[strongSwan] Can Strongswan be made to work when each endpoint is behind a NAT firewall
Andreas Steffen
andreas.steffen at strongswan.org
Mon Aug 2 16:35:03 CEST 2010
Hi David,
the problem seems to be that the peer does not
receive the MI3 message after the initiator floats
to UDP port 4500. The responder then starts to
negotiate on its own using port 500 whereas
the initiator has already floated to 4500 and
therefore this new negotiation fails. Please
check your forwarding rules for UDP port 4500
on the remote side.
Regards
Andreas
On 02.08.2010 12:33, David Hooker wrote:
> Hi List,
>
> Both firewalls have UDP/500, UDP/4500 and ESP passed through to the
> strongswan endpoints.
>
> I run a connection like:
>
> config setup
> plutostart=yes
> plutodebug=all
> plutostderrlog=/var/log/pluto.log
> charonstart=no
> nat_traversal=yes
>
> conn vpn
> left=192.168.5.2 #we are behind a NAT box, this is our IP on the
> private network
> leftsubnet=192.168.5.0/24 <http://192.168.5.0/24>
> leftcert=siteb.crt
> leftid="C=xx, ST=yy, O=zz, CN=aa"
> right=<public ip> #NAT box in front of peer, it will port forward to peer
> rightsubnet=192.168.0.0/24 <http://192.168.0.0/24>
> rightid="C=xx, ST=yy, O=zz, CN=bb"
> authby=rsasig
> auto=start
>
>
> ipsec.secrets:
> : RSA siteb.key "secret goes here"
>
>
> But I get "no connection authorized with policy=rsasig". The IP
> addresses given in this message look correct.
>
> Can strongswan be made to work when each peer endpoint is behind a firewall?
>
> Thank you for the help last time, as well. :)
>
>
> Starting Pluto (strongSwan Version 4.2.4 THREADS LIBLDAP SMARTCARD
> VENDORID CISCO_QUIRKS)
> including NAT-Traversal patch (Version 0.6c)
> | pkcs11 module '/usr/lib/opensc-pkcs11.so' loading...
> failed to load pkcs11 module '/usr/lib/opensc-pkcs11.so'
> | xauth module: using default get_secret() function
> | xauth module: using default verify_secret() function
> | opening /dev/urandom
> | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
> ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
> ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
> ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
> ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
> ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
> ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
> ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
> ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
> Testing registered IKE encryption algorithms:
> OAKLEY_BLOWFISH_CBC self-test not available
> OAKLEY_3DES_CBC self-test not available
> OAKLEY_AES_CBC self-test not available
> OAKLEY_SERPENT_CBC self-test not available
> OAKLEY_TWOFISH_CBC self-test not available
> OAKLEY_TWOFISH_CBC_SSH self-test not available
> Testing registered IKE hash algorithms:
> | hash testvector 0: ok
> | hash testvector 1: ok
> | hash testvector 2: ok
> | hash testvector 3: ok
> | hash testvector 4: ok
> | hash testvector 5: ok
> | hash testvector 6: ok
> OAKLEY_MD5 hash self-test passed
> | hmac testvector 0: ok
> | hmac testvector 1: ok
> | hmac testvector 2: ok
> | hmac testvector 3: ok
> | hmac testvector 4: ok
> | hmac testvector 5: ok
> OAKLEY_MD5 hmac self-test passed
> | hash testvector 0: ok
> | hash testvector 1: ok
> | hash testvector 2: ok
> OAKLEY_SHA hash self-test passed
> | hmac testvector 0: ok
> | hmac testvector 1: ok
> | hmac testvector 2: ok
> | hmac testvector 3: ok
> | hmac testvector 4: ok
> | hmac testvector 5: ok
> OAKLEY_SHA hmac self-test passed
> | hash testvector 0: ok
> | hash testvector 1: ok
> | hash testvector 2: ok
> OAKLEY_SHA2_256 hash self-test passed
> | hmac testvector 0: ok
> | hmac testvector 1: ok
> | hmac testvector 2: ok
> | hmac testvector 3: ok
> | hmac testvector 4: ok
> | hmac testvector 5: ok
> OAKLEY_SHA2_256 hmac self-test passed
> | hash testvector 0: ok
> | hash testvector 1: ok
> | hash testvector 2: ok
> OAKLEY_SHA2_384 hash self-test passed
> | hmac testvector 0: ok
> | hmac testvector 1: ok
> | hmac testvector 2: ok
> | hmac testvector 3: ok
> | hmac testvector 4: ok
> | hmac testvector 5: ok
> OAKLEY_SHA2_384 hmac self-test passed
> | hash testvector 0: ok
> | hash testvector 1: ok
> | hash testvector 2: ok
> OAKLEY_SHA2_512 hash self-test passed
> | hmac testvector 0: ok
> | hmac testvector 1: ok
> | hmac testvector 2: ok
> | hmac testvector 3: ok
> | hmac testvector 4: ok
> | hmac testvector 5: ok
> OAKLEY_SHA2_512 hmac self-test passed
> All crypto self-tests passed
> | process 2012 listening for PF_KEY_V2 on file descriptor 4
> Using Linux 2.6 IPsec interface code
> | finish_pfkey_msg: SADB_REGISTER message 1 for AH
> | 02 07 00 02 02 00 00 00 01 00 00 00 dc 07 00 00
> | pfkey_get: SADB_REGISTER message 1
> | AH registered with kernel.
> | finish_pfkey_msg: SADB_REGISTER message 2 for ESP
> | 02 07 00 03 02 00 00 00 02 00 00 00 dc 07 00 00
> | pfkey_get: SADB_REGISTER message 2
> | alg_init(): memset(0xb77cfca0, 0, 2016) memset(0xb77d0480, 0, 2032)
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=18
> sadb_supported_len=48
> | kernel_alg_add(): satype=3, exttype=14, alg_id=251
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14,
> satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0,
> ret=1
> | kernel_alg_add(): satype=3, exttype=14, alg_id=2
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14,
> satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=14, alg_id=3
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14,
> satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=14, alg_id=5
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14,
> satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=14, alg_id=9
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14,
> satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128,
> res=0, ret=1
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=18
> sadb_supported_len=80
> | kernel_alg_add(): satype=3, exttype=15, alg_id=11
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15,
> satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=2
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15,
> satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0,
> ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=3
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15,
> satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=7
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15,
> satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0,
> ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=12
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15,
> satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=252
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15,
> satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=22
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15,
> satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=253
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15,
> satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256,
> res=0, ret=1
> | kernel_alg_add(): satype=3, exttype=15, alg_id=13
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15,
> satype=3, alg_id=13, alg_ivlen=8, alg_minbits=128, alg_maxbits=256,
> res=0, ret=1
> | ESP registered with kernel.
> | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP
> | 02 07 00 09 02 00 00 00 03 00 00 00 dc 07 00 00
> | pfkey_get: SADB_REGISTER message 3
> | IPCOMP registered with kernel.
> Changing to directory '/etc/ipsec.d/cacerts'
> loaded CA cert file 'CA.crt' (2220 bytes)
> | file content is not binary ASN.1
> | -----BEGIN CERTIFICATE-----
> | -----END CERTIFICATE-----
> | file coded in PEM format
> | L0 - certificate:
> | 30 82 06 39 30 82 04 21 a0 03 02 01 02 02 09 00
> | cd 34 0e af 93 33 45 6d 30 0d 06 09 2a 86 48 86
> | f7 0d 01 01 05 05 00 30 70 31 0b 30 09 06 03 55
> | 04 06 13 02 41 55 31 20 30 1e 06 03 55 04 0a 13
> | 17 4a 6f 74 75 6e 20 41 75 73 74 72 61 6c 69 61
> | 20 50 74 79 20 4c 74 64 31 0f 30 0d 06 03 55 04
> | 03 13 06 56 50 4e 20 43 41 31 2e 30 2c 06 09 2a
> | 86 48 86 f7 0d 01 09 01 16 1f 72 65 63 65 70 74
> | 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74
> | 75 6e 2e 63 6f 6d 2e 61 75 30 1e 17 0d 31 30 30
> | 37 32 36 30 37 32 39 33 30 5a 17 0d 33 30 30 37
> | 32 31 30 37 32 39 33 30 5a 30 70 31 0b 30 09 06
> | 03 55 04 06 13 02 41 55 31 20 30 1e 06 03 55 04
> | 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74 72 61 6c
> | 69 61 20 50 74 79 20 4c 74 64 31 0f 30 0d 06 03
> | 55 04 03 13 06 56 50 4e 20 43 41 31 2e 30 2c 06
> | 09 2a 86 48 86 f7 0d 01 09 01 16 1f 72 65 63 65
> | 70 74 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a
> | 6f 74 75 6e 2e 63 6f 6d 2e 61 75 30 82 02 22 30
> | 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82
> | 02 0f 00 30 82 02 0a 02 82 02 01 00 e8 61 10 92
> | f7 0a e1 b2 09 3d 0d 7c 00 96 df 67 3e 51 93 45
> | c8 ea 51 c1 fc 33 09 dc 2e ef 6e 87 02 aa 33 f1
> | 35 74 f1 b8 96 cd 04 3a b3 aa 99 12 78 93 3c 40
> | 08 bc 7d 77 c3 a3 6a 2f 80 ed dc c6 ae 49 cd 46
> | b9 41 7e 14 2d 47 dd 65 61 50 4b b1 07 60 7c fb
> | d7 c4 59 6d da 63 38 81 2f 17 5f cb ad 56 e8 e0
> | ca 62 8c 63 1f 87 5f 87 e4 10 98 dc 09 67 f0 b7
> | 5d b7 72 30 89 f0 00 ce d3 7e 3e f1 0c 0a 38 ae
> | 63 51 40 7a 8e 51 88 05 fd 1b fa 91 7f 82 ed 95
> | fd be 26 0f cf 90 d9 38 c4 58 d4 e5 0a 6e 70 cb
> | ce e9 9a 00 91 72 33 0e ad d1 5a 9e bd bd 98 46
> | 91 db ad 3a c6 31 6f b8 5e 90 b5 92 3f 02 31 29
> | 8d b6 4e 5a 5e a8 10 0e 5e dc fe 81 df ba 47 db
> | 8d f5 35 15 0b 7b ca f3 ea 44 93 2a 24 6c b5 a1
> | 52 d2 f9 53 f5 d5 5f 35 01 e4 31 76 74 f0 81 31
> | 3d 14 36 45 ab dd 29 51 9b 26 69 b5 ea 50 86 e9
> | 41 b6 63 f0 92 4c ff 06 ad 19 96 c5 97 66 3f 52
> | db 68 d5 77 74 ae 77 f1 b3 8d d5 bc e0 7e c4 44
> | fd 72 d2 06 69 f8 7a 82 9d 24 24 9f ad b1 b9 dc
> | 25 33 8e bf be e6 bc 1c 3c b1 f7 bf f5 6c 52 22
> | cb 50 ee 60 53 65 a2 97 b8 d8 d5 45 aa a1 9c a7
> | fe 93 8e e6 c8 26 aa 71 ff 84 2b fd fd e3 e0 e1
> | 2e e7 a4 f1 f9 a3 ba 30 cd a9 d2 1f f6 35 36 cc
> | 99 f5 e2 be f6 ba c2 45 32 5c 40 84 ed 2b 09 e4
> | 1a 8b 73 d3 e8 fa 48 c6 5a 6b e6 c8 25 8e d8 bf
> | a4 d1 3f 15 e9 46 4b 12 bb a0 af bd bc 0c c5 40
> | 4d 96 88 92 41 30 44 0f b9 89 a5 b7 d1 4f ec 45
> | 98 65 57 a8 13 99 47 6f 03 89 48 f6 18 1e 7a f4
> | d8 2d c4 4c 33 c6 0b 95 79 fd 8e aa 29 78 0e 2a
> | f5 3c 9e a4 ce 41 36 d6 3f b8 41 6f f9 90 92 53
> | cf f2 4e cb 59 87 69 79 18 9e 22 04 dd ec b0 b2
> | f4 03 81 e5 f5 b7 ce 53 3e 55 14 b9 02 03 01 00
> | 01 a3 81 d5 30 81 d2 30 1d 06 03 55 1d 0e 04 16
> | 04 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4
> | 29 de 94 53 85 74 30 81 a2 06 03 55 1d 23 04 81
> | 9a 30 81 97 80 14 bd 58 6a 09 8b e1 13 99 8c c3
> | f8 46 ec e4 29 de 94 53 85 74 a1 74 a4 72 30 70
> | 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 20 30
> | 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20 41 75
> | 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74 64 31
> | 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20 43 41
> | 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16
> | 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f 6f 6b
> | 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e 61 75
> | 82 09 00 cd 34 0e af 93 33 45 6d 30 0c 06 03 55
> | 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48
> | 86 f7 0d 01 01 05 05 00 03 82 02 01 00 a1 f9 39
> | 79 b7 be d0 ed d2 de 90 22 cf ae ec 62 fc 14 5a
> | ac bd d7 95 f1 ba 00 ff 6c 6d fd 15 b1 33 f8 73
> | 8f 73 2d 1d a2 00 b2 45 cc 51 cb 16 b8 32 99 bc
> | 51 78 d4 c8 06 c4 4a d8 b7 8d 13 e1 3e 3b 3c 05
> | f7 11 7e da b7 4d ca 45 5e 8d 1e 4e be 84 87 6e
> | 0f 6c 47 7a 5b b9 b4 b4 51 57 80 60 3f c1 87 c4
> | b4 bc 98 eb 23 a0 33 90 3c 70 2c 2d 88 f0 f5 b6
> | 97 f6 2f ff f5 bd 69 da 49 6b 1f c7 f8 22 93 e3
> | fc 2f 01 24 46 31 ba d0 3d 83 ac f9 06 fd 7c 89
> | 21 6d 92 d9 30 8f e5 fc 7d 74 60 49 9b e0 1c 25
> | 8c 6f 97 d5 8a cc 4b 40 76 2f 9b 0e 95 7f da ef
> | 64 ce 4d 1a a6 a3 1a 89 9b 1d 0b 02 45 26 16 d1
> | 44 3c 07 ec 04 d0 81 43 d5 3c 1f 40 45 44 aa 65
> | 3f 82 9b e0 1f cb 52 04 34 04 d6 ab a6 90 28 dd
> | 49 b6 29 ec a4 79 f2 87 a7 dd c5 52 08 3c a3 3e
> | a4 3c 2c 1a 53 81 3a 89 a7 3d bd 5a 1f d6 64 15
> | 25 85 15 49 b5 e5 4b 25 1c d2 0c 12 02 82 7d b8
> | fe b7 10 4b 83 78 d2 e1 1c d5 3a 6b 2d 49 aa 35
> | 04 3d 3e f2 2a d2 13 92 3b e9 a2 57 d0 47 b0 83
> | 77 ea 09 94 c2 8c 76 b9 11 cc 2e 36 e9 63 81 d3
> | 00 96 4c 1f c8 e1 f7 e1 db 13 ac f5 f8 16 ec 88
> | 05 33 ac 63 17 f0 e8 5c 4e 67 48 d1 80 11 a2 f0
> | 0a c8 f4 b8 62 a5 cc d4 0e da de 6b 16 14 cc ca
> | 91 bf f1 fc af 21 b2 cb 55 06 2f de a8 5b 49 0f
> | 3a a3 76 36 4d 46 9a 21 67 37 03 9e ed 97 cb 5f
> | 2c 13 b1 e0 e3 f3 9b 0f 55 ee db b8 f8 ec 39 80
> | e0 a5 03 c4 c8 59 16 a2 72 85 f7 c3 14 c9 65 e9
> | 30 6e f8 ff 6d ff cf 3c 53 57 56 a0 ca 17 f7 eb
> | 04 cf 72 41 89 31 51 1a 15 cc e4 a1 da 9b 1e d5
> | 46 17 14 43 a8 64 28 f0 d1 1f 2d ac 91 c9 54 4f
> | ae 3d aa be 81 95 d8 e5 9d d4 50 29 e0 6e 1d 0e
> | 95 7c b8 2e 0a bc 34 f4 5d 10 d1 19 14
> | L1 - tbsCertificate:
> | 30 82 04 21 a0 03 02 01 02 02 09 00 cd 34 0e af
> | 93 33 45 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01
> | 05 05 00 30 70 31 0b 30 09 06 03 55 04 06 13 02
> | 41 55 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74
> | 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74 79
> | 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 13 06 56
> | 50 4e 20 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7
> | 0d 01 09 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f
> | 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63
> | 6f 6d 2e 61 75 30 1e 17 0d 31 30 30 37 32 36 30
> | 37 32 39 33 30 5a 17 0d 33 30 30 37 32 31 30 37
> | 32 39 33 30 5a 30 70 31 0b 30 09 06 03 55 04 06
> | 13 02 41 55 31 20 30 1e 06 03 55 04 0a 13 17 4a
> | 6f 74 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50
> | 74 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 13
> | 06 56 50 4e 20 43 41 31 2e 30 2c 06 09 2a 86 48
> | 86 f7 0d 01 09 01 16 1f 72 65 63 65 70 74 69 6f
> | 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74 75 6e
> | 2e 63 6f 6d 2e 61 75 30 82 02 22 30 0d 06 09 2a
> | 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30
> | 82 02 0a 02 82 02 01 00 e8 61 10 92 f7 0a e1 b2
> | 09 3d 0d 7c 00 96 df 67 3e 51 93 45 c8 ea 51 c1
> | fc 33 09 dc 2e ef 6e 87 02 aa 33 f1 35 74 f1 b8
> | 96 cd 04 3a b3 aa 99 12 78 93 3c 40 08 bc 7d 77
> | c3 a3 6a 2f 80 ed dc c6 ae 49 cd 46 b9 41 7e 14
> | 2d 47 dd 65 61 50 4b b1 07 60 7c fb d7 c4 59 6d
> | da 63 38 81 2f 17 5f cb ad 56 e8 e0 ca 62 8c 63
> | 1f 87 5f 87 e4 10 98 dc 09 67 f0 b7 5d b7 72 30
> | 89 f0 00 ce d3 7e 3e f1 0c 0a 38 ae 63 51 40 7a
> | 8e 51 88 05 fd 1b fa 91 7f 82 ed 95 fd be 26 0f
> | cf 90 d9 38 c4 58 d4 e5 0a 6e 70 cb ce e9 9a 00
> | 91 72 33 0e ad d1 5a 9e bd bd 98 46 91 db ad 3a
> | c6 31 6f b8 5e 90 b5 92 3f 02 31 29 8d b6 4e 5a
> | 5e a8 10 0e 5e dc fe 81 df ba 47 db 8d f5 35 15
> | 0b 7b ca f3 ea 44 93 2a 24 6c b5 a1 52 d2 f9 53
> | f5 d5 5f 35 01 e4 31 76 74 f0 81 31 3d 14 36 45
> | ab dd 29 51 9b 26 69 b5 ea 50 86 e9 41 b6 63 f0
> | 92 4c ff 06 ad 19 96 c5 97 66 3f 52 db 68 d5 77
> | 74 ae 77 f1 b3 8d d5 bc e0 7e c4 44 fd 72 d2 06
