[strongSwan] StrongSwan/Racoon interop issue: IDcr mismatch

Rich Lafferty rich at lafferty.ca
Mon Jan 29 21:36:20 CET 2018


Hi,

I'm running StrongSwan 5.5.1 (Ubuntu package) interoperating with Racoon from 
ipsec-tools 0.8.2 and am encountering some phase 2 negotiation issues I'm not 
sure how to resolve. 

(I'm also not sure if the mailing list, or the bug tracker, is the right place
for this so please feel free to direct me to the bug tracker if necessary.)

Some background context: We're running a full IPsec mesh network, and some 
issues in Racoon (and its unmaintanedness) have led us to start replacing it 
with StrongSwan. We're configuring with swanctl, and all of our connections are 
PSK-based transport connections. Our configuration includes 1000+ connection 
entries, of which 300 or so are established at a given time (all 
start_action = trap). We configure strongswan with multiple connections per remote 
host, to account for combinations of internal and NAT'd IPs. (The remote hosts 
are at AWS and Azure, and might establish connections from either.) 

So between two hosts in the same region, we have both a direct (private IP
to private IP) and also one that's NAT'd at both end (public IP to public IP).

The problem:

When Racoon is the initiator and the connections go through NAT, phase 2
negotiation fails with the following error on the Racoon side:
  
       ERROR: mismatched IDcr was returned.

and on the StrongSwan side:

       received ATTRIBUTES_NOT_SUPPORTED error notify

I haven't been able to duplicate it in any other situation (eg. private IP,
StrongSwan being the initiator), but I can reproduce it every time with the
situation described above.

(I should add that I’m bringing it up here because StrongSwan has the
advantage of being maintained, and Racoon doesn’t.)

StrongSwan configuration (on stg-rlafferty-swan15): 

stg-rlafferty-base14_1 {
  version = 1
  local { auth = psk }
  remote { auth = psk }
  proposals = aes128-sha256-modp3072
  encap = yes
  dpd_delay = 20
  reauth_time = 23h
  over_time = 1h
  rand_time = 1h  

  local_addrs = 172.16.0.50
  remote_addrs = 13.57.196.229

  children {
    stg-rlafferty-base14_1 {

      mode = transport
      start_action = trap
      esp_proposals = aes128-sha1-modp3072
      life_time = 8h
      rekey_time = 7h
      rand_time = 1h

    }
  }
}


On the racoon host (stg-rlafferty-base14):

Setkey configuration:

    spdadd 13.57.196.229 172.16.0.50 any -P out prio def + 0 ipsec esp/transport//require;
    spdadd 172.16.0.50 13.57.196.229 any -P in prio def + 0 ipsec esp/transport//require;
    spdadd 172.16.0.194 13.57.50.166 any -P out prio def + 0 ipsec esp/transport//require;
    spdadd 13.57.50.166 172.16.0.194 any -P in prio def + 0 ipsec esp/transport//require;
    spdadd 172.16.0.194 172.16.0.50 any -P out prio def + 0 ipsec esp/transport//require;
    spdadd 172.16.0.50 172.16.0.194 any -P in prio def + 0 ipsec esp/transport//require;

Racoon configuration:

    path pre_shared_key "/etc/racoon/psk.txt";

    remote anonymous {
            exchange_mode main;

            proposal {
                    authentication_method pre_shared_key;
                    dh_group modp3072;
                    encryption_algorithm aes;
                    hash_algorithm sha256;
            }
            generate_policy off;
            nat_traversal force;

            lifetime time 24 hours;

            dpd_delay 20;
    }

    sainfo anonymous {
            pfs_group modp3072;
            encryption_algorithm aes;
            authentication_algorithm hmac_sha256,hmac_sha1;
            compression_algorithm deflate;

            lifetime time 8 hours;
    }

Here's the logs on the strongswan side -- seems straightforward, we receive a
QUICK_MODE request (in fragments), send a response, and then receive an
ATTRIBUTES_NOT_SUPPORTED back. I'd love to have more detail here but I haven't
yet figured out which logging levels I need to turn up, this is with NET, IKE
and ENC all at 3.


Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[NET] <stg-rlafferty-base14_1|703> received packet: from 13.57.196.229[4500] to 172.16.0.50[4500] (548 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[ENC] <stg-rlafferty-base14_1|703> payload type FRAGMENT was not encrypted
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[ENC] <stg-rlafferty-base14_1|703> could not decrypt payloads
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[IKE] <stg-rlafferty-base14_1|703> integrity check failed
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[ENC] <stg-rlafferty-base14_1|703> generating INFORMATIONAL_V1 request 4261518401 [ HASH N(INVAL_HASH) ]
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[NET] <stg-rlafferty-base14_1|703> sending packet: from 172.16.0.50[4500] to 13.57.196.229[4500] (92 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[IKE] <stg-rlafferty-base14_1|703> QUICK_MODE request with message ID 0 processing failed
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 29[ENC] <stg-rlafferty-base14_1|703> received fragment #1, waiting for complete IKE message
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[NET] <stg-rlafferty-base14_1|703> received packet: from 13.57.196.229[4500] to 172.16.0.50[4500] (144 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> payload type FRAGMENT was not encrypted
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> could not decrypt payloads
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[IKE] <stg-rlafferty-base14_1|703> integrity check failed
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> generating INFORMATIONAL_V1 request 240162305 [ HASH N(INVAL_HASH) ]
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[NET] <stg-rlafferty-base14_1|703> sending packet: from 172.16.0.50[4500] to 13.57.196.229[4500] (92 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[IKE] <stg-rlafferty-base14_1|703> QUICK_MODE request with message ID 0 processing failed
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> received fragment #2, reassembling fragmented IKE message
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[NET] <stg-rlafferty-base14_1|703> received packet: from 13.57.196.229[4500] to 172.16.0.50[4500] (620 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> parsed QUICK_MODE request 2935430086 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[ENC] <stg-rlafferty-base14_1|703> generating QUICK_MODE response 2935430086 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 21[NET] <stg-rlafferty-base14_1|703> sending packet: from 172.16.0.50[4500] to 13.57.196.229[4500] (604 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 24[NET] <stg-rlafferty-base14_1|703> received packet: from 13.57.196.229[4500] to 172.16.0.50[4500] (92 bytes)
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 24[ENC] <stg-rlafferty-base14_1|703> parsed INFORMATIONAL_V1 request 3359724485 [ HASH N(ATTR_UNSUP) ]
Jan 29 19:07:53 stg-rlafferty-swan15 charon: 24[IKE] <stg-rlafferty-base14_1|703> received ATTRIBUTES_NOT_SUPPORTED error notify


Here's the racoon logs. You'll see the key ERROR message,

    ERROR: mismatched IDcr was returned.

at the end of the excerpt. I've also put newlines on either side of the debug
entry showing (sent? received?) IDcr.

Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pk_recv: retry[0] recv()
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: got pfkey ACQUIRE message
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: suitable outbound SP found: 172.16.0.194/32[0] 13.57.50.166/32[0] proto=any dir=out.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0d9f0: 0.0.0.0/0[0] 0.0.0.0/0[0] proto=icmp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0db40: 0.0.0.0/0[0] 0.0.0.0/0[0] proto=icmp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0dc90: 0.0.0.0/0[0] 0.0.0.0/0[0] proto=icmp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0dde0: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=udp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0df30: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=udp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e080: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=udp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e1d0: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=udp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e320: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=udp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e470: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=udp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e5c0: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e710: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e860: 0.0.0.0/0[7946] 0.0.0.0/0[0] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0e9b0: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0eb00: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0ec50: 0.0.0.0/0[0] 0.0.0.0/0[7946] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0eda0: 0.0.0.0/0[443] 0.0.0.0/0[0] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0eef0: 0.0.0.0/0[443] 0.0.0.0/0[0] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f040: 0.0.0.0/0[443] 0.0.0.0/0[0] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f190: 0.0.0.0/0[0] 0.0.0.0/0[443] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f2e0: 0.0.0.0/0[0] 0.0.0.0/0[443] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f430: 0.0.0.0/0[0] 0.0.0.0/0[443] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f580: 0.0.0.0/0[22] 0.0.0.0/0[0] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f6d0: 0.0.0.0/0[22] 0.0.0.0/0[0] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f820: 0.0.0.0/0[22] 0.0.0.0/0[0] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0f970: 0.0.0.0/0[0] 0.0.0.0/0[22] proto=tcp dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0fac0: 0.0.0.0/0[0] 0.0.0.0/0[22] proto=tcp dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0fc10: 0.0.0.0/0[0] 0.0.0.0/0[22] proto=tcp dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0c270: 172.16.0.50/32[0] 172.16.0.194/32[0] proto=any dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0c4f0: 172.16.0.50/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0c640: 172.16.0.194/32[0] 172.16.0.50/32[0] proto=any dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0ca30: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=fwd
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sub:0x7ffe8065bd00: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: db :0x7fd00ec0cb80: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: suitable inbound SP found: 13.57.50.166/32[0] 172.16.0.194/32[0] proto=any dir=in.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: new acquire 172.16.0.194/32[0] 13.57.50.166/32[0] proto=any dir=out
Jan 29 19:07:53 stg-rlafferty-base14 racoon: [13.57.50.166] DEBUG: configuration "anonymous" selected.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: getsainfo params: loc='172.16.0.194' rmt='13.57.50.166' peer='NULL' client='NULL' id=0
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: evaluating sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: check and compare ids : values matched (ANONYMOUS)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: check and compare ids : values matched (ANONYMOUS)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: selected sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-sha256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:   (trns_id=AES encklen=128 authtype=hmac-sha)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: in post_acquire
