/testing/guestbin/swan-prep
west #
 # confirm that the network is alive
west #
 ../../guestbin/wait-until-alive -I 192.0.1.254 192.0.2.254
destination -I 192.0.1.254 192.0.2.254 is alive
west #
 # ensure that clear text does not get through
west #
 iptables -A INPUT -i eth1 -s 192.0.2.0/24 -j DROP
west #
 iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT
west #
 # confirm clear text does not get through
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec add west-east
"west-east": added IKEv1 connection
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair revival
west #
 ipsec route west-east
west #
 # Initiate; during IKE_AUTH the child should fail and the connection
west #
 # put on to the revival queue
west #
 ipsec up west-east
"west-east" #1: initiating IKEv1 Main Mode connection
"west-east" #1: sent Main Mode request
"west-east" #1: sent Main Mode I2
"west-east" #1: sent Main Mode I3
"west-east" #1: Peer ID is ID_FQDN: '@east'
"west-east" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
"west-east" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"west-east" #2: sent Quick Mode request
"west-east" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
west #
 # expect the on-demand kernel policy
west #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
west #
 # Trigger an acquire; this fast track the revival using
west #
 # CREATE_CHILD_SA and again it will fail
west #
 ../../guestbin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
down
west #
 ../../guestbin/wait-for-pluto.sh '#3: IMPAIR: revival'
timeout waiting 30 seconds for cat /tmp/pluto.log to match #3: IMPAIR: revival
output: |   a2 20 41 bf  60 3c eb f3  38 c2 94 76                . A.`<..8..v
output: | **parse ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_KE (0x4)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: none (0x0)
output: |    Message ID: 0 (00 00 00 00)
output: |    length: 396 (00 00 01 8c)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
output: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1)
output: | #1 is idle
output: | #1 idle
output: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
output: | ***parse ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
output: |    length: 260 (01 04)
output: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
output: | ***parse ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
output: |    length: 36 (00 24)
output: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
output: | ***parse ISAKMP NAT-D Payload:
output: |    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
output: |    length: 36 (00 24)
output: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
output: | ***parse ISAKMP NAT-D Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 36 (00 24)
output: | message 'main_inR2_outI3' HASH payload not checked early
output: | main_inR2_outI3: delref DH shared secret-key@NULL
output: | main_inR2_outI3: delref skeyid-key@NULL
output: | main_inR2_outI3: delref skeyid_d-key@NULL
output: | main_inR2_outI3: delref skeyid_a-key@NULL
output: | main_inR2_outI3: delref skeyid_e-key@NULL
output: | main_inR2_outI3: delref enc_key-key@NULL
output: | submitting DH shared secret for #1/#1 (main_inR2_outI3() +925 programs/pluto/ikev1_main.c)
output: | struct dh_local_secret: addref @0x7f97e9b59fd8(1->2) (submit_dh_shared_secret() +212 programs/pluto/crypt_dh.c)
output: | job: newref @0x7f97e9b6af98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f97e91f8fc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #1: attach whack fd@0x7f97e9c58fe8 to logger 0x7f97e91f8fc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f97e9c58fe8(2->3) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 2 helper 0 #1 main_inR2_outI3 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f97e91fafa8 timeout in 60 seconds for #1
output: | tt: newref @0x7f97e91fcf68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | complete v1 state transition with STF_SUSPEND
output: | suspend: saving MD@0x7f97e9b5d668 in state #1 (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | struct msg_digest: addref @0x7f97e9b5d668(1->2) (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | #1 is busy; has suspended MD 0x7f97e9b5d668
output: | #1 requesting EVENT_RETRANSMIT-event@0x7f97e9b62fa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f97e9b64f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e9b62fa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 STATE_MAIN_I2: retransmits: cleared
output: | #1 spent 0.429 (2.66) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f97e9b5d668(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 0.894 (8.99) milliseconds in process_iface_packet() reading and processing packet
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): started
output: | newref : g_ir-key@0x7f97e9bcaf80 (256-bytes, CONCATENATE_DATA_AND_BASE)
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): finished
output: | "west-east" #1: spent 1.65 (3.28) milliseconds in job 2 helper 1 #1 main_inR2_outI3 (dh)
output: | scheduling resume sending job back to main thread for #1
output: | tt: newref @0x7f97e91fef68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #1
output: | suspend: restoring MD@0x7f97e9b5d668 from state #1 (resume_handler() +641 programs/pluto/server.c)
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): calling state's callback function
output: | completing DH shared secret for #1/#1
output: | complete_dh_shared_secret: delref st_dh_shared_secret-key@NULL
output: | main_inR2_outI3_continue for #1: calculated DH, sending R1
output: | lsw_get_secret() using IDs for @west->@east of kind SECRET_PSK
output: | line 1: key type SECRET_PSK(@west) to type SECRET_PSK
output: | 1: compared key @west to @west / @east -> 8
output: | 2: compared key @east to @west / @east -> c
output: |   match=c
output: |   match c beats previous best_match 0 match=0x7f97e91ccf68 (line=1)
output: | concluding with best_match=c best=0x7f97e91ccf68 (lineno=1)
output: |     result: newref psk-key@0x7f97e9cc2f80 (52-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
output: |     result: newref psk-key@0x7f97e9d68f80 (36-bytes, SHA256_HMAC)(pre_shared_key_skeyid() +66 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | psk: delref tmp-key@0x7f97e9cc2f80
output: |     result: newref skeyid-key@0x7f97e9cc2f80 (32-bytes, NSS_IKE1_PRF_DERIVE)(pre_shared_key_skeyid() +89 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | SKEYID psk: delref psk-key@0x7f97e9d68f80
output: | NSS: #1 pointers skeyid_d (nil),  skeyid_a (nil),  skeyid_e (nil),  enc_key (nil)
output: |     result: newref skeyid_d-key@0x7f97e9d68f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_d() +121 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref skeyid_a-key@0x7f97e9da8f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_a() +152 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref skeyid_e-key@0x7f97e9bb5f80 (32-bytes, EXTRACT_KEY_FROM_KEY)(skeyid_e() +183 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: |     result: newref keymat_e-key@0x7f97e9cc0f80 (32-bytes, AES_CBC)(appendix_b_keymat_e() +216 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | NSS: #1 pointers skeyid_d 0x7f97e9d68f80,  skeyid_a 0x7f97e9da8f80,  skeyid_e 0x7f97e9bb5f80,  enc_key 0x7f97e9cc0f80
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 0 (00 00 00 00)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | thinking about whether to send my certificate:
output: |   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0 
output: |   sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
output: |   so do not send cert.
output: | I did not send a certificate because digital signatures are not being used. (PSK)
output: |  I am not sending a certificate request
output: | I will NOT send an initial contact payload
output: | init checking NAT-T: global enabled; conn enabled; vid RFC 3947 (NAT-Traversal)
output: | natd_hash: hasher=0x558d812cce20(32)
output: | natd_hash: icookie=
output: |   7c 74 e1 e0  da 5c 55 9e                             |t...\U.
output: | natd_hash: rcookie=
output: |   08 53 6b 66  35 f4 1c 99                             .Skf5...
output: | natd_hash: ip=
output: |   c0 01 02 2d                                          ...-
output: | natd_hash: port=
output: |   01 f4                                                ..
output: | natd_hash: hash=
output: |   79 b9 a4 73  e9 20 fa 4b  c7 1e 4c 6f  eb 7b 54 b1   y..s. .K..Lo.{T.
output: |   ec 7d 5e dd  4b 77 26 64  5e b8 c3 3e  4e cf eb 80   .}^.Kw&d^..>N...
output: | natd_hash: hasher=0x558d812cce20(32)
output: | natd_hash: icookie=
output: |   7c 74 e1 e0  da 5c 55 9e                             |t...\U.
output: | natd_hash: rcookie=
output: |   08 53 6b 66  35 f4 1c 99                             .Skf5...
output: | natd_hash: ip=
output: |   c0 01 02 17                                          ....
output: | natd_hash: port=
output: |   01 f4                                                ..
