34:52: | 2: compared key 125.16.240.98 to 125.16.240.98 / @huawei01 -> 10 Mar 18 06:34:52: | line 1: match=10 Mar 18 06:34:52: | best_match 2>10 best=0x7ffb40254200 (line=1) Mar 18 06:34:52: | concluding with best_match=10 best=0x7ffb40254200 (lineno=1) Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004) Mar 18 06:34:52: | length/value: 5 (0x5) Mar 18 06:34:52: | [5 is OAKLEY_GROUP_MODP1536] Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_LIFE_TYPE (0x800b) Mar 18 06:34:52: | length/value: 1 (0x1) Mar 18 06:34:52: | [1 is OAKLEY_LIFE_SECONDS] Mar 18 06:34:52: | ******parse ISAKMP Oakley attribute: Mar 18 06:34:52: | af+type: OAKLEY_LIFE_DURATION (variable length) (0xc) Mar 18 06:34:52: | length/value: 4 (0x4) Mar 18 06:34:52: | long duration: 86400 Mar 18 06:34:52: | Oakley Transform 0 accepted Mar 18 06:34:52: | ****emit IPsec DOI SIT: Mar 18 06:34:52: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Mar 18 06:34:52: | ****emit ISAKMP Proposal Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0) Mar 18 06:34:52: | proposal number: 1 (0x1) Mar 18 06:34:52: | protocol ID: PROTO_ISAKMP (0x1) Mar 18 06:34:52: | SPI size: 0 (0x0) Mar 18 06:34:52: | number of transforms: 1 (0x1) Mar 18 06:34:52: | *****emit ISAKMP Transform Payload (ISAKMP): Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0) Mar 18 06:34:52: | ISAKMP transform number: 0 (0x0) Mar 18 06:34:52: | ISAKMP transform ID: KEY_IKE (0x1) Mar 18 06:34:52: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Mar 18 06:34:52: | attributes 80 01 00 07 80 0e 00 80 80 02 00 01 80 03 00 01 Mar 18 06:34:52: | attributes 80 04 00 05 80 0b 00 01 00 0c 00 04 00 01 51 80 Mar 18 06:34:52: | emitting length of ISAKMP Transform Payload (ISAKMP): 40 Mar 18 06:34:52: | emitting length of ISAKMP Proposal Payload: 48 Mar 18 06:34:52: | emitting length of ISAKMP Security Association Payload: 60 Mar 18 06:34:52: | ***emit ISAKMP Key Exchange Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONCE (0xa) Mar 18 06:34:52: | emitting 192 raw bytes of keyex value into ISAKMP Key Exchange Payload Mar 18 06:34:52: | keyex value 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b Mar 18 06:34:52: | keyex value 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e f2 Mar 18 06:34:52: | keyex value c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13 66 Mar 18 06:34:52: | keyex value 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 Mar 18 06:34:52: | keyex value dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6 ad Mar 18 06:34:52: | keyex value 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17 1c Mar 18 06:34:52: | keyex value a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05 33 Mar 18 06:34:52: | keyex value 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 Mar 18 06:34:52: | keyex value c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da 1d Mar 18 06:34:52: | keyex value b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02 02 Mar 18 06:34:52: | keyex value 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f 16 Mar 18 06:34:52: | keyex value 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51 2c Mar 18 06:34:52: | emitting length of ISAKMP Key Exchange Payload: 196 Mar 18 06:34:52: | ***emit ISAKMP Nonce Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_ID (0x5) Mar 18 06:34:52: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload Mar 18 06:34:52: | Nr 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c Mar 18 06:34:52: | emitting length of ISAKMP Nonce Payload: 20 Mar 18 06:34:52: | ***emit ISAKMP Identification Payload (IPsec DOI): Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_HASH (0x8) Mar 18 06:34:52: | ID type: ID_IPV4_ADDR (0x1) Mar 18 06:34:52: | Protocol ID: 0 (0x0) Mar 18 06:34:52: | port: 0 (0x0) Mar 18 06:34:52: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Mar 18 06:34:52: | my identity 7d 10 f0 62 Mar 18 06:34:52: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 Mar 18 06:34:52: | hmac prf: init 0x7ffb4025f7a0 Mar 18 06:34:52: | hmac prf: init symkey symkey 0x7ffb4024e4c0 (length 16) Mar 18 06:34:52: | hmac prf: update Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4024e4c0) bytes(0x7ffb3e2cbe00/48) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4024e4c0) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Mar 