Test Information

TitleTest IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96
CommandLine./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96
Script./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq
Packet./packets/EN-EN.def
TestVersionREL_1_1_1
ToolVersionREL_2_2_0
Start2014/10/14 15:08:11
Tn/usr/local/koi//etc//tn.def
Nu/usr/local/koi//etc//nut.def

Test Sequence Execution Log

15:08:11Start

 TEST SETUP
initializing IKEv2 module ...
configuring Common Topology for End-Node: End-Node to End-Node ...
parsing ./config.pl ...
keyvalue
Link A prefix2001:0db8:0001:0001
Link X prefix2001:0db8:000f:0001
Link A link-local address (TR1)fe80::f
Link A global address (NUT)2001:0db8:0001:0001::1234
pre-shared key (TN)IKETEST12345678!
pre-shared key (NUT)IKETEST12345678!
IKE_SA Lifetime64
CHILD_SA Lifetime128
IKE_SA_INIT Request RetransTimer41
IKE_AUTH Request RetransTimer16
CREATE_CHILD_SA Request RetransTimer16
INFORMATIONAL Request RetransTimer16
Liveness Check Timer32
# of Half-Open IKE_SAs to contain N(COOKIE)32
setting up TN ...
15:08:11 ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")
net.inet6.ip6.forwarding: 0 -> 1
15:08:11 ikev2Local("/sbin/ifconfig -a")
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 00:23:ae:7a:6e:cc
	inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 
	inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:58:fa
	inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa 
	inet6 3ffe:501:ffff:100::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:5d:d1
	inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb 
	inet6 3ffe:501:ffff:101::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
15:08:11 ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64")



15:08:11

ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64")





15:08:11

ikev2Local("/sbin/ifconfig lo1 create")





15:08:11

ikev2Local("/sbin/ifconfig lo1 up")





15:08:11

ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")





15:08:14

ikev2Local("/sbin/ifconfig -a")


em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 00:23:ae:7a:6e:cc
	inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 
	inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:58:fa
	inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa 
	inet6 3ffe:501:ffff:100::20 prefixlen 64 
	inet6 fe80::f%em1 prefixlen 64 scopeid 0xa 
	inet6 2001:db8:1:1::f prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:5d:d1
	inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb 
	inet6 3ffe:501:ffff:101::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 2001:db8:f:1::1 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>




15:08:14

ikev2Local("/sbin/setkey -D")


No SAD entries.




15:08:14

ikev2Local("/sbin/setkey -F")





15:08:17

ikev2Local("/sbin/setkey -D")


No SAD entries.




15:08:17

ikev2Local("/sbin/setkey -DP")


No SPD entries.




15:08:17

ikev2Local("/sbin/setkey -FP")





15:08:20

ikev2Local("/sbin/setkey -DP")


No SPD entries.





setting up NUT ...





15:08:20

kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt  ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt  ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
       valid_lft 76583sec preferred_lft 76583sec
    inet6 fe80::222:19ff:fe30:20d5/64 scope link 
       valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
       valid_lft forever preferred_lft forever
    inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c668/64 scope link 
       valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
    inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c669/64 scope link 
       valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
       valid_lft 76578sec preferred_lft 76578sec
    inet6 fe80::222:19ff:fe30:20d5/64 scope link 
       valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1:1::1234/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c668/64 scope link 
       valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
    inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c669/64 scope link 
       valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]# 






15:08:43

kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt  route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''

kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt  route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:1:1::/64 dev p6p1  proto kernel  metric 256 
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
3ffe:501:ffff:100::/64 dev p6p1  proto kernel  metric 256 
3ffe:501:ffff:101::/64 dev p6p2  proto kernel  metric 256 
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev p6p1  proto kernel  metric 256 
fe80::/64 dev p6p2  proto kernel  metric 256 
fe80::/64 dev p7p1  proto kernel  metric 256 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1
[root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:1:1::/64 dev p6p1  proto kernel  metric 256 
2001:db8:f:1::/64 via fe80::f dev p6p1  metric 1024 
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
3ffe:501:ffff:100::/64 dev p6p1  proto kernel  metric 256 
3ffe:501:ffff:101::/64 dev p6p2  proto kernel  metric 256 
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev p6p1  proto kernel  metric 256 
fe80::/64 dev p6p2  proto kernel  metric 256 
fe80::/64 dev p7p1  proto kernel  metric 256 
[root@dhcp12-166 ~]# 






15:09:09

kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=stop''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=stop


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm policy list
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ipsec setup stop
Redirecting to: systemctl stop ipsec.service
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm policy list
[root@dhcp12-166 ~]# 






15:09:28

kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt  ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt  ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# rpm -q libreswan
libreswan-3.10-2.el7.x86_64
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF
> %any %any : PSK 'IKETEST12345678!'
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
     1	%any %any : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
     1	%any %any : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets
-rw-------. 1 root wheel 35 Oct 14 22:58 /etc/ipsec.secrets
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF
> config setup
>         protostack=netkey
>         plutodebug="all crypt"
>         plutostderrlog="/tmp/pluto.log"
> conn ikev2
>         left=2001:0db8:0001:0001::1234
>         right=2001:0db8:000f:0001::1
>         leftid=2001:0db8:0001:0001::1234
>         rightid=2001:0db8:000f:0001::1
>         type=transport
>         auto=start
>         connaddrfamily=ipv6
>         authby=secret
>         phase2=esp
>         phase2alg=3des-aes_xcbc
>         ike=3des-sha1;modp1024
>         ikev2=insist
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.conf
     1	config setup
     2	        protostack=netkey
     3	        plutodebug="all crypt"
     4	        plutostderrlog="/tmp/pluto.log"
     5	conn ikev2
     6	        left=2001:0db8:0001:0001::1234
     7	        right=2001:0db8:000f:0001::1
     8	        leftid=2001:0db8:0001:0001::1234
     9	        rightid=2001:0db8:000f:0001::1
    10	        type=transport
    11	        auto=start
    12	        connaddrfamily=ipv6
    13	        authby=secret
    14	        phase2=esp
    15	        phase2alg=3des-aes_xcbc
    16	        ike=3des-sha1;modp1024
    17	        ikev2=insist
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# echo > /tmp/pluto.log
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ls -l /etc/ipsec.conf
-rw-------. 1 root wheel 472 Oct 14 22:58 /etc/ipsec.conf
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ipsec setup start
Redirecting to: systemctl start ipsec.service
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm policy list
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
[root@dhcp12-166 ~]# 








TEST PROCEDUREPart D: Integrity Algorithm AUTH_AES_XCBC_96.
    (I)             (R)
    NUT             TN1
     |               |
     |-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
     |               |
     V               V

15:09:54
Clear Buffer

done






15:09:54

kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt  selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate''

kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt  selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate



Link to remote control log






15:09:54
Listen
  SrcAddr:2001:0db8:000f:0001::1   SrcPort:500

done

  listening at SocketID:3







15:09:54
Receive

  SrcAddr:2001:db8:1:1::1234  SrcPort:500
  DstAddr:2001:db8:f:1::1     DstPort:500

done

  received from SocketID:4


receive packet #1











Compare the received packet with packets('common_remote_index')





Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N)



IKE Header
OK	initSPI:	(received: 2b9e2976e4888c81, expected: 0000000000000000, comp: ne)
OK	respSPI:	(received: 0000000000000000, expected: 0000000000000000, comp: eq)
OK	nexttype:	(received: SA, expected: SA, comp: eq)
OK	major:	(received: 2, expected: 2, comp: eq)
OK	minor:	(received: 0, expected: 0, comp: eq)
OK	exchType:	(received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	initiator:	(received: 1, expected: 1, comp: eq)
OK	higher:	(received: 0, expected: 0, comp: eq)
OK	response:	(received: 0, expected: 0, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	messID:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 284, expected: any, comp: already checked)








Security Association Payload
OK	nexttype:	(received: KE, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 44, expected: any, comp: already checked)








SA Proposal Comparison
OK	ENCR:	(received:ENCR_3DES, expected:ENCR_3DES)
OK	PRF:	(received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1)
OK	INTEG:	(received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96)
OK	D-H:	(received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group)
OK	ESN:	(received:, expected:)








Proposal Substructure
OK	nexttype:	(received: 0, expected: any, comp: already checked)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	proposalLen:	(received: 40, expected: any, comp: already checked)
OK	number:	(received: 1, expected: 1, comp: eq)
OK	id:	(received: IKE, expected: IKE, comp: eq)
OK	spiSize:	(received: 0, expected: 0, comp: eq)
OK	transformCount:	(received: 4, expected: 4, comp: eq)
OK	spi:	(received: , expected: , comp: eq)








Transform Substructure
OK	nexttype:	(received: 3, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: ENCR, expected: ENCR, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: 3DES, expected: 3DES, comp: eq)








Transform Substructure
OK	nexttype:	(received: 3, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: PRF, expected: PRF, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq)








Transform Substructure
OK	nexttype:	(received: 3, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: INTEG, expected: INTEG, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq)








Transform Substructure
OK	nexttype:	(received: 0, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: D-H, expected: D-H, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq)








Key Exchange Payload
OK	nexttype:	(received: Ni, Nr, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 136, expected: any, comp: already checked)
OK	group:	(received: 2, expected: 2, comp: eq)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	publicKey:	(received: 164433323839852007720260567486870006701328959574288093717591131064809643038667874319814917056016781305150513465270644123295341592026858578502230187169961729526960653025035769212504078431133835138377190740436510186183141862866904337029730765266496547695113283483619449679912216861241658911629747040229709050460, expected: any, comp: any)








Nonce Payload
OK	nexttype:	(received: N, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 20, expected: (20, 260), comp: range)
OK	nonce:	(received: 114675264310958199027242078242273506070, expected: any, comp: any)







Match with packet('common_remote_index')






    (I)             (R)
    NUT             TN1
     |               |
     |<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
     |               |
     V               V

