Aug 26 13:09:08.563838: FIPS Product: YES Aug 26 13:09:08.563953: FIPS Kernel: NO Aug 26 13:09:08.563957: FIPS Mode: NO Aug 26 13:09:08.563960: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:08.564099: Initializing NSS Aug 26 13:09:08.564106: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:08.599532: NSS initialized Aug 26 13:09:08.599549: NSS crypto library initialized Aug 26 13:09:08.599552: FIPS HMAC integrity support [enabled] Aug 26 13:09:08.599555: FIPS mode disabled for pluto daemon Aug 26 13:09:08.637887: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:08.638359: libcap-ng support [enabled] Aug 26 13:09:08.638373: Linux audit support [enabled] Aug 26 13:09:08.638719: Linux audit activated Aug 26 13:09:08.638724: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1788 Aug 26 13:09:08.638727: core dump dir: /tmp Aug 26 13:09:08.638730: secrets file: /etc/ipsec.secrets Aug 26 13:09:08.638732: leak-detective enabled Aug 26 13:09:08.638734: NSS crypto [enabled] Aug 26 13:09:08.638736: XAUTH PAM support [enabled] Aug 26 13:09:08.638811: | libevent is using pluto's memory allocator Aug 26 13:09:08.638821: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:08.638835: | libevent_malloc: new ptr-libevent@0x55560f48a998 size 40 Aug 26 13:09:08.638839: | libevent_malloc: new ptr-libevent@0x55560f48a918 size 40 Aug 26 13:09:08.638842: | libevent_malloc: new ptr-libevent@0x55560f48a898 size 40 Aug 26 13:09:08.638845: | creating event base Aug 26 13:09:08.638849: | libevent_malloc: new ptr-libevent@0x55560f47c4c8 size 56 Aug 26 13:09:08.638854: | libevent_malloc: new ptr-libevent@0x55560f3fdda8 size 664 Aug 26 13:09:08.638865: | libevent_malloc: new ptr-libevent@0x55560f4c4fb8 size 24 Aug 26 13:09:08.638870: | libevent_malloc: new ptr-libevent@0x55560f4c5008 size 384 Aug 26 13:09:08.638880: | libevent_malloc: new ptr-libevent@0x55560f4c4f78 size 16 Aug 26 13:09:08.638883: | libevent_malloc: new ptr-libevent@0x55560f48a818 size 40 Aug 26 13:09:08.638885: | libevent_malloc: new ptr-libevent@0x55560f48a798 size 48 Aug 26 13:09:08.638891: | libevent_realloc: new ptr-libevent@0x55560f3fda38 size 256 Aug 26 13:09:08.638894: | libevent_malloc: new ptr-libevent@0x55560f4c51b8 size 16 Aug 26 13:09:08.638899: | libevent_free: release ptr-libevent@0x55560f47c4c8 Aug 26 13:09:08.638903: | libevent initialized Aug 26 13:09:08.638907: | libevent_realloc: new ptr-libevent@0x55560f47c4c8 size 64 Aug 26 13:09:08.638910: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:08.638925: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:08.638928: NAT-Traversal support [enabled] Aug 26 13:09:08.638931: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:08.638937: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:08.638944: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:08.638977: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:08.638981: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:08.638984: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:08.639031: Encryption algorithms: Aug 26 13:09:08.639040: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:08.639044: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:08.639048: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:08.639052: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:08.639055: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:08.639064: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:08.639068: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:08.639072: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:08.639076: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:08.639079: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:08.639083: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:08.639087: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:08.639091: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:08.639094: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:08.639099: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:08.639102: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:08.639105: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:08.639112: Hash algorithms: Aug 26 13:09:08.639115: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:08.639119: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:08.639122: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:08.639125: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:08.639128: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:08.639141: PRF algorithms: Aug 26 13:09:08.639144: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:08.639148: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:08.639151: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:08.639155: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:08.639158: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:08.639161: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:08.639188: Integrity algorithms: Aug 26 13:09:08.639192: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:08.639196: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:08.639200: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:08.639204: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:08.639209: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:08.639212: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:08.639215: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:08.639219: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:08.639222: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:08.639234: DH algorithms: Aug 26 13:09:08.639238: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:08.639241: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:08.639244: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:08.639249: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:08.639252: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:08.639255: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:08.639258: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:08.639262: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:08.639265: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:08.639268: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:08.639271: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:08.639274: testing CAMELLIA_CBC: Aug 26 13:09:08.639277: Camellia: 16 bytes with 128-bit key Aug 26 13:09:08.639433: Camellia: 16 bytes with 128-bit key Aug 26 13:09:08.639496: Camellia: 16 bytes with 256-bit key Aug 26 13:09:08.639528: Camellia: 16 bytes with 256-bit key Aug 26 13:09:08.639556: testing AES_GCM_16: Aug 26 13:09:08.639560: empty string Aug 26 13:09:08.639588: one block Aug 26 13:09:08.639613: two blocks Aug 26 13:09:08.639639: two blocks with associated data Aug 26 13:09:08.639666: testing AES_CTR: Aug 26 13:09:08.639669: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:08.639696: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:08.639736: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:08.639765: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:08.639791: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:08.639818: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:08.639845: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:08.639871: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:08.639898: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:08.639925: testing AES_CBC: Aug 26 13:09:08.639928: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:08.639954: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.639982: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.640024: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.640058: testing AES_XCBC: Aug 26 13:09:08.640061: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:08.640178: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:08.640311: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:08.640451: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:08.640593: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:08.640746: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:08.640876: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:08.641172: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:08.641306: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:08.641446: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:08.641683: testing HMAC_MD5: Aug 26 13:09:08.641686: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:08.641854: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:08.642008: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:08.642307: 8 CPU cores online Aug 26 13:09:08.642314: starting up 7 crypto helpers Aug 26 13:09:08.642352: started thread for crypto helper 0 Aug 26 13:09:08.642372: started thread for crypto helper 1 Aug 26 13:09:08.642388: | starting up helper thread 0 Aug 26 13:09:08.642412: | starting up helper thread 2 Aug 26 13:09:08.642416: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:08.642392: started thread for crypto helper 2 Aug 26 13:09:08.642420: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:08.642421: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:08.642440: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:08.642449: started thread for crypto helper 3 Aug 26 13:09:08.642450: | starting up helper thread 3 Aug 26 13:09:08.642461: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:08.642464: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:08.642470: started thread for crypto helper 4 Aug 26 13:09:08.642472: | starting up helper thread 4 Aug 26 13:09:08.642480: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:08.642483: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:08.642492: started thread for crypto helper 5 Aug 26 13:09:08.642494: | starting up helper thread 5 Aug 26 13:09:08.642500: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:08.642502: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:08.642511: started thread for crypto helper 6 Aug 26 13:09:08.642513: | starting up helper thread 6 Aug 26 13:09:08.642515: | checking IKEv1 state table Aug 26 13:09:08.642520: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:08.642526: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:08.642529: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642531: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:08.642533: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642535: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:08.642537: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:08.642538: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:08.642540: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.642542: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.642543: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:08.642545: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:08.642546: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.642548: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.642549: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:08.642551: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.642552: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.642554: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:08.642556: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:08.642557: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.642559: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.642560: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:08.642562: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:08.642563: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642565: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:08.642567: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642568: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642570: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:08.642572: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642573: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:08.642575: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:08.642576: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:08.642578: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:08.642580: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:08.642582: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:08.642585: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642588: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.642590: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642593: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:08.642595: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:08.642598: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:08.642601: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:08.642604: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:08.642609: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:08.642612: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:08.642615: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642617: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:08.642620: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642623: | INFO: category: informational flags: 0: Aug 26 13:09:08.642625: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642628: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:08.642630: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642633: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:08.642635: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:08.642638: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:08.642641: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.642644: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:08.642646: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:08.642649: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:08.642652: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:08.642655: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.642657: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.642660: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:08.642663: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.642665: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.642668: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:08.642671: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:08.642674: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:08.642680: | checking IKEv2 state table Aug 26 13:09:08.642687: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:08.642690: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:08.642693: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642697: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:08.642700: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:08.642703: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:08.642706: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:08.642708: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:08.642711: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:08.642714: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:08.642717: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:08.642720: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:08.642723: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:08.642726: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:08.642728: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:08.642731: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:08.642734: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642737: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:08.642740: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.642743: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:08.642746: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:08.642749: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.642752: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:08.642755: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:08.642757: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:08.642763: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:08.642766: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.642769: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:08.642772: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:08.642775: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:08.642778: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.642781: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:08.642784: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:08.642787: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:08.642790: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.642793: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:08.642796: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:08.642799: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:08.642802: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:08.642805: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:08.642808: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:08.642811: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:08.642814: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:08.642817: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:08.642820: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:08.642823: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:08.642826: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:08.642839: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:08.643417: | Hard-wiring algorithms Aug 26 13:09:08.643428: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:08.643433: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:08.643436: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:08.643438: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:08.643441: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:08.643443: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:08.643446: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:08.643448: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:08.643451: | adding AES_CTR to kernel algorithm db Aug 26 13:09:08.643453: | adding AES_CBC to kernel algorithm db Aug 26 13:09:08.643455: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:08.643458: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:08.643460: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:08.643463: | adding NULL to kernel algorithm db Aug 26 13:09:08.643465: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:08.643468: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:08.643470: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:08.643473: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:08.643475: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:08.643478: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:08.643480: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:08.643483: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:08.643485: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:08.643488: | adding NONE to kernel algorithm db Aug 26 13:09:08.643510: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:08.643517: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:08.643519: | setup kernel fd callback Aug 26 13:09:08.643528: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55560f4846b8 Aug 26 13:09:08.643532: | libevent_malloc: new ptr-libevent@0x55560f4c3618 size 128 Aug 26 13:09:08.643536: | libevent_malloc: new ptr-libevent@0x55560f4ca7b8 size 16 Aug 26 13:09:08.643542: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55560f4ca748 Aug 26 13:09:08.643545: | libevent_malloc: new ptr-libevent@0x55560f4c36c8 size 128 Aug 26 13:09:08.643548: | libevent_malloc: new ptr-libevent@0x55560f4ca418 size 16 Aug 26 13:09:08.643736: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:08.643748: selinux support is enabled. Aug 26 13:09:08.644076: | starting up helper thread 1 Aug 26 13:09:08.644091: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:08.644095: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:08.644311: | unbound context created - setting debug level to 5 Aug 26 13:09:08.644339: | /etc/hosts lookups activated Aug 26 13:09:08.644348: | /etc/resolv.conf usage activated Aug 26 13:09:08.644385: | outgoing-port-avoid set 0-65535 Aug 26 13:09:08.644414: | outgoing-port-permit set 32768-60999 Aug 26 13:09:08.644418: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:08.644421: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:08.644425: | Setting up events, loop start Aug 26 13:09:08.644428: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55560f4cabe8 Aug 26 13:09:08.644432: | libevent_malloc: new ptr-libevent@0x55560f4d6a48 size 128 Aug 26 13:09:08.644435: | libevent_malloc: new ptr-libevent@0x55560f4e1d38 size 16 Aug 26 13:09:08.644443: | libevent_realloc: new ptr-libevent@0x55560f4e1d78 size 256 Aug 26 13:09:08.644446: | libevent_malloc: new ptr-libevent@0x55560f4e1ea8 size 8 Aug 26 13:09:08.644449: | libevent_realloc: new ptr-libevent@0x55560f4e1ee8 size 144 Aug 26 13:09:08.644452: | libevent_malloc: new ptr-libevent@0x55560f488c88 size 152 Aug 26 13:09:08.644456: | libevent_malloc: new ptr-libevent@0x55560f4e1fa8 size 16 Aug 26 13:09:08.644460: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:08.644463: | libevent_malloc: new ptr-libevent@0x55560f4e1fe8 size 8 Aug 26 13:09:08.644468: | libevent_malloc: new ptr-libevent@0x55560f3ff308 size 152 Aug 26 13:09:08.644471: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:08.644474: | libevent_malloc: new ptr-libevent@0x55560f4e2028 size 8 Aug 26 13:09:08.644477: | libevent_malloc: new ptr-libevent@0x55560f409508 size 152 Aug 26 13:09:08.644480: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:08.644483: | libevent_malloc: new ptr-libevent@0x55560f4e2068 size 8 Aug 26 13:09:08.644486: | libevent_realloc: release ptr-libevent@0x55560f4e1ee8 Aug 26 13:09:08.644489: | libevent_realloc: new ptr-libevent@0x55560f4e20a8 size 256 Aug 26 13:09:08.644492: | libevent_malloc: new ptr-libevent@0x55560f4013b8 size 152 Aug 26 13:09:08.644496: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:08.644792: | created addconn helper (pid:1848) using fork+execve Aug 26 13:09:08.644816: | forked child 1848 Aug 26 13:09:08.644864: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.644880: listening for IKE messages Aug 26 13:09:08.644961: | Inspecting interface lo Aug 26 13:09:08.644966: | found lo with address 127.0.0.1 Aug 26 13:09:08.644970: | Inspecting interface eth0 Aug 26 13:09:08.644973: | found eth0 with address 192.0.2.254 Aug 26 13:09:08.644976: | Inspecting interface eth0 Aug 26 13:09:08.644978: | found eth0 with address 192.0.22.254 Aug 26 13:09:08.644980: | Inspecting interface eth1 Aug 26 13:09:08.644982: | found eth1 with address 192.1.2.23 Aug 26 13:09:08.645060: Kernel supports NIC esp-hw-offload Aug 26 13:09:08.645535: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:09:08.645628: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.645636: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.645645: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:09:08.645676: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.254:500 Aug 26 13:09:08.645699: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.645704: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.645708: adding interface eth0/eth0 