Aug 26 13:08:26.591973: FIPS Product: YES Aug 26 13:08:26.592104: FIPS Kernel: NO Aug 26 13:08:26.592109: FIPS Mode: NO Aug 26 13:08:26.592111: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:08:26.592294: Initializing NSS Aug 26 13:08:26.592306: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:08:26.638207: NSS initialized Aug 26 13:08:26.638218: NSS crypto library initialized Aug 26 13:08:26.638221: FIPS HMAC integrity support [enabled] Aug 26 13:08:26.638223: FIPS mode disabled for pluto daemon Aug 26 13:08:26.701349: FIPS HMAC integrity verification self-test FAILED Aug 26 13:08:26.701456: libcap-ng support [enabled] Aug 26 13:08:26.701467: Linux audit support [enabled] Aug 26 13:08:26.701491: Linux audit activated Aug 26 13:08:26.701495: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:3249 Aug 26 13:08:26.701498: core dump dir: /tmp Aug 26 13:08:26.701500: secrets file: /etc/ipsec.secrets Aug 26 13:08:26.701502: leak-detective enabled Aug 26 13:08:26.701505: NSS crypto [enabled] Aug 26 13:08:26.701507: XAUTH PAM support [enabled] Aug 26 13:08:26.701578: | libevent is using pluto's memory allocator Aug 26 13:08:26.701585: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:08:26.701601: | libevent_malloc: new ptr-libevent@0x55fa6b13df78 size 40 Aug 26 13:08:26.701610: | libevent_malloc: new ptr-libevent@0x55fa6b138cd8 size 40 Aug 26 13:08:26.701614: | libevent_malloc: new ptr-libevent@0x55fa6b138dd8 size 40 Aug 26 13:08:26.701617: | creating event base Aug 26 13:08:26.701620: | libevent_malloc: new ptr-libevent@0x55fa6b1bd4c8 size 56 Aug 26 13:08:26.701624: | libevent_malloc: new ptr-libevent@0x55fa6b161c88 size 664 Aug 26 13:08:26.701636: | libevent_malloc: new ptr-libevent@0x55fa6b1bd538 size 24 Aug 26 13:08:26.701640: | libevent_malloc: new ptr-libevent@0x55fa6b1bd588 size 384 Aug 26 13:08:26.701652: | libevent_malloc: new ptr-libevent@0x55fa6b1bd488 size 16 Aug 26 13:08:26.701655: | libevent_malloc: new ptr-libevent@0x55fa6b138908 size 40 Aug 26 13:08:26.701658: | libevent_malloc: new ptr-libevent@0x55fa6b138d38 size 48 Aug 26 13:08:26.701664: | libevent_realloc: new ptr-libevent@0x55fa6b161918 size 256 Aug 26 13:08:26.701667: | libevent_malloc: new ptr-libevent@0x55fa6b1bd738 size 16 Aug 26 13:08:26.701673: | libevent_free: release ptr-libevent@0x55fa6b1bd4c8 Aug 26 13:08:26.701677: | libevent initialized Aug 26 13:08:26.701681: | libevent_realloc: new ptr-libevent@0x55fa6b1bd4c8 size 64 Aug 26 13:08:26.701685: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:08:26.701699: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:08:26.701702: NAT-Traversal support [enabled] Aug 26 13:08:26.701705: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:08:26.701711: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:08:26.701714: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:08:26.701748: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:08:26.701752: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:08:26.701755: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:08:26.701805: Encryption algorithms: Aug 26 13:08:26.701814: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:08:26.701819: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:08:26.701823: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:08:26.701827: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:08:26.701830: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:08:26.701841: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:08:26.701845: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:08:26.701849: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:08:26.701853: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:08:26.701857: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:08:26.701861: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:08:26.701865: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:08:26.701869: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:08:26.701873: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:08:26.701877: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:08:26.701880: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:08:26.701884: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:08:26.701891: Hash algorithms: Aug 26 13:08:26.701894: MD5 IKEv1: IKE IKEv2: Aug 26 13:08:26.701897: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:08:26.701901: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:08:26.701904: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:08:26.701907: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:08:26.701921: PRF algorithms: Aug 26 13:08:26.701924: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:08:26.701928: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:08:26.701931: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:08:26.701935: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:08:26.701939: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:08:26.701942: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:08:26.701969: Integrity algorithms: Aug 26 13:08:26.701973: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:08:26.701977: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:08:26.701982: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:08:26.701986: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:08:26.701990: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:08:26.701993: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:08:26.701997: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:08:26.702000: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:08:26.702004: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:08:26.702017: DH algorithms: Aug 26 13:08:26.702020: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:08:26.702023: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:08:26.702027: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:08:26.702032: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:08:26.702035: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:08:26.702038: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:08:26.702041: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:08:26.702045: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:08:26.702048: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:08:26.702052: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:08:26.702055: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:08:26.702058: testing CAMELLIA_CBC: Aug 26 13:08:26.702061: Camellia: 16 bytes with 128-bit key Aug 26 13:08:26.703255: Camellia: 16 bytes with 128-bit key Aug 26 13:08:26.703286: Camellia: 16 bytes with 256-bit key Aug 26 13:08:26.703345: Camellia: 16 bytes with 256-bit key Aug 26 13:08:26.703376: testing