> | 69 f8 7a 82 9d 24 24 9f ad b1 b9 dc 25 33 8e bf
> | be e6 bc 1c 3c b1 f7 bf f5 6c 52 22 cb 50 ee 60
> | 53 65 a2 97 b8 d8 d5 45 aa a1 9c a7 fe 93 8e e6
> | c8 26 aa 71 ff 84 2b fd fd e3 e0 e1 2e e7 a4 f1
> | f9 a3 ba 30 cd a9 d2 1f f6 35 36 cc 99 f5 e2 be
> | f6 ba c2 45 32 5c 40 84 ed 2b 09 e4 1a 8b 73 d3
> | e8 fa 48 c6 5a 6b e6 c8 25 8e d8 bf a4 d1 3f 15
> | e9 46 4b 12 bb a0 af bd bc 0c c5 40 4d 96 88 92
> | 41 30 44 0f b9 89 a5 b7 d1 4f ec 45 98 65 57 a8
> | 13 99 47 6f 03 89 48 f6 18 1e 7a f4 d8 2d c4 4c
> | 33 c6 0b 95 79 fd 8e aa 29 78 0e 2a f5 3c 9e a4
> | ce 41 36 d6 3f b8 41 6f f9 90 92 53 cf f2 4e cb
> | 59 87 69 79 18 9e 22 04 dd ec b0 b2 f4 03 81 e5
> | f5 b7 ce 53 3e 55 14 b9 02 03 01 00 01 a3 81 d5
> | 30 81 d2 30 1d 06 03 55 1d 0e 04 16 04 14 bd 58
> | 6a 09 8b e1 13 99 8c c3 f8 46 ec e4 29 de 94 53
> | 85 74 30 81 a2 06 03 55 1d 23 04 81 9a 30 81 97
> | 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4
> | 29 de 94 53 85 74 a1 74 a4 72 30 70 31 0b 30 09
> | 06 03 55 04 06 13 02 41 55 31 20 30 1e 06 03 55
> | 04 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74 72 61
> | 6c 69 61 20 50 74 79 20 4c 74 64 31 0f 30 0d 06
> | 03 55 04 03 13 06 56 50 4e 20 43 41 31 2e 30 2c
> | 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f 72 65 63
> | 65 70 74 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e 40
> | 6a 6f 74 75 6e 2e 63 6f 6d 2e 61 75 82 09 00 cd
> | 34 0e af 93 33 45 6d 30 0c 06 03 55 1d 13 04 05
> | 30 03 01 01 ff
> | L2 - DEFAULT v1:
> | L3 - version:
> | 02
> | v3
> | L2 - serialNumber:
> | 00 cd 34 0e af 93 33 45 6d
> | L2 - signature:
> | L3 - algorithmIdentifier:
> | L4 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L4 - parameters:
> | L2 - issuer:
> | 30 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20
> | 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09
> | 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f
> | 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e
> | 61 75
> | 'C=XX, O=company, CN=VPN CA, E=reception_sitea at company.com
> <mailto:reception_sitea at company.com>'
> | L2 - validity:
> | L3 - notBefore:
> | L4 - utcTime:
> | 'Jul 26 07:29:30 UTC 2010'
> | L3 - notAfter:
> | L4 - utcTime:
> | 'Jul 21 07:29:30 UTC 2030'
> | L2 - subject:
> | 30 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20
> | 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09
> | 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f
> | 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e
> | 61 75
> | 'C=XX, O=company, CN=VPN CA, E=reception_sitea at company.com
> <mailto:reception_sitea at company.com>'
> | L2 - subjectPublicKeyInfo:
> | L3 - algorithm:
> | L4 - algorithmIdentifier:
> | L5 - algorithm:
> | 'rsaEncryption'
> | L5 - parameters:
> | L3 - subjectPublicKey:
> | L4 - RSAPublicKey:
> | 30 82 02 0a 02 82 02 01 00 e8 61 10 92 f7 0a e1
> | b2 09 3d 0d 7c 00 96 df 67 3e 51 93 45 c8 ea 51
> | c1 fc 33 09 dc 2e ef 6e 87 02 aa 33 f1 35 74 f1
> | b8 96 cd 04 3a b3 aa 99 12 78 93 3c 40 08 bc 7d
> | 77 c3 a3 6a 2f 80 ed dc c6 ae 49 cd 46 b9 41 7e
> | 14 2d 47 dd 65 61 50 4b b1 07 60 7c fb d7 c4 59
> | 6d da 63 38 81 2f 17 5f cb ad 56 e8 e0 ca 62 8c
> | 63 1f 87 5f 87 e4 10 98 dc 09 67 f0 b7 5d b7 72
> | 30 89 f0 00 ce d3 7e 3e f1 0c 0a 38 ae 63 51 40
> | 7a 8e 51 88 05 fd 1b fa 91 7f 82 ed 95 fd be 26
> | 0f cf 90 d9 38 c4 58 d4 e5 0a 6e 70 cb ce e9 9a
> | 00 91 72 33 0e ad d1 5a 9e bd bd 98 46 91 db ad
> | 3a c6 31 6f b8 5e 90 b5 92 3f 02 31 29 8d b6 4e
> | 5a 5e a8 10 0e 5e dc fe 81 df ba 47 db 8d f5 35
> | 15 0b 7b ca f3 ea 44 93 2a 24 6c b5 a1 52 d2 f9
> | 53 f5 d5 5f 35 01 e4 31 76 74 f0 81 31 3d 14 36
> | 45 ab dd 29 51 9b 26 69 b5 ea 50 86 e9 41 b6 63
> | f0 92 4c ff 06 ad 19 96 c5 97 66 3f 52 db 68 d5
> | 77 74 ae 77 f1 b3 8d d5 bc e0 7e c4 44 fd 72 d2
> | 06 69 f8 7a 82 9d 24 24 9f ad b1 b9 dc 25 33 8e
> | bf be e6 bc 1c 3c b1 f7 bf f5 6c 52 22 cb 50 ee
> | 60 53 65 a2 97 b8 d8 d5 45 aa a1 9c a7 fe 93 8e
> | e6 c8 26 aa 71 ff 84 2b fd fd e3 e0 e1 2e e7 a4
> | f1 f9 a3 ba 30 cd a9 d2 1f f6 35 36 cc 99 f5 e2
> | be f6 ba c2 45 32 5c 40 84 ed 2b 09 e4 1a 8b 73
> | d3 e8 fa 48 c6 5a 6b e6 c8 25 8e d8 bf a4 d1 3f
> | 15 e9 46 4b 12 bb a0 af bd bc 0c c5 40 4d 96 88
> | 92 41 30 44 0f b9 89 a5 b7 d1 4f ec 45 98 65 57
> | a8 13 99 47 6f 03 89 48 f6 18 1e 7a f4 d8 2d c4
> | 4c 33 c6 0b 95 79 fd 8e aa 29 78 0e 2a f5 3c 9e
> | a4 ce 41 36 d6 3f b8 41 6f f9 90 92 53 cf f2 4e
> | cb 59 87 69 79 18 9e 22 04 dd ec b0 b2 f4 03 81
> | e5 f5 b7 ce 53 3e 55 14 b9 02 03 01 00 01
> | L5 - modulus:
> | 00 e8 61 10 92 f7 0a e1 b2 09 3d 0d 7c 00 96 df
> | 67 3e 51 93 45 c8 ea 51 c1 fc 33 09 dc 2e ef 6e
> | 87 02 aa 33 f1 35 74 f1 b8 96 cd 04 3a b3 aa 99
> | 12 78 93 3c 40 08 bc 7d 77 c3 a3 6a 2f 80 ed dc
> | c6 ae 49 cd 46 b9 41 7e 14 2d 47 dd 65 61 50 4b
> | b1 07 60 7c fb d7 c4 59 6d da 63 38 81 2f 17 5f
> | cb ad 56 e8 e0 ca 62 8c 63 1f 87 5f 87 e4 10 98
> | dc 09 67 f0 b7 5d b7 72 30 89 f0 00 ce d3 7e 3e
> | f1 0c 0a 38 ae 63 51 40 7a 8e 51 88 05 fd 1b fa
> | 91 7f 82 ed 95 fd be 26 0f cf 90 d9 38 c4 58 d4
> | e5 0a 6e 70 cb ce e9 9a 00 91 72 33 0e ad d1 5a
> | 9e bd bd 98 46 91 db ad 3a c6 31 6f b8 5e 90 b5
> | 92 3f 02 31 29 8d b6 4e 5a 5e a8 10 0e 5e dc fe
> | 81 df ba 47 db 8d f5 35 15 0b 7b ca f3 ea 44 93
> | 2a 24 6c b5 a1 52 d2 f9 53 f5 d5 5f 35 01 e4 31
> | 76 74 f0 81 31 3d 14 36 45 ab dd 29 51 9b 26 69
> | b5 ea 50 86 e9 41 b6 63 f0 92 4c ff 06 ad 19 96
> | c5 97 66 3f 52 db 68 d5 77 74 ae 77 f1 b3 8d d5
> | bc e0 7e c4 44 fd 72 d2 06 69 f8 7a 82 9d 24 24
> | 9f ad b1 b9 dc 25 33 8e bf be e6 bc 1c 3c b1 f7
> | bf f5 6c 52 22 cb 50 ee 60 53 65 a2 97 b8 d8 d5
> | 45 aa a1 9c a7 fe 93 8e e6 c8 26 aa 71 ff 84 2b
> | fd fd e3 e0 e1 2e e7 a4 f1 f9 a3 ba 30 cd a9 d2
> | 1f f6 35 36 cc 99 f5 e2 be f6 ba c2 45 32 5c 40
> | 84 ed 2b 09 e4 1a 8b 73 d3 e8 fa 48 c6 5a 6b e6
> | c8 25 8e d8 bf a4 d1 3f 15 e9 46 4b 12 bb a0 af
> | bd bc 0c c5 40 4d 96 88 92 41 30 44 0f b9 89 a5
> | b7 d1 4f ec 45 98 65 57 a8 13 99 47 6f 03 89 48
> | f6 18 1e 7a f4 d8 2d c4 4c 33 c6 0b 95 79 fd 8e
> | aa 29 78 0e 2a f5 3c 9e a4 ce 41 36 d6 3f b8 41
> | 6f f9 90 92 53 cf f2 4e cb 59 87 69 79 18 9e 22
> | 04 dd ec b0 b2 f4 03 81 e5 f5 b7 ce 53 3e 55 14
> | b9
> | L5 - publicExponent:
> | 01 00 01
> | L2 - optional extensions:
> | L3 - extensions:
> | L4 - extension:
> | L5 - extnID:
> | 'subjectKeyIdentifier'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 04 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4
> | 29 de 94 53 85 74
> | L6 - keyIdentifier:
> | bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4 29 de
> | 94 53 85 74
> | L4 - extension:
> | L5 - extnID:
> | 'authorityKeyIdentifier'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 30 81 97 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8
> | 46 ec e4 29 de 94 53 85 74 a1 74 a4 72 30 70 31
> | 0b 30 09 06 03 55 04 06 13 02 41 55 31 20 30 1e
> | 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20 41 75 73
> | 74 72 61 6c 69 61 20 50 74 79 20 4c 74 64 31 0f
> | 30 0d 06 03 55 04 03 13 06 56 50 4e 20 43 41 31
> | 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f
> | 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f 6f 6b 6c
> | 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e 61 75 82
> | 09 00 cd 34 0e af 93 33 45 6d
> | L6 - authorityKeyIdentifier:
> | L7 - keyIdentifier:
> | 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4
> | 29 de 94 53 85 74
> | L8 - keyIdentifier:
> | bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4 29 de
> | 94 53 85 74
> | L7 - authorityCertIssuer:
> | a1 74 a4 72 30 70 31 0b 30 09 06 03 55 04 06 13
> | 02 41 55 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f
> | 74 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74
> | 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 13 06
> | 56 50 4e 20 43 41 31 2e 30 2c 06 09 2a 86 48 86
> | f7 0d 01 09 01 16 1f 72 65 63 65 70 74 69 6f 6e
> | 5f 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e
> | 63 6f 6d 2e 61 75
> | L8 - generalNames:
> | L9 - generalName:
> | L10 - directoryName:
> | 30 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20
> | 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09
> | 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f
> | 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e
> | 61 75
> | 'C=XX, O=company, CN=VPN CA, E=reception_sitea at company.com
> <mailto:reception_sitea at company.com>'
> | L7 - authorityCertSerialNumber:
> | 00 cd 34 0e af 93 33 45 6d
> | L4 - extension:
> | L5 - extnID:
> | 'basicConstraints'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 30 03 01 01 ff
> | L6 - basicConstraints:
> | L7 - CA:
> | ff
> | TRUE
> | L1 - signatureAlgorithm:
> | L2 - algorithmIdentifier:
> | L3 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L3 - parameters:
> | L1 - signatureValue:
> | 00 a1 f9 39 79 b7 be d0 ed d2 de 90 22 cf ae ec
> | 62 fc 14 5a ac bd d7 95 f1 ba 00 ff 6c 6d fd 15
> | b1 33 f8 73 8f 73 2d 1d a2 00 b2 45 cc 51 cb 16
> | b8 32 99 bc 51 78 d4 c8 06 c4 4a d8 b7 8d 13 e1
> | 3e 3b 3c 05 f7 11 7e da b7 4d ca 45 5e 8d 1e 4e
> | be 84 87 6e 0f 6c 47 7a 5b b9 b4 b4 51 57 80 60
> | 3f c1 87 c4 b4 bc 98 eb 23 a0 33 90 3c 70 2c 2d
> | 88 f0 f5 b6 97 f6 2f ff f5 bd 69 da 49 6b 1f c7
> | f8 22 93 e3 fc 2f 01 24 46 31 ba d0 3d 83 ac f9
> | 06 fd 7c 89 21 6d 92 d9 30 8f e5 fc 7d 74 60 49
> | 9b e0 1c 25 8c 6f 97 d5 8a cc 4b 40 76 2f 9b 0e
> | 95 7f da ef 64 ce 4d 1a a6 a3 1a 89 9b 1d 0b 02
> | 45 26 16 d1 44 3c 07 ec 04 d0 81 43 d5 3c 1f 40
> | 45 44 aa 65 3f 82 9b e0 1f cb 52 04 34 04 d6 ab
> | a6 90 28 dd 49 b6 29 ec a4 79 f2 87 a7 dd c5 52
> | 08 3c a3 3e a4 3c 2c 1a 53 81 3a 89 a7 3d bd 5a
> | 1f d6 64 15 25 85 15 49 b5 e5 4b 25 1c d2 0c 12
> | 02 82 7d b8 fe b7 10 4b 83 78 d2 e1 1c d5 3a 6b
> | 2d 49 aa 35 04 3d 3e f2 2a d2 13 92 3b e9 a2 57
> | d0 47 b0 83 77 ea 09 94 c2 8c 76 b9 11 cc 2e 36
> | e9 63 81 d3 00 96 4c 1f c8 e1 f7 e1 db 13 ac f5
> | f8 16 ec 88 05 33 ac 63 17 f0 e8 5c 4e 67 48 d1
> | 80 11 a2 f0 0a c8 f4 b8 62 a5 cc d4 0e da de 6b
> | 16 14 cc ca 91 bf f1 fc af 21 b2 cb 55 06 2f de
> | a8 5b 49 0f 3a a3 76 36 4d 46 9a 21 67 37 03 9e
> | ed 97 cb 5f 2c 13 b1 e0 e3 f3 9b 0f 55 ee db b8
> | f8 ec 39 80 e0 a5 03 c4 c8 59 16 a2 72 85 f7 c3
> | 14 c9 65 e9 30 6e f8 ff 6d ff cf 3c 53 57 56 a0
> | ca 17 f7 eb 04 cf 72 41 89 31 51 1a 15 cc e4 a1
> | da 9b 1e d5 46 17 14 43 a8 64 28 f0 d1 1f 2d ac
> | 91 c9 54 4f ae 3d aa be 81 95 d8 e5 9d d4 50 29
> | e0 6e 1d 0e 95 7c b8 2e 0a bc 34 f4 5d 10 d1 19
> | 14
> | authcert list locked by 'add_authcert'
> | authcert inserted
> | authcert list unlocked by 'add_authcert'
> Changing to directory '/etc/ipsec.d/aacerts'
> Changing to directory '/etc/ipsec.d/ocspcerts'
> Changing to directory '/etc/ipsec.d/crls'
> loaded crl file 'crl.pem' (1019 bytes)
> | file content is not binary ASN.1
> | -----BEGIN X509 CRL-----
> | -----END X509 CRL-----
> | file coded in PEM format
> | L0 - certificateList:
> | 30 82 02 c9 30 81 b2 02 01 01 30 0d 06 09 2a 86
> | 48 86 f7 0d 01 01 05 05 00 30 70 31 0b 30 09 06
> | 03 55 04 06 13 02 41 55 31 20 30 1e 06 03 55 04
> | 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74 72 61 6c
> | 69 61 20 50 74 79 20 4c 74 64 31 0f 30 0d 06 03
> | 55 04 03 13 06 56 50 4e 20 43 41 31 2e 30 2c 06
> | 09 2a 86 48 86 f7 0d 01 09 01 16 1f 72 65 63 65
> | 70 74 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a
> | 6f 74 75 6e 2e 63 6f 6d 2e 61 75 17 0d 31 30 30
> | 37 32 36 30 38 33 36 33 39 5a 17 0d 33 30 30 37
> | 32 31 30 38 33 36 33 39 5a a0 0e 30 0c 30 0a 06
> | 03 55 1d 14 04 03 02 01 01 30 0d 06 09 2a 86 48
> | 86 f7 0d 01 01 05 05 00 03 82 02 01 00 07 ae b9
> | b2 40 b3 1c 22 39 b4 59 bf 03 1a 2c 9b 96 32 65
> | 45 28 19 b0 67 c7 77 72 80 cd 14 58 2d 1f b7 ef
> | 9a dc 34 f2 d7 b9 16 91 ae ed e6 d6 a0 0a 55 f7
> | 64 ab cc 28 37 e2 bc 5d 9a 1a 54 1f b0 cc e7 6f
> | 35 f2 a6 73 61 8e 3d d1 31 6b cc 29 d7 6d 2e f7
> | bc f1 c2 36 b1 81 74 c1 5a 2a 34 ed f3 7d 9a a8
> | 56 05 62 b2 7c 68 03 40 ec cc 7d 18 b0 51 26 12
> | f9 5a c7 ca 8c a2 8e 16 4a f7 d7 d1 bc 42 a9 da
> | 31 84 e2 8c ea 64 f1 dc b0 c6 13 6f 73 69 d8 f8
> | c1 92 31 13 95 57 e3 6d 12 cd 2c dd 7d f4 09 18
> | a0 09 d6 12 10 eb 3c ad 11 78 ec e8 57 a2 96 5c
> | f7 66 6b 8b 2a 29 49 39 59 31 c6 c3 7f 3d 13 cf
> | 1d 1d de 9d f8 aa ac 61 a0 aa 86 07 6d 71 c4 78
> | 5a 43 9e 8c be e7 12 35 6a c1 d5 6f 9e da 63 d9
> | 97 b2 9e 25 a8 1b a4 bc eb 54 43 8b 43 48 ff c8
> | 1f 60 28 02 5c 8d 77 e4 3b 51 4b a4 48 ce f4 36
> | b7 9b 3c 72 0b 0b 99 a8 bb 7e e8 2b 94 47 25 bd
> | 86 bb 7b e1 1b 5e 78 25 67 48 cf aa a0 d7 60 79
> | 5e c8 7f 2b 71 03 7a 13 a4 80 6d 37 62 7f 1b 53
> | 55 87 5f 39 99 7e f7 8f 6a c3 dd d8 b1 3a da 3e
> | be 9b 23 cb 59 c6 e0 4c 5a 71 20 c6 cd 9c cf 85
> | d9 cb 64 44 d9 1d f2 da 61 60 93 f3 e9 71 c6 3e
> | 31 d8 81 ed fb 44 a8 2a 76 1e 76 f1 50 0c 3e 14
> | 6e ce d5 32 de f7 a8 3a d4 60 20 4d 22 22 6c dd
> | 88 9f d5 2d 15 1f a2 e0 70 5d 22 9c a3 03 3b 54
> | c2 ea ad 73 02 9b 32 5d fc 91 1d b9 89 23 4c df
> | b2 d4 f2 5c 78 dc a4 db fe 45 78 f3 8d e7 ea a0
> | 2a bf 16 32 f8 53 ee 10 01 9f 17 5c f6 49 fb 87
> | ff fc 06 92 21 2f e6 ba e7 30 02 b4 69 6d 16 16
> | e8 c0 a8 73 a3 86 19 87 35 42 6f d9 1e bd 05 23
> | 97 bd d8 bb d1 5c bf ff 5e 4a 4c c9 f4 56 bd e5
> | 5e 84 1d bf f7 b4 38 48 69 eb 5e 71 54
> | L1 - tbsCertList:
> | 30 81 b2 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d
> | 01 01 05 05 00 30 70 31 0b 30 09 06 03 55 04 06
> | 13 02 41 55 31 20 30 1e 06 03 55 04 0a 13 17 4a
> | 6f 74 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50
> | 74 79 20 4c 74 64 31 0f 30 0d 06 03 55 04 03 13
> | 06 56 50 4e 20 43 41 31 2e 30 2c 06 09 2a 86 48
> | 86 f7 0d 01 09 01 16 1f 72 65 63 65 70 74 69 6f
> | 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74 75 6e
> | 2e 63 6f 6d 2e 61 75 17 0d 31 30 30 37 32 36 30
> | 38 33 36 33 39 5a 17 0d 33 30 30 37 32 31 30 38
> | 33 36 33 39 5a a0 0e 30 0c 30 0a 06 03 55 1d 14
> | 04 03 02 01 01
> | L2 - version:
> | 01
> | v2
> | L2 - signature:
> | L3 - algorithmIdentifier:
> | L4 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L4 - parameters:
> | L2 - issuer:
> | 30 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20
> | 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09
> | 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f
> | 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e
> | 61 75
> | 'C=XX, O=company, CN=VPN CA, E=reception_sitea at company.com
> <mailto:reception_sitea at company.com>'
> | L2 - thisUpdate:
> | L3 - utcTime:
> | 'Jul 26 08:36:39 UTC 2010'
> | L2 - nextUpdate:
> | L3 - utcTime:
> | 'Jul 21 08:36:39 UTC 2030'
> | L2 - optional extensions:
> | L3 - crlExtensions:
> | L4 - extension:
> | L5 - extnID:
> | 'crlNumber'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 02 01 01
> | L6 - crlNumber:
> | 01
> | L1 - signatureAlgorithm:
> | L2 - algorithmIdentifier:
> | L3 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L3 - parameters:
> | L1 - signatureValue:
> | 00 07 ae b9 b2 40 b3 1c 22 39 b4 59 bf 03 1a 2c
> | 9b 96 32 65 45 28 19 b0 67 c7 77 72 80 cd 14 58
> | 2d 1f b7 ef 9a dc 34 f2 d7 b9 16 91 ae ed e6 d6
> | a0 0a 55 f7 64 ab cc 28 37 e2 bc 5d 9a 1a 54 1f
> | b0 cc e7 6f 35 f2 a6 73 61 8e 3d d1 31 6b cc 29