192.0.22.254:4500 Aug 26 13:09:08.645734: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:09:08.645755: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.645760: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.645764: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:09:08.645788: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:08.645808: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.645812: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.645815: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:08.645897: | no interfaces to sort Aug 26 13:09:08.645903: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:08.645913: | add_fd_read_event_handler: new ethX-pe@0x55560f4e27c8 Aug 26 13:09:08.645918: | libevent_malloc: new ptr-libevent@0x55560f4d6998 size 128 Aug 26 13:09:08.645922: | libevent_malloc: new ptr-libevent@0x55560f4e2838 size 16 Aug 26 13:09:08.645930: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 13:09:08.645933: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2878 Aug 26 13:09:08.645938: | libevent_malloc: new ptr-libevent@0x55560f47d178 size 128 Aug 26 13:09:08.645940: | libevent_malloc: new ptr-libevent@0x55560f4e28e8 size 16 Aug 26 13:09:08.645945: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 13:09:08.645948: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2928 Aug 26 13:09:08.645951: | libevent_malloc: new ptr-libevent@0x55560f47d228 size 128 Aug 26 13:09:08.645953: | libevent_malloc: new ptr-libevent@0x55560f4e2998 size 16 Aug 26 13:09:08.645958: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Aug 26 13:09:08.645961: | add_fd_read_event_handler: new ethX-pe@0x55560f4e29d8 Aug 26 13:09:08.645965: | libevent_malloc: new ptr-libevent@0x55560f47c1e8 size 128 Aug 26 13:09:08.645968: | libevent_malloc: new ptr-libevent@0x55560f4e2a48 size 16 Aug 26 13:09:08.645973: | setup callback for interface eth0 192.0.2.254:500 fd 21 Aug 26 13:09:08.645976: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2a88 Aug 26 13:09:08.645980: | libevent_malloc: new ptr-libevent@0x55560f4844f8 size 128 Aug 26 13:09:08.645983: | libevent_malloc: new ptr-libevent@0x55560f4e2af8 size 16 Aug 26 13:09:08.645988: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Aug 26 13:09:08.645991: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2b38 Aug 26 13:09:08.645994: | libevent_malloc: new ptr-libevent@0x55560f485018 size 128 Aug 26 13:09:08.645997: | libevent_malloc: new ptr-libevent@0x55560f4e2ba8 size 16 Aug 26 13:09:08.646002: | setup callback for interface eth0 192.0.22.254:500 fd 19 Aug 26 13:09:08.646006: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2be8 Aug 26 13:09:08.646009: | libevent_malloc: new ptr-libevent@0x55560f4e3198 size 128 Aug 26 13:09:08.646012: | libevent_malloc: new ptr-libevent@0x55560f4e3248 size 16 Aug 26 13:09:08.646017: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:08.646019: | add_fd_read_event_handler: new ethX-pe@0x55560f4e3288 Aug 26 13:09:08.646021: | libevent_malloc: new ptr-libevent@0x55560f4e32f8 size 128 Aug 26 13:09:08.646022: | libevent_malloc: new ptr-libevent@0x55560f4e33a8 size 16 Aug 26 13:09:08.646026: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:08.646029: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:08.646031: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:08.646052: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:08.646067: | saving Modulus Aug 26 13:09:08.646070: | saving PublicExponent Aug 26 13:09:08.646072: | ignoring PrivateExponent Aug 26 13:09:08.646074: | ignoring Prime1 Aug 26 13:09:08.646076: | ignoring Prime2 Aug 26 13:09:08.646078: | ignoring Exponent1 Aug 26 13:09:08.646080: | ignoring Exponent2 Aug 26 13:09:08.646082: | ignoring Coefficient Aug 26 13:09:08.646084: | ignoring CKAIDNSS Aug 26 13:09:08.646110: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:08.646113: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:08.646116: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:08.646121: | certs and keys locked by 'process_secret' Aug 26 13:09:08.646125: | certs and keys unlocked by 'process_secret' Aug 26 13:09:08.646138: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.646148: | spent 0.852 milliseconds in whack Aug 26 13:09:08.672960: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.672989: listening for IKE messages Aug 26 13:09:08.673069: | Inspecting interface lo Aug 26 13:09:08.673075: | found lo with address 127.0.0.1 Aug 26 13:09:08.673077: | Inspecting interface eth0 Aug 26 13:09:08.673080: | found eth0 with address 192.0.2.254 Aug 26 13:09:08.673082: | Inspecting interface eth0 Aug 26 13:09:08.673084: | found eth0 with address 192.0.22.254 Aug 26 13:09:08.673086: | Inspecting interface eth1 Aug 26 13:09:08.673089: | found eth1 with address 192.1.2.23 Aug 26 13:09:08.673147: | no interfaces to sort Aug 26 13:09:08.673154: | libevent_free: release ptr-libevent@0x55560f4d6998 Aug 26 13:09:08.673157: | free_event_entry: release EVENT_NULL-pe@0x55560f4e27c8 Aug 26 13:09:08.673159: | add_fd_read_event_handler: new ethX-pe@0x55560f4e27c8 Aug 26 13:09:08.673161: | libevent_malloc: new ptr-libevent@0x55560f4d6998 size 128 Aug 26 13:09:08.673165: | setup callback for interface lo 127.0.0.1:4500 fd 24 Aug 26 13:09:08.673168: | libevent_free: release ptr-libevent@0x55560f47d178 Aug 26 13:09:08.673170: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2878 Aug 26 13:09:08.673171: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2878 Aug 26 13:09:08.673173: | libevent_malloc: new ptr-libevent@0x55560f47d178 size 128 Aug 26 13:09:08.673176: | setup callback for interface lo 127.0.0.1:500 fd 23 Aug 26 13:09:08.673179: | libevent_free: release ptr-libevent@0x55560f47d228 Aug 26 13:09:08.673180: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2928 Aug 26 13:09:08.673182: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2928 Aug 26 13:09:08.673184: | libevent_malloc: new ptr-libevent@0x55560f47d228 size 128 Aug 26 13:09:08.673187: | setup callback for interface eth0 192.0.2.254:4500 fd 22 Aug 26 13:09:08.673189: | libevent_free: release ptr-libevent@0x55560f47c1e8 Aug 26 13:09:08.673191: | free_event_entry: release EVENT_NULL-pe@0x55560f4e29d8 Aug 26 13:09:08.673193: | add_fd_read_event_handler: new ethX-pe@0x55560f4e29d8 Aug 26 13:09:08.673194: | libevent_malloc: new ptr-libevent@0x55560f47c1e8 size 128 Aug 26 13:09:08.673198: | setup callback for interface eth0 192.0.2.254:500 fd 21 Aug 26 13:09:08.673200: | libevent_free: release ptr-libevent@0x55560f4844f8 Aug 26 13:09:08.673202: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2a88 Aug 26 13:09:08.673204: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2a88 Aug 26 13:09:08.673205: | libevent_malloc: new ptr-libevent@0x55560f4844f8 size 128 Aug 26 13:09:08.673209: | setup callback for interface eth0 192.0.22.254:4500 fd 20 Aug 26 13:09:08.673211: | libevent_free: release ptr-libevent@0x55560f485018 Aug 26 13:09:08.673213: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2b38 Aug 26 13:09:08.673215: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2b38 Aug 26 13:09:08.673216: | libevent_malloc: new ptr-libevent@0x55560f485018 size 128 Aug 26 13:09:08.673219: | setup callback for interface eth0 192.0.22.254:500 fd 19 Aug 26 13:09:08.673222: | libevent_free: release ptr-libevent@0x55560f4e3198 Aug 26 13:09:08.673226: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2be8 Aug 26 13:09:08.673228: | add_fd_read_event_handler: new ethX-pe@0x55560f4e2be8 Aug 26 13:09:08.673230: | libevent_malloc: new ptr-libevent@0x55560f4e3198 size 128 Aug 26 13:09:08.673233: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:08.673236: | libevent_free: release ptr-libevent@0x55560f4e32f8 Aug 26 13:09:08.673237: | free_event_entry: release EVENT_NULL-pe@0x55560f4e3288 Aug 26 13:09:08.673239: | add_fd_read_event_handler: new ethX-pe@0x55560f4e3288 Aug 26 13:09:08.673241: | libevent_malloc: new ptr-libevent@0x55560f4e32f8 size 128 Aug 26 13:09:08.673244: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:08.673246: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:08.673247: forgetting secrets Aug 26 13:09:08.673254: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:08.673277: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:08.673287: | saving Modulus Aug 26 13:09:08.673296: | saving PublicExponent Aug 26 13:09:08.673299: | ignoring PrivateExponent Aug 26 13:09:08.673301: | ignoring Prime1 Aug 26 13:09:08.673303: | ignoring Prime2 Aug 26 13:09:08.673305: | ignoring Exponent1 Aug 26 13:09:08.673307: | ignoring Exponent2 Aug 26 13:09:08.673309: | ignoring Coefficient Aug 26 13:09:08.673311: | ignoring CKAIDNSS Aug 26 13:09:08.673339: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:08.673342: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:08.673344: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:08.673348: | certs and keys locked by 'process_secret' Aug 26 13:09:08.673350: | certs and keys unlocked by 'process_secret' Aug 26 13:09:08.673371: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.673376: | spent 0.42 milliseconds in whack Aug 26 13:09:08.673852: | processing signal PLUTO_SIGCHLD Aug 26 13:09:08.673878: | waitpid returned pid 1848 (exited with status 0) Aug 26 13:09:08.673883: | reaped addconn helper child (status 0) Aug 26 13:09:08.673887: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:08.673892: | spent 0.0171 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:08.727477: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.727503: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.727507: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.727510: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.727512: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.727516: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.727523: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.727527: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:08.727569: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:08.727571: | from whack: got --esp= Aug 26 13:09:08.727594: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:08.728317: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.728332: | loading left certificate 'north' pubkey Aug 26 13:09:08.728406: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4e9df8 Aug 26 13:09:08.728411: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4e9ef8 Aug 26 13:09:08.728417: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4ea908 Aug 26 13:09:08.728510: | unreference key: 0x55560f3d0c48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.728593: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:09:08.728600: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:08.728827: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.728834: | loading right certificate 'east' pubkey Aug 26 13:09:08.728921: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4ead78 Aug 26 13:09:08.728926: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4ea218 Aug 26 13:09:08.728928: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4e6658 Aug 26 13:09:08.728930: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4ea808 Aug 26 13:09:08.728931: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4e6258 Aug 26 13:09:08.729104: | unreference key: 0x55560f4ee948 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.729231: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:09:08.729236: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:09:08.729241: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:08.729249: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 13:09:08.729251: | new hp@0x55560f4f12e8 