Aug 26 13:08:57.206927: FIPS Product: YES Aug 26 13:08:57.207038: FIPS Kernel: NO Aug 26 13:08:57.207042: FIPS Mode: NO Aug 26 13:08:57.207045: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:08:57.207201: Initializing NSS Aug 26 13:08:57.207209: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:08:57.240121: NSS initialized Aug 26 13:08:57.240132: NSS crypto library initialized Aug 26 13:08:57.240134: FIPS HMAC integrity support [enabled] Aug 26 13:08:57.240136: FIPS mode disabled for pluto daemon Aug 26 13:08:57.273791: FIPS HMAC integrity verification self-test FAILED Aug 26 13:08:57.274258: libcap-ng support [enabled] Aug 26 13:08:57.274269: Linux audit support [enabled] Aug 26 13:08:57.274651: Linux audit activated Aug 26 13:08:57.274659: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21390 Aug 26 13:08:57.274664: core dump dir: /tmp Aug 26 13:08:57.274666: secrets file: /etc/ipsec.secrets Aug 26 13:08:57.274669: leak-detective enabled Aug 26 13:08:57.274671: NSS crypto [enabled] Aug 26 13:08:57.274674: XAUTH PAM support [enabled] Aug 26 13:08:57.274748: | libevent is using pluto's memory allocator Aug 26 13:08:57.274755: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:08:57.274772: | libevent_malloc: new ptr-libevent@0x55785cfb1538 size 40 Aug 26 13:08:57.274777: | libevent_malloc: new ptr-libevent@0x55785cfb0cd8 size 40 Aug 26 13:08:57.274781: | libevent_malloc: new ptr-libevent@0x55785cfb0dd8 size 40 Aug 26 13:08:57.274784: | creating event base Aug 26 13:08:57.274788: | libevent_malloc: new ptr-libevent@0x55785d033ae8 size 56 Aug 26 13:08:57.274794: | libevent_malloc: new ptr-libevent@0x55785cfdff08 size 664 Aug 26 13:08:57.274808: | libevent_malloc: new ptr-libevent@0x55785d033b58 size 24 Aug 26 13:08:57.274811: | libevent_malloc: new ptr-libevent@0x55785d033ba8 size 384 Aug 26 13:08:57.274822: | libevent_malloc: new ptr-libevent@0x55785d033aa8 size 16 Aug 26 13:08:57.274827: | libevent_malloc: new ptr-libevent@0x55785cfb0908 size 40 Aug 26 13:08:57.274830: | libevent_malloc: new ptr-libevent@0x55785cfb0d38 size 48 Aug 26 13:08:57.274836: | libevent_realloc: new ptr-libevent@0x55785cfe0a08 size 256 Aug 26 13:08:57.274839: | libevent_malloc: new ptr-libevent@0x55785d033d58 size 16 Aug 26 13:08:57.274846: | libevent_free: release ptr-libevent@0x55785d033ae8 Aug 26 13:08:57.274850: | libevent initialized Aug 26 13:08:57.274855: | libevent_realloc: new ptr-libevent@0x55785d033ae8 size 64 Aug 26 13:08:57.274859: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:08:57.274875: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:08:57.274878: NAT-Traversal support [enabled] Aug 26 13:08:57.274882: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:08:57.274888: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:08:57.274896: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:08:57.274932: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:08:57.274936: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:08:57.274953: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:08:57.275017: Encryption algorithms: Aug 26 13:08:57.275026: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:08:57.275031: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:08:57.275036: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:08:57.275053: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:08:57.275057: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:08:57.275068: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:08:57.275073: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:08:57.275078: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:08:57.275082: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:08:57.275087: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:08:57.275091: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:08:57.275096: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:08:57.275100: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:08:57.275105: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:08:57.275110: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:08:57.275113: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:08:57.275118: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:08:57.275126: Hash algorithms: Aug 26 13:08:57.275130: MD5 IKEv1: IKE IKEv2: Aug 26 13:08:57.275133: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:08:57.275137: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:08:57.275142: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:08:57.275145: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:08:57.275164: PRF algorithms: Aug 26 13:08:57.275168: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:08:57.275172: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:08:57.275176: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:08:57.275180: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:08:57.275184: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:08:57.275188: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:08:57.275230: Integrity algorithms: Aug 26 13:08:57.275234: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:08:57.275239: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:08:57.275244: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:08:57.275249: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:08:57.275255: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:08:57.275258: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:08:57.275263: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:08:57.275267: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:08:57.275270: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:08:57.275293: DH algorithms: Aug 26 13:08:57.275301: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:08:57.275305: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:08:57.275309: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:08:57.275315: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:08:57.275319: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:08:57.275322: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:08:57.275326: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:08:57.275330: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:08:57.275334: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:08:57.275338: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:08:57.275342: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:08:57.275345: testing CAMELLIA_CBC: Aug 26 13:08:57.275348: Camellia: 16 bytes with 128-bit key Aug 26 13:08:57.275469: Camellia: 16 bytes with 128-bit key Aug 26 13:08:57.275502: Camellia: 16 bytes with 256-bit key Aug 26 13:08:57.275537: Camellia: 16 bytes with 256-bit key Aug 26 13:08:57.275568: testing AES_GCM_16: Aug 26 13:08:57.275572: empty string Aug 26 13:08:57.275601: one block Aug 26 13:08:57.275628: two blocks Aug 26 13:08:57.275656: two blocks with associated data Aug 26 13:08:57.275685: testing AES_CTR: Aug 26 13:08:57.275689: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:08:57.275718: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:08:57.275750: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:08:57.275783: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:08:57.275814: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:08:57.275845: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:08:57.275890: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:08:57.275919: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:08:57.275951: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:08:57.275995: testing AES_CBC: Aug 26 13:08:57.275999: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:08:57.276030: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:08:57.276063: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:08:57.276097: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:08:57.276138: testing AES_XCBC: Aug 26 13:08:57.276142: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:08:57.276262: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:08:57.276403: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:08:57.276536: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:08:57.276668: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:08:57.276800: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:08:57.276934: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:08:57.277232: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:08:57.277368: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:08:57.277514: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:08:57.277758: testing HMAC_MD5: Aug 26 13:08:57.277762: RFC 2104: MD5_HMAC test 1 Aug 26 13:08:57.277938: RFC 2104: MD5_HMAC test 2 Aug 26 13:08:57.278094: RFC 2104: MD5_HMAC test 3 Aug 26 13:08:57.278342: 8 CPU cores online Aug 26 13:08:57.278349: starting up 7 crypto helpers Aug 26 13:08:57.278382: started thread for crypto helper 0 Aug 26 13:08:57.278388: | starting up helper thread 0 Aug 26 13:08:57.278405: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:08:57.278405: started thread for crypto helper 1 Aug 26 13:08:57.278414: | crypto helper 0 waiting (nothing to do) Aug 26 13:08:57.278437: started thread for crypto helper 2 Aug 26 13:08:57.278440: | starting up helper thread 2 Aug 26 13:08:57.278447: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:08:57.278451: | crypto helper 2 waiting (nothing to do) Aug 26 13:08:57.278459: started thread for crypto helper 3 Aug 26 13:08:57.278460: | starting up helper thread 3 Aug 26 13:08:57.278466: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:08:57.278469: | crypto helper 3 waiting (nothing to do) Aug 26 13:08:57.278479: started thread for crypto helper 4 Aug 26 13:08:57.278484: | starting up helper thread 4 Aug 26 13:08:57.278497: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:08:57.278497: started thread for crypto helper 5 Aug 26 13:08:57.278499: | starting up helper thread 5 Aug 26 13:08:57.278503: | crypto helper 4 waiting (nothing to do) Aug 26 13:08:57.278512: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:08:57.278520: | crypto helper 5 waiting (nothing to do) Aug 26 13:08:57.278525: started thread for crypto helper 6 Aug 26 13:08:57.278530: | checking IKEv1 state table Aug 26 13:08:57.278539: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278542: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:08:57.278545: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278548: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:08:57.278552: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:08:57.278555: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:08:57.278558: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:57.278561: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:57.278564: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:08:57.278567: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:08:57.278570: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:57.278573: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:08:57.278576: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:08:57.278579: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:57.278582: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:57.278585: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:08:57.278588: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:08:57.278591: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:57.278594: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:57.278596: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:08:57.278600: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:08:57.278603: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278606: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:08:57.278609: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278612: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278615: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:08:57.278619: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278622: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:08:57.278624: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:08:57.278628: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:08:57.278631: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:08:57.278633: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:08:57.278637: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:08:57.278640: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278643: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:08:57.278646: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278649: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:08:57.278652: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:08:57.278656: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:08:57.278659: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:08:57.278662: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:08:57.278665: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:08:57.278668: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:08:57.278671: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278678: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:08:57.278681: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278685: | INFO: category: informational flags: 0: Aug 26 13:08:57.278687: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278691: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:08:57.278694: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278697: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:08:57.278700: | -> XAUTH_R1 EVENT_NULL Aug 26 13:08:57.278703: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:08:57.278706: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:08:57.278710: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:08:57.278713: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:08:57.278716: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:08:57.278719: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:08:57.278722: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:08:57.278726: | -> UNDEFINED EVENT_NULL Aug 26 13:08:57.278730: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:08:57.278733: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:08:57.278736: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:08:57.278739: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:08:57.278742: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:08:57.278745: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:08:57.278752: | checking IKEv2 state table Aug 26 13:08:57.278758: | PARENT_I0: category: ignore flags: 0: Aug 26 13:08:57.278762: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:08:57.278766: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278769: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:08:57.278773: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:08:57.278777: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:08:57.278781: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:08:57.278784: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:08:57.278788: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:08:57.278791: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:08:57.278795: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:08:57.278798: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:08:57.278802: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:08:57.278805: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:08:57.278808: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:08:57.278811: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:08:57.278815: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278818: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:08:57.278822: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:08:57.278826: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:08:57.278829: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:08:57.278833: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:08:57.278836: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:08:57.278840: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:08:57.278843: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:08:57.278846: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:08:57.278850: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:08:57.278853: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:08:57.278859: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:08:57.278863: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:08:57.278866: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:08:57.278870: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:08:57.278874: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:08:57.278877: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:08:57.278881: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:08:57.278885: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:08:57.278889: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:08:57.278892: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:08:57.278896: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:08:57.278900: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:08:57.278903: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:08:57.278907: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:08:57.278911: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:08:57.278914: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:08:57.278918: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:08:57.278921: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:08:57.278925: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:08:57.278988: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:08:57.279117: | starting up helper thread 1 Aug 26 13:08:57.279127: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:08:57.279129: | crypto helper 1 waiting (nothing to do) Aug 26 13:08:57.279435: | Hard-wiring algorithms Aug 26 13:08:57.279444: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:08:57.279449: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:08:57.279452: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:08:57.279455: | adding 3DES_CBC to kernel algorithm db Aug 26 13:08:57.279458: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:08:57.279461: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:08:57.279465: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:08:57.279468: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:08:57.279471: | adding AES_CTR to kernel algorithm db Aug 26 13:08:57.279474: | adding AES_CBC to kernel algorithm db Aug 26 13:08:57.279477: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:08:57.279480: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:08:57.279484: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:08:57.279487: | adding NULL to kernel algorithm db Aug 26 13:08:57.279490: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:08:57.279494: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:08:57.279497: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:08:57.279500: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:08:57.279503: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:08:57.279506: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:08:57.279509: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:08:57.279512: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:08:57.279515: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:08:57.279518: | adding NONE to kernel algorithm db Aug 26 13:08:57.279541: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:08:57.279548: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:08:57.279552: | setup kernel fd callback Aug 26 13:08:57.279559: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55785d039368 Aug 26 13:08:57.279564: | libevent_malloc: new ptr-libevent@0x55785d01cbb8 size 128 Aug 26 13:08:57.279569: | libevent_malloc: new ptr-libevent@0x55785d0388c8 size 16 Aug 26 13:08:57.279576: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55785d0387b8 Aug 26 13:08:57.279580: | libevent_malloc: new ptr-libevent@0x55785cfe30f8 size 128 Aug 26 13:08:57.279584: | libevent_malloc: new ptr-libevent@0x55785d0392b8 size 16 Aug 26 13:08:57.279830: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:08:57.279838: selinux support is enabled. Aug 26 13:08:57.279961: | starting up helper thread 6 Aug 26 13:08:57.279973: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:08:57.279976: | crypto helper 6 waiting (nothing to do) Aug 26 13:08:57.280845: | unbound context created - setting debug level to 5 Aug 26 13:08:57.280872: | /etc/hosts lookups activated Aug 26 13:08:57.280884: | /etc/resolv.conf usage activated Aug 26 13:08:57.280932: | outgoing-port-avoid set 0-65535 Aug 26 13:08:57.280964: | outgoing-port-permit set 32768-60999 Aug 26 13:08:57.280967: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:08:57.280971: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:08:57.280975: | Setting up events, loop start Aug 26 13:08:57.280979: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55785d0392f8 Aug 26 13:08:57.280983: | libevent_malloc: new ptr-libevent@0x55785d045538 size 128 Aug 26 13:08:57.280987: | libevent_malloc: new ptr-libevent@0x55785d0507c8 size 16 Aug 26 13:08:57.280994: | libevent_realloc: new ptr-libevent@0x55785cfdfb98 size 256 Aug 26 13:08:57.280998: | libevent_malloc: new ptr-libevent@0x55785d050808 size 8 Aug 26 13:08:57.281001: | libevent_realloc: new ptr-libevent@0x55785cfe0448 size 144 Aug 26 13:08:57.281005: | libevent_malloc: new ptr-libevent@0x55785cfe08a8 size 152 Aug 26 13:08:57.281009: | libevent_malloc: new ptr-libevent@0x55785d050848 size 16 Aug 26 13:08:57.281013: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:08:57.281017: | libevent_malloc: new ptr-libevent@0x55785d050888 size 8 Aug 26 13:08:57.281020: | libevent_malloc: new ptr-libevent@0x55785d0508c8 size 152 Aug 26 13:08:57.281023: | signal event handler PLUTO_SIGTERM installed Aug 26 13:08:57.281026: | libevent_malloc: new ptr-libevent@0x55785d050998 size 8 Aug 26 13:08:57.281030: | libevent_malloc: new ptr-libevent@0x55785d0509d8 size 152 Aug 26 13:08:57.281034: | signal event handler PLUTO_SIGHUP installed Aug 26 13:08:57.281037: | libevent_malloc: new ptr-libevent@0x55785d050aa8 size 8 Aug 26 13:08:57.281040: | libevent_realloc: release ptr-libevent@0x55785cfe0448 Aug 26 13:08:57.281044: | libevent_realloc: new ptr-libevent@0x55785d050ae8 size 256 Aug 26 13:08:57.281047: | libevent_malloc: new ptr-libevent@0x55785d050c18 size 152 Aug 26 13:08:57.281051: | signal event handler PLUTO_SIGSYS installed Aug 26 13:08:57.281347: | created addconn helper (pid:21574) using fork+execve Aug 26 13:08:57.281368: | forked child 21574 Aug 26 13:08:57.281415: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:57.281805: listening for IKE messages Aug 26 13:08:57.283582: | Inspecting interface lo Aug 26 13:08:57.283600: | found lo with address 127.0.0.1 Aug 26 13:08:57.283606: | Inspecting interface eth0 Aug 26 13:08:57.283610: | found eth0 with address 192.0.1.254 Aug 26 13:08:57.283612: | Inspecting interface eth1 Aug 26 13:08:57.283615: | found eth1 with address 192.1.2.45 Aug 26 13:08:57.283677: Kernel supports NIC esp-hw-offload Aug 26 13:08:57.283690: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:08:57.283754: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:57.283761: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:57.283766: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:08:57.283799: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:08:57.283824: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:57.283830: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:57.283834: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:08:57.283861: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:08:57.283884: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:08:57.283888: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:08:57.283892: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:08:57.283972: | no interfaces to sort Aug 26 13:08:57.283978: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:08:57.283988: | add_fd_read_event_handler: new ethX-pe@0x55785d051178 Aug 26 13:08:57.283993: | libevent_malloc: new ptr-libevent@0x55785d045488 size 128 Aug 26 13:08:57.283997: | libevent_malloc: new ptr-libevent@0x55785d0511e8 size 16 Aug 26 13:08:57.284006: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:08:57.284010: | add_fd_read_event_handler: new ethX-pe@0x55785d051228 Aug 26 13:08:57.284014: | libevent_malloc: new ptr-libevent@0x55785cfe1358 size 128 Aug 26 13:08:57.284017: | libevent_malloc: new ptr-libevent@0x55785d051298 size 16 Aug 26 13:08:57.284023: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:08:57.284026: | add_fd_read_event_handler: new ethX-pe@0x55785d0512d8 Aug 26 13:08:57.284029: | libevent_malloc: new ptr-libevent@0x55785cfe31f8 size 128 Aug 26 13:08:57.284032: | libevent_malloc: new ptr-libevent@0x55785d051348 size 16 Aug 26 13:08:57.284037: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:08:57.284040: | add_fd_read_event_handler: new ethX-pe@0x55785d051388 Aug 26 13:08:57.284043: | libevent_malloc: new ptr-libevent@0x55785cfe0348 size 128 Aug 26 13:08:57.284046: | libevent_malloc: new ptr-libevent@0x55785d0513f8 size 16 Aug 26 13:08:57.284051: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:08:57.284054: | add_fd_read_event_handler: new ethX-pe@0x55785d051438 Aug 26 13:08:57.284058: | libevent_malloc: new ptr-libevent@0x55785cfb6ba8 size 128 Aug 26 13:08:57.284061: | libevent_malloc: new ptr-libevent@0x55785d0514a8 size 16 Aug 26 13:08:57.284066: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:08:57.284069: | add_fd_read_event_handler: new ethX-pe@0x55785d0514e8 Aug 26 13:08:57.284073: | libevent_malloc: new ptr-libevent@0x55785cfb11d8 size 128 Aug 26 13:08:57.284076: | libevent_malloc: new ptr-libevent@0x55785d051558 size 16 Aug 26 13:08:57.284081: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:08:57.284086: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:08:57.284089: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:08:57.284113: loading secrets from "/etc/ipsec.secrets" Aug 26 13:08:57.284126: | id type added to secret(0x55785cfacc48) PKK_PSK: @west Aug 26 13:08:57.284131: | id type added to secret(0x55785cfacc48) PKK_PSK: @east Aug 26 13:08:57.284136: | Processing PSK at line 1: passed Aug 26 13:08:57.284139: | certs and keys locked by 'process_secret' Aug 26 13:08:57.284143: | certs and keys unlocked by 'process_secret' Aug 26 13:08:57.284155: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:57.284163: | spent 1.44 milliseconds in whack Aug 26 13:08:57.302209: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:57.302231: listening for IKE messages Aug 26 13:08:57.302260: | Inspecting interface lo Aug 26 13:08:57.302265: | found lo with address 127.0.0.1 Aug 26 13:08:57.302267: | Inspecting interface eth0 Aug 26 13:08:57.302270: | found eth0 with address 192.0.1.254 Aug 26 13:08:57.302272: | Inspecting interface eth1 Aug 26 13:08:57.302275: | found eth1 with address 192.1.2.45 Aug 26 13:08:57.302323: | no interfaces to sort Aug 26 13:08:57.302336: | libevent_free: release ptr-libevent@0x55785d045488 Aug 26 13:08:57.302339: | free_event_entry: release EVENT_NULL-pe@0x55785d051178 Aug 26 13:08:57.302341: | add_fd_read_event_handler: new ethX-pe@0x55785d051178 Aug 26 13:08:57.302343: | libevent_malloc: new ptr-libevent@0x55785d045488 size 128 Aug 26 13:08:57.302349: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:08:57.302351: | libevent_free: release ptr-libevent@0x55785cfe1358 Aug 26 13:08:57.302353: | free_event_entry: release EVENT_NULL-pe@0x55785d051228 Aug 26 13:08:57.302355: | add_fd_read_event_handler: new ethX-pe@0x55785d051228 Aug 26 13:08:57.302357: | libevent_malloc: new ptr-libevent@0x55785cfe1358 size 128 Aug 26 13:08:57.302360: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:08:57.302363: | libevent_free: release ptr-libevent@0x55785cfe31f8 Aug 26 13:08:57.302364: | free_event_entry: release EVENT_NULL-pe@0x55785d0512d8 Aug 26 13:08:57.302366: | add_fd_read_event_handler: new ethX-pe@0x55785d0512d8 Aug 26 13:08:57.302368: | libevent_malloc: new ptr-libevent@0x55785cfe31f8 size 128 Aug 26 13:08:57.302371: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:08:57.302374: | libevent_free: release ptr-libevent@0x55785cfe0348 Aug 26 13:08:57.302376: | free_event_entry: release EVENT_NULL-pe@0x55785d051388 Aug 26 13:08:57.302377: | add_fd_read_event_handler: new ethX-pe@0x55785d051388 Aug 26 13:08:57.302379: | libevent_malloc: new ptr-libevent@0x55785cfe0348 size 128 Aug 26 13:08:57.302382: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:08:57.302385: | libevent_free: release ptr-libevent@0x55785cfb6ba8 Aug 26 13:08:57.302386: | free_event_entry: release EVENT_NULL-pe@0x55785d051438 Aug 26 13:08:57.302388: | add_fd_read_event_handler: new ethX-pe@0x55785d051438 Aug 26 13:08:57.302390: | libevent_malloc: new ptr-libevent@0x55785cfb6ba8 size 128 Aug 26 13:08:57.302393: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:08:57.302395: | libevent_free: release ptr-libevent@0x55785cfb11d8 Aug 26 13:08:57.302397: | free_event_entry: release EVENT_NULL-pe@0x55785d0514e8 Aug 26 13:08:57.302399: | add_fd_read_event_handler: new ethX-pe@0x55785d0514e8 Aug 26 13:08:57.302401: | libevent_malloc: new ptr-libevent@0x55785cfb11d8 size 128 Aug 26 13:08:57.302404: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:08:57.302406: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:08:57.302408: forgetting secrets Aug 26 13:08:57.302413: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:08:57.302423: loading secrets from "/etc/ipsec.secrets" Aug 26 13:08:57.302430: | id type added to secret(0x55785cfacc48) PKK_PSK: @west Aug 26 13:08:57.302432: | id type added to secret(0x55785cfacc48) PKK_PSK: @east Aug 26 13:08:57.302435: | Processing PSK at line 1: passed Aug 26 13:08:57.302437: | certs and keys locked by 'process_secret' Aug 26 13:08:57.302438: | certs and keys unlocked by 'process_secret' Aug 26 13:08:57.302446: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:57.302451: | spent 0.248 milliseconds in whack Aug 26 13:08:57.302803: | processing signal PLUTO_SIGCHLD Aug 26 13:08:57.302814: | waitpid returned pid 21574 (exited with status 0) Aug 26 13:08:57.302817: | reaped addconn helper child (status 0) Aug 26 13:08:57.302821: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:57.302825: | spent 0.0135 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:57.363887: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:57.363912: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:57.363917: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:08:57.363919: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:57.363922: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:08:57.363927: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:57.363934: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:08:57.364000: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:08:57.364008: | from whack: got --esp= Aug 26 13:08:57.364046: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:08:57.364052: | counting wild cards for @west is 0 Aug 26 13:08:57.364056: | counting wild cards for @east is 0 Aug 26 13:08:57.364066: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:08:57.364069: | new hp@0x55785d053878 Aug 26 13:08:57.364074: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:08:57.364086: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:08:57.364094: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:08:57.364099: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:57.364105: | spent 0.229 milliseconds in whack Aug 26 13:08:57.426442: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:57.426679: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:57.426684: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:57.426770: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:08:57.426782: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:57.426790: | spent 0.367 milliseconds in whack Aug 26 13:08:57.537799: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:57.537818: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:08:57.537836: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:57.537841: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:08:57.537844: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:08:57.537846: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:08:57.537848: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:08:57.537876: | creating state object #1 at 0x55785d053998 Aug 26 13:08:57.537879: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:08:57.537885: | pstats #1 ikev2.ike started Aug 26 13:08:57.537887: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:08:57.537889: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:08:57.537893: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:08:57.537899: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:08:57.537902: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:08:57.537905: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:08:57.537908: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:08:57.537911: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 13:08:57.537918: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 13:08:57.537943: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:08:57.537950: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.537953: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:08:57.537959: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.537975: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:08:57.537980: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.537983: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:08:57.537987: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.537996: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.538019: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:08:57.538023: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55785d0560c8 Aug 26 13:08:57.538026: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:08:57.538029: | libevent_malloc: new ptr-libevent@0x55785d056138 size 128 Aug 26 13:08:57.538042: | #1 spent 0.198 milliseconds in ikev2_parent_outI1() Aug 26 13:08:57.538045: | crypto helper 0 resuming Aug 26 13:08:57.538046: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:08:57.538064: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:08:57.538078: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:08:57.538082: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:08:57.538082: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:08:57.538084: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:08:57.538092: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:08:57.538094: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:57.538098: | spent 0.314 milliseconds in whack Aug 26 13:08:57.539034: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000952 seconds Aug 26 13:08:57.539046: | (#1) spent 0.957 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:08:57.539049: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:08:57.539051: | scheduling resume sending helper answer for #1 Aug 26 13:08:57.539057: | libevent_malloc: new ptr-libevent@0x7f41b8002888 size 128 Aug 26 13:08:57.539063: | crypto helper 0 waiting (nothing to do) Aug 26 13:08:57.539069: | processing resume sending helper answer for #1 Aug 26 13:08:57.539076: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:08:57.539079: | crypto helper 0 replies to request ID 1 Aug 26 13:08:57.539081: | calling continuation function 0x55785bedcb50 Aug 26 13:08:57.539083: | ikev2_parent_outI1_continue for #1 Aug 26 13:08:57.539108: | **emit ISAKMP Message: Aug 26 13:08:57.539110: | initiator cookie: Aug 26 13:08:57.539112: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.539113: | responder cookie: Aug 26 13:08:57.539115: | 00 00 00 00 00 00 00 00 Aug 26 13:08:57.539117: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:57.539119: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:57.539121: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:08:57.539123: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:08:57.539125: | Message ID: 0 (0x0) Aug 26 13:08:57.539127: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:57.539137: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.539139: | Emitting ikev2_proposals ... Aug 26 13:08:57.539141: | ***emit IKEv2 Security Association Payload: Aug 26 13:08:57.539143: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.539145: | flags: none (0x0) Aug 26 13:08:57.539147: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:08:57.539149: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.539151: | discarding INTEG=NONE Aug 26 13:08:57.539153: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.539155: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539156: | prop #: 1 (0x1) Aug 26 13:08:57.539158: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:57.539160: | spi size: 0 (0x0) Aug 26 13:08:57.539161: | # transforms: 11 (0xb) Aug 26 13:08:57.539163: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.539165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539168: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.539170: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.539172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539174: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.539176: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.539178: | length/value: 256 (0x100) Aug 26 13:08:57.539180: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.539181: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539185: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539189: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:57.539191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539195: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539197: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539200: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539202: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:57.539204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539206: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539207: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539209: | discarding INTEG=NONE Aug 26 13:08:57.539210: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539212: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539215: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.539217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539221: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539222: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539225: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539227: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:57.539229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539234: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539237: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539239: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:57.539241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539243: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539244: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539246: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539251: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:57.539253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539256: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539259: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539261: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539262: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539264: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:57.539266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539270: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539271: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539273: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539274: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539276: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:57.539278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539281: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539283: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539286: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539291: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:57.539297: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539301: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539303: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539304: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.539306: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539307: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:57.539309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539311: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539326: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539328: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:08:57.539330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.539331: | discarding INTEG=NONE Aug 26 13:08:57.539333: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.539334: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539336: | prop #: 2 (0x2) Aug 26 13:08:57.539338: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:57.539339: | spi size: 0 (0x0) Aug 26 13:08:57.539341: | # transforms: 11 (0xb) Aug 26 13:08:57.539343: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539345: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.539346: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539350: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.539351: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.539354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539356: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.539358: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.539359: | length/value: 128 (0x80) Aug 26 13:08:57.539361: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.539363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539366: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539367: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:57.539369: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539373: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539374: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539376: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539377: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539379: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:57.539381: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539384: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539386: | discarding INTEG=NONE Aug 26 13:08:57.539387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539391: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539392: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.539394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539398: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539399: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539402: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539404: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:57.539406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539409: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539411: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539412: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539414: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539415: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:57.539417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539428: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:57.539430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539448: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539450: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539453: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539455: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:57.539457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539460: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539462: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539466: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:57.539468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539485: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539486: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539489: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539491: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:57.539493: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539496: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539498: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539514: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.539516: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539517: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:57.539519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539521: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539523: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539524: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:08:57.539526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.539528: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.539530: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539531: | prop #: 3 (0x3) Aug 26 13:08:57.539533: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:57.539534: | spi size: 0 (0x0) Aug 26 13:08:57.539539: | # transforms: 13 (0xd) Aug 26 13:08:57.539541: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539543: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.539545: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539561: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.539562: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:57.539564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539566: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.539567: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.539569: | length/value: 256 (0x100) Aug 26 13:08:57.539570: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.539572: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539575: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539577: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:57.539578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539580: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539582: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539584: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539587: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539588: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:57.539590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539594: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539598: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.539600: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:57.539602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539605: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539607: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539610: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.539611: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:57.539613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539617: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539618: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539624: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.539626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539630: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539634: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539635: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:57.539637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539639: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539640: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539642: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539647: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:57.539649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539652: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539653: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539655: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539657: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539658: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:57.539660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539663: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539665: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539668: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539670: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:57.539671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539676: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539680: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539681: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:57.539683: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539686: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539689: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539692: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539693: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:57.539695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539699: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539700: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539702: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.539703: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539705: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:57.539707: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539712: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:08:57.539714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.539715: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.539717: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:08:57.539718: | prop #: 4 (0x4) Aug 26 13:08:57.539720: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:57.539721: | spi size: 0 (0x0) Aug 26 13:08:57.539723: | # transforms: 13 (0xd) Aug 26 13:08:57.539725: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.539727: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.539728: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539731: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.539733: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:57.539735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539736: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.539738: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.539739: | length/value: 128 (0x80) Aug 26 13:08:57.539741: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.539743: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539746: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539747: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:57.539749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539751: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539753: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539754: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539757: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.539759: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:57.539761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539765: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539768: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539770: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.539771: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:57.539773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539777: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539778: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539781: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.539783: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:57.539785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539788: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539793: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539794: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.539796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539800: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539806: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:57.539808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539811: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539813: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539817: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:57.539819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539821: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539823: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539824: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539829: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539831: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:57.539833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539834: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539836: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539837: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539841: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539842: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:57.539844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539847: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539849: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539852: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539854: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:57.539855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539859: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539860: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539863: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539865: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:57.539867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539870: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539872: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.539873: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.539875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.539877: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:57.539878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.539880: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.539882: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.539883: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:08:57.539885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.539887: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:08:57.539889: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:08:57.539890: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:08:57.539892: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.539895: | flags: none (0x0) Aug 26 13:08:57.539896: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.539898: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:08:57.539900: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.539903: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:08:57.539904: | ikev2 g^x 52 20 11 c1 cb 04 5f 66 83 9e 3d a2 df 35 1a b2 Aug 26 13:08:57.539906: | ikev2 g^x 1b 36 3f bb f4 dd 53 fe 1a 62 fc 5e 95 b0 d9 9c Aug 26 13:08:57.539907: | ikev2 g^x ad cc 41 06 75 26 29 26 e1 32 f4 5b 04 24 c1 26 Aug 26 13:08:57.539909: | ikev2 g^x 18 d2 ca 8f 6a 30 65 bc 76 22 a7 24 06 9b f3 af Aug 26 13:08:57.539910: | ikev2 g^x f0 68 56 1e 1b 87 fa a4 dd e5 fd 10 02 62 bb 21 Aug 26 13:08:57.539912: | ikev2 g^x 9e 85 d1 c2 e5 af a7 1e 5f 75 2f 84 45 ca 49 6e Aug 26 13:08:57.539913: | ikev2 g^x 22 7d 18 b7 d5 f0 12 88 23 13 52 91 be 5a 63 74 Aug 26 13:08:57.539915: | ikev2 g^x e6 d8 93 a0 d9 0e d8 81 ab 84 f5 c0 f2 6e c8 c2 Aug 26 13:08:57.539916: | ikev2 g^x 56 15 5a 1b e6 5e f4 4a 08 15 bd 64 b4 41 62 33 Aug 26 13:08:57.539918: | ikev2 g^x f4 e5 11 11 e0 fe c7 7a 69 bd f0 35 9d 6d bf dc Aug 26 13:08:57.539919: | ikev2 g^x ea 0f 9f d1 5e 63 0b 4d ee 3c 1a 65 b6 70 72 1c Aug 26 13:08:57.539921: | ikev2 g^x dd 07 a1 dc 57 43 01 66 d1 33 41 37 7a b1 d7 7a Aug 26 13:08:57.539922: | ikev2 g^x 93 43 cf 35 29 77 28 01 96 3f 08 e8 d9 cd d6 f4 Aug 26 13:08:57.539924: | ikev2 g^x d2 a7 4e 48 c8 55 77 db 4f 59 98 71 0e 1f 8c 80 Aug 26 13:08:57.539925: | ikev2 g^x b1 2e 64 b4 b2 d0 b9 7d c9 9c b4 9d 2a 25 f9 d0 Aug 26 13:08:57.539927: | ikev2 g^x fe 8a e8 f0 5e 37 ee dd 77 e2 cf dc 42 eb 8d 24 Aug 26 13:08:57.539928: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:08:57.539930: | ***emit IKEv2 Nonce Payload: Aug 26 13:08:57.539932: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:08:57.539933: | flags: none (0x0) Aug 26 13:08:57.539935: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:08:57.539937: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:08:57.539939: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.539941: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:08:57.539942: | IKEv2 nonce c1 f3 0c c0 66 a5 39 33 ae 6c d9 57 33 89 9f 77 Aug 26 13:08:57.539944: | IKEv2 nonce d2 5b 74 1f 5d 13 cf 47 d4 36 78 7e 6a fa e9 1b Aug 26 13:08:57.539945: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:08:57.539947: | Adding a v2N Payload Aug 26 13:08:57.539949: | ***emit IKEv2 Notify Payload: Aug 26 13:08:57.539950: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.539952: | flags: none (0x0) Aug 26 13:08:57.539954: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.539955: | SPI size: 0 (0x0) Aug 26 13:08:57.539957: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:08:57.539959: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:57.539961: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.539962: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:08:57.539965: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:08:57.539966: | natd_hash: rcookie is zero Aug 26 13:08:57.539977: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:57.539980: | natd_hash: icookie= 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.539981: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:08:57.539983: | natd_hash: ip= c0 01 02 2d Aug 26 13:08:57.539985: | natd_hash: port=500 Aug 26 13:08:57.539987: | natd_hash: hash= fa c8 36 8e b4 c5 69 c5 74 f0 98 f9 92 60 87 42 Aug 26 13:08:57.539989: | natd_hash: hash= 85 e4 d6 e1 Aug 26 13:08:57.539990: | Adding a v2N Payload Aug 26 13:08:57.539992: | ***emit IKEv2 Notify Payload: Aug 26 13:08:57.539993: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.539995: | flags: none (0x0) Aug 26 13:08:57.539997: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.539998: | SPI size: 0 (0x0) Aug 26 13:08:57.540000: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:08:57.540002: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:57.540004: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.540006: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:08:57.540007: | Notify data fa c8 36 8e b4 c5 69 c5 74 f0 98 f9 92 60 87 42 Aug 26 13:08:57.540009: | Notify data 85 e4 d6 e1 Aug 26 13:08:57.540010: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:08:57.540012: | natd_hash: rcookie is zero Aug 26 13:08:57.540017: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:57.540018: | natd_hash: icookie= 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.540020: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:08:57.540021: | natd_hash: ip= c0 01 02 17 Aug 26 13:08:57.540023: | natd_hash: port=500 Aug 26 13:08:57.540024: | natd_hash: hash= 3e 98 43 ea 12 46 4b 0b d0 a4 13 ab 0b 0c ff 97 Aug 26 13:08:57.540026: | natd_hash: hash= 6c b7 9f 42 Aug 26 13:08:57.540027: | Adding a v2N Payload Aug 26 13:08:57.540029: | ***emit IKEv2 Notify Payload: Aug 26 13:08:57.540030: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.540032: | flags: none (0x0) Aug 26 13:08:57.540034: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.540035: | SPI size: 0 (0x0) Aug 26 13:08:57.540037: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:08:57.540039: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:57.540040: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.540042: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:08:57.540044: | Notify data 3e 98 43 ea 12 46 4b 0b d0 a4 13 ab 0b 0c ff 97 Aug 26 13:08:57.540045: | Notify data 6c b7 9f 42 Aug 26 13:08:57.540047: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:08:57.540049: | emitting length of ISAKMP Message: 828 Aug 26 13:08:57.540054: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:08:57.540061: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:57.540064: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:08:57.540066: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:08:57.540069: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:08:57.540071: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:08:57.540073: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:08:57.540076: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:08:57.540078: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:08:57.540087: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:08:57.540109: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:08:57.540111: | 47 83 ee a4 d1 45 51 22 00 00 00 00 00 00 00 00 Aug 26 13:08:57.540114: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:08:57.540115: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:08:57.540117: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:08:57.540119: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:08:57.540122: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:08:57.540124: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:08:57.540126: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:08:57.540128: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:08:57.540130: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:08:57.540131: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:08:57.540133: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:08:57.540134: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:08:57.540136: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:08:57.540137: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:08:57.540139: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:08:57.540140: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:08:57.540142: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:08:57.540143: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:08:57.540145: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:08:57.540146: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:08:57.540148: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:08:57.540149: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:08:57.540151: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:08:57.540152: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:08:57.540154: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:08:57.540155: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:08:57.540157: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:08:57.540158: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:08:57.540160: | 28 00 01 08 00 0e 00 00 52 20 11 c1 cb 04 5f 66 Aug 26 13:08:57.540161: | 83 9e 3d a2 df 35 1a b2 1b 36 3f bb f4 dd 53 fe Aug 26 13:08:57.540163: | 1a 62 fc 5e 95 b0 d9 9c ad cc 41 06 75 26 29 26 Aug 26 13:08:57.540164: | e1 32 f4 5b 04 24 c1 26 18 d2 ca 8f 6a 30 65 bc Aug 26 13:08:57.540166: | 76 22 a7 24 06 9b f3 af f0 68 56 1e 1b 87 fa a4 Aug 26 13:08:57.540167: | dd e5 fd 10 02 62 bb 21 9e 85 d1 c2 e5 af a7 1e Aug 26 13:08:57.540169: | 5f 75 2f 84 45 ca 49 6e 22 7d 18 b7 d5 f0 12 88 Aug 26 13:08:57.540170: | 23 13 52 91 be 5a 63 74 e6 d8 93 a0 d9 0e d8 81 Aug 26 13:08:57.540172: | ab 84 f5 c0 f2 6e c8 c2 56 15 5a 1b e6 5e f4 4a Aug 26 13:08:57.540173: | 08 15 bd 64 b4 41 62 33 f4 e5 11 11 e0 fe c7 7a Aug 26 13:08:57.540175: | 69 bd f0 35 9d 6d bf dc ea 0f 9f d1 5e 63 0b 4d Aug 26 13:08:57.540176: | ee 3c 1a 65 b6 70 72 1c dd 07 a1 dc 57 43 01 66 Aug 26 13:08:57.540178: | d1 33 41 37 7a b1 d7 7a 93 43 cf 35 29 77 28 01 Aug 26 13:08:57.540179: | 96 3f 08 e8 d9 cd d6 f4 d2 a7 4e 48 c8 55 77 db Aug 26 13:08:57.540181: | 4f 59 98 71 0e 1f 8c 80 b1 2e 64 b4 b2 d0 b9 7d Aug 26 13:08:57.540182: | c9 9c b4 9d 2a 25 f9 d0 fe 8a e8 f0 5e 37 ee dd Aug 26 13:08:57.540184: | 77 e2 cf dc 42 eb 8d 24 29 00 00 24 c1 f3 0c c0 Aug 26 13:08:57.540185: | 66 a5 39 33 ae 6c d9 57 33 89 9f 77 d2 5b 74 1f Aug 26 13:08:57.540187: | 5d 13 cf 47 d4 36 78 7e 6a fa e9 1b 29 00 00 08 Aug 26 13:08:57.540188: | 00 00 40 2e 29 00 00 1c 00 00 40 04 fa c8 36 8e Aug 26 13:08:57.540190: | b4 c5 69 c5 74 f0 98 f9 92 60 87 42 85 e4 d6 e1 Aug 26 13:08:57.540191: | 00 00 00 1c 00 00 40 05 3e 98 43 ea 12 46 4b 0b Aug 26 13:08:57.540193: | d0 a4 13 ab 0b 0c ff 97 6c b7 9f 42 Aug 26 13:08:57.540232: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:08:57.540239: | libevent_free: release ptr-libevent@0x55785d056138 Aug 26 13:08:57.540242: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55785d0560c8 Aug 26 13:08:57.540245: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:08:57.540249: | event_schedule: new EVENT_RETRANSMIT-pe@0x55785d0560c8 Aug 26 13:08:57.540252: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:08:57.540255: | libevent_malloc: new ptr-libevent@0x55785d056138 size 128 Aug 26 13:08:57.540260: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10223.282715 Aug 26 13:08:57.540264: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:08:57.540270: | #1 spent 1.17 milliseconds in resume sending helper answer Aug 26 13:08:57.540275: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:08:57.540279: | libevent_free: release ptr-libevent@0x7f41b8002888 Aug 26 13:08:57.542607: | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:57.542630: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:08:57.542633: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.542636: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:08:57.542638: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:08:57.542641: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:08:57.542643: | 04 00 00 0e 28 00 01 08 00 0e 00 00 e8 ff f5 1c Aug 26 13:08:57.542645: | 9f 3e 5e c9 28 a2 f0 d1 e7 59 a7 15 5d ff de 56 Aug 26 13:08:57.542646: | d1 21 b9 21 58 27 0f 76 93 79 14 7b 6d 0d ad e1 Aug 26 13:08:57.542648: | c5 87 bd 49 a7 3d 9e e7 09 93 8d 8e b2 e1 00 78 Aug 26 13:08:57.542649: | 01 c3 7c 5c d2 9f 4c 53 6b d1 36 b2 c7 85 12 91 Aug 26 13:08:57.542650: | 4f b7 bd 05 af cd fc 6b fc 56 7b dd f2 07 8b 5a Aug 26 13:08:57.542652: | 99 96 8e 13 e5 92 da 28 a2 c2 f4 3d f2 d7 db ff Aug 26 13:08:57.542653: | 00 4d ed a1 c7 d9 99 d2 3c 63 5e ee 03 ae a8 3c Aug 26 13:08:57.542655: | e3 1b b5 15 2f f0 a2 06 97 b8 6b f6 be 2f 41 6b Aug 26 13:08:57.542656: | 93 b9 0d e0 83 a1 27 b0 35 32 10 14 1c 31 b7 08 Aug 26 13:08:57.542658: | 5c c7 f4 6a 57 9d 18 57 bb 06 58 d8 91 12 cf ff Aug 26 13:08:57.542659: | 27 9e 84 d2 32 54 14 d2 e4 8b e2 1f b7 cc 90 ef Aug 26 13:08:57.542661: | 7b a2 73 4b 9e 89 6f 03 b6 b8 2c 37 1f 64 17 bc Aug 26 13:08:57.542662: | 48 c7 cc 9c 79 85 8d b5 ba 11 29 32 e0 2b a0 b4 Aug 26 13:08:57.542664: | 85 c1 9b 88 db 3c 5d 76 bf 26 ee 42 ee 55 0b 06 Aug 26 13:08:57.542665: | b6 8c f7 1c e7 81 9b 96 d2 73 91 6f e4 ef fd 69 Aug 26 13:08:57.542667: | 3e c4 b0 a0 32 3b 96 b6 f1 d0 c3 1f 29 00 00 24 Aug 26 13:08:57.542668: | a8 5f 8b 87 67 fc 8c d2 34 b0 08 a1 67 29 e4 0a Aug 26 13:08:57.542669: | 9a d8 a9 5f 75 40 51 3a 2f ab 62 5e a3 5d 06 4d Aug 26 13:08:57.542671: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:08:57.542672: | fe 82 d8 81 e3 31 f3 b1 87 f0 55 58 f2 f4 af 68 Aug 26 13:08:57.542674: | 1f 4a 2a 28 00 00 00 1c 00 00 40 05 c8 07 96 12 Aug 26 13:08:57.542675: | d7 0a 6a 5f 9a b5 d1 f5 d2 3f 44 1a fd 13 2c 7f Aug 26 13:08:57.542678: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:08:57.542681: | **parse ISAKMP Message: Aug 26 13:08:57.542682: | initiator cookie: Aug 26 13:08:57.542684: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.542685: | responder cookie: Aug 26 13:08:57.542687: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.542689: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:08:57.542690: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:57.542692: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:08:57.542696: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:08:57.542697: | Message ID: 0 (0x0) Aug 26 13:08:57.542699: | length: 432 (0x1b0) Aug 26 13:08:57.542701: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:08:57.542703: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:08:57.542705: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:08:57.542710: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:08:57.542713: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:08:57.542714: | #1 is idle Aug 26 13:08:57.542716: | #1 idle Aug 26 13:08:57.542717: | unpacking clear payload Aug 26 13:08:57.542719: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:08:57.542721: | ***parse IKEv2 Security Association Payload: Aug 26 13:08:57.542723: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:08:57.542724: | flags: none (0x0) Aug 26 13:08:57.542726: | length: 40 (0x28) Aug 26 13:08:57.542727: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:08:57.542729: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:08:57.542731: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:08:57.542732: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:08:57.542734: | flags: none (0x0) Aug 26 13:08:57.542735: | length: 264 (0x108) Aug 26 13:08:57.542737: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.542739: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:08:57.542740: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:08:57.542742: | ***parse IKEv2 Nonce Payload: Aug 26 13:08:57.542743: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:08:57.542745: | flags: none (0x0) Aug 26 13:08:57.542746: | length: 36 (0x24) Aug 26 13:08:57.542748: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:08:57.542749: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:08:57.542751: | ***parse IKEv2 Notify Payload: Aug 26 13:08:57.542753: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:08:57.542754: | flags: none (0x0) Aug 26 13:08:57.542756: | length: 8 (0x8) Aug 26 13:08:57.542757: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.542759: | SPI size: 0 (0x0) Aug 26 13:08:57.542761: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:08:57.542762: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:08:57.542764: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:08:57.542765: | ***parse IKEv2 Notify Payload: Aug 26 13:08:57.542767: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:08:57.542768: | flags: none (0x0) Aug 26 13:08:57.542770: | length: 28 (0x1c) Aug 26 13:08:57.542771: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.542773: | SPI size: 0 (0x0) Aug 26 13:08:57.542774: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:08:57.542776: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:08:57.542777: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:08:57.542779: | ***parse IKEv2 Notify Payload: Aug 26 13:08:57.542780: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.542782: | flags: none (0x0) Aug 26 13:08:57.542783: | length: 28 (0x1c) Aug 26 13:08:57.542785: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:57.542786: | SPI size: 0 (0x0) Aug 26 13:08:57.542788: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:08:57.542789: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:08:57.542791: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:08:57.542795: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:08:57.542797: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:08:57.542800: | Now let's proceed with state specific processing Aug 26 13:08:57.542801: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:08:57.542804: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:08:57.542814: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:57.542817: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:08:57.542819: | local proposal 1 type ENCR has 1 transforms Aug 26 13:08:57.542821: | local proposal 1 type PRF has 2 transforms Aug 26 13:08:57.542823: | local proposal 1 type INTEG has 1 transforms Aug 26 13:08:57.542824: | local proposal 1 type DH has 8 transforms Aug 26 13:08:57.542826: | local proposal 1 type ESN has 0 transforms Aug 26 13:08:57.542828: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:08:57.542830: | local proposal 2 type ENCR has 1 transforms Aug 26 13:08:57.542831: | local proposal 2 type PRF has 2 transforms Aug 26 13:08:57.542833: | local proposal 2 type INTEG has 1 transforms Aug 26 13:08:57.542835: | local proposal 2 type DH has 8 transforms Aug 26 13:08:57.542836: | local proposal 2 type ESN has 0 transforms Aug 26 13:08:57.542838: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:08:57.542840: | local proposal 3 type ENCR has 1 transforms Aug 26 13:08:57.542841: | local proposal 3 type PRF has 2 transforms Aug 26 13:08:57.542843: | local proposal 3 type INTEG has 2 transforms Aug 26 13:08:57.542845: | local proposal 3 type DH has 8 transforms Aug 26 13:08:57.542846: | local proposal 3 type ESN has 0 transforms Aug 26 13:08:57.542848: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:08:57.542850: | local proposal 4 type ENCR has 1 transforms Aug 26 13:08:57.542851: | local proposal 4 type PRF has 2 transforms Aug 26 13:08:57.542853: | local proposal 4 type INTEG has 2 transforms Aug 26 13:08:57.542854: | local proposal 4 type DH has 8 transforms Aug 26 13:08:57.542856: | local proposal 4 type ESN has 0 transforms Aug 26 