15:09:55
Clear Buffer

done







15:09:55
Send

done

  sent to SocketID:4


send packet #2











keyvalue
g^iea292be1849348eede51aa32f3413ca52e799eb07fd127e80b6d403331d5e14c564e5275e99d31fa11da84102da47805efdfe7c548d41eaf6ebbbaa590feba1c1383b8903bb8512cc2c929360d3b8cd051f87806348c50254fe8a611ae5ac449e8e19793e393d4b272aedcd974b85e444dda5a4018f15c1957d89b9682cff25c
g^rbaf15071535a2d74608ecc22c1d4ded019bd0ced40a5ba7689a8df49f99c7410608ddf379df6a72b48e908bb6fb5a3ec0eded75584f2ec7afcc6259a91c2338b669ffa011477a3080827e695018ff16849ba5318c3540c01a5840a9cb593c50416f3e756c437276a5c075ffd73da9a37ec750a89640cc62a6a191e368e9a23f6
g^ir5b6c1b70967db4dfcaa49ba8a4cce913cf09922226566e9c282a70b4638567d2570d28f98a69f7558a376f847389e7546057c338233c456461ff5a15fd0f70365187dc40a3d9c97f19d2ad0434756f1c7942d4137a6f36a6b1ccce39327a00b497f6096df31a5f9c7b09f452a19e5285723ed28c82058423dc6bf05112d3f120
Ni5645a70cf90ac1940648c7b51a7c3316
Nrf94d4e97815868e903508765acbfb98d2cfa656bfa15bf28d70c951261fae4fcfab5e0
SPIi2b9e2976e4888c81
SPIrfb83ef30b2063530
IKEv2 Transform Type 1 Algorithms3DES
IKEv2 Transform Type 2 AlgorithmsHMAC_SHA1
IKEv2 Transform Type 3 AlgorithmsHMAC_SHA1_96







    (I)             (R)
    NUT             TN1
     |               |
     |-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr})
     |               |
     V               V

15:09:55
Receive

  SrcAddr:2001:db8:1:1::1234  SrcPort:500
  DstAddr:2001:db8:f:1::1     DstPort:500

done

  received from SocketID:4


receive packet #3











Check Authentication: OK
expected(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6)
received(c0c39eccb3019f2822951da9fcf2fdb52d90c4d6)






Compare the received packet with packets('EN-I-1-1-6-2.D.1')




Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N))



IKE Header
OK	initSPI:	(received: 2b9e2976e4888c81, expected: 2b9e2976e4888c81, comp: eq)
OK	respSPI:	(received: fb83ef30b2063530, expected: fb83ef30b2063530, comp: eq)
OK	nexttype:	(received: E, expected: E, comp: eq)
OK	major:	(received: 2, expected: 2, comp: eq)
OK	minor:	(received: 0, expected: 0, comp: eq)
OK	exchType:	(received: IKE_AUTH, expected: IKE_AUTH, comp: eq)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	initiator:	(received: 1, expected: 1, comp: eq)
OK	higher:	(received: 0, expected: 0, comp: eq)
OK	response:	(received: 0, expected: 0, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	messID:	(received: 1, expected: 1, comp: eq)
OK	length:	(received: 252, expected: any, comp: already checked)








Encrypted Payload
OK	innerType:	(received: IDi, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 28, expected: any, comp: already checked)
OK	iv:	(received: 7CEC0F67 CFD332F0, expected: any, comp: already checked)
OK	checksum:	(received: 6591A251 E9385344 3E542C39, expected: any, comp: already checked)








Identification Payload - Initiator
OK	nexttype:	(received: AUTH, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 24, expected: any, comp: already checked)
OK	type:	(received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	value:	(received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq)








Authentication Payload
OK	nexttype:	(received: SA, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 28, expected: any, comp: already checked)
OK	method:	(received: SK_MIC, expected: SK_MIC, comp: eq)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	data:	(received: c0c39eccb3019f2822951da9fcf2fdb52d90c4d6, expected: any, comp: already checked)








Notify Payload
OK	nexttype:	(received: 0, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 8, expected: any, comp: already checked)
OK	id:	(received: 0, expected: 0, comp: eq)
OK	spiSize:	(received: 0, expected: 0, comp: eq)
OK	type:	(received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq)
OK	spi:	(received: , expected: , comp: eq)
OK	data:	(received: , expected: , comp: eq)








Security Association Payload
OK	nexttype:	(received: TSi, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 40, expected: any, comp: already checked)








SA Proposal Comparison
OK	ENCR:	(received:ENCR_3DES, expected:ENCR_3DES)
OK	PRF:	(received:, expected:)
NG	INTEG:	(received:INTEG_NONE, expected:INTEG_AES_XCBC_96)
OK	D-H:	(received:, expected:)
OK	ESN:	(received:ESN_No ESN, expected:ESN_No ESN)








NG	The number of matched SA Proposals is not enough.








Proposal Substructure
OK	nexttype:	(received: 0, expected: any, comp: already checked)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	proposalLen:	(received: 36, expected: any, comp: already checked)
OK	number:	(received: 1, expected: 1, comp: eq)
OK	id:	(received: ESP, expected: ESP, comp: eq)
OK	spiSize:	(received: 4, expected: 4, comp: eq)
OK	transformCount:	(received: 3, expected: 3, comp: eq)
OK	spi:	(received: 4a7b2df0, expected: any, comp: any)








Transform Substructure
OK	nexttype:	(received: 3, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: ENCR, expected: ENCR, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: 3DES, expected: 3DES, comp: eq)








Transform Substructure
OK	nexttype:	(received: 0, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)
OK	transformLen:	(received: 8, expected: any, comp: already checked)
OK	type:	(received: ESN, expected: ESN, comp: eq)
OK	reserved2:	(received: 0, expected: 0, comp: eq)
OK	id:	(received: No ESN, expected: No ESN, comp: eq)








Traffic Selector Payload - Initiator
OK	nexttype:	(received: TSr, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 48, expected: any, comp: already checked)
OK	count:	(received: 1, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)








Traffic Selector
OK	type:	(received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq)
OK	protocol:	(received: 0, expected: 0, comp: eq)
OK	selectorLen:	(received: 40, expected: any, comp: already checked)
OK	sport:	(received: 0, expected: 0, comp: eq)
OK	eport:	(received: 65535, expected: 65535, comp: eq)
OK	saddr:	(received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq)
OK	eaddr:	(received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq)








Traffic Selector Payload - Responder
OK	nexttype:	(received: N, expected: any, comp: already checked)
OK	critical:	(received: 0, expected: 0, comp: eq)
OK	reserved:	(received: 0, expected: 0, comp: eq)
OK	length:	(received: 48, expected: any, comp: already checked)
OK	count:	(received: 1, expected: any, comp: already checked)
OK	reserved1:	(received: 0, expected: 0, comp: eq)








Traffic Selector
OK	type:	(received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq)
OK	protocol:	(received: 0, expected: 0, comp: eq)
OK	selectorLen:	(received: 40, expected: any, comp: already checked)
OK	sport:	(received: 0, expected: 0, comp: eq)
OK	eport:	(received: 65535, expected: 65535, comp: eq)
OK	saddr:	(received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq)
OK	eaddr:	(received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq)







Not match with packet('EN-I-1-1-6-2.D.1')





Can't observe IKE_AUTH request.


TEST CLEANUP






15:09:55

kRemoteAsyncWait()


Link to remote control start point
DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1
PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes
64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.194 ms

--- 2001:0db8:000f:0001::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.194/0.194/0.194/0.000 ms
[root@dhcp12-166 ~]# 








cleaning up NUT ...



15:10:13

kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=stop''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=stop


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm state list
src 2001:db8:f:1::1 dst 2001:db8:1:1::1234
	proto esp spi 0x4a7b2df0 reqid 16385 mode tunnel
	replay-window 0 
	sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm policy list
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src ::/0 dst ::/0 
	socket out priority 0 ptype main 
src ::/0 dst ::/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 ptype main 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ipsec setup stop
Redirecting to: systemctl stop ipsec.service
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip xfrm policy list
[root@dhcp12-166 ~]# 






15:10:34

kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=cat_log''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt  operation=cat_log