18 06:34:52: | bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c5d0) length(64) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0) bytes(0x7fff38e0e810/64) - derive(XOR_BASE_AND_DATA) target(CONCATENATE_BASE_AND_DATA) Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 Mar 18 06:34:52: | bytes: 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 36 Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402563d0 (length 192) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500) bytes(0x7ffb402563d0/192) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | bytes: 38 84 ff 8d 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b Mar 18 06:34:52: | bytes: 76 f2 a6 95 55 0b 73 52 97 15 61 05 cd 81 6e f2 Mar 18 06:34:52: | bytes: c6 ed 33 07 c5 dd c8 4c b7 43 ec 68 da 0d 13 66 Mar 18 06:34:52: | bytes: 12 d1 b9 88 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 Mar 18 06:34:52: | bytes: dc f9 53 2b d3 da 81 cf 59 cc e3 55 99 02 d6 ad Mar 18 06:34:52: | bytes: 11 cd 68 a6 42 77 50 6f 27 0e 63 ec 58 a8 17 1c Mar 18 06:34:52: | bytes: a3 5c 2a 07 c1 34 98 be a6 fa a9 82 fc 80 05 33 Mar 18 06:34:52: | bytes: 88 10 c8 da 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 Mar 18 06:34:52: | bytes: c2 2d 97 46 99 3b 58 0a 63 4f 84 72 bb 71 da 1d Mar 18 06:34:52: | bytes: b1 03 bf e5 c7 11 52 33 81 db f2 e6 51 ec 02 02 Mar 18 06:34:52: | bytes: 18 81 63 ed 3a d8 83 09 2e b4 02 fc 00 45 5f 16 Mar 18 06:34:52: | bytes: 48 f7 f1 a8 c5 f1 de e9 90 7d 48 60 5c 2e 51 2c Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(256) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500 Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40256200 (length 192) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410) bytes(0x7ffb40256200/192) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(256) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: d5 b8 ad 13 87 4b 97 b3 5f 84 e7 e9 6c c4 a2 a2 Mar 18 06:34:52: | bytes: b8 6d 5a 46 0d 98 b8 da 77 87 2a b1 49 39 fb 79 Mar 18 06:34:52: | bytes: 4a b8 94 ef 7c 4e 6d 95 78 7a 19 ce a5 ce 9f c9 Mar 18 06:34:52: | bytes: 54 42 57 31 5d f9 6a 35 f1 05 6f 69 58 aa 7a 59 Mar 18 06:34:52: | bytes: f7 1e f3 ef f9 3e eb 65 15 fa 2b 70 6f fa a2 ba Mar 18 06:34:52: | bytes: b8 39 28 4d 03 cc 12 1c 50 8b d1 3f b2 31 11 c3 Mar 18 06:34:52: | bytes: 48 e4 ac 20 f1 21 25 fa 23 91 14 bd 4b 6c 0a 32 Mar 18 06:34:52: | bytes: 4c a0 b1 cf b5 5d 1b 6b df cf 2e 87 b9 f5 3b 91 Mar 18 06:34:52: | bytes: 52 38 91 bc 3c d3 69 10 d5 a3 1a 7e 95 4c e3 71 Mar 18 06:34:52: | bytes: 27 05 86 1a b1 49 bf 25 58 d9 fc 13 dd f0 1f d3 Mar 18 06:34:52: | bytes: 48 bd 2c b2 60 e8 16 6b 4c c8 76 29 0e 5c 2c 1e Mar 18 06:34:52: | bytes: c2 d9 87 32 a3 c4 ba 25 0d a0 7d 07 45 01 7a d2 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(448) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410 Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e40 (length 8) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500) bytes(0x7ffb40255e40/8) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(448) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 91 3a 72 a7 ff 28 5a 10 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(456) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500 Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb40255e18 (length 8) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410) bytes(0x7ffb40255e18/8) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(456) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 47 2c c4 e4 6e 5c ab 25 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(464) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410 Mar 18 06:34:52: | hashing 56 bytes of SA Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb402541a4 (length 56) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c500) bytes(0x7ffb402541a4/56) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(464) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01 Mar 18 06:34:52: | bytes: 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00 80 Mar 18 06:34:52: | bytes: 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00 01 Mar 18 