Jan 29 19:07:53 stg-rlafferty-base14 racoon: [13.57.50.166] DEBUG: configuration "anonymous" selected.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin QUICK mode.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: ===
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin QUICK mode.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute IV for phase2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase1 last IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
10da9709 c6644925 5b2c266f 08788c9a aef71bc6
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash(sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase2 IV computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
a0ee8670 f90ed1fe 22555be9 cbc01800
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: call pfkey_send_getspi
Jan 29 19:07:53 stg-rlafferty-base14 racoon: INFO: initiate new phase 2 negotiation: 172.16.0.194[4500]<=>13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: INFO: NAT detected -> UDP encapsulation (ENC_MODE 2->4).
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pfkey GETSPI sent: ESP/Transport 13.57.50.166[0]->172.16.0.194[0]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pfkey getspi sent.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pk_recv: retry[0] recv()
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: got pfkey GETSPI message
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pfkey GETSPI succeeded: ESP/Transport 13.57.50.166[500]->172.16.0.194[500] spi=204317062(0xc2da186)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(modp3072)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(modp3072)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(modp3072)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(modp3072)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(modp3072)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute DH's private.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
7fff0fa6 0b57df82 ae089f51 160690cb b184b559 4d063b99 db6c9a26 9f1ea568
689c283c 08991612 533110c3 54162c86 543c0cde 491e0968 25eb33bf 99392870
f6522bf7 3acd117e a667bd1d faedc1b6 f7e1431c adfbf2ba fc3c1aac 6668df19
e41ae00d 58bf742e 354dda26 0e196be5 534337fb 27e1d96e da13611c 5dbc08bf
5fd8f05e 1cf6c928 bd081f7a 4d7713ce 238ee9e9 5d17bec2 f6fb7103 7d78ecb8
94ea597e a5cda6de 4e941ee0 3b64ef36 ebb3f162 ded5dbeb f5b0a5a8 24202c33
3ac83772 aa9bb6c0 a5839b22 d1f25240 052ed772 725ace83 2b1ecc6d e1d49736
5e12e3ec 47d9769b 59ea7291 26e1b3f0 d8c826ca 8a352df7 36e85fb0 303b29b0
9e6f8ec6 e31a0992 36fd06ae 516b8a66 3849277f 77e8d815 b4f7dc35 73a09c48
4099c9b6 3c644411 d9ea82e5 87e5d1f9 9ce7665d 9e3becfd be3398ae 91fc81d9
d5364310 f044d79e f04bdaa7 8f4bd496 005b1eee f4609b4b 6f04ac8f dfef6c4f
f4674137 d05cf483 ad4055a6 8267eada d706b500 d8ab995e a0f1d61b 62922951
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute DH's public.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
5e6fdcbf 6f49282f b6ca7476 8eb7883e 63aa9e4f b95d83d1 0d737e20 1be61ade
91bcca6a 8c292072 31186948 236a4d34 937d8300 d66f024f dd9486bb 1e44e597
fcc40e80 b2345e8f 20aa9b98 42016e26 b2b14339 aeec051b 4624ea5e ef9de8ae
c39a0225 54750126 ae81479d a741be47 3ce8deca bac2648c ca096c1c 6e2e7988
481d5095 e86afa18 f3bfe0ae a0cbcfac 50484932 176cf6a2 67dd7e6d 78782f5d
9939a687 30f847f9 4001001f 5af495c6 37be9cae 46ba6040 62570c65 0d2bd0d3
d29cd1ee fee4d162 d43415cf 93f58a26 ef38e361 a875dbe2 3fcb4ec7 5ea96a59
2900caa5 c4bc1a29 f0ab5117 cae3ccd8 fbf57195 7b611a04 66970b8c 1c866473
14493546 332b4c5d 3fca12a2 3394a5ae 9060bde1 54eb312e 85197a55 1b945a2a
f5565acc 36a0d480 048587f9 547abd23 01e26d3d fa60ecad 05bfe64b 4461b669
0204ed79 57492eb4 bc18f210 e887bdc1 f2635740 d92371eb 8065c2c6 a5722b8e
ed3e6558 39293e94 be3218e2 1c8ddebd ec8a8395 7c88381c 57e8c954 0e45b580
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: use local ID type IPv4_address
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: use remote ID type IPv4_address
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IDci:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01000000 ac1000c2

Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IDcr:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01000000 0d3932a6

Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: NAT-OAi:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01001194 ac1000c2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: NAT-OAr:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01001194 0d3932a6
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 84, next type 10
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 16, next type 4
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 384, next type 5
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 8, next type 5
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 8, next type 21
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 8, next type 21
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 8, next type 0
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH with:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
aef71bc6 0a000058 00000001 00000001 0000004c 01030402 0c2da186 03000020
010c0000 80010001 80027080 80040004 80060080 80050005 8003000f 00000020
020c0000 80010001 80027080 80040004 80060080 80050002 8003000f 04000014
9dfdd3c2 2a01f352 e2b56b91 e075d6c9 05000184 5e6fdcbf 6f49282f b6ca7476
8eb7883e 63aa9e4f b95d83d1 0d737e20 1be61ade 91bcca6a 8c292072 31186948
236a4d34 937d8300 d66f024f dd9486bb 1e44e597 fcc40e80 b2345e8f 20aa9b98
42016e26 b2b14339 aeec051b 4624ea5e ef9de8ae c39a0225 54750126 ae81479d
a741be47 3ce8deca bac2648c ca096c1c 6e2e7988 481d5095 e86afa18 f3bfe0ae
a0cbcfac 50484932 176cf6a2 67dd7e6d 78782f5d 9939a687 30f847f9 4001001f
5af495c6 37be9cae 46ba6040 62570c65 0d2bd0d3 d29cd1ee fee4d162 d43415cf
93f58a26 ef38e361 a875dbe2 3fcb4ec7 5ea96a59 2900caa5 c4bc1a29 f0ab5117
cae3ccd8 fbf57195 7b611a04 66970b8c 1c866473 14493546 332b4c5d 3fca12a2
3394a5ae 9060bde1 54eb312e 85197a55 1b945a2a f5565acc 36a0d480 048587f9
547abd23 01e26d3d fa60ecad 05bfe64b 4461b669 0204ed79 57492eb4 bc18f210
e887bdc1 f2635740 d92371eb 8065c2c6 a5722b8e ed3e6558 39293e94 be3218e2
1c8ddebd ec8a8395 7c88381c 57e8c954 0e45b580 0500000c 01000000 ac1000c2
1500000c 01000000 0d3932a6 1500000c 01001194 ac1000c2 0000000c 01001194
0d3932a6
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(hmac_sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
83160d73 2e2a749d c8898674 5a91aeb9 87723b87 de3f08de cdff3d0c 936ee4ab
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: add payload of len 32, next type 1
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin encryption.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pad length = 12
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01000024 83160d73 2e2a749d c8898674 5a91aeb9 87723b87 de3f08de cdff3d0c
936ee4ab 0a000058 00000001 00000001 0000004c 01030402 0c2da186 03000020
010c0000 80010001 80027080 80040004 80060080 80050005 8003000f 00000020
020c0000 80010001 80027080 80040004 80060080 80050002 8003000f 04000014
9dfdd3c2 2a01f352 e2b56b91 e075d6c9 05000184 5e6fdcbf 6f49282f b6ca7476
8eb7883e 63aa9e4f b95d83d1 0d737e20 1be61ade 91bcca6a 8c292072 31186948
236a4d34 937d8300 d66f024f dd9486bb 1e44e597 fcc40e80 b2345e8f 20aa9b98
42016e26 b2b14339 aeec051b 4624ea5e ef9de8ae c39a0225 54750126 ae81479d
a741be47 3ce8deca bac2648c ca096c1c 6e2e7988 481d5095 e86afa18 f3bfe0ae
a0cbcfac 50484932 176cf6a2 67dd7e6d 78782f5d 9939a687 30f847f9 4001001f
5af495c6 37be9cae 46ba6040 62570c65 0d2bd0d3 d29cd1ee fee4d162 d43415cf
93f58a26 ef38e361 a875dbe2 3fcb4ec7 5ea96a59 2900caa5 c4bc1a29 f0ab5117
cae3ccd8 fbf57195 7b611a04 66970b8c 1c866473 14493546 332b4c5d 3fca12a2
3394a5ae 9060bde1 54eb312e 85197a55 1b945a2a f5565acc 36a0d480 048587f9
547abd23 01e26d3d fa60ecad 05bfe64b 4461b669 0204ed79 57492eb4 bc18f210
e887bdc1 f2635740 d92371eb 8065c2c6 a5722b8e ed3e6558 39293e94 be3218e2
1c8ddebd ec8a8395 7c88381c 57e8c954 0e45b580 0500000c 01000000 ac1000c2
1500000c 01000000 0d3932a6 1500000c 01001194 ac1000c2 0000000c 01001194
0d3932a6 c8dac3f3 9cc4b9d0 fc92d30b
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: with key:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
9a5ddb91 73d7cbd4 2e238087 df310997
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encrypted payload by IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
a0ee8670 f90ed1fe 22555be9 cbc01800
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: save IV for next:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
1563e606 7dd0f3e2 84780af2 3b037ce2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encrypted.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 620 bytes from 172.16.0.194[4500] to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: Adding NON-ESP marker
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 552 bytes from 172.16.0.194[4500] to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sockname 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: send packet from 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: send packet to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: src4 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: dst4 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 1 times of 552 bytes message will be sent to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