output: | natd_hash: hash=
output: |   62 da e5 b3  1f 80 a3 68  5c ca d1 dc  de 91 15 7c   b......h\......|
output: |   a7 bc c0 ac  a2 20 41 bf  60 3c eb f3  38 c2 94 76   ..... A.`<..8..v
output: | expected NAT-D(local):
output: |   79 b9 a4 73  e9 20 fa 4b  c7 1e 4c 6f  eb 7b 54 b1   y..s. .K..Lo.{T.
output: |   ec 7d 5e dd  4b 77 26 64  5e b8 c3 3e  4e cf eb 80   .}^.Kw&d^..>N...
output: | expected NAT-D(remote):
output: |   62 da e5 b3  1f 80 a3 68  5c ca d1 dc  de 91 15 7c   b......h\......|
output: |   a7 bc c0 ac  a2 20 41 bf  60 3c eb f3  38 c2 94 76   ..... A.`<..8..v
output: | received NAT-D:
output: |   79 b9 a4 73  e9 20 fa 4b  c7 1e 4c 6f  eb 7b 54 b1   y..s. .K..Lo.{T.
output: |   ec 7d 5e dd  4b 77 26 64  5e b8 c3 3e  4e cf eb 80   .}^.Kw&d^..>N...
output: | received NAT-D:
output: |   62 da e5 b3  1f 80 a3 68  5c ca d1 dc  de 91 15 7c   b......h\......|
output: |   a7 bc c0 ac  a2 20 41 bf  60 3c eb f3  38 c2 94 76   ..... A.`<..8..v
output: | NAT_TRAVERSAL encaps using auto-detect
output: | NAT_TRAVERSAL this end is NOT behind NAT
output: | NAT_TRAVERSAL that end is NOT behind NAT
output: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23:500
output: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
output: |  NAT_T_WITH_KA detected
output: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_FQDN (0x2)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
output: | my identity: 77 65 73 74
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
output: |     result: newref clone-key@0x7f97e920ff80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | main mode: delref clone-key@0x7f97e920ff80
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 raw bytes of HASH_I into ISAKMP Hash Payload
output: |   18 51 60 41  00 8a 84 48  00 a8 89 9d  4d 55 ce 6c   .Q`A...H....MU.l
output: |   28 be 08 66  b2 86 a0 cd  d1 b4 b2 b3  7e 35 b1 63   (..f........~5.c
output: | emitting length of ISAKMP Hash Payload: 36
output: | Not sending INITIAL_CONTACT
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 76
output: | job 2 helper 1 #1 main_inR2_outI3 (dh): final status STF_OK; cleaning up
output: | delref @0x7f97e9b59fd8(2->1) (cleanup_dh_shared_secret() +170 programs/pluto/crypt_dh.c)
output: | DH: delref secret-key@NULL
output: | "west-east" #1: detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e91f8fc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f97e9c58fe8(3->2) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f97e91f8fc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f97e9b6af98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | complete v1 state transition with STF_OK
output: | #1 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA)
output: | #1 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f97e91fcf68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e91fafa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #1 STATE_MAIN_I3: retransmits: cleared
output: | sending 76 bytes for main_inR2_outI3 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1)
output: |   7c 74 e1 e0  da 5c 55 9e  08 53 6b 66  35 f4 1c 99   |t...\U..Skf5...
output: |   05 10 02 01  00 00 00 00  00 00 00 4c  e1 24 48 e7   ...........L.$H.
output: |   7f b9 16 3c  a1 b5 2d 3d  fa 39 8c d3  6d 60 2e 36   ...<..-=.9..m`.6
output: |   8e 1f c8 a1  24 7d e7 2a  b0 5f 02 71  96 09 59 67   ....$}.*._.q..Yg
output: |   9f f0 0e 9a  6d 81 ec 59  a0 6e f2 8a                ....m..Y.n..
output: | event_schedule_where: newref EVENT_RETRANSMIT-pe@0x7f97e921cfa8 timeout in 60 seconds for #1
output: | tt: newref @0x7f97e9b66f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11.255499
output: "west-east" #1: sent Main Mode I3
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | packet from 192.1.2.23:500: delref @0x7f97e9b5d668(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
output: | logger: delref @0x7f97e9c5afc8(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | delref @0x7f97e9c5ef38(3->2) (resume_handler() +687 programs/pluto/server.c)
output: | #1 spent 3.92 (17.2) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f97e91fef68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | spent 0.00109 (0.00108) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
output: | struct msg_digest: newref @0x7f97e9b5d7a8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | struct iface_endpoint: addref @0x7f97e9c5ef38(2->3) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | alloc logger: newref @0x7f97e9c5afc8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | *received 76 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP
output: |   7c 74 e1 e0  da 5c 55 9e  08 53 6b 66  35 f4 1c 99   |t...\U..Skf5...
output: |   05 10 02 01  00 00 00 00  00 00 00 4c  c1 cb 8c 3e   ...........L...>
output: |   35 24 89 fc  2c 64 cb cd  87 50 b7 f1  07 ea 65 1c   5$..,d...P....e.
output: |   df 50 82 88  d6 82 40 f5  72 65 5f ed  ec bb 1a 70   .P....@.re_....p
output: |   4a 51 6e 29  8b 19 e3 6b  f0 d9 26 77                JQn)...k..&w
output: | **parse ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_IDPROT (0x2)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 0 (00 00 00 00)
output: |    length: 76 (00 00 00 4c)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
output: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1)
output: | #1 is idle
output: | #1 idle
output: | received encrypted packet from 192.1.2.23:500
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
output: | ***parse ISAKMP Identification Payload:
output: |    next payload type: ISAKMP_NEXT_HASH (0x8)
output: |    length: 12 (00 0c)
output: |    ID type: ID_FQDN (0x2)
output: |    DOI specific A: 0 (00)
output: |    DOI specific B: 0 (00 00)
output: |      obj: 
output: |   65 61 73 74                                          east
output: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
output: | ***parse ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 36 (00 24)
output: | message 'main_inR3' HASH payload not checked early
output: "west-east" #1: Peer ID is ID_FQDN: '@east'
output: | rhc: peer ID matches and no certificate payload - continuing with peer ID @east
output: |     result: newref clone-key@0x7f97e920ff80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | main mode: delref clone-key@0x7f97e920ff80
output: | received message HASH_R data ok
output: | authentication succeeded
output: | wipe_old_connections() contemplating releasing older self
output: | FOR_EACH_CONNECTION[that_id_eq=@east].... in (wipe_old_connections() +2160 programs/pluto/state.c)
output: |   found "west-east"
output: |   matches: 1
output: | "west-east": addref @0x7f97e9c50a78(3->4) "west-east" #1:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #1: routing: start ESTABLISH_IKE, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I3) by=PEER; $1@0x7f97e9c50a78; routing_sa #1 negotiating_ike_sa #1 (ISAKMP_SA_established() +3023 programs/pluto/ikev1.c)
output: | "west-east" #1: routing: stop ESTABLISH_IKE, ROUTED_NEGOTIATION, PERMANENT; ok=yes; routing_sa #1 negotiating_ike_sa #1 established_ike_sa #0->#1 (ISAKMP_SA_established() +3023 programs/pluto/ikev1.c)
output: | "west-east": delref @0x7f97e9c50a78(4->3) "west-east" #1:  (dispatch() +2450 programs/pluto/routing.c)
output: | complete v1 state transition with STF_OK
output: | #1 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA)
output: | #1 requesting EVENT_RETRANSMIT-event@0x7f97e921cfa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f97e9b66f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e921cfa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #1 STATE_MAIN_I4: retransmits: cleared
output: | event_schedule_where: newref EVENT_v1_REPLACE-pe@0x7f97e9b57fa8 timeout in 27818 seconds for #1
output: | tt: newref @0x7f97e9b60f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | pstats #1 ikev1.isakmp established
output: "west-east" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
output: | "west-east" #1: DPD: dpd_init() called on ISAKMP SA
output: | "west-east" #1: DPD: Peer supports Dead Peer Detection
output: | "west-east" #1: DPD: not initializing DPD because DPD is disabled locally
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | pending: unpending state 0x7f97e91e0348 #1 pending 0x7f97e91e4fa8
output: | pending: unpend() ike 0x7f97e91e0348 pending 0x7f97e91e4fa8 connection 0x7f97e9c50a78 ike 0x7f97e91e0348
output: | struct fd: addref @0x7f97e9c58fe8(2->3) (unpend() +325 programs/pluto/pending.c)
output: | "west-east": attach whack fd@0x7f97e9c58fe8 to empty logger 0x7f97e91c0fc8 slot 0
output: | struct iface_endpoint: addref @0x7f97e9c5ef38(3->4) (duplicate_state() +1198 programs/pluto/state.c)