AES_GCM_16: Aug 26 13:08:26.703379: empty string Aug 26 13:08:26.703411: one block Aug 26 13:08:26.703437: two blocks Aug 26 13:08:26.703463: two blocks with associated data Aug 26 13:08:26.703490: testing AES_CTR: Aug 26 13:08:26.703493: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:08:26.703521: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:08:26.703549: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:08:26.703578: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:08:26.703605: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:08:26.703632: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:08:26.703661: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:08:26.703687: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:08:26.703718: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:08:26.703746: testing AES_CBC: Aug 26 13:08:26.703749: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:08:26.703776: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:08:26.703806: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:08:26.703836: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:08:26.705361: testing AES_XCBC: Aug 26 13:08:26.705376: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:08:26.705513: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:08:26.705648: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:08:26.705773: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:08:26.705901: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:08:26.706030: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:08:26.706162: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:08:26.706466: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:08:26.706599: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:08:26.706739: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:08:26.706977: testing HMAC_MD5: Aug 26 13:08:26.706981: RFC 2104: MD5_HMAC test 1 Aug 26 13:08:26.707158: RFC 2104: MD5_HMAC test 2 Aug 26 13:08:26.707318: RFC 2104: MD5_HMAC test 3 Aug 26 13:08:26.707524: 8 CPU cores online Aug 26 13:08:26.707529: starting up 7 crypto helpers Aug 26 13:08:26.707565: started thread for crypto helper 0 Aug 26 13:08:26.707683: started thread for crypto helper 1 Aug 26 13:08:26.707690: | starting up helper thread 1 Aug 26 13:08:26.707702: started thread for crypto helper 2 Aug 26 13:08:26.707710: | starting up helper thread 0 Aug 26 13:08:26.707745: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:08:26.707753: | crypto helper 0 waiting (nothing to do) Aug 26 13:08:26.707714: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:08:26.708135: | crypto helper 1 waiting (nothing to do) Aug 26 13:08:26.707735: started thread for crypto helper 3 Aug 26 13:08:26.708303: | starting up helper thread 2 Aug 26 13:08:26.708693: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:08:26.708697: | crypto helper 2 waiting (nothing to do) Aug 26 13:08:26.709624: started thread for crypto helper 4 Aug 26 13:08:26.709654: started thread for crypto helper 5 Aug 26 13:08:26.709671: started thread for crypto helper 6 Aug 26 13:08:26.709676: | checking IKEv1 state table Aug 26 13:08:26.709684: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709687: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:08:26.709690: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709693: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:08:26.709696: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:08:26.709698: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:08:26.709701: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:26.709703: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:26.709706: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:08:26.709709: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:08:26.709711: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:26.709714: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:26.709717: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:08:26.709719: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:26.709722: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:26.709724: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:08:26.709727: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:08:26.709730: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:26.709732: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:26.709735: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:08:26.709738: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:08:26.709740: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709743: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:08:26.709746: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709748: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709751: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:08:26.709754: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709757: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:08:26.709759: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:08:26.709762: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:08:26.709765: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:08:26.709767: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:08:26.709770: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:08:26.709773: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709776: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:08:26.709778: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709781: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:08:26.709784: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:08:26.709787: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:08:26.709789: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:08:26.709792: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:08:26.709795: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:08:26.709798: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:08:26.709800: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709803: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:08:26.709806: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709809: | INFO: category: informational flags: 0: Aug 26 13:08:26.709811: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709814: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:08:26.709816: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709819: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:08:26.709831: | -> XAUTH_R1 EVENT_NULL Aug 26 13:08:26.709834: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:08:26.709837: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:26.709840: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:08:26.709842: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:08:26.709845: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:08:26.709848: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:08:26.709851: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:08:26.709853: | -> UNDEFINED EVENT_NULL Aug 26 13:08:26.709856: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:08:26.709859: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:26.709862: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:08:26.709864: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:08:26.709867: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:08:26.709870: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:08:26.709876: | checking IKEv2 state table Aug 26 13:08:26.709882: | PARENT_I0: category: ignore flags: 0: Aug 26 13:08:26.709886: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:08:26.709889: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709892: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:08:26.709895: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:08:26.709898: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:08:26.709901: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:08:26.709904: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:08:26.709907: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:08:26.709910: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:08:26.709912: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:08:26.709915: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:08:26.709918: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:08:26.709921: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:08:26.709924: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:08:26.709926: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:08:26.709930: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709932: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:08:26.709935: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:08:26.709938: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:08:26.709941: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:08:26.709944: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:08:26.709947: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:08:26.709950: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:08:26.709953: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:08:26.709956: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:08:26.709959: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:08:26.709962: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:08:26.709965: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:08:26.709967: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:08:26.709971: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:08:26.709973: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:08:26.709979: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:08:26.709982: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:08:26.709985: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:08:26.709988: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:08:26.709991: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:08:26.709994: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:08:26.709997: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:08:26.710000: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:08:26.710003: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:08:26.710006: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:08:26.710009: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:08:26.710012: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:08:26.710015: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:08:26.710018: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:08:26.710021: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:08:26.710040: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:08:26.710101: | Hard-wiring algorithms Aug 26 13:08:26.710105: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:08:26.710110: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:08:26.710112: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:08:26.710115: | adding 3DES_CBC to kernel algorithm db Aug 26 13:08:26.710118: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:08:26.710121: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:08:26.710124: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:08:26.710126: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:08:26.710129: | adding AES_CTR to kernel algorithm db Aug 26 13:08:26.710132: | adding AES_CBC to kernel algorithm db Aug 26 13:08:26.710135: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:08:26.710137: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:08:26.710140: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:08:26.710143: | adding NULL to kernel algorithm db Aug 26 13:08:26.710146: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:08:26.710149: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:08:26.710152: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:08:26.710154: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:08:26.710157: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:08:26.710160: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:08:26.710163: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:08:26.710165: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:08:26.710168: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:08:26.710170: | adding NONE to kernel algorithm db Aug 26 13:08:26.710199: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:08:26.710206: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:08:26.710209: | setup kernel fd callback Aug 26 13:08:26.710212: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55fa6b1c2198 Aug 26 13:08:26.710217: | libevent_malloc: new ptr-libevent@0x55fa6b1a6688 size 128 Aug 26 13:08:26.710221: | libevent_malloc: new ptr-libevent@0x55fa6b1c22a8 size 16 Aug 26 13:08:26.710228: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55fa6b1c2cd8 Aug 26 13:08:26.710232: | libevent_malloc: new ptr-libevent@0x55fa6b162078 size 128 Aug 26 13:08:26.710235: | libevent_malloc: new ptr-libevent@0x55fa6b1c2c98 size 16 Aug 26 13:08:26.710497: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:08:26.710508: selinux support is enabled. Aug 26 13:08:26.710746: | unbound context created - setting debug level to 5 Aug 26 13:08:26.710778: | /etc/hosts lookups activated Aug 26 13:08:26.710791: | /etc/resolv.conf usage activated Aug 26 13:08:26.710855: | outgoing-port-avoid set 0-65535 Aug 26 13:08:26.710885: | outgoing-port-permit set 32768-60999 Aug 26 13:08:26.710888: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:08:26.710891: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:08:26.710895: | Setting up events, loop start Aug 26 13:08:26.710898: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55fa6b1c2d48 Aug 26 13:08:26.710901: | libevent_malloc: new ptr-libevent@0x55fa6b1cef58 size 128 Aug 26 13:08:26.710905: | libevent_malloc: new ptr-libevent@0x55fa6b1da228 size 16 Aug 26 13:08:26.710911: | libevent_realloc: new ptr-libevent@0x55fa6b1da268 size 256 Aug 26 13:08:26.710914: | libevent_malloc: new ptr-libevent@0x55fa6b1da398 size 8 Aug 26 13:08:26.710918: | libevent_realloc: new ptr-libevent@0x55fa6b1645b8 size 144 Aug 26 13:08:26.710921: | libevent_malloc: new ptr-libevent@0x55fa6b16d588 size 152 Aug 26 13:08:26.710924: | libevent_malloc: new ptr-libevent@0x55fa6b1da3d8 size 16 Aug 26 13:08:26.710929: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:08:26.710932: | libevent_malloc: new ptr-libevent@0x55fa6b1da418 size 8 Aug 26 13:08:26.710937: | libevent_malloc: new ptr-libevent@0x55fa6b165418 size 152 Aug 26 13:08:26.710940: | signal event handler PLUTO_SIGTERM installed Aug 26 13:08:26.710943: | libevent_malloc: new ptr-libevent@0x55fa6b1da458 size 8 Aug 26 13:08:26.710946: | libevent_malloc: new ptr-libevent@0x55fa6b1da498 size 152 Aug 26 13:08:26.710949: | signal event handler PLUTO_SIGHUP installed Aug 26 13:08:26.710952: | libevent_malloc: new ptr-libevent@0x55fa6b1da568 size 8 Aug 26 13:08:26.710955: | libevent_realloc: release ptr-libevent@0x55fa6b1645b8 Aug 26 13:08:26.710958: | libevent_realloc: new ptr-libevent@0x55fa6b1da5a8 size 256 Aug 26 13:08:26.710961: | libevent_malloc: new ptr-libevent@0x55fa6b1da6d8 size 152 Aug 26 13:08:26.710965: | signal event handler PLUTO_SIGSYS installed Aug 26 13:08:26.711329: | created addconn helper (pid:3479) using fork+execve Aug 26 13:08:26.711364: | forked child 3479 Aug 26 13:08:26.711417: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:26.711438: listening for IKE messages Aug 26 13:08:26.711481: | Inspecting interface lo Aug 26 13:08:26.711489: | found lo with address 127.0.0.1 Aug 26 13:08:26.711493: | Inspecting interface eth0 Aug 26 13:08:26.711498: | found eth0 with address 192.0.2.254 Aug 26 13:08:26.711504: | Inspecting interface eth1 Aug 26 13:08:26.711509: | found eth1 with address 192.1.2.23 Aug 26 13:08:26.711641: Kernel supports NIC esp-hw-offload Aug 26 13:08:26.711654: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:08:26.711351: | starting up helper thread 3 Aug 26 13:08:26.711941: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:08:26.711950: | crypto helper 3 waiting (nothing to do) Aug 26 13:08:26.712035: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:26.712043: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:26.712048: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:08:26.712080: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:08:26.712100: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:26.712105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:26.712109: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:08:26.712132: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:08:26.712152: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:26.712156: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:26.712160: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:08:26.712225: | no interfaces to sort Aug 26 13:08:26.712230: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:08:26.712240: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1daba8 Aug 26 13:08:26.712243: | libevent_malloc: new ptr-libevent@0x55fa6b1ceea8 size 128 Aug 26 13:08:26.712247: | libevent_malloc: new ptr-libevent@0x55fa6b1dac18 size 16 Aug 26 13:08:26.712255: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:08:26.712258: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dac58 Aug 26 13:08:26.712263: | libevent_malloc: new ptr-libevent@0x55fa6b1633c8 size 128 Aug 26 13:08:26.712266: | libevent_malloc: new ptr-libevent@0x55fa6b1dacc8 size 16 Aug 26 13:08:26.712271: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:08:26.712274: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dad08 Aug 26 13:08:26.712280: | libevent_malloc: new ptr-libevent@0x55fa6b1644b8 size 128 Aug 26 13:08:26.712283: | libevent_malloc: new ptr-libevent@0x55fa6b1dad78 size 16 Aug 26 13:08:26.712294: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:08:26.712302: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dadb8 Aug 26 13:08:26.712309: | libevent_malloc: new ptr-libevent@0x55fa6b165348 size 128 Aug 26 13:08:26.712312: | libevent_malloc: new ptr-libevent@0x55fa6b1dae28 size 16 Aug 26 13:08:26.712318: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:08:26.712321: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dae68 Aug 26 13:08:26.712327: | libevent_malloc: new ptr-libevent@0x55fa6b1394e8 size 128 Aug 26 13:08:26.712330: | libevent_malloc: new ptr-libevent@0x55fa6b1daed8 size 16 Aug 26 13:08:26.712335: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:08:26.712338: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1daf18 Aug 26 13:08:26.712341: | libevent_malloc: new ptr-libevent@0x55fa6b1391d8 size 128 Aug 26 13:08:26.712344: | libevent_malloc: new ptr-libevent@0x55fa6b1daf88 size 16 Aug 26 13:08:26.712348: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:08:26.712354: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:08:26.712357: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:08:26.712382: loading secrets from "/etc/ipsec.secrets" Aug 26 13:08:26.712394: | id type added to secret(0x55fa6b134b58) PKK_PSK: @east Aug 26 13:08:26.712398: | id type added to secret(0x55fa6b134b58) PKK_PSK: @west Aug 26 13:08:26.712403: | Processing PSK at line 1: passed Aug 26 13:08:26.712406: | certs and keys locked by 'process_secret' Aug 26 13:08:26.712408: | certs and keys unlocked by 'process_secret' Aug 26 13:08:26.712419: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:26.712427: | spent 0.667 milliseconds in whack Aug 26 13:08:26.712442: | starting up helper thread 6 Aug 26 13:08:26.712448: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:08:26.712451: | crypto helper 6 waiting (nothing to do) Aug 26 13:08:26.712462: | starting up helper thread 5 Aug 26 13:08:26.712467: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:08:26.712470: | crypto helper 5 waiting (nothing to do) Aug 26 13:08:26.712480: | starting up helper thread 4 Aug 26 13:08:26.712485: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:08:26.712488: | crypto helper 4 waiting (nothing to do) Aug 26 13:08:26.760865: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:26.760892: listening for IKE messages Aug 26 13:08:26.760924: | Inspecting interface lo Aug 26 13:08:26.760931: | found lo with address 