13:08:57.542858: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:08:57.542860: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.542861: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:08:57.542863: | length: 36 (0x24) Aug 26 13:08:57.542865: | prop #: 1 (0x1) Aug 26 13:08:57.542866: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:57.542868: | spi size: 0 (0x0) Aug 26 13:08:57.542869: | # transforms: 3 (0x3) Aug 26 13:08:57.542871: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:08:57.542873: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:08:57.542875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.542877: | length: 12 (0xc) Aug 26 13:08:57.542878: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.542880: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.542882: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.542883: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.542885: | length/value: 256 (0x100) Aug 26 13:08:57.542888: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:08:57.542890: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:08:57.542892: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.542894: | length: 8 (0x8) Aug 26 13:08:57.542895: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:57.542897: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:57.542899: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:08:57.542901: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:08:57.542902: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.542904: | length: 8 (0x8) Aug 26 13:08:57.542905: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:57.542907: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:57.542909: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:08:57.542912: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:08:57.542914: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:08:57.542916: | remote proposal 1 matches local proposal 1 Aug 26 13:08:57.542918: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:08:57.542920: | converting proposal to internal trans attrs Aug 26 13:08:57.542929: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:57.542932: | natd_hash: icookie= 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.542933: | natd_hash: rcookie= 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.542935: | natd_hash: ip= c0 01 02 2d Aug 26 13:08:57.542936: | natd_hash: port=500 Aug 26 13:08:57.542938: | natd_hash: hash= c8 07 96 12 d7 0a 6a 5f 9a b5 d1 f5 d2 3f 44 1a Aug 26 13:08:57.542939: | natd_hash: hash= fd 13 2c 7f Aug 26 13:08:57.542943: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:57.542945: | natd_hash: icookie= 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.542946: | natd_hash: rcookie= 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.542948: | natd_hash: ip= c0 01 02 17 Aug 26 13:08:57.542949: | natd_hash: port=500 Aug 26 13:08:57.542951: | natd_hash: hash= fe 82 d8 81 e3 31 f3 b1 87 f0 55 58 f2 f4 af 68 Aug 26 13:08:57.542952: | natd_hash: hash= 1f 4a 2a 28 Aug 26 13:08:57.542954: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:08:57.542955: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:08:57.542957: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:08:57.542959: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:08:57.542961: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:08:57.542964: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:08:57.542966: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:08:57.542968: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:08:57.542970: | libevent_free: release ptr-libevent@0x55785d056138 Aug 26 13:08:57.542972: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55785d0560c8 Aug 26 13:08:57.542974: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55785d0560c8 Aug 26 13:08:57.542976: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:08:57.542978: | libevent_malloc: new ptr-libevent@0x55785d055ea8 size 128 Aug 26 13:08:57.542985: | #1 spent 0.18 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:08:57.542989: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:57.542991: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:08:57.542993: | suspending state #1 and saving MD Aug 26 13:08:57.542994: | #1 is busy; has a suspended MD Aug 26 13:08:57.542997: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:08:57.543001: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:08:57.543004: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:08:57.543007: | #1 spent 0.389 milliseconds in ikev2_process_packet() Aug 26 13:08:57.543009: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:08:57.543011: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:08:57.543013: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:57.543015: | spent 0.398 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:57.543019: | crypto helper 2 resuming Aug 26 13:08:57.543028: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:08:57.543032: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:08:57.543584: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:08:57.543854: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000822 seconds Aug 26 13:08:57.543860: | (#1) spent 0.825 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:08:57.543862: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:08:57.543864: | scheduling resume sending helper answer for #1 Aug 26 13:08:57.543867: | libevent_malloc: new ptr-libevent@0x7f41b0000f48 size 128 Aug 26 13:08:57.543873: | crypto helper 2 waiting (nothing to do) Aug 26 13:08:57.543907: | processing resume sending helper answer for #1 Aug 26 13:08:57.543916: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:08:57.543919: | crypto helper 2 replies to request ID 2 Aug 26 13:08:57.543921: | calling continuation function 0x55785bedcb50 Aug 26 13:08:57.543923: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:08:57.543929: | creating state object #2 at 0x55785d058d48 Aug 26 13:08:57.543931: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:08:57.543934: | pstats #2 ikev2.child started Aug 26 13:08:57.543936: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:08:57.543940: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:08:57.543944: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:08:57.543947: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:08:57.543950: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:08:57.543952: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:08:57.543954: | libevent_free: release ptr-libevent@0x55785d055ea8 Aug 26 13:08:57.543956: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55785d0560c8 Aug 26 13:08:57.543958: | event_schedule: new EVENT_SA_REPLACE-pe@0x55785d0560c8 Aug 26 13:08:57.543961: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:08:57.543962: | libevent_malloc: new ptr-libevent@0x55785d055ea8 size 128 Aug 26 13:08:57.543965: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:08:57.543969: | **emit ISAKMP Message: Aug 26 13:08:57.543971: | initiator cookie: Aug 26 13:08:57.543973: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.543975: | responder cookie: Aug 26 13:08:57.543976: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.543978: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:57.543980: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:57.543985: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:08:57.543987: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:08:57.543989: | Message ID: 1 (0x1) Aug 26 13:08:57.543991: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:57.543993: | ***emit IKEv2 Encryption Payload: Aug 26 13:08:57.543995: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.543996: | flags: none (0x0) Aug 26 13:08:57.543998: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:08:57.544000: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544003: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:08:57.544008: | IKEv2 CERT: send a certificate? Aug 26 13:08:57.544010: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:08:57.544012: | IDr payload will be sent Aug 26 13:08:57.544022: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:08:57.544024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.544026: | flags: none (0x0) Aug 26 13:08:57.544028: | ID type: ID_FQDN (0x2) Aug 26 13:08:57.544030: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:08:57.544032: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544034: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:08:57.544036: | my identity 77 65 73 74 Aug 26 13:08:57.544038: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:08:57.544043: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:08:57.544045: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:08:57.544047: | flags: none (0x0) Aug 26 13:08:57.544049: | ID type: ID_FQDN (0x2) Aug 26 13:08:57.544051: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:08:57.544053: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:08:57.544055: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544057: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:08:57.544058: | IDr 65 61 73 74 Aug 26 13:08:57.544060: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:08:57.544061: | not sending INITIAL_CONTACT Aug 26 13:08:57.544063: | ****emit IKEv2 Authentication Payload: Aug 26 13:08:57.544065: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.544067: | flags: none (0x0) Aug 26 13:08:57.544068: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:08:57.544071: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:08:57.544072: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544075: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:08:57.544078: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:08:57.544080: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:08:57.544082: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:08:57.544084: | 1: compared key @east to @west / @east -> 004 Aug 26 13:08:57.544086: | 2: compared key @west to @west / @east -> 014 Aug 26 13:08:57.544088: | line 1: match=014 Aug 26 13:08:57.544091: | match 014 beats previous best_match 000 match=0x55785cfacc48 (line=1) Aug 26 13:08:57.544093: | concluding with best_match=014 best=0x55785cfacc48 (lineno=1) Aug 26 13:08:57.544132: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:08:57.544135: | PSK auth 74 07 f4 fc ef 11 0a 78 38 cf 5a 52 6a d8 05 a5 Aug 26 13:08:57.544137: | PSK auth 57 f8 38 9d c6 d7 49 e0 4e 55 43 83 7a 10 d9 64 Aug 26 13:08:57.544138: | PSK auth 60 2c a5 06 fd 25 5c 28 08 23 c3 40 cd 1a 11 4c Aug 26 13:08:57.544140: | PSK auth 32 e1 fc 73 40 89 bb 8b 6d c6 e8 82 c5 d8 f9 a8 Aug 26 13:08:57.544141: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:08:57.544143: | getting first pending from state #1 Aug 26 13:08:57.544437: | netlink_get_spi: allocated 0x30f1bd82 for esp.0@192.1.2.45 Aug 26 13:08:57.544445: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:08:57.544452: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:08:57.544457: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:08:57.544460: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:08:57.544464: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:08:57.544467: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:08:57.544471: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:08:57.544474: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:08:57.544478: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:08:57.544485: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:08:57.544494: | Emitting ikev2_proposals ... Aug 26 13:08:57.544497: | ****emit IKEv2 Security Association Payload: Aug 26 13:08:57.544500: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.544502: | flags: none (0x0) Aug 26 13:08:57.544505: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:08:57.544508: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544528: | discarding INTEG=NONE Aug 26 13:08:57.544530: | discarding DH=NONE Aug 26 13:08:57.544532: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.544535: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544537: | prop #: 1 (0x1) Aug 26 13:08:57.544540: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:08:57.544542: | spi size: 4 (0x4) Aug 26 13:08:57.544545: | # transforms: 2 (0x2) Aug 26 13:08:57.544548: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.544551: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:08:57.544554: | our spi 30 f1 bd 82 Aug 26 13:08:57.544556: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544561: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.544564: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.544566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544572: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.544575: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.544577: | length/value: 256 (0x100) Aug 26 13:08:57.544580: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.544583: | discarding INTEG=NONE Aug 26 13:08:57.544585: | discarding DH=NONE Aug 26 13:08:57.544588: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544589: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.544591: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:08:57.544593: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:08:57.544595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544600: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:08:57.544602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.544604: | discarding INTEG=NONE Aug 26 13:08:57.544605: | discarding DH=NONE Aug 26 13:08:57.544607: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.544609: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544610: | prop #: 2 (0x2) Aug 26 13:08:57.544612: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:08:57.544614: | spi size: 4 (0x4) Aug 26 13:08:57.544615: | # transforms: 2 (0x2) Aug 26 13:08:57.544617: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544619: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.544621: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:08:57.544623: | our spi 30 f1 bd 82 Aug 26 13:08:57.544624: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544628: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.544629: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.544631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544633: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.544635: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.544636: | length/value: 128 (0x80) Aug 26 13:08:57.544638: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.544640: | discarding INTEG=NONE Aug 26 13:08:57.544641: | discarding DH=NONE Aug 26 13:08:57.544643: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544644: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.544646: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:08:57.544647: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:08:57.544649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544655: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:08:57.544656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.544658: | discarding DH=NONE Aug 26 13:08:57.544660: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.544663: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544665: | prop #: 3 (0x3) Aug 26 13:08:57.544666: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:08:57.544668: | spi size: 4 (0x4) Aug 26 13:08:57.544669: | # transforms: 4 (0x4) Aug 26 13:08:57.544671: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544673: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.544675: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:08:57.544677: | our spi 30 f1 bd 82 Aug 26 13:08:57.544678: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544682: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.544683: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:57.544685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544687: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.544688: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.544690: | length/value: 256 (0x100) Aug 26 13:08:57.544692: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.544693: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544697: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.544698: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:57.544700: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544704: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544705: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544709: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.544710: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:57.544712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544716: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544717: | discarding DH=NONE Aug 26 13:08:57.544719: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544720: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.544722: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:08:57.544724: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:08:57.544725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544729: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544731: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:08:57.544733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.544734: | discarding DH=NONE Aug 26 13:08:57.544736: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.544737: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:08:57.544740: | prop #: 4 (0x4) Aug 26 13:08:57.544741: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:08:57.544743: | spi size: 4 (0x4) Aug 26 13:08:57.544745: | # transforms: 4 (0x4) Aug 26 13:08:57.544747: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:57.544748: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:57.544750: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:08:57.544752: | our spi 30 f1 bd 82 Aug 26 13:08:57.544753: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544757: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.544758: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:57.544760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544762: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.544763: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.544765: | length/value: 128 (0x80) Aug 26 13:08:57.544767: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:57.544768: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544772: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.544773: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:57.544775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544779: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544780: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544783: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:57.544785: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:57.544788: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544794: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544796: | discarding DH=NONE Aug 26 13:08:57.544799: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:08:57.544802: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.544804: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:08:57.544807: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:08:57.544811: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.544814: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:57.544817: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:57.544820: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:08:57.544823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:57.544826: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:08:57.544829: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:08:57.544832: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:08:57.544838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.544841: | flags: none (0x0) Aug 26 13:08:57.544857: | number of TS: 1 (0x1) Aug 26 13:08:57.544860: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:08:57.544863: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544866: | *****emit IKEv2 Traffic Selector: Aug 26 13:08:57.544869: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:08:57.544871: | IP Protocol ID: 0 (0x0) Aug 26 13:08:57.544873: | start port: 0 (0x0) Aug 26 13:08:57.544876: | end port: 65535 (0xffff) Aug 26 13:08:57.544879: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:08:57.544881: | ipv4 start c0 00 01 00 Aug 26 13:08:57.544884: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:08:57.544886: | ipv4 end c0 00 01 ff Aug 26 13:08:57.544889: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:08:57.544891: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:08:57.544894: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:08:57.544896: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.544898: | flags: none (0x0) Aug 26 13:08:57.544901: | number of TS: 1 (0x1) Aug 26 13:08:57.544904: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:08:57.544906: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:08:57.544909: | *****emit IKEv2 Traffic Selector: Aug 26 13:08:57.544911: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:08:57.544914: | IP Protocol ID: 0 (0x0) Aug 26 13:08:57.544916: | start port: 0 (0x0) Aug 26 13:08:57.544918: | end port: 65535 (0xffff) Aug 26 13:08:57.544921: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:08:57.544924: | ipv4 start c0 00 02 00 Aug 26 13:08:57.544926: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:08:57.544928: | ipv4 end c0 00 02 ff Aug 26 13:08:57.544931: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:08:57.544933: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:08:57.544935: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:08:57.544938: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:08:57.544940: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:08:57.544944: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:08:57.544947: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:08:57.544950: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:08:57.544952: | emitting length of ISAKMP Message: 365 Aug 26 13:08:57.544966: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:57.544972: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:57.544976: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:08:57.544979: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:08:57.544982: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:08:57.544985: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:08:57.544990: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:08:57.544997: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:08:57.545002: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:08:57.545012: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:08:57.545018: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:08:57.545021: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.545023: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:08:57.545026: | f5 e2 4d 0b 5e 56 26 dc 64 0f 0a 91 b9 29 95 c8 Aug 26 13:08:57.545028: | b5 cf 3b ff cb 1b f9 fd b9 9d 86 f4 a1 e4 1b bb Aug 26 13:08:57.545031: | 4c 13 95 bd c8 2d a0 1a 40 6e eb ff c5 6e 62 bb Aug 26 13:08:57.545033: | 24 d3 c2 43 03 45 c5 03 58 3c 16 4c 5b e6 1d 17 Aug 26 13:08:57.545036: | df 14 0f 70 88 9f 7f 44 20 f8 87 9d 5a 3e a5 0d Aug 26 13:08:57.545038: | 26 7a 42 70 b9 f4 ab 8a 6a 55 3f c1 7b c9 6e 65 Aug 26 13:08:57.545040: | c7 e9 81 c8 cd 74 b9 ee 12 e7 11 bf e1 03 68 a0 Aug 26 13:08:57.545059: | 58 a0 4c 80 8f cb 29 2a fa 2a 2a 73 3f fd c7 a3 Aug 26 13:08:57.545062: | 40 23 cf 8c 63 19 8b 1c 8b c4 c5 d3 30 e0 2f fe Aug 26 13:08:57.545064: | e6 8d f2 21 7f 21 64 df a9 ee 6f cb 94 81 a3 b1 Aug 26 13:08:57.545066: | 0b 61 52 21 df 59 85 d2 f5 e1 8d 25 ff 83 3d 55 Aug 26 13:08:57.545081: | b9 30 70 df 12 36 3b 44 30 04 5d 28 57 9d b4 f0 Aug 26 13:08:57.545084: | be 98 c7 7a b0 74 5f 52 30 7c b0 6f ce 87 7b d5 Aug 26 13:08:57.545086: | d7 2b b6 87 1b 01 58 47 64 34 69 3a f1 4c ba f3 Aug 26 13:08:57.545089: | 8b dd 1f ae ae 1a e2 ad e5 01 4f 56 58 7c 43 8c Aug 26 13:08:57.545104: | 11 19 dd 8a ad 84 ba 48 ea 14 11 2e 9c 66 db 9e Aug 26 13:08:57.545106: | 1e ce ec 83 00 62 fb 7d f1 71 28 4c c1 a9 ed d9 Aug 26 13:08:57.545109: | da 57 49 f6 2c 65 0e be cd 0c 01 d8 db d8 48 f3 Aug 26 13:08:57.545123: | 86 15 82 14 e7 12 d8 07 10 6a 9d 13 5d fd ce f7 Aug 26 13:08:57.545126: | b4 78 ae eb 45 d4 bc 42 85 98 46 1d 0d 06 05 e1 Aug 26 13:08:57.545128: | 4e a9 02 5d f6 f1 5b 33 02 c1 44 d1 6d Aug 26 