output: | alloc logger: newref @0x7f97e9b66fc8(0->1) (duplicate_state() +1206 programs/pluto/state.c)
output: | struct fd: addref @0x7f97e9c58fe8(3->4) (new_state() +482 programs/pluto/state.c)
output: |  #0: attach whack fd@0x7f97e9c58fe8 to empty logger 0x7f97e9b66fc8 slot 0
output: | "west-east": addref @0x7f97e9c50a78(3->4)  #2:  (new_state() +491 programs/pluto/state.c)
output: | creating state object #2 at 0x7f97e921c348
output: | pstats #2 ikev1.ipsec started
output: | duplicating state object #1 "west-east" as #2 for IPSEC SA
output: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (duplicate_state() +1220 programs/pluto/state.c)
output: | duplicate_state: addref st_skeyid_nss-key@0x7f97e9cc2f80
output: | duplicate_state: addref st_skey_d_nss-key@0x7f97e9d68f80
output: | duplicate_state: addref st_skey_ai_nss-key@0x7f97e9da8f80
output: | duplicate_state: addref st_skey_ar_nss-key@NULL
output: | duplicate_state: addref st_skey_ei_nss-key@0x7f97e9bb5f80
output: | duplicate_state: addref st_skey_er_nss-key@NULL
output: | duplicate_state: addref st_skey_pi_nss-key@NULL
output: | duplicate_state: addref st_skey_pr_nss-key@NULL
output: | duplicate_state: addref st_enc_key_nss-key@0x7f97e9cc0f80
output: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA)
output: "west-east" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
output: | job: newref @0x7f97e91f8f98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f97e91fcfc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #2: attach whack fd@0x7f97e9c58fe8 to logger 0x7f97e91fcfc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f97e9c58fe8(4->5) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 3 helper 0 #2 quick_outI1 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f97e91fefa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f97e9252f68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | "west-east": addref @0x7f97e9c50a78(4->5) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start INITIATED, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PENDING; $1@0x7f97e9c50a78; routing_sa #1 negotiating_ike_sa #1 established_ike_sa #1 (unpend() +332 programs/pluto/pending.c)
output: | "west-east" #2: routing:   Child SA's IKE SA matches .routing_sa
output: | "west-east" #2: routing: stop INITIATED, ROUTED_NEGOTIATION, PERMANENT; ok=yes; routing_sa #1->#2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #0->#2 (unpend() +332 programs/pluto/pending.c)
output: | "west-east": delref @0x7f97e9c50a78(5->4) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | "west-east": detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e91c0fc8 slot 0 (unpend() +333 programs/pluto/pending.c)
output: | delref @0x7f97e9c58fe8(5->4) (unpend() +333 programs/pluto/pending.c)
output: | pending: unqueuing pending [0x7f97e91e4fa8] Quick Mode connection "west-east" [0x7f97e9c50a78]
output: | "west-east": delref @0x7f97e9c50a78(4->3)  (delete_pending() +262 programs/pluto/pending.c)
output: | "west-east": detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e91e8fc8 slot 0 (delete_pending() +263 programs/pluto/pending.c)
output: | delref @0x7f97e9c58fe8(4->3) (delete_pending() +263 programs/pluto/pending.c)
output: | logger: delref @0x7f97e91e8fc8(1->0) (delete_pending() +263 programs/pluto/pending.c)
output: | "west-east" #1: detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e91e2fc8 slot 0 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | delref @0x7f97e9c58fe8(3->2) (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | #1 spent 1.6 (14.1) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f97e9b5d7a8(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (process_iface_packet() +296 programs/pluto/demux.c)
output: | logger: delref @0x7f97e9c5afc8(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
output: | delref @0x7f97e9c5ef38(4->3) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 2.34 (18.9) milliseconds in process_iface_packet() reading and processing packet
output: | job 3 helper 1 #2 quick_outI1 (dh): started
output: | struct dh_local_secret: newref @0x7f97e9c5afd8(0->1) (calc_dh_local_secret() +85 programs/pluto/crypt_dh.c)
output: | job 3 helper 1 #2 quick_outI1 (dh): finished
output: | "west-east" #2: spent 3.47 (5.98) milliseconds in job 3 helper 1 #2 quick_outI1 (dh)
output: | scheduling resume sending job back to main thread for #2
output: | tt: newref @0x7f97e927ff68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | libevent: delref @0x7f97e9d4efb8(1->0) (libevent_realloc() +965 programs/pluto/server.c)
output: | libevent: newref @0x7f97e9281f78(0->1) (libevent_realloc() +969 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #2
output: | suspend: no MD saved in state #2 (resume_handler() +641 programs/pluto/server.c)
output: | job 3 helper 1 #2 quick_outI1 (dh): calling state's callback function
output: | quick_outI1_continue for #2: calculated ke+nonce, sending I1
output: | quick_outI1_continue for #2: calculated ke+nonce, sending I1
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 4119351199 (f5 88 4f 9f)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
output: | emitting length of ISAKMP Hash Payload: 36
output: | emitting quick defaults using policy: encrypt
output: | empty esp_info, returning defaults for: encrypt
output: | sadb: newref @0x7f97e9d4efe8(0->1) (v1_kernel_alg_makedb() +445 programs/pluto/ikev1_spdb_struct.c)
output: | ***emit ISAKMP Security Association Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    DOI: ISAKMP_DOI_IPSEC (0x1)
output: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
output: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
output: | ****emit IPsec DOI SIT:
output: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
output: | ikev1_out_sa() pcn: 0 has 1 valid proposals
output: | ikev1_out_sa() pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2
output: | ****emit ISAKMP Proposal Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    proposal number: 0 (00)
output: |    protocol ID: PROTO_IPSEC_ESP (0x3)
output: |    SPI size: 4 (04)
output: |    number of transforms: 2 (02)
output: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
output: | "west-east" #2: routing:  kernel_ops_get_ipsec_spi() 192.1.2.23-ESP->192.1.2.45 reqid=4005 [1000,ffffffff] for SPI ...
output: | sendrecv_xfrm_msg() sending 22 Get SPI SPI
output: | sendrecv_xfrm_msg() recvfrom() returned 256 bytes
output: | "west-east" #2: routing:   ... allocated fe237aa7 for SPI
output: | emitting 4 raw bytes of SPI SPISPI ISAKMP Proposal Payload
output: | SPI: fe 23 7a a7
output: | *****emit ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_T (0x3)
output: |    ESP transform number: 0 (00)
output: |    ESP transform ID: ESP_AES (0xc)
output: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |     [14 is OAKLEY_GROUP_MODP2048]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |     [1 is ENCAPSULATION_MODE_TUNNEL]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |     [1 is SA_LIFE_TYPE_SECONDS]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |     [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+KEY_LENGTH (0x8006)
output: |    length/value: 128 (00 80)
output: | emitting length of ISAKMP Transform Payload (ESP): 32
output: | *****emit ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ESP transform number: 1 (01)
output: |    ESP transform ID: ESP_3DES (0x3)
output: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' containing ISAKMP_NEXT_T (0x3) is ISAKMP_NEXT_T (0x3)
output: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |     [14 is OAKLEY_GROUP_MODP2048]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |     [1 is ENCAPSULATION_MODE_TUNNEL]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |     [1 is SA_LIFE_TYPE_SECONDS]
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: | ******emit ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |     [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | emitting length of ISAKMP Transform Payload (ESP): 28
output: | emitting length of ISAKMP Proposal Payload: 72
output: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
output: | emitting length of ISAKMP Security Association Payload: 84
output: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
output: | sadb: delref @0x7f97e9d4efe8(1->0) (free_sa() +857 programs/pluto/ikev1_spdb.c)
output: | ***emit ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
output: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
output: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
output: |   50 d7 d8 f1  10 25 e9 59  2b 3e 41 7c  3c dc 6c 79   P....%.Y+>A|<.ly
output: |   bc de 70 0e  1a a6 7b e4  dd 3a 16 90  fc b7 7f 5d   ..p...{..:.....]