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# cat /tmp/pluto.log
nss directory plutomain: /etc/ipsec.d
NSS Initialized
libcap-ng support [enabled]
FIPS HMAC integrity verification test passed
FIPS: pluto daemon NOT running in FIPS mode
Linux audit support [disabled]
Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:952
core dump dir: /var/run/pluto
secrets file: /etc/ipsec.secrets
leak-detective disabled
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS crypto [enabled]
XAUTH PAM support [enabled]
   NAT-Traversal support  [enabled]
| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
| event added at head of queue
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added at head of queue
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
starting up 3 crypto helpers
started thread for crypto helper 0 (master fd 7)
| status value returned by setting the priority of this thread (crypto helper 0) 22
| crypto helper 0 waiting on fd 8
| status value returned by setting the priority of this thread (crypto helper 1) 22
| crypto helper 1 waiting on fd 10
started thread for crypto helper 1 (master fd 9)
started thread for crypto helper 2 (master fd 11)
| status value returned by setting the priority of this thread (crypto helper 2) 22
Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64
| crypto helper 2 waiting on fd 13
| process 952 listening for PF_KEY_V2 on file descriptor 16
| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH 
|   02 07 00 02  02 00 00 00  01 00 00 00  b8 03 00 00
| pfkey_get: K_SADB_REGISTER message 1
| AH registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP 
|   02 07 00 03  02 00 00 00  02 00 00 00  b8 03 00 00
| pfkey_get: K_SADB_REGISTER message 2
| kernel_alg_init(): memset(0x7fb1cc39d840, 0, 2048) memset(0x7fb1cc39e040, 0, 2048)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
| kernel_alg_add(): satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=2(ESP_DES)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=3(ESP_3DES)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=5(ESP_IDEA)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=6(ESP_CAST)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=8(ESP_3IDEA)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=14, alg_id=9(ESP_DES_IV32)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
| kernel_alg_add(): satype=3, exttype=15, alg_id=11(ESP_NULL)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=2(ESP_DES)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=3(ESP_3DES)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=6(ESP_CAST)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=12(ESP_AES)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=252(ESP_SERPENT)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=253(ESP_TWOFISH)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=13(ESP_AES_CTR)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
| kernel_alg_add(): satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)
| kernel_alg_add(): satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)
| kernel_alg_add(): satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)
| kernel_alg_add(): satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)
| kernel_alg_add(): satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)
| kernel_alg_add(): satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Warning: failed to register algo_aes_ccm_8 for IKE
ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
Warning: failed to register algo_aes_ccm_12 for IKE
ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
Warning: failed to register algo_aes_ccm_16 for IKE
ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
Warning: failed to register algo_aes_gcm_8 for IKE
ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
Warning: failed to register algo_aes_gcm_12 for IKE
ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
Warning: failed to register algo_aes_gcm_16 for IKE
| Registered AEAD AES CCM/GCM algorithms
| ESP registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP 
|   02 07 00 09  02 00 00 00  03 00 00 00  b8 03 00 00
| pfkey_get: K_SADB_REGISTER message 3
| IPCOMP registered with kernel.
| Registered AH, ESP and IPCOMP
| Changed path to directory '/etc/ipsec.d/c
acerts'
  loading CA cert file 'cacert.pem' (956 bytes)
|   cert blob content is not binary ASN.1
|   -----BEGIN CERTIFICATE-----
|   -----END CERTIFICATE-----
|   file coded in PEM format
| L0 - certificate:
|   30 82 02 96  30 82 01 ff  a0 03 02 01  02 02 09 00
|   e9 c4 8c 87  1a a6 61 03  30 0d 06 09  2a 86 48 86
|   f7 0d 01 01  05 05 00 30  64 31 0b 30  09 06 03 55
|   04 06 13 02  58 58 31 0f  30 0d 06 03  55 04 08 0c
|   06 72 65 64  68 61 74 31  15 30 13 06  03 55 04 07
|   0c 0c 44 65  66 61 75 6c  74 20 43 69  74 79 31 1c
|   30 1a 06 03  55 04 0a 0c  13 44 65 66  61 75 6c 74
|   20 43 6f 6d  70 61 6e 79  20 4c 74 64  31 0f 30 0d
|   06 03 55 04  03 0c 06 72  65 64 68 61  74 30 1e 17
|   0d 31 34 30  31 31 36 30  37 32 31 30  31 5a 17 0d
|   32 34 30 31  31 34 30 37  32 31 30 31  5a 30 64 31
|   0b 30 09 06  03 55 04 06  13 02 58 58  31 0f 30 0d
|   06 03 55 04  08 0c 06 72  65 64 68 61  74 31 15 30
|   13 06 03 55  04 07 0c 0c  44 65 66 61  75 6c 74 20
|   43 69 74 79  31 1c 30 1a  06 03 55 04  0a 0c 13 44
|   65 66 61 75  6c 74 20 43  6f 6d 70 61  6e 79 20 4c
|   74 64 31 0f  30 0d 06 03  55 04 03 0c  06 72 65 64
|   68 61 74 30  81 9f 30 0d  06 09 2a 86  48 86 f7 0d
|   01 01 01 05  00 03 81 8d  00 30 81 89  02 81 81 00
|   ae c7 47 c1  c6 91 cc 8c  11 9d e5 75  03 3a 0f ef
|   75 7d 06 a4  9f 55 cc 1f  ec cc 1e 53  94 ef 7f cb
|   20 76 2f 11  f1 40 f1 3c  7c dc a1 f6  bd 67 03 9a
|   81 64 a6 34  ed 04 5c 41  15 bc 8d a0  0a c9 c1 12
|   c2 65 58 6a  4e d0 69 2a  58 53 23 3c  67 14 ad 91
|   60 7c 3d 6c  c3 d7 34 bb  7a 17 f6 67  05 85 0e d1
|   02 f8 74 7b  32 33 c1 b7  11 3d 97 de  8f 25 eb 59
|   85 fa cf 50  5a e6 7c 91  51 4b a3 d7  b1 20 b6 df
|   02 03 01 00  01 a3 50 30  4e 30 1d 06  03 55 1d 0e
|   04 16 04 14  68 51 8c 45  43 31 4b a0  0d fd f1 85
|   81 72 b6 01  9a 9a 8b 0c  30 1f 06 03  55 1d 23 04
|   18 30 16 80  14 68 51 8c  45 43 31 4b  a0 0d fd f1
|   85 81 72 b6  01 9a 9a 8b  0c 30 0c 06  03 55 1d 13
|   04 05 30 03  01 01 ff 30  0d 06 09 2a  86 48 86 f7
|   0d 01 01 05  05 00 03 81  81 00 38 fc  71 85 b3 9c
|   b3 b8 87 36  39 ef c1 d3  95 ba c3 1f  60 51 83 f3
|   e6 04 16 97  3d f1 20 67  e0 db 11 f8  f5 e6 c0 c9
|   b1 1f ea 9b  4b 70 be 5d  f7 86 5b 2a  1a 08 f5 19
|   b0 d2 53 70  cc 4b 1d b3  3a 64 2a 5d  9a 1e 94 97
|   41 7d dd cb  0d 78 4a ff  81 95 de 8b  c9 fc a6 86
|   20 2a 40 38  60 ba 3c 00  cc a3 d8 d3  e8 2b 07 7c
|   6a cb 3d c3  4b f3 b4 3f  e6 98 39 30  9b 8d ed e2
|   af 0e 10 6c  d7 3a 3c d8  79 33
| L1 - tbsCertificate:
|   30 82 01 ff  a0 03 02 01  02 02 09 00  e9 c4 8c 87
|   1a a6 61 03  30 0d 06 09  2a 86 48 86  f7 0d 01 01
|   05 05 00 30  64 31 0b 30  09 06 03 55  04 06 13 02
|   58 58 31 0f  30 0d 06 03  55 04 08 0c  06 72 65 64
|   68 61 74 31  15 30 13 06  03 55 04 07  0c 0c 44 65
|   66 61 75 6c  74 20 43 69  74 79 31 1c  30 1a 06 03
|   55 04 0a 0c  13 44 65 66  61 75 6c 74  20 43 6f 6d
|   70 61 6e 79  20 4c 74 64  31 0f 30 0d  06 03 55 04
|   03 0c 06 72  65 64 68 61  74 30 1e 17  0d 31 34 30
|   31 31 36 30  37 32 31 30  31 5a 17 0d  32 34 30 31
|   31 34 30 37  32 31 30 31  5a 30 64 31  0b 30 09 06
|   03 55 04 06  13 02 58 58  31 0f 30 0d  06 03 55 04
|   08 0c 06 72  65 64 68 61  74 31 15 30  13 06 03 55
|   04 07 0c 0c  44 65 66 61  75 6c 74 20  43 69 74 79
|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
|   30 0d 06 03  55 04 03 0c  06 72 65 64  68 61 74 30
|   81 9f 30 0d  06 09 2a 86  48 86 f7 0d  01 01 01 05
|   00 03 81 8d  00 30 81 89  02 81 81 00  ae c7 47 c1
|   c6 91 cc 8c  11 9d e5 75  03 3a 0f ef  75 7d 06 a4
|   9f 55 cc 1f  ec cc 1e 53  94 ef 7f cb  20 76 2f 11
|   f1 40 f1 3c  7c dc a1 f6  bd 67 03 9a  81 64 a6 34
|   ed 04 5c 41  15 bc 8d a0  0a c9 c1 12  c2 65 
58 6a
|   4e d0 69 2a  58 53 23 3c  67 14 ad 91  60 7c 3d 6c
|   c3 d7 34 bb  7a 17 f6 67  05 85 0e d1  02 f8 74 7b
|   32 33 c1 b7  11 3d 97 de  8f 25 eb 59  85 fa cf 50
|   5a e6 7c 91  51 4b a3 d7  b1 20 b6 df  02 03 01 00
|   01 a3 50 30  4e 30 1d 06  03 55 1d 0e  04 16 04 14
|   68 51 8c 45  43 31 4b a0  0d fd f1 85  81 72 b6 01
|   9a 9a 8b 0c  30 1f 06 03  55 1d 23 04  18 30 16 80
|   14 68 51 8c  45 43 31 4b  a0 0d fd f1  85 81 72 b6
|   01 9a 9a 8b  0c 30 0c 06  03 55 1d 13  04 05 30 03
|   01 01 ff
| L2 - DEFAULT v1:
| L3 - version:
|   02
|   v3
| L2 - serialNumber:
|   00 e9 c4 8c  87 1a a6 61  03
| L2 - signature:
| L3 - algorithmIdentifier:
| L4 - algorithm:
|   'sha-1WithRSAEncryption'
| L2 - issuer:
|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
|   72 65 64 68  61 74
|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
| L2 - validity:
| L3 - notBefore:
| L4 - utcTime:
|   'Jan 16 07:21:01 UTC 2014'
| L3 - notAfter:
| L4 - utcTime:
|   'Jan 14 07:21:01 UTC 2024'
| L2 - subject:
|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
|   72 65 64 68  61 74
|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
| L2 - subjectPublicKeyInfo:
| L3 - algorithm:
| L4 - algorithmIdentifier:
| L5 - algorithm:
|   'rsaEncryption'
| L3 - subjectPublicKey:
| L4 - RSAPublicKey:
| L5 - modulus:
|   00 ae c7 47  c1 c6 91 cc  8c 11 9d e5  75 03 3a 0f
|   ef 75 7d 06  a4 9f 55 cc  1f ec cc 1e  53 94 ef 7f
|   cb 20 76 2f  11 f1 40 f1  3c 7c dc a1  f6 bd 67 03
|   9a 81 64 a6  34 ed 04 5c  41 15 bc 8d  a0 0a c9 c1
|   12 c2 65 58  6a 4e d0 69  2a 58 53 23  3c 67 14 ad
|   91 60 7c 3d  6c c3 d7 34  bb 7a 17 f6  67 05 85 0e
|   d1 02 f8 74  7b 32 33 c1  b7 11 3d 97  de 8f 25 eb
|   59 85 fa cf  50 5a e6 7c  91 51 4b a3  d7 b1 20 b6
|   df
| L5 - publicExponent:
|   01 00 01
| L2 - optional extensions:
| L3 - extensions:
| L4 - extension:
| L5 - extnID:
|   'subjectKeyIdentifier'
| L5 - critical:
|   FALSE
| L5 - extnValue:
|   04 14 68 51  8c 45 43 31  4b a0 0d fd  f1 85 81 72
|   b6 01 9a 9a  8b 0c
| L6 - keyIdentifier:
|   68 51 8c 45  43 31 4b a0  0d fd f1 85  81 72 b6 01
|   9a 9a 8b 0c
| L4 - extension:
| L5 - extnID:
|   'authorityKeyIdentifier'
| L5 - critical:
|   FALSE
| L5 - extnValue:
|   30 16 80 14  68 51 8c 45  43 31 4b a0  0d fd f1 85
|   81 72 b6 01  9a 9a 8b 0c
| L6 - authorityKeyIdentifier:
| L7 - keyIdentifier:
|   80 14 68 51  8c 45 43 31  4b a0 0d fd  f1 85 81 72
|   b6 01 9a 9a  8b 0c
| L8 - keyIdentifier:
|   68 51 8c 45  43 31 4b a0  0d fd f1 85  81 72 b6 01
|   9a 9a 8b 0c
| L4 - extension:
| L5 - extnID:
|   'basicConstraints'
| L5 - critical:
|   FALSE
| L5 - extnValue:
|   30 03 01 01  ff
| L6 - basicConstraints:
| L7 - CA:
|   ff
|   TRUE
| L1 - signatureAlgorithm:
| L2 - algorithmIdentifier:
| L3 - algorithm:
|   'sha-1WithRSAEncryption'
| L1 - signatureValue:
|   00 38 fc 71  85 b3 9c b3  b8 87 36 39  ef c1 d3 95
|   ba c3 1f 60  51 83 f3 e6  04 16 97 3d  f1 20 67 e0
|   db 11 f8 f5  e6 c0 c9 b1  1f ea 9b 4b  70 be 5d f7
|   86 5b 2a 1a  08 f5 19 b0  d2 53 70 cc  4b 1d b3 3a