00000000 25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 84102001 00000000 00000224
00000208 00010100 25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08102001 aef71bc6
0000026c 54fb8f30 af51a70a 530c2a1f d905cf74 3daf0be7 2bc9fe48 660deacf
77d6591e d71ecf95 10e9dd25 a30f6b69 0b6062a7 3e41632d 62db8b02 b528995e
1b63a457 06a2812b 1cb86286 b3970191 bb6b31ff d6b5e686 524463aa 84c7bd57
59e2394d 2d5e09f5 b8d59a4f c4c60a84 eb424f19 5849fc55 58ad70b2 b268ea8f
11d7987c 4500c5db c9656c71 c8749336 7356bd08 cd298b8a 54a68aea 526c9837
3b49f860 d2b3b086 36b99ad3 7cbdb695 17f9dc1f c5e760d2 d62e0e21 a9041cf7
67375491 18b5d33f 0ee5187a 7a5504f3 c58c9fd6 ddc9169b 0624eb1c 4514b9fb
252eac51 0ce7719a 629ee86a b1fa9371 05e0481d dd2e2854 5015095b 8eee622e
6510113f 0679258c ee6a2690 b7260fea 4e8a1376 6c89820c 7ee90f5f b92c036e
11b69c09 1db60c18 79be44b7 34460a85 68a0ab6c 18ad8e5e f885da45 13354efe
f52c2d60 b66ef875 12f8da02 be39c80e 9225b4d5 bc55fd35 791e1df0 4a1a9629
fa4fa35e 90ff9d50 cc2b7254 4347a7cf 5a60a8cd c8238b9f 9abf3e2e 58dc43c1
6839219c 8a860abc ef0dce06 bba248af 36fac86b 91eaf3db a13107a4 8a15a247
9bc9fb95 0e87758b 16e58c4d e93f356f 256e3a14 84101fa5 68d1f702 ffa58312
d617d67e c4ad2bd3 b523fa73 2e261809 64a216ed 77c4a4cc 18a3472a c5f5ff7d
9b31c4e7 8a508c29
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: Adding NON-ESP marker
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 148 bytes from 172.16.0.194[4500] to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: sockname 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: send packet from 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: send packet to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: src4 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: dst4 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 1 times of 148 bytes message will be sent to 13.57.50.166[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
00000000 25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 84102001 00000000 00000090
00000074 00010201 b6912b2d 743e94a9 5d6f2065 29b4a0c5 74a0de98 09ae2648
4dc3bb65 b2c3b3bc 59bcefe5 81026ac2 0134e627 d10b5e6c f4105910 271e167e
5610cba1 d77d6fba 7669278b fba4830f 4d53d773 72bcc956 137a87e2 81dbe788
9740a7ad 1563e606 7dd0f3e2 84780af2 3b037ce2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: resend phase2 packet 25cb3f95eeb7b1f4:c41270b3dfc67b4f:0000aef7
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: ===
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 92 bytes message received from 13.57.50.166[4500] to 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08100501 fe019c41 0000005c be728bd3
28243709 79f5493f 5a62679a d87f73a2 4d8e0731 1f690a72 c5f12f6a 62850b85
72c2bfaa 70d6d5fb 10b7c1a1 e6de2933 39bdd022 d4f20882 33f9d2e4
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: receive Information.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute IV for phase2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase1 last IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
10da9709 c6644925 5b2c266f 08788c9a fe019c41
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash(sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase2 IV computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
bba9521a 7a015d4b 261d6569 55305766
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin decryption.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IV was saved for next processing:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
e6de2933 39bdd022 d4f20882 33f9d2e4
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: with key:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
9a5ddb91 73d7cbd4 2e238087 df310997
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload by IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
bba9521a 7a015d4b 261d6569 55305766
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload, but not trimed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
0b000024 8bbdb19e c6eb6df5 381e00dc 1155474f 9e7f36bc fd843d2a 71f415d2
a39871f7 0000000c 00000001 01000017 00000000 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: padding len=1
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: skip to trim padding.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08100501 fe019c41 0000005c 0b000024
8bbdb19e c6eb6df5 381e00dc 1155474f 9e7f36bc fd843d2a 71f415d2 a39871f7
0000000c 00000001 01000017 00000000 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IV freed
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH with:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
fe019c41 0000000c 00000001 01000017
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(hmac_sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
8bbdb19e c6eb6df5 381e00dc 1155474f 9e7f36bc fd843d2a 71f415d2 a39871f7