127.0.0.1 Aug 26 13:08:26.760934: | Inspecting interface eth0 Aug 26 13:08:26.760939: | found eth0 with address 192.0.2.254 Aug 26 13:08:26.760941: | Inspecting interface eth1 Aug 26 13:08:26.760945: | found eth1 with address 192.1.2.23 Aug 26 13:08:26.760995: | no interfaces to sort Aug 26 13:08:26.761009: | libevent_free: release ptr-libevent@0x55fa6b1ceea8 Aug 26 13:08:26.761013: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1daba8 Aug 26 13:08:26.761016: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1daba8 Aug 26 13:08:26.761020: | libevent_malloc: new ptr-libevent@0x55fa6b1ceea8 size 128 Aug 26 13:08:26.761027: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:08:26.761032: | libevent_free: release ptr-libevent@0x55fa6b1633c8 Aug 26 13:08:26.761035: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dac58 Aug 26 13:08:26.761037: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dac58 Aug 26 13:08:26.761040: | libevent_malloc: new ptr-libevent@0x55fa6b1633c8 size 128 Aug 26 13:08:26.761045: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:08:26.761049: | libevent_free: release ptr-libevent@0x55fa6b1644b8 Aug 26 13:08:26.761052: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dad08 Aug 26 13:08:26.761055: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dad08 Aug 26 13:08:26.761058: | libevent_malloc: new ptr-libevent@0x55fa6b1644b8 size 128 Aug 26 13:08:26.761063: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:08:26.761067: | libevent_free: release ptr-libevent@0x55fa6b165348 Aug 26 13:08:26.761069: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dadb8 Aug 26 13:08:26.761072: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dadb8 Aug 26 13:08:26.761075: | libevent_malloc: new ptr-libevent@0x55fa6b165348 size 128 Aug 26 13:08:26.761080: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:08:26.761083: | libevent_free: release ptr-libevent@0x55fa6b1394e8 Aug 26 13:08:26.761086: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dae68 Aug 26 13:08:26.761089: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1dae68 Aug 26 13:08:26.761092: | libevent_malloc: new ptr-libevent@0x55fa6b1394e8 size 128 Aug 26 13:08:26.761097: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:08:26.761101: | libevent_free: release ptr-libevent@0x55fa6b1391d8 Aug 26 13:08:26.761103: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1daf18 Aug 26 13:08:26.761106: | add_fd_read_event_handler: new ethX-pe@0x55fa6b1daf18 Aug 26 13:08:26.761109: | libevent_malloc: new ptr-libevent@0x55fa6b1391d8 size 128 Aug 26 13:08:26.761114: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:08:26.761118: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:08:26.761120: forgetting secrets Aug 26 13:08:26.761126: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:08:26.761139: loading secrets from "/etc/ipsec.secrets" Aug 26 13:08:26.761146: | id type added to secret(0x55fa6b134b58) PKK_PSK: @east Aug 26 13:08:26.761149: | id type added to secret(0x55fa6b134b58) PKK_PSK: @west Aug 26 13:08:26.761154: | Processing PSK at line 1: passed Aug 26 13:08:26.761156: | certs and keys locked by 'process_secret' Aug 26 13:08:26.761159: | certs and keys unlocked by 'process_secret' Aug 26 13:08:26.761166: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:26.761173: | spent 0.31 milliseconds in whack Aug 26 13:08:26.761952: | processing signal PLUTO_SIGCHLD Aug 26 13:08:26.761972: | waitpid returned pid 3479 (exited with status 0) Aug 26 13:08:26.761977: | reaped addconn helper child (status 0) Aug 26 13:08:26.761982: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:26.761987: | spent 0.0189 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:26.806502: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:26.806533: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:26.806539: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:08:26.806542: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:26.806545: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:08:26.806549: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:26.806557: | Added new connection westnet-eastnet with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:08:26.806565: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:08:26.806571: | counting wild cards for @west is 0 Aug 26 13:08:26.806575: | counting wild cards for @east is 0 Aug 26 13:08:26.806587: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 13:08:26.806591: | new hp@0x55fa6b1dbe38 Aug 26 13:08:26.806595: added connection description "westnet-eastnet" Aug 26 13:08:26.806603: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:08:26.806615: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 13:08:26.806622: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:26.806630: | spent 0.131 milliseconds in whack Aug 26 13:08:26.806689: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:26.806704: add keyid @west Aug 26 13:08:26.806708: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Aug 26 13:08:26.806711: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Aug 26 13:08:26.806714: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Aug 26 13:08:26.806717: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Aug 26 13:08:26.806719: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Aug 26 13:08:26.806722: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Aug 26 13:08:26.806724: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Aug 26 13:08:26.806727: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Aug 26 13:08:26.806730: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Aug 26 13:08:26.806732: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Aug 26 13:08:26.806735: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Aug 26 13:08:26.806737: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Aug 26 13:08:26.806740: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Aug 26 13:08:26.806743: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Aug 26 13:08:26.806745: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Aug 26 13:08:26.806748: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Aug 26 13:08:26.806750: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Aug 26 13:08:26.806753: | add pubkey 15 04 37 f9 Aug 26 13:08:26.806791: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Aug 26 13:08:26.806795: | computed rsa CKAID 7f 0f 03 50 Aug 26 13:08:26.806805: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:26.806810: | spent 0.12 milliseconds in whack Aug 26 13:08:26.806850: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:26.806864: add keyid @east Aug 26 