output: | emitting length of ISAKMP Nonce Payload: 36
output: | struct dh_local_secret: addref @0x7f97e9c5afd8(1->2) (unpack_KE_from_helper() +155 programs/pluto/crypt_ke.c)
output: | ***emit ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
output: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
output: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
output: |   c9 41 03 d8  89 f4 2f 3a  73 f7 2e ff  1f a7 b5 5b   .A..../:s......[
output: |   57 0a dc 41  ff 57 d8 34  cf 15 58 53  db 6f 6b 8f   W..A.W.4..XS.ok.
output: |   5f 70 d1 96  78 05 a3 e8  29 ec 4a ed  54 4c 1d 98   _p..x...).J.TL..
output: |   d2 03 a1 84  12 fb b6 c2  b4 02 0a cb  fa 01 d6 a4   ................
output: |   25 84 78 fa  7e fa e5 44  71 b4 35 67  35 f9 01 fa   %.x.~..Dq.5g5...
output: |   6d ab ab 1a  21 72 c0 78  25 d3 08 cd  d7 e7 2e cc   m...!r.x%.......
output: |   2d 71 9f 82  b9 fd ca 8d  a6 50 2e 2e  1b 88 fe 5e   -q.......P.....^
output: |   15 bb 46 66  9c a8 bb 9a  2a d1 14 1f  0d b3 b5 31   ..Ff....*......1
output: |   f2 a8 ee 10  ef 07 b1 c1  c1 51 de d2  c2 b5 75 21   .........Q....u!
output: |   5f bc db 3d  03 94 73 c3  ec 78 f1 a7  2a 6e 9e 51   _..=..s..x..*n.Q
output: |   9c 7e 44 42  72 e0 4f ad  00 ec 7c 1c  76 f2 3b fe   .~DBr.O...|.v.;.
output: |   8c 7e 0c f3  fe 3a 15 87  c7 61 49 ba  50 c1 25 a9   .~...:...aI.P.%.
output: |   93 33 ea 5e  42 c1 73 1e  f0 22 00 28  fd 36 ba 8b   .3.^B.s..".(.6..
output: |   50 53 d7 53  a6 90 ad af  fb 7e d0 93  ef d4 28 26   PS.S.....~....(&
output: |   4f bd 99 89  b5 26 13 da  4f c0 5d f5  af 56 8e 17   O....&..O.]..V..
output: |   68 31 e8 46  cc 7c 34 6c  b7 5c 52 2d  72 f5 7f 55   h1.F.|4l.\R-r..U
output: | emitting length of ISAKMP Key Exchange Payload: 260
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
output: | client network: c0 00 01 00
output: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
output: | client mask: ff ff ff 00
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
output: | ***emit ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
output: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
output: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
output: | client network: c0 00 02 00
output: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
output: | client mask: ff ff ff 00
output: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
output: |     result: newref clone-key@0x7f97e920ff80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(1): delref clone-key@0x7f97e920ff80
output: | outI1 HASH(1):
output: |   f0 1e 11 96  56 74 45 50  31 91 d5 da  ef 18 c2 13   ....VtEP1.......
output: |   86 fb 5b 87  4a 26 0d 49  b3 b6 42 66  11 a8 b2 f0   ..[.J&.I..Bf....
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 476
output: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #2)
output: |   7c 74 e1 e0  da 5c 55 9e  08 53 6b 66  35 f4 1c 99   |t...\U..Skf5...
output: |   08 10 20 01  f5 88 4f 9f  00 00 01 dc  85 66 2b e8   .. ...O......f+.
output: |   3c f1 3c 0d  b0 db 85 4e  e8 d0 59 07  3a fa bb ea   <.<....N..Y.:...
output: |   a7 d3 ae dd  8b 63 a3 1c  42 88 d3 4c  68 65 80 97   .....c..B..Lhe..
output: |   b5 99 c4 47  73 42 16 60  29 84 2b cf  b3 89 9a 74   ...GsB.`).+....t
output: |   1b c2 5a 76  94 19 f8 7f  62 e8 bd 9a  69 00 e0 fb   ..Zv....b...i...
output: |   73 be ee d3  7d bf 7b f7  ca 74 e9 34  6b f5 29 3d   s...}.{..t.4k.)=
output: |   a9 46 e2 9a  87 52 fa ee  8b 67 10 79  41 f3 f7 84   .F...R...g.yA...
output: |   7d fa d2 fd  72 00 1a 7d  04 32 9c 0e  dc 82 8a e5   }...r..}.2......
output: |   b9 79 dd 5a  b7 63 d0 6a  0a 08 57 11  ff 8d a3 ac   .y.Z.c.j..W.....
output: |   e9 c1 93 3c  b5 96 1b 19  e5 8c 24 2a  f8 cc 1b 48   ...<......$*...H
output: |   47 e2 cb 4b  83 a7 bd 6e  f8 cf ea d9  78 f7 94 07   G..K...n....x...
output: |   d6 2a c6 96  12 57 cc 55  27 08 7c e2  d8 4b e0 66   .*...W.U'.|..K.f
output: |   cb 81 a7 b2  12 9a 80 3d  b8 1f e8 3a  02 28 22 51   .......=...:.("Q
output: |   d6 4c 0f ab  02 b0 7e d2  f2 cd 86 c2  a0 40 82 b0   .L....~......@..
output: |   e3 c0 8f 9b  c5 2f 3e 7c  74 e7 c6 b2  a1 e1 58 27   ...../>|t.....X'
output: |   65 08 53 76  9a 07 71 14  65 e5 6f 3d  81 b7 b1 a1   e.Sv..q.e.o=....
output: |   fa 0a 15 c0  48 ef de 1a  c5 0d 9a 2a  d3 7c 40 5d   ....H......*.|@]
output: |   d9 78 8e 9a  d6 7a 70 7b  d2 13 d6 40  a4 16 13 44   .x...zp{...@...D
output: |   7d 40 98 63  58 85 7d 7d  f9 f2 c8 3f  3f 72 e8 df   }@.cX.}}...??r..
output: |   1d 50 0a 32  a6 a5 bc 08  e2 d5 33 e1  aa 6d 7c 04   .P.2......3..m|.
output: |   47 69 a6 ea  dd 8b a8 61  02 d0 6f 6a  92 46 1f 7b   Gi.....a..oj.F.{
output: |   33 4a a4 d8  ff c9 42 7a  41 99 f9 9f  42 6e 33 5d   3J....BzA...Bn3]
output: |   22 9d 85 8c  bb cf 98 86  f6 16 b5 5b  1d 3e 38 0a   "..........[.>8.
output: |   4a 9c ce 3d  02 50 fb 9e  93 97 a5 b0  f0 41 ac 92   J..=.P.......A..
output: |   ad 11 82 be  b9 25 ae 25  e3 84 d4 c8  08 0b 53 c5   .....%.%......S.
output: |   89 de 07 a4  4b f2 d5 ab  50 cd 65 f2  82 5f 66 16   ....K...P.e.._f.
output: |   1e 23 42 84  2b 61 c8 f1  36 41 47 67  31 b9 d2 51   .#B.+a..6AGg1..Q
output: |   19 4c f0 fd  7e 4e 2c a2  7b cd 3f a0  63 ad ad e9   .L..~N,.{.?.c...
output: |   ed d6 44 19  84 a8 9f 74  3f 2c 2f 80                ..D....t?,/.