|   64 2a 5d 9a  1e 94 97 41  7d dd cb 0d  78 4a ff 81
|   95 de 8b c9  fc a6 86 20  2a 4
0 38 60  ba 3c 00 cc
|   a3 d8 d3 e8  2b 07 7c 6a  cb 3d c3 4b  f3 b4 3f e6
|   98 39 30 9b  8d ed e2 af  0e 10 6c d7  3a 3c d8 79
|   33
| authcert list locked by 'add_authcert'
|   authcert inserted
| authcert list unlocked by 'add_authcert'
| Changing to directory '/etc/ipsec.d/crls'
  loading crl file 'crl.pem' (483 bytes)
|   cert blob content is not binary ASN.1
|   -----BEGIN X509 CRL-----
|   -----END X509 CRL-----
|   file coded in PEM format
| L0 - certificateList:
|   30 82 01 3c  30 81 a6 02  01 01 30 0d  06 09 2a 86
|   48 86 f7 0d  01 01 05 05  00 30 64 31  0b 30 09 06
|   03 55 04 06  13 02 58 58  31 0f 30 0d  06 03 55 04
|   08 0c 06 72  65 64 68 61  74 31 15 30  13 06 03 55
|   04 07 0c 0c  44 65 66 61  75 6c 74 20  43 69 74 79
|   31 1c 30 1a  06 03 55 04  0a 0c 13 44  65 66 61 75
|   6c 74 20 43  6f 6d 70 61  6e 79 20 4c  74 64 31 0f
|   30 0d 06 03  55 04 03 0c  06 72 65 64  68 61 74 17
|   0d 31 34 30  31 31 36 30  37 32 31 30  33 5a 17 0d
|   31 34 30 32  31 35 30 37  32 31 30 33  5a a0 0e 30
|   0c 30 0a 06  03 55 1d 14  04 03 02 01  01 30 0d 06
|   09 2a 86 48  86 f7 0d 01  01 05 05 00  03 81 81 00
|   4f 5c bd c4  00 fc a5 6f  62 bd c6 db  69 c2 44 bf
|   5b 5d 6d 03  3a 17 eb 91  b5 fe 40 a5  25 c2 a2 12
|   c0 ac ba d1  ce 63 fc 18  eb 56 56 a5  12 eb 8f fe
|   77 fd c0 4e  a0 90 22 18  12 40 fa f9  aa 0e f3 97
|   a9 94 35 ae  eb f9 aa 22  bf 4b 0d c5  d0 4d c1 60
|   78 59 5c dd  cb 0e 16 64  b5 94 b1 a3  c9 83 5f a3
|   d5 1b 94 2d  c4 8e ed 10  01 ec f1 46  77 49 5f 4a
|   9e 4a 7f 34  5b 15 c5 d3  e0 85 d7 40  51 0b 6a 38
| L1 - tbsCertList:
|   30 81 a6 02  01 01 30 0d  06 09 2a 86  48 86 f7 0d
|   01 01 05 05  00 30 64 31  0b 30 09 06  03 55 04 06
|   13 02 58 58  31 0f 30 0d  06 03 55 04  08 0c 06 72
|   65 64 68 61  74 31 15 30  13 06 03 55  04 07 0c 0c
|   44 65 66 61  75 6c 74 20  43 69 74 79  31 1c 30 1a
|   06 03 55 04  0a 0c 13 44  65 66 61 75  6c 74 20 43
|   6f 6d 70 61  6e 79 20 4c  74 64 31 0f  30 0d 06 03
|   55 04 03 0c  06 72 65 64  68 61 74 17  0d 31 34 30
|   31 31 36 30  37 32 31 30  33 5a 17 0d  31 34 30 32
|   31 35 30 37  32 31 30 33  5a a0 0e 30  0c 30 0a 06
|   03 55 1d 14  04 03 02 01  01
| L2 - version:
|   01
|   v2
| L2 - signature:
| L3 - algorithmIdentifier:
| L4 - algorithm:
|   'sha-1WithRSAEncryption'
| L2 - issuer:
|   30 64 31 0b  30 09 06 03  55 04 06 13  02 58 58 31
|   0f 30 0d 06  03 55 04 08  0c 06 72 65  64 68 61 74
|   31 15 30 13  06 03 55 04  07 0c 0c 44  65 66 61 75
|   6c 74 20 43  69 74 79 31  1c 30 1a 06  03 55 04 0a
|   0c 13 44 65  66 61 75 6c  74 20 43 6f  6d 70 61 6e
|   79 20 4c 74  64 31 0f 30  0d 06 03 55  04 03 0c 06
|   72 65 64 68  61 74
|   'C=XX, ST=redhat, L=Default City, O=Default Company Ltd, CN=redhat'
| L2 - thisUpdate:
| L3 - utcTime:
|   'Jan 16 07:21:03 UTC 2014'
| L2 - nextUpdate:
| L3 - utcTime:
|   'Feb 15 07:21:03 UTC 2014'
| L2 - optional extensions:
| L3 - crlExtensions:
| L4 - extension:
| L5 - extnID:
|   55 1d 14
| L5 - critical:
|   FALSE
| L5 - extnValue:
|   02 01 01
| L1 - signatureAlgorithm:
| L2 - algorithmIdentifier:
| L3 - algorithm:
|   'sha-1WithRSAEncryption'
| L1 - signatureValue:
|   00 4f 5c bd  c4 00 fc a5  6f 62 bd c6  db 69 c2 44
|   bf 5b 5d 6d  03 3a 17 eb  91 b5 fe 40  a5 25 c2 a2
|   12 c0 ac ba  d1 ce 63 fc  18 eb 56 56  a5 12 eb 8f
|   fe 77 fd c0  4e a0 90 22  18 12 40 fa  f9 aa 0e f3
|   97 a9 94 35  ae eb f9 aa  22 bf 4b 0d  c5 d0 4d c1
|   60 78 59 5c  dd cb 0e 16  64 b5 94 b1  a3 c9 83 5f
|   a3 d5 1b 94  2d c4 8e ed  10 01 ec f1  46 77 49 5f
|   4a 9e 4a 7f  34 5b 15 c5  d3 e0 85 d7  40 51 0b 6a
|   38
| authcert list locked by 'insert_crl'
| crl issuer cacert found
| signature algorithm: 'sha-1WithRSAEncryption'
|   digest:  02 80 08 b9  93 f4 76 f6  5b e
3 07 9d  0a 7f 5e 40
|   digest:  13 77 6e df
| NSS cert: modulus : 
|   00 ae c7 47  c1 c6 91 cc  8c 11 9d e5  75 03 3a 0f
|   ef 75 7d 06  a4 9f 55 cc  1f ec cc 1e  53 94 ef 7f
|   cb 20 76 2f  11 f1 40 f1  3c 7c dc a1  f6 bd 67 03
|   9a 81 64 a6  34 ed 04 5c  41 15 bc 8d  a0 0a c9 c1
|   12 c2 65 58  6a 4e d0 69  2a 58 53 23  3c 67 14 ad
|   91 60 7c 3d  6c c3 d7 34  bb 7a 17 f6  67 05 85 0e
|   d1 02 f8 74  7b 32 33 c1  b7 11 3d 97  de 8f 25 eb
|   59 85 fa cf  50 5a e6 7c  91 51 4b a3  d7 b1 20 b6
|   df
| NSS cert: exponent : 
|   01 00 01
| NSS: input signature : 
|   00 4f 5c bd  c4 00 fc a5  6f 62 bd c6  db 69 c2 44
|   bf 5b 5d 6d  03 3a 17 eb  91 b5 fe 40  a5 25 c2 a2
|   12 c0 ac ba  d1 ce 63 fc  18 eb 56 56  a5 12 eb 8f
|   fe 77 fd c0  4e a0 90 22  18 12 40 fa  f9 aa 0e f3
|   97 a9 94 35  ae eb f9 aa  22 bf 4b 0d  c5 d0 4d c1
|   60 78 59 5c  dd cb 0e 16  64 b5 94 b1  a3 c9 83 5f
|   a3 d5 1b 94  2d c4 8e ed  10 01 ec f1  46 77 49 5f
|   4a 9e 4a 7f  34 5b 15 c5  d3 e0 85 d7  40 51 0b 6a
|   38
| RSA Signature length is 128
| NSS digest sig:   30 21 30 09  06 05 2b 0e  03 02 1a 05  00 04 14 02
| NSS digest sig:   80 08 b9 93  f4 76 f6 5b  e3 07 9d 0a  7f 5e 40 13
| NSS digest sig:   77 6e df
| NSS: length of digest sig = 35
| NSS scratchpad plus computed digest sig: 
|   30 21 30 09  06 05 2b 0e  03 02 1a 05  00 04 14 02
|   80 08 b9 93  f4 76 f6 5b  e3 07 9d 0a  7f 5e 40 13
|   77 6e df
| NSS adjusted digest sig: 
|   02 80 08 b9  93 f4 76 f6  5b e3 07 9d  0a 7f 5e 40
|   13 77 6e df
| NSS expected digest sig: 
|   02 80 08 b9  93 f4 76 f6  5b e3 07 9d  0a 7f 5e 40
|   13 77 6e df
| NSS: RSA Signature verified, hash values matched
| authcert list unlocked by 'insert_crl'
| valid crl signature
| crl list locked by 'insert_crl'
| crl list unlocked by 'insert_crl'
| selinux support is enabled. 
| inserting event EVENT_LOG_DAILY, timeout in 3706 seconds
| event added after event EVENT_REINIT_SECRET
| next event EVENT_PENDING_DDNS in 60 seconds
| calling addconn helper using execve
|  
| *received whack message
| entering aalg_getbyname_ike()
| raw_alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=1
| Added new connection ikev2 with policy PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
| from whack: got --esp=3des-aes_xcbc
| esp string values: 3DES(3)_000-AES_XCBC(9)_000
| ike (phase1) algorithm values: 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
| counting wild cards for 2001:db8:1:1::1234 is 0
| counting wild cards for 2001:db8:f:1::1 is 0
added connection description "ikev2"
| 2001:db8:1:1::1234<2001:0db8:0001:0001::1234>...2001:db8:f:1::1<2001:0db8:000f:0001::1>
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+PFS+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
| * processed 0 messages from cryptographic helpers 
| next event EVENT_PENDING_DDNS in 59 seconds
| next event EVENT_PENDING_DDNS in 59 seconds
|  
| *received whack message
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface p7p1 
| found p7p1 with address 10.66.13.22
| Inspecting interface p6p1 
| found p6p1 with address 192.168.0.10
adding interface p6p1/p6p1 192.168.0.10:500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
| NAT-Traversal: Trying old style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
adding interface p6p1/p6p1 192.168.0.10:4500
adding interface p7p1/p7p1 10.66.13.22:500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
| NAT-Traversal: Trying old style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
adding interface p7p1/p7p1 10.66.13.22:4500
adding interface lo/lo 127.0.0.1:500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)
| NAT-Traversal: Trying old style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for old style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
| found p6p2 with address 3ffe:0501:ffff:0101:0215:17ff:fe3c:c669
| found p6p1 with address 3ffe:0501:ffff:0100:0215:17ff:fe3c:c668
| found p6p1 with address 2001:0db8:0001:0001:0000:0000:0000:1234
adding interface p6p1/p6p1 2001:db8:1:1::1234:500
adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500
adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500
adding interface lo/lo ::1:500
| connect_to_host_pair: 2001:db8:1:1::1234:500 2001:db8:f:1::1:500 -> hp:none 
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshard_secrets'
loading secrets from "/etc/ipsec.secrets"
| id type added to secret(0x7fb1cdedd540) PPK_PSK: %any
| id type added to secret(0x7fb1cdedd540) PPK_PSK: %any
| Processing PSK at line 1: passed
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| * processed 0 messages from cryptographic helpers 
| next event EVENT_PENDING_DDNS in 59 seconds
| next event EVENT_PENDING_DDNS in 59 seconds
|  
| *received whack message
| processing connection ikev2
| kernel_alg_db_new() initial trans_cnt=128
| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
| kernel_alg_db_new()     trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9
| returning new proposal from esp_info
| creating state object #1 at 0x7fb1cdedd6d0
| processing connection ikev2
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 9
| inserting state object #1
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
| event added at head of queue
| processing connection ikev2
| Queuing pending Quick Mode with 2001:db8:f:1::1 "ikev2"
"ikev2" #1: initiating v2 parent SA
| crypto helper 0: pcw_work: 0
| asking crypto helper 0 to do build_kenonce; request ID 1 (len=2768, pcw_work=0)
| #1 send_crypto_helper_request:519 st->st_calculating = TRUE;
| crypto helper 0 read fd: 8
| crypto helper 0 doing build_kenonce; request ID 1
| deleting event for #1
| NSS: Value of Prime:
|   ff ff ff ff  ff ff ff ff  c9 0f da a2  21 68 c2 34
|   c4 c6 62 8b  80 dc 1c d1  29 02 4e 08  8a 67 cc 74
|   02 0b be a6  3b 13 9b 22  51 4a 08 79  8e 34 04 dd
|   ef 95 19 b3  cd 3a 43 1b  30 2b 0a 6d  f2 5f 14 37
|   4f e1 35 6d  6d 51 c2 45  e4 85 b5 76  62 5e 7e c6
|   f4 4c 42 e9  a6 37 ed 6b  0b ff 5c b6  f4 06 b7 ed
|   ee 38 6b fb  5a 89 9f a5  ae 9f 24 11  7c 4b 1f e6
|   49 28 66 51  ec e6 53 81  ff ff ff ff  ff ff ff ff
| NSS: Value of base:
|   02
| inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
| event added after event EVENT_PENDING_PHASE2
| * processed 0 messages from cryptographic helpers 
| NSS: generated dh priv and pub keys: 128 
| NSS: Local DH secret (pointer): 0x7fb1cded1bf0 
| NSS: Public DH value sent(computed in NSS):
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  8
2 cf f2 5c
| NSS: Local DH public value (pointer): 0x7fb1cdec8a60 
| next event EVENT_PENDING_DDNS in 59 seconds
| next event EVENT_PENDING_DDNS in 59 seconds
| Generated nonce:
|   56 45 a7 0c  f9 0a c1 94  06 48 c7 b5  1a 7c 33 16
| reaped addconn helper child
|  
| crypto helper 0 has finished work (pcw_work now 1)
| crypto helper 0 replies to request ID 1
| calling continuation function 0x7fb1cc0c32b0
| ikev2_parent_outI1_continue for #1: calculated ke+nonce, sending I1
| processing connection ikev2
| #1 ikev2_parent_outI1_continue:284 st->st_calculating = FALSE;
| ikev2_parent_outI1_tail for #1
| saving DH priv (local secret) and pub key into state struct
| **emit ISAKMP Message:
|    initiator cookie:
|   2b 9e 29 76  e4 88 8c 81
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_IKE_INIT
|    message ID:  00 00 00 00
| ***emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
| ****emit IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_LAST
|    prop #: 1
|    proto ID: IKEv2_SEC_PROTO_IKE
|    spi size: 0
|    # transforms: 4
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    IKEv2 transform type: TRANS_TYPE_ENCR
|    IKEv2 transform ID: 3DES
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    IKEv2 transform type: TRANS_TYPE_INTEG
|    IKEv2 transform ID: AUTH_HMAC_SHA1_96
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    IKEv2 transform type: TRANS_TYPE_PRF
|    IKEv2 transform ID: PRF_HMAC_SHA1
| emitting length of IKEv2 Transform Substructure Payload: 8
| *****emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST
|    IKEv2 transform type: TRANS_TYPE_DH
|    IKEv2 transform ID: OAKLEY_GROUP_MODP1024
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 40
| emitting length of IKEv2 Security Association Payload: 44
| ***emit IKEv2 Key Exchange Payload:
|    IKEv2 next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    DH group: OAKLEY_GROUP_MODP1024
| emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
| ikev2 g^x  ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
| ikev2 g^x  2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
| ikev2 g^x  56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
| ikev2 g^x  ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
| ikev2 g^x  13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
| ikev2 g^x  51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
| ikev2 g^x  e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
| ikev2 g^x  4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
| emitting length of IKEv2 Key Exchange Payload: 136
| ***emit IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2N
|    critical bit: none
| emitting 16 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
| IKEv2 nonce  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5  1a 7c 33 16
| emitting length of IKEv2 Nonce Payload: 20
|  NAT-Traversal support  [enabled] add v2N payloads.
| natd_hash: Warning, rcookie is zero !!
| natd_hash: hasher=0x7fb1cc3825c0(20)
| natd_hash: icookie=  2b 9e 29 76  e4 88 8c 81
| natd_hash: rcookie=  00 00 00 00  00 00 00 00
| natd_hash: port=500
| natd_hash: hash=  ea c6 11 df  d3 0d d4 bd  df 8a 4c c5  c7 59 50 13
| natd_hash: hash=  81 b7 b0 65
| Adding a v2N Paylo
ad
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2N
|    critical bit: none
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  ea c6 11 df  d3 0d d4 bd  df 8a 4c c5  c7 59 50 13
| Notify data  81 b7 b0 65
| emitting length of IKEv2 Notify Payload: 28
| natd_hash: Warning, rcookie is zero !!
| natd_hash: hasher=0x7fb1cc3825c0(20)
| natd_hash: icookie=  2b 9e 29 76  e4 88 8c 81
| natd_hash: rcookie=  00 00 00 00  00 00 00 00
| natd_hash: port=500
| natd_hash: hash=  e5 c8 c5 9b  d9 fb 64 77  6b 2c 95 2e  16 48 66 db
| natd_hash: hash=  3b 52 2a 40
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE
|    critical bit: none
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data  e5 c8 c5 9b  d9 fb 64 77  6b 2c 95 2e  16 48 66 db
| Notify data  3b 52 2a 40
| emitting length of IKEv2 Notify Payload: 28
| no IKE message padding required
| emitting length of ISAKMP Message: 284
| sending 284 bytes for ikev2_parent_outI1_common through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
|   2b 9e 29 76  e4 88 8c 81  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
|   29 00 00 14  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5
|   1a 7c 33 16  29 00 00 1c  00 00 40 04  ea c6 11 df
|   d3 0d d4 bd  df 8a 4c c5  c7 59 50 13  81 b7 b0 65
|   00 00 00 1c  00 00 40 05  e5 c8 c5 9b  d9 fb 64 77
|   6b 2c 95 2e  16 48 66 db  3b 52 2a 40
| deleting event for #1
| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1
| event added at head of queue
| complete v2 state transition with STF_OK
"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1
"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event
| * processed 1 messages from cryptographic helpers 
| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
|  
| next event EVENT_v2_RETRANSMIT in 0 seconds for #1
| *time to handle event
| handling event EVENT_v2_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 49 seconds
| processing connection ikev2
| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0
| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
|   2b 9e 29 76  e4 88 8c 81  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
|   29 00 00 14  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5
|   1a 7c 33 16  29 00 00 1c  00 00 40 04  ea c6 11 df
|   d3 0d d4 bd  df 8a 4c c5  c7 59 50 13  81 b7 b0 65
|   00 00 00 1c  00 00 40 05  e5 c8 c5 9b  d9 fb 64 77
|   6b 2c 95 2e  16 48 66 db  3b 52 2a 40
| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #1
| event added at head of queue
| next event EVENT_v2_RETRANSMIT in 10 seconds for #1
|  
| next event EVENT_v2_RETRANSMIT in 0 seconds for #1
| *time to handle event
| handling event EVENT_v2_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 39 seconds
| processing connection ikev2
| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #1 attempt 2 of 0
| sending 284 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #1)
|   2b 9e 29 76  e4 88 8c 81  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
|   29 00 00 14  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5
|   1a 7c 33 16  29 00 00 1c  00 00 40 04  ea c6 11 df
|   d3 0d d4 bd  df 8a 4c c5  c7 59 50 13  81 b7 b0 65
|   00 00 00 1c  00 00 40 05  e5 c8 c5 9b  d9 fb 64 77
|   6b 2c 95 2e  16 48 66 db  3b 52 2a 40
| inserting event EVENT_v2_RETRANSMIT, timeout in 20 seconds for #1
| event added at head of queue
| next event EVENT_v2_RETRANSMIT in 20 seconds for #1
|  
| *received 247 bytes from 2001:db8:f:1::1:500 on p6p1 (port=500)
|   2b 9e 29 76  e4 88 8c 81  fb 83 ef 30  b2 06 35 30
|   21 20 22 20  00 00 00 00  00 00 00 f7  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  02 00 00 02  03 00 00 08  03 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ba f1 50 71  53 5a 2d 74  60 8e cc 22  c1 d4 de d0
|   19 bd 0c ed  40 a5 ba 76  89 a8 df 49  f9 9c 74 10
|   60 8d df 37  9d f6 a7 2b  48 e9 08 bb  6f b5 a3 ec
|   0e de d7 55  84 f2 ec 7a  fc c6 25 9a  91 c2 33 8b
|   66 9f fa 01  14 77 a3 08  08 27 e6 95  01 8f f1 68
|   49 ba 53 18  c3 54 0c 01  a5 84 0a 9c  b5 93 c5 04
|   16 f3 e7 56  c4 37 27 6a  5c 07 5f fd  73 da 9a 37
|   ec 75 0a 89  64 0c c6 2a  6a 19 1e 36  8e 9a 23 f6
|   00 00 00 27  f9 4d 4e 97  81 58 68 e9  03 50 87 65
|   ac bf b9 8d  2c fa 65 6b  fa 15 bf 28  d7 0c 95 12
|   61 fa e4 fc  fa b5 e0
| **parse ISAKMP Message:
|    initiator cookie:
|   2b 9e 29 76  e4 88 8c 81
|    responder cookie:
|   fb 83 ef 30  b2 06 35 30
|    next payload type: ISAKMP_NEXT_v2SA
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_SA_INIT
|    flags: ISAKMP_FLAG_MSG_RESPONSE
|    message ID:  00 00 00 00
|    length: 247
|  processing version=2.0 packet with exchange type=ISAKMP_v2_SA_INIT (34)
| I am receiving an IKE Response
| I am the IKE SA Original Initiator
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  fb 83 ef 30  b2 06 35 30
| state hash entry 25
| parent v2 state object not found
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 9
| parent v2 peer and cookies match on #1
| v2 state object #1 found, in STATE_PARENT_I1
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 9
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  fb 83 ef 30  b2 06 35 30
| state hash entry 25
| inserting state object #1
| state found and its state is STATE_PARENT_I1
| selected state microcode Initiator: process anti-spoofing cookie
| #1 state_busy:1855 st != NULL && st->st_calculating == FALSE;
| processing connection ikev2
| Now let's proceed with payload (ISAKMP_NEXT_v2SA)
| ***parse IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2KE
|    critical bit: none
|    length: 44
| processing payload: ISAKMP_NEXT_v2SA (len=44) 
| Now let's proceed with payload (ISAKMP_NEXT_v2KE)
| ***parse IKEv2 Key Exchange Payload:
|    IKEv2 next payload type: ISAKMP_NEXT_v2Ni
|    critical bit: none
|    length: 136
|    DH group: OAKLEY_GROUP_MODP1024
| processing payload: ISAKMP_NEXT_v2KE (len=136) 
| Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
| ***parse IKEv2 Nonce Payload:
|    next payload type: ISAKMP_NEXT_v2NONE
|    critical bit: none
|    length: 39
| processing payload: ISAKMP_NEXT_v2Ni (len=39) 
| ikev2_process_payload trying next svm: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
| Now lets proceed with state specific processing
| calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
| ikev2 parent inR1: calculating g^{xy} in order to send I2
| DH public value received:
|   ba f1 50 71  53 5a 2d 74  60 8e cc 22  c1 d4 de d0
|   19 bd 0c ed  40 a5 ba 76  89 a8 df 49  f9 9c 74 10
|   60 8d df 37  9d f6 a7 2b  48 e9 08 bb  6f b5 a3 ec
|   0e de d7 55  84 f2 ec 7a  fc c6 25 9a  91 c2 33 8b
|   66 9f fa 01  14 77 a3 08  08 27 e6 95  01 8f f1 68
|   49 ba 53 18  c3 54 0c 01  a5 84 0a 9c  b5 93 c5 04
|   16 f3 e7 56  c4 37 27 6a  5c 07 5f fd  73 da 9a 37
|   ec 75 0a 89  64 0c c6 2a  6a 19 1e 36  8e 9a 23 f6
| ****parse IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_LAST
|    length: 40
|    prop #: 1
|    proto ID: IKEv2_SEC_PROTO_IKE
|    spi size: 0
|    # transforms: 4
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    length: 8
|    IKEv2 transform type: TRANS_TYPE_ENCR
|    IKEv2 transform ID: 3DES
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    length: 8
|    IKEv2 transform type: TRANS_TYPE_PRF
|    IKEv2 transform ID: PRF_HMAC_SHA1
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    length: 8
|    IKEv2 transform type: TRANS_TYPE_INTEG
|    IKEv2 transform ID: AUTH_HMAC_SHA1_96
| *****parse IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST
|    length: 8
|    IKEv2 transform type: TRANS_TYPE_DH
|    IKEv2 transform ID: OAKLEY_GROUP_MODP1024
| ipprotoid is '1'
| considering Transform Type TRANS_TYPE_ENCR, TransID 3
| encrid(3), keylen(-1), encr_keylen(-1)
| proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1))
| considering Transform Type TRANS_TYPE_INTEG, TransID 2
|             succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1))
| considering Transform Type TRANS_TYPE_PRF, TransID 2
|             succeeded prf=  (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1))
| considering Transform Type TRANS_TYPE_DH, TransID 2
|             succeeded dh=   (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024)
| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=3DES
| Copying DH pub key pointer to be sent to a thread helper
| crypto helper 0: pcw_work: 0
| asking crypto helper 0 to do compute dh (V2); request ID 2 (len=2768, pcw_work=0)
| #1 