13:08:26.806868: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:08:26.806871: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:08:26.806874: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:08:26.806876: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:08:26.806879: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:08:26.806881: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:08:26.806884: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:08:26.806887: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:08:26.806889: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:08:26.806892: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:08:26.806894: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:08:26.806901: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:08:26.806904: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:08:26.806906: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:08:26.806909: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:08:26.806912: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:08:26.806914: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:08:26.806917: | add pubkey 51 51 48 ef Aug 26 13:08:26.806927: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:08:26.806930: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:08:26.806938: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:26.806943: | spent 0.0921 milliseconds in whack Aug 26 13:08:27.526991: | spent 0.00325 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:27.527029: | *received 88 bytes from 192.1.2.45:51854 on eth1 (192.1.2.23:500) Aug 26 13:08:27.527037: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Aug 26 13:08:27.527040: | 01 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Aug 26 13:08:27.527043: | 00 00 00 01 ff ff ff ff 00 00 00 00 01 01 00 01 Aug 26 13:08:27.527045: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Aug 26 13:08:27.527048: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Aug 26 13:08:27.527051: | 80 02 00 02 80 04 00 05 Aug 26 13:08:27.527060: | start processing: from 192.1.2.45:51854 (in process_md() at demux.c:378) Aug 26 13:08:27.527065: | **parse ISAKMP Message: Aug 26 13:08:27.527068: | initiator cookie: Aug 26 13:08:27.527071: | b9 ce 3e ef c8 b6 61 dd Aug 26 13:08:27.527074: | responder cookie: Aug 26 13:08:27.527077: | 00 00 00 00 00 00 00 00 Aug 26 13:08:27.527080: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:08:27.527084: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:08:27.527087: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:08:27.527090: | flags: none (0x0) Aug 26 13:08:27.527093: | Message ID: 0 (0x0) Aug 26 13:08:27.527096: | length: 88 (0x58) Aug 26 13:08:27.527099: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:08:27.527108: | State DB: IKEv1 state not found (find_state_ikev1_init) Aug 26 13:08:27.527112: | #null state always idle Aug 26 13:08:27.527116: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Aug 26 13:08:27.527120: | ***parse ISAKMP Security Association Payload: Aug 26 13:08:27.527123: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:27.527126: | length: 60 (0x3c) Aug 26 13:08:27.527129: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:08:27.527132: | message 'main_inI1_outR1' HASH payload not checked early Aug 26 13:08:27.527135: | in statetime_start() with no state Aug 26 13:08:27.527142: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:51854 policy=IKEV1_ALLOW but ignoring ports Aug 26 13:08:27.527148: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:08:27.527152: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 13:08:27.527156: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet) Aug 26 13:08:27.527159: | find_next_host_connection returns westnet-eastnet Aug 26 13:08:27.527162: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 13:08:27.527165: | find_next_host_connection returns empty Aug 26 13:08:27.527196: | creating state object #1 at 0x55fa6b1ddcb8 Aug 26 13:08:27.527200: | State DB: adding IKEv1 state #1 in UNDEFINED Aug 26 13:08:27.527210: | pstats #1 ikev1.isakmp started Aug 26 13:08:27.527215: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:08:27.527223: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in main_inI1_outR1() at ikev1_main.c:667) Aug 26 13:08:27.527234: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Aug 26 13:08:27.527238: | sender checking NAT-T: enabled; VID 0 Aug 26 13:08:27.527242: "westnet-eastnet" #1: responding to Main Mode Aug 26 13:08:27.527272: | **emit ISAKMP Message: Aug 26 13:08:27.527275: | initiator cookie: Aug 26 13:08:27.527278: | b9 ce 3e ef c8 b6 61 dd Aug 26 13:08:27.527281: | responder cookie: Aug 26 13:08:27.527283: | e6 b3 33 2f 2e 94 d6 ca Aug 26 13:08:27.527285: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:08:27.527304: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:08:27.527312: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:08:27.527315: | flags: none (0x0) Aug 26 13:08:27.527317: | Message ID: 0 (0x0) Aug 26 13:08:27.527320: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:27.527324: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 13:08:27.527327: | ***emit ISAKMP Security Association Payload: Aug 26 13:08:27.527330: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:08:27.527332: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:08:27.527335: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:08:27.527339: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:08:27.527342: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:08:27.527352: "westnet-eastnet" #1: bitset IPsec DOI SIT of IPsec DOI SIT has unknown member(s): SIT_IDENTITY_ONLY+SIT_SECRECY+SIT_INTEGRITY+0x8+0x10+0x20+0x40+0x80+0x100+0x200+0x400+0x800+0x1000+0x2000+0x4000+0x8000+0x10000+0x20000+0x40000+0x80000+0x100000+0x200000+0x400000+0x800000+0x1000000+0x2000000+0x4000000+0x8000000+0x10000000+0x20000000+0x40000000+0x80000000 (0xffffffff) Aug 26 13:08:27.527357: | complete v1 state transition with SITUATION_NOT_SUPPORTED Aug 26 13:08:27.527363: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:08:27.527365: | #1 is idle Aug 26 13:08:27.527892: "westnet-eastnet" #1: sending notification SITUATION_NOT_SUPPORTED to 192.1.2.45:51854 Aug 26 13:08:27.527901: | **emit ISAKMP Message: Aug 26 13:08:27.527905: | initiator cookie: Aug 26 13:08:27.527908: | b9 ce 3e ef c8 b6 61 dd Aug 26 13:08:27.527911: | responder cookie: Aug 26 13:08:27.527913: | e6 b3 33 2f 2e 94 d6 ca Aug 26 13:08:27.527916: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:27.527920: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:08:27.527923: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:08:27.527926: | flags: none (0x0) Aug 26 13:08:27.527928: | Message ID: 0 (0x0) Aug 26 13:08:27.527931: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:27.527934: | ***emit ISAKMP Notification Payload: Aug 26 13:08:27.527938: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:27.527940: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:08:27.527943: | protocol ID: 1 (0x1) Aug 26 13:08:27.527945: | SPI size: 0 (0x0) Aug 26 13:08:27.527948: | Notify Message Type: SITUATION_NOT_SUPPORTED (0x3) Aug 26 13:08:27.527951: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:08:27.527955: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' Aug 26 13:08:27.527958: | emitting length of ISAKMP Notification Payload: 12 Aug 26 13:08:27.527961: | emitting length of ISAKMP Message: 40 Aug 26 13:08:27.527968: | sending 40 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:51854 (using #1) Aug 26 13:08:27.527977: | b9 ce 3e ef c8 b6 61 dd e6 b3 33 2f 2e 94 d6 ca Aug 26 13:08:27.527980: | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c Aug 26 13:08:27.527983: | 00 00 00 01 01 00 00 03 Aug 26 13:08:27.528039: | state transition function for STATE_MAIN_R0 failed: SITUATION_NOT_SUPPORTED Aug 26 13:08:27.528047: | stop processing: from 192.1.2.45:51854 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:08:27.528054: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in process_md() at demux.c:382) Aug 26 13:08:27.528057: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:27.528064: | spent 1 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:27.528078: | **parse ISAKMP Message (raw): Aug 26 13:08:27.528082: | initiator cookie: Aug 26 13:08:27.528085: | b9 ce 3e ef c8 b6 61 dd Aug 26 13:08:27.528088: | responder cookie: Aug 26 13:08:27.528090: | e6 b3 33 2f 2e 94 d6 ca Aug 26 13:08:27.528093: | next payload type: 11 (0xb) Aug 26 13:08:27.528096: | ISAKMP version: 16 (0x10) Aug 26 13:08:27.528099: | exchange type: 5 (0x5) Aug 26 13:08:27.528102: | flags: 0 (0x0) Aug 26 13:08:27.528105: | Message ID: 0 (0x0) Aug 26 13:08:27.528107: | length: 40 (0x28) Aug 26 13:08:27.528110: | State DB: found IKEv1 state #1 in MAIN_R0 (find_likely_sender) Aug 26 13:08:27.528113: | MSG_ERRQUEUE packet matches IKEv1 SA #1 Aug 26 13:08:27.528116: | rejected packet: Aug 26 13:08:27.528119: | b9 ce 3e ef c8 b6 61 dd e6 b3 33 2f 2e 94 d6 ca Aug 26 13:08:27.528122: | 0b 10 05 00 00 00 00 00 00 00 00 28 00 00 00 0c Aug 26 13:08:27.528124: | 00 00 00 01 01 00 00 03 Aug 26 13:08:27.528127: | control: Aug 26 13:08:27.528130: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 Aug 26 13:08:27.528132: | b2 3d 00 00 00 00 00 00 c0 01 02 17 fa 55 00 00 Aug 26 13:08:27.528135: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Aug 26 13:08:27.528137: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Aug 26 13:08:27.528140: | 02 00 00 00 c0 01 02 2d 00 00 00 00 00 00 00 00 Aug 26 13:08:27.528143: | name: Aug 26 13:08:27.528145: | 02 00 ca 8e c0 01 02 2d 00 00 00 00 00 00 00 00 Aug 26 13:08:27.528155: "westnet-eastnet" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500) for message to 192.1.2.45 port 51854, complainant 192.1.2.45: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Aug 26 13:08:27.528163: | spent 0.0866 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:27.528174: | *received 88 bytes from 192.1.2.45:35807 on eth1 (192.1.2.23:500) Aug 26 13:08:27.528178: | b9 ce 3e ef c8 b6 61 dd 00 00 00 00 00 00 00 00 Aug 26 13:08:27.528180: | 0f 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c Aug 26 13:08:27.528183: | 00 00 00 01 00 00 00 01 00 00 00 30 01 01 00 01 Aug 26 13:08:27.528185: | 00 00 00 28 01 01 00 00 80 0b 00 01 00 0c 00 04 Aug 26 13:08:27.528188: | 00 01 51 80 80 01 00 07 80 0e 01 00 80 03 00 03 Aug 26 13:08:27.528190: | 80 02 00 02 80 04 00 05 Aug 26 13:08:27.528195: | start processing: from 192.1.2.45:35807 (in process_md() at demux.c:378) Aug 26 13:08:27.528199: | **parse ISAKMP Message: Aug 26 13:08:27.528202: | initiator cookie: Aug 26 13:08:27.528204: | b9 ce 3e ef c8 b6 61 dd Aug 26 13:08:27.528207: | responder cookie: Aug 26 13:08:27.528210: | 00 00 00 00 00 00 00 00 Aug 26 13:08:27.528213: | next payload type: ISAKMP_NEXT_SAK (0xf) Aug 26 13:08:27.528216: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:08:27.528219: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:08:27.528222: | flags: none (0x0) Aug 26 13:08:27.528224: | Message ID: 0 (0x0) Aug 26 13:08:27.528226: | length: 88 (0x58) Aug 26 13:08:27.528229: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:08:27.528233: | State DB: found IKEv1 state #1 in MAIN_R0 (find_state_ikev1_init) Aug 26 13:08:27.528241: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in process_v1_packet() at ikev1.c:1416) Aug 26 13:08:27.528244: "westnet-eastnet" #1: discarding initial packet; already STATE_MAIN_R0 Aug 26 13:08:27.528247: | stop processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in process_v1_packet() at ikev1.c:1429) Aug 26 13:08:27.528249: | stop processing: from 192.1.2.45:35807 (in process_md() at demux.c:380) Aug 26 13:08:27.528252: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:08:27.528254: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:27.528257: | spent 0.09 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:28.092070: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:28.092284: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:28.092300: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:28.092361: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:08:28.092366: | FOR_EACH_STATE_... in sort_states Aug 26 13:08:28.092382: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:28.092390: | spent 0.325 milliseconds in whack Aug 26 13:08:29.231733: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:29.231759: shutting down Aug 26 13:08:29.231770: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:08:29.231774: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:08:29.231777: forgetting secrets Aug 26 13:08:29.231781: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:08:29.231786: | unreference key: 0x55fa6b1dc278 @east cnt 1-- Aug 26 13:08:29.231792: | unreference key: 0x55fa6b134c48 @west cnt 1-- Aug 26 13:08:29.231797: | start processing: connection "westnet-eastnet" (in delete_connection() at connections.c:189) Aug 26 13:08:29.231801: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:08:29.231804: | pass 0 Aug 26 13:08:29.231807: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:08:29.231811: | state #1 Aug 26 13:08:29.231815: | suspend processing: connection "westnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:08:29.231821: | start processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:08:29.231825: | pstats #1 ikev1.isakmp deleted other Aug 26 13:08:29.231831: | [RE]START processing: state #1 connection "westnet-eastnet" from 192.1.2.45:51854 (in delete_state() at