Code:
Jan 03 17:46:39: Allocating SPI for Phase 2.
Jan 03 17:46:39: SADB GETSPI type == "esp"
Jan 03 17:46:39: local XX.XX.XX.XX[0]
Jan 03 17:46:39: remote YY.YY.YY.YY[0]
Jan 03 17:46:39: PF_KEY request:
queueing sequence number 11, message type 1 (GETSPI),
SA type 3 (ESP)
Jan 03 17:46:39: PF_KEY transmit request:
posting sequence number 11, message type 1 (GETSPI),
SA type 3 (ESP)
Jan 03 17:46:39: Handling data on PF_KEY socket:
SADB msg: message type 1 (GETSPI), SA type 3 (ESP),
pid 8607, sequence number 11,
error code 0 (Error 0), diag code 0 (No diagnostic), length 10
Jan 03 17:46:39: SADB message reply handler:
got sequence number 11, message type 1 (GETSPI),
SA type 3 (ESP)
Jan 03 17:46:39: Allocating SPI for Phase 2.
Jan 03 17:46:39: Setting PFS for phase 2.
Jan 03 17:46:39: Looking for XX.XX.XX.XX[0] in IKE daemon context...
Jan 03 17:46:39: Starting Phase 2 negotiation...
Jan 03 17:46:39: Setting QM nonce data length to 32 bytes.
Jan 03 17:46:39: IKE library: Using default remote port for NAT-T, if active.
Jan 03 17:46:39: Processing quick mode notification.
Jan 03 17:46:39: Handling responder lifetime notification from YY.YY.YY.YY.
Jan 03 17:46:39: Peer (YY.YY.YY.YY) wants lifetime of 3600 secs, 0 kb for SPI: = 0x83058ff7
Jan 03 17:46:39: Current lifetime 28800 secs 134217728 kb
Jan 03 17:46:39: Current soft lifetime 24000 secs 120795955 kb
Jan 03 17:46:39: Checking lifetimes in "Responder Lifetime"
Jan 03 17:46:39: Using default value for p2 soft lifetime: 3240 seconds.
Jan 03 17:46:39: Using default value for p2 idle lifetime: 1800 seconds.
Jan 03 17:46:39: Using default value for p2 byte lifetime: 3774873600 kb
Jan 03 17:46:39: Using default value for p2 soft byte lifetime: 390909132 kb
Jan 03 17:46:39: Updated lifetime 3600 secs 3774873600 kb
Jan 03 17:46:39: Updated soft lifetime 3240 secs 390909132 kb
Jan 03 17:46:39: Updating esp SPI: 0x83058ff7 SA lifetime....
Jan 03 17:46:39: Looking for YY.YY.YY.YY[0] in IKE daemon context...
Jan 03 17:46:39: PF_KEY request:
queueing sequence number 12, message type 13 (X_UPDATEPAIR),
SA type 3 (ESP)
Jan 03 17:46:39: PF_KEY transmit request:
posting sequence number 12, message type 13 (X_UPDATEPAIR),
SA type 3 (ESP)
Jan 03 17:46:39: Marshalling: Transport Mode
Jan 03 17:46:39: Marshalling: Transport Mode
Jan 03 17:46:39: ISAKMP 28800, rule 28800, p1 cache 3600 sec
Jan 03 17:46:39: ISAKMP 0, rule 134217728, p1 cache 3774873600 kb
Jan 03 17:46:39: Checking lifetimes in "Outbound SA."
Jan 03 17:46:39: Using default value for p2 soft lifetime: 3240 seconds.
Jan 03 17:46:39: Using default value for p2 idle lifetime: 1800 seconds.
Jan 03 17:46:39: p2 byte lifetime too small.
Jan 03 17:46:39: Using default value for p2 byte lifetime: 3774873600 kb
Jan 03 17:46:39: Using default value for p2 soft byte lifetime: 390909132 kb
Jan 03 17:46:39: Adding Outbound P2 SA: XX.XX.XX.XX -> YY.YY.YY.YY, SPI = 0x83058ff7
Jan 03 17:46:39: Adding Inbound P2 SA: YY.YY.YY.YY -> XX.XX.XX.XX, SPI = 0x893aa2fa
Jan 03 17:46:39: SA Hard Lifetime = 3600 secs, Soft Lifetime = 3240 secs.
Jan 03 17:46:39: Lifetime = 3865470566400 Bytes, Soft Lifetime = 400290951168 Bytes
Jan 03 17:46:39: PF_KEY message contents:
Timestamp: Sun Jan 03 17:46:39 2010
Base message (version 2) type ADD, SA type ESP.
Message length 424 bytes, seq=4294957150, pid=8607.
KMC: Protocol 1, cookie="IPsec with PKI" (5)
SA: SADB_ASSOC spi=0x83058ff7, replay window size=32, state=MATURE
SA: Authentication algorithm = hmac-sha1
SA: Encryption algorithm = 3des-cbc
SA: flags=0x18000 < X_PAIRED X_OUTBOUND >
OTH: Paired with spi=0x893aa2fa
SRC: Source address (proto=0)
SRC: AF_INET: port 0, XX.XX.XX.XX.
DST: Destination address (proto=0)
DST: AF_INET: port 0, YY.YY.YY.YY.
EKY: Encryption key.
EKY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/192
AKY: Authentication key.
AKY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/160
SID: Source identity, uid=802928, type ASN.1 DER Distinguished Name
SID: C=DE, O=Company, OU=Company CA, OU=PKI, CN=Client
DID: Destination identity, uid=0, type user-FQDN (mbox)
DID: pki@company.com
LT: Lifetime information
SLT: Soft lifetime information: 400290951168 bytes of lifetime, 0 allocations.