15:11:20

kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt  operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''

kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt  operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1


DEBUG : start kRemoteLogin
Connected
arted DH shared-secret computation in NSS: 
| Dropped no leading zeros 128
| calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 746 usec
| NSS: Started key computation 
| calculating skeyseed using prf=PRF_HMAC_SHA1 integ=AUTH_HMAC_SHA1_96 cipherkey=24
| skeyid inputs (digi+NI+NR+shared) hasher: oakley_sha
| ni:   56 45 a7 0c  f9 0a c1 94  06 48 c7 b5  1a 7c 33 16
| nr:   f9 4d 4e 97  81 58 68 e9  03 50 87 65  ac bf b9 8d
| nr:   2c fa 65 6b  fa 15 bf 28  d7 0c 95 12  61 fa e4 fc
| nr:   fa b5 e0
| NSS: digisig skeyid pointer: 0x7fb1c000a7c0
| PRF+ input
| Ni  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5  1a 7c 33 16
| Nr  f9 4d 4e 97  81 58 68 e9  03 50 87 65  ac bf b9 8d
| Nr  2c fa 65 6b  fa 15 bf 28  d7 0c 95 12  61 fa e4 fc
| Nr  fa b5 e0
| SPIi  2b 9e 29 76  e4 88 8c 81
| SPIr  fb 83 ef 30  b2 06 35 30
| Total keysize needed 148
| NSS ikev2: finished computing key material for IKEv2 SA 
| NSS ikev2: finished computing individual keys for IKEv2 SA 
| calc_skeyseed_v2 pointers: shared 0x7fb1c00043d0, skeyseed 0x7fb1c000a7c0, SK_d 0x7fb1c000c0c0, SK_ai 0x7fb1c0008f40, SK_ar 0x7fb1c000d890, SK_ei 0x7fb1c00075b0, SK_er 0x7fb1c0000d40, SK_pi 0x7fb1c000f1a0, SK_pr 0x7fb1c0010ab0
|  
| crypto helper 0 has finished work (pcw_work now 1)
| crypto helper 0 replies to request ID 2
| calling continuation function 0x7fb1cc0c3e80
| ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2
| processing connection ikev2
| #1 ikev2_parent_inR1outI2_continue:1234 st->st_calculating = FALSE;
| duplicating state object #1
| creating state object #2 at 0x7fb1cdedf500
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  fb 83 ef 30  b2 06 35 30
| state hash entry 25
| inserting state object #2
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
| event added at head of queue
| deleting event for #1
| inserting event EVENT_SA_REPLACE, timeout in 27807 seconds for #1
| event added after event EVENT_LOG_DAILY
| **emit ISAKMP Message:
|    initiator cookie:
|   2b 9e 29 76  e4 88 8c 81
|    responder cookie:
|   fb 83 ef 30  b2 06 35 30
|    next payload type: ISAKMP_NEXT_v2E
|    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
|    exchange type: ISAKMP_v2_AUTH
|    flags: ISAKMP_FLAG_IKE_INIT
|    message ID:  00 00 00 01
| ***emit IKEv2 Encryption Payload:
|    next payload type: ISAKMP_NEXT_v2IDi
|    critical bit: none
| emitting 8 zero bytes of iv into IKEv2 Encryption Payload
| IKEv2 thinking whether to send my certificate:
|  my policy has no RSASIG, the policy is : PSK+ENCRYPT+PFS+UP+IKEV1_DISABLE+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW
|  sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
|  so do not send cert.
| I did not send a certificate because digital s