> | d7 6d 2e f7 bc f1 c2 36 b1 81 74 c1 5a 2a 34 ed
> | f3 7d 9a a8 56 05 62 b2 7c 68 03 40 ec cc 7d 18
> | b0 51 26 12 f9 5a c7 ca 8c a2 8e 16 4a f7 d7 d1
> | bc 42 a9 da 31 84 e2 8c ea 64 f1 dc b0 c6 13 6f
> | 73 69 d8 f8 c1 92 31 13 95 57 e3 6d 12 cd 2c dd
> | 7d f4 09 18 a0 09 d6 12 10 eb 3c ad 11 78 ec e8
> | 57 a2 96 5c f7 66 6b 8b 2a 29 49 39 59 31 c6 c3
> | 7f 3d 13 cf 1d 1d de 9d f8 aa ac 61 a0 aa 86 07
> | 6d 71 c4 78 5a 43 9e 8c be e7 12 35 6a c1 d5 6f
> | 9e da 63 d9 97 b2 9e 25 a8 1b a4 bc eb 54 43 8b
> | 43 48 ff c8 1f 60 28 02 5c 8d 77 e4 3b 51 4b a4
> | 48 ce f4 36 b7 9b 3c 72 0b 0b 99 a8 bb 7e e8 2b
> | 94 47 25 bd 86 bb 7b e1 1b 5e 78 25 67 48 cf aa
> | a0 d7 60 79 5e c8 7f 2b 71 03 7a 13 a4 80 6d 37
> | 62 7f 1b 53 55 87 5f 39 99 7e f7 8f 6a c3 dd d8
> | b1 3a da 3e be 9b 23 cb 59 c6 e0 4c 5a 71 20 c6
> | cd 9c cf 85 d9 cb 64 44 d9 1d f2 da 61 60 93 f3
> | e9 71 c6 3e 31 d8 81 ed fb 44 a8 2a 76 1e 76 f1
> | 50 0c 3e 14 6e ce d5 32 de f7 a8 3a d4 60 20 4d
> | 22 22 6c dd 88 9f d5 2d 15 1f a2 e0 70 5d 22 9c
> | a3 03 3b 54 c2 ea ad 73 02 9b 32 5d fc 91 1d b9
> | 89 23 4c df b2 d4 f2 5c 78 dc a4 db fe 45 78 f3
> | 8d e7 ea a0 2a bf 16 32 f8 53 ee 10 01 9f 17 5c
> | f6 49 fb 87 ff fc 06 92 21 2f e6 ba e7 30 02 b4
> | 69 6d 16 16 e8 c0 a8 73 a3 86 19 87 35 42 6f d9
> | 1e bd 05 23 97 bd d8 bb d1 5c bf ff 5e 4a 4c c9
> | f4 56 bd e5 5e 84 1d bf f7 b4 38 48 69 eb 5e 71
> | 54
> | authcert list locked by 'insert_crl'
> | crl issuer cacert found
> | signature digest algorithm: 'sha-1WithRSAEncryption'
> | digest: 60 1c cb 8f 28 e2 cc 0a 6c af 7a 72 a9 9a a7 78
> | 9a a2 ad 16
> | signature encryption algorithm: 'sha-1WithRSAEncryption'
> | decrypted signature:
> | 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> | ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21 30
> | 09 06 05 2b 0e 03 02 1a 05 00 04 14 60 1c cb 8f
> | 28 e2 cc 0a 6c af 7a 72 a9 9a a7 78 9a a2 ad 16
> | authcert list unlocked by 'insert_crl'
> | crl signature is valid
> | crl list locked by 'insert_crl'
> | crl list unlocked by 'insert_crl'
> Changing to directory '/etc/ipsec.d/acerts'
> | inserting event EVENT_LOG_DAILY, timeout in 16357 seconds
> | next event EVENT_REINIT_SECRET in 3600 seconds
> |
> | *received whack message
> listening for IKE messages
> | found lo with address 127.0.0.1
> | found eth0 with address 192.168.5.2
> adding interface eth0/eth0 192.168.5.2:500 <http://192.168.5.2:500>
> adding interface eth0/eth0 192.168.5.2:4500 <http://192.168.5.2:4500>
> adding interface lo/lo 127.0.0.1:500 <http://127.0.0.1:500>
> adding interface lo/lo 127.0.0.1:4500 <http://127.0.0.1:4500>
> | could not open /proc/net/if_inet6
> | certs and keys locked by 'free_preshared_secrets'
> | certs and keys unlocked by 'free_preshard_secrets'
> loading secrets from "/etc/ipsec.secrets"
> loaded private key file '/etc/ipsec.d/private/siteb.key' (3311 bytes)
> | file content is not binary ASN.1
> | -----BEGIN RSA PRIVATE KEY-----
> | Proc-Type: 4,ENCRYPTED
> | DEK-Info: DES-EDE3-CBC,8F3A8EB09015A034
> | -----END RSA PRIVATE KEY-----
> | decrypting file using 'DES-EDE3-CBC'
> | file coded in PEM format
> | L0 - RSAPrivateKey:
> | L1 - version:
> | L1 - modulus:
> | L1 - publicExponent:
> | L1 - privateExponent:
> | L1 - prime1:
> | L1 - prime2:
> | L1 - exponent1:
> | L1 - exponent2:
> | L1 - coefficient:
> | certs and keys locked by 'process_secret'
> | certs and keys unlocked by 'process_secrets'
> | next event EVENT_REINIT_SECRET in 3600 seconds
> |
> | *received whack message
> | from whack: got --esp=aes128-sha1, 3des-md5
> | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1eklen=128 aklen=0
> | enum_search_prefix () calling enum_search(0xb77c8968, "ESP_AES")
> | parser_alg_info_add() ealg_getbyname("aes")=12
> | enum_search_prefix () calling enum_search(0xb77c8978,
> "AUTH_ALGORITHM_HMAC_SHA1")
> | parser_alg_info_add() aalg_getbyname("sha1")=2
> | __alg_info_esp_add() ealg=12 aalg=2 cnt=1
> | alg_info_parse_str() ealg_buf=3des aalg_buf=md5eklen=0 aklen=0
> | enum_search_prefix () calling enum_search(0xb77c8968, "ESP_3DES")
> | parser_alg_info_add() ealg_getbyname("3des")=3
> | enum_search_prefix () calling enum_search(0xb77c8978,
> "AUTH_ALGORITHM_HMAC_MD5")
> | parser_alg_info_add() aalg_getbyname("md5")=1
> | __alg_info_esp_add() ealg=3 aalg=1 cnt=2
> | esp string values: 12_128-2, 3_000-1,
> | from whack: got --ike=aes128-sha-modp2048
> | alg_info_parse_str() ealg_buf=aes aalg_buf=shaeklen=128 aklen=0
> | enum_search_prefix () calling enum_search(0xb77c89c8, "OAKLEY_AES")
> | enum_search_ppfixi () calling enum_search(0xb77c89c8, "OAKLEY_AES_CBC")
> | parser_alg_info_add() ealg_getbyname("aes")=7
> | parser_alg_info_add() aalg_getbyname("sha")=2
> | enum_search_prefix () calling enum_search(0xb77c89d8,
> "OAKLEY_GROUP_MODP2048")
> | parser_alg_info_add() modp_getbyname("modp2048")=14
> | __alg_info_ike_add() ealg=7 aalg=2 modp_id=14, cnt=1
> | ike string values: 7_128-2-14,
> loaded host cert file '/etc/ipsec.d/certs/siteb.crt' (2053 bytes)
> | file content is not binary ASN.1
> | -----BEGIN CERTIFICATE-----
> | -----END CERTIFICATE-----
> | file coded in PEM format
> | L0 - certificate:
> | 30 82 05 bf 30 82 03 a7 a0 03 02 01 02 02 01 02
> | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30
> | 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 20
> | 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20 41
> | 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74 64
> | 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20 43
> | 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01
> | 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f 6f
> | 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e 61
> | 75 30 1e 17 0d 31 30 30 37 32 36 30 38 31 37 34
> | 33 5a 17 0d 33 30 30 37 32 31 30 38 31 37 34 33
> | 5a 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55
> | 31 11 30 0f 06 03 55 04 08 13 08 56 69 63 74 6f
> | 72 69 61 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f
> | 74 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74
> | 79 20 4c 74 64 31 15 30 13 06 03 55 04 03 13 0c
> | 44 65 72 72 69 6d 75 74 20 56 50 4e 30 82 02 22
> | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03
> | 82 02 0f 00 30 82 02 0a 02 82 02 01 00 b7 75 9e
> | 38 cf d7 0d 17 56 89 24 e6 2e 52 c1 50 39 b4 87
> | 16 30 02 88 82 c3 da 59 9b 0a 69 f7 71 e5 71 ca
> | ac a3 2f c7 45 b2 73 1a be 81 dd 15 ad 71 f8 62
> | b8 90 6f 76 fb 87 22 be 06 15 69 5c f5 55 0d d4
> | 10 70 6a f3 02 b4 5c 3e 9f a9 c2 45 d6 3d 83 85
> | 0c 05 7c 66 d0 d6 29 9a db 50 f7 78 bc 8d 55 bb
> | 21 12 ce dd 32 90 55 ee 7f 82 cb 92 6a be 28 8e
> | 6e 2e f3 87 4c fa 2e 94 39 20 14 9a 40 84 bf 28
> | a2 3c 29 07 cb 24 2b f9 9b e5 4c 62 61 2f 30 7d
> | d1 af b4 d0 de 87 13 4e 07 c6 c6 e6 ab dc b9 ab
> | b7 70 d9 06 f1 71 e5 f2 fa d3 15 f2 10 e3 c0 50
> | 84 b9 ef a1 5a 84 da dd 02 06 97 a4 e4 5c 0c da
> | 4e 48 03 57 e2 aa a8 30 1f 11 61 e1 5f 05 cc 31
> | 98 75 a6 4d 9f d7 15 bc 99 6e 2d e6 b4 69 e2 48
> | 12 5c 31 a7 ce 78 6b 59 ae 88 f6 2c 32 94 85 14
> | 24 10 ec a1 56 51 a9 af 31 f0 b3 ad 66 9e c8 bf
> | 92 d4 c0 96 fc e5 f4 54 68 92 71 7a 36 32 45 de
> | b7 d0 90 5e 90 2f 87 de c6 bc 15 2a 4e f6 36 71
> | 6c c2 76 7a a9 82 66 e4 f9 7c 11 5a 06 b5 5c ef
> | 4a 19 f1 19 e7 98 54 5f 80 db 54 d4 5b b2 bc db
> | 31 f9 2f 72 74 50 29 b5 d4 1a 0b 9b 5d 16 c3 e3
> | c5 19 92 61 ca 1d 5c 59 8d 17 6d eb 9e f1 f7 8e
> | f2 4f 95 36 d2 61 13 0d 21 59 30 43 d0 a7 db fc
> | 44 03 2f 7c ea 5d 46 de 8a 1e ab 41 cc 3b 82 6a
> | e3 e4 e8 fd bc 6a 5b 5a 14 e3 04 1d 07 a7 63 c9
> | fb a0 bf 21 12 d6 dc 56 9c f2 c6 ed d1 50 87 1d
> | e5 52 53 7f aa de 42 4a 1c 20 06 19 9b 02 8a c8
> | 26 28 e5 cf 31 36 4e af c4 f7 04 58 fe 07 81 f8
> | 05 ec dc c5 db 41 2c 92 24 93 bc 8b 96 64 0b ad
> | 1e af e2 99 88 42 bb 63 d9 6b 84 1f 73 d7 63 46
> | 5c df ac 36 1f df 41 7d 50 c1 eb ba 2b 31 09 43
> | 67 8b 23 ee f2 db 6d eb c1 1f 81 d4 ff 02 03 01
> | 00 01 a3 7b 30 79 30 09 06 03 55 1d 13 04 02 30
> | 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d 04 1f
> | 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61
> | 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 30
> | 1d 06 03 55 1d 0e 04 16 04 14 ca e4 d6 35 05 8e
> | a1 ec 5a fc 15 21 e0 0d 2e f8 4e f5 2d 00 30 1f
> | 06 03 55 1d 23 04 18 30 16 80 14 bd 58 6a 09 8b
> | e1 13 99 8c c3 f8 46 ec e4 29 de 94 53 85 74 30
> | 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82
> | 02 01 00 73 80 b0 cf 1d c1 7d 89 df 9b ac 2a e0
> | 62 d1 c2 00 dc 49 c8 6d 1b 88 72 d8 9e 61 e9 da
> | 3b 38 13 ef 2d d7 ba 02 dd 97 4f 67 01 86 67 56
> | 25 2b 56 7d 57 84 44 73 4e 07 0f 2e 9c fa ac b3
> | a3 e1 4c 2d 17 b4 29 e9 d4 f7 53 4b 76 ff ab 23
> | 7a cc 4c e1 fd 02 52 d6 39 3a 17 ac f4 76 cf 64
> | 32 fa 08 31 6c 2a 1b d1 fc 20 a3 10 c4 1c 55 b1
> | a6 4d af 35 61 4c 7d 16 bc 22 c9 cc d2 20 8b 74
> | 6b 95 39 7c 9e 93 1a 69 1f 0d d1 73 0a 4f 94 43
> | 9f 40 93 31 d1 e8 d4 8d 71 4f f5 d3 ec bb 36 1b
> | 92 96 7c 97 89 8d 23 be 79 9b f1 f2 db c3 a9 fc
> | 97 a7 c6 44 0f 4a 5b 35 10 28 8a 55 3c 1c 5d 3b
> | 19 14 2b c3 40 8f 8f b6 96 78 50 b0 11 64 68 9a
> | e2 8c 39 b2 06 a2 43 38 fc fe 85 38 fa 62 c1 b1
> | d0 36 31 2c c4 6a c8 55 c3 c4 ee 99 b9 7e b6 e9
> | d5 de d5 61 89 7f d5 63 f1 ae 63 54 c6 b6 43 b3
> | 9f 6c 68 7f 70 bb 2d d8 eb 29 6d 24 c0 52 b8 14
> | 19 be 0c 6e ce c8 96 ef b8 ef 6e 4b 73 4a a5 74
> | fc 52 db 00 cb 71 bc 55 79 a7 79 6d 29 3d 7c 04
> | b4 d3 20 b4 e3 ec 01 29 65 c2 d7 6c 48 2b 8c 36
> | cd 05 3f c3 be a0 46 58 99 dc 3f 38 f9 e5 c2 9d
> | 59 d4 08 af c4 91 ac 11 4c 28 a2 90 e0 a3 ff d3
> | 45 0e 54 db 9f 44 45 ea c0 53 9e d5 fb c3 2b 58
> | ab 4f 4e df e5 02 21 4c 79 02 bf f6 0e dc 25 da
> | 9a 41 35 63 03 29 c8 c7 42 44 f5 fa 1c 0f 92 a1
> | 0f bc 03 39 f9 59 63 fd 31 16 71 35 1e 32 4a 2d
> | 8f ab 09 54 6c dc b5 65 f7 fb c8 7a 51 9e c1 1b
> | bc ba 78 70 94 4a 0f f9 69 d1 b2 f6 84 6b f6 df
> | bb e5 1a 9f 93 45 0f 4d 8c af df 48 34 dc 78 ff
> | 7f 5e 07 34 16 2f 8e be 97 9e 7d 17 57 21 72 b0
> | 4c d7 d1 2a 7e 8d e3 65 31 d9 3e f3 bb 28 5f f7
> | 0c 7f 45 81 bc aa b2 1e 93 05 c8 9d 2a 94 ca a8
> | c8 f4 b4
> | L1 - tbsCertificate:
> | 30 82 03 a7 a0 03 02 01 02 02 01 02 30 0d 06 09
> | 2a 86 48 86 f7 0d 01 01 05 05 00 30 70 31 0b 30
> | 09 06 03 55 04 06 13 02 41 55 31 20 30 1e 06 03
> | 55 04 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74 72
> | 61 6c 69 61 20 50 74 79 20 4c 74 64 31 0f 30 0d
> | 06 03 55 04 03 13 06 56 50 4e 20 43 41 31 2e 30
> | 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f 72 65
> | 63 65 70 74 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e
> | 40 6a 6f 74 75 6e 2e 63 6f 6d 2e 61 75 30 1e 17
> | 0d 31 30 30 37 32 36 30 38 31 37 34 33 5a 17 0d
> | 33 30 30 37 32 31 30 38 31 37 34 33 5a 30 59 31
> | 0b 30 09 06 03 55 04 06 13 02 41 55 31 11 30 0f
> | 06 03 55 04 08 13 08 56 69 63 74 6f 72 69 61 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 15 30 13 06 03 55 04 03 13 0c 44 65 72 72
> | 69 6d 75 74 20 56 50 4e 30 82 02 22 30 0d 06 09
> | 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00
> | 30 82 02 0a 02 82 02 01 00 b7 75 9e 38 cf d7 0d
> | 17 56 89 24 e6 2e 52 c1 50 39 b4 87 16 30 02 88
> | 82 c3 da 59 9b 0a 69 f7 71 e5 71 ca ac a3 2f c7
> | 45 b2 73 1a be 81 dd 15 ad 71 f8 62 b8 90 6f 76
> | fb 87 22 be 06 15 69 5c f5 55 0d d4 10 70 6a f3
> | 02 b4 5c 3e 9f a9 c2 45 d6 3d 83 85 0c 05 7c 66
> | d0 d6 29 9a db 50 f7 78 bc 8d 55 bb 21 12 ce dd
> | 32 90 55 ee 7f 82 cb 92 6a be 28 8e 6e 2e f3 87
> | 4c fa 2e 94 39 20 14 9a 40 84 bf 28 a2 3c 29 07
> | cb 24 2b f9 9b e5 4c 62 61 2f 30 7d d1 af b4 d0
> | de 87 13 4e 07 c6 c6 e6 ab dc b9 ab b7 70 d9 06
> | f1 71 e5 f2 fa d3 15 f2 10 e3 c0 50 84 b9 ef a1
> | 5a 84 da dd 02 06 97 a4 e4 5c 0c da 4e 48 03 57
> | e2 aa a8 30 1f 11 61 e1 5f 05 cc 31 98 75 a6 4d
> | 9f d7 15 bc 99 6e 2d e6 b4 69 e2 48 12 5c 31 a7
> | ce 78 6b 59 ae 88 f6 2c 32 94 85 14 24 10 ec a1
> | 56 51 a9 af 31 f0 b3 ad 66 9e c8 bf 92 d4 c0 96
> | fc e5 f4 54 68 92 71 7a 36 32 45 de b7 d0 90 5e
> | 90 2f 87 de c6 bc 15 2a 4e f6 36 71 6c c2 76 7a
> | a9 82 66 e4 f9 7c 11 5a 06 b5 5c ef 4a 19 f1 19
> | e7 98 54 5f 80 db 54 d4 5b b2 bc db 31 f9 2f 72
> | 74 50 29 b5 d4 1a 0b 9b 5d 16 c3 e3 c5 19 92 61
> | ca 1d 5c 59 8d 17 6d eb 9e f1 f7 8e f2 4f 95 36
> | d2 61 13 0d 21 59 30 43 d0 a7 db fc 44 03 2f 7c
> | ea 5d 46 de 8a 1e ab 41 cc 3b 82 6a e3 e4 e8 fd
> | bc 6a 5b 5a 14 e3 04 1d 07 a7 63 c9 fb a0 bf 21
> | 12 d6 dc 56 9c f2 c6 ed d1 50 87 1d e5 52 53 7f
> | aa de 42 4a 1c 20 06 19 9b 02 8a c8 26 28 e5 cf
> | 31 36 4e af c4 f7 04 58 fe 07 81 f8 05 ec dc c5
> | db 41 2c 92 24 93 bc 8b 96 64 0b ad 1e af e2 99
> | 88 42 bb 63 d9 6b 84 1f 73 d7 63 46 5c df ac 36
> | 1f df 41 7d 50 c1 eb ba 2b 31 09 43 67 8b 23 ee
> | f2 db 6d eb c1 1f 81 d4 ff 02 03 01 00 01 a3 7b
> | 30 79 30 09 06 03 55 1d 13 04 02 30 00 30 2c 06
> | 09 60 86 48 01 86 f8 42 01 0d 04 1f 16 1d 4f 70
> | 65 6e 53 53 4c 20 47 65 6e 65 72 61 74 65 64 20
> | 43 65 72 74 69 66 69 63 61 74 65 30 1d 06 03 55
> | 1d 0e 04 16 04 14 ca e4 d6 35 05 8e a1 ec 5a fc
> | 15 21 e0 0d 2e f8 4e f5 2d 00 30 1f 06 03 55 1d
> | 23 04 18 30 16 80 14 bd 58 6a 09 8b e1 13 99 8c
> | c3 f8 46 ec e4 29 de 94 53 85 74
> | L2 - DEFAULT v1:
> | L3 - version:
> | 02
> | v3
> | L2 - serialNumber:
> | 02
> | L2 - signature:
> | L3 - algorithmIdentifier:
> | L4 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L4 - parameters:
> | L2 - issuer:
> | 30 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20
> | 41 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74
> | 64 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20
> | 43 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09
> | 01 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f
> | 6f 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e
> | 61 75
> | 'C=XX, O=company, CN=VPN CA, E=reception_sitea at company.com
> <mailto:reception_sitea at company.com>'
> | L2 - validity:
> | L3 - notBefore:
> | L4 - utcTime:
> | 'Jul 26 08:17:43 UTC 2010'
> | L3 - notAfter:
> | L4 - utcTime:
> | 'Jul 21 08:17:43 UTC 2030'
> | L2 - subject:
> | 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 11 30 0f 06 03 55 04 08 13 08 56 69 63 74 6f 72
> | 69 61 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74
> | 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74 79
> | 20 4c 74 64 31 15 30 13 06 03 55 04 03 13 0c 44
> | 65 72 72 69 6d 75 74 20 56 50 4e
> | 'C=XX, ST=state, O=company, CN=siteb VPN'
> | L2 - subjectPublicKeyInfo:
> | L3 - algorithm:
> | L4 - algorithmIdentifier:
> | L5 - algorithm:
> | 'rsaEncryption'
> | L5 - parameters:
> | L3 - subjectPublicKey:
> | L4 - RSAPublicKey:
> | 30 82 02 0a 02 82 02 01 00 b7 75 9e 38 cf d7 0d
> | 17 56 89 24 e6 2e 52 c1 50 39 b4 87 16 30 02 88
> | 82 c3 da 59 9b 0a 69 f7 71 e5 71 ca ac a3 2f c7
> | 45 b2 73 1a be 81 dd 15 ad 71 f8 62 b8 90 6f 76
> | fb 87 22 be 06 15 69 5c f5 55 0d d4 10 70 6a f3
> | 02 b4 5c 3e 9f a9 c2 45 d6 3d 83 85 0c 05 7c 66
> | d0 d6 29 9a db 50 f7 78 bc 8d 55 bb 21 12 ce dd
> | 32 90 55 ee 7f 82 cb 92 6a be 28 8e 6e 2e f3 87
> | 4c fa 2e 94 39 20 14 9a 40 84 bf 28 a2 3c 29 07
> | cb 24 2b f9 9b e5 4c 62 61 2f 30 7d d1 af b4 d0
> | de 87 13 4e 07 c6 c6 e6 ab dc b9 ab b7 70 d9 06