output: | #2 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f97e9252f68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e91fefa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #2 STATE_QUICK_I1: retransmits: cleared
output: | event_schedule_where: newref EVENT_RETRANSMIT-pe@0x7f97e9252fa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f97e91fef68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | #2 STATE_QUICK_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11.314219
output: "west-east" #2: sent Quick Mode request
output: | job 3 helper 1 #2 quick_outI1 (dh): final status STF_SKIP_COMPLETE_STATE_TRANSITION; cleaning up
output: | delref @0x7f97e9c5afd8(2->1) (cleanup_ke_and_nonce() +83 programs/pluto/crypt_ke.c)
output: | "west-east" #2: detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e91fcfc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f97e9c58fe8(2->1) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f97e91fcfc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f97e91f8f98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | resume sending job back to main thread for #2 suppressed complete_v1_state_transition()
output: | #2 spent 1.9 (22.2) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f97e927ff68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | spent 0.00118 (0.00332) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
output: | struct msg_digest: newref @0x7f97e927d628(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | struct iface_endpoint: addref @0x7f97e9c5ef38(3->4) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | alloc logger: newref @0x7f97e91f6fc8(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
output: | *received 460 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP
output: |   7c 74 e1 e0  da 5c 55 9e  08 53 6b 66  35 f4 1c 99   |t...\U..Skf5...
output: |   08 10 20 01  f5 88 4f 9f  00 00 01 cc  7d 1f 8f 66   .. ...O.....}..f
output: |   94 b8 d6 96  99 10 fd a2  2d b3 c8 ca  cf 36 d1 02   ........-....6..
output: |   1e ab 4e c9  08 33 71 75  89 4b 94 31  41 11 72 8e   ..N..3qu.K.1A.r.
output: |   f2 1d 7f cf  8d e6 ad 4c  c3 30 58 f5  c0 94 75 63   .......L.0X...uc
output: |   f5 91 23 29  9a 12 81 9c  f4 93 b9 8e  a5 8d 10 40   ..#)...........@
output: |   53 04 17 ea  27 56 be f7  97 13 d0 cc  81 0c 6c 1c   S...'V........l.
output: |   a2 6d d1 b7  50 ad ca f4  80 43 c1 0c  c9 a6 8e 4f   .m..P....C.....O
output: |   a5 2c d8 42  01 b9 e7 8e  83 34 e5 af  b6 97 9e af   .,.B.....4......
output: |   67 d3 d7 b3  11 6e 21 1b  06 e9 3d cf  68 27 27 90   g....n!...=.h''.
output: |   08 8c bc 1d  01 68 f1 0b  e9 15 05 75  4c 64 ac 6e   .....h.....uLd.n
output: |   a4 17 f6 e4  d2 38 82 2c  bb 6e 0c 73  a6 a5 02 65   .....8.,.n.s...e
output: |   22 19 37 2a  bb 03 96 cd  31 03 43 c0  33 1c 78 ca   ".7*....1.C.3.x.
output: |   0e f8 3b ab  db a9 90 7f  9d b6 29 8c  8e a4 6e 07   ..;.......)...n.
output: |   c3 eb fd e8  19 42 c4 dc  50 4a f8 d9  87 45 66 7b   .....B..PJ...Ef{
output: |   f3 08 df 8e  8e 4d 5e be  77 24 88 97  ef cf 24 d9   .....M^.w$....$.
output: |   f9 33 55 30  33 d5 79 1e  c1 c6 74 22  0a 65 ad 13   .3U03.y...t".e..
output: |   66 90 db ee  e7 46 72 d8  f5 06 78 63  fd e5 1a c8   f....Fr...xc....
output: |   1a 64 df 16  c7 02 45 f6  4e 29 8e 6e  88 ca 75 0d   .d....E.N).n..u.
output: |   53 76 08 d7  63 69 3c ad  3c 6c 4f 09  da e8 81 a2   Sv..ci<.<lO.....
output: |   28 a1 fa 10  9a 60 a9 7e  02 2d 43 27  48 7b 75 5b   (....`.~.-C'H{u[
output: |   11 4b d7 ff  ec 65 d2 12  88 db 61 47  5f de 03 95   .K...e....aG_...
output: |   ad 7d 66 73  d1 f3 e5 e7  43 f4 a9 03  10 5e 2e 46   .}fs....C....^.F
output: |   8c 62 ea 19  01 92 7e 40  63 76 88 bd  c1 4d 95 a1   .b....~@cv...M..
output: |   28 44 43 9e  88 65 8d 7f  8c 9a 89 44  4c d2 10 48   (DC..e.....DL..H
output: |   db 75 8e 54  e7 46 af 85  f5 69 14 6d  da 62 c6 47   .u.T.F...i.m.b.G
output: |   73 85 8e ce  26 f5 11 c6  af 88 cd 70  41 29 77 8b   s...&......pA)w.
output: |   f9 e0 51 fc  8a 65 ca 7e  3d 1f 49 6f  d2 63 f9 81   ..Q..e.~=.Io.c..
output: |   8a 39 64 95  4f 47 09 5a  3b 18 10 da                .9d.OG.Z;...
output: | **parse ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_HASH (0x8)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 4119351199 (f5 88 4f 9f)
output: |    length: 460 (00 00 01 cc)
output: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
output: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1)
output: | #2 is idle
output: | #2 idle
output: | received encrypted packet from 192.1.2.23:500
output: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
output: | ***parse ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_SA (0x1)
output: |    length: 36 (00 24)
output: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
output: | ***parse ISAKMP Security Association Payload:
output: |    next payload type: ISAKMP_NEXT_NONCE (0xa)
output: |    length: 56 (00 38)
output: |    DOI: ISAKMP_DOI_IPSEC (0x1)
output: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
output: | ***parse ISAKMP Nonce Payload:
output: |    next payload type: ISAKMP_NEXT_KE (0x4)
output: |    length: 36 (00 24)
output: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Key Exchange Payload:
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    length: 260 (01 04)
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_ID (0x5)
output: |    length: 16 (00 10)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: |      obj: 
output: |   c0 00 01 00  ff ff ff 00                             ........
output: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
output: | ***parse ISAKMP Identification Payload (IPsec DOI):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 16 (00 10)
output: |    ID type: ID_IPV4_ADDR_SUBNET (0x4)
output: |    Protocol ID: ALL (0x0)
output: |    port: 0 (00 00)
output: |      obj: 
output: |   c0 00 02 00  ff ff ff 00                             ........
output: | removing 12 bytes of padding
output: |     result: newref clone-key@0x7f97e920ff80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(2): delref clone-key@0x7f97e920ff80
output: | quick_inR1_outI2 HASH(2):
output: |   64 17 5d bf  52 1e a3 31  84 aa 68 27  c1 11 f7 7d   d.].R..1..h'...}
output: |   02 61 a5 a7  f9 2b 3e 10  1a fc 1c 7e  df 0f 04 f1   .a...+>....~....
output: | received 'quick_inR1_outI2' message HASH(2) data ok
output: | ****parse IPsec DOI SIT:
output: |    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
output: | ****parse ISAKMP Proposal Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 44 (00 2c)
output: |    proposal number: 0 (00)
output: |    protocol ID: PROTO_IPSEC_ESP (0x3)
output: |    SPI size: 4 (04)
output: |    number of transforms: 1 (01)
output: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
output: |   d4 ef b6 be                                          ....