13:08:57.545154: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:08:57.545173: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f41b8002b78 Aug 26 13:08:57.545177: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:08:57.545181: | libevent_malloc: new ptr-libevent@0x55785d059a18 size 128 Aug 26 13:08:57.545186: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10223.287639 Aug 26 13:08:57.545191: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:08:57.545197: | #1 spent 1.26 milliseconds in resume sending helper answer Aug 26 13:08:57.545202: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:08:57.545206: | libevent_free: release ptr-libevent@0x7f41b0000f48 Aug 26 13:08:57.576935: | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:57.576953: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:08:57.576956: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.576958: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:08:57.576960: | 2c 37 8a cf f9 15 f7 16 a7 5c ed ff 8b b5 3e ac Aug 26 13:08:57.576961: | 8f d9 57 26 74 ab 32 ae 3a c3 d2 1c e0 42 b3 1e Aug 26 13:08:57.576963: | 06 de af d3 b0 93 ad 8b 8d 4f 7e 10 3a 37 14 45 Aug 26 13:08:57.576964: | ba bf 1c 13 79 3e c8 d7 9a 41 d4 1f 1c 25 44 87 Aug 26 13:08:57.576969: | ce 18 5e 4e e4 5f fb 8a 53 02 0f fa 6d 2a ce 64 Aug 26 13:08:57.576970: | 7c c6 c5 a6 31 a2 24 43 af c8 61 7d f5 8b c4 66 Aug 26 13:08:57.576972: | c2 c8 ad 6a ee a8 3d f9 76 41 3a 99 9d 43 3b ca Aug 26 13:08:57.576973: | 1b 18 6e 29 fe 23 99 02 23 76 b6 b6 c8 93 d7 2a Aug 26 13:08:57.576975: | ca 58 39 ee cf 7e ab 28 70 f2 de c5 7d a3 87 82 Aug 26 13:08:57.576976: | 51 9e c0 12 6a b3 4d 8d 3d 34 31 da fc c0 79 be Aug 26 13:08:57.576978: | fc b3 6c db b3 4c a4 77 ed aa cb 44 ba 5a 1e 5e Aug 26 13:08:57.576979: | 2a 75 52 40 4e cb f3 ae 48 ed ea d4 43 6c 54 89 Aug 26 13:08:57.576981: | f4 Aug 26 13:08:57.576984: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:08:57.576987: | **parse ISAKMP Message: Aug 26 13:08:57.576989: | initiator cookie: Aug 26 13:08:57.576990: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:57.576992: | responder cookie: Aug 26 13:08:57.576994: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:57.576996: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:08:57.576998: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:57.576999: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:08:57.577001: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:08:57.577003: | Message ID: 1 (0x1) Aug 26 13:08:57.577004: | length: 225 (0xe1) Aug 26 13:08:57.577006: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:08:57.577009: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:08:57.577012: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:08:57.577016: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:08:57.577018: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:08:57.577021: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:08:57.577024: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:08:57.577026: | #2 is idle Aug 26 13:08:57.577028: | #2 idle Aug 26 13:08:57.577029: | unpacking clear payload Aug 26 13:08:57.577031: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:08:57.577033: | ***parse IKEv2 Encryption Payload: Aug 26 13:08:57.577035: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:08:57.577037: | flags: none (0x0) Aug 26 13:08:57.577038: | length: 197 (0xc5) Aug 26 13:08:57.577040: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:08:57.577042: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:08:57.577053: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:08:57.577056: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:08:57.577058: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:08:57.577060: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:08:57.577061: | flags: none (0x0) Aug 26 13:08:57.577063: | length: 12 (0xc) Aug 26 13:08:57.577065: | ID type: ID_FQDN (0x2) Aug 26 13:08:57.577066: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:08:57.577068: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:08:57.577070: | **parse IKEv2 Authentication Payload: Aug 26 13:08:57.577072: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:08:57.577073: | flags: none (0x0) Aug 26 13:08:57.577075: | length: 72 (0x48) Aug 26 13:08:57.577077: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:08:57.577078: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:08:57.577080: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:08:57.577082: | **parse IKEv2 Security Association Payload: Aug 26 13:08:57.577084: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:08:57.577085: | flags: none (0x0) Aug 26 13:08:57.577087: | length: 36 (0x24) Aug 26 13:08:57.577090: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:08:57.577091: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:08:57.577093: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:08:57.577095: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:08:57.577097: | flags: none (0x0) Aug 26 13:08:57.577098: | length: 24 (0x18) Aug 26 13:08:57.577100: | number of TS: 1 (0x1) Aug 26 13:08:57.577102: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:08:57.577103: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:08:57.577105: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:08:57.577107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:57.577108: | flags: none (0x0) Aug 26 13:08:57.577110: | length: 24 (0x18) Aug 26 13:08:57.577111: | number of TS: 1 (0x1) Aug 26 13:08:57.577113: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:08:57.577115: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:08:57.577117: | Now let's proceed with state specific processing Aug 26 13:08:57.577118: | calling processor Initiator: process IKE_AUTH response Aug 26 13:08:57.577123: | offered CA: '%none' Aug 26 13:08:57.577125: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:08:57.577153: | verifying AUTH payload Aug 26 13:08:57.577157: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:08:57.577160: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:08:57.577162: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:08:57.577164: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:08:57.577166: | 1: compared key @east to @west / @east -> 004 Aug 26 13:08:57.577169: | 2: compared key @west to @west / @east -> 014 Aug 26 13:08:57.577172: | line 1: match=014 Aug 26 13:08:57.577175: | match 014 beats previous best_match 000 match=0x55785cfacc48 (line=1) Aug 26 13:08:57.577178: | concluding with best_match=014 best=0x55785cfacc48 (lineno=1) Aug 26 13:08:57.577218: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 13:08:57.577224: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:08:57.577228: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:08:57.577231: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:08:57.577234: | libevent_free: release ptr-libevent@0x55785d055ea8 Aug 26 13:08:57.577236: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55785d0560c8 Aug 26 13:08:57.577238: | event_schedule: new EVENT_SA_REKEY-pe@0x55785d0560c8 Aug 26 13:08:57.577240: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:08:57.577242: | libevent_malloc: new ptr-libevent@0x7f41b0000f48 size 128 Aug 26 13:08:57.577325: | pstats #1 ikev2.ike established Aug 26 13:08:57.577333: | TSi: parsing 1 traffic selectors Aug 26 13:08:57.577335: | ***parse IKEv2 Traffic Selector: Aug 26 13:08:57.577337: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:08:57.577339: | IP Protocol ID: 0 (0x0) Aug 26 13:08:57.577340: | length: 16 (0x10) Aug 26 13:08:57.577342: | start port: 0 (0x0) Aug 26 13:08:57.577343: | end port: 65535 (0xffff) Aug 26 13:08:57.577345: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:08:57.577347: | TS low c0 00 01 00 Aug 26 13:08:57.577349: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:08:57.577350: | TS high c0 00 01 ff Aug 26 13:08:57.577365: | TSi: parsed 1 traffic selectors Aug 26 13:08:57.577367: | TSr: parsing 1 traffic selectors Aug 26 13:08:57.577368: | ***parse IKEv2 Traffic Selector: Aug 26 13:08:57.577370: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:08:57.577371: | IP Protocol ID: 0 (0x0) Aug 26 13:08:57.577373: | length: 16 (0x10) Aug 26 13:08:57.577374: | start port: 0 (0x0) Aug 26 13:08:57.577376: | end port: 65535 (0xffff) Aug 26 13:08:57.577379: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:08:57.577381: | TS low c0 00 02 00 Aug 26 13:08:57.577382: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:08:57.577384: | TS high c0 00 02 ff Aug 26 13:08:57.577385: | TSr: parsed 1 traffic selectors Aug 26 13:08:57.577389: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:08:57.577392: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:08:57.577397: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:08:57.577399: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:08:57.577401: | TSi[0] port match: YES fitness 65536 Aug 26 13:08:57.577402: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:08:57.577404: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:08:57.577407: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:08:57.577410: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:08:57.577412: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:08:57.577414: | TSr[0] port match: YES fitness 65536 Aug 26 13:08:57.577415: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:08:57.577417: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:08:57.577419: | best fit so far: TSi[0] TSr[0] Aug 26 13:08:57.577420: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:08:57.577422: | printing contents struct traffic_selector Aug 26 13:08:57.577423: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:08:57.577425: | ipprotoid: 0 Aug 26 13:08:57.577426: | port range: 0-65535 Aug 26 13:08:57.577429: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:08:57.577430: | printing contents struct traffic_selector Aug 26 13:08:57.577432: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:08:57.577433: | ipprotoid: 0 Aug 26 13:08:57.577434: | port range: 0-65535 Aug 26 13:08:57.577437: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:08:57.577445: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:08:57.577448: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:08:57.577450: | local proposal 1 type ENCR has 1 transforms Aug 26 13:08:57.577452: | local proposal 1 type PRF has 0 transforms Aug 26 13:08:57.577454: | local proposal 1 type INTEG has 1 transforms Aug 26 13:08:57.577455: | local proposal 1 type DH has 1 transforms Aug 26 13:08:57.577457: | local proposal 1 type ESN has 1 transforms Aug 26 13:08:57.577459: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:08:57.577461: | local proposal 2 type ENCR has 1 transforms Aug 26 13:08:57.577463: | local proposal 2 type PRF has 0 transforms Aug 26 13:08:57.577464: | local proposal 2 type INTEG has 1 transforms Aug 26 13:08:57.577466: | local proposal 2 type DH has 1 transforms Aug 26 13:08:57.577467: | local proposal 2 type ESN has 1 transforms Aug 26 13:08:57.577469: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:08:57.577471: | local proposal 3 type ENCR has 1 transforms Aug 26 13:08:57.577472: | local proposal 3 type PRF has 0 transforms Aug 26 13:08:57.577474: | local proposal 3 type INTEG has 2 transforms Aug 26 13:08:57.577476: | local proposal 3 type DH has 1 transforms Aug 26 13:08:57.577477: | local proposal 3 type ESN has 1 transforms Aug 26 13:08:57.577479: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:08:57.577482: | local proposal 4 type ENCR has 1 transforms Aug 26 13:08:57.577483: | local proposal 4 type PRF has 0 transforms Aug 26 13:08:57.577485: | local proposal 4 type INTEG has 2 transforms Aug 26 13:08:57.577486: | local proposal 4 type DH has 1 transforms Aug 26 13:08:57.577488: | local proposal 4 type ESN has 1 transforms Aug 26 13:08:57.577490: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:08:57.577492: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:08:57.577494: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:08:57.577496: | length: 32 (0x20) Aug 26 13:08:57.577497: | prop #: 1 (0x1) Aug 26 13:08:57.577499: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:08:57.577500: | spi size: 4 (0x4) Aug 26 13:08:57.577502: | # transforms: 2 (0x2) Aug 26 13:08:57.577504: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:08:57.577506: | remote SPI ef c8 c2 73 Aug 26 13:08:57.577508: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:08:57.577510: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:08:57.577511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:57.577513: | length: 12 (0xc) Aug 26 13:08:57.577515: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:57.577516: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:57.577518: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:08:57.577520: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:57.577522: | length/value: 256 (0x100) Aug 26 13:08:57.577524: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:08:57.577526: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:08:57.577528: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:57.577529: | length: 8 (0x8) Aug 26 13:08:57.577531: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:08:57.577533: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:08:57.577535: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:08:57.577537: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:08:57.577540: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:08:57.577542: | remote proposal 1 matches local proposal 1 Aug 26 13:08:57.577543: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:08:57.577547: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=efc8c273;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:08:57.577548: | converting proposal to internal trans attrs Aug 26 13:08:57.577553: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:08:57.577653: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:08:57.577657: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:08:57.577659: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:08:57.577661: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:08:57.577663: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:08:57.577666: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:08:57.577668: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:08:57.577670: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:08:57.577672: | AES_GCM_16 requires 4 salt bytes Aug 26 13:08:57.577674: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:08:57.577677: | setting IPsec SA replay-window to 32 Aug 26 13:08:57.577679: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:08:57.577683: | netlink: enabling tunnel mode Aug 26 13:08:57.577685: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:08:57.577687: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:08:57.577747: | netlink response for Add SA esp.efc8c273@192.1.2.23 included non-error error Aug 26 13:08:57.577751: | set up outgoing SA, ref=0/0 Aug 26 13:08:57.577753: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:08:57.577755: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:08:57.577756: | AES_GCM_16 requires 4 salt bytes Aug 26 13:08:57.577758: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:08:57.577760: | setting IPsec SA replay-window to 32 Aug 26 13:08:57.577762: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:08:57.577764: | netlink: enabling tunnel mode Aug 26 13:08:57.577766: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:08:57.577767: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:08:57.577793: | netlink response for Add SA esp.30f1bd82@192.1.2.45 included non-error error Aug 26 13:08:57.577798: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:08:57.577802: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:08:57.577805: | IPsec Sa SPD priority set to 1042407 Aug 26 13:08:57.577823: | raw_eroute result=success Aug 26 13:08:57.577827: | set up incoming SA, ref=0/0 Aug 26 13:08:57.577828: | sr for #2: unrouted Aug 26 13:08:57.577830: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:08:57.577832: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:08:57.577834: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:08:57.577836: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:08:57.577838: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:08:57.577840: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:08:57.577843: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:08:57.577847: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:08:57.577849: | IPsec Sa SPD priority set to 1042407 Aug 26 13:08:57.577857: | raw_eroute result=success Aug 26 13:08:57.577861: | running updown command "ipsec _updown" for verb up Aug 26 13:08:57.577863: | command executing up-client Aug 26 13:08:57.577879: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:08:57.577882: | popen cmd is 1049 chars long Aug 26 13:08:57.577884: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:08:57.577885: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 13:08:57.577889: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 13:08:57.577890: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 13:08:57.577892: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 13:08:57.577894: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:08:57.577895: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:08:57.577897: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 13:08:57.577898: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:08:57.577900: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:08:57.577902: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:08:57.577903: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:08:57.577905: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xefc8c273 SPI_OUT=0x30f1bd82 ipsec _up: Aug 26 13:08:57.577907: | cmd(1040):down 2>&1: Aug 26 13:08:57.584888: | route_and_eroute: firewall_notified: true Aug 26 13:08:57.584900: | running updown command "ipsec _updown" for verb prepare Aug 26 13:08:57.584903: | command executing prepare-client Aug 26 13:08:57.584923: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 13:08:57.584926: | popen cmd is 1054 chars long Aug 26 13:08:57.584928: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:08:57.584930: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:08:57.584932: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:08:57.584933: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:08:57.584935: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 13:08:57.584937: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:08:57.584938: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:08:57.584940: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:08:57.584942: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:08:57.584943: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:08:57.584945: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:08:57.584946: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:08:57.584950: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xefc8c273 SPI_OUT=0x30f1bd82 ipse: Aug 26 13:08:57.584952: | cmd(1040):c _updown 2>&1: Aug 26 13:08:57.591861: | running updown command "ipsec _updown" for verb route Aug 26 13:08:57.591874: | command executing route-client Aug 26 13:08:57.591894: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Aug 26 13:08:57.591898: | popen cmd is 1052 chars long Aug 26 13:08:57.591900: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:08:57.591901: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 13:08:57.591903: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 13:08:57.591905: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 13:08:57.591906: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Aug 26 13:08:57.591908: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:08:57.591910: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:08:57.591911: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:08:57.591913: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 13:08:57.591915: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:08:57.591916: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:08:57.591918: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:08:57.591919: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xefc8c273 SPI_OUT=0x30f1bd82 ipsec : Aug 26 13:08:57.591921: | cmd(1040):_updown 2>&1: Aug 26 13:08:57.601075: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55785d051d38,sr=0x55785d051d38} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:08:57.601157: | #1 spent 1.27 milliseconds in install_ipsec_sa() Aug 26 13:08:57.601164: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:08:57.601167: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:08:57.601170: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:08:57.601179: | libevent_free: release ptr-libevent@0x55785d059a18 Aug 26 13:08:57.601185: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f41b8002b78 Aug 26 13:08:57.601189: | #2 spent 1.82 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:08:57.601196: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:57.601199: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:08:57.601204: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:08:57.601207: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:08:57.601209: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:08:57.601212: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:08:57.601215: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:08:57.601218: | pstats #2 ikev2.child established Aug 26 13:08:57.601224: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:08:57.601232: | NAT-T: encaps is 'auto' Aug 26 13:08:57.601236: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xefc8c273 <0x30f1bd82 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:08:57.601239: | releasing whack for #2 (sock=fd@25) Aug 26 13:08:57.601242: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:08:57.601243: | releasing whack and unpending for parent #1 Aug 26 13:08:57.601245: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:08:57.601250: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:08:57.601254: | removing pending policy for no connection {0x55785d039478} Aug 26 13:08:57.601276: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:08:57.601281: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:08:57.601284: | event_schedule: new EVENT_SA_REKEY-pe@0x7f41b8002b78 Aug 26 13:08:57.601292: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:08:57.601298: | libevent_malloc: new ptr-libevent@0x55785d058178 size 128 Aug 26 13:08:57.601305: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:08:57.601310: | #1 spent 2.11 milliseconds in ikev2_process_packet() Aug 26 13:08:57.601314: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:08:57.601332: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:08:57.601335: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:57.601339: | spent 2.14 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:57.601352: | processing signal PLUTO_SIGCHLD Aug 26 13:08:57.601357: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:57.601362: | spent 0.00507 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:57.601364: | processing signal PLUTO_SIGCHLD Aug 26 13:08:57.601371: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:57.601374: | spent 0.00659 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:57.601377: | processing signal PLUTO_SIGCHLD Aug 26 13:08:57.601395: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:57.601398: | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:58.757603: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:58.757623: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:08:58.757626: | FOR_EACH_STATE_... in sort_states Aug 26 13:08:58.757632: | get_sa_info esp.30f1bd82@192.1.2.45 Aug 26 13:08:58.757646: | get_sa_info esp.efc8c273@192.1.2.23 Aug 26 13:08:58.757661: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:58.757667: | spent 0.0753 milliseconds in whack Aug 26 13:08:59.681059: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:08:59.681276: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:59.681286: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:08:59.681354: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:08:59.681358: | FOR_EACH_STATE_... in sort_states Aug 26 13:08:59.681369: | get_sa_info esp.30f1bd82@192.1.2.45 Aug 26 13:08:59.681386: | get_sa_info