Aug 26 13:09:08.729256: added connection description "northnet-eastnets/0x1" Aug 26 13:09:08.729267: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.729286: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:09:08.729303: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.729311: | spent 1.82 milliseconds in whack Aug 26 13:09:08.729368: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.729381: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.729384: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.729387: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.729390: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.729393: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.729398: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.729401: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:08.729450: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:08.729454: | from whack: got --esp= Aug 26 13:09:08.729478: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:08.729559: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.729565: | loading left certificate 'north' pubkey Aug 26 13:09:08.729607: | unreference key: 0x55560f4eadc8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.729619: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f1cf8 Aug 26 13:09:08.729623: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f1ca8 Aug 26 13:09:08.729625: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f2dc8 Aug 26 13:09:08.729672: | unreference key: 0x55560f4ea438 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:08.729712: | unreference key: 0x55560f4eaba8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.729765: | unreference key: 0x55560f4f1ef8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.729884: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:09:08.729896: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:08.729986: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.729994: | loading right certificate 'east' pubkey Aug 26 13:09:08.730044: | unreference key: 0x55560f4f0e68 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.730054: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f1ca8 Aug 26 13:09:08.730057: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f2dc8 Aug 26 13:09:08.730058: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f2128 Aug 26 13:09:08.730060: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f20d8 Aug 26 13:09:08.730062: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f4f2088 Aug 26 13:09:08.730109: | unreference key: 0x55560f4efdc8 192.1.2.23 cnt 1-- Aug 26 13:09:08.730159: | unreference key: 0x55560f4f02d8 east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.730196: | unreference key: 0x55560f4f0538 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:08.730246: | unreference key: 0x55560f4f0c58 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.730315: | unreference key: 0x55560f4f22a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.730376: | secrets entry for east already exists Aug 26 13:09:08.730386: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:08.730394: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:08.730400: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55560f4f12e8: northnet-eastnets/0x1 Aug 26 13:09:08.730403: added connection description "northnet-eastnets/0x2" Aug 26 13:09:08.730416: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.730436: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:09:08.730448: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.730454: | spent 1.08 milliseconds in whack Aug 26 13:09:08.791463: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.791968: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:08.791975: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:08.792117: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:08.792130: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.792138: | spent 0.681 milliseconds in whack Aug 26 13:09:08.848237: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.848263: | old debugging base+cpu-usage + none Aug 26 13:09:08.848268: | base debugging = base+cpu-usage Aug 26 13:09:08.848271: | old impairing none + suppress-retransmits Aug 26 13:09:08.848274: | base impairing = suppress-retransmits Aug 26 13:09:08.848282: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.848295: | spent 0.0625 milliseconds in whack Aug 26 13:09:10.869465: | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.869494: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.869499: | 0e ea 1f 14 0a 7b 00 47 00 00 00 00 00 00 00 00 Aug 26 13:09:10.869500: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:10.869502: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.869503: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:10.869505: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:10.869506: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:10.869508: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:10.869509: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:10.869511: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:10.869512: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:10.869514: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:10.869515: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:10.869517: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:10.869518: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:10.869520: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:10.869523: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:10.869525: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:10.869527: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:10.869530: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:10.869532: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:10.869534: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:10.869536: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:10.869538: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:10.869541: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:10.869543: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:10.869545: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:10.869547: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:10.869550: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:10.869552: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:10.869554: | 28 00 01 08 00 0e 00 00 eb 7d 6f ad 19 65 d7 7b Aug 26 13:09:10.869556: | b3 8f ce 9d ce 07 26 0b 6d f5 77 d0 46 f6 c7 07 Aug 26 13:09:10.869559: | 36 2c 7f e5 f7 10 08 10 7c 36 62 d8 1f 19 b3 b2 Aug 26 13:09:10.869561: | 23 21 47 64 19 1d d2 75 1e bc e5 3c e2 1c 2a 5b Aug 26 13:09:10.869563: | 9c 95 0a 4d df a0 39 73 41 5b 1c 00 b1 fb 81 44 Aug 26 13:09:10.869569: | 51 6d 9e dc be 4e 34 b9 45 5d c6 95 5b 9c bc f5 Aug 26 13:09:10.869572: | 79 90 83 c4 8d e3 34 aa be d3 a8 db d6 15 6d 72 Aug 26 13:09:10.869574: | fc bf 2a 16 91 ea 9b 0f b1 6a 05 d5 b8 83 80 90 Aug 26 13:09:10.869577: | 33 d7 16 1e e3 ff 3e 9a 77 09 56 19 11 18 5e 40 Aug 26 13:09:10.869579: | 24 02 54 29 2a 46 1c 51 84 3e 1f e7 d6 34 b5 c1 Aug 26 13:09:10.869581: | 51 57 bc 40 ae a0 87 cc 7e f3 7a 6c 4f ad e4 4f Aug 26 13:09:10.869584: | 29 cb df 85 5d a7 85 3e 73 88 07 48 10 c2 78 50 Aug 26 13:09:10.869586: | e4 c5 53 46 a7 fc cc 43 ba 98 87 45 cb 4d 3f 9d Aug 26 13:09:10.869588: | 4f d8 c8 57 79 2d 34 df d8 17 d4 43 3e ca a2 f1 Aug 26 13:09:10.869591: | 7b 04 b1 c5 77 f7 cd a1 53 f4 31 84 f7 6c 77 b8 Aug 26 13:09:10.869593: | cf 28 fb 74 05 56 ac 9d bd d1 64 98 20 92 5d dd Aug 26 13:09:10.869596: | 4a 8c da cc 60 e9 75 b8 29 00 00 24 6b 6f b5 e0 Aug 26 13:09:10.869598: | 0a 8f 9d 65 09 38 be b9 a5 e8 be 13 59 e8 29 2b Aug 26 13:09:10.869600: | 48 6b d8 20 1e 7a 42 d6 72 40 72 3e 29 00 00 08 Aug 26 13:09:10.869603: | 00 00 40 2e 29 00 00 1c 00 00 40 04 23 41 38 66 Aug 26 13:09:10.869605: | 70 5d e3 27 cc 55 15 23 45 2b 2f 33 f6 85 53 d1 Aug 26 13:09:10.869607: | 00 00 00 1c 00 00 40 05 13 7d 91 4b 60 cc 9b 51 Aug 26 13:09:10.869610: | 4f cb f3 f7 61 3a 56 de 81 20 1f d7 Aug 26 13:09:10.869618: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.869622: | **parse ISAKMP Message: Aug 26 13:09:10.869625: | initiator cookie: Aug 26 13:09:10.869628: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.869630: | responder cookie: Aug 26 13:09:10.869633: | 00 00 00 00 00 00 00 00 Aug 26 13:09:10.869636: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.869639: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.869641: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.869644: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.869647: | Message ID: 0 (0x0) Aug 26 13:09:10.869650: | length: 828 (0x33c) Aug 26 13:09:10.869653: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:10.869656: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:09:10.869660: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:10.869662: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.869664: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:10.869666: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.869668: | flags: none (0x0) Aug 26 13:09:10.869669: | length: 436 (0x1b4) Aug 26 13:09:10.869671: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:09:10.869673: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.869675: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.869676: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.869678: | flags: none (0x0) Aug 26 13:09:10.869679: | length: 264 (0x108) Aug 26 13:09:10.869681: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.869683: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.869684: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.869686: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:10.869688: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.869689: | flags: none (0x0) Aug 26 13:09:10.869691: | length: 36 (0x24) Aug 26 13:09:10.869692: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.869694: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.869696: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.869697: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.869699: | flags: none (0x0) Aug 26 13:09:10.869700: | length: 8 (0x8) Aug 26 13:09:10.869702: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.869703: | SPI size: 0 (0x0) Aug 26 13:09:10.869705: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.869710: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:10.869711: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.869713: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.869714: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.869716: | flags: none (0x0) Aug 26 13:09:10.869717: | length: 28 (0x1c) Aug 26 13:09:10.869719: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.869720: | SPI size: 0 (0x0) Aug 26 13:09:10.869722: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.869724: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.869725: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.869727: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.869729: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.869730: | flags: none (0x0) Aug 26 13:09:10.869732: | length: 28 (0x1c) Aug 26 13:09:10.869733: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.869735: | SPI size: 0 (0x0) Aug 26 13:09:10.869736: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.869738: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.869740: | DDOS disabled and no cookie sent, continuing Aug 26 