output: | *****parse ISAKMP Transform Payload (ESP):
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    length: 32 (00 20)
output: |    ESP transform number: 0 (00)
output: |    ESP transform ID: ESP_AES (0xc)
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+GROUP_DESCRIPTION (0x8003)
output: |    length/value: 14 (00 0e)
output: |    [14 is OAKLEY_GROUP_MODP2048]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+ENCAPSULATION_MODE (0x8004)
output: |    length/value: 1 (00 01)
output: |    [1 is ENCAPSULATION_MODE_TUNNEL]
output: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_TYPE (0x8001)
output: |    length/value: 1 (00 01)
output: |    [1 is SA_LIFE_TYPE_SECONDS]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
output: |    length/value: 28800 (70 80)
output: |    basic duration: 28800 (TV)
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+AUTH_ALGORITHM (0x8005)
output: |    length/value: 2 (00 02)
output: |    [2 is AUTH_ALGORITHM_HMAC_SHA1]
output: | ******parse ISAKMP IPsec DOI attribute:
output: |    af+type: AF+KEY_LENGTH (0x8006)
output: |    length/value: 128 (00 80)
output: | ESP IPsec Transform verified unconditionally; no alg_info to check against
output: | submitting DH shared secret for #2/#2 (quick_inR1_outI2() +1615 programs/pluto/ikev1_quick.c)
output: | struct dh_local_secret: addref @0x7f97e9c5afd8(1->2) (submit_dh_shared_secret() +212 programs/pluto/crypt_dh.c)
output: | job: newref @0x7f97e9285f98(0->1) (submit_task() +331 programs/pluto/server_pool.c)
output: | clone logger: newref @0x7f97e9289fc8(0->1) (submit_task() +358 programs/pluto/server_pool.c)
output: | "west-east" #2: attach whack fd@0x7f97e9c58fe8 to logger 0x7f97e9289fc8 slot 0 (submit_task() +358 programs/pluto/server_pool.c)
output: | struct fd: addref @0x7f97e9c58fe8(1->2) (submit_task() +358 programs/pluto/server_pool.c)
output: | job 4 helper 0 #2 quick_inR1_outI2 (dh): added to pending queue
output: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x7f97e928bfa8 timeout in 60 seconds for #2
output: | tt: newref @0x7f97e928df68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | complete v1 state transition with STF_SUSPEND
output: | suspend: saving MD@0x7f97e927d628 in state #2 (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | struct msg_digest: addref @0x7f97e927d628(1->2) (complete_v1_state_transition() +2417 programs/pluto/ikev1.c)
output: | #2 is busy; has suspended MD 0x7f97e927d628
output: | #2 requesting EVENT_RETRANSMIT-event@0x7f97e9252fa8 be deleted (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #2 deleting EVENT_RETRANSMIT
output: | tt: delref @0x7f97e91fef68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e9252fa8(1->0) (clear_retransmits() +108 programs/pluto/retransmit.c)
output: | #2 STATE_QUICK_I1: retransmits: cleared
output: | #2 spent 0.72 (6.11) milliseconds in process_packet_tail()
output: | IKEv1 packet dropped
output: | packet from 192.1.2.23:500: delref @0x7f97e927d628(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
output: | spent 2.36 (16.4) milliseconds in process_iface_packet() reading and processing packet
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): started
output: | newref : g_ir-key@0x7f97e920ff80 (256-bytes, CONCATENATE_DATA_AND_BASE)
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): finished
output: | "west-east" #2: spent 1.72 (3.31) milliseconds in job 4 helper 1 #2 quick_inR1_outI2 (dh)
output: | scheduling resume sending job back to main thread for #2
output: | tt: newref @0x7f97e928ff68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | helper 1: waiting for work
output: | processing resume sending job back to main thread for #2
output: | suspend: restoring MD@0x7f97e927d628 from state #2 (resume_handler() +641 programs/pluto/server.c)
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): calling state's callback function
output: | completing DH shared secret for #2/#2
output: | complete_dh_shared_secret: delref st_dh_shared_secret-key@NULL
output: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH
output: | opening output PBS reply packet
output: | **emit ISAKMP Message:
output: |    initiator SPI: 7c 74 e1 e0  da 5c 55 9e
output: |    responder SPI: 08 53 6b 66  35 f4 1c 99
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: |    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
output: |    exchange type: ISAKMP_XCHG_QUICK (0x20)
output: |    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
output: |    Message ID: 4119351199 (f5 88 4f 9f)
output: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
output: |   c0 00 01 00                                          ....
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask
output: |   ff ff ff 00                                          ....
output: | our client is subnet 192.0.1.0/24
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
output: |   c0 00 02 00                                          ....
output: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask
output: |   ff ff ff 00                                          ....
output: | peer client is subnet 192.0.2.0/24
output: | ***emit ISAKMP Hash Payload:
output: |    next payload type: ISAKMP_NEXT_NONE (0x0)
output: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
output: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
output: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
output: | emitting length of ISAKMP Hash Payload: 36
output: |     result: newref clone-key@0x7f97e9291f80 (32-bytes, SHA256_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
output: | HASH(3): delref clone-key@0x7f97e9291f80
output: | quick_inR1_outI2 HASH(3):
output: |   91 c8 4b df  c3 9f 61 41  e9 17 eb 4f  20 c4 a1 b7   ..K...aA...O ...
output: |   1d bf a4 e2  97 d8 8a 1f  bb 4b 1f b2  e2 92 53 c7   .........K....S.
output: | compute_proto_keymat: needed_len (after ESP enc)=16
output: | compute_proto_keymat: needed_len (after ESP auth)=36
output: |     result: newref section_5_keymat-key@0x7f97e9291f80 (36-bytes, EXTRACT_KEY_FROM_KEY)(section_5_keymat() +290 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | section 5 keymat: newref slot-key@0x7f97e9cdcf80 (36-bytes, EXTRACT_KEY_FROM_KEY)
output: | section 5 keymat: delref slot-key-key@0x7f97e9cdcf80
output: | section 5 keymat: delref keymat-key@0x7f97e9291f80
output: |     result: newref section_5_keymat-key@0x7f97e9291f80 (36-bytes, EXTRACT_KEY_FROM_KEY)(section_5_keymat() +290 lib/libswan/ike_alg_prf_ikev1_nss_ops.c)
output: | section 5 keymat: newref slot-key@0x7f97e9cdcf80 (36-bytes, EXTRACT_KEY_FROM_KEY)
output: | section 5 keymat: delref slot-key-key@0x7f97e9cdcf80
output: | section 5 keymat: delref keymat-key@0x7f97e9291f80
output: | "west-east": addref @0x7f97e9c50a78(3->4) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start ESTABLISH_INBOUND, ROUTED_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PEER; $1@0x7f97e9c50a78; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | kernel: install_inbound_ipsec_sa() for #2: inbound (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | checking west-east for conflicts
output: | spd_owner() looking for SPD owner of 192.0.1.0/24===192.0.2.0/24 with routing >= ROUTED_INBOUND_NEGOTIATION[NEGOTIATION]
output: | FOR_EACH_SPD_ROUTE[remote_client_range=192.0.2.0/24]... in (install_inbound_ipsec_sa() +1986 programs/pluto/kernel.c)
output: |   found "west-east" 192.0.1.0/24===192.0.2.0/24
output: |    "west-east" 192.0.1.0/24===192.0.2.0/24 ROUTED_NEGOTIATION[NEGOTIATION] skipped; ignoring self
output: |   matches: 1
output: | spd_owner: owners of 192.0.1.0/24===192.0.2.0/24 routing >= ROUTED_INBOUND_NEGOTIATION[NEGOTIATION]
output: | initiator ipsec-max-bytes: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=84084070736450169 actual-limit=2389927079950144119
output: | initiator ipsec-max-packets: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=251911994717953769 actual-limit=2557755003931647719
output: | kernel: setup_half_kernel_state() INBOUND <unset-selector>->[192.1.2.23=TUNNEL=>192.1.2.45]-><unset-selector> sec_label=
output: | kernel: looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
output: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
output: | kernel: child->sa.st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
output: | kernel: setting IPsec SA replay-window to 128
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | "west-east" #2: routing:  kernel_ops_add_sa() level=0 INBOUND TUNNEL
output: | "west-east" #2: routing:   (src) <unset-selector> -> 192.1.2.23[fe237aa7] ==> 192.1.2.45 -> <unset-selector> (dst)
output: | "west-east" #2: routing:   HMAC_SHA1_96:20 AES_CBC:16 replay_window=128 +dont_encap_dscp ...