state.c:879) Aug 26 13:08:29.231836: "westnet-eastnet" #1: deleting state (STATE_MAIN_R0) aged 1.704s and NOT sending notification Aug 26 13:08:29.231840: | parent state #1: MAIN_R0(half-open IKE SA) => delete Aug 26 13:08:29.232331: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 13:08:29.232347: | stop processing: connection "westnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:08:29.232351: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:08:29.232355: | in connection_discard for connection westnet-eastnet Aug 26 13:08:29.232358: | State DB: deleting IKEv1 state #1 in MAIN_R0 Aug 26 13:08:29.232362: | parent state #1: MAIN_R0(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:08:29.232369: | stop processing: state #1 from 192.1.2.45:51854 (in delete_state() at state.c:1143) Aug 26 13:08:29.232374: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:08:29.232377: | pass 1 Aug 26 13:08:29.232380: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:08:29.232384: | free hp@0x55fa6b1dbe38 Aug 26 13:08:29.232387: | flush revival: connection 'westnet-eastnet' wasn't on the list Aug 26 13:08:29.232396: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:08:29.232401: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:08:29.232404: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:08:29.232414: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:08:29.232418: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:08:29.232422: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:08:29.232425: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:08:29.232429: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:08:29.232432: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:08:29.232437: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:08:29.232445: | libevent_free: release ptr-libevent@0x55fa6b1ceea8 Aug 26 13:08:29.232449: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1daba8 Aug 26 13:08:29.232459: | libevent_free: release ptr-libevent@0x55fa6b1633c8 Aug 26 13:08:29.232462: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dac58 Aug 26 13:08:29.232469: | libevent_free: release ptr-libevent@0x55fa6b1644b8 Aug 26 13:08:29.232472: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dad08 Aug 26 13:08:29.232479: | libevent_free: release ptr-libevent@0x55fa6b165348 Aug 26 13:08:29.232482: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dadb8 Aug 26 13:08:29.232489: | libevent_free: release ptr-libevent@0x55fa6b1394e8 Aug 26 13:08:29.232493: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1dae68 Aug 26 13:08:29.232499: | libevent_free: release ptr-libevent@0x55fa6b1391d8 Aug 26 13:08:29.232502: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1daf18 Aug 26 13:08:29.232507: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:08:29.232929: | libevent_free: release ptr-libevent@0x55fa6b1cef58 Aug 26 13:08:29.232938: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1c2d48 Aug 26 13:08:29.232945: | libevent_free: release ptr-libevent@0x55fa6b162078 Aug 26 13:08:29.232949: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1c2cd8 Aug 26 13:08:29.232955: | libevent_free: release ptr-libevent@0x55fa6b1a6688 Aug 26 13:08:29.232958: | free_event_entry: release EVENT_NULL-pe@0x55fa6b1c2198 Aug 26 13:08:29.232962: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:08:29.232965: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:08:29.232968: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:08:29.232971: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:08:29.232974: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:08:29.232977: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:08:29.232980: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:08:29.232982: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:08:29.232985: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:08:29.232990: | libevent_free: release ptr-libevent@0x55fa6b16d588 Aug 26 13:08:29.232994: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:08:29.232998: | libevent_free: release ptr-libevent@0x55fa6b165418 Aug 26 13:08:29.233001: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:08:29.233005: | libevent_free: release ptr-libevent@0x55fa6b1da498 Aug 26 13:08:29.233008: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:08:29.233012: | libevent_free: release ptr-libevent@0x55fa6b1da6d8 Aug 26 13:08:29.233015: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:08:29.233018: | releasing event base Aug 26 13:08:29.233034: | libevent_free: release ptr-libevent@0x55fa6b1da5a8 Aug 26 13:08:29.233038: | libevent_free: release ptr-libevent@0x55fa6b1bd588 Aug 26 13:08:29.233042: | libevent_free: release ptr-libevent@0x55fa6b1bd538 Aug 26 13:08:29.233045: | libevent_free: release ptr-libevent@0x55fa6b1bd4c8 Aug 26 13:08:29.233048: | libevent_free: release ptr-libevent@0x55fa6b1bd488 Aug 26 13:08:29.233051: | libevent_free: release ptr-libevent@0x55fa6b1da228 Aug 26 13:08:29.233053: | libevent_free: release ptr-libevent@0x55fa6b1da3d8 Aug 26 13:08:29.233059: | libevent_free: release ptr-libevent@0x55fa6b1bd738 Aug 26 13:08:29.233062: | libevent_free: release ptr-libevent@0x55fa6b1c22a8 Aug 26 13:08:29.233065: | libevent_free: release ptr-libevent@0x55fa6b1c2c98 Aug 26 13:08:29.233068: | libevent_free: release ptr-libevent@0x55fa6b1daf88 Aug 26 13:08:29.233071: | libevent_free: release ptr-libevent@0x55fa6b1daed8 Aug 26 13:08:29.233074: | libevent_free: release ptr-libevent@0x55fa6b1dae28 Aug 26 13:08:29.233076: | libevent_free: release ptr-libevent@0x55fa6b1dad78 Aug 26 13:08:29.233079: | libevent_free: release ptr-libevent@0x55fa6b1dacc8 Aug 26 13:08:29.233082: | libevent_free: release ptr-libevent@0x55fa6b1dac18 Aug 26 13:08:29.233084: | libevent_free: release ptr-libevent@0x55fa6b161918 Aug 26 13:08:29.233087: | libevent_free: release ptr-libevent@0x55fa6b1da458 Aug 26 13:08:29.233090: | libevent_free: release ptr-libevent@0x55fa6b1da418 Aug 26 13:08:29.233092: | libevent_free: release ptr-libevent@0x55fa6b1da398 Aug 26 13:08:29.233095: | libevent_free: release ptr-libevent@0x55fa6b1da568 Aug 26 13:08:29.233098: | libevent_free: release ptr-libevent@0x55fa6b1da268 Aug 26 13:08:29.233101: | libevent_free: release ptr-libevent@0x55fa6b138908 Aug 26 13:08:29.233104: | libevent_free: release ptr-libevent@0x55fa6b138d38 Aug 26 13:08:29.233107: | libevent_free: release ptr-libevent@0x55fa6b161c88 Aug 26 13:08:29.233109: | releasing global libevent data Aug 26 13:08:29.233113: | libevent_free: release ptr-libevent@0x55fa6b13df78 Aug 26 13:08:29.233116: | libevent_free: release ptr-libevent@0x55fa6b138cd8 Aug 26 13:08:29.233120: | libevent_free: release ptr-libevent@0x55fa6b138dd8 Aug 26 13:08:29.233157: leak detective found no leaks