> | f1 71 e5 f2 fa d3 15 f2 10 e3 c0 50 84 b9 ef a1
> | 5a 84 da dd 02 06 97 a4 e4 5c 0c da 4e 48 03 57
> | e2 aa a8 30 1f 11 61 e1 5f 05 cc 31 98 75 a6 4d
> | 9f d7 15 bc 99 6e 2d e6 b4 69 e2 48 12 5c 31 a7
> | ce 78 6b 59 ae 88 f6 2c 32 94 85 14 24 10 ec a1
> | 56 51 a9 af 31 f0 b3 ad 66 9e c8 bf 92 d4 c0 96
> | fc e5 f4 54 68 92 71 7a 36 32 45 de b7 d0 90 5e
> | 90 2f 87 de c6 bc 15 2a 4e f6 36 71 6c c2 76 7a
> | a9 82 66 e4 f9 7c 11 5a 06 b5 5c ef 4a 19 f1 19
> | e7 98 54 5f 80 db 54 d4 5b b2 bc db 31 f9 2f 72
> | 74 50 29 b5 d4 1a 0b 9b 5d 16 c3 e3 c5 19 92 61
> | ca 1d 5c 59 8d 17 6d eb 9e f1 f7 8e f2 4f 95 36
> | d2 61 13 0d 21 59 30 43 d0 a7 db fc 44 03 2f 7c
> | ea 5d 46 de 8a 1e ab 41 cc 3b 82 6a e3 e4 e8 fd
> | bc 6a 5b 5a 14 e3 04 1d 07 a7 63 c9 fb a0 bf 21
> | 12 d6 dc 56 9c f2 c6 ed d1 50 87 1d e5 52 53 7f
> | aa de 42 4a 1c 20 06 19 9b 02 8a c8 26 28 e5 cf
> | 31 36 4e af c4 f7 04 58 fe 07 81 f8 05 ec dc c5
> | db 41 2c 92 24 93 bc 8b 96 64 0b ad 1e af e2 99
> | 88 42 bb 63 d9 6b 84 1f 73 d7 63 46 5c df ac 36
> | 1f df 41 7d 50 c1 eb ba 2b 31 09 43 67 8b 23 ee
> | f2 db 6d eb c1 1f 81 d4 ff 02 03 01 00 01
> | L5 - modulus:
> | 00 b7 75 9e 38 cf d7 0d 17 56 89 24 e6 2e 52 c1
> | 50 39 b4 87 16 30 02 88 82 c3 da 59 9b 0a 69 f7
> | 71 e5 71 ca ac a3 2f c7 45 b2 73 1a be 81 dd 15
> | ad 71 f8 62 b8 90 6f 76 fb 87 22 be 06 15 69 5c
> | f5 55 0d d4 10 70 6a f3 02 b4 5c 3e 9f a9 c2 45
> | d6 3d 83 85 0c 05 7c 66 d0 d6 29 9a db 50 f7 78
> | bc 8d 55 bb 21 12 ce dd 32 90 55 ee 7f 82 cb 92
> | 6a be 28 8e 6e 2e f3 87 4c fa 2e 94 39 20 14 9a
> | 40 84 bf 28 a2 3c 29 07 cb 24 2b f9 9b e5 4c 62
> | 61 2f 30 7d d1 af b4 d0 de 87 13 4e 07 c6 c6 e6
> | ab dc b9 ab b7 70 d9 06 f1 71 e5 f2 fa d3 15 f2
> | 10 e3 c0 50 84 b9 ef a1 5a 84 da dd 02 06 97 a4
> | e4 5c 0c da 4e 48 03 57 e2 aa a8 30 1f 11 61 e1
> | 5f 05 cc 31 98 75 a6 4d 9f d7 15 bc 99 6e 2d e6
> | b4 69 e2 48 12 5c 31 a7 ce 78 6b 59 ae 88 f6 2c
> | 32 94 85 14 24 10 ec a1 56 51 a9 af 31 f0 b3 ad
> | 66 9e c8 bf 92 d4 c0 96 fc e5 f4 54 68 92 71 7a
> | 36 32 45 de b7 d0 90 5e 90 2f 87 de c6 bc 15 2a
> | 4e f6 36 71 6c c2 76 7a a9 82 66 e4 f9 7c 11 5a
> | 06 b5 5c ef 4a 19 f1 19 e7 98 54 5f 80 db 54 d4
> | 5b b2 bc db 31 f9 2f 72 74 50 29 b5 d4 1a 0b 9b
> | 5d 16 c3 e3 c5 19 92 61 ca 1d 5c 59 8d 17 6d eb
> | 9e f1 f7 8e f2 4f 95 36 d2 61 13 0d 21 59 30 43
> | d0 a7 db fc 44 03 2f 7c ea 5d 46 de 8a 1e ab 41
> | cc 3b 82 6a e3 e4 e8 fd bc 6a 5b 5a 14 e3 04 1d
> | 07 a7 63 c9 fb a0 bf 21 12 d6 dc 56 9c f2 c6 ed
> | d1 50 87 1d e5 52 53 7f aa de 42 4a 1c 20 06 19
> | 9b 02 8a c8 26 28 e5 cf 31 36 4e af c4 f7 04 58
> | fe 07 81 f8 05 ec dc c5 db 41 2c 92 24 93 bc 8b
> | 96 64 0b ad 1e af e2 99 88 42 bb 63 d9 6b 84 1f
> | 73 d7 63 46 5c df ac 36 1f df 41 7d 50 c1 eb ba
> | 2b 31 09 43 67 8b 23 ee f2 db 6d eb c1 1f 81 d4
> | ff
> | L5 - publicExponent:
> | 01 00 01
> | L2 - optional extensions:
> | L3 - extensions:
> | L4 - extension:
> | L5 - extnID:
> | 'basicConstraints'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 30 00
> | L6 - basicConstraints:
> | L7 - CA:
> | FALSE
> | L4 - extension:
> | L5 - extnID:
> | 'nsComment'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61
> | 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65
> | L6 - nsComment:
> | 'OpenSSL Generated Certificate'
> | L4 - extension:
> | L5 - extnID:
> | 'subjectKeyIdentifier'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 04 14 ca e4 d6 35 05 8e a1 ec 5a fc 15 21 e0 0d
> | 2e f8 4e f5 2d 00
> | L6 - keyIdentifier:
> | ca e4 d6 35 05 8e a1 ec 5a fc 15 21 e0 0d 2e f8
> | 4e f5 2d 00
> | L4 - extension:
> | L5 - extnID:
> | 'authorityKeyIdentifier'
> | L5 - critical:
> | FALSE
> | L5 - extnValue:
> | 30 16 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46
> | ec e4 29 de 94 53 85 74
> | L6 - authorityKeyIdentifier:
> | L7 - keyIdentifier:
> | 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4
> | 29 de 94 53 85 74
> | L8 - keyIdentifier:
> | bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec e4 29 de
> | 94 53 85 74
> | L1 - signatureAlgorithm:
> | L2 - algorithmIdentifier:
> | L3 - algorithm:
> | 'sha-1WithRSAEncryption'
> | L3 - parameters:
> | L1 - signatureValue:
> | 00 73 80 b0 cf 1d c1 7d 89 df 9b ac 2a e0 62 d1
> | c2 00 dc 49 c8 6d 1b 88 72 d8 9e 61 e9 da 3b 38
> | 13 ef 2d d7 ba 02 dd 97 4f 67 01 86 67 56 25 2b
> | 56 7d 57 84 44 73 4e 07 0f 2e 9c fa ac b3 a3 e1
> | 4c 2d 17 b4 29 e9 d4 f7 53 4b 76 ff ab 23 7a cc
> | 4c e1 fd 02 52 d6 39 3a 17 ac f4 76 cf 64 32 fa
> | 08 31 6c 2a 1b d1 fc 20 a3 10 c4 1c 55 b1 a6 4d
> | af 35 61 4c 7d 16 bc 22 c9 cc d2 20 8b 74 6b 95
> | 39 7c 9e 93 1a 69 1f 0d d1 73 0a 4f 94 43 9f 40
> | 93 31 d1 e8 d4 8d 71 4f f5 d3 ec bb 36 1b 92 96
> | 7c 97 89 8d 23 be 79 9b f1 f2 db c3 a9 fc 97 a7
> | c6 44 0f 4a 5b 35 10 28 8a 55 3c 1c 5d 3b 19 14
> | 2b c3 40 8f 8f b6 96 78 50 b0 11 64 68 9a e2 8c
> | 39 b2 06 a2 43 38 fc fe 85 38 fa 62 c1 b1 d0 36
> | 31 2c c4 6a c8 55 c3 c4 ee 99 b9 7e b6 e9 d5 de
> | d5 61 89 7f d5 63 f1 ae 63 54 c6 b6 43 b3 9f 6c
> | 68 7f 70 bb 2d d8 eb 29 6d 24 c0 52 b8 14 19 be
> | 0c 6e ce c8 96 ef b8 ef 6e 4b 73 4a a5 74 fc 52
> | db 00 cb 71 bc 55 79 a7 79 6d 29 3d 7c 04 b4 d3
> | 20 b4 e3 ec 01 29 65 c2 d7 6c 48 2b 8c 36 cd 05
> | 3f c3 be a0 46 58 99 dc 3f 38 f9 e5 c2 9d 59 d4
> | 08 af c4 91 ac 11 4c 28 a2 90 e0 a3 ff d3 45 0e
> | 54 db 9f 44 45 ea c0 53 9e d5 fb c3 2b 58 ab 4f
> | 4e df e5 02 21 4c 79 02 bf f6 0e dc 25 da 9a 41
> | 35 63 03 29 c8 c7 42 44 f5 fa 1c 0f 92 a1 0f bc
> | 03 39 f9 59 63 fd 31 16 71 35 1e 32 4a 2d 8f ab
> | 09 54 6c dc b5 65 f7 fb c8 7a 51 9e c1 1b bc ba
> | 78 70 94 4a 0f f9 69 d1 b2 f6 84 6b f6 df bb e5
> | 1a 9f 93 45 0f 4d 8c af df 48 34 dc 78 ff 7f 5e
> | 07 34 16 2f 8e be 97 9e 7d 17 57 21 72 b0 4c d7
> | d1 2a 7e 8d e3 65 31 d9 3e f3 bb 28 5f f7 0c 7f
> | 45 81 bc aa b2 1e 93 05 c8 9d 2a 94 ca a8 c8 f4
> | b4
> | not before : Jul 26 08:17:43 UTC 2010
> | current time: Aug 02 09:27:23 UTC 2010
> | not after : Jul 21 08:17:43 UTC 2030
> | certificate is valid
> | keyid: *AwEAAbd1n
> | Modulus:
> 0xb7759e38cfd70d17568924e62e52c15039b4871630028882c3da599b0a69f771e571caaca32fc745b2731abe81dd15ad71f862b8906f76fb8722be0615695cf5550dd410706af302b45c3e9fa9c245d63d83850c057c66d0d6299adb50f778bc8d55bb2112cedd329055ee7f82cb926abe288e6e2ef3874cfa2e943920149a4084bf28a23c2907cb242bf99be54c62612f307dd1afb4d0de87134e07c6c6e6abdcb9abb770d906f171e5f2fad315f210e3c05084b9efa15a84dadd020697a4e45c0cda4e480357e2aaa8301f1161e15f05cc319875a64d9fd715bc996e2de6b469e248125c31a7ce786b59ae88f62c329485142410eca15651a9af31f0b3ad669ec8bf92d4c096fce5f4546892717a363245deb7d0905e902f87dec6bc152a4ef636716cc2767aa98266e4f97c115a06b55cef4a19f119e798545f80db54d45bb2bcdb31f92f72745029b5d41a0b9b5d16c3e3c5199261ca1d5c598d176deb9ef1f78ef24f9536d261130d21593043d0a7dbfc44032f7cea5d46de8a1eab41cc3b826ae3e4e8fdbc6a5b5a14e3041d07a763c9fba0bf2112d6dc569cf2c6edd150871de552537faade424a1c2006199b028ac82628e5cf31364eafc4f70458fe0781f805ecdcc5db412c922493bc8b96640bad1eafe2998842bb63d96b841f73d763465cdfac361fdf417d50c
1ebba2b310943678b23eef2
> | PublicExponent: 0x10001
> | certs and keys locked by 'add_x509cert'
> | x509 cert inserted
> | certs and keys unlocked by 'add_x509cert'
> | alg_info_addref() alg_info->ref_cnt=1
> | alg_info_addref() alg_info->ref_cnt=1
> added connection description "company"
> | 192.168.5.0/24===192.168.5.2[C=XX
> <http://192.168.5.0/24===192.168.5.2[C=XX>, ST=state, O=company,
> CN=siteb VPN]...<peer's fw's public ip>[C=XX, ST=state, O=company,
> CN=sitea VPN]===192.168.0.0/24 <http://192.168.0.0/24>
> | ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz:
> 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS
> | next event EVENT_REINIT_SECRET in 3600 seconds
> |
> | *received whack message
> | creating state object #1 at 0xb77e6408
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 20
> | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
> | Queuing pending Quick Mode with <peer's fw's public ip> "company"
> "company" #1: initiating Main Mode
> | **emit ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | ***emit ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | DOI: ISAKMP_DOI_IPSEC
> | ****emit IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | 7_128-2-14,
> | ****emit ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | transform number: 0
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | [7 is OAKLEY_AES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | [3 is OAKLEY_RSA_SIG]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | [14 is OAKLEY_GROUP_MODP2048]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 36
> | emitting length of ISAKMP Proposal Payload: 44
> | emitting length of ISAKMP Security Association Payload: 56
> | out_vendorid(): sending [strongSwan 4.2.4]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 57 92 d4 b7 0f 02 99 a6 a1 37 3d e2 36 d2 ac
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [Cisco-Unity]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [XAUTH]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 09 00 26 89 df d6 b7 12
> | emitting length of ISAKMP Vendor ID Payload: 12
> | out_vendorid(): sending [Dead Peer Detection]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [RFC 3947]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | emitting length of ISAKMP Vendor ID Payload: 20
> | emitting length of ISAKMP Message: 256
> | sending 256 bytes for main_outI1 through eth0 to <peer's fw's public
> ip>:500:
> | 11 47 e1 b8 ed 32 ac a4 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
> | next event EVENT_RETRANSMIT in 10 seconds for #1
> |
> | *received 176 bytes from <peer's fw's public ip>:500 on eth0
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 01 10 02 00 00 00 00 00 00 00 00 b0 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | **parse ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 176
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | state object not found
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 20
> | state object #1 found, in STATE_MAIN_I1
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> "company" #1: ignoring Vendor ID payload [strongSwan 4.2.4]
> "company" #1: ignoring Vendor ID payload [Cisco-Unity]
> "company" #1: received Vendor ID payload [XAUTH]
> "company" #1: received Vendor ID payload [Dead Peer Detection]
> "company" #1: received Vendor ID payload [RFC 3947]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | [7 is OAKLEY_AES_CBC]
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA]
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | [3 is OAKLEY_RSA_SIG]
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | [14 is OAKLEY_GROUP_MODP2048]
> | Oakley Transform 0 accepted
> "company" #1: enabling possible NAT-traversal with method 3
> | **emit ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_KE
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | Local DH secret:
> | 03 90 ec 68 07 43 a3 43 eb 82 7a b1 42 d3 c8 9f
> | 24 66 13 a4 52 2b 72 39 2e 6f 37 80 5b 73 a5 7f
> | Public DH value sent:
> | 65 c3 78 99 4d 9d 35 61 36 ea 68 d7 8b 9d 7e d4
> | 4d f0 92 1f 54 de c4 23 4f 62 dd a6 2c 67 e3 e1
> | 5b 10 2a 83 e7 5a c8 71 c9 d6 60 39 6c 19 6c fb
> | 8c 4d d7 16 ba f1 6d 12 99 16 71 26 09 15 79 19
> | 10 f2 87 6a 6f 10 98 9c 9f 89 8b d6 31 84 d2 68
> | 52 c5 6f 78 50 fd 77 e1 df fd 2a 78 48 67 d1 22
> | 89 2b 18 c7 3e 1e 48 20 c4 b8 fc 77 ff d3 f5 15
> | 72 8a 44 01 ad 86 50 ca 1a 3f c3 23 02 af f1 d8
> | 07 53 b4 96 93 e6 64 61 24 da 65 18 10 48 71 c7
> | fe f7 8f ca a9 61 0a 77 e5 7f 8c 63 e5 15 9f 83
> | ba 64 17 2c 8d 6c a1 29 6c 9b 8b fe 43 4f d0 6a
> | ec 6a 85 9b 3e 24 c7 fa 8b e2 b1 3b 46 c9 bd 32
> | 0d 97 08 34 de d8 ab 43 a6 b8 3f 6f fd a6 6f 48
> | 52 14 2e c4 a9 e8 7f 1d 50 33 c8 05 90 12 2a d9
> | 03 53 2b 4a 75 38 2f 1d f1 7b 92 b3 c7 07 c5 10
> | 03 e2 ce 96 a8 18 3c 67 0a 23 d2 a5 60 a4 c8 f9
> | ***emit ISAKMP Key Exchange Payload:
> | next payload type: ISAKMP_NEXT_NONCE
> | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
> | keyex value 65 c3 78 99 4d 9d 35 61 36 ea 68 d7 8b 9d 7e d4
> | 4d f0 92 1f 54 de c4 23 4f 62 dd a6 2c 67 e3 e1
> | 5b 10 2a 83 e7 5a c8 71 c9 d6 60 39 6c 19 6c fb
> | 8c 4d d7 16 ba f1 6d 12 99 16 71 26 09 15 79 19
> | 10 f2 87 6a 6f 10 98 9c 9f 89 8b d6 31 84 d2 68
> | 52 c5 6f 78 50 fd 77 e1 df fd 2a 78 48 67 d1 22
> | 89 2b 18 c7 3e 1e 48 20 c4 b8 fc 77 ff d3 f5 15
> | 72 8a 44 01 ad 86 50 ca 1a 3f c3 23 02 af f1 d8
> | 07 53 b4 96 93 e6 64 61 24 da 65 18 10 48 71 c7
> | fe f7 8f ca a9 61 0a 77 e5 7f 8c 63 e5 15 9f 83
> | ba 64 17 2c 8d 6c a1 29 6c 9b 8b fe 43 4f d0 6a
> | ec 6a 85 9b 3e 24 c7 fa 8b e2 b1 3b 46 c9 bd 32
> | 0d 97 08 34 de d8 ab 43 a6 b8 3f 6f fd a6 6f 48
> | 52 14 2e c4 a9 e8 7f 1d 50 33 c8 05 90 12 2a d9
> | 03 53 2b 4a 75 38 2f 1d f1 7b 92 b3 c7 07 c5 10
> | 03 e2 ce 96 a8 18 3c 67 0a 23 d2 a5 60 a4 c8 f9
> | emitting length of ISAKMP Key Exchange Payload: 260
> | ***emit ISAKMP Nonce Payload:
> | next payload type: ISAKMP_NEXT_NAT-D
> | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload
> | Ni a4 d6 80 aa d5 46 49 de dc a1 96 c6 79 c1 ba 52
> | emitting length of ISAKMP Nonce Payload: 20
> | sending NATD payloads
> | _natd_hash: hasher=0xb77ca620(20)
> | _natd_hash: icookie=
> | 11 47 e1 b8 ed 32 ac a4
> | _natd_hash: rcookie=
> | 05 e6 ed 3b 49 50 e0 6a
> | _natd_hash: ip= a5 e4 67 ba
> | _natd_hash: port=62465
> | _natd_hash: hash= ba 20 b9 64 d1 19 32 57 9b 5c 94 07 dc fe f8 d2
> | f8 7f 8b 96
> | ***emit ISAKMP NAT-D Payload:
> | next payload type: ISAKMP_NEXT_NAT-D
> | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
> | NAT-D ba 20 b9 64 d1 19 32 57 9b 5c 94 07 dc fe f8 d2
> | f8 7f 8b 96
> | emitting length of ISAKMP NAT-D Payload: 24
> | _natd_hash: hasher=0xb77ca620(20)
> | _natd_hash: icookie=
> | 11 47 e1 b8 ed 32 ac a4
> | _natd_hash: rcookie=
> | 05 e6 ed 3b 49 50 e0 6a
> | _natd_hash: ip= c0 a8 05 02
> | _natd_hash: port=62465
> | _natd_hash: hash= 5e b4 ce 6e f1 c3 90 e0 af 5f b0 a5 6d f6 a1 ed
> | b5 8b 0b bc
> | ***emit ISAKMP NAT-D Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
> | NAT-D 5e b4 ce 6e f1 c3 90 e0 af 5f b0 a5 6d f6 a1 ed
> | b5 8b 0b bc
> | emitting length of ISAKMP NAT-D Payload: 24
> | emitting length of ISAKMP Message: 356
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 20
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | sending 356 bytes for STATE_MAIN_I1 through eth0 to <peer's fw's
> public ip>:500:
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 04 10 02 00 00 00 00 00 00 00 01 64 0a 00 01 04
> | 65 c3 78 99 4d 9d 35 61 36 ea 68 d7 8b 9d 7e d4
> | 4d f0 92 1f 54 de c4 23 4f 62 dd a6 2c 67 e3 e1
> | 5b 10 2a 83 e7 5a c8 71 c9 d6 60 39 6c 19 6c fb
> | 8c 4d d7 16 ba f1 6d 12 99 16 71 26 09 15 79 19
> | 10 f2 87 6a 6f 10 98 9c 9f 89 8b d6 31 84 d2 68
> | 52 c5 6f 78 50 fd 77 e1 df fd 2a 78 48 67 d1 22
> | 89 2b 18 c7 3e 1e 48 20 c4 b8 fc 77 ff d3 f5 15
> | 72 8a 44 01 ad 86 50 ca 1a 3f c3 23 02 af f1 d8
> | 07 53 b4 96 93 e6 64 61 24 da 65 18 10 48 71 c7
> | fe f7 8f ca a9 61 0a 77 e5 7f 8c 63 e5 15 9f 83
> | ba 64 17 2c 8d 6c a1 29 6c 9b 8b fe 43 4f d0 6a
> | ec 6a 85 9b 3e 24 c7 fa 8b e2 b1 3b 46 c9 bd 32
> | 0d 97 08 34 de d8 ab 43 a6 b8 3f 6f fd a6 6f 48