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash validated.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=8(hash)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=11(notify)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: succeed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: ===
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 92 bytes message received from 13.57.50.166[4500] to 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08100501 0e509601 0000005c a63de23c
ab9a5c96 2e5abc07 8db06eb0 91d995d4 1f294e3b d31986ee 2df12646 47cc6cbf
232cb067 6e89475a 596d4edf d0e919e3 098da3fc 4b828ef2 e9ff7381
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: receive Information.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute IV for phase2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase1 last IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
10da9709 c6644925 5b2c266f 08788c9a 0e509601
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash(sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase2 IV computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
f0b9c2de ddfb480e 9cce94e9 09c94dde
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin decryption.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: [13.57.50.166] ERROR: notification INVALID-HASH-INFORMATION received in informational exchange.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IV was saved for next processing:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
d0e919e3 098da3fc 4b828ef2 e9ff7381
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: with key:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
9a5ddb91 73d7cbd4 2e238087 df310997
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload by IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
f0b9c2de ddfb480e 9cce94e9 09c94dde
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload, but not trimed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
0b000024 1421ed39 d2be84dc 169e84f0 11932794 e3fea44d 4fb5a760 523d61b5
cc9f16a1 0000000c 00000001 01000017 00000000 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: padding len=1
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: skip to trim padding.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08100501 0e509601 0000005c 0b000024
1421ed39 d2be84dc 169e84f0 11932794 e3fea44d 4fb5a760 523d61b5 cc9f16a1
0000000c 00000001 01000017 00000000 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IV freed
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH with:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
0e509601 0000000c 00000001 01000017
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(hmac_sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
1421ed39 d2be84dc 169e84f0 11932794 e3fea44d 4fb5a760 523d61b5 cc9f16a1
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash validated.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=8(hash)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=11(notify)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: succeed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: [13.57.50.166] ERROR: notification INVALID-HASH-INFORMATION received in informational exchange.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: ===
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: 604 bytes message received from 13.57.50.166[4500] to 172.16.0.194[4500]
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08102001 aef71bc6 0000025c 5c4ca082
2da1d92c 51f48833 71b78875 2c729a44 7108cd4f 594e1008 b7cb679f 798f6fd8
672a3f89 a95fe044 cd2d5db9 d873836d 6e256dc0 d77ac4db fc678500 3068fe0b
8a0079b8 3d7c73ac f07f908d 3e51e11e 581eb238 31a4e2a9 90c74360 8c619a0e
8ed4f295 c2e7d713 958c840f 5adba2f9 fa7721b5 ad071374 4261b80d 737b46c5
047dbea6 00b463eb 33871ceb 219811f7 7877330e 3a27e277 482cdad4 fb968210
61f47e4f 4b7750b1 e5259214 b6d5745e a8b63f4e c258d6ee c87a57fd 3e4afe73
f6e17334 f6f97c34 969ed921 e6f3351f 34d51d3c 083aef1f bfe775b7 dd3a98d0
4d2c33d3 659f9aff 2302b849 11af496f e7c1a413 2a16acc2 acc8676c 9ad454a9
4be75b91 1efddf7f bfec2a6f 7338748b 7aaf070a 5594e1a8 c3602e54 9aaa840b
de056555 c7659498 e006fdd1 33050d5b d2eb2d9d b17d6ec8 e857731f 3279883a
145109a5 482f10a5 a0b90ba7 79443e8b 835fc675 8a722c9c 71b3fbc3 4d0dfaff
3fecadc3 637a1d67 3dbabeb0 2fb61b07 0430e0e1 a112404e 85f771ff 5a76a8da
ab589c45 2287931c 1bbd71d2 60189750 2fde40e8 e263083b 4e4413a4 96adf7f4
ddd5a6f5 1c5baa32 1830135a cc4d6b12 4dbdbf58 2178c02a d3c54e2a 905525a8
b19b1f62 f5276b7a 460edddc d8718b87 aebf1517 0c57c149 1aae9343 3ad935cf
f2432b53 22d94518 8b0432ea c4f27d42 989aa6be ece94d4c 56ba9c64 925e1773
7184cc19 2b68d671 54a07b1a 0b890073 b77dc442 b5f66e67 09c9ed09 a5a13ff8
d075e095 bccee827 8da6eb30 f3531e04 36d737ac fc61c51d 4d8a81d9
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin decryption.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IV was saved for next processing:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
f3531e04 36d737ac fc61c51d 4d8a81d9
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: with key:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
9a5ddb91 73d7cbd4 2e238087 df310997