esp.efc8c273@192.1.2.23 Aug 26 13:08:59.681405: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:08:59.681415: | spent 0.372 milliseconds in whack Aug 26 13:08:59.953395: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:59.953415: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:08:59.953419: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.953421: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:08:59.953422: | a2 7b f5 cd 66 7b 39 8b 2a c2 7f 1e e5 57 10 cc Aug 26 13:08:59.953424: | b0 da 6e a0 45 cb 1a 41 18 d1 38 68 f6 87 58 27 Aug 26 13:08:59.953425: | 92 5d 34 f9 61 Aug 26 13:08:59.953428: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:08:59.953431: | **parse ISAKMP Message: Aug 26 13:08:59.953433: | initiator cookie: Aug 26 13:08:59.953435: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:59.953436: | responder cookie: Aug 26 13:08:59.953438: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.953440: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:08:59.953442: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:59.953443: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:08:59.953446: | flags: none (0x0) Aug 26 13:08:59.953448: | Message ID: 0 (0x0) Aug 26 13:08:59.953450: | length: 69 (0x45) Aug 26 13:08:59.953452: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:08:59.953454: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:08:59.953457: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:08:59.953464: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:08:59.953468: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:08:59.953471: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:08:59.953473: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:08:59.953476: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:08:59.953478: | unpacking clear payload Aug 26 13:08:59.953480: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:08:59.953482: | ***parse IKEv2 Encryption Payload: Aug 26 13:08:59.953483: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:08:59.953485: | flags: none (0x0) Aug 26 13:08:59.953487: | length: 41 (0x29) Aug 26 13:08:59.953488: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:08:59.953491: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:08:59.953493: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:08:59.953514: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:08:59.953516: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:08:59.953518: | **parse IKEv2 Delete Payload: Aug 26 13:08:59.953520: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.953522: | flags: none (0x0) Aug 26 13:08:59.953523: | length: 12 (0xc) Aug 26 13:08:59.953525: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:08:59.953526: | SPI size: 4 (0x4) Aug 26 13:08:59.953528: | number of SPIs: 1 (0x1) Aug 26 13:08:59.953530: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:08:59.953531: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:08:59.953533: | Now let's proceed with state specific processing Aug 26 13:08:59.953536: | calling processor I3: INFORMATIONAL Request Aug 26 13:08:59.953539: | an informational request should send a response Aug 26 13:08:59.953559: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:08:59.953561: | **emit ISAKMP Message: Aug 26 13:08:59.953563: | initiator cookie: Aug 26 13:08:59.953565: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:59.953566: | responder cookie: Aug 26 13:08:59.953568: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.953569: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:59.953571: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:59.953573: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:08:59.953575: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:08:59.953577: | Message ID: 0 (0x0) Aug 26 13:08:59.953579: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:59.953581: | ***emit IKEv2 Encryption Payload: Aug 26 13:08:59.953582: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.953584: | flags: none (0x0) Aug 26 13:08:59.953586: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:08:59.953588: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:08:59.953590: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:08:59.953599: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:08:59.953601: | SPI ef c8 c2 73 Aug 26 13:08:59.953602: | delete PROTO_v2_ESP SA(0xefc8c273) Aug 26 13:08:59.953605: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:08:59.953607: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:08:59.953608: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xefc8c273) Aug 26 13:08:59.953611: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:08:59.953613: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:08:59.953616: | libevent_free: release ptr-libevent@0x55785d058178 Aug 26 13:08:59.953618: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f41b8002b78 Aug 26 13:08:59.953620: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f41b8002b78 Aug 26 13:08:59.953623: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:08:59.953625: | libevent_malloc: new ptr-libevent@0x55785d059a18 size 128 Aug 26 13:08:59.953627: | ****emit IKEv2 Delete Payload: Aug 26 13:08:59.953629: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.953631: | flags: none (0x0) Aug 26 13:08:59.953632: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:08:59.953634: | SPI size: 4 (0x4) Aug 26 13:08:59.953636: | number of SPIs: 1 (0x1) Aug 26 13:08:59.953638: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:08:59.953640: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:08:59.953642: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:08:59.953644: | local SPIs 30 f1 bd 82 Aug 26 13:08:59.953645: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:08:59.953647: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:08:59.953649: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:08:59.953651: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:08:59.953653: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:08:59.953655: | emitting length of ISAKMP Message: 69 Aug 26 13:08:59.953672: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:08:59.953678: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.953681: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:08:59.953683: | ea d8 6a d4 ac 83 43 26 f3 f4 33 7f 74 14 71 f0 Aug 26 13:08:59.953686: | f7 87 0d e3 99 24 64 c7 36 eb be e9 70 e5 f3 0a Aug 26 13:08:59.953688: | ed 96 1f c6 79 Aug 26 13:08:59.953714: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:08:59.953723: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:08:59.953730: | #1 spent 0.179 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:08:59.953736: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:59.953740: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:08:59.953743: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:08:59.953748: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:08:59.953752: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:08:59.953755: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:08:59.953760: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:08:59.953765: | #1 spent 0.348 milliseconds in ikev2_process_packet() Aug 26 13:08:59.953769: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:08:59.953773: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:08:59.953776: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:59.953780: | spent 0.363 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:59.953787: | timer_event_cb: processing event@0x7f41b8002b78 Aug 26 13:08:59.953791: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:08:59.953796: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:08:59.953800: | picked newest_ipsec_sa #2 for #2 Aug 26 13:08:59.953803: | replacing stale CHILD SA Aug 26 13:08:59.953808: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:08:59.953811: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:08:59.953815: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:08:59.953819: | creating state object #3 at 0x55785d05e208 Aug 26 13:08:59.953822: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:08:59.953833: | pstats #3 ikev2.child started Aug 26 13:08:59.953837: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 13:08:59.953841: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:08:59.953849: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:08:59.953852: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:08:59.953854: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:08:59.953857: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:08:59.953861: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:08:59.953864: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 13:08:59.953867: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:08:59.953872: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:08:59.953874: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:08:59.953877: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:08:59.953879: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:08:59.953882: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:08:59.953884: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:08:59.953886: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:08:59.953891: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:08:59.953895: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:08:59.953897: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55785d056238 Aug 26 13:08:59.953899: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:08:59.953901: | libevent_malloc: new ptr-libevent@0x55785d058178 size 128 Aug 26 13:08:59.953905: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:08:59.953907: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55785d058b28 Aug 26 13:08:59.953909: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:08:59.953912: | libevent_malloc: new ptr-libevent@0x55785d055df8 size 128 Aug 26 13:08:59.953914: | libevent_free: release ptr-libevent@0x55785d059a18 Aug 26 13:08:59.953916: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f41b8002b78 Aug 26 13:08:59.953919: | #2 spent 0.132 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:08:59.953921: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:08:59.953925: | timer_event_cb: processing event@0x55785d056238 Aug 26 13:08:59.953927: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:08:59.953929: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:08:59.953934: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:08:59.953936: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f41b8002b78 Aug 26 13:08:59.953939: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:08:59.953940: | libevent_malloc: new ptr-libevent@0x55785d059a18 size 128 Aug 26 13:08:59.953946: | libevent_free: release ptr-libevent@0x55785d058178 Aug 26 13:08:59.953949: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55785d056238 Aug 26 13:08:59.953953: | crypto helper 3 resuming Aug 26 13:08:59.953954: | #3 spent 0.0278 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:08:59.953966: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:08:59.953969: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:08:59.953970: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:08:59.953972: | timer_event_cb: processing event@0x55785d058b28 Aug 26 13:08:59.953983: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:08:59.953987: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:08:59.953991: | picked newest_ipsec_sa #2 for #2 Aug 26 13:08:59.953994: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:08:59.953996: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:08:59.953999: | pstats #2 ikev2.child deleted completed Aug 26 13:08:59.954002: | #2 spent 1.95 milliseconds in total Aug 26 13:08:59.954006: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:08:59.954010: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 2.410s and NOT sending notification Aug 26 13:08:59.954013: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:08:59.954018: | get_sa_info esp.efc8c273@192.1.2.23 Aug 26 13:08:59.954031: | get_sa_info esp.30f1bd82@192.1.2.45 Aug 26 13:08:59.954039: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Aug 26 13:08:59.954043: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:08:59.954082: | running updown command "ipsec _updown" for verb down Aug 26 13:08:59.954086: | command executing down-client Aug 26 13:08:59.954111: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824937' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:08:59.954115: | popen cmd is 1060 chars long Aug 26 13:08:59.954118: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:08:59.954121: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 13:08:59.954123: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 13:08:59.954126: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 13:08:59.954129: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Aug 26 13:08:59.954132: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:08:59.954134: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:08:59.954137: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824937' PLUTO_CO: Aug 26 13:08:59.954140: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 13:08:59.954142: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 13:08:59.954145: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 13:08:59.954148: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 13:08:59.954150: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xefc8c273 SPI_OUT=0x30f1bd8: Aug 26 13:08:59.954155: | cmd(1040):2 ipsec _updown 2>&1: Aug 26 13:08:59.954749: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000779 seconds Aug 26 13:08:59.954763: | (#3) spent 0.786 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:08:59.954766: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:08:59.954768: | scheduling resume sending helper answer for #3 Aug 26 13:08:59.954770: | libevent_malloc: new ptr-libevent@0x7f41b4002888 size 128 Aug 26 13:08:59.954780: | crypto helper 3 waiting (nothing to do) Aug 26 13:08:59.963459: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:08:59.963469: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:08:59.963472: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:08:59.963477: | IPsec Sa SPD priority set to 1042407 Aug 26 13:08:59.963500: | delete esp.efc8c273@192.1.2.23 Aug 26 13:08:59.963517: | netlink response for Del SA esp.efc8c273@192.1.2.23 included non-error error Aug 26 13:08:59.963522: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:08:59.963529: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:08:59.963552: | raw_eroute result=success Aug 26 13:08:59.963559: | delete esp.30f1bd82@192.1.2.45 Aug 26 13:08:59.963571: | netlink response for Del SA esp.30f1bd82@192.1.2.45 included non-error error Aug 26 13:08:59.963583: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:08:59.963588: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:08:59.963593: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:08:59.963602: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:08:59.963618: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:08:59.963622: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:08:59.963627: | libevent_free: release ptr-libevent@0x55785d055df8 Aug 26 13:08:59.963631: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55785d058b28 Aug 26 13:08:59.963635: | in statetime_stop() and could not find #2 Aug 26 13:08:59.963639: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:08:59.963660: | spent 0.0024 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:08:59.963677: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:08:59.963683: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.963686: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:08:59.963689: | 72 de d9 5b 82 11 2d db 08 0d 95 79 70 65 b9 20 Aug 26 13:08:59.963692: | 16 12 0b 58 e1 3f e3 a8 00 8e a1 9e 03 04 00 13 Aug 26 13:08:59.963694: | 2a Aug 26 13:08:59.963701: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:08:59.963706: | **parse ISAKMP Message: Aug 26 13:08:59.963709: | initiator cookie: Aug 26 13:08:59.963712: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:59.963715: | responder cookie: Aug 26 13:08:59.963718: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.963721: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:08:59.963725: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:59.963732: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:08:59.963737: | flags: none (0x0) Aug 26 13:08:59.963740: | Message ID: 1 (0x1) Aug 26 13:08:59.963743: | length: 65 (0x41) Aug 26 13:08:59.963746: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:08:59.963750: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:08:59.963756: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:08:59.963764: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:08:59.963767: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:08:59.963772: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:08:59.963776: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:08:59.963780: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:08:59.963783: | unpacking clear payload Aug 26 13:08:59.963786: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:08:59.963789: | ***parse IKEv2 Encryption Payload: Aug 26 13:08:59.963791: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:08:59.963794: | flags: none (0x0) Aug 26 13:08:59.963797: | length: 37 (0x25) Aug 26 13:08:59.963799: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:08:59.963805: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:08:59.963808: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:08:59.963828: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:08:59.963832: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:08:59.963834: | **parse IKEv2 Delete Payload: Aug 26 13:08:59.963836: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.963838: | flags: none (0x0) Aug 26 13:08:59.963840: | length: 8 (0x8) Aug 26 13:08:59.963841: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:08:59.963843: | SPI size: 0 (0x0) Aug 26 13:08:59.963845: | number of SPIs: 0 (0x0) Aug 26 13:08:59.963846: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:08:59.963848: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:08:59.963850: | Now let's proceed with state specific processing Aug 26 13:08:59.963851: | calling processor I3: INFORMATIONAL Request Aug 26 13:08:59.963854: | an informational request should send a response Aug 26 13:08:59.963873: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:08:59.963876: | **emit ISAKMP Message: Aug 26 13:08:59.963877: | initiator cookie: Aug 26 13:08:59.963879: | 47 83 ee a4 d1 45 51 22 Aug 26 13:08:59.963881: | responder cookie: Aug 26 13:08:59.963882: | 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.963884: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:59.963886: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:59.963887: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:08:59.963889: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:08:59.963891: | Message ID: 1 (0x1) Aug 26 13:08:59.963893: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:59.963895: | ***emit IKEv2 Encryption Payload: Aug 26 13:08:59.963897: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.963898: | flags: none (0x0) Aug 26 13:08:59.963901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:08:59.963903: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:08:59.963905: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:08:59.963912: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:08:59.963914: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:08:59.963916: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:08:59.963918: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:08:59.963921: | emitting length of ISAKMP Message: 57 Aug 26 13:08:59.963933: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:08:59.963935: | 47 83 ee a4 d1 45 51 22 1e 77 e6 9f ca a9 9c 6a Aug 26 13:08:59.963937: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:08:59.963938: | b9 b4 74 cc 33 a6 49 83 25 39 16 04 b2 00 60 e3 Aug 26 13:08:59.963940: | d0 ce 77 74 8f e1 f2 93 b6 Aug 26 13:08:59.963963: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:08:59.963968: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:08:59.963971: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:08:59.963973: | pstats #3 ikev2.child deleted other Aug 26 13:08:59.963976: | #3 spent 0.0278 milliseconds in total Aug 26 13:08:59.963979: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:08:59.963982: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:08:59.963985: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.010s and NOT sending notification Aug 26 13:08:59.963987: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:08:59.963989: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:08:59.963991: | libevent_free: release ptr-libevent@0x55785d059a18 Aug 26 13:08:59.963995: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f41b8002b78 Aug 26 13:08:59.963997: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:08:59.964002: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:08:59.964011: | raw_eroute result=success Aug 26 13:08:59.964014: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:08:59.964016: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:08:59.964022: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:08:59.964025: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:08:59.964027: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:08:59.964030: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:08:59.964032: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:08:59.964034: | pstats #1 ikev2.ike deleted completed Aug 26 13:08:59.964037: | #1 spent 7.25 milliseconds in total Aug 26 13:08:59.964040: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:08:59.964042: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 2.426s and NOT sending notification Aug 26 13:08:59.964044: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:08:59.964079: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:08:59.964084: | libevent_free: release ptr-libevent@0x7f41b0000f48 Aug 26 13:08:59.964087: | free_event_entry: release EVENT_SA_REKEY-pe@0x55785d0560c8 Aug 26 13:08:59.964090: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:08:59.964092: | picked newest_isakmp_sa #0 for #1 Aug 26 13:08:59.964094: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:08:59.964096: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:08:59.964100: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:08:59.964103: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:08:59.964105: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:08:59.964111: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:08:59.964144: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:08:59.964171: | in statetime_stop() and could not find #1 Aug 26 13:08:59.964176: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:59.964181: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:08:59.964185: | STF_OK but no state object remains Aug 26 13:08:59.964188: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:08:59.964190: | in statetime_stop() and could not find #1 Aug 26 13:08:59.964193: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:08:59.964195: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:08:59.964197: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:08:59.964201: | spent 0.525 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:08:59.964206: | processing resume sending helper answer for #3 Aug 26 13:08:59.964209: | crypto helper 3 replies to request ID 3 Aug 26 13:08:59.964211: | calling continuation function 0x55785bedcb50 Aug 26 13:08:59.964212: | work-order 3 state #3 crypto result suppressed Aug 26 13:08:59.964222: | (#3) spent 0.0123 milliseconds in resume sending helper answer Aug 26 13:08:59.964224: | libevent_free: release ptr-libevent@0x7f41b4002888 Aug 26 13:08:59.964226: | processing signal PLUTO_SIGCHLD Aug 26 13:08:59.964230: | waitpid returned ECHILD (no child processes left) Aug 26 13:08:59.964232: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:08:59.964236: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:08:59.964238: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 