ignatures are not being used. (PSK)
| *****emit IKEv2 Identification Payload:
|    next payload type: ISAKMP_NEXT_v2AUTH
|    critical bit: none
|    id_type: ID_IPV6_ADDR
| emitting 16 raw bytes of my identity into IKEv2 Identification Payload
| my identity  20 01 0d b8  00 01 00 01  00 00 00 00  00 00 12 34
| emitting length of IKEv2 Identification Payload: 24
| idhash calc I2  05 00 00 00  20 01 0d b8  00 01 00 01  00 00 00 00
| idhash calc I2  00 00 12 34
| hmac_update data value: 
|   05 00 00 00  20 01 0d b8  00 01 00 01  00 00 00 00
|   00 00 12 34
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| *****emit IKEv2 Authentication Payload:
|    next payload type: ISAKMP_NEXT_v2SA
|    critical bit: none
|    auth method: IKEv2_AUTH_SHARED
| started looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK
| actually looking for secret for 2001:db8:1:1::1234->2001:db8:f:1::1 of kind PPK_PSK
| line 1: key type PPK_PSK(2001:db8:1:1::1234) to type PPK_PSK 
| 1: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2
| 2: compared key %any to 2001:db8:1:1::1234 / 2001:db8:f:1::1 -> 2
| line 1: match=2 
| best_match 0>2 best=0x7fb1cdedd540 (line=1)
| concluding with best_match=2 best=0x7fb1cdedd540 (lineno=1)
| hmac_update data value: 
|   4b 65 79 20  50 61 64 20  66 6f 72 20  49 4b 45 76
|   32
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| negotiated prf: oakley_sha hash length: 20
| inner prf output  39 cf c8 93  0c 25 cb 0e  02 cc 09 14  9e 4e 66 ea
| inner prf output  6b 6a a6 1e
| hmac_update data value: 
|   2b 9e 29 76  e4 88 8c 81  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
|   29 00 00 14  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5
|   1a 7c 33 16  29 00 00 1c  00 00 40 04  ea c6 11 df
|   d3 0d d4 bd  df 8a 4c c5  c7 59 50 13  81 b7 b0 65
|   00 00 00 1c  00 00 40 05  e5 c8 c5 9b  d9 fb 64 77
|   6b 2c 95 2e  16 48 66 db  3b 52 2a 40
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| hmac_update data value: 
|   f9 4d 4e 97  81 58 68 e9  03 50 87 65  ac bf b9 8d
|   2c fa 65 6b  fa 15 bf 28  d7 0c 95 12  61 fa e4 fc
|   fa b5 e0
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| hmac_update data value: 
|   fe 21 c7 df  19 a9 4d e3  ce 7f 5d a3  c9 59 e7 58
|   62 c4 fa e8
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| inputs to hash1 (first packet)
|   2b 9e 29 76  e4 88 8c 81  00 00 00 00  00 00 00 00
|   21 20 22 08  00 00 00 00  00 00 01 1c  22 00 00 2c
|   00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
|   03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
|   00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
|   ea 29 2b e1  84 93 48 ee  de 51 aa 32  f3 41 3c a5
|   2e 79 9e b0  7f d1 27 e8  0b 6d 40 33  31 d5 e1 4c
|   56 4e 52 75  e9 9d 31 fa  11 da 84 10  2d a4 78 05
|   ef df e7 c5  48 d4 1e af  6e bb ba a5  90 fe ba 1c
|   13 83 b8 90  3b b8 51 2c  c2 c9 29 36  0d 3b 8c d0
|   51 f8 78 06  34 8c 50 25  4f e8 a6 11  ae 5a c4 49
|   e8 e1 97 93  e3 93 d4 b2  72 ae dc d9  74 b8 5e 44
|   4d da 5a 40  18 f1 5c 19  57 d8 9b 96  82 cf f2 5c
|   29 00 00 14  56 45 a7 0c  f9 0a c1 94  06 48 c7 b5
|   1a 7c 33 16  29 00 00 1c  00 00 40 04  ea c6 11 df
|   d3 0d d4 bd  df 8a 4c c5  c7 59 50 13  81 b7 b0 65
|   00 00 00 1c  00 00 40 05  e5 c8 c5 9b  d9 fb 64 77
|   6b 2c 95 2e  16 48 66 db  3b 52 2a 40
| inputs to hash2 (responder nonce)
|   f9 4d 4e 97  81 58 68 e9  03 50 87 65  ac bf b9 8d
|   2c fa 65 6b  fa 15 bf 28  d7 0c 95 12  61 fa e4 fc
|   fa b5 e0
| idhash  fe 21 c7 df  19 a9 4d e3  ce 7f 5d a3  c9 59 e7 58
| idhash  62 c4 fa e8
| PSK auth octets  c0 c3 9e cc  b3 01 9f 28  22 95 1d a9  fc f2 fd b5
| PSK auth octets  2d 90 c4 d6
| emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload
| PSK auth  c0 c3 9e cc  b3 01 9f 28  22 95 1d a9  fc f2 fd b5
| PSK auth  2d 90 c4 d6
| emitting length of IKEv2 Authentication Payload: 28
| getting first pending from state #1
| kernel_alg_db_new() initial trans_cnt=128
| kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
| kernel_alg_db_new()     trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=9
| returning new proposal from esp_info
| *****emit IKEv2 Security Association Payload:
|    next payload type: ISAKMP_NEXT_v2TSi
|    critical bit: none
| netlink_get_spi: allocated 0x4a7b2df0 for esp:0@2001:db8:1:1::1234
| ******emit IKEv2 Proposal Substructure Payload:
|    last proposal: v2_PROPOSAL_LAST
|    prop #: 1
|    proto ID: IKEv2_SEC_PROTO_ESP
|    spi size: 4
|    # transforms: 3
| emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
| our spi  4a 7b 2d f0
| *******emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    IKEv2 transform type: TRANS_TYPE_ENCR
|    IKEv2 transform ID: 3DES
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_NON_LAST
|    IKEv2 transform type: TRANS_TYPE_INTEG
|    IKEv2 transform ID: AUTH_NONE
| emitting length of IKEv2 Transform Substructure Payload: 8
| *******emit IKEv2 Transform Substructure Payload:
|    last transform: v2_TRANSFORM_LAST
|    IKEv2 transform type: TRANS_TYPE_ESN
|    IKEv2 transform ID: ESN_DISABLED
| emitting length of IKEv2 Transform Substructure Payload: 8
| emitting length of IKEv2 Proposal Substructure Payload: 36
| emitting length of IKEv2 Security Association Payload: 40
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2TSr
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV6_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector
| ipv6 low  20 01 0d b8  00 01 00 01  00 00 00 00  00 00 12 34
| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector
| ipv6 high  20 01 0d b8  00 01 00 01  00 00 00 00  00 00 12 34
| emitting length of IKEv2 Traffic Selector: 40
| emitting length of IKEv2 Traffic Selector Payload: 48
| *****emit IKEv2 Traffic Selector Payload:
|    next payload type: ISAKMP_NEXT_v2N
|    critical bit: none
|    number of TS: 1
| ******emit IKEv2 Traffic Selector:
|    TS type: IKEv2_TS_IPV6_ADDR_RANGE
|    IP Protocol ID: 0
|    start port: 0
|    end port: 65535
| emitting 16 raw bytes of ipv6 low into IKEv2 Traffic Selector
| ipv6 low  20 01 0d b8  00 0f 00 01  00 00 00 00  00 00 00 01
| emitting 16 raw bytes of ipv6 high into IKEv2 Traffic Selector
| ipv6 high  20 01 0d b8  00 0f 00 01  00 00 00 00  00 00 00 01
| emitting length of IKEv2 Traffic Selector: 40
| emitting length of IKEv2 Traffic Selector Payload: 48
| Initiator child policy is transport mode, sendin
g v2N_USE_TRANSPORT_MODE
| Adding a v2N Payload
| *****emit IKEv2 Notify Payload:
|    next payload type: ISAKMP_NEXT_v2NONE
|    critical bit: none
|    Protocol ID: PROTO_RESERVED
|    SPI size: 0
|    Notify Message Type: v2N_USE_TRANSPORT_MODE
| emitting 0 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data
| emitting length of IKEv2 Notify Payload: 8
| emitting 4 raw bytes of padding and length into cleartext
| padding and length  00 01 02 03
| emitting 12 zero bytes of length of truncated HMAC into IKEv2 Encryption Payload
| emitting length of IKEv2 Encryption Payload: 224
| emitting length of ISAKMP Message: 252
| data before encryption:
|   27 00 00 18  05 00 00 00  20 01 0d b8  00 01 00 01
|   00 00 00 00  00 00 12 34  21 00 00 1c  02 00 00 00
|   c0 c3 9e cc  b3 01 9f 28  22 95 1d a9  fc f2 fd b5
|   2d 90 c4 d6  2c 00 00 28  00 00 00 24  01 03 04 03
|   4a 7b 2d f0  03 00 00 08  01 00 00 03  03 00 00 08
|   03 00 00 00  00 00 00 08  05 00 00 00  2d 00 00 30
|   01 00 00 00  08 00 00 28  00 00 ff ff  20 01 0d b8
|   00 01 00 01  00 00 00 00  00 00 12 34  20 01 0d b8
|   00 01 00 01  00 00 00 00  00 00 12 34  29 00 00 30
|   01 00 00 00  08 00 00 28  00 00 ff ff  20 01 0d b8
|   00 0f 00 01  00 00 00 00  00 00 00 01  20 01 0d b8
|   00 0f 00 01  00 00 00 00  00 00 00 01  00 00 00 08
|   00 00 40 07  00 01 02 03
| NSS: do_3des init start
| NSS: do_3des init end
| data after encryption:
|   ab 26 26 ad  11 33 c4 19  72 43 dd 9c  cd cf d8 64
|   4f 7a 3c 83  5f f5 94 73  12 ed 2a 8c  c1 32 41 71
|   f8 7c 03 98  68 e2 8c 5d  68 14 72 8c  c1 5c 7b 3a
|   6a 61 c6 5c  15 cd e1 57  51 b1 4a 7d  50 6a 59 19
|   4f e0 2f 75  db be 5a c3  ef 9f fc 57  51 d0 45 e7
|   a1 38 af 4f  50 a4 9f f7  16 f6 67 60  10 c8 89 0b
|   2e 14 f5 1f  9c cc dd c5  a9 52 3e 3e  63 32 07 d4
|   68 37 51 2c  80 2c c9 9e  d0 5d 5f fa  91 68 42 c0
|   c6 fd fe d5  bd bc 1a ec  bc dc b0 11  79 9b 8a c2
|   77 ad eb 76  55 52 06 26  5b b8 31 b9  45 4f 34 6e
|   d6 3a 05 fe  25 0d 95 34  8c a1 c5 69  ab 4c 20 e6
|   1e 76 a3 55  f1 31 c4 c1  62 59 f6 e3  1a a2 a9 82
|   cf 02 e4 f8  ce 6c 17 2f
| Inside authloc
| authkey pointer: 0x7fb1c0008f40
| Inside authloc after init
| hmac_update data value: 
|   2b 9e 29 76  e4 88 8c 81  fb 83 ef 30  b2 06 35 30
|   2e 20 23 08  00 00 00 01  00 00 00 fc  23 00 00 e0
|   7c ec 0f 67  cf d3 32 f0  ab 26 26 ad  11 33 c4 19
|   72 43 dd 9c  cd cf d8 64  4f 7a 3c 83  5f f5 94 73
|   12 ed 2a 8c  c1 32 41 71  f8 7c 03 98  68 e2 8c 5d
|   68 14 72 8c  c1 5c 7b 3a  6a 61 c6 5c  15 cd e1 57
|   51 b1 4a 7d  50 6a 59 19  4f e0 2f 75  db be 5a c3
|   ef 9f fc 57  51 d0 45 e7  a1 38 af 4f  50 a4 9f f7
|   16 f6 67 60  10 c8 89 0b  2e 14 f5 1f  9c cc dd c5
|   a9 52 3e 3e  63 32 07 d4  68 37 51 2c  80 2c c9 9e
|   d0 5d 5f fa  91 68 42 c0  c6 fd fe d5  bd bc 1a ec
|   bc dc b0 11  79 9b 8a c2  77 ad eb 76  55 52 06 26
|   5b b8 31 b9  45 4f 34 6e  d6 3a 05 fe  25 0d 95 34
|   8c a1 c5 69  ab 4c 20 e6  1e 76 a3 55  f1 31 c4 c1
|   62 59 f6 e3  1a a2 a9 82  cf 02 e4 f8  ce 6c 17 2f
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| Inside authloc after update
| Inside authloc after final
| data being hmac:  2b 9e 29 76  e4 88 8c 81  fb 83 ef 30  b2 06 35 30
| data being hmac:  2e 20 23 08  00 00 00 01  00 00 00 fc  23 00 00 e0
| data being hmac:  7c ec 0f 67  cf d3 32 f0  ab 26 26 ad  11 33 c4 19
| data being hmac:  72 43 dd 9c  cd cf d8 64  4f 7a 3c 83  5f f5 94 73
| data being hmac:  12 ed 2a 8c  c1 32 41 71  f8 7c 03 98  68 e2 8c 5d
| data being hmac:  68 14 72 8c  c1 5c 7b 3a  6a 61 c6 5c  15 cd e1 57
| data being hmac:  51 b1 4a 7d  50 6a 59 19  4f e0 2f 75  db be 5a c3
| data being hmac:  ef 9f fc 57  51 d0 45 e7  a1 38 af 4f  50 a4 9f f7
| data being hmac:
  16 f6 67 60  10 c8 89 0b  2e 14 f5 1f  9c cc dd c5
| data being hmac:  a9 52 3e 3e  63 32 07 d4  68 37 51 2c  80 2c c9 9e
| data being hmac:  d0 5d 5f fa  91 68 42 c0  c6 fd fe d5  bd bc 1a ec
| data being hmac:  bc dc b0 11  79 9b 8a c2  77 ad eb 76  55 52 06 26
| data being hmac:  5b b8 31 b9  45 4f 34 6e  d6 3a 05 fe  25 0d 95 34
| data being hmac:  8c a1 c5 69  ab 4c 20 e6  1e 76 a3 55  f1 31 c4 c1
| data being hmac:  62 59 f6 e3  1a a2 a9 82  cf 02 e4 f8  ce 6c 17 2f
| out calculated auth:
|   65 91 a2 51  e9 38 53 44  3e 54 2c 39
| deleting event for #2
| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2
| event added at head of queue
| complete v2 state transition with STF_OK
"ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
"ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024}
| sending reply packet to 2001:db8:f:1::1:500 (from port 500)
| sending 252 bytes for STATE_PARENT_I1 through p6p1:500 to 2001:db8:f:1::1:500 (using #2)
|   2b 9e 29 76  e4 88 8c 81  fb 83 ef 30  b2 06 35 30
|   2e 20 23 08  00 00 00 01  00 00 00 fc  23 00 00 e0
|   7c ec 0f 67  cf d3 32 f0  ab 26 26 ad  11 33 c4 19
|   72 43 dd 9c  cd cf d8 64  4f 7a 3c 83  5f f5 94 73
|   12 ed 2a 8c  c1 32 41 71  f8 7c 03 98  68 e2 8c 5d
|   68 14 72 8c  c1 5c 7b 3a  6a 61 c6 5c  15 cd e1 57
|   51 b1 4a 7d  50 6a 59 19  4f e0 2f 75  db be 5a c3
|   ef 9f fc 57  51 d0 45 e7  a1 38 af 4f  50 a4 9f f7
|   16 f6 67 60  10 c8 89 0b  2e 14 f5 1f  9c cc dd c5
|   a9 52 3e 3e  63 32 07 d4  68 37 51 2c  80 2c c9 9e
|   d0 5d 5f fa  91 68 42 c0  c6 fd fe d5  bd bc 1a ec
|   bc dc b0 11  79 9b 8a c2  77 ad eb 76  55 52 06 26
|   5b b8 31 b9  45 4f 34 6e  d6 3a 05 fe  25 0d 95 34
|   8c a1 c5 69  ab 4c 20 e6  1e 76 a3 55  f1 31 c4 c1
|   62 59 f6 e3  1a a2 a9 82  cf 02 e4 f8  ce 6c 17 2f
|   65 91 a2 51  e9 38 53 44  3e 54 2c 39
| V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event
| * processed 1 messages from cryptographic helpers 
| next event EVENT_v2_RETRANSMIT in 10 seconds for #2
| next event EVENT_v2_RETRANSMIT in 10 seconds for #2
|  
| next event EVENT_v2_RETRANSMIT in 0 seconds for #2
| *time to handle event
| handling event EVENT_v2_RETRANSMIT
| event after this is EVENT_PENDING_DDNS in 28 seconds
| processing connection ikev2
| handling event EVENT_v2_RETRANSMIT for 2001:db8:f:1::1 "ikev2" #2 attempt 1 of 0
| sending 252 bytes for EVENT_v2_RETRANSMIT through p6p1:500 to 2001:db8:f:1::1:500 (using #2)
|   2b 9e 29 76  e4 88 8c 81  fb 83 ef 30  b2 06 35 30
|   2e 20 23 08  00 00 00 01  00 00 00 fc  23 00 00 e0
|   7c ec 0f 67  cf d3 32 f0  ab 26 26 ad  11 33 c4 19
|   72 43 dd 9c  cd cf d8 64  4f 7a 3c 83  5f f5 94 73
|   12 ed 2a 8c  c1 32 41 71  f8 7c 03 98  68 e2 8c 5d
|   68 14 72 8c  c1 5c 7b 3a  6a 61 c6 5c  15 cd e1 57
|   51 b1 4a 7d  50 6a 59 19  4f e0 2f 75  db be 5a c3
|   ef 9f fc 57  51 d0 45 e7  a1 38 af 4f  50 a4 9f f7
|   16 f6 67 60  10 c8 89 0b  2e 14 f5 1f  9c cc dd c5
|   a9 52 3e 3e  63 32 07 d4  68 37 51 2c  80 2c c9 9e
|   d0 5d 5f fa  91 68 42 c0  c6 fd fe d5  bd bc 1a ec
|   bc dc b0 11  79 9b 8a c2  77 ad eb 76  55 52 06 26
|   5b b8 31 b9  45 4f 34 6e  d6 3a 05 fe  25 0d 95 34
|   8c a1 c5 69  ab 4c 20 e6  1e 76 a3 55  f1 31 c4 c1
|   62 59 f6 e3  1a a2 a9 82  cf 02 e4 f8  ce 6c 17 2f
|   65 91 a2 51  e9 38 53 44  3e 54 2c 39
| inserting event EVENT_v2_RETRANSMIT, timeout in 10 seconds for #2
| event added at head of queue
| next event EVENT_v2_RETRANSMIT in 10 seconds for #2
|  
| *received whack message
shutting down
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshard_secrets'
| process
ing connection ikev2
"ikev2": deleting connection
| removing pending policy for "none" {0x7fb1cdedd300}
| processing connection ikev2
"ikev2" #2: deleting state (STATE_PARENT_I2)
| deleting event for #2
| deleting state #2
| deleting event for #2
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  fb 83 ef 30  b2 06 35 30
| state hash entry 25
| processing connection ikev2
"ikev2" #1: deleting state (STATE_PARENT_I2)
| deleting event for #1
| deleting state #1
| deleting event for #1
| ICOOKIE:  2b 9e 29 76  e4 88 8c 81
| RCOOKIE:  fb 83 ef 30  b2 06 35 30
| state hash entry 25
| crl fetch request list locked by 'free_crl_fetch'
| crl fetch request list unlocked by 'free_crl_fetch'
| authcert list locked by 'free_authcerts'
| authcert list unlocked by 'free_authcerts'
| crl list locked by 'free_crls'
| crl list unlocked by 'free_crls'
shutting down interface lo/lo ::1:500
shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500
shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500
shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface p7p1/p7p1 10.66.13.22:4500
shutting down interface p7p1/p7p1 10.66.13.22:500
shutting down interface p6p1/p6p1 192.168.0.10:4500
shutting down interface p6p1/p6p1 192.168.0.10:500
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:1:1::/64 dev p6p1  proto kernel  metric 256 
2001:db8:f:1::/64 via fe80::f dev p6p1  metric 1024 
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
3ffe:501:ffff:100::/64 dev p6p1  proto kernel  metric 256 
3ffe:501:ffff:101::/64 dev p6p2  proto kernel  metric 256 
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev p6p1  proto kernel  metric 256 
fe80::/64 dev p6p2  proto kernel  metric 256 
fe80::/64 dev p7p1  proto kernel  metric 256 
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:1:1::/64 dev p6p1  proto kernel  metric 256 
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
3ffe:501:ffff:100::/64 dev p6p1  proto kernel  metric 256 
3ffe:501:ffff:101::/64 dev p6p2  proto kernel  metric 256 
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev p6p1  proto kernel  metric 256 
fe80::/64 dev p6p2  proto kernel  metric 256 
fe80::/64 dev p7p1  proto kernel  metric 256 
[root@dhcp12-166 ~]# 