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload by IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
1563e606 7dd0f3e2 84780af2 3b037ce2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted payload, but not trimed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
01000024 44fb3816 7574c534 b093ade3 f5b79059 39851f32 62f8fb23 90e1813c
1edaba19 0a000038 00000001 00000001 0000002c 01030401 c024d86d 00000020
010c0000 80060080 80050002 8003000f 80040004 80010001 80027080 04000024
66fb2828 b4583986 9bd84743 50aa13de 0d30b394 f536486d 2007a58d e43fc453
05000184 b272c610 3a02f418 c623ca3c 01474752 5d6bc9b7 75a30e00 ea5da8ad
2fd2cd0f 2de09506 2542bf43 539d1f31 f27180b6 a782f466 d449806c 91cf8114
72d5c16d 49b350c3 fa1c8d21 767baf74 51c22d96 8d3d1358 78468a07 b7ebdafa
4fa2178f b83e8100 962bb2f8 ad50b142 f31d81fc 98e58a98 64284ffa 4e7bbe6b
d88cce15 ec7e1617 c22bc877 5fb9c921 d354fa80 71466041 a26f383a ead23e49
7acf7b8e 74de9637 c7e6c04f ba5fec9b 649beb8c a50d4a95 9fcf10bc c5e605fb
378d60d6 83d2d44e 90edc953 aea016ec d75d2be1 cb702658 f09a0096 8a03436e
26618098 6da3e505 9fc4d186 cf2d5d80 23e336ec 3c4a27eb 9ae473be 2c6a9b01
f536ee54 60945a67 938b56ac 0e8a7f33 74e08bf5 2c57a4d1 c5a9bfdf 52f21434
cb78382c 477dd683 1eabc54f 2c80143f fc16dfb3 37924e55 383d5bb1 ce232821
afdff6e2 515c1569 7e519e46 ca051f25 65e9a49d 52bcca46 cc07daea 05b0f5a9
09acd67d f6c57600 5bad27ac f76780b4 ae355f0c 2cc36a3b d543ba13 d9ea7810
7fa69534 0500000c 01000000 0d39c4e5 1500000c 01000000 ac100032 1500000c
01000000 0d39c4e5 0000000c 01000000 0d39c4e5 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: padding len=1
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: skip to trim padding.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: decrypted.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
25cb3f95 eeb7b1f4 c41270b3 dfc67b4f 08102001 aef71bc6 0000025c 01000024
44fb3816 7574c534 b093ade3 f5b79059 39851f32 62f8fb23 90e1813c 1edaba19
0a000038 00000001 00000001 0000002c 01030401 c024d86d 00000020 010c0000
80060080 80050002 8003000f 80040004 80010001 80027080 04000024 66fb2828
b4583986 9bd84743 50aa13de 0d30b394 f536486d 2007a58d e43fc453 05000184
b272c610 3a02f418 c623ca3c 01474752 5d6bc9b7 75a30e00 ea5da8ad 2fd2cd0f
2de09506 2542bf43 539d1f31 f27180b6 a782f466 d449806c 91cf8114 72d5c16d
49b350c3 fa1c8d21 767baf74 51c22d96 8d3d1358 78468a07 b7ebdafa 4fa2178f
b83e8100 962bb2f8 ad50b142 f31d81fc 98e58a98 64284ffa 4e7bbe6b d88cce15
ec7e1617 c22bc877 5fb9c921 d354fa80 71466041 a26f383a ead23e49 7acf7b8e
74de9637 c7e6c04f ba5fec9b 649beb8c a50d4a95 9fcf10bc c5e605fb 378d60d6
83d2d44e 90edc953 aea016ec d75d2be1 cb702658 f09a0096 8a03436e 26618098
6da3e505 9fc4d186 cf2d5d80 23e336ec 3c4a27eb 9ae473be 2c6a9b01 f536ee54
60945a67 938b56ac 0e8a7f33 74e08bf5 2c57a4d1 c5a9bfdf 52f21434 cb78382c
477dd683 1eabc54f 2c80143f fc16dfb3 37924e55 383d5bb1 ce232821 afdff6e2
515c1569 7e519e46 ca051f25 65e9a49d 52bcca46 cc07daea 05b0f5a9 09acd67d
f6c57600 5bad27ac f76780b4 ae355f0c 2cc36a3b d543ba13 d9ea7810 7fa69534
0500000c 01000000 0d39c4e5 1500000c 01000000 ac100032 1500000c 01000000
0d39c4e5 0000000c 01000000 0d39c4e5 00000000 00000000 00000000
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=8(hash)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=1(sa)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=10(nonce)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=4(ke)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=5(id)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=5(id)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=21(nat-oa)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: seen nptype=21(nat-oa)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: succeed.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: IDci matches NAT-OAi.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: compute IV for phase2
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase1 last IV:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
10da9709 c6644925 5b2c266f 08788c9a c84153c5
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hash(sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: phase2 IV computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
3ddd7336 19244a37 440bec29 5d0d1daa
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH with:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
c84153c5 0000000c 00000001 0100000d
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: hmac(hmac_sha2_256)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: HASH computed:
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG:
97a74819 47d144ba 115c0521 22a8a2e7 b0189237 47ba6222 ede966a5 f01ef727
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: begin encryption.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: encryption(aes)
Jan 29 19:07:53 stg-rlafferty-base14 racoon: DEBUG: pad length = 16
Jan 29 19:07:53 stg-rlafferty-base14 racoon: ERROR: mismatched IDcr was returned.
Jan 29 19:07:53 stg-rlafferty-base14 racoon: [13.57.50.166] ERROR: failed to pre-process ph2 packet (side: 0, status 5).


More information about the Users mailing list