13:08:59.964240: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:08:59.964243: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:08:59.964245: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:08:59.964247: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:08:59.964250: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:08:59.964254: | creating state object #4 at 0x55785d058d48 Aug 26 13:08:59.964255: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:08:59.964259: | pstats #4 ikev2.ike started Aug 26 13:08:59.964262: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:08:59.964264: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:08:59.964267: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:08:59.964271: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:08:59.964274: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:08:59.964276: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:08:59.964279: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:08:59.964281: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 13:08:59.964298: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:59.964307: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:08:59.964310: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f41b0001f18 Aug 26 13:08:59.964312: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:08:59.964315: | libevent_malloc: new ptr-libevent@0x55785d055df8 size 128 Aug 26 13:08:59.964326: | #4 spent 0.0769 milliseconds in ikev2_parent_outI1() Aug 26 13:08:59.964330: | crypto helper 4 resuming Aug 26 13:08:59.964334: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:08:59.964341: | crypto helper 4 starting work-order 4 for state #4 Aug 26 13:08:59.964346: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:08:59.964351: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:08:59.964354: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:08:59.964359: | spent 0.113 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:08:59.964973: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000622 seconds Aug 26 13:08:59.964981: | (#4) spent 0.629 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:08:59.964983: | crypto helper 4 sending results from work-order 4 for state #4 to event queue Aug 26 13:08:59.964985: | scheduling resume sending helper answer for #4 Aug 26 13:08:59.964987: | libevent_malloc: new ptr-libevent@0x7f41a8002888 size 128 Aug 26 13:08:59.964993: | crypto helper 4 waiting (nothing to do) Aug 26 13:08:59.965000: | processing resume sending helper answer for #4 Aug 26 13:08:59.965007: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:08:59.965009: | crypto helper 4 replies to request ID 4 Aug 26 13:08:59.965011: | calling continuation function 0x55785bedcb50 Aug 26 13:08:59.965013: | ikev2_parent_outI1_continue for #4 Aug 26 13:08:59.965017: | **emit ISAKMP Message: Aug 26 13:08:59.965019: | initiator cookie: Aug 26 13:08:59.965020: | 70 8b 07 f1 1a 1e 53 a1 Aug 26 13:08:59.965022: | responder cookie: Aug 26 13:08:59.965023: | 00 00 00 00 00 00 00 00 Aug 26 13:08:59.965025: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:08:59.965027: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:08:59.965029: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:08:59.965031: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:08:59.965032: | Message ID: 0 (0x0) Aug 26 13:08:59.965034: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:08:59.965044: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:08:59.965050: | Emitting ikev2_proposals ... Aug 26 13:08:59.965052: | ***emit IKEv2 Security Association Payload: Aug 26 13:08:59.965054: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.965056: | flags: none (0x0) Aug 26 13:08:59.965058: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:08:59.965060: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.965062: | discarding INTEG=NONE Aug 26 13:08:59.965063: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:59.965065: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965067: | prop #: 1 (0x1) Aug 26 13:08:59.965069: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:59.965070: | spi size: 0 (0x0) Aug 26 13:08:59.965072: | # transforms: 11 (0xb) Aug 26 13:08:59.965074: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:59.965076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965079: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:59.965081: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:59.965083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965084: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:59.965086: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:59.965088: | length/value: 256 (0x100) Aug 26 13:08:59.965090: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:59.965092: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965095: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965097: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:59.965099: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965101: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965102: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965104: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965107: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965109: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:59.965111: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965114: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965116: | discarding INTEG=NONE Aug 26 13:08:59.965117: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965120: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965122: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:59.965124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965126: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965127: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965130: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965135: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:59.965137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965140: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965142: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965145: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965146: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:59.965148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965152: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965153: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965158: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:59.965160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965164: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965168: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965170: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:59.965172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965175: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965177: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965182: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:59.965183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965187: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965189: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965193: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:59.965195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965198: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965200: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965201: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965203: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:59.965204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965206: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:59.965208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965211: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965213: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:08:59.965215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:59.965217: | discarding INTEG=NONE Aug 26 13:08:59.965218: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:59.965220: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965222: | prop #: 2 (0x2) Aug 26 13:08:59.965223: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:59.965225: | spi size: 0 (0x0) Aug 26 13:08:59.965226: | # transforms: 11 (0xb) Aug 26 13:08:59.965228: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965230: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:59.965232: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965235: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:59.965237: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:08:59.965238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965240: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:59.965242: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:59.965243: | length/value: 128 (0x80) Aug 26 13:08:59.965245: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:59.965247: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965250: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965251: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:59.965253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965257: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965258: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965262: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965263: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:59.965265: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965269: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965270: | discarding INTEG=NONE Aug 26 13:08:59.965272: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965276: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965277: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:59.965279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965281: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965283: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965284: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965315: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965321: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:59.965324: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965329: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965331: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965337: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:59.965340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965342: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965345: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965347: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965351: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965354: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:59.965356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965359: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965361: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965370: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:59.965373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965378: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965380: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:59.965390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965399: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965406: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:59.965409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965411: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965414: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965416: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965418: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:59.965421: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965423: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:59.965426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965431: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965434: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:08:59.965436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:59.965439: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:59.965442: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965444: | prop #: 3 (0x3) Aug 26 13:08:59.965447: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:59.965449: | spi size: 0 (0x0) Aug 26 13:08:59.965451: | # transforms: 13 (0xd) Aug 26 13:08:59.965454: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965456: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:59.965459: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965464: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:59.965466: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:59.965469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965471: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:59.965474: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:59.965476: | length/value: 256 (0x100) Aug 26 13:08:59.965479: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:59.965481: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965488: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:59.965491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965493: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965496: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965498: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965505: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965507: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:59.965510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965515: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965518: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965523: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:59.965525: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:59.965528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965535: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965540: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:59.965543: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:59.965546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965554: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965558: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965561: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:59.965564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965569: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965572: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965577: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965580: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:59.965583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965589: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965591: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965599: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:59.965603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965617: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:59.965618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965622: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965624: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965629: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:59.965630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965634: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965640: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:59.965642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965646: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965648: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965652: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:59.965654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965658: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965661: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:59.965663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965664: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:59.965666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965668: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965670: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965672: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:08:59.965674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:59.965675: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:08:59.965677: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:08:59.965679: | prop #: 4 (0x4) Aug 26 13:08:59.965681: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:08:59.965683: | spi size: 0 (0x0) Aug 26 13:08:59.965684: | # transforms: 13 (0xd) Aug 26 13:08:59.965686: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:08:59.965688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:08:59.965690: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965693: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:08:59.965695: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:08:59.965697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965698: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:08:59.965700: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:08:59.965702: | length/value: 128 (0x80) Aug 26 13:08:59.965703: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:08:59.965705: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965710: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:08:59.965712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965715: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965717: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965720: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:08:59.965722: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:08:59.965723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965729: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965732: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:59.965733: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:08:59.965735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965739: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965740: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965744: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:08:59.965745: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:08:59.965747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965751: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965752: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965760: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:59.965763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965769: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965771: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965779: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:08:59.965782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965785: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965788: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965793: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965798: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:08:59.965801: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965804: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965807: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965810: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965818: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:08:59.965821: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965827: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965829: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965838: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:08:59.965841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965847: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965850: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:08:59.965861: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965864: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965869: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965871: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965877: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965880: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:08:59.965883: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965889: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965892: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:08:59.965895: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:08:59.965897: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:08:59.965900: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:08:59.965903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:08:59.965906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:08:59.965909: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:08:59.965912: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:08:59.965915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:08:59.965918: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:08:59.965921: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:08:59.965924: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:08:59.965927: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.965930: | flags: none (0x0) Aug 26 13:08:59.965932: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:08:59.965936: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:08:59.965939: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.965942: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:08:59.965946: | ikev2 g^x 5e a5 ab 97 f8 cb 54 8a 18 25 97 13 1f a3 fb 86 Aug 26 13:08:59.965948: | ikev2 g^x 27 30 31 58 c6 17 2d 15 a6 76 c2 a5 56 96 27 f8 Aug 26 13:08:59.965951: | ikev2 g^x a9 f9 7a 6f 34 ad d3 cb 25 bf 77 12 5f 5b 18 6c Aug 26 13:08:59.965954: | ikev2 g^x 55 2a 31 02 d5 72 0c f2 1e d3 76 9b ee 01 8f 3e Aug 26 13:08:59.965956: | ikev2 g^x bc d2 0e 05 95 ba d6 2f a7 f8 6b 73 71 fa 99 74 Aug 26 13:08:59.965959: | ikev2 g^x 9f e7 ca f0 d9 23 f7 f3 4a ea 94 88 68 82 47 a3 Aug 26 13:08:59.965961: | ikev2 g^x 24 27 38 1c 79 26 2c ec ca 05 41 62 03 49 01 ea Aug 26 13:08:59.965963: | ikev2 g^x 22 81 91 b5 af fb 45 54 da 96 f9 f2 67 a5 e8 87 Aug 26 13:08:59.965965: | ikev2 g^x c6 da f9 5b 51 cb 2d 76 84 86 95 b4 28 e4 2b d8 Aug 26 13:08:59.965967: | ikev2 g^x 96 a3 28 28 39 1c 59 ea 3c c7 5a d5 1e 9c 7e ce Aug 26 13:08:59.965970: | ikev2 g^x 9f 05 96 50 e1 29 1b 29 63 6d 23 1d 86 49 11 28 Aug 26 13:08:59.965972: | ikev2 g^x b8 b3 fc c7 bd 54 7b 8a a8 18 7b 2c ac 5f e4 a3 Aug 26 13:08:59.965974: | ikev2 g^x f8 4a 2d a5 4b f3 d8 7a a3 a2 30 7a dd 58 a2 4b Aug 26 13:08:59.965976: | ikev2 g^x 90 61 37 43 30 07 96 7e 7b cc f5 8f 7b d0 60 a7 Aug 26 13:08:59.965979: | ikev2 g^x fa c5 8c 43 69 42 e9 7a 58 59 f9 74 54 50 57 75 Aug 26 13:08:59.965981: | ikev2 g^x aa 27 8a 60 9f ad 3c d9 51 87 ae 7d 16 07 5b 13 Aug 26 13:08:59.965987: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:08:59.965989: | ***emit IKEv2 Nonce Payload: Aug 26 13:08:59.965992: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:08:59.965995: | flags: none (0x0) Aug 26 13:08:59.965998: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:08:59.966001: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:08:59.966004: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.966006: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:08:59.966009: | IKEv2 nonce f5 74 64 2e d4 47 1e 4d f7 86 e6 37 0a a4 9c c7 Aug 26 13:08:59.966012: | IKEv2 nonce 33 44 b0 a4 47 3f cd 70 56 28 bd 26 7a 99 95 30 Aug 26 13:08:59.966014: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:08:59.966017: | Adding a v2N Payload Aug 26 13:08:59.966019: | ***emit IKEv2 Notify Payload: Aug 26 13:08:59.966022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.966025: | flags: none (0x0) Aug 26 13:08:59.966027: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:59.966030: | SPI size: 0 (0x0) Aug 26 13:08:59.966033: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:08:59.966036: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:59.966039: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.966042: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:08:59.966046: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:08:59.966049: | natd_hash: rcookie is zero Aug 26 13:08:59.966062: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:59.966066: | natd_hash: icookie= 70 8b 07 f1 1a 1e 53 a1 Aug 26 13:08:59.966069: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:08:59.966071: | natd_hash: ip= c0 01 02 2d Aug 26 13:08:59.966074: | natd_hash: port=500 Aug 26 13:08:59.966076: | natd_hash: hash= b6 ee ff b3 ab 79 09 7e 49 06 b5 84 67 4b af eb Aug 26 13:08:59.966079: | natd_hash: hash= 74 b7 08 4c Aug 26 13:08:59.966081: | Adding a v2N Payload Aug 26 13:08:59.966084: | ***emit IKEv2 Notify Payload: Aug 26 13:08:59.966087: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.966090: | flags: none (0x0) Aug 26 