> | 52 14 2e c4 a9 e8 7f 1d 50 33 c8 05 90 12 2a d9
> | 03 53 2b 4a 75 38 2f 1d f1 7b 92 b3 c7 07 c5 10
> | 03 e2 ce 96 a8 18 3c 67 0a 23 d2 a5 60 a4 c8 f9
> | 14 00 00 14 a4 d6 80 aa d5 46 49 de dc a1 96 c6
> | 79 c1 ba 52 14 00 00 18 ba 20 b9 64 d1 19 32 57
> | 9b 5c 94 07 dc fe f8 d2 f8 7f 8b 96 00 00 00 18
> | 5e b4 ce 6e f1 c3 90 e0 af 5f b0 a5 6d f6 a1 ed
> | b5 8b 0b bc
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
> | next event EVENT_RETRANSMIT in 10 seconds for #1
> |
> | *received 364 bytes from <peer's fw's public ip>:500 on eth0
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 04 10 02 00 00 00 00 00 00 00 01 6c 0a 00 01 04
> | 79 5e 5b ca 4e a9 7e 20 b9 f0 5c be ee da 41 e3
> | 06 2b db 03 96 47 86 8e fa 05 26 21 8f 80 b1 52
> | 57 a2 1c 93 8d 2a c0 6b 2b 0a d7 01 92 ce a1 8a
> | 18 96 ae a9 b2 00 46 90 33 b2 99 59 ca 7e db 6b
> | 43 5a 29 e7 c9 c2 84 68 05 68 57 a5 ff a0 f6 68
> | ca 4b b1 0f bc a8 2f 29 25 d5 b7 14 43 74 23 1e
> | fa fd 79 df 36 5c c2 65 2f 91 3b 7f 81 5a 90 c3
> | ca e3 4d 19 4e 52 10 e7 6e 77 87 2c 56 ad 4c 40
> | 93 2c 86 ec 2e 57 86 86 ed 7d 85 f4 18 55 52 0d
> | a8 7c 43 f0 a2 17 e1 2d 9a 47 a0 80 ed bf 85 f3
> | 7e 68 7b e3 75 52 a9 41 aa 96 4d 89 02 38 0f 03
> | 57 0a 25 96 5a 0e 70 92 50 92 fe e9 db bf 1b 0f
> | 49 45 77 ce 8a b8 a1 09 5d b5 e8 d7 d2 89 e3 d0
> | 3d 2d 9d eb a0 52 91 6d 4d f8 8b a1 a4 af 16 40
> | 2b f7 3b 2f fc 81 78 a0 ed 56 a4 7c ac 29 be 0c
> | f9 ff c2 22 4e 22 8e d5 19 ba 94 3a f5 45 a4 88
> | 07 00 00 14 b5 5d 45 16 f5 91 85 db 46 08 d3 0e
> | 0a 80 5c 54 14 00 00 05 04 14 00 00 18 f7 25 56
> | fa 59 5f 57 0b 4f 65 28 82 ee 39 3b 1d 56 fc 0b
> | d3 00 00 00 18 68 82 7d e3 30 da 2e ca ab 55 77
> | f5 52 c1 ae f7 ad 04 c1 c4 00 00 00
> | **parse ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_KE
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 364
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | state object #1 found, in STATE_MAIN_I2
> | ***parse ISAKMP Key Exchange Payload:
> | next payload type: ISAKMP_NEXT_NONCE
> | length: 260
> | ***parse ISAKMP Nonce Payload:
> | next payload type: ISAKMP_NEXT_CR
> | length: 20
> | ***parse ISAKMP Certificate RequestPayload:
> | next payload type: ISAKMP_NEXT_NAT-D
> | length: 5
> | cert type: CERT_X509_SIGNATURE
> | ***parse ISAKMP NAT-D Payload:
> | next payload type: ISAKMP_NEXT_NAT-D
> | length: 24
> | ***parse ISAKMP NAT-D Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 24
> | removing 3 bytes of padding
> | **emit ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_ID
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: ISAKMP_FLAG_ENCRYPTION
> | message ID: 00 00 00 00
> | DH public value received:
> | 79 5e 5b ca 4e a9 7e 20 b9 f0 5c be ee da 41 e3
> | 06 2b db 03 96 47 86 8e fa 05 26 21 8f 80 b1 52
> | 57 a2 1c 93 8d 2a c0 6b 2b 0a d7 01 92 ce a1 8a
> | 18 96 ae a9 b2 00 46 90 33 b2 99 59 ca 7e db 6b
> | 43 5a 29 e7 c9 c2 84 68 05 68 57 a5 ff a0 f6 68
> | ca 4b b1 0f bc a8 2f 29 25 d5 b7 14 43 74 23 1e
> | fa fd 79 df 36 5c c2 65 2f 91 3b 7f 81 5a 90 c3
> | ca e3 4d 19 4e 52 10 e7 6e 77 87 2c 56 ad 4c 40
> | 93 2c 86 ec 2e 57 86 86 ed 7d 85 f4 18 55 52 0d
> | a8 7c 43 f0 a2 17 e1 2d 9a 47 a0 80 ed bf 85 f3
> | 7e 68 7b e3 75 52 a9 41 aa 96 4d 89 02 38 0f 03
> | 57 0a 25 96 5a 0e 70 92 50 92 fe e9 db bf 1b 0f
> | 49 45 77 ce 8a b8 a1 09 5d b5 e8 d7 d2 89 e3 d0
> | 3d 2d 9d eb a0 52 91 6d 4d f8 8b a1 a4 af 16 40
> | 2b f7 3b 2f fc 81 78 a0 ed 56 a4 7c ac 29 be 0c
> | f9 ff c2 22 4e 22 8e d5 19 ba 94 3a f5 45 a4 88
> | CR
> | requested CA: '%any'
> | compute_dh_shared(): time elapsed (OAKLEY_GROUP_MODP2048): 3984 usec
> | DH shared secret:
> | d8 de fd 47 f7 57 87 c8 9c 03 ac b9 df f0 8d e8
> | 1d 68 fb 9c ab 03 80 36 0f ea 1c ff c7 3a 20 5b
> | 4b 6d fc e5 ae 4b 79 a9 53 64 05 db b8 8c e7 f2
> | 89 c3 ed 6c 39 98 cc e3 34 5c f6 4d 0a 32 47 ac
> | d1 50 10 a7 9d e1 70 80 d3 fb b2 63 6b d0 bd 7e
> | 1f b7 6e ef fa 61 31 dc 2a b1 45 81 67 91 99 21
> | 0a 6f ff 54 9d 1f 03 81 5a f3 a6 c5 44 b3 a5 10
> | 3f 8d 16 dd e7 c6 e1 25 4d 48 13 4c 89 ef 24 9c
> | f7 fc ba 48 44 0c 6b 1a 5e 48 33 9c 51 05 8d e0
> | 75 cb 79 d3 43 22 f4 e7 3b 9f 9c 17 43 a8 b4 e0
> | 14 08 53 0f 6d 36 b8 f1 21 6f a4 e5 c3 85 79 8d
> | cf 24 7a 76 a4 82 2d 6e ec 1f 7e 1e a7 2a 2e 8d
> | e4 55 e7 71 5e f7 23 f0 bd ff b2 71 d1 ed b0 47
> | 6c 6e c7 a3 3c e0 ce be 79 33 d7 ca cb db 4a 0f
> | 6a 77 49 ec bd d1 7b 32 51 d0 d3 6c 27 29 bb dc
> | fa 72 19 66 22 6d 21 33 ed bc d5 b7 21 d2 86 8b
> | DH_i: 65 c3 78 99 4d 9d 35 61 36 ea 68 d7 8b 9d 7e d4
> | 4d f0 92 1f 54 de c4 23 4f 62 dd a6 2c 67 e3 e1
> | 5b 10 2a 83 e7 5a c8 71 c9 d6 60 39 6c 19 6c fb
> | 8c 4d d7 16 ba f1 6d 12 99 16 71 26 09 15 79 19
> | 10 f2 87 6a 6f 10 98 9c 9f 89 8b d6 31 84 d2 68
> | 52 c5 6f 78 50 fd 77 e1 df fd 2a 78 48 67 d1 22
> | 89 2b 18 c7 3e 1e 48 20 c4 b8 fc 77 ff d3 f5 15
> | 72 8a 44 01 ad 86 50 ca 1a 3f c3 23 02 af f1 d8
> | 07 53 b4 96 93 e6 64 61 24 da 65 18 10 48 71 c7
> | fe f7 8f ca a9 61 0a 77 e5 7f 8c 63 e5 15 9f 83
> | ba 64 17 2c 8d 6c a1 29 6c 9b 8b fe 43 4f d0 6a
> | ec 6a 85 9b 3e 24 c7 fa 8b e2 b1 3b 46 c9 bd 32
> | 0d 97 08 34 de d8 ab 43 a6 b8 3f 6f fd a6 6f 48
> | 52 14 2e c4 a9 e8 7f 1d 50 33 c8 05 90 12 2a d9
> | 03 53 2b 4a 75 38 2f 1d f1 7b 92 b3 c7 07 c5 10
> | 03 e2 ce 96 a8 18 3c 67 0a 23 d2 a5 60 a4 c8 f9
> | DH_r: 79 5e 5b ca 4e a9 7e 20 b9 f0 5c be ee da 41 e3
> | 06 2b db 03 96 47 86 8e fa 05 26 21 8f 80 b1 52
> | 57 a2 1c 93 8d 2a c0 6b 2b 0a d7 01 92 ce a1 8a
> | 18 96 ae a9 b2 00 46 90 33 b2 99 59 ca 7e db 6b
> | 43 5a 29 e7 c9 c2 84 68 05 68 57 a5 ff a0 f6 68
> | ca 4b b1 0f bc a8 2f 29 25 d5 b7 14 43 74 23 1e
> | fa fd 79 df 36 5c c2 65 2f 91 3b 7f 81 5a 90 c3
> | ca e3 4d 19 4e 52 10 e7 6e 77 87 2c 56 ad 4c 40
> | 93 2c 86 ec 2e 57 86 86 ed 7d 85 f4 18 55 52 0d
> | a8 7c 43 f0 a2 17 e1 2d 9a 47 a0 80 ed bf 85 f3
> | 7e 68 7b e3 75 52 a9 41 aa 96 4d 89 02 38 0f 03
> | 57 0a 25 96 5a 0e 70 92 50 92 fe e9 db bf 1b 0f
> | 49 45 77 ce 8a b8 a1 09 5d b5 e8 d7 d2 89 e3 d0
> | 3d 2d 9d eb a0 52 91 6d 4d f8 8b a1 a4 af 16 40
> | 2b f7 3b 2f fc 81 78 a0 ed 56 a4 7c ac 29 be 0c
> | f9 ff c2 22 4e 22 8e d5 19 ba 94 3a f5 45 a4 88
> | Skeyid: 9b 3a 83 b4 c1 b6 71 c1 58 c8 7a db 6b 5a d0 08
> | 7d ee a0 ed
> | Skeyid_d: a0 e2 9f 69 9e 82 fd 04 39 63 5b a6 f8 29 1f 54
> | 3b 10 b8 71
> | Skeyid_a: 1d d3 12 b6 97 43 a4 1d 07 dc 6d 92 39 74 82 cc
> | cf 09 ce f3
> | Skeyid_e: d2 d7 ef 8b dc af d4 ff fc 2d d9 da a2 11 15 e0
> | 89 79 2d 25
> | enc key: d2 d7 ef 8b dc af d4 ff fc 2d d9 da a2 11 15 e0
> | IV: 1c 1c 24 76 0d c4 f8 fa 32 a1 5b d0 cf 25 cc 1d
> | c7 e0 97 a7
> | _natd_hash: hasher=0xb77ca620(20)
> | _natd_hash: icookie=
> | 11 47 e1 b8 ed 32 ac a4
> | _natd_hash: rcookie=
> | 05 e6 ed 3b 49 50 e0 6a
> | _natd_hash: ip= c0 a8 05 02
> | _natd_hash: port=62465
> | _natd_hash: hash= 5e b4 ce 6e f1 c3 90 e0 af 5f b0 a5 6d f6 a1 ed
> | b5 8b 0b bc
> | NAT_TRAVERSAL_NAT_BHND_ME
> | expected NAT-D: 5e b4 ce 6e f1 c3 90 e0 af 5f b0 a5 6d f6 a1 ed
> | b5 8b 0b bc
> | received NAT-D: f7 25 56 fa 59 5f 57 0b 4f 65 28 82 ee 39 3b 1d
> | 56 fc 0b d3
> | _natd_hash: hasher=0xb77ca620(20)
> | _natd_hash: icookie=
> | 11 47 e1 b8 ed 32 ac a4
> | _natd_hash: rcookie=
> | 05 e6 ed 3b 49 50 e0 6a
> | _natd_hash: ip= a5 e4 67 ba
> | _natd_hash: port=62465
> | _natd_hash: hash= ba 20 b9 64 d1 19 32 57 9b 5c 94 07 dc fe f8 d2
> | f8 7f 8b 96
> | NAT_TRAVERSAL_NAT_BHND_PEER
> | expected NAT-D: ba 20 b9 64 d1 19 32 57 9b 5c 94 07 dc fe f8 d2
> | f8 7f 8b 96
> | received NAT-D: 68 82 7d e3 30 da 2e ca ab 55 77 f5 52 c1 ae f7
> | ad 04 c1 c4
> "company" #1: NAT-Traversal: Result using RFC 3947: both are NATed
> | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
> | ***emit ISAKMP Identification Payload (IPsec DOI):
> | next payload type: ISAKMP_NEXT_CERT
> | ID type: ID_DER_ASN1_DN
> | Protocol ID: 0
> | port: 0
> | emitting 91 raw bytes of my identity into ISAKMP Identification
> Payload (IPsec DOI)
> | my identity 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55 31
> | 11 30 0f 06 03 55 04 08 13 08 56 69 63 74 6f 72
> | 69 61 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f 74
> | 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74 79
> | 20 4c 74 64 31 15 30 13 06 03 55 04 03 13 0c 44
> | 65 72 72 69 6d 75 74 20 56 50 4e
> | emitting length of ISAKMP Identification Payload (IPsec DOI): 99
> | our certificate policy is SEND_IF_ASKED
> "company" #1: we have a cert and are sending it upon request
> | ***emit ISAKMP Certificate Payload:
> | next payload type: ISAKMP_NEXT_CR
> | cert encoding: CERT_X509_SIGNATURE
> | emitting 1475 raw bytes of CERT into ISAKMP Certificate Payload
> | CERT 30 82 05 bf 30 82 03 a7 a0 03 02 01 02 02 01 02
> | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30
> | 70 31 0b 30 09 06 03 55 04 06 13 02 41 55 31 20
> | 30 1e 06 03 55 04 0a 13 17 4a 6f 74 75 6e 20 41
> | 75 73 74 72 61 6c 69 61 20 50 74 79 20 4c 74 64
> | 31 0f 30 0d 06 03 55 04 03 13 06 56 50 4e 20 43
> | 41 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01
> | 16 1f 72 65 63 65 70 74 69 6f 6e 5f 62 72 6f 6f
> | 6b 6c 79 6e 40 6a 6f 74 75 6e 2e 63 6f 6d 2e 61
> | 75 30 1e 17 0d 31 30 30 37 32 36 30 38 31 37 34
> | 33 5a 17 0d 33 30 30 37 32 31 30 38 31 37 34 33
> | 5a 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55
> | 31 11 30 0f 06 03 55 04 08 13 08 56 69 63 74 6f
> | 72 69 61 31 20 30 1e 06 03 55 04 0a 13 17 4a 6f
> | 74 75 6e 20 41 75 73 74 72 61 6c 69 61 20 50 74
> | 79 20 4c 74 64 31 15 30 13 06 03 55 04 03 13 0c
> | 44 65 72 72 69 6d 75 74 20 56 50 4e 30 82 02 22
> | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03
> | 82 02 0f 00 30 82 02 0a 02 82 02 01 00 b7 75 9e
> | 38 cf d7 0d 17 56 89 24 e6 2e 52 c1 50 39 b4 87
> | 16 30 02 88 82 c3 da 59 9b 0a 69 f7 71 e5 71 ca
> | ac a3 2f c7 45 b2 73 1a be 81 dd 15 ad 71 f8 62
> | b8 90 6f 76 fb 87 22 be 06 15 69 5c f5 55 0d d4
> | 10 70 6a f3 02 b4 5c 3e 9f a9 c2 45 d6 3d 83 85
> | 0c 05 7c 66 d0 d6 29 9a db 50 f7 78 bc 8d 55 bb
> | 21 12 ce dd 32 90 55 ee 7f 82 cb 92 6a be 28 8e
> | 6e 2e f3 87 4c fa 2e 94 39 20 14 9a 40 84 bf 28
> | a2 3c 29 07 cb 24 2b f9 9b e5 4c 62 61 2f 30 7d
> | d1 af b4 d0 de 87 13 4e 07 c6 c6 e6 ab dc b9 ab
> | b7 70 d9 06 f1 71 e5 f2 fa d3 15 f2 10 e3 c0 50
> | 84 b9 ef a1 5a 84 da dd 02 06 97 a4 e4 5c 0c da
> | 4e 48 03 57 e2 aa a8 30 1f 11 61 e1 5f 05 cc 31
> | 98 75 a6 4d 9f d7 15 bc 99 6e 2d e6 b4 69 e2 48
> | 12 5c 31 a7 ce 78 6b 59 ae 88 f6 2c 32 94 85 14
> | 24 10 ec a1 56 51 a9 af 31 f0 b3 ad 66 9e c8 bf
> | 92 d4 c0 96 fc e5 f4 54 68 92 71 7a 36 32 45 de
> | b7 d0 90 5e 90 2f 87 de c6 bc 15 2a 4e f6 36 71
> | 6c c2 76 7a a9 82 66 e4 f9 7c 11 5a 06 b5 5c ef
> | 4a 19 f1 19 e7 98 54 5f 80 db 54 d4 5b b2 bc db
> | 31 f9 2f 72 74 50 29 b5 d4 1a 0b 9b 5d 16 c3 e3
> | c5 19 92 61 ca 1d 5c 59 8d 17 6d eb 9e f1 f7 8e
> | f2 4f 95 36 d2 61 13 0d 21 59 30 43 d0 a7 db fc
> | 44 03 2f 7c ea 5d 46 de 8a 1e ab 41 cc 3b 82 6a
> | e3 e4 e8 fd bc 6a 5b 5a 14 e3 04 1d 07 a7 63 c9
> | fb a0 bf 21 12 d6 dc 56 9c f2 c6 ed d1 50 87 1d
> | e5 52 53 7f aa de 42 4a 1c 20 06 19 9b 02 8a c8
> | 26 28 e5 cf 31 36 4e af c4 f7 04 58 fe 07 81 f8
> | 05 ec dc c5 db 41 2c 92 24 93 bc 8b 96 64 0b ad
> | 1e af e2 99 88 42 bb 63 d9 6b 84 1f 73 d7 63 46
> | 5c df ac 36 1f df 41 7d 50 c1 eb ba 2b 31 09 43
> | 67 8b 23 ee f2 db 6d eb c1 1f 81 d4 ff 02 03 01
> | 00 01 a3 7b 30 79 30 09 06 03 55 1d 13 04 02 30
> | 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d 04 1f
> | 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61
> | 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 30
> | 1d 06 03 55 1d 0e 04 16 04 14 ca e4 d6 35 05 8e
> | a1 ec 5a fc 15 21 e0 0d 2e f8 4e f5 2d 00 30 1f
> | 06 03 55 1d 23 04 18 30 16 80 14 bd 58 6a 09 8b
> | e1 13 99 8c c3 f8 46 ec e4 29 de 94 53 85 74 30
> | 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82
> | 02 01 00 73 80 b0 cf 1d c1 7d 89 df 9b ac 2a e0
> | 62 d1 c2 00 dc 49 c8 6d 1b 88 72 d8 9e 61 e9 da
> | 3b 38 13 ef 2d d7 ba 02 dd 97 4f 67 01 86 67 56
> | 25 2b 56 7d 57 84 44 73 4e 07 0f 2e 9c fa ac b3
> | a3 e1 4c 2d 17 b4 29 e9 d4 f7 53 4b 76 ff ab 23
> | 7a cc 4c e1 fd 02 52 d6 39 3a 17 ac f4 76 cf 64
> | 32 fa 08 31 6c 2a 1b d1 fc 20 a3 10 c4 1c 55 b1
> | a6 4d af 35 61 4c 7d 16 bc 22 c9 cc d2 20 8b 74
> | 6b 95 39 7c 9e 93 1a 69 1f 0d d1 73 0a 4f 94 43
> | 9f 40 93 31 d1 e8 d4 8d 71 4f f5 d3 ec bb 36 1b
> | 92 96 7c 97 89 8d 23 be 79 9b f1 f2 db c3 a9 fc
> | 97 a7 c6 44 0f 4a 5b 35 10 28 8a 55 3c 1c 5d 3b
> | 19 14 2b c3 40 8f 8f b6 96 78 50 b0 11 64 68 9a
> | e2 8c 39 b2 06 a2 43 38 fc fe 85 38 fa 62 c1 b1
> | d0 36 31 2c c4 6a c8 55 c3 c4 ee 99 b9 7e b6 e9
> | d5 de d5 61 89 7f d5 63 f1 ae 63 54 c6 b6 43 b3
> | 9f 6c 68 7f 70 bb 2d d8 eb 29 6d 24 c0 52 b8 14
> | 19 be 0c 6e ce c8 96 ef b8 ef 6e 4b 73 4a a5 74
> | fc 52 db 00 cb 71 bc 55 79 a7 79 6d 29 3d 7c 04
> | b4 d3 20 b4 e3 ec 01 29 65 c2 d7 6c 48 2b 8c 36
> | cd 05 3f c3 be a0 46 58 99 dc 3f 38 f9 e5 c2 9d
> | 59 d4 08 af c4 91 ac 11 4c 28 a2 90 e0 a3 ff d3
> | 45 0e 54 db 9f 44 45 ea c0 53 9e d5 fb c3 2b 58
> | ab 4f 4e df e5 02 21 4c 79 02 bf f6 0e dc 25 da
> | 9a 41 35 63 03 29 c8 c7 42 44 f5 fa 1c 0f 92 a1
> | 0f bc 03 39 f9 59 63 fd 31 16 71 35 1e 32 4a 2d
> | 8f ab 09 54 6c dc b5 65 f7 fb c8 7a 51 9e c1 1b
> | bc ba 78 70 94 4a 0f f9 69 d1 b2 f6 84 6b f6 df
> | bb e5 1a 9f 93 45 0f 4d 8c af df 48 34 dc 78 ff
> | 7f 5e 07 34 16 2f 8e be 97 9e 7d 17 57 21 72 b0
> | 4c d7 d1 2a 7e 8d e3 65 31 d9 3e f3 bb 28 5f f7
> | 0c 7f 45 81 bc aa b2 1e 93 05 c8 9d 2a 94 ca a8
> | c8 f4 b4
> | emitting length of ISAKMP Certificate Payload: 1480
> | ***emit ISAKMP Certificate RequestPayload:
> | next payload type: ISAKMP_NEXT_SIG
> | cert type: CERT_X509_SIGNATURE
> | emitting length of ISAKMP Certificate RequestPayload: 5
> | hashing 52 bytes of SA
> | keyid: *AwEAAbd1n
> | Modulus:
> 0xb7759e38cfd70d17568924e62e52c15039b4871630028882c3da599b0a69f771e571caaca32fc745b2731abe81dd15ad71f862b8906f76fb8722be0615695cf5550dd410706af302b45c3e9fa9c245d63d83850c057c66d0d6299adb50f778bc8d55bb2112cedd329055ee7f82cb926abe288e6e2ef3874cfa2e943920149a4084bf28a23c2907cb242bf99be54c62612f307dd1afb4d0de87134e07c6c6e6abdcb9abb770d906f171e5f2fad315f210e3c05084b9efa15a84dadd020697a4e45c0cda4e480357e2aaa8301f1161e15f05cc319875a64d9fd715bc996e2de6b469e248125c31a7ce786b59ae88f62c329485142410eca15651a9af31f0b3ad669ec8bf92d4c096fce5f4546892717a363245deb7d0905e902f87dec6bc152a4ef636716cc2767aa98266e4f97c115a06b55cef4a19f119e798545f80db54d45bb2bcdb31f92f72745029b5d41a0b9b5d16c3e3c5199261ca1d5c598d176deb9ef1f78ef24f9536d261130d21593043d0a7dbfc44032f7cea5d46de8a1eab41cc3b826ae3e4e8fdbc6a5b5a14e3041d07a763c9fba0bf2112d6dc569cf2c6edd150871de552537faade424a1c2006199b028ac82628e5cf31364eafc4f70458fe0781f805ecdcc5db412c922493bc8b96640bad1eafe2998842bb63d96b841f73d763465cdfac361fdf417d50c
1ebba2b310943678b23eef2
> | PublicExponent: 0x10001
> | signing hash with RSA Key *AwEAAbd1n
> | ***emit ISAKMP Signature Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 512 raw bytes of SIG_I into ISAKMP Signature Payload
> | SIG_I 5a 67 bb ee 32 a0 eb 56 df 3f e2 8f 15 dd 8c af
> | f9 30 27 38 85 5d 5d f9 f5 a5 25 bb 67 60 a0 d0
> | 65 c5 ed e7 8a 73 c2 1f ef dd 01 50 ae 5b b4 29