06:34:52: | bytes: 00 0c 00 04 00 01 51 80 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c410) length(520) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c500 Mar 18 06:34:52: | hmac prf: update bytes data 0x7ffb3e2d2df4 (length 8) Mar 18 06:34:52: | concat_symkey_bytes merge symkey(0x7ffb4025c410) bytes(0x7ffb3e2d2df4/8) - derive(CONCATENATE_BASE_AND_DATA) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c410) length(520) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 01 00 00 00 7d 10 f0 62 Mar 18 06:34:52: | concat_symkey_bytes key(0x7ffb4025c500) length(528) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_bytes: free key 0x7ffb4025c410 Mar 18 06:34:52: | hmac prf: final Mar 18 06:34:52: | prf inner hash: hash(oakley_md5) symkey(0x7ffb4025c500) to symkey - derive(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey: key(0x7ffb4025c500) length(528) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | prf inner hash: key(0x7ffb4025c410) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | prf inner:: free key 0x7ffb4025c500 Mar 18 06:34:52: | xor_symkey_chunk merge symkey(0x7ffb4025c5d0) bytes(0x7fff38e0e7f0/64) - derive(XOR_BASE_AND_DATA) target(CONCATENATE_BASE_AND_DATA) Mar 18 06:34:52: | symkey: key(0x7ffb4025c5d0) length(64) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | bytes: 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c 5c Mar 18 06:34:52: | xor_symkey_chunk key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | concat: merge symkey(1: 0x7ffb4025c500) symkey(2: 0x7ffb4025c410) - derive(CONCATENATE_BASE_AND_KEY) target(MD5_KEY_DERIVATION) Mar 18 06:34:52: | symkey 1: key(0x7ffb4025c500) length(64) type/mechanism(CONCATENATE_BASE_AND_DATA 0x00000362) Mar 18 06:34:52: | symkey 2: key(0x7ffb4025c410) length(16) type/mechanism(CONCATENATE_BASE_AND_KEY 0x00000360) Mar 18 06:34:52: | concat: key(0x7ffb40265940) length(80) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | append_symkey_symkey: free key 0x7ffb4025c500 Mar 18 06:34:52: | prf hashed inner:: free key 0x7ffb4025c410 Mar 18 06:34:52: | prf key: free key 0x7ffb4025c5d0 Mar 18 06:34:52: | prf outer hash hash(oakley_md5) symkey(0x7ffb40265940) to bytes Mar 18 06:34:52: | symkey: key(0x7ffb40265940) length(80) type/mechanism(MD5_KEY_DERIVATION 0x00000390) Mar 18 06:34:52: | prf outer hash 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0 Mar 18 06:34:52: | prf outer: free key 0x7ffb40265940 Mar 18 06:34:52: | prf final bytes 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0 Mar 18 06:34:52: | ***emit ISAKMP Hash Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd) Mar 18 06:34:52: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload Mar 18 06:34:52: | HASH_R 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0 Mar 18 06:34:52: | emitting length of ISAKMP Hash Payload: 20 Mar 18 06:34:52: | out_vid(): sending [Dead Peer Detection] Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd) Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Mar 18 06:34:52: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20 Mar 18 06:34:52: | out_vid(): sending [RFC 3947] Mar 18 06:34:52: | ***emit ISAKMP Vendor ID Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_VID (0xd) Mar 18 06:34:52: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Mar 18 06:34:52: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Mar 18 06:34:52: | emitting length of ISAKMP Vendor ID Payload: 20 Mar 18 06:34:52: | sending NAT-D payloads Mar 18 06:34:52: | NAT-T: forceencaps=yes, so mangling hash to force NAT-T detection Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16) Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25 Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10 Mar 18 06:34:52: | natd_hash: ip= 6a dc 0f a2 Mar 18 06:34:52: | natd_hash: port=0 Mar 18 06:34:52: | natd_hash: hash= 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55 43 3c 48 1d Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload Mar 18 06:34:52: | NAT-D 1e 78 b5 53 ce 53 b1 03 33 9e 8e 55 43 3c 48 1d Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20 Mar 18 06:34:52: | natd_hash: hasher=0x7ffb3e2c4140(16) Mar 18 06:34:52: | natd_hash: icookie= 47 2c c4 e4 6e 5c ab 25 Mar 18 06:34:52: | natd_hash: rcookie= 91 3a 72 a7 ff 28 5a 10 Mar 18 06:34:52: | natd_hash: ip= 0a 38 8a 56 Mar 18 06:34:52: | natd_hash: port=0 Mar 18 06:34:52: | natd_hash: hash= b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef Mar 18 06:34:52: | ***emit ISAKMP NAT-D Payload: Mar 18 06:34:52: | next payload type: ISAKMP_NEXT_NONE (0x0) Mar 18 06:34:52: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload Mar 18 06:34:52: | NAT-D b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef Mar 18 06:34:52: | emitting length of ISAKMP NAT-D Payload: 20 Mar 18 06:34:52: | no IKEv1 message padding required Mar 18 06:34:52: | emitting length of ISAKMP Message: 416 Mar 18 06:34:52: | complete v1 state transition with STF_OK Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1 Mar 18 06:34:52: | peer supports dpd Mar 18 06:34:52: | dpd is active locally Mar 18 06:34:52: | parent state #1: STATE_AGGR_R1(open-ike) > STATE_AGGR_R1(open-ike) Mar 18 06:34:52: | ignore states: 0 Mar 18 06:34:52: | half-open-ike states: 0 Mar 18 06:34:52: | open-ike states: 1 Mar 18 06:34:52: | established-anonymous-ike states: 0 Mar 18 06:34:52: | established-authenticated-ike states: 0 Mar 18 06:34:52: | anonymous-ipsec states: 0 Mar 18 06:34:52: | authenticated-ipsec states: 0 Mar 18 06:34:52: | informational states: 0 Mar 18 06:34:52: | unknown states: 0 Mar 18 06:34:52: | category states: 1 count states: 1 Mar 18 06:34:52: | state: #1 requesting EVENT_SO_DISCARD to be deleted Mar 18 06:34:52: | sending reply packet to 106.220.15.162:24836 (from port 500) Mar 18 06:34:52: | sending 416 bytes for STATE_AGGR_R0 through ens32:500 to 106.220.15.162:24836 (using #1) Mar 18 06:34:52: | 47 2c c4 e4 6e 5c ab 25 91 3a 72 a7 ff 28 5a 10 Mar 18 06:34:52: | 01 10 04 00 00 00 00 00 00 00 01 a0 04 00 00 3c Mar 18 06:34:52: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01 Mar 18 06:34:52: | 00 00 00 28 00 01 00 00 80 01 00 07 80 0e 00 80 Mar 18 06:34:52: | 80 02 00 01 80 03 00 01 80 04 00 05 80 0b 00 01 Mar 18 06:34:52: | 00 0c 00 04 00 01 51 80 0a 00 00 c4 38 84 ff 8d Mar 18 06:34:52: | 63 1d 3c 4d 35 7c 71 2b b4 32 45 0b 76 f2 a6 95 Mar 18 06:34:52: | 55 0b 73 52 97 15 61 05 cd 81 6e f2 c6 ed 33 07 Mar 18 06:34:52: | c5 dd c8 4c b7 43 ec 68 da 0d 13 66 12 d1 b9 88 Mar 18 06:34:52: | 1f a0 44 ef 30 d2 8f 40 51 1f f7 82 dc f9 53 2b Mar 18 06:34:52: | d3 da 81 cf 59 cc e3 55 99 02 d6 ad 11 cd 68 a6 Mar 18 06:34:52: | 42 77 50 6f 27 0e 63 ec 58 a8 17 1c a3 5c 2a 07 Mar 18 06:34:52: | c1 34 98 be a6 fa a9 82 fc 80 05 33 88 10 c8 da Mar 18 06:34:52: | 56 e9 a2 ce 19 5e 85 43 00 46 e3 f5 c2 2d 97 46 Mar 18 06:34:52: | 99 3b 58 0a 63 4f 84 72 bb 71 da 1d b1 03 bf e5 Mar 18 06:34:52: | c7 11 52 33 81 db f2 e6 51 ec 02 02 18 81 63 ed Mar 18 06:34:52: | 3a d8 83 09 2e b4 02 fc 00 45 5f 16 48 f7 f1 a8 Mar 18 06:34:52: | c5 f1 de e9 90 7d 48 60 5c 2e 51 2c 05 00 00 14 Mar 18 06:34:52: | 05 4e 6e 0a 0a dc 78 01 b5 60 40 62 9f 07 4e 6c Mar 18 06:34:52: | 08 00 00 0c 01 00 00 00 7d 10 f0 62 0d 00 00 14 Mar 18 06:34:52: | 17 f7 31 ce 4b 53 a9 d7 1f a0 f7 3a b0 33 eb f0 Mar 18 06:34:52: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc Mar 18 06:34:52: | 77 57 01 00 14 00 00 14 4a 13 1c 81 07 03 58 45 Mar 18 06:34:52: | 5c 57 28 f2 0e 95 45 2f 14 00 00 14 1e 78 b5 53 Mar 18 06:34:52: | ce 53 b1 03 33 9e 8e 55 43 3c 48 1d 00 00 00 14 Mar 18 06:34:52: | b4 91 57 b8 2a aa 0d 47 96 90 e7 05 d7 bb 51 ef Mar 18 06:34:52: | event_schedule_ms called for about 500 ms Mar 18 06:34:52: | event_schedule_tv called for about 0 seconds and change Mar 18 06:34:52: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1 Mar 18 06:34:52: "vpnpsk"[1] 106.220.15.162 #1: STATE_AGGR_R1: sent AR1, expecting AI2 Mar 18 06:34:52: | modecfg pull: quirk-poll policy:push not-client Mar 18 06:34:52: | phase 1 is done, looking for phase 2 to unpend Mar 18 06:34:52: packet from <invalid>:24836: ASSERTION FAILED at /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207: dh->pcrc_md != NULL Mar 18 06:34:52: packet from <invalid>:24836: ABORT at /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207 packet from <invalid>:24836: ABORT at /opt/src/libreswan-3.16/programs/pluto/ikev1_aggr.c:207
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