15:12:01

kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt  operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''

kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt  operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1


DEBUG : start kRemoteLogin
Connected

[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
       valid_lft 76362sec preferred_lft 76362sec
    inet6 fe80::222:19ff:fe30:20d5/64 scope link 
       valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
       valid_lft forever preferred_lft forever
    inet6 2001:db8:1:1::1234/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c668/64 scope link 
       valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
    inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c669/64 scope link 
       valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]# 
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
       valid_lft 76357sec preferred_lft 76357sec
    inet6 fe80::222:19ff:fe30:20d5/64 scope link 
       valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
       valid_lft forever preferred_lft forever
    inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c668/64 scope link 
       valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
    inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::215:17ff:fe3c:c669/64 scope link 
       valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN 
    link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]# 








cleaning up TN ...




15:12:24

ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")


net.inet6.ip6.forwarding: 1 -> 0




15:12:24

ikev2Local("/sbin/ifconfig -a")


em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 00:23:ae:7a:6e:cc
	inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 
	inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:58:fa
	inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa 
	inet6 3ffe:501:ffff:100::20 prefixlen 64 
	inet6 fe80::f%em1 prefixlen 64 scopeid 0xa 
	inet6 2001:db8:1:1::f prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:5d:d1
	inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb 
	inet6 3ffe:501:ffff:101::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 2001:db8:f:1::1 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>




15:12:24

ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete")





15:12:24

ikev2Local("/sbin/ifconfig lo1 down")





15:12:24

ikev2Local("/sbin/ifconfig lo1 destroy")





15:12:24

ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete")





15:12:24

ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete")





15:12:27

ikev2Local("/sbin/ifconfig -a")


em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 00:23:ae:7a:6e:cc
	inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 
	inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:58:fa
	inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa 
	inet6 3ffe:501:ffff:100::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
	ether 00:1b:21:1c:5d:d1
	inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb 
	inet6 3ffe:501:ffff:101::20 prefixlen 64 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>





FAIL






Packet Reverse Log