> | 95 f3 cf ab 99 d0 ad a6 9a b1 8c ef 93 db d7 43
> | 1b 23 63 80 d1 ae 27 9a 27 b8 ac 12 1a 68 a4 0d
> | 2a 47 0a e2 84 88 59 46 82 f5 30 79 61 4f 5a 3a
> | 6d d3 3a f1 9b 8c 0f 69 24 a9 d8 5a ec 96 a9 78
> | 2a 11 54 9f d9 22 b9 be 5b 0d 14 3b 75 ff 85 45
> | 3c 9a 60 51 37 7e a7 3e 98 78 08 7e 1c 93 65 43
> | dc 59 a0 1d 73 d0 04 96 40 48 23 5a 6b 62 4f 6a
> | ae a3 60 1a 99 aa c7 36 d4 83 f9 ee 84 d9 bb 55
> | 11 34 8e b7 f3 e6 2d 7f bb 95 c6 3f 08 64 ab 12
> | b0 41 fc 6b 5a 4d d4 90 37 12 8d 42 de 34 1a 17
> | 3f 77 ee e5 b7 72 9e cf db 50 b2 57 7a 33 8d 67
> | 6a 34 e2 fd 4b a6 86 bb 74 a7 7f 9f 95 5f 56 c0
> | c3 ae c7 1c 9a b8 0a 3f d1 98 1a a9 47 67 6b fa
> | a2 12 3c 92 ae e4 86 e0 e4 58 1b 7f 91 f2 e6 aa
> | 2d 67 ed d3 97 83 15 c4 e9 f4 30 04 41 2d 24 9d
> | 3b aa 7b 0d 54 61 ff a9 c0 bf ac ca a2 0a dc 98
> | 48 f5 5c af 32 0c 32 9b 81 00 de 5a 3c 5d 16 89
> | 52 34 f9 5f 09 29 85 95 ef b6 45 7e 3f 0b 92 a6
> | b1 85 99 32 ef de e2 47 aa 58 7e 44 10 74 54 6e
> | af 44 05 05 f9 d1 54 0a 98 4f c6 f6 5e 69 67 51
> | 19 9c 27 a0 61 4a 0e 4b 31 1d 2e 84 e4 fe 2d fd
> | f7 db 66 5e 9d 69 3e b1 db 4b bf ad ac b4 ce 1e
> | 6e 9c dc 13 3e e5 4e 2d e9 39 59 32 f4 8f 62 ee
> | a3 e3 39 a5 18 14 0e 5f d4 fb d7 b3 72 dd b6 20
> | 0c 36 c1 5a eb 37 b0 68 98 cc 19 c0 5a 78 9a 1f
> | ff fd 83 04 3a da ba 8a b9 0b 13 a3 34 40 b5 31
> | 3c f9 2f ac 00 16 ae 33 dc 37 35 4b 94 96 4a 02
> | ab f6 d4 0e ff 26 a2 8d b7 b5 25 0e f2 ec 01 65
> | 00 3d 0d f1 ff 2c 8a d7 c8 ac ff 55 4f ed 9d d9
> | emitting length of ISAKMP Signature Payload: 516
> | encrypting:
> | 06 00 00 63 09 00 00 00 30 59 31 0b 30 09 06 03
> | 55 04 06 13 02 41 55 31 11 30 0f 06 03 55 04 08
> | 13 08 56 69 63 74 6f 72 69 61 31 20 30 1e 06 03
> | 55 04 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74 72
> | 61 6c 69 61 20 50 74 79 20 4c 74 64 31 15 30 13
> | 06 03 55 04 03 13 0c 44 65 72 72 69 6d 75 74 20
> | 56 50 4e 07 00 05 c8 04 30 82 05 bf 30 82 03 a7
> | a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86
> | f7 0d 01 01 05 05 00 30 70 31 0b 30 09 06 03 55
> | 04 06 13 02 41 55 31 20 30 1e 06 03 55 04 0a 13
> | 17 4a 6f 74 75 6e 20 41 75 73 74 72 61 6c 69 61
> | 20 50 74 79 20 4c 74 64 31 0f 30 0d 06 03 55 04
> | 03 13 06 56 50 4e 20 43 41 31 2e 30 2c 06 09 2a
> | 86 48 86 f7 0d 01 09 01 16 1f 72 65 63 65 70 74
> | 69 6f 6e 5f 62 72 6f 6f 6b 6c 79 6e 40 6a 6f 74
> | 75 6e 2e 63 6f 6d 2e 61 75 30 1e 17 0d 31 30 30
> | 37 32 36 30 38 31 37 34 33 5a 17 0d 33 30 30 37
> | 32 31 30 38 31 37 34 33 5a 30 59 31 0b 30 09 06
> | 03 55 04 06 13 02 41 55 31 11 30 0f 06 03 55 04
> | 08 13 08 56 69 63 74 6f 72 69 61 31 20 30 1e 06
> | 03 55 04 0a 13 17 4a 6f 74 75 6e 20 41 75 73 74
> | 72 61 6c 69 61 20 50 74 79 20 4c 74 64 31 15 30
> | 13 06 03 55 04 03 13 0c 44 65 72 72 69 6d 75 74
> | 20 56 50 4e 30 82 02 22 30 0d 06 09 2a 86 48 86
> | f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a
> | 02 82 02 01 00 b7 75 9e 38 cf d7 0d 17 56 89 24
> | e6 2e 52 c1 50 39 b4 87 16 30 02 88 82 c3 da 59
> | 9b 0a 69 f7 71 e5 71 ca ac a3 2f c7 45 b2 73 1a
> | be 81 dd 15 ad 71 f8 62 b8 90 6f 76 fb 87 22 be
> | 06 15 69 5c f5 55 0d d4 10 70 6a f3 02 b4 5c 3e
> | 9f a9 c2 45 d6 3d 83 85 0c 05 7c 66 d0 d6 29 9a
> | db 50 f7 78 bc 8d 55 bb 21 12 ce dd 32 90 55 ee
> | 7f 82 cb 92 6a be 28 8e 6e 2e f3 87 4c fa 2e 94
> | 39 20 14 9a 40 84 bf 28 a2 3c 29 07 cb 24 2b f9
> | 9b e5 4c 62 61 2f 30 7d d1 af b4 d0 de 87 13 4e
> | 07 c6 c6 e6 ab dc b9 ab b7 70 d9 06 f1 71 e5 f2
> | fa d3 15 f2 10 e3 c0 50 84 b9 ef a1 5a 84 da dd
> | 02 06 97 a4 e4 5c 0c da 4e 48 03 57 e2 aa a8 30
> | 1f 11 61 e1 5f 05 cc 31 98 75 a6 4d 9f d7 15 bc
> | 99 6e 2d e6 b4 69 e2 48 12 5c 31 a7 ce 78 6b 59
> | ae 88 f6 2c 32 94 85 14 24 10 ec a1 56 51 a9 af
> | 31 f0 b3 ad 66 9e c8 bf 92 d4 c0 96 fc e5 f4 54
> | 68 92 71 7a 36 32 45 de b7 d0 90 5e 90 2f 87 de
> | c6 bc 15 2a 4e f6 36 71 6c c2 76 7a a9 82 66 e4
> | f9 7c 11 5a 06 b5 5c ef 4a 19 f1 19 e7 98 54 5f
> | 80 db 54 d4 5b b2 bc db 31 f9 2f 72 74 50 29 b5
> | d4 1a 0b 9b 5d 16 c3 e3 c5 19 92 61 ca 1d 5c 59
> | 8d 17 6d eb 9e f1 f7 8e f2 4f 95 36 d2 61 13 0d
> | 21 59 30 43 d0 a7 db fc 44 03 2f 7c ea 5d 46 de
> | 8a 1e ab 41 cc 3b 82 6a e3 e4 e8 fd bc 6a 5b 5a
> | 14 e3 04 1d 07 a7 63 c9 fb a0 bf 21 12 d6 dc 56
> | 9c f2 c6 ed d1 50 87 1d e5 52 53 7f aa de 42 4a
> | 1c 20 06 19 9b 02 8a c8 26 28 e5 cf 31 36 4e af
> | c4 f7 04 58 fe 07 81 f8 05 ec dc c5 db 41 2c 92
> | 24 93 bc 8b 96 64 0b ad 1e af e2 99 88 42 bb 63
> | d9 6b 84 1f 73 d7 63 46 5c df ac 36 1f df 41 7d
> | 50 c1 eb ba 2b 31 09 43 67 8b 23 ee f2 db 6d eb
> | c1 1f 81 d4 ff 02 03 01 00 01 a3 7b 30 79 30 09
> | 06 03 55 1d 13 04 02 30 00 30 2c 06 09 60 86 48
> | 01 86 f8 42 01 0d 04 1f 16 1d 4f 70 65 6e 53 53
> | 4c 20 47 65 6e 65 72 61 74 65 64 20 43 65 72 74
> | 69 66 69 63 61 74 65 30 1d 06 03 55 1d 0e 04 16
> | 04 14 ca e4 d6 35 05 8e a1 ec 5a fc 15 21 e0 0d
> | 2e f8 4e f5 2d 00 30 1f 06 03 55 1d 23 04 18 30
> | 16 80 14 bd 58 6a 09 8b e1 13 99 8c c3 f8 46 ec
> | e4 29 de 94 53 85 74 30 0d 06 09 2a 86 48 86 f7
> | 0d 01 01 05 05 00 03 82 02 01 00 73 80 b0 cf 1d
> | c1 7d 89 df 9b ac 2a e0 62 d1 c2 00 dc 49 c8 6d
> | 1b 88 72 d8 9e 61 e9 da 3b 38 13 ef 2d d7 ba 02
> | dd 97 4f 67 01 86 67 56 25 2b 56 7d 57 84 44 73
> | 4e 07 0f 2e 9c fa ac b3 a3 e1 4c 2d 17 b4 29 e9
> | d4 f7 53 4b 76 ff ab 23 7a cc 4c e1 fd 02 52 d6
> | 39 3a 17 ac f4 76 cf 64 32 fa 08 31 6c 2a 1b d1
> | fc 20 a3 10 c4 1c 55 b1 a6 4d af 35 61 4c 7d 16
> | bc 22 c9 cc d2 20 8b 74 6b 95 39 7c 9e 93 1a 69
> | 1f 0d d1 73 0a 4f 94 43 9f 40 93 31 d1 e8 d4 8d
> | 71 4f f5 d3 ec bb 36 1b 92 96 7c 97 89 8d 23 be
> | 79 9b f1 f2 db c3 a9 fc 97 a7 c6 44 0f 4a 5b 35
> | 10 28 8a 55 3c 1c 5d 3b 19 14 2b c3 40 8f 8f b6
> | 96 78 50 b0 11 64 68 9a e2 8c 39 b2 06 a2 43 38
> | fc fe 85 38 fa 62 c1 b1 d0 36 31 2c c4 6a c8 55
> | c3 c4 ee 99 b9 7e b6 e9 d5 de d5 61 89 7f d5 63
> | f1 ae 63 54 c6 b6 43 b3 9f 6c 68 7f 70 bb 2d d8
> | eb 29 6d 24 c0 52 b8 14 19 be 0c 6e ce c8 96 ef
> | b8 ef 6e 4b 73 4a a5 74 fc 52 db 00 cb 71 bc 55
> | 79 a7 79 6d 29 3d 7c 04 b4 d3 20 b4 e3 ec 01 29
> | 65 c2 d7 6c 48 2b 8c 36 cd 05 3f c3 be a0 46 58
> | 99 dc 3f 38 f9 e5 c2 9d 59 d4 08 af c4 91 ac 11
> | 4c 28 a2 90 e0 a3 ff d3 45 0e 54 db 9f 44 45 ea
> | c0 53 9e d5 fb c3 2b 58 ab 4f 4e df e5 02 21 4c
> | 79 02 bf f6 0e dc 25 da 9a 41 35 63 03 29 c8 c7
> | 42 44 f5 fa 1c 0f 92 a1 0f bc 03 39 f9 59 63 fd
> | 31 16 71 35 1e 32 4a 2d 8f ab 09 54 6c dc b5 65
> | f7 fb c8 7a 51 9e c1 1b bc ba 78 70 94 4a 0f f9
> | 69 d1 b2 f6 84 6b f6 df bb e5 1a 9f 93 45 0f 4d
> | 8c af df 48 34 dc 78 ff 7f 5e 07 34 16 2f 8e be
> | 97 9e 7d 17 57 21 72 b0 4c d7 d1 2a 7e 8d e3 65
> | 31 d9 3e f3 bb 28 5f f7 0c 7f 45 81 bc aa b2 1e
> | 93 05 c8 9d 2a 94 ca a8 c8 f4 b4 09 00 00 05 04
> | 00 00 02 04 5a 67 bb ee 32 a0 eb 56 df 3f e2 8f
> | 15 dd 8c af f9 30 27 38 85 5d 5d f9 f5 a5 25 bb
> | 67 60 a0 d0 65 c5 ed e7 8a 73 c2 1f ef dd 01 50
> | ae 5b b4 29 95 f3 cf ab 99 d0 ad a6 9a b1 8c ef
> | 93 db d7 43 1b 23 63 80 d1 ae 27 9a 27 b8 ac 12
> | 1a 68 a4 0d 2a 47 0a e2 84 88 59 46 82 f5 30 79
> | 61 4f 5a 3a 6d d3 3a f1 9b 8c 0f 69 24 a9 d8 5a
> | ec 96 a9 78 2a 11 54 9f d9 22 b9 be 5b 0d 14 3b
> | 75 ff 85 45 3c 9a 60 51 37 7e a7 3e 98 78 08 7e
> | 1c 93 65 43 dc 59 a0 1d 73 d0 04 96 40 48 23 5a
> | 6b 62 4f 6a ae a3 60 1a 99 aa c7 36 d4 83 f9 ee
> | 84 d9 bb 55 11 34 8e b7 f3 e6 2d 7f bb 95 c6 3f
> | 08 64 ab 12 b0 41 fc 6b 5a 4d d4 90 37 12 8d 42
> | de 34 1a 17 3f 77 ee e5 b7 72 9e cf db 50 b2 57
> | 7a 33 8d 67 6a 34 e2 fd 4b a6 86 bb 74 a7 7f 9f
> | 95 5f 56 c0 c3 ae c7 1c 9a b8 0a 3f d1 98 1a a9
> | 47 67 6b fa a2 12 3c 92 ae e4 86 e0 e4 58 1b 7f
> | 91 f2 e6 aa 2d 67 ed d3 97 83 15 c4 e9 f4 30 04
> | 41 2d 24 9d 3b aa 7b 0d 54 61 ff a9 c0 bf ac ca
> | a2 0a dc 98 48 f5 5c af 32 0c 32 9b 81 00 de 5a
> | 3c 5d 16 89 52 34 f9 5f 09 29 85 95 ef b6 45 7e
> | 3f 0b 92 a6 b1 85 99 32 ef de e2 47 aa 58 7e 44
> | 10 74 54 6e af 44 05 05 f9 d1 54 0a 98 4f c6 f6
> | 5e 69 67 51 19 9c 27 a0 61 4a 0e 4b 31 1d 2e 84
> | e4 fe 2d fd f7 db 66 5e 9d 69 3e b1 db 4b bf ad
> | ac b4 ce 1e 6e 9c dc 13 3e e5 4e 2d e9 39 59 32
> | f4 8f 62 ee a3 e3 39 a5 18 14 0e 5f d4 fb d7 b3
> | 72 dd b6 20 0c 36 c1 5a eb 37 b0 68 98 cc 19 c0
> | 5a 78 9a 1f ff fd 83 04 3a da ba 8a b9 0b 13 a3
> | 34 40 b5 31 3c f9 2f ac 00 16 ae 33 dc 37 35 4b
> | 94 96 4a 02 ab f6 d4 0e ff 26 a2 8d b7 b5 25 0e
> | f2 ec 01 65 00 3d 0d f1 ff 2c 8a d7 c8 ac ff 55
> | 4f ed 9d d9
> | emitting 12 zero bytes of encryption padding into ISAKMP Message
> | encrypting using OAKLEY_AES_CBC
> | next IV: 07 c8 0e 39 c3 1a b7 c1 4f 17 88 60 d0 cd 39 6b
> | emitting length of ISAKMP Message: 2140
> | NAT-T: floating to port 4500
> | NAT-T: using interface eth0:4500
> | sending 2140 bytes for STATE_MAIN_I2 through eth0 to <peer's fw's
> public ip>:4500:
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 05 10 02 01 00 00 00 00 00 00 08 5c 3c 52 54 d8
> | cd 11 73 6a aa f4 f1 8c e2 22 82 45 f6 1c 68 0a
> | 19 51 50 1d af b3 56 11 85 e1 d7 1b 2d 54 31 10
> | cb 5b 1e 4c 2d 41 c7 1d 9d a7 3f c6 a5 a0 0a fb
> | a6 97 7d 8a a1 0e 71 24 46 ae ad 52 c9 d3 a3 6f
> | 80 04 5d c1 45 7b ee 95 0a c8 e1 44 be 25 71 c8
> | 11 5a 1e 50 a7 e8 75 0a e6 d7 a5 c7 27 24 1f 76
> | 8d ab 31 58 f7 dc e8 ba 0d ec d0 0a d9 9a 0b 5a
> | 5b 6c 94 8a 45 aa 53 3e c5 d5 a4 2d dd 6a 46 53
> | 79 47 48 f4 e8 86 1d 18 50 a8 d8 1b 0f ef 6b ba
> | 5d ac d5 80 80 9a d0 e8 50 ce 30 1f b9 6b be a0
> | bc 97 f0 f0 14 19 7d 0a 68 0c 19 71 42 a3 37 f1
> | 09 e1 44 ea a6 db 22 1c e9 93 e6 2b 6e e4 25 a8
> | 22 51 1e eb d9 cf c5 b4 b8 49 f2 e6 f3 48 41 e0
> | ef ed 22 a4 44 1d c2 65 71 50 b4 0c 21 9c eb 77
> | 70 f4 02 2c 0c eb 51 8d 46 6b 6e 62 09 75 1a f8
> | c5 3b f9 21 5d a0 bd ac 83 e4 07 19 04 48 79 ad
> | c5 22 71 bb 8e 65 0c a8 cb db 9b fe e9 2b 94 87
> | 1d 6a e3 c4 e6 16 73 3a f3 f9 41 23 41 39 c0 11
> | 79 43 77 e3 33 1e 5f c5 4e 59 f7 96 a2 b6 b2 a4
> | dd 3d ed f8 ec 98 9f 0a d9 39 a7 fa f6 fb 85 9d
> | 19 dc 53 8f d0 e3 7e 7b 6b 09 bf a3 d1 af 51 02
> | 82 34 0b 87 3d 23 c4 a6 a7 4a ef 31 f9 07 e1 60
> | 6d 7c dc 2b d3 08 98 93 b3 d6 a0 fa 90 93 14 4f
> | d7 ef 48 a0 2e e8 5f 75 e8 8b 16 3d 8a f3 98 77
> | 6c a9 bc f0 a8 1c 2f 1f 6c 5f 25 84 6f 21 29 da
> | ca 2f 6a 3c 83 50 6e fa 55 4e d9 9d 7c 88 2b b7
> | 7b a8 91 ad 0e 06 f6 72 22 ba 9d f1 fb 65 9a 22
> | 02 97 c3 5c 5b 29 12 d6 11 c3 74 d0 88 ad af 72
> | f7 4e 0b f5 a1 96 9b 31 37 74 37 a2 ad 6f 75 12
> | b9 89 7c 6c 53 bf 90 a8 2e a7 22 04 d3 9c df 12
> | df ca c6 44 7c b2 1b 31 a3 07 8e 07 0e cd d5 ec
> | 51 10 70 d2 ea 11 e7 ce 36 4f 96 db e5 41 7e c4
> | 0d 36 bd 24 d6 b3 6e 4f ac b1 df 1e 52 a1 8d fe
> | 8a c1 06 48 3f e3 53 b2 4f 4b 12 55 96 05 42 8a
> | 7f ef ca 89 88 0a ff 59 16 48 73 cf aa 75 b5 05
> | 7f c1 b0 f3 d0 9e f3 69 c8 60 d7 42 a1 1d c7 66
> | 20 6b 67 da 37 76 fb 4a 31 77 08 7c 72 b1 0e f3
> | f9 cd 03 b4 e4 57 83 d1 56 d5 0a fc 0c 33 00 e9
> | 55 64 7c d3 9b 64 d6 c9 98 50 19 52 8d 5a 0e e0
> | 56 5d 1c d3 71 06 6f 7a 24 c8 46 a7 0c 94 a0 8b
> | c5 d7 ed 94 47 87 c3 7a 8a a8 c4 20 e4 fe ee 78
> | be d7 37 b5 9b 71 5c 45 e6 5c 07 8c 63 23 fe 03
> | fe 25 c9 f9 f5 33 9c cc be fe e3 cb 5f a6 b9 99
> | fc 1d 87 b4 0c f3 64 e3 22 fb 3f 90 67 12 4f ff
> | c1 95 21 83 1b fc 2f d7 e0 8c 84 50 24 17 20 e0
> | 76 6a 8c 40 76 5d c9 a9 b7 58 14 0b e8 5a e4 b5
> | bd a1 18 ec 22 3d d2 73 6c 19 38 f3 1c 1f 83 cd
> | 6c 3a ae 0f 0d 06 e1 77 57 ca 33 ca 69 d2 05 94
> | bc e2 35 b4 6c a0 e8 20 66 47 da f5 63 6a b8 fa
> | 61 18 96 6c 72 47 51 3a 9e 69 df ba af 86 06 a3
> | b1 22 5d 2c 7c c9 0a 47 2d 4e 8b d7 d1 7f b5 61
> | 67 5c 15 60 4f de e2 a0 cb 57 79 0b 68 34 8a c0
> | 8c a0 d5 27 c6 84 72 a9 65 46 70 f3 98 04 89 e6
> | 96 b7 92 6b ec 14 6e 23 b7 bd 6b 22 07 a5 b3 f6
> | c3 af 41 21 6a 4d e9 31 9e a4 5c 20 39 94 a4 e7
> | fe 4a 43 b3 09 e1 bd 54 28 bb 74 ce 6e 9e 5c 06
> | b6 e1 7d d4 ce ce c7 db ed 9a f4 99 97 48 d6 5b
> | e6 69 bd 14 06 0d f8 07 6f 62 ba 2d da 0d 50 78
> | 9d ea 49 d1 40 88 51 70 89 22 40 14 2b ed 75 c2
> | e6 bf fc 6a 81 a5 71 7c 96 dd b7 21 71 78 aa 6f
> | 09 eb 92 9a 8f 01 62 2d 4d a8 71 75 ab d8 95 1a
> | 8c ba 04 4b 54 2d dc 71 7b 25 f9 4f 5f c7 df 03
> | e5 0e 5e ad 20 ed b3 d5 17 7c d2 94 48 44 dc a8
> | be 9b fe 3e cf 31 4b 7e ac a6 99 ad e5 20 5a bc
> | 05 86 ee 7a 69 bb b0 a5 1b 8b 1d 3c b4 20 d1 72
> | 72 8b fe 75 2a b3 e7 35 d1 28 5a 64 ab bc db 0d
> | 22 b2 b7 44 6b 3b 36 1e 51 16 5d 68 a3 9c ca e4
> | 7d 2b 2d 1d a3 5f ca 53 e6 20 2d cb 8d 2e 69 6f
> | 8c 65 fb 42 7d 63 40 e7 4a b7 7f 66 50 27 c7 21
> | e2 39 7a fa cc 81 57 ea 4f 29 e1 55 05 75 75 06
> | 3e ae 46 26 47 da d1 78 41 2b 6b 47 ad 2e 76 e0
> | ee 46 49 2d 56 60 44 8c 9b 62 c0 95 be 30 09 9f
> | a7 9b 91 8b 2a c9 d4 a4 64 8a 2c ac 4d c8 d0 8c
> | 08 42 fa d0 9d 5f 32 be c4 4d a4 d0 f4 2e 1a 2a
> | c0 f8 5f b3 1a 9d 59 9b 56 54 35 bb 33 01 39 87
> | 68 04 b7 f4 1d ff 41 1f dc 96 28 c6 7b 4e b0 75
> | 56 5e 66 19 4a 4f 06 eb 25 1e 67 b1 8f 08 df c4
> | 62 ae 83 a4 79 a9 da 7d 7c 0b dc 26 77 03 d3 3c
> | ca af d4 6a 2a 1c aa 4e 09 bd 6b c6 3a 83 3a f5
> | ca 6a 41 d8 75 2e 4f 64 f9 d5 1d a2 c8 df f4 bd
> | ce 1f d1 e7 f4 f5 9c 18 7a 8a 83 ed 94 7d d4 36
> | c5 8c df ee 88 5e ed 22 44 51 60 ad a9 dc 26 c5
> | a6 ac 0e eb 82 5d d6 dc 66 c5 0e 20 b7 bd 71 be
> | cb 75 78 c0 b4 fe a8 b7 6c 36 51 33 42 a5 44 bb
> | b1 71 33 d2 ad b7 24 88 d2 d2 4a b9 0b 72 e0 cd
> | d1 1b d0 06 bc 7a 6f 36 31 da 81 52 3d dc 16 ee
> | 19 a0 4b d1 84 af f9 71 f5 04 ba c8 6f 7f 31 b5
> | f6 eb e7 b9 3f 9a 5e 54 e1 1c ba e6 82 57 6f cb
> | 51 eb 60 ed 04 98 cd 27 bc bc 05 a4 50 d6 c6 42
> | b4 c5 19 ea 4f eb 8e 92 e0 28 d0 ff e6 68 6c c0
> | 6d 68 13 a2 b2 2f 2c 1e 87 00 65 18 61 ff 7b 38
> | 76 a1 e4 02 a0 16 06 f4 16 80 62 74 49 7c d5 9a
> | 86 d9 af 3d 7e ba 76 70 bd 53 e7 8f d7 3c 2f 4c
> | 76 c5 41 39 0e f5 95 03 1f 2e 88 00 a2 9a 7e 9a
> | ab 97 bc 5b 33 ff 87 0c c2 d0 57 8f 3b 55 d2 7a
> | e1 35 88 ef d2 e0 44 58 7c 08 04 50 86 26 95 03
> | 4c 32 26 52 de a0 15 6f 69 9d 25 bc e3 9e a8 49
> | e2 f7 93 5b b7 5a 7e 7b bc ad 54 5f dd ba 13 10
> | db 8f d2 38 58 e5 23 ba 0a 56 1f b1 9b 3a 06 62
> | 45 41 ad a7 cf 85 b8 f0 9e e8 c6 26 81 c3 65 5a
> | 99 97 3a 7b 0a 26 9b 1e d2 16 84 db ee ba 40 93
> | fa 1e 88 6b 5b f2 e9 ea 48 4d 0c 44 58 31 54 bb
> | ef 31 d6 17 0d e4 d6 8f 28 5d 4f c7 b5 91 32 d0
> | 31 66 f9 ce 21 94 10 48 bb 21 a2 25 5a ad 05 85
> | 55 10 a8 6e 38 8b e9 4e 79 ab 94 92 73 1c 7d e3
> | 9e d2 79 fe 16 31 c9 df c5 99 d2 d9 8e b4 43 56
> | f4 b2 87 52 71 17 ad f3 63 9d 88 ea eb 89 e2 ae
> | f4 64 61 21 ba 1c 66 b3 58 6f 6b 68 d1 b3 d9 4e
> | d1 8b 14 e7 87 12 ea 6f fa 30 83 ec 6d f6 a9 72
> | 27 23 1a 4c eb 8e 8c af 0b 6f 06 36 8b 2a 45 40
> | 22 25 e6 2d b3 37 42 3f f9 44 6c 6a b9 b4 ba 8b
> | 7b 2c bc b1 97 fe 41 60 c9 c6 3d 4f f0 13 a3 b4
> | 7e a8 8c 25 b0 ac d1 8e c4 ea bb df e1 65 58 5b
> | d2 89 a5 78 e8 bb ec b3 17 96 73 bb d8 a5 c1 c5
> | a8 bf 83 e1 7c fd 11 08 99 a3 56 58 ed e5 12 f7
> | be 5e 8b ca 93 05 7c b7 49 08 5c 34 e7 b6 96 7c
> | 0c 57 d8 b0 74 d8 88 58 98 94 55 cc f0 e6 f6 75
> | 38 32 5e ba 21 3f 34 94 d3 56 24 1d 93 d0 52 0f
> | 69 73 c7 3a f3 77 e3 eb c3 79 bd 63 a0 df 78 d4
> | 98 c2 75 3d 3b b0 22 03 18 91 c8 1b 76 7c 7c fd
> | 1b 9c 7c cf 51 9f a9 bd 01 ab 81 8a 1e 6c 56 22
> | b5 91 f2 c8 6b bf ff 33 1a 51 2d 7b 42 82 cf 1a