13:09:10.869744: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.869747: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.869749: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:10.869752: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 13:09:10.869754: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 13:09:10.869756: | find_next_host_connection returns empty Aug 26 13:09:10.869758: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.869760: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:10.869762: | find_next_host_connection returns empty Aug 26 13:09:10.869764: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:09:10.869767: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.869770: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.869771: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.869773: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 13:09:10.869775: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 13:09:10.869777: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.869779: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 13:09:10.869780: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 13:09:10.869782: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.869784: | find_next_host_connection returns empty Aug 26 13:09:10.869786: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 13:09:10.869801: | creating state object #1 at 0x55560f4f33d8 Aug 26 13:09:10.869805: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:10.869813: | pstats #1 ikev2.ike started Aug 26 13:09:10.869817: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:10.869820: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:09:10.869826: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.869836: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.869841: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:10.869845: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:10.869847: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:09:10.869850: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:09:10.869853: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:09:10.869855: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:09:10.869857: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:09:10.869858: | Now let's proceed with state specific processing Aug 26 13:09:10.869860: | calling processor Respond to IKE_SA_INIT Aug 26 13:09:10.869864: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.869866: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 13:09:10.869873: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.869879: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.869882: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.869885: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.869888: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.869892: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.869894: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.869897: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.869904: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.869906: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:09:10.869909: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.869910: | local proposal 1 type PRF has 2 transforms Aug 26 13:09:10.869912: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.869914: | local proposal 1 type DH has 8 transforms Aug 26 13:09:10.869915: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:10.869917: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.869922: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.869924: | local proposal 2 type PRF has 2 transforms Aug 26 13:09:10.869925: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.869927: | local proposal 2 type DH has 8 transforms Aug 26 13:09:10.869928: | local proposal 2 type ESN has 0 transforms Aug 26 13:09:10.869930: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.869932: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.869934: | local proposal 3 type PRF has 2 transforms Aug 26 13:09:10.869935: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.869937: | local proposal 3 type DH has 8 transforms Aug 26 13:09:10.869938: | local proposal 3 type ESN has 0 transforms Aug 26 13:09:10.869940: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.869942: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.869943: | local proposal 4 type PRF has 2 transforms Aug 26 13:09:10.869945: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.869947: | local proposal 4 type DH has 8 transforms Aug 26 13:09:10.869948: | local proposal 4 type ESN has 0 transforms Aug 26 13:09:10.869950: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.869952: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.869954: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.869956: | length: 100 (0x64) Aug 26 13:09:10.869957: | prop #: 1 (0x1) Aug 26 13:09:10.869959: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.869961: | spi size: 0 (0x0) Aug 26 13:09:10.869962: | # transforms: 11 (0xb) Aug 26 13:09:10.869965: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:10.869967: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.869968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.869970: | length: 12 (0xc) Aug 26 13:09:10.869971: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.869973: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.869975: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.869977: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.869978: | length/value: 256 (0x100) Aug 26 13:09:10.869981: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.869983: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.869985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.869986: | length: 8 (0x8) Aug 26 13:09:10.869988: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.869989: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.869992: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:10.869994: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:09:10.869996: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:09:10.869998: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:09:10.869999: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870001: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870003: | length: 8 (0x8) Aug 26 13:09:10.870004: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870006: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.870008: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870011: | length: 8 (0x8) Aug 26 13:09:10.870012: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870014: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.870016: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.870019: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:09:10.870021: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:09:10.870024: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:09:10.870026: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870031: | length: 8 (0x8) Aug 26 13:09:10.870034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870036: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.870039: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870044: | length: 8 (0x8) Aug 26 13:09:10.870046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870048: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.870051: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870053: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870055: | length: 8 (0x8) Aug 26 13:09:10.870057: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870059: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.870061: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870066: | length: 8 (0x8) Aug 26 13:09:10.870068: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870070: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.870072: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870076: | length: 8 (0x8) Aug 26 13:09:10.870078: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870080: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.870083: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870087: | length: 8 (0x8) Aug 26 13:09:10.870089: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870091: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.870093: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870095: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.870097: | length: 8 (0x8) Aug 26 13:09:10.870100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870103: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.870106: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:09:10.870109: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:09:10.870111: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.870113: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.870114: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.870116: | length: 100 (0x64) Aug 26 13:09:10.870117: | prop #: 2 (0x2) Aug 26 13:09:10.870119: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.870120: | spi size: 0 (0x0) Aug 26 13:09:10.870122: | # transforms: 11 (0xb) Aug 26 13:09:10.870124: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.870126: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870129: | length: 12 (0xc) Aug 26 13:09:10.870131: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.870132: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.870134: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.870137: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.870139: | length/value: 128 (0x80) Aug 26 13:09:10.870141: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870144: | length: 8 (0x8) Aug 26 13:09:10.870145: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870147: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.870149: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870152: | length: 8 (0x8) Aug 26 13:09:10.870153: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870155: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.870157: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870160: | length: 8 (0x8) Aug 26 13:09:10.870161: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870163: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.870165: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870168: | length: 8 (0x8) Aug 26 13:09:10.870170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870171: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.870173: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870175: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870176: | length: 8 (0x8) Aug 26 13:09:10.870178: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870179: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.870181: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870184: | length: 8 (0x8) Aug 26 13:09:10.870186: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870187: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.870189: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870192: | length: 8 (0x8) Aug 26 13:09:10.870194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870196: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.870197: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870200: | length: 8 (0x8) Aug 26 13:09:10.870202: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870204: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.870205: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870208: | length: 8 (0x8) Aug 26 13:09:10.870210: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870212: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.870213: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870215: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.870217: | length: 8 (0x8) Aug 26 13:09:10.870218: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870220: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.870222: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:09:10.870224: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:09:10.870226: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.870227: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.870229: | length: 116 (0x74) Aug 26 13:09:10.870231: | prop #: 3 (0x3) Aug 26 13:09:10.870232: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.870234: | spi size: 0 (0x0) Aug 26 13:09:10.870236: | # transforms: 13 (0xd) Aug 26 13:09:10.870238: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.870240: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870243: | length: 12 (0xc) Aug 26 13:09:10.870245: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.870246: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.870248: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.870250: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.870251: | length/value: 256 (0x100) Aug 26 13:09:10.870253: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870256: | length: 8 (0x8) Aug 26 13:09:10.870258: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870259: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.870261: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870264: | length: 8 (0x8) Aug 26 13:09:10.870266: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870268: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.870269: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870271: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870272: | length: 8 (0x8) Aug 26 13:09:10.870274: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.870276: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.870277: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870280: | length: 8 (0x8) Aug 26 13:09:10.870282: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.870284: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.870285: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870306: | length: 8 (0x8) Aug 26 13:09:10.870308: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870310: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.870311: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870314: | length: 8 (0x8) Aug 26 13:09:10.870316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870318: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.870319: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870322: | length: 8 (0x8) Aug 26 13:09:10.870324: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870326: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.870327: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870329: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870330: | length: 8 (0x8) Aug 26 13:09:10.870332: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870334: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.870335: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870338: | length: 8 (0x8) Aug 26 13:09:10.870340: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870341: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.870343: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870360: | length: 8 (0x8) Aug 26 13:09:10.870361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870363: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.870366: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870369: | length: 8 (0x8) Aug 26 13:09:10.870370: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870372: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.870373: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870375: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.870376: | length: 8 (0x8) Aug 26 13:09:10.870378: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870380: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.870382: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:09:10.870384: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:09:10.870385: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.870387: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.870389: | length: 116 (0x74) Aug 26 13:09:10.870390: | prop #: 4 (0x4) Aug 26 13:09:10.870392: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.870393: | spi size: 0 (0x0) Aug 26 13:09:10.870395: | # transforms: 13 (0xd) Aug 26 13:09:10.870397: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.870398: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870401: | length: 12 (0xc) Aug 26 13:09:10.870403: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.870405: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.870406: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.870408: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.870409: | length/value: 128 (0x80) Aug 26 13:09:10.870411: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870414: | length: 8 (0x8) Aug 26 13:09:10.870416: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870417: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.870419: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870422: | length: 8 (0x8) Aug 26 13:09:10.870424: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.870425: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.870427: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870430: | length: 8 (0x8) Aug 26 13:09:10.870431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.870433: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.870435: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870438: | length: 8 (0x8) Aug 26 13:09:10.870439: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.870441: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.870443: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870446: | length: 8 (0x8) Aug 26 13:09:10.870447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870449: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.870450: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870453: | length: 8 (0x8) Aug 26 13:09:10.870455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870457: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.870458: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870462: | length: 8 (0x8) Aug 26 13:09:10.870464: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870465: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.870467: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870470: | length: 8 (0x8) Aug 26 13:09:10.870472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870473: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.870475: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870478: | length: 8 (0x8) Aug 26 13:09:10.870479: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870481: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.870483: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870486: | length: 8 (0x8) Aug 26 13:09:10.870487: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870489: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.870490: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.870493: | length: 8 (0x8) Aug 26 13:09:10.870495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870496: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.870498: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.870500: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.870501: | length: 8 (0x8) Aug 26 13:09:10.870503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.870504: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.870507: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:09:10.870508: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:09:10.870512: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:09:10.870515: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:09:10.870516: | converting proposal to internal trans attrs Aug 26 13:09:10.870519: | natd_hash: rcookie is zero Aug 26 13:09:10.870529: | natd_hash: hasher=0x55560d5e1800(20) Aug 26 13:09:10.870531: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.870532: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.870534: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.870535: | natd_hash: port=500 Aug 26 13:09:10.870537: | natd_hash: hash= 13 7d 91 4b 60 cc 9b 51 4f cb f3 f7 61 3a 56 de Aug 26 13:09:10.870538: | natd_hash: hash= 81 20 1f d7 Aug 26 13:09:10.870540: | natd_hash: rcookie is zero Aug 26 13:09:10.870543: | natd_hash: hasher=0x55560d5e1800(20) Aug 26 13:09:10.870545: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.870546: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.870548: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.870550: | natd_hash: port=500 Aug 26 13:09:10.870552: | natd_hash: hash= 23 41 38 66 70 5d e3 27 cc 55 15 23 45 2b 2f 33 Aug 26 13:09:10.870553: | natd_hash: hash= f6 85 53 d1 Aug 26 13:09:10.870555: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:10.870557: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:10.870558: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:10.870560: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:09:10.870565: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:09:10.870567: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f3368 Aug 26 13:09:10.870570: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.870573: | libevent_malloc: new ptr-libevent@0x55560f4ea858 size 128 Aug 26 13:09:10.870581: | #1 spent 0.704 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:09:10.870601: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.870603: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:10.870605: | suspending state #1 and saving MD Aug 26 13:09:10.870607: | #1 is busy; has a suspended MD Aug 26 13:09:10.870608: | crypto helper 0 resuming Aug 26 13:09:10.870609: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.870625: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:10.870633: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.870637: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:09:10.870640: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.870646: | #1 spent 1.15 milliseconds in ikev2_process_packet() Aug 26 13:09:10.870651: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.870655: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.870658: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.870662: | spent 1.17 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.871214: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000577 seconds Aug 26 13:09:10.871220: | (#1) spent 0.583 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:09:10.871223: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:10.871225: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.871227: | libevent_malloc: new ptr-libevent@0x7fc8f8002888 size 128 Aug 26 13:09:10.871233: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.871242: | processing resume sending helper answer for #1 Aug 26 13:09:10.871253: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.871259: | crypto helper 0 replies to request ID 1 Aug 26 13:09:10.871262: | calling continuation function 0x55560d50cb50 Aug 26 13:09:10.871266: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:09:10.871304: | **emit ISAKMP Message: Aug 26 13:09:10.871311: | initiator cookie: Aug 26 13:09:10.871314: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.871317: | responder cookie: Aug 26 