SLT: 3240 seconds of post-add lifetime.
SLT: 0 seconds of post-use lifetime.
HLT: Hard lifetime information: 3865470566400 bytes of lifetime, 0 allocations.
HLT: 3600 seconds of post-add lifetime.
HLT: 0 seconds of post-use lifetime.
Jan 03 17:46:39: PF_KEY request:
queueing sequence number 4294957150, message type 3 (ADD),
SA type 3 (ESP)
Jan 03 17:46:39: Marshalling: Transport Mode
Jan 03 17:46:39: ISAKMP 28800, rule 28800, p1 cache 3600 sec
Jan 03 17:46:39: ISAKMP 0, rule 134217728, p1 cache 134217728 kb
Jan 03 17:46:39: Checking lifetimes in "Inbound SA."
Jan 03 17:46:39: Using default value for p2 soft lifetime: 3240 seconds.
Jan 03 17:46:39: Using default value for p2 idle lifetime: 1800 seconds.
Jan 03 17:46:39: p2 byte lifetime too small.
Jan 03 17:46:39: Using default value for p2 byte lifetime: 3774873600 kb
Jan 03 17:46:39: Using default value for p2 soft byte lifetime: 390909132 kb
Jan 03 17:46:39: Adding Inbound P2 SA: YY.YY.YY.YY -> XX.XX.XX.XX, SPI = 0x893aa2fa
Jan 03 17:46:39: Adding Outbound P2 SA: XX.XX.XX.XX -> YY.YY.YY.YY, SPI = 0x83058ff7
Jan 03 17:46:39: SA Hard Lifetime = 3600 secs, Soft Lifetime = 3240 secs.
Jan 03 17:46:39: Lifetime = 3865470566400 Bytes, Soft Lifetime = 400290951168 Bytes
Jan 03 17:46:39: Incoming SA: PF_KEY lifetime 3600 secs, ISAKMP lifetime 28800 secs.
Jan 03 17:46:39: Adding Incoming P2 SA: YY.YY.YY.YY -> XX.XX.XX.XX, SPI = 0x893aa2fa, Lifetime = 3600 secs.
Jan 03 17:46:39: PF_KEY message contents:
Timestamp: Sun Jan 03 17:46:39 2010
Base message (version 2) type UPDATE, SA type ESP.
Message length 416 bytes, seq=4294957150, pid=8607.
KMC: Protocol 1, cookie="IPsec with PKI" (5)
SA: SADB_ASSOC spi=0x893aa2fa, replay window size=32, state=MATURE
SA: Authentication algorithm = hmac-sha1
SA: Encryption algorithm = 3des-cbc
SA: flags=0x4000 < X_INBOUND >
SRC: Source address (proto=0)
SRC: AF_INET: port 0, YY.YY.YY.YY.
DST: Destination address (proto=0)
DST: AF_INET: port 0, XX.XX.XX.XX.
EKY: Encryption key.
EKY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/192
AKY: Authentication key.
AKY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/160
DID: Destination identity, uid=1324236844, type ASN.1 DER Distinguished Name
DID: C=DE, O=Company, OU=Company CA, OU=PKI, CN=Client
SID: Source identity, uid=1327212332, type user-FQDN (mbox)
SID: pki@company.com
LT: Lifetime information
SLT: Soft lifetime information: 400290951168 bytes of lifetime, 0 allocations.
SLT: 3240 seconds of post-add lifetime.
SLT: 0 seconds of post-use lifetime.
HLT: Hard lifetime information: 3865470566400 bytes of lifetime, 0 allocations.
HLT: 3600 seconds of post-add lifetime.
HLT: 0 seconds of post-use lifetime.
Jan 03 17:46:39: PF_KEY request:
queueing sequence number 4294957150, message type 2 (UPDATE),
SA type 3 (ESP)
Jan 03 17:46:39: Quick Mode negotiation completed.
Jan 03 17:46:39: Handling data on PF_KEY socket:
SADB msg: message type 13 (X_UPDATEPAIR), SA type 3 (ESP),
pid 8607, sequence number 12,
error code 3 (No such process), diag code 78 (Security association not found), length 2
Jan 03 17:46:39: SADB message reply handler:
got sequence number 12, message type 13 (X_UPDATEPAIR),
SA type 3 (ESP)
Jan 03 17:46:39: PF_KEY transmit request:
posting sequence number 4294957150, message type 3 (ADD),
SA type 3 (ESP)
Jan 03 17:46:39: PF_KEY UPDATE error: No such process; Diagnostic Security association not found.
Jan 03 17:46:39: Handling data on PF_KEY socket:
SADB msg: message type 3 (ADD), SA type 3 (ESP),
pid 8607, sequence number 4294957150,
error code 0 (Error 0), diag code 0 (No diagnostic), length 45
Jan 03 17:46:39: SADB message reply handler:
got sequence number 4294957150, message type 3 (ADD),
SA type 3 (ESP)
Jan 03 17:46:39: PF_KEY transmit request:
posting sequence number 4294957150, message type 2 (UPDATE),
SA type 3 (ESP)
Jan 03 17:46:39: Handling data on PF_KEY socket:
SADB msg: message type 2 (UPDATE), SA type 3 (ESP),
pid 8607, sequence number 4294957150,
error code 0 (Error 0), diag code 0 (No diagnostic), length 44
Jan 03 17:46:39: SADB message reply handler:
got sequence number 4294957150, message type 2 (UPDATE),
SA type 3 (ESP)