> | 67 ad f8 9e 35 6a 6d ca da 6d a3 b0 05 ae 40 4e
> | 36 d0 65 9c b9 75 f2 6c b8 ed 2d 0a bf 18 e2 69
> | 9c 25 7c 56 bf 8a fe ea 1a e2 d4 83 21 f8 17 be
> | a8 56 00 88 4c f7 01 73 19 53 81 14 42 dc 48 7e
> | ae db e0 9b bc 3b 30 2f a6 ef 16 29 61 54 c8 ad
> | f3 7a b4 c8 4c 91 73 e5 55 a6 72 e1 e6 94 9e e2
> | 97 29 f9 0c 5b 0b de 0b eb 91 fc a7 09 a3 4e 16
> | 71 b3 f8 53 3f 52 c0 3e 05 d0 3f 9c 59 76 16 0d
> | 8c 21 e0 b0 ff 38 37 0b 4f 68 87 0f 07 c8 0e 39
> | c3 1a b7 c1 4f 17 88 60 d0 cd 39 6b
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
> | next event EVENT_RETRANSMIT in 10 seconds for #1
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | a3 c0 50 38 88 fa 29 3a 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | a3 c0 50 38 88 fa 29 3a
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #1
> |
> | *time to handle event
> | event after this is EVENT_NAT_T_KEEPALIVE in 10 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #1
> | sending 2140 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 05 10 02 01 00 00 00 00 00 00 08 5c 3c 52 54 d8
> | cd 11 73 6a aa f4 f1 8c e2 22 82 45 f6 1c 68 0a
> | 19 51 50 1d af b3 56 11 85 e1 d7 1b 2d 54 31 10
> | cb 5b 1e 4c 2d 41 c7 1d 9d a7 3f c6 a5 a0 0a fb
> | a6 97 7d 8a a1 0e 71 24 46 ae ad 52 c9 d3 a3 6f
> | 80 04 5d c1 45 7b ee 95 0a c8 e1 44 be 25 71 c8
> | 11 5a 1e 50 a7 e8 75 0a e6 d7 a5 c7 27 24 1f 76
> | 8d ab 31 58 f7 dc e8 ba 0d ec d0 0a d9 9a 0b 5a
> | 5b 6c 94 8a 45 aa 53 3e c5 d5 a4 2d dd 6a 46 53
> | 79 47 48 f4 e8 86 1d 18 50 a8 d8 1b 0f ef 6b ba
> | 5d ac d5 80 80 9a d0 e8 50 ce 30 1f b9 6b be a0
> | bc 97 f0 f0 14 19 7d 0a 68 0c 19 71 42 a3 37 f1
> | 09 e1 44 ea a6 db 22 1c e9 93 e6 2b 6e e4 25 a8
> | 22 51 1e eb d9 cf c5 b4 b8 49 f2 e6 f3 48 41 e0
> | ef ed 22 a4 44 1d c2 65 71 50 b4 0c 21 9c eb 77
> | 70 f4 02 2c 0c eb 51 8d 46 6b 6e 62 09 75 1a f8
> | c5 3b f9 21 5d a0 bd ac 83 e4 07 19 04 48 79 ad
> | c5 22 71 bb 8e 65 0c a8 cb db 9b fe e9 2b 94 87
> | 1d 6a e3 c4 e6 16 73 3a f3 f9 41 23 41 39 c0 11
> | 79 43 77 e3 33 1e 5f c5 4e 59 f7 96 a2 b6 b2 a4
> | dd 3d ed f8 ec 98 9f 0a d9 39 a7 fa f6 fb 85 9d
> | 19 dc 53 8f d0 e3 7e 7b 6b 09 bf a3 d1 af 51 02
> | 82 34 0b 87 3d 23 c4 a6 a7 4a ef 31 f9 07 e1 60
> | 6d 7c dc 2b d3 08 98 93 b3 d6 a0 fa 90 93 14 4f
> | d7 ef 48 a0 2e e8 5f 75 e8 8b 16 3d 8a f3 98 77
> | 6c a9 bc f0 a8 1c 2f 1f 6c 5f 25 84 6f 21 29 da
> | ca 2f 6a 3c 83 50 6e fa 55 4e d9 9d 7c 88 2b b7
> | 7b a8 91 ad 0e 06 f6 72 22 ba 9d f1 fb 65 9a 22
> | 02 97 c3 5c 5b 29 12 d6 11 c3 74 d0 88 ad af 72
> | f7 4e 0b f5 a1 96 9b 31 37 74 37 a2 ad 6f 75 12
> | b9 89 7c 6c 53 bf 90 a8 2e a7 22 04 d3 9c df 12
> | df ca c6 44 7c b2 1b 31 a3 07 8e 07 0e cd d5 ec
> | 51 10 70 d2 ea 11 e7 ce 36 4f 96 db e5 41 7e c4
> | 0d 36 bd 24 d6 b3 6e 4f ac b1 df 1e 52 a1 8d fe
> | 8a c1 06 48 3f e3 53 b2 4f 4b 12 55 96 05 42 8a
> | 7f ef ca 89 88 0a ff 59 16 48 73 cf aa 75 b5 05
> | 7f c1 b0 f3 d0 9e f3 69 c8 60 d7 42 a1 1d c7 66
> | 20 6b 67 da 37 76 fb 4a 31 77 08 7c 72 b1 0e f3
> | f9 cd 03 b4 e4 57 83 d1 56 d5 0a fc 0c 33 00 e9
> | 55 64 7c d3 9b 64 d6 c9 98 50 19 52 8d 5a 0e e0
> | 56 5d 1c d3 71 06 6f 7a 24 c8 46 a7 0c 94 a0 8b
> | c5 d7 ed 94 47 87 c3 7a 8a a8 c4 20 e4 fe ee 78
> | be d7 37 b5 9b 71 5c 45 e6 5c 07 8c 63 23 fe 03
> | fe 25 c9 f9 f5 33 9c cc be fe e3 cb 5f a6 b9 99
> | fc 1d 87 b4 0c f3 64 e3 22 fb 3f 90 67 12 4f ff
> | c1 95 21 83 1b fc 2f d7 e0 8c 84 50 24 17 20 e0
> | 76 6a 8c 40 76 5d c9 a9 b7 58 14 0b e8 5a e4 b5
> | bd a1 18 ec 22 3d d2 73 6c 19 38 f3 1c 1f 83 cd
> | 6c 3a ae 0f 0d 06 e1 77 57 ca 33 ca 69 d2 05 94
> | bc e2 35 b4 6c a0 e8 20 66 47 da f5 63 6a b8 fa
> | 61 18 96 6c 72 47 51 3a 9e 69 df ba af 86 06 a3
> | b1 22 5d 2c 7c c9 0a 47 2d 4e 8b d7 d1 7f b5 61
> | 67 5c 15 60 4f de e2 a0 cb 57 79 0b 68 34 8a c0
> | 8c a0 d5 27 c6 84 72 a9 65 46 70 f3 98 04 89 e6
> | 96 b7 92 6b ec 14 6e 23 b7 bd 6b 22 07 a5 b3 f6
> | c3 af 41 21 6a 4d e9 31 9e a4 5c 20 39 94 a4 e7
> | fe 4a 43 b3 09 e1 bd 54 28 bb 74 ce 6e 9e 5c 06
> | b6 e1 7d d4 ce ce c7 db ed 9a f4 99 97 48 d6 5b
> | e6 69 bd 14 06 0d f8 07 6f 62 ba 2d da 0d 50 78
> | 9d ea 49 d1 40 88 51 70 89 22 40 14 2b ed 75 c2
> | e6 bf fc 6a 81 a5 71 7c 96 dd b7 21 71 78 aa 6f
> | 09 eb 92 9a 8f 01 62 2d 4d a8 71 75 ab d8 95 1a
> | 8c ba 04 4b 54 2d dc 71 7b 25 f9 4f 5f c7 df 03
> | e5 0e 5e ad 20 ed b3 d5 17 7c d2 94 48 44 dc a8
> | be 9b fe 3e cf 31 4b 7e ac a6 99 ad e5 20 5a bc
> | 05 86 ee 7a 69 bb b0 a5 1b 8b 1d 3c b4 20 d1 72
> | 72 8b fe 75 2a b3 e7 35 d1 28 5a 64 ab bc db 0d
> | 22 b2 b7 44 6b 3b 36 1e 51 16 5d 68 a3 9c ca e4
> | 7d 2b 2d 1d a3 5f ca 53 e6 20 2d cb 8d 2e 69 6f
> | 8c 65 fb 42 7d 63 40 e7 4a b7 7f 66 50 27 c7 21
> | e2 39 7a fa cc 81 57 ea 4f 29 e1 55 05 75 75 06
> | 3e ae 46 26 47 da d1 78 41 2b 6b 47 ad 2e 76 e0
> | ee 46 49 2d 56 60 44 8c 9b 62 c0 95 be 30 09 9f
> | a7 9b 91 8b 2a c9 d4 a4 64 8a 2c ac 4d c8 d0 8c
> | 08 42 fa d0 9d 5f 32 be c4 4d a4 d0 f4 2e 1a 2a
> | c0 f8 5f b3 1a 9d 59 9b 56 54 35 bb 33 01 39 87
> | 68 04 b7 f4 1d ff 41 1f dc 96 28 c6 7b 4e b0 75
> | 56 5e 66 19 4a 4f 06 eb 25 1e 67 b1 8f 08 df c4
> | 62 ae 83 a4 79 a9 da 7d 7c 0b dc 26 77 03 d3 3c
> | ca af d4 6a 2a 1c aa 4e 09 bd 6b c6 3a 83 3a f5
> | ca 6a 41 d8 75 2e 4f 64 f9 d5 1d a2 c8 df f4 bd
> | ce 1f d1 e7 f4 f5 9c 18 7a 8a 83 ed 94 7d d4 36
> | c5 8c df ee 88 5e ed 22 44 51 60 ad a9 dc 26 c5
> | a6 ac 0e eb 82 5d d6 dc 66 c5 0e 20 b7 bd 71 be
> | cb 75 78 c0 b4 fe a8 b7 6c 36 51 33 42 a5 44 bb
> | b1 71 33 d2 ad b7 24 88 d2 d2 4a b9 0b 72 e0 cd
> | d1 1b d0 06 bc 7a 6f 36 31 da 81 52 3d dc 16 ee
> | 19 a0 4b d1 84 af f9 71 f5 04 ba c8 6f 7f 31 b5
> | f6 eb e7 b9 3f 9a 5e 54 e1 1c ba e6 82 57 6f cb
> | 51 eb 60 ed 04 98 cd 27 bc bc 05 a4 50 d6 c6 42
> | b4 c5 19 ea 4f eb 8e 92 e0 28 d0 ff e6 68 6c c0
> | 6d 68 13 a2 b2 2f 2c 1e 87 00 65 18 61 ff 7b 38
> | 76 a1 e4 02 a0 16 06 f4 16 80 62 74 49 7c d5 9a
> | 86 d9 af 3d 7e ba 76 70 bd 53 e7 8f d7 3c 2f 4c
> | 76 c5 41 39 0e f5 95 03 1f 2e 88 00 a2 9a 7e 9a
> | ab 97 bc 5b 33 ff 87 0c c2 d0 57 8f 3b 55 d2 7a
> | e1 35 88 ef d2 e0 44 58 7c 08 04 50 86 26 95 03
> | 4c 32 26 52 de a0 15 6f 69 9d 25 bc e3 9e a8 49
> | e2 f7 93 5b b7 5a 7e 7b bc ad 54 5f dd ba 13 10
> | db 8f d2 38 58 e5 23 ba 0a 56 1f b1 9b 3a 06 62
> | 45 41 ad a7 cf 85 b8 f0 9e e8 c6 26 81 c3 65 5a
> | 99 97 3a 7b 0a 26 9b 1e d2 16 84 db ee ba 40 93
> | fa 1e 88 6b 5b f2 e9 ea 48 4d 0c 44 58 31 54 bb
> | ef 31 d6 17 0d e4 d6 8f 28 5d 4f c7 b5 91 32 d0
> | 31 66 f9 ce 21 94 10 48 bb 21 a2 25 5a ad 05 85
> | 55 10 a8 6e 38 8b e9 4e 79 ab 94 92 73 1c 7d e3
> | 9e d2 79 fe 16 31 c9 df c5 99 d2 d9 8e b4 43 56
> | f4 b2 87 52 71 17 ad f3 63 9d 88 ea eb 89 e2 ae
> | f4 64 61 21 ba 1c 66 b3 58 6f 6b 68 d1 b3 d9 4e
> | d1 8b 14 e7 87 12 ea 6f fa 30 83 ec 6d f6 a9 72
> | 27 23 1a 4c eb 8e 8c af 0b 6f 06 36 8b 2a 45 40
> | 22 25 e6 2d b3 37 42 3f f9 44 6c 6a b9 b4 ba 8b
> | 7b 2c bc b1 97 fe 41 60 c9 c6 3d 4f f0 13 a3 b4
> | 7e a8 8c 25 b0 ac d1 8e c4 ea bb df e1 65 58 5b
> | d2 89 a5 78 e8 bb ec b3 17 96 73 bb d8 a5 c1 c5
> | a8 bf 83 e1 7c fd 11 08 99 a3 56 58 ed e5 12 f7
> | be 5e 8b ca 93 05 7c b7 49 08 5c 34 e7 b6 96 7c
> | 0c 57 d8 b0 74 d8 88 58 98 94 55 cc f0 e6 f6 75
> | 38 32 5e ba 21 3f 34 94 d3 56 24 1d 93 d0 52 0f
> | 69 73 c7 3a f3 77 e3 eb c3 79 bd 63 a0 df 78 d4
> | 98 c2 75 3d 3b b0 22 03 18 91 c8 1b 76 7c 7c fd
> | 1b 9c 7c cf 51 9f a9 bd 01 ab 81 8a 1e 6c 56 22
> | b5 91 f2 c8 6b bf ff 33 1a 51 2d 7b 42 82 cf 1a
> | 67 ad f8 9e 35 6a 6d ca da 6d a3 b0 05 ae 40 4e
> | 36 d0 65 9c b9 75 f2 6c b8 ed 2d 0a bf 18 e2 69
> | 9c 25 7c 56 bf 8a fe ea 1a e2 d4 83 21 f8 17 be
> | a8 56 00 88 4c f7 01 73 19 53 81 14 42 dc 48 7e
> | ae db e0 9b bc 3b 30 2f a6 ef 16 29 61 54 c8 ad
> | f3 7a b4 c8 4c 91 73 e5 55 a6 72 e1 e6 94 9e e2
> | 97 29 f9 0c 5b 0b de 0b eb 91 fc a7 09 a3 4e 16
> | 71 b3 f8 53 3f 52 c0 3e 05 d0 3f 9c 59 76 16 0d
> | 8c 21 e0 b0 ff 38 37 0b 4f 68 87 0f 07 c8 0e 39
> | c3 1a b7 c1 4f 17 88 60 d0 cd 39 6b
> | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
> | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
> |
> | *received 364 bytes from <peer's fw's public ip>:500 on eth0
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 04 10 02 00 00 00 00 00 00 00 01 6c 0a 00 01 04
> | 79 5e 5b ca 4e a9 7e 20 b9 f0 5c be ee da 41 e3
> | 06 2b db 03 96 47 86 8e fa 05 26 21 8f 80 b1 52
> | 57 a2 1c 93 8d 2a c0 6b 2b 0a d7 01 92 ce a1 8a
> | 18 96 ae a9 b2 00 46 90 33 b2 99 59 ca 7e db 6b
> | 43 5a 29 e7 c9 c2 84 68 05 68 57 a5 ff a0 f6 68
> | ca 4b b1 0f bc a8 2f 29 25 d5 b7 14 43 74 23 1e
> | fa fd 79 df 36 5c c2 65 2f 91 3b 7f 81 5a 90 c3
> | ca e3 4d 19 4e 52 10 e7 6e 77 87 2c 56 ad 4c 40
> | 93 2c 86 ec 2e 57 86 86 ed 7d 85 f4 18 55 52 0d
> | a8 7c 43 f0 a2 17 e1 2d 9a 47 a0 80 ed bf 85 f3
> | 7e 68 7b e3 75 52 a9 41 aa 96 4d 89 02 38 0f 03
> | 57 0a 25 96 5a 0e 70 92 50 92 fe e9 db bf 1b 0f
> | 49 45 77 ce 8a b8 a1 09 5d b5 e8 d7 d2 89 e3 d0
> | 3d 2d 9d eb a0 52 91 6d 4d f8 8b a1 a4 af 16 40
> | 2b f7 3b 2f fc 81 78 a0 ed 56 a4 7c ac 29 be 0c
> | f9 ff c2 22 4e 22 8e d5 19 ba 94 3a f5 45 a4 88
> | 07 00 00 14 b5 5d 45 16 f5 91 85 db 46 08 d3 0e
> | 0a 80 5c 54 14 00 00 05 04 14 00 00 18 f7 25 56
> | fa 59 5f 57 0b 4f 65 28 82 ee 39 3b 1d 56 fc 0b
> | d3 00 00 00 18 68 82 7d e3 30 da 2e ca ab 55 77
> | f5 52 c1 ae f7 ad 04 c1 c4 00 00 00
> | **parse ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_KE
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 364
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | state object #1 found, in STATE_MAIN_I3
> "company" #1: discarding duplicate packet; already STATE_MAIN_I3
> | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
> |
> | *time to handle event
> | event after this is EVENT_RETRANSMIT in 10 seconds
> | next event EVENT_RETRANSMIT in 10 seconds for #1
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | a3 c0 50 38 88 fa 29 3a 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | a3 c0 50 38 88 fa 29 3a
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #1
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3569 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #1
> | sending 2140 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 05 10 02 01 00 00 00 00 00 00 08 5c 3c 52 54 d8
> | cd 11 73 6a aa f4 f1 8c e2 22 82 45 f6 1c 68 0a
> | 19 51 50 1d af b3 56 11 85 e1 d7 1b 2d 54 31 10
> | cb 5b 1e 4c 2d 41 c7 1d 9d a7 3f c6 a5 a0 0a fb
> | a6 97 7d 8a a1 0e 71 24 46 ae ad 52 c9 d3 a3 6f
> | 80 04 5d c1 45 7b ee 95 0a c8 e1 44 be 25 71 c8
> | 11 5a 1e 50 a7 e8 75 0a e6 d7 a5 c7 27 24 1f 76
> | 8d ab 31 58 f7 dc e8 ba 0d ec d0 0a d9 9a 0b 5a
> | 5b 6c 94 8a 45 aa 53 3e c5 d5 a4 2d dd 6a 46 53
> | 79 47 48 f4 e8 86 1d 18 50 a8 d8 1b 0f ef 6b ba
> | 5d ac d5 80 80 9a d0 e8 50 ce 30 1f b9 6b be a0
> | bc 97 f0 f0 14 19 7d 0a 68 0c 19 71 42 a3 37 f1
> | 09 e1 44 ea a6 db 22 1c e9 93 e6 2b 6e e4 25 a8
> | 22 51 1e eb d9 cf c5 b4 b8 49 f2 e6 f3 48 41 e0
> | ef ed 22 a4 44 1d c2 65 71 50 b4 0c 21 9c eb 77
> | 70 f4 02 2c 0c eb 51 8d 46 6b 6e 62 09 75 1a f8
> | c5 3b f9 21 5d a0 bd ac 83 e4 07 19 04 48 79 ad
> | c5 22 71 bb 8e 65 0c a8 cb db 9b fe e9 2b 94 87
> | 1d 6a e3 c4 e6 16 73 3a f3 f9 41 23 41 39 c0 11
> | 79 43 77 e3 33 1e 5f c5 4e 59 f7 96 a2 b6 b2 a4
> | dd 3d ed f8 ec 98 9f 0a d9 39 a7 fa f6 fb 85 9d
> | 19 dc 53 8f d0 e3 7e 7b 6b 09 bf a3 d1 af 51 02
> | 82 34 0b 87 3d 23 c4 a6 a7 4a ef 31 f9 07 e1 60
> | 6d 7c dc 2b d3 08 98 93 b3 d6 a0 fa 90 93 14 4f
> | d7 ef 48 a0 2e e8 5f 75 e8 8b 16 3d 8a f3 98 77
> | 6c a9 bc f0 a8 1c 2f 1f 6c 5f 25 84 6f 21 29 da
> | ca 2f 6a 3c 83 50 6e fa 55 4e d9 9d 7c 88 2b b7
> | 7b a8 91 ad 0e 06 f6 72 22 ba 9d f1 fb 65 9a 22
> | 02 97 c3 5c 5b 29 12 d6 11 c3 74 d0 88 ad af 72
> | f7 4e 0b f5 a1 96 9b 31 37 74 37 a2 ad 6f 75 12
> | b9 89 7c 6c 53 bf 90 a8 2e a7 22 04 d3 9c df 12
> | df ca c6 44 7c b2 1b 31 a3 07 8e 07 0e cd d5 ec
> | 51 10 70 d2 ea 11 e7 ce 36 4f 96 db e5 41 7e c4
> | 0d 36 bd 24 d6 b3 6e 4f ac b1 df 1e 52 a1 8d fe
> | 8a c1 06 48 3f e3 53 b2 4f 4b 12 55 96 05 42 8a
> | 7f ef ca 89 88 0a ff 59 16 48 73 cf aa 75 b5 05
> | 7f c1 b0 f3 d0 9e f3 69 c8 60 d7 42 a1 1d c7 66
> | 20 6b 67 da 37 76 fb 4a 31 77 08 7c 72 b1 0e f3
> | f9 cd 03 b4 e4 57 83 d1 56 d5 0a fc 0c 33 00 e9
> | 55 64 7c d3 9b 64 d6 c9 98 50 19 52 8d 5a 0e e0
> | 56 5d 1c d3 71 06 6f 7a 24 c8 46 a7 0c 94 a0 8b
> | c5 d7 ed 94 47 87 c3 7a 8a a8 c4 20 e4 fe ee 78
> | be d7 37 b5 9b 71 5c 45 e6 5c 07 8c 63 23 fe 03
> | fe 25 c9 f9 f5 33 9c cc be fe e3 cb 5f a6 b9 99
> | fc 1d 87 b4 0c f3 64 e3 22 fb 3f 90 67 12 4f ff
> | c1 95 21 83 1b fc 2f d7 e0 8c 84 50 24 17 20 e0
> | 76 6a 8c 40 76 5d c9 a9 b7 58 14 0b e8 5a e4 b5
> | bd a1 18 ec 22 3d d2 73 6c 19 38 f3 1c 1f 83 cd
> | 6c 3a ae 0f 0d 06 e1 77 57 ca 33 ca 69 d2 05 94
> | bc e2 35 b4 6c a0 e8 20 66 47 da f5 63 6a b8 fa
> | 61 18 96 6c 72 47 51 3a 9e 69 df ba af 86 06 a3
> | b1 22 5d 2c 7c c9 0a 47 2d 4e 8b d7 d1 7f b5 61
> | 67 5c 15 60 4f de e2 a0 cb 57 79 0b 68 34 8a c0
> | 8c a0 d5 27 c6 84 72 a9 65 46 70 f3 98 04 89 e6
> | 96 b7 92 6b ec 14 6e 23 b7 bd 6b 22 07 a5 b3 f6
> | c3 af 41 21 6a 4d e9 31 9e a4 5c 20 39 94 a4 e7
> | fe 4a 43 b3 09 e1 bd 54 28 bb 74 ce 6e 9e 5c 06
> | b6 e1 7d d4 ce ce c7 db ed 9a f4 99 97 48 d6 5b
> | e6 69 bd 14 06 0d f8 07 6f 62 ba 2d da 0d 50 78
> | 9d ea 49 d1 40 88 51 70 89 22 40 14 2b ed 75 c2
> | e6 bf fc 6a 81 a5 71 7c 96 dd b7 21 71 78 aa 6f
> | 09 eb 92 9a 8f 01 62 2d 4d a8 71 75 ab d8 95 1a
> | 8c ba 04 4b 54 2d dc 71 7b 25 f9 4f 5f c7 df 03
> | e5 0e 5e ad 20 ed b3 d5 17 7c d2 94 48 44 dc a8
> | be 9b fe 3e cf 31 4b 7e ac a6 99 ad e5 20 5a bc
> | 05 86 ee 7a 69 bb b0 a5 1b 8b 1d 3c b4 20 d1 72
> | 72 8b fe 75 2a b3 e7 35 d1 28 5a 64 ab bc db 0d
> | 22 b2 b7 44 6b 3b 36 1e 51 16 5d 68 a3 9c ca e4
> | 7d 2b 2d 1d a3 5f ca 53 e6 20 2d cb 8d 2e 69 6f
> | 8c 65 fb 42 7d 63 40 e7 4a b7 7f 66 50 27 c7 21
> | e2 39 7a fa cc 81 57 ea 4f 29 e1 55 05 75 75 06
> | 3e ae 46 26 47 da d1 78 41 2b 6b 47 ad 2e 76 e0
> | ee 46 49 2d 56 60 44 8c 9b 62 c0 95 be 30 09 9f
> | a7 9b 91 8b 2a c9 d4 a4 64 8a 2c ac 4d c8 d0 8c
> | 08 42 fa d0 9d 5f 32 be c4 4d a4 d0 f4 2e 1a 2a
> | c0 f8 5f b3 1a 9d 59 9b 56 54 35 bb 33 01 39 87
> | 68 04 b7 f4 1d ff 41 1f dc 96 28 c6 7b 4e b0 75
> | 56 5e 66 19 4a 4f 06 eb 25 1e 67 b1 8f 08 df c4
> | 62 ae 83 a4 79 a9 da 7d 7c 0b dc 26 77 03 d3 3c
> | ca af d4 6a 2a 1c aa 4e 09 bd 6b c6 3a 83 3a f5
> | ca 6a 41 d8 75 2e 4f 64 f9 d5 1d a2 c8 df f4 bd
> | ce 1f d1 e7 f4 f5 9c 18 7a 8a 83 ed 94 7d d4 36
> | c5 8c df ee 88 5e ed 22 44 51 60 ad a9 dc 26 c5
> | a6 ac 0e eb 82 5d d6 dc 66 c5 0e 20 b7 bd 71 be
> | cb 75 78 c0 b4 fe a8 b7 6c 36 51 33 42 a5 44 bb
> | b1 71 33 d2 ad b7 24 88 d2 d2 4a b9 0b 72 e0 cd
> | d1 1b d0 06 bc 7a 6f 36 31 da 81 52 3d dc 16 ee
> | 19 a0 4b d1 84 af f9 71 f5 04 ba c8 6f 7f 31 b5
> | f6 eb e7 b9 3f 9a 5e 54 e1 1c ba e6 82 57 6f cb
> | 51 eb 60 ed 04 98 cd 27 bc bc 05 a4 50 d6 c6 42
> | b4 c5 19 ea 4f eb 8e 92 e0 28 d0 ff e6 68 6c c0
> | 6d 68 13 a2 b2 2f 2c 1e 87 00 65 18 61 ff 7b 38
> | 76 a1 e4 02 a0 16 06 f4 16 80 62 74 49 7c d5 9a
> | 86 d9 af 3d 7e ba 76 70 bd 53 e7 8f d7 3c 2f 4c
> | 76 c5 41 39 0e f5 95 03 1f 2e 88 00 a2 9a 7e 9a
> | ab 97 bc 5b 33 ff 87 0c c2 d0 57 8f 3b 55 d2 7a
> | e1 35 88 ef d2 e0 44 58 7c 08 04 50 86 26 95 03
> | 4c 32 26 52 de a0 15 6f 69 9d 25 bc e3 9e a8 49