13:08:59.966092: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:59.966095: | SPI size: 0 (0x0) Aug 26 13:08:59.966098: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:08:59.966101: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:59.966105: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.966108: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:08:59.966111: | Notify data b6 ee ff b3 ab 79 09 7e 49 06 b5 84 67 4b af eb Aug 26 13:08:59.966114: | Notify data 74 b7 08 4c Aug 26 13:08:59.966116: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:08:59.966119: | natd_hash: rcookie is zero Aug 26 13:08:59.966127: | natd_hash: hasher=0x55785bfb1800(20) Aug 26 13:08:59.966130: | natd_hash: icookie= 70 8b 07 f1 1a 1e 53 a1 Aug 26 13:08:59.966132: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:08:59.966134: | natd_hash: ip= c0 01 02 17 Aug 26 13:08:59.966136: | natd_hash: port=500 Aug 26 13:08:59.966139: | natd_hash: hash= 8f 72 0e c0 40 b4 03 50 59 9f ae 04 7e a4 c8 70 Aug 26 13:08:59.966141: | natd_hash: hash= 06 7b 5a 56 Aug 26 13:08:59.966143: | Adding a v2N Payload Aug 26 13:08:59.966145: | ***emit IKEv2 Notify Payload: Aug 26 13:08:59.966147: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:08:59.966151: | flags: none (0x0) Aug 26 13:08:59.966153: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:08:59.966155: | SPI size: 0 (0x0) Aug 26 13:08:59.966158: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:08:59.966160: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:08:59.966163: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:08:59.966166: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:08:59.966168: | Notify data 8f 72 0e c0 40 b4 03 50 59 9f ae 04 7e a4 c8 70 Aug 26 13:08:59.966170: | Notify data 06 7b 5a 56 Aug 26 13:08:59.966172: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:08:59.966175: | emitting length of ISAKMP Message: 828 Aug 26 13:08:59.966181: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:08:59.966186: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:08:59.966190: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:08:59.966192: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:08:59.966195: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:08:59.966198: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:08:59.966200: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:08:59.966205: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:08:59.966208: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:08:59.966214: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:08:59.966220: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 13:08:59.966223: | 70 8b 07 f1 1a 1e 53 a1 00 00 00 00 00 00 00 00 Aug 26 13:08:59.966226: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:08:59.966228: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:08:59.966231: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:08:59.966233: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:08:59.966236: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:08:59.966238: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:08:59.966241: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:08:59.966244: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:08:59.966246: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:08:59.966249: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:08:59.966251: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:08:59.966254: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:08:59.966256: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:08:59.966259: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:08:59.966261: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:08:59.966264: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:08:59.966266: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:08:59.966269: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:08:59.966271: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:08:59.966273: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:08:59.966275: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:08:59.966277: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:08:59.966279: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:08:59.966281: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:08:59.966285: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:08:59.966291: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:08:59.966296: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:08:59.966299: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:08:59.966301: | 28 00 01 08 00 0e 00 00 5e a5 ab 97 f8 cb 54 8a Aug 26 13:08:59.966303: | 18 25 97 13 1f a3 fb 86 27 30 31 58 c6 17 2d 15 Aug 26 13:08:59.966305: | a6 76 c2 a5 56 96 27 f8 a9 f9 7a 6f 34 ad d3 cb Aug 26 13:08:59.966307: | 25 bf 77 12 5f 5b 18 6c 55 2a 31 02 d5 72 0c f2 Aug 26 13:08:59.966309: | 1e d3 76 9b ee 01 8f 3e bc d2 0e 05 95 ba d6 2f Aug 26 13:08:59.966311: | a7 f8 6b 73 71 fa 99 74 9f e7 ca f0 d9 23 f7 f3 Aug 26 13:08:59.966313: | 4a ea 94 88 68 82 47 a3 24 27 38 1c 79 26 2c ec Aug 26 13:08:59.966315: | ca 05 41 62 03 49 01 ea 22 81 91 b5 af fb 45 54 Aug 26 13:08:59.966317: | da 96 f9 f2 67 a5 e8 87 c6 da f9 5b 51 cb 2d 76 Aug 26 13:08:59.966319: | 84 86 95 b4 28 e4 2b d8 96 a3 28 28 39 1c 59 ea Aug 26 13:08:59.966321: | 3c c7 5a d5 1e 9c 7e ce 9f 05 96 50 e1 29 1b 29 Aug 26 13:08:59.966323: | 63 6d 23 1d 86 49 11 28 b8 b3 fc c7 bd 54 7b 8a Aug 26 13:08:59.966326: | a8 18 7b 2c ac 5f e4 a3 f8 4a 2d a5 4b f3 d8 7a Aug 26 13:08:59.966328: | a3 a2 30 7a dd 58 a2 4b 90 61 37 43 30 07 96 7e Aug 26 13:08:59.966329: | 7b cc f5 8f 7b d0 60 a7 fa c5 8c 43 69 42 e9 7a Aug 26 13:08:59.966332: | 58 59 f9 74 54 50 57 75 aa 27 8a 60 9f ad 3c d9 Aug 26 13:08:59.966334: | 51 87 ae 7d 16 07 5b 13 29 00 00 24 f5 74 64 2e Aug 26 13:08:59.966336: | d4 47 1e 4d f7 86 e6 37 0a a4 9c c7 33 44 b0 a4 Aug 26 13:08:59.966338: | 47 3f cd 70 56 28 bd 26 7a 99 95 30 29 00 00 08 Aug 26 13:08:59.966340: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 ee ff b3 Aug 26 13:08:59.966342: | ab 79 09 7e 49 06 b5 84 67 4b af eb 74 b7 08 4c Aug 26 13:08:59.966345: | 00 00 00 1c 00 00 40 05 8f 72 0e c0 40 b4 03 50 Aug 26 13:08:59.966347: | 59 9f ae 04 7e a4 c8 70 06 7b 5a 56 Aug 26 13:08:59.966383: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:08:59.966389: | libevent_free: release ptr-libevent@0x55785d055df8 Aug 26 13:08:59.966393: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f41b0001f18 Aug 26 13:08:59.966396: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:08:59.966400: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f41b0001f18 Aug 26 13:08:59.966405: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:08:59.966408: | libevent_malloc: new ptr-libevent@0x55785d059a18 size 128 Aug 26 13:08:59.966413: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10225.708866 Aug 26 13:08:59.966418: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:08:59.966424: | #4 spent 1.37 milliseconds in resume sending helper answer Aug 26 13:08:59.966430: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:08:59.966433: | libevent_free: release ptr-libevent@0x7f41a8002888 Aug 26 13:09:00.466978: | timer_event_cb: processing event@0x7f41b0001f18 Aug 26 13:09:00.466993: | handling event EVENT_RETRANSMIT for parent state #4 Aug 26 13:09:00.466999: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:00.467002: | IKEv2 retransmit event Aug 26 13:09:00.467006: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:00.467009: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 attempt 2 of 0 Aug 26 13:09:00.467012: | and parent for 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" #4 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:00.467020: | retransmits: current time 10226.209484; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500618 exceeds limit? NO Aug 26 13:09:00.467023: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f41a8002b78 Aug 26 13:09:00.467026: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:09:00.467029: | libevent_malloc: new ptr-libevent@0x7f41a8002888 size 128 Aug 26 13:09:00.467032: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Aug 26 13:09:00.467037: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 13:09:00.467039: | 70 8b 07 f1 1a 1e 53 a1 00 00 00 00 00 00 00 00 Aug 26 13:09:00.467041: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:00.467042: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:00.467044: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:00.467045: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:00.467047: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:00.467048: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:00.467050: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:00.467051: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:00.467053: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:00.467054: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:00.467056: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:00.467057: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:00.467059: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:00.467060: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:00.467062: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:00.467063: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:00.467065: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:00.467066: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:00.467068: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:00.467069: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:00.467071: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:00.467072: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:00.467074: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:00.467076: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:00.467077: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:00.467079: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:00.467080: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:00.467082: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:00.467083: | 28 00 01 08 00 0e 00 00 5e a5 ab 97 f8 cb 54 8a Aug 26 13:09:00.467085: | 18 25 97 13 1f a3 fb 86 27 30 31 58 c6 17 2d 15 Aug 26 13:09:00.467086: | a6 76 c2 a5 56 96 27 f8 a9 f9 7a 6f 34 ad d3 cb Aug 26 13:09:00.467088: | 25 bf 77 12 5f 5b 18 6c 55 2a 31 02 d5 72 0c f2 Aug 26 13:09:00.467089: | 1e d3 76 9b ee 01 8f 3e bc d2 0e 05 95 ba d6 2f Aug 26 13:09:00.467091: | a7 f8 6b 73 71 fa 99 74 9f e7 ca f0 d9 23 f7 f3 Aug 26 13:09:00.467092: | 4a ea 94 88 68 82 47 a3 24 27 38 1c 79 26 2c ec Aug 26 13:09:00.467094: | ca 05 41 62 03 49 01 ea 22 81 91 b5 af fb 45 54 Aug 26 13:09:00.467095: | da 96 f9 f2 67 a5 e8 87 c6 da f9 5b 51 cb 2d 76 Aug 26 13:09:00.467097: | 84 86 95 b4 28 e4 2b d8 96 a3 28 28 39 1c 59 ea Aug 26 13:09:00.467098: | 3c c7 5a d5 1e 9c 7e ce 9f 05 96 50 e1 29 1b 29 Aug 26 13:09:00.467100: | 63 6d 23 1d 86 49 11 28 b8 b3 fc c7 bd 54 7b 8a Aug 26 13:09:00.467101: | a8 18 7b 2c ac 5f e4 a3 f8 4a 2d a5 4b f3 d8 7a Aug 26 13:09:00.467103: | a3 a2 30 7a dd 58 a2 4b 90 61 37 43 30 07 96 7e Aug 26 13:09:00.467105: | 7b cc f5 8f 7b d0 60 a7 fa c5 8c 43 69 42 e9 7a Aug 26 13:09:00.467107: | 58 59 f9 74 54 50 57 75 aa 27 8a 60 9f ad 3c d9 Aug 26 13:09:00.467108: | 51 87 ae 7d 16 07 5b 13 29 00 00 24 f5 74 64 2e Aug 26 13:09:00.467110: | d4 47 1e 4d f7 86 e6 37 0a a4 9c c7 33 44 b0 a4 Aug 26 13:09:00.467112: | 47 3f cd 70 56 28 bd 26 7a 99 95 30 29 00 00 08 Aug 26 13:09:00.467113: | 00 00 40 2e 29 00 00 1c 00 00 40 04 b6 ee ff b3 Aug 26 13:09:00.467115: | ab 79 09 7e 49 06 b5 84 67 4b af eb 74 b7 08 4c Aug 26 13:09:00.467116: | 00 00 00 1c 00 00 40 05 8f 72 0e c0 40 b4 03 50 Aug 26 13:09:00.467118: | 59 9f ae 04 7e a4 c8 70 06 7b 5a 56 Aug 26 13:09:00.467141: | libevent_free: release ptr-libevent@0x55785d059a18 Aug 26 13:09:00.467144: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f41b0001f18 Aug 26 13:09:00.467150: | #4 spent 0.17 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:00.467154: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:09:00.703500: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:00.703518: shutting down Aug 26 13:09:00.703525: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:09:00.703528: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:00.703529: forgetting secrets Aug 26 13:09:00.703533: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:00.703537: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:09:00.703540: | removing pending policy for no connection {0x55785d039478} Aug 26 13:09:00.703542: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:00.703544: | pass 0 Aug 26 13:09:00.703546: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:00.703548: | state #4 Aug 26 13:09:00.703550: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:00.703554: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:00.703556: | pstats #4 ikev2.ike deleted other Aug 26 13:09:00.703560: | #4 spent 2.25 milliseconds in total Aug 26 13:09:00.703563: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:00.703566: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.739s and NOT sending notification Aug 26 13:09:00.703569: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:09:00.703571: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:00.703573: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:00.703576: | libevent_free: release ptr-libevent@0x7f41a8002888 Aug 26 13:09:00.703578: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f41a8002b78 Aug 26 13:09:00.703581: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:00.703583: | picked newest_isakmp_sa #0 for #4 Aug 26 13:09:00.703585: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:09:00.703588: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 13:09:00.703590: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:09:00.703594: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:09:00.703596: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:09:00.703598: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:09:00.703602: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:09:00.703605: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:09:00.703621: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:00.703625: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:00.703626: | pass 1 Aug 26 13:09:00.703628: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:00.703631: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:00.703633: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:00.703635: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:09:00.703667: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:09:00.703674: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:00.703676: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:00.703678: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:09:00.703681: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:09:00.703683: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:00.703685: | command executing unroute-client Aug 26 13:09:00.703718: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 13:09:00.703721: | popen cmd is 1041 chars long Aug 26 13:09:00.703723: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:09:00.703725: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:09:00.703726: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:09:00.703728: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:09:00.703730: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Aug 26 13:09:00.703731: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:09:00.703733: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:09:00.703735: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 13:09:00.703737: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 13:09:00.703738: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:09:00.703740: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:09:00.703742: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:09:00.703743: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 13:09:00.703746: | cmd(1040):1: Aug 26 13:09:00.712388: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712407: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712410: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712415: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712427: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712438: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712451: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712463: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712475: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712486: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712498: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712512: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712524: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712535: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712546: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712558: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712572: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712584: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712596: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712608: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712620: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712634: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712751: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712763: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712773: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712782: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712809: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712819: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712841: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712851: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712861: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712871: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712881: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712890: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712900: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712909: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712919: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712929: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712938: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712947: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712957: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712969: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712978: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712987: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.712996: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.713005: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:00.717715: | free hp@0x55785d053878 Aug 26 13:09:00.717757: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 13:09:00.717762: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:09:00.717790: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:09:00.717792: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:09:00.717813: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:09:00.717816: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:09:00.717818: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:09:00.717820: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:09:00.717822: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:09:00.717824: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:09:00.717827: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:09:00.717837: | libevent_free: release ptr-libevent@0x55785d045488 Aug 26 13:09:00.717852: | free_event_entry: release EVENT_NULL-pe@0x55785d051178 Aug 26 13:09:00.717860: | libevent_free: release ptr-libevent@0x55785cfe1358 Aug 26 13:09:00.717862: | free_event_entry: release EVENT_NULL-pe@0x55785d051228 Aug 26 13:09:00.717867: | libevent_free: release ptr-libevent@0x55785cfe31f8 Aug 26 13:09:00.717869: | free_event_entry: release EVENT_NULL-pe@0x55785d0512d8 Aug 26 13:09:00.717875: | libevent_free: release ptr-libevent@0x55785cfe0348 Aug 26 13:09:00.717876: | free_event_entry: release EVENT_NULL-pe@0x55785d051388 Aug 26 13:09:00.717882: | libevent_free: release ptr-libevent@0x55785cfb6ba8 Aug 26 13:09:00.717884: | free_event_entry: release EVENT_NULL-pe@0x55785d051438 Aug 26 13:09:00.717888: | libevent_free: release ptr-libevent@0x55785cfb11d8 Aug 26 13:09:00.717890: | free_event_entry: release EVENT_NULL-pe@0x55785d0514e8 Aug 26 13:09:00.717894: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:00.718226: | libevent_free: release ptr-libevent@0x55785d045538 Aug 26 13:09:00.718232: | free_event_entry: release EVENT_NULL-pe@0x55785d0392f8 Aug 26 13:09:00.718236: | libevent_free: release ptr-libevent@0x55785cfe30f8 Aug 26 13:09:00.718239: | free_event_entry: release EVENT_NULL-pe@0x55785d0387b8 Aug 26 13:09:00.718242: | libevent_free: release ptr-libevent@0x55785d01cbb8 Aug 26 13:09:00.718244: | free_event_entry: release EVENT_NULL-pe@0x55785d039368 Aug 26 13:09:00.718247: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:09:00.718249: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:09:00.718250: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:09:00.718252: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:09:00.718254: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:09:00.718255: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:09:00.718257: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:09:00.718258: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:09:00.718260: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:09:00.718264: | libevent_free: release ptr-libevent@0x55785cfe08a8 Aug 26 13:09:00.718266: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:09:00.718268: | libevent_free: release ptr-libevent@0x55785d0508c8 Aug 26 13:09:00.718269: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:09:00.718272: | libevent_free: release ptr-libevent@0x55785d0509d8 Aug 26 13:09:00.718273: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:09:00.718275: | libevent_free: release ptr-libevent@0x55785d050c18 Aug 26 13:09:00.718277: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:09:00.718278: | releasing event base Aug 26 13:09:00.718302: | libevent_free: release ptr-libevent@0x55785d050ae8 Aug 26 13:09:00.718306: | libevent_free: release ptr-libevent@0x55785d033ba8 Aug 26 13:09:00.718310: | libevent_free: release ptr-libevent@0x55785d033b58 Aug 26 13:09:00.718312: | libevent_free: release ptr-libevent@0x55785d033ae8 Aug 26 13:09:00.718313: | libevent_free: release ptr-libevent@0x55785d033aa8 Aug 26 13:09:00.718315: | libevent_free: release ptr-libevent@0x55785d0507c8 Aug 26 13:09:00.718319: | libevent_free: release ptr-libevent@0x55785d050848 Aug 26 13:09:00.718321: | libevent_free: release ptr-libevent@0x55785d033d58 Aug 26 13:09:00.718322: | libevent_free: release ptr-libevent@0x55785d0388c8 Aug 26 13:09:00.718324: | libevent_free: release ptr-libevent@0x55785d0392b8 Aug 26 13:09:00.718325: | libevent_free: release ptr-libevent@0x55785d051558 Aug 26 13:09:00.718327: | libevent_free: release ptr-libevent@0x55785d0514a8 Aug 26 13:09:00.718329: | libevent_free: release ptr-libevent@0x55785d0513f8 Aug 26 13:09:00.718330: | libevent_free: release ptr-libevent@0x55785d051348 Aug 26 13:09:00.718332: | libevent_free: release ptr-libevent@0x55785d051298 Aug 26 13:09:00.718333: | libevent_free: release ptr-libevent@0x55785d0511e8 Aug 26 13:09:00.718335: | libevent_free: release ptr-libevent@0x55785cfe0a08 Aug 26 13:09:00.718337: | libevent_free: release ptr-libevent@0x55785d050998 Aug 26 13:09:00.718338: | libevent_free: release ptr-libevent@0x55785d050888 Aug 26 13:09:00.718340: | libevent_free: release ptr-libevent@0x55785d050808 Aug 26 13:09:00.718355: | libevent_free: release ptr-libevent@0x55785d050aa8 Aug 26 13:09:00.718356: | libevent_free: release ptr-libevent@0x55785cfdfb98 Aug 26 13:09:00.718358: | libevent_free: release ptr-libevent@0x55785cfb0908 Aug 26 13:09:00.718360: | libevent_free: release ptr-libevent@0x55785cfb0d38 Aug 26 13:09:00.718362: | libevent_free: release ptr-libevent@0x55785cfdff08 Aug 26 13:09:00.718363: | releasing global libevent data Aug 26 13:09:00.718365: | libevent_free: release ptr-libevent@0x55785cfb1538 Aug 26 13:09:00.718367: | libevent_free: release ptr-libevent@0x55785cfb0cd8 Aug 26 13:09:00.718369: | libevent_free: release ptr-libevent@0x55785cfb0dd8 Aug 26 13:09:00.718399: leak detective found no leaks