13:09:10.871320: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.871336: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.871339: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.871342: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.871346: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.871351: | Message ID: 0 (0x0) Aug 26 13:09:10.871355: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.871358: | Emitting ikev2_proposal ... Aug 26 13:09:10.871361: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:10.871364: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871366: | flags: none (0x0) Aug 26 13:09:10.871369: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.871373: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871376: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.871379: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.871382: | prop #: 1 (0x1) Aug 26 13:09:10.871385: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.871388: | spi size: 0 (0x0) Aug 26 13:09:10.871391: | # transforms: 3 (0x3) Aug 26 13:09:10.871394: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.871398: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.871401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.871404: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.871406: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.871410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.871413: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.871416: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.871418: | length/value: 256 (0x100) Aug 26 13:09:10.871421: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.871424: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.871427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.871430: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.871432: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.871436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.871439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.871442: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.871444: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.871447: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.871450: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.871453: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.871456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.871459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.871462: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.871464: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:09:10.871467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.871470: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:09:10.871473: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.871476: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.871479: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871482: | flags: none (0x0) Aug 26 13:09:10.871484: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.871488: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.871493: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871497: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.871499: | ikev2 g^x b2 4d 86 86 33 07 d3 d9 87 d7 05 f3 c6 bf 14 91 Aug 26 13:09:10.871502: | ikev2 g^x 29 72 bd 2b 24 6f a5 39 e4 c8 43 da 14 3c 3b 31 Aug 26 13:09:10.871504: | ikev2 g^x 84 8e 97 72 83 95 15 5e bd 57 2d 19 a6 b6 5f 13 Aug 26 13:09:10.871507: | ikev2 g^x 98 ec de e8 55 61 ab 29 3e ab 18 49 e9 d5 f3 46 Aug 26 13:09:10.871509: | ikev2 g^x ec dc ed dd 96 65 9c b6 34 3b 74 0e 0e d4 a9 7c Aug 26 13:09:10.871512: | ikev2 g^x ab dd ec 82 3a 9f fc 3b 62 c4 5d a1 a8 73 2e 6f Aug 26 13:09:10.871529: | ikev2 g^x 2b 8f f5 21 8b 44 58 3b 57 28 26 84 eb f3 f3 6e Aug 26 13:09:10.871532: | ikev2 g^x 8f da b6 30 5a 96 ea d0 d1 fd 4a 56 5a 1f 96 7f Aug 26 13:09:10.871534: | ikev2 g^x 52 9e 25 83 d3 65 2c 04 77 c9 a3 ac c9 a9 ed d2 Aug 26 13:09:10.871536: | ikev2 g^x d1 dd 56 1b 0a 5c 8c 55 30 cd 2b 1a d3 c0 1a 21 Aug 26 13:09:10.871538: | ikev2 g^x ed e4 8a 59 5c 81 40 bb 2d 2b a5 b2 18 89 78 71 Aug 26 13:09:10.871539: | ikev2 g^x e3 b1 ee 5a 3b 84 8e d9 98 fb 3c d3 3e 4c f2 e6 Aug 26 13:09:10.871541: | ikev2 g^x 1a 9e a6 47 cf 16 b1 a4 73 0a 89 6a 91 ec 24 ec Aug 26 13:09:10.871542: | ikev2 g^x 11 7f 6d 1f 5c df 35 f7 60 94 c2 0a 84 f4 33 5f Aug 26 13:09:10.871544: | ikev2 g^x a5 9c 73 0e 19 35 57 fa f1 ad 89 b5 e8 13 63 77 Aug 26 13:09:10.871545: | ikev2 g^x d5 b0 0c 56 a1 42 ca b9 52 b5 10 9b d8 fe 29 cd Aug 26 13:09:10.871547: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.871549: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:10.871551: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.871552: | flags: none (0x0) Aug 26 13:09:10.871554: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:10.871556: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.871558: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871560: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.871562: | IKEv2 nonce 23 4b 62 d8 3c 90 b2 dd a3 27 fa 61 96 5c 04 e8 Aug 26 13:09:10.871563: | IKEv2 nonce 79 7f cc ef 06 56 44 b3 34 3c 33 98 a3 71 15 ce Aug 26 13:09:10.871565: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.871568: | Adding a v2N Payload Aug 26 13:09:10.871570: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.871571: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871573: | flags: none (0x0) Aug 26 13:09:10.871575: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.871576: | SPI size: 0 (0x0) Aug 26 13:09:10.871578: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.871580: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.871582: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871584: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:10.871586: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:10.871594: | natd_hash: hasher=0x55560d5e1800(20) Aug 26 13:09:10.871596: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.871597: | natd_hash: rcookie= 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.871599: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.871601: | natd_hash: port=500 Aug 26 13:09:10.871602: | natd_hash: hash= cc 22 43 b3 9e f7 54 f1 f3 0b b1 cd fe 08 1e 6b Aug 26 13:09:10.871604: | natd_hash: hash= 98 3d f2 8c Aug 26 13:09:10.871608: | Adding a v2N Payload Aug 26 13:09:10.871610: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.871611: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871613: | flags: none (0x0) Aug 26 13:09:10.871615: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.871616: | SPI size: 0 (0x0) Aug 26 13:09:10.871618: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.871620: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.871622: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871624: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.871625: | Notify data cc 22 43 b3 9e f7 54 f1 f3 0b b1 cd fe 08 1e 6b Aug 26 13:09:10.871627: | Notify data 98 3d f2 8c Aug 26 13:09:10.871629: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.871632: | natd_hash: hasher=0x55560d5e1800(20) Aug 26 13:09:10.871634: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.871636: | natd_hash: rcookie= 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.871637: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.871639: | natd_hash: port=500 Aug 26 13:09:10.871640: | natd_hash: hash= cb d7 31 95 bf aa f9 43 d4 a5 89 ec 79 fe bb c5 Aug 26 13:09:10.871642: | natd_hash: hash= d6 19 fb 5f Aug 26 13:09:10.871643: | Adding a v2N Payload Aug 26 13:09:10.871645: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.871646: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871648: | flags: none (0x0) Aug 26 13:09:10.871650: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.871651: | SPI size: 0 (0x0) Aug 26 13:09:10.871653: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.871655: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.871656: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.871658: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.871660: | Notify data cb d7 31 95 bf aa f9 43 d4 a5 89 ec 79 fe bb c5 Aug 26 13:09:10.871661: | Notify data d6 19 fb 5f Aug 26 13:09:10.871663: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.871664: | going to send a certreq Aug 26 13:09:10.871666: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 13:09:10.871668: | ***emit IKEv2 Certificate Request Payload: Aug 26 13:09:10.871670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.871671: | flags: none (0x0) Aug 26 13:09:10.871673: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.871675: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.871677: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.872409: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 13:09:10.872427: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 13:09:10.872431: | CA cert public key hash Aug 26 13:09:10.872434: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.872437: | 2b 92 25 e9 Aug 26 13:09:10.872440: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 13:09:10.872444: | emitting length of ISAKMP Message: 457 Aug 26 13:09:10.872451: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.872456: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:09:10.872459: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:09:10.872465: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:09:10.872469: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:09:10.872475: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:09:10.872479: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.872485: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:09:10.872491: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:10.872497: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.872504: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.872507: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 13:09:10.872510: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.872512: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:09:10.872515: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b2 4d 86 86 Aug 26 13:09:10.872518: | 33 07 d3 d9 87 d7 05 f3 c6 bf 14 91 29 72 bd 2b Aug 26 13:09:10.872520: | 24 6f a5 39 e4 c8 43 da 14 3c 3b 31 84 8e 97 72 Aug 26 13:09:10.872523: | 83 95 15 5e bd 57 2d 19 a6 b6 5f 13 98 ec de e8 Aug 26 13:09:10.872526: | 55 61 ab 29 3e ab 18 49 e9 d5 f3 46 ec dc ed dd Aug 26 13:09:10.872528: | 96 65 9c b6 34 3b 74 0e 0e d4 a9 7c ab dd ec 82 Aug 26 13:09:10.872531: | 3a 9f fc 3b 62 c4 5d a1 a8 73 2e 6f 2b 8f f5 21 Aug 26 13:09:10.872533: | 8b 44 58 3b 57 28 26 84 eb f3 f3 6e 8f da b6 30 Aug 26 13:09:10.872536: | 5a 96 ea d0 d1 fd 4a 56 5a 1f 96 7f 52 9e 25 83 Aug 26 13:09:10.872539: | d3 65 2c 04 77 c9 a3 ac c9 a9 ed d2 d1 dd 56 1b Aug 26 13:09:10.872541: | 0a 5c 8c 55 30 cd 2b 1a d3 c0 1a 21 ed e4 8a 59 Aug 26 13:09:10.872544: | 5c 81 40 bb 2d 2b a5 b2 18 89 78 71 e3 b1 ee 5a Aug 26 13:09:10.872546: | 3b 84 8e d9 98 fb 3c d3 3e 4c f2 e6 1a 9e a6 47 Aug 26 13:09:10.872549: | cf 16 b1 a4 73 0a 89 6a 91 ec 24 ec 11 7f 6d 1f Aug 26 13:09:10.872551: | 5c df 35 f7 60 94 c2 0a 84 f4 33 5f a5 9c 73 0e Aug 26 13:09:10.872554: | 19 35 57 fa f1 ad 89 b5 e8 13 63 77 d5 b0 0c 56 Aug 26 13:09:10.872556: | a1 42 ca b9 52 b5 10 9b d8 fe 29 cd 29 00 00 24 Aug 26 13:09:10.872559: | 23 4b 62 d8 3c 90 b2 dd a3 27 fa 61 96 5c 04 e8 Aug 26 13:09:10.872562: | 79 7f cc ef 06 56 44 b3 34 3c 33 98 a3 71 15 ce Aug 26 13:09:10.872564: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:09:10.872567: | cc 22 43 b3 9e f7 54 f1 f3 0b b1 cd fe 08 1e 6b Aug 26 13:09:10.872570: | 98 3d f2 8c 26 00 00 1c 00 00 40 05 cb d7 31 95 Aug 26 13:09:10.872572: | bf aa f9 43 d4 a5 89 ec 79 fe bb c5 d6 19 fb 5f Aug 26 