output: | netlink_add_sa() tunnel enabling inner-most tunnel mode
output: | netlink_add_sa() adding IPsec SA with reqid 16389
output: | netlink_add_sa() disabling Encap DSCP
output: | netlink_add_sa() setting IPsec SA replay-window to 128 using xfrm_replay_state_esn
output: | netlink_add_sa() esp-hw-offload not set for IPsec SA
output: | sendrecv_xfrm_msg() sending 26 Add SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | sendrecv_xfrm_msg() netlink response for Add SA esp.ESPSPIi@192.1.2.45 included non-error error
output: | "west-east" #2: routing:   ... yes
output: | kernel: install_inbound_ipsec_kernel_policies() owner=#2
output: | kernel: install_inbound_ipsec_kernel_policies() is installing SPD for 192.0.2.0/24=>192.0.1.0/24
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | priority calculation of is 1757393 (0x1ad0d1) base=1 portsw=2 protow=1, srcw=104 dstw=104 instw=1
output: | kernel: install_inbound_ipsec_kernel_policy() is installing SPD for 192.0.2.0/24=>192.0.1.0/24
output: | "west-east" #2: routing:  kernel_ops_policy_add() ADD+INBOUND add inbound Child SA (install_inbound_ipsec_kernel_policies() +1636 programs/pluto/kernel.c)
output: | "west-east" #2: routing:   client=192.0.2.0/24=>192.0.1.0/24 lifetime=0s
output: | "west-east" #2: routing:   sa_marks=out:0/00000000,in:0/00000000
output: | "west-east" #2: routing:   policy=192.1.2.23=>192.1.2.45,IPSEC=IPSEC,priority=1757393,TUNNEL[ESP@16389(ALL)]
output: | kernel_ops_policy_add()   policy=IPv4 action=0 xfrm_dir=0 op=ADD dir=INBOUND
output: | kernel_xfrm_policy_add() using family IPv4 (2)
output: | set_xfrm_selectors() using family IPv4 (2)
output: | kernel_xfrm_policy_add() IPsec SA SPD priority set to 1757393
output: | kernel_xfrm_policy_add() adding xfrm_user_tmpl reqid=16389 id.proto=50 optional=0 family=2 mode=1 saddr=192.1.2.23 daddr=192.1.2.45
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (in) had A policy
output: | kernel_xfrm_policy_add() adding policy forward (suspect a tunnel)
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (fwd) had A policy
output: | "west-east" #2: routing:   ... yes
output: | "west-east" #2: routing: stop ESTABLISH_INBOUND, ROUTED_NEGOTIATION->ROUTED_INBOUND_NEGOTIATION, PERMANENT; ok=yes; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | "west-east": delref @0x7f97e9c50a78(4->3) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | "west-east": addref @0x7f97e9c50a78(3->4) "west-east" #2:  (dispatch() +2436 programs/pluto/routing.c)
output: | "west-east" #2: routing: start ESTABLISH_OUTBOUND, ROUTED_INBOUND_NEGOTIATION, PERMANENT; ISAKMP #1 (MAIN_I4) IPsec #2 (QUICK_I1) by=PEER; $1@0x7f97e9c50a78; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | kernel: install_outbound_ipsec_sa() for #2: outbound (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | initiator ipsec-max-bytes: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=405055012855361263 actual-limit=2710898022069055213
output: | initiator ipsec-max-packets: hard-limit=9223372036854775808 soft-limit=4611686018427387900 softer-limit=2305843009213693950 fuzz=268372148839803658 actual-limit=2574215158053497608
output: | kernel: setup_half_kernel_state() OUTBOUND <unset-selector>->[192.1.2.45=TUNNEL=>192.1.2.23]-><unset-selector> sec_label=
output: | kernel: looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
output: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
output: | kernel: child->sa.st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
output: | kernel: setting IPsec SA replay-window to 128
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | "west-east" #2: routing:  kernel_ops_add_sa() level=0 OUTBOUND TUNNEL
output: | "west-east" #2: routing:   (src) <unset-selector> -> 192.1.2.45[d4efb6be] ==> 192.1.2.23 -> <unset-selector> (dst)
output: | "west-east" #2: routing:   HMAC_SHA1_96:20 AES_CBC:16 replay_window=128 +dont_encap_dscp ...
output: | netlink_add_sa() tunnel enabling inner-most tunnel mode
output: | netlink_add_sa() adding IPsec SA with reqid 16389
output: | netlink_add_sa() disabling Encap DSCP
output: | netlink_add_sa() setting IPsec SA replay-window to 128 using xfrm_replay_state_esn
output: | netlink_add_sa() esp-hw-offload not set for IPsec SA
output: | sendrecv_xfrm_msg() sending 16 Add SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | sendrecv_xfrm_msg() netlink response for Add SA esp.ESPSPIi@192.1.2.23 included non-error error
output: | "west-east" #2: routing:   ... yes
output: | kernel: install_outbound_ipsec_kernel_policies() installing IPsec policies for #2: connection is currently #2 RT_ROUTED_INBOUND_NEGOTIATION route=no up=yes
output: | spd_owner() looking for SPD owner of 192.0.1.0/24===192.0.2.0/24 with routing >= ROUTED_TUNNEL[IPSEC]
output: | FOR_EACH_SPD_ROUTE[remote_client_range=192.0.2.0/24]... in (get_connection_spd_conflict() +793 programs/pluto/kernel.c)
output: |   found "west-east" 192.0.1.0/24===192.0.2.0/24
output: |    "west-east" 192.0.1.0/24===192.0.2.0/24 ROUTED_INBOUND_NEGOTIATION[NEGOTIATION] skipped; ignoring self
output: |   matches: 1
output: | spd_owner: owners of 192.0.1.0/24===192.0.2.0/24 routing >= ROUTED_TUNNEL[IPSEC]
output: | kernel: get_connection_spd_conflict looking for 192.0.1.0/24===192.0.2.0/24
output: | kernel: NIC esp-hw-offload disabled for connection 'west-east'
output: | priority calculation of is 1757393 (0x1ad0d1) base=1 portsw=2 protow=1, srcw=104 dstw=104 instw=1
output: | "west-east" #2: routing:  kernel_ops_policy_add() ADD+OUTBOUND install IPsec policy (install_outbound_ipsec_kernel_policies() +1844 programs/pluto/kernel.c)
output: | "west-east" #2: routing:   client=192.0.1.0/24=>192.0.2.0/24 lifetime=0s
output: | "west-east" #2: routing:   sa_marks=out:0/00000000,in:0/00000000
output: | "west-east" #2: routing:   policy=192.1.2.45=>192.1.2.23,IPSEC=IPSEC,priority=1757393,TUNNEL[ESP@16389(ALL)]
output: | kernel_ops_policy_add()   policy=IPv4 action=0 xfrm_dir=1 op=ADD dir=OUTBOUND
output: | kernel_xfrm_policy_add() using family IPv4 (2)
output: | set_xfrm_selectors() using family IPv4 (2)
output: | kernel_xfrm_policy_add() IPsec SA SPD priority set to 1757393
output: | kernel_xfrm_policy_add() adding xfrm_user_tmpl reqid=16389 id.proto=50 optional=0 family=2 mode=1 saddr=192.1.2.45 daddr=192.1.2.23
output: | sendrecv_xfrm_msg() sending 25 policy IPv4
output: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
output: | kernel_ops_policy_add()   XFRM_MSG_UPDPOLICY for flow IPv4 (out) had A policy
output: | "west-east" #2: routing:   ... yes
output: | kernel: running updown command "ipsec _updown" for verb prepare 
output: | kernel: command executing prepare-client
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039384 lastused=0
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039384 lastused=0
output: | executing prepare-client: 2>&1 PLUTO_VERB='prepare-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=0 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIG...
output: | popen cmd is 1127 chars long
output: | cmd(   0):2>&1 PLUTO_VERB='prepare-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_T:
output: | cmd(  80):YPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUT:
output: | cmd( 160):E='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO:
output: | cmd( 240):_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.:
output: | cmd( 320):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PL:
output: | cmd( 400):UTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@e:
output: | cmd( 480):ast' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE:
output: | cmd( 560):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEE:
output: | cmd( 640):R_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=0 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+:
output: | cmd( 720):TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT:
output: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_D:
output: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLU:
output: | cmd( 960):TO_CFG_CLIENT=0 PLUTO_NM_CONFIGURED=0 PLUTO_INBYTES=0 PLUTO_OUTBYTES=0 VTI_IFACE:
output: | cmd(1040):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd4efb6be SPI_OUT=0xfe237aa7 ipsec :
output: | cmd(1120):_updown:
output: | kernel: install_outbound_ipsec_kernel_policies() skipping updown-route as non-bare
output: | kernel: running updown command "ipsec _updown" for verb up 
output: | kernel: command executing up-client
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.45
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039384 lastused=0
output: | kernel: get_ipsec_traffic() esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() sending 18 Get SA esp.ESPSPIi@192.1.2.23
output: | sendrecv_xfrm_msg() recvfrom() returned 568 bytes
output: | xfrm_get_kernel_state() rtattribute type 24 ...