> | e2 f7 93 5b b7 5a 7e 7b bc ad 54 5f dd ba 13 10
> | db 8f d2 38 58 e5 23 ba 0a 56 1f b1 9b 3a 06 62
> | 45 41 ad a7 cf 85 b8 f0 9e e8 c6 26 81 c3 65 5a
> | 99 97 3a 7b 0a 26 9b 1e d2 16 84 db ee ba 40 93
> | fa 1e 88 6b 5b f2 e9 ea 48 4d 0c 44 58 31 54 bb
> | ef 31 d6 17 0d e4 d6 8f 28 5d 4f c7 b5 91 32 d0
> | 31 66 f9 ce 21 94 10 48 bb 21 a2 25 5a ad 05 85
> | 55 10 a8 6e 38 8b e9 4e 79 ab 94 92 73 1c 7d e3
> | 9e d2 79 fe 16 31 c9 df c5 99 d2 d9 8e b4 43 56
> | f4 b2 87 52 71 17 ad f3 63 9d 88 ea eb 89 e2 ae
> | f4 64 61 21 ba 1c 66 b3 58 6f 6b 68 d1 b3 d9 4e
> | d1 8b 14 e7 87 12 ea 6f fa 30 83 ec 6d f6 a9 72
> | 27 23 1a 4c eb 8e 8c af 0b 6f 06 36 8b 2a 45 40
> | 22 25 e6 2d b3 37 42 3f f9 44 6c 6a b9 b4 ba 8b
> | 7b 2c bc b1 97 fe 41 60 c9 c6 3d 4f f0 13 a3 b4
> | 7e a8 8c 25 b0 ac d1 8e c4 ea bb df e1 65 58 5b
> | d2 89 a5 78 e8 bb ec b3 17 96 73 bb d8 a5 c1 c5
> | a8 bf 83 e1 7c fd 11 08 99 a3 56 58 ed e5 12 f7
> | be 5e 8b ca 93 05 7c b7 49 08 5c 34 e7 b6 96 7c
> | 0c 57 d8 b0 74 d8 88 58 98 94 55 cc f0 e6 f6 75
> | 38 32 5e ba 21 3f 34 94 d3 56 24 1d 93 d0 52 0f
> | 69 73 c7 3a f3 77 e3 eb c3 79 bd 63 a0 df 78 d4
> | 98 c2 75 3d 3b b0 22 03 18 91 c8 1b 76 7c 7c fd
> | 1b 9c 7c cf 51 9f a9 bd 01 ab 81 8a 1e 6c 56 22
> | b5 91 f2 c8 6b bf ff 33 1a 51 2d 7b 42 82 cf 1a
> | 67 ad f8 9e 35 6a 6d ca da 6d a3 b0 05 ae 40 4e
> | 36 d0 65 9c b9 75 f2 6c b8 ed 2d 0a bf 18 e2 69
> | 9c 25 7c 56 bf 8a fe ea 1a e2 d4 83 21 f8 17 be
> | a8 56 00 88 4c f7 01 73 19 53 81 14 42 dc 48 7e
> | ae db e0 9b bc 3b 30 2f a6 ef 16 29 61 54 c8 ad
> | f3 7a b4 c8 4c 91 73 e5 55 a6 72 e1 e6 94 9e e2
> | 97 29 f9 0c 5b 0b de 0b eb 91 fc a7 09 a3 4e 16
> | 71 b3 f8 53 3f 52 c0 3e 05 d0 3f 9c 59 76 16 0d
> | 8c 21 e0 b0 ff 38 37 0b 4f 68 87 0f 07 c8 0e 39
> | c3 1a b7 c1 4f 17 88 60 d0 cd 39 6b
> | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
> | next event EVENT_RETRANSMIT in 40 seconds for #1
> |
> | *received 364 bytes from <peer's fw's public ip>:500 on eth0
> | 11 47 e1 b8 ed 32 ac a4 05 e6 ed 3b 49 50 e0 6a
> | 04 10 02 00 00 00 00 00 00 00 01 6c 0a 00 01 04
> | 79 5e 5b ca 4e a9 7e 20 b9 f0 5c be ee da 41 e3
> | 06 2b db 03 96 47 86 8e fa 05 26 21 8f 80 b1 52
> | 57 a2 1c 93 8d 2a c0 6b 2b 0a d7 01 92 ce a1 8a
> | 18 96 ae a9 b2 00 46 90 33 b2 99 59 ca 7e db 6b
> | 43 5a 29 e7 c9 c2 84 68 05 68 57 a5 ff a0 f6 68
> | ca 4b b1 0f bc a8 2f 29 25 d5 b7 14 43 74 23 1e
> | fa fd 79 df 36 5c c2 65 2f 91 3b 7f 81 5a 90 c3
> | ca e3 4d 19 4e 52 10 e7 6e 77 87 2c 56 ad 4c 40
> | 93 2c 86 ec 2e 57 86 86 ed 7d 85 f4 18 55 52 0d
> | a8 7c 43 f0 a2 17 e1 2d 9a 47 a0 80 ed bf 85 f3
> | 7e 68 7b e3 75 52 a9 41 aa 96 4d 89 02 38 0f 03
> | 57 0a 25 96 5a 0e 70 92 50 92 fe e9 db bf 1b 0f
> | 49 45 77 ce 8a b8 a1 09 5d b5 e8 d7 d2 89 e3 d0
> | 3d 2d 9d eb a0 52 91 6d 4d f8 8b a1 a4 af 16 40
> | 2b f7 3b 2f fc 81 78 a0 ed 56 a4 7c ac 29 be 0c
> | f9 ff c2 22 4e 22 8e d5 19 ba 94 3a f5 45 a4 88
> | 07 00 00 14 b5 5d 45 16 f5 91 85 db 46 08 d3 0e
> | 0a 80 5c 54 14 00 00 05 04 14 00 00 18 f7 25 56
> | fa 59 5f 57 0b 4f 65 28 82 ee 39 3b 1d 56 fc 0b
> | d3 00 00 00 18 68 82 7d e3 30 da 2e ca ab 55 77
> | f5 52 c1 ae f7 ad 04 c1 c4 00 00 00
> | **parse ISAKMP Message:
> | initiator cookie:
> | 11 47 e1 b8 ed 32 ac a4
> | responder cookie:
> | 05 e6 ed 3b 49 50 e0 6a
> | next payload type: ISAKMP_NEXT_KE
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 364
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | state object #1 found, in STATE_MAIN_I3
> "company" #1: discarding duplicate packet; already STATE_MAIN_I3
> | next event EVENT_RETRANSMIT in 40 seconds for #1
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | 12 a9 c2 ad 00 f4 08 df 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | 12 a9 c2 ad 00 f4 08 df
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #1
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3529 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #1
> "company" #1: max number of retransmissions (2) reached STATE_MAIN_I3.
> Possible authentication failure: no acceptable response to our first
> encrypted message
> "company" #1: starting keying attempt 2 of at most 3
> | creating state object #2 at 0xb77e7c10
> | ICOOKIE: 48 42 5d 28 b3 f2 41 99
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 22
> | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
> "company" #2: initiating Main Mode to replace #1
> | **emit ISAKMP Message:
> | initiator cookie:
> | 48 42 5d 28 b3 f2 41 99
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | ***emit ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | DOI: ISAKMP_DOI_IPSEC
> | ****emit IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | 7_128-2-14,
> | ****emit ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | transform number: 0
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | [7 is OAKLEY_AES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | [3 is OAKLEY_RSA_SIG]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | [14 is OAKLEY_GROUP_MODP2048]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 36
> | emitting length of ISAKMP Proposal Payload: 44
> | emitting length of ISAKMP Security Association Payload: 56
> | out_vendorid(): sending [strongSwan 4.2.4]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 57 92 d4 b7 0f 02 99 a6 a1 37 3d e2 36 d2 ac
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [Cisco-Unity]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [XAUTH]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 09 00 26 89 df d6 b7 12
> | emitting length of ISAKMP Vendor ID Payload: 12
> | out_vendorid(): sending [Dead Peer Detection]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [RFC 3947]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | emitting length of ISAKMP Vendor ID Payload: 20
> | emitting length of ISAKMP Message: 256
> | sending 256 bytes for main_outI1 through eth0 to <peer's fw's public
> ip>:4500:
> | 48 42 5d 28 b3 f2 41 99 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
> | ICOOKIE: 11 47 e1 b8 ed 32 ac a4
> | RCOOKIE: 05 e6 ed 3b 49 50 e0 6a
> | peer: a5 e4 67 ba
> | state hash entry 28
> | next event EVENT_RETRANSMIT in 10 seconds for #2
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | 12 a9 c2 ad 00 f4 08 df 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | 12 a9 c2 ad 00 f4 08 df
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #2
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3519 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #2
> | sending 256 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 48 42 5d 28 b3 f2 41 99 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2
> | next event EVENT_RETRANSMIT in 20 seconds for #2
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | 12 a9 c2 ad 00 f4 08 df 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | 12 a9 c2 ad 00 f4 08 df
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #2
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3499 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #2
> | sending 256 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 48 42 5d 28 b3 f2 41 99 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #2
> | next event EVENT_RETRANSMIT in 40 seconds for #2
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | ca 62 5e 73 fe fd 1a 03 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | ca 62 5e 73 fe fd 1a 03
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #2
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3459 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #2
> "company" #2: max number of retransmissions (2) reached STATE_MAIN_I1.
> No response (or no acceptable response) to our first IKE message
> "company" #2: starting keying attempt 3 of at most 3
> | creating state object #3 at 0xb77e6408
> | ICOOKIE: 1c 82 2b 72 55 d3 e1 60
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 20
> | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3
> "company" #3: initiating Main Mode to replace #2
> | **emit ISAKMP Message:
> | initiator cookie:
> | 1c 82 2b 72 55 d3 e1 60
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | ***emit ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | DOI: ISAKMP_DOI_IPSEC
> | ****emit IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | 7_128-2-14,
> | ****emit ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****emit ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | transform number: 0
> | transform ID: KEY_IKE
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | [1 is OAKLEY_LIFE_SECONDS]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | [7 is OAKLEY_AES_CBC]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | [2 is OAKLEY_SHA]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | [3 is OAKLEY_RSA_SIG]
> | ******emit ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | [14 is OAKLEY_GROUP_MODP2048]
> | emitting length of ISAKMP Transform Payload (ISAKMP): 36
> | emitting length of ISAKMP Proposal Payload: 44
> | emitting length of ISAKMP Security Association Payload: 56
> | out_vendorid(): sending [strongSwan 4.2.4]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 57 92 d4 b7 0f 02 99 a6 a1 37 3d e2 36 d2 ac
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [Cisco-Unity]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [XAUTH]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 09 00 26 89 df d6 b7 12
> | emitting length of ISAKMP Vendor ID Payload: 12
> | out_vendorid(): sending [Dead Peer Detection]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [RFC 3947]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
> | emitting length of ISAKMP Vendor ID Payload: 20
> | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
> | ***emit ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
> | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | emitting length of ISAKMP Vendor ID Payload: 20
> | emitting length of ISAKMP Message: 256
> | sending 256 bytes for main_outI1 through eth0 to <peer's fw's public
> ip>:4500:
> | 1c 82 2b 72 55 d3 e1 60 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #3
> | ICOOKIE: 48 42 5d 28 b3 f2 41 99
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 22
> | next event EVENT_RETRANSMIT in 10 seconds for #3
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | ca 62 5e 73 fe fd 1a 03 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | ca 62 5e 73 fe fd 1a 03
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #3
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3449 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #3
> | sending 256 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 1c 82 2b 72 55 d3 e1 60 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #3
> | next event EVENT_RETRANSMIT in 20 seconds for #3
> |
> | *received 256 bytes from <peer's fw's public ip>:500 on eth0
> | ca 62 5e 73 fe fd 1a 03 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | **parse ISAKMP Message:
> | initiator cookie:
> | ca 62 5e 73 fe fd 1a 03
> | responder cookie:
> | 00 00 00 00 00 00 00 00
> | next payload type: ISAKMP_NEXT_SA
> | ISAKMP version: ISAKMP Version 1.0
> | exchange type: ISAKMP_XCHG_IDPROT
> | flags: none
> | message ID: 00 00 00 00
> | length: 256
> | ***parse ISAKMP Security Association Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 56
> | DOI: ISAKMP_DOI_IPSEC
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 12
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_VID
> | length: 20
> | ***parse ISAKMP Vendor ID Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 20
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [strongSwan 4.2.4]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [Cisco-Unity]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [XAUTH]
> packet from <peer's fw's public ip>:500: received Vendor ID payload
> [Dead Peer Detection]
> packet from <peer's fw's public ip>:500: received Vendor ID payload [RFC
> 3947]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> packet from <peer's fw's public ip>:500: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> | ****parse IPsec DOI SIT:
> | IPsec DOI SIT: SIT_IDENTITY_ONLY
> | ****parse ISAKMP Proposal Payload:
> | next payload type: ISAKMP_NEXT_NONE
> | length: 44
> | proposal number: 0
> | protocol ID: PROTO_ISAKMP
> | SPI size: 0
> | number of transforms: 1
> | *****parse ISAKMP Transform Payload (ISAKMP):
> | next payload type: ISAKMP_NEXT_NONE
> | length: 36
> | transform number: 0
> | transform ID: KEY_IKE
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_TYPE
> | length/value: 1
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_LIFE_DURATION
> | length/value: 10800
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_ENCRYPTION_ALGORITHM
> | length/value: 7
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_HASH_ALGORITHM
> | length/value: 2
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_KEY_LENGTH
> | length/value: 128
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_AUTHENTICATION_METHOD
> | length/value: 3
> | ******parse ISAKMP Oakley attribute:
> | af+type: OAKLEY_GROUP_DESCRIPTION
> | length/value: 14
> | preparse_isakmp_policy: peer requests RSASIG authentication
> packet from <peer's fw's public ip>:500: initial Main Mode message
> received on 192.168.5.2:500 <http://192.168.5.2:500> but no connection
> has been authorized with policy=RSASIG
> | next event EVENT_RETRANSMIT in 1 seconds for #3
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3429 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #3
> | sending 256 bytes for EVENT_RETRANSMIT through eth0 to <peer's fw's
> public ip>:4500:
> | 1c 82 2b 72 55 d3 e1 60 00 00 00 00 00 00 00 00
> | 01 10 02 00 00 00 00 00 00 00 01 00 0d 00 00 38
> | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
> | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30
> | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03
> | 80 04 00 0e 0d 00 00 14 cd 57 92 d4 b7 0f 02 99
> | a6 a1 37 3d e2 36 d2 ac 0d 00 00 14 12 f5 f2 8c
> | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c
> | 09 00 26 89 df d6 b7 12 0d 00 00 14 af ca d7 13
> | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14
> | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
> | 0d 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92
> | 15 52 9d 56 0d 00 00 14 cd 60 46 43 35 df 21 f8
> | 7c fd b2 fc 68 b6 a4 48 0d 00 00 14 90 cb 80 91
> | 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f 00 00 00 14
> | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
> | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #3
> | next event EVENT_RETRANSMIT in 40 seconds for #3
> |
> | *time to handle event
> | event after this is EVENT_REINIT_SECRET in 3389 seconds
> | handling event EVENT_RETRANSMIT for <peer's fw's public ip> "company" #3
> "company" #3: max number of retransmissions (2) reached STATE_MAIN_I1.
> No response (or no acceptable response) to our first IKE message
> | ICOOKIE: 1c 82 2b 72 55 d3 e1 60
> | RCOOKIE: 00 00 00 00 00 00 00 00
> | peer: a5 e4 67 ba
> | state hash entry 20
> | next event EVENT_REINIT_SECRET in 3389 seconds
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list