output: | xfrm_get_kernel_state() rtattribute type 1 ...
output: | xfrm_get_kernel_state() rtattribute type 20 ...
output: | xfrm_get_kernel_state() rtattribute type 2 ...
output: | xfrm_get_kernel_state() rtattribute type 23 ...
output: | kernel: get_ipsec_traffic() bytes=0 add_time=1709039384 lastused=0
output: | executing up-client: 2>&1 PLUTO_VERB='up-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE='tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIENT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_SA_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME=1709039384 PLUTO_CONN_POLICY='IKEv1+PSK+ENCRYPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0 PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIGU...
output: | popen cmd is 1131 chars long
output: | cmd(   0):2>&1 PLUTO_VERB='up-client' PLUTO_CONNECTION='west-east' PLUTO_CONNECTION_TYPE=':
output: | cmd(  80):tunnel' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' :
output: | cmd( 160):PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_CLIE:
output: | cmd( 240):NT_FAMILY='ipv4' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' :
output: | cmd( 320):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=0 PLUTO_MY_PROTOCOL=0 PLUTO_S:
output: | cmd( 400):A_REQID=16389 PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' :
output: | cmd( 480):PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CL:
output: | cmd( 560):IENT_MASK='255.255.255.0' PLUTO_PEER_PORT=0 PLUTO_PEER_PROTOCOL=0 PLUTO_PEER_CA=:
output: | cmd( 640):'' PLUTO_STACK='xfrm' PLUTO_ADDTIME=1709039384 PLUTO_CONN_POLICY='IKEv1+PSK+ENCR:
output: | cmd( 720):YPT+TUNNEL+PFS+ROUTE+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES' PLUTO_CONN_KIND='CK_PERMA:
output: | cmd( 800):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=0 PLUTO_PE:
output: | cmd( 880):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=0:
output: | cmd( 960): PLUTO_CFG_CLIENT=0 PLUTO_NM_CONFIGURED=0 PLUTO_INBYTES=0 PLUTO_OUTBYTES=0 VTI_I:
output: | cmd(1040):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd4efb6be SPI_OUT=0xfe237aa7 ip:
output: | cmd(1120):sec _updown:
output: | "west-east" #2: routing: stop ESTABLISH_OUTBOUND, ROUTED_INBOUND_NEGOTIATION->ROUTED_TUNNEL, PERMANENT; ok=yes; routing_sa #2 negotiating_ike_sa #1 established_ike_sa #1 negotiating_child_sa #2 established_child_sa #0->#2 (quick_inR1_outI2_tail() +1791 programs/pluto/ikev1_quick.c)
output: | "west-east": delref @0x7f97e9c50a78(4->3) "west-east" #2:  (dispatch() +2450 programs/pluto/routing.c)
output: | emitting 12 zero bytes of encryption padding into ISAKMP Message
output: | no IKEv1 message padding required
output: | emitting length of ISAKMP Message: 76
output: | "west-east" #2: DPD: dpd_init() called on IPsec SA
output: | "west-east" #2: DPD: Peer does not support Dead Peer Detection
output: | job 4 helper 1 #2 quick_inR1_outI2 (dh): final status STF_OK; cleaning up
output: | delref @0x7f97e9c5afd8(2->1) (cleanup_dh_shared_secret() +170 programs/pluto/crypt_dh.c)
output: | DH: delref secret-key@NULL
output: | "west-east" #2: detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e9289fc8 slot 0 (free_job() +430 programs/pluto/server_pool.c)
output: | delref @0x7f97e9c58fe8(2->1) (free_job() +430 programs/pluto/server_pool.c)
output: | logger: delref @0x7f97e9289fc8(1->0) (free_job() +430 programs/pluto/server_pool.c)
output: | job: delref @0x7f97e9285f98(1->0) (free_job() +431 programs/pluto/server_pool.c)
output: | complete v1 state transition with STF_OK
output: | #2 is idle
output: | doing_xauth:no, t_xauth_client_done:no
output: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA)
output: | #2 deleting EVENT_CRYPTO_TIMEOUT
output: | tt: delref @0x7f97e928df68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | state-event: delref @0x7f97e928bfa8(1->0) (delete_event() +534 programs/pluto/timer.c)
output: | #2 STATE_QUICK_I2: retransmits: cleared
output: | sending 76 bytes for quick_inR1_outI2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #2)
output: |   7c 74 e1 e0  da 5c 55 9e  08 53 6b 66  35 f4 1c 99   |t...\U..Skf5...
output: |   08 10 20 01  f5 88 4f 9f  00 00 00 4c  f7 4c c0 a7   .. ...O....L.L..
output: |   62 7d 3a 71  a3 c9 72 bf  87 1f 12 05  25 7a ce 73   b}:q..r.....%z.s
output: |   d1 6b 65 ef  15 00 a1 4b  a5 1f 8c 9a  e7 73 8a f1   .ke....K.....s..
output: |   49 da 5d 57  98 83 8d 00  45 51 c9 3c                I.]W....EQ.<
output: | event_schedule_where: newref EVENT_v1_REPLACE-pe@0x7f97e92abfa8 timeout in 28217 seconds for #2
output: | tt: newref @0x7f97e929ef68(0->1) (schedule_timeout() +557 programs/pluto/server.c)
output: | pstats #2 ikev1.ipsec established
output: "west-east" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive}
output: | modecfg pull: noquirk policy:push not-client
output: | phase 1 is done, looking for phase 2 to unpend
output: | "west-east" #2: detach whack fd@0x7f97e9c58fe8 from logger 0x7f97e9b66fc8 slot 0 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | delref @0x7f97e9c58fe8(1->0) (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | freeref fd@0x7f97e9c58fe8 (complete_v1_state_transition() +2840 programs/pluto/ikev1.c)
output: | packet from 192.1.2.23:500: delref @0x7f97e927d628(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | packet from 192.1.2.23:500: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
output: | logger: delref @0x7f97e91f6fc8(1->0) (resume_handler() +687 programs/pluto/server.c)
output: | delref @0x7f97e9c5ef38(4->3) (resume_handler() +687 programs/pluto/server.c)
output: | #2 spent 4.75 (56.3) milliseconds in resume sending job back to main thread
output: | tt: delref @0x7f97e928ff68(1->0) (destroy_timeout() +575 programs/pluto/server.c)
output: | processing signal PLUTO_SIGCHLD
output: | waitpid returned ECHILD (no child processes left)
output: | spent 0.00549 (0.0937) milliseconds in signal handler PLUTO_SIGCHLD
output: | processing signal PLUTO_SIGCHLD
output: | waitpid returned ECHILD (no child processes left)
output: | spent 0.00482 (0.0956) milliseconds in signal handler PLUTO_SIGCHLD
output: | processing global timer EVENT_SHUNT_SCAN
output: | kernel: checking for aged bare shunts from shunt table to expire
output: | spent 0.0124 (0.558) milliseconds in global timer EVENT_SHUNT_SCAN
output: | processing global timer EVENT_NAT_T_KEEPALIVE
output: | FOR_EACH_STATE_... in (nat_traversal_ka_event() +304 programs/pluto/nat_traversal.c)
output: |   found "west-east" #2
output: | not behind NAT: no NAT-T KEEP-ALIVE required for conn west-east
output: |   found "west-east" #1
output: | not behind NAT: no NAT-T KEEP-ALIVE required for conn west-east
output: |   matches: 2
output: | spent 0.072 (0.688) milliseconds in global timer EVENT_NAT_T_KEEPALIVE
west #
 ../../guestbin/ipsec-kernel-state.sh
west #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 0 mode transport
west #
 ipsec unroute west-east
west #
 