13:09:10.872575: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 13:09:10.872578: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.872630: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.872636: | libevent_free: release ptr-libevent@0x55560f4ea858 Aug 26 13:09:10.872640: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f3368 Aug 26 13:09:10.872643: | event_schedule: new EVENT_SO_DISCARD-pe@0x55560f4f3368 Aug 26 13:09:10.872647: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:09:10.872650: | libevent_malloc: new ptr-libevent@0x55560f4fb858 size 128 Aug 26 13:09:10.872655: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.872661: | #1 spent 1.36 milliseconds in resume sending helper answer Aug 26 13:09:10.872665: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.872668: | libevent_free: release ptr-libevent@0x7fc8f8002888 Aug 26 13:09:10.886521: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.886542: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.886545: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886547: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:09:10.886548: | 00 01 00 05 28 71 b7 07 39 21 6a 61 f7 d5 d5 23 Aug 26 13:09:10.886550: | b5 fc 6e 84 62 0a 5e 87 60 5e 5f 33 a0 54 c6 dc Aug 26 13:09:10.886551: | da 8e bf d6 be 51 98 3b 70 63 c2 5a 9f 9c 05 8d Aug 26 13:09:10.886553: | f3 fa 0e e8 69 c3 ca 42 44 26 bf 96 f2 f1 fd 19 Aug 26 13:09:10.886554: | f4 f9 3b c7 5e cf d6 cd fa 28 9f 0f 6b aa b0 75 Aug 26 13:09:10.886556: | 97 6e 61 62 f1 bb f8 67 06 85 af 05 5b 13 33 b5 Aug 26 13:09:10.886557: | 56 a4 6d ab d2 6d 6b da 2d ec 84 4a ee 47 48 23 Aug 26 13:09:10.886559: | 89 8f 58 e9 1a d4 e9 76 12 eb b9 5b d1 f8 a2 eb Aug 26 13:09:10.886560: | 36 3d 21 53 49 83 c3 b2 b2 b3 8b a5 4f e4 cd 15 Aug 26 13:09:10.886562: | 27 7c c3 59 5c a4 86 1e f4 97 08 07 ff 17 24 6b Aug 26 13:09:10.886563: | 8d 37 bb 3d 7c 51 eb 2d 04 d9 52 a0 3b 55 d4 21 Aug 26 13:09:10.886565: | ed a9 d7 04 dd c6 47 29 61 65 d8 2b de 37 a5 97 Aug 26 13:09:10.886566: | 3e c7 4d 23 84 ee 4b 45 05 e9 99 0c c4 85 c4 86 Aug 26 13:09:10.886568: | dd 66 0d 8d e2 ed 0b 96 17 fe 0e 80 b2 0a 5e dd Aug 26 13:09:10.886569: | e2 67 41 24 8f 30 01 02 bd ae da a7 f7 e3 ac 1f Aug 26 13:09:10.886571: | f8 64 e2 51 82 be 1b 61 48 b8 af 6d ca dc f1 f7 Aug 26 13:09:10.886572: | a0 3c 17 4b 20 af 32 e0 ce b6 b8 1c 13 b0 5d b7 Aug 26 13:09:10.886574: | 95 2b 00 66 6c a3 b0 6b ec 36 dc b6 ab 42 26 28 Aug 26 13:09:10.886575: | ce 58 f6 42 14 7d 72 80 e4 6b a7 7e 8c 27 48 70 Aug 26 13:09:10.886577: | 2d 78 d3 c8 cd ec 54 73 d0 9a 1b ba 4c 01 83 51 Aug 26 13:09:10.886578: | e8 3f 9c 61 7d 9b d0 ed ca 89 14 67 0a f7 43 33 Aug 26 13:09:10.886580: | 05 0e 01 d9 de 02 5f 50 0d fd b1 66 a8 3a 4d 78 Aug 26 13:09:10.886581: | c1 c6 8a 92 28 ae c6 ba 05 45 21 9f ec 40 af 96 Aug 26 13:09:10.886583: | be 9e fe bd ab 6e 7a bc 1e 4d d4 19 57 0d 58 0c Aug 26 13:09:10.886584: | 68 84 83 3f d4 54 a8 e1 51 25 3e b6 3c ab 2c 51 Aug 26 13:09:10.886586: | 84 99 d3 06 4b 7f 49 a1 8a 72 eb 05 e7 40 28 e7 Aug 26 13:09:10.886587: | cc d7 72 90 f5 7b ea eb 6f 25 96 91 1b ae 81 89 Aug 26 13:09:10.886589: | 1a 79 bf c8 b9 e2 d4 cf 16 41 39 0b d1 7f a9 77 Aug 26 13:09:10.886590: | f7 43 c2 5a 84 9b 8e 20 c0 97 5f a4 fc c6 29 95 Aug 26 13:09:10.886592: | e4 f1 a9 3d 02 a1 99 57 04 14 d0 59 0b fb 90 98 Aug 26 13:09:10.886593: | e6 78 49 86 ff 32 9d d5 f0 43 e4 5f 09 85 22 b9 Aug 26 13:09:10.886595: | 39 d2 9b 49 0b 87 30 51 64 55 d8 Aug 26 13:09:10.886598: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.886601: | **parse ISAKMP Message: Aug 26 13:09:10.886603: | initiator cookie: Aug 26 13:09:10.886604: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.886606: | responder cookie: Aug 26 13:09:10.886607: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886609: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.886611: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.886613: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.886615: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.886616: | Message ID: 1 (0x1) Aug 26 13:09:10.886618: | length: 539 (0x21b) Aug 26 13:09:10.886620: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.886622: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.886625: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.886630: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.886634: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:10.886637: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:10.886640: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.886642: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:09:10.886644: | unpacking clear payload Aug 26 13:09:10.886646: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.886648: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.886650: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.886651: | flags: none (0x0) Aug 26 13:09:10.886653: | length: 511 (0x1ff) Aug 26 13:09:10.886655: | fragment number: 1 (0x1) Aug 26 13:09:10.886656: | total fragments: 5 (0x5) Aug 26 13:09:10.886658: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.886661: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:10.886663: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.886666: | received IKE encrypted fragment number '1', total number '5', next payload '35' Aug 26 13:09:10.886667: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:09:10.886671: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.886674: | #1 spent 0.141 milliseconds in ikev2_process_packet() Aug 26 13:09:10.886677: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.886679: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.886681: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.886684: | spent 0.151 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.886691: | spent 0.00124 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.886697: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.886699: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886701: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886703: | 00 02 00 05 2d f3 de 4e bd 59 e1 24 50 99 79 f2 Aug 26 13:09:10.886704: | bd b4 70 0c 34 13 97 70 e5 3d fe cb bb 0b 52 66 Aug 26 13:09:10.886706: | 6d ba af ee 17 d8 bd b9 4c 64 07 f3 3f 8e 13 a4 Aug 26 13:09:10.886707: | b1 2f fe 27 c8 34 00 e9 5f 81 a9 18 46 96 14 27 Aug 26 13:09:10.886709: | 57 79 e5 c9 1d 78 98 f4 51 ff 0e e5 13 45 61 ea Aug 26 13:09:10.886710: | 02 05 03 b7 dd d8 f1 86 16 e4 03 69 11 7a 63 71 Aug 26 13:09:10.886712: | 19 45 39 b6 d8 c1 e2 ca 3e b9 40 58 12 25 a1 19 Aug 26 13:09:10.886713: | 83 ce 00 fb 15 b5 b1 8c 18 cf 98 2d ad 70 d0 8b Aug 26 13:09:10.886715: | 37 1b eb b0 de eb 47 57 a9 a1 80 42 05 b3 d4 d0 Aug 26 13:09:10.886716: | 5d 30 bf 91 41 2e e9 89 3d a7 60 a3 3c 8f 65 12 Aug 26 13:09:10.886718: | e3 22 18 93 ee fc d7 e7 f3 31 69 29 94 88 43 4c Aug 26 13:09:10.886719: | 54 27 16 07 ff 7c 80 36 0e f2 83 af 17 a8 be 68 Aug 26 13:09:10.886721: | 0e ac f4 a3 49 1c 09 b8 05 f0 79 f5 c6 c3 08 a8 Aug 26 13:09:10.886722: | 39 82 ec ae a0 be 94 0b 6f 84 67 26 2f 3c fb e9 Aug 26 13:09:10.886724: | 48 04 91 41 b1 9c c5 4e 9b 89 b8 b3 3b e5 4a f7 Aug 26 13:09:10.886727: | b0 1b 1a 16 d4 db 2e a9 40 8f 68 17 1a 9d 96 4c Aug 26 13:09:10.886729: | 58 a2 4c 4d cf e8 fd 18 c9 9f 78 25 64 c6 2a d7 Aug 26 13:09:10.886732: | a5 54 95 5c af 2d fc 0c ca 25 b4 f0 a4 47 f2 6a Aug 26 13:09:10.886733: | 32 3f c3 c9 8d 2d 99 ad 64 b3 02 45 fd 68 28 9b Aug 26 13:09:10.886735: | 8c d7 c1 78 93 92 e5 e8 3d e5 eb d9 95 90 3b c1 Aug 26 13:09:10.886736: | 87 3a e3 06 d7 ba 72 27 76 cc 0a cd 4f e9 1b 01 Aug 26 13:09:10.886739: | 9c fe ba 8c e1 50 dd b3 5c 1a d7 71 08 45 9c 73 Aug 26 13:09:10.886741: | 20 92 56 67 61 c8 40 48 8d 20 e2 a3 6d 23 5a 18 Aug 26 13:09:10.886743: | ad 27 f4 ab 24 b3 77 9a a7 a8 ea ba 72 eb 1c 41 Aug 26 13:09:10.886744: | d8 c9 4f ec 7c 6f b1 36 cc cb c9 6d c6 b0 b2 69 Aug 26 13:09:10.886746: | 1a f7 c9 60 04 de 5b 79 cb 77 24 a6 26 df 51 78 Aug 26 13:09:10.886747: | 2a 14 d8 de 18 e2 56 d6 ca 24 b8 95 cb 3c 0d af Aug 26 13:09:10.886749: | 27 63 06 18 d8 f2 4c db a3 56 f1 f1 03 9e ee 47 Aug 26 13:09:10.886750: | a6 ab 34 a8 f0 d1 4e 5d d1 cf 86 df 62 12 a2 fd Aug 26 13:09:10.886751: | 1f fb 70 61 77 5d b5 88 b5 7d 6d be 73 f7 16 99 Aug 26 13:09:10.886753: | b0 b6 cb 6e c1 9d 14 f6 c3 e2 c1 b4 19 d9 cb 67 Aug 26 13:09:10.886754: | 0a 8c f5 ad 55 58 1a 3c 1b 07 db Aug 26 13:09:10.886757: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.886759: | **parse ISAKMP Message: Aug 26 13:09:10.886761: | initiator cookie: Aug 26 13:09:10.886762: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.886764: | responder cookie: Aug 26 13:09:10.886765: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886767: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.886769: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.886770: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.886772: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.886773: | Message ID: 1 (0x1) Aug 26 13:09:10.886775: | length: 539 (0x21b) Aug 26 13:09:10.886777: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.886779: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.886781: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.886784: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.886787: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.886789: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.886790: | #1 is idle Aug 26 13:09:10.886792: | #1 idle Aug 26 13:09:10.886795: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.886797: | unpacking clear payload Aug 26 13:09:10.886798: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.886800: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.886802: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.886803: | flags: none (0x0) Aug 26 13:09:10.886805: | length: 511 (0x1ff) Aug 26 13:09:10.886806: | fragment number: 2 (0x2) Aug 26 13:09:10.886808: | total fragments: 5 (0x5) Aug 26 13:09:10.886809: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.886811: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.886813: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 13:09:10.886816: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.886819: | #1 spent 0.125 milliseconds in ikev2_process_packet() Aug 26 13:09:10.886821: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.886823: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.886825: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.886827: | spent 0.134 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.886832: | spent 0.00111 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.886838: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.886840: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886844: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886845: | 00 03 00 05 9a a8 ef d5 b3 a4 6f d4 1d ce ba b5 Aug 26 13:09:10.886847: | 97 69 ee 6f a4 e4 49 b9 a9 57 5b 8f 1c 1b ad cf Aug 26 13:09:10.886848: | 9a fa e5 cc 08 1b 7e fc 24 56 7e 52 26 a3 41 ec Aug 26 13:09:10.886850: | 81 4c 36 c1 ff 3b 52 34 d8 a9 3d d0 24 a1 f9 73 Aug 26 13:09:10.886851: | 3d 85 fb 38 86 41 c2 4a 6d fb 32 7a fd ae ad fb Aug 26 13:09:10.886853: | cd 44 e0 e8 09 5e 06 d2 cd 89 e5 27 b4 07 10 c5 Aug 26 13:09:10.886854: | 80 44 4c 2e 67 97 bd c6 69 a1 81 50 5a 4b 2c e7 Aug 26 13:09:10.886856: | 80 c6 c5 7a 41 ef 61 99 2a 67 0f 96 e2 49 d2 ff Aug 26 13:09:10.886857: | 6a 57 d3 57 af a7 e0 99 d3 6f 77 37 1a 42 a3 cc Aug 26 13:09:10.886859: | 43 5c 67 d5 f1 cc 8a e5 11 c7 a6 d9 15 41 ad e6 Aug 26 13:09:10.886860: | 69 cb eb da 0f e9 05 59 c1 8c 4e 37 2f 4a d7 2d Aug 26 13:09:10.886862: | 72 f4 bc 44 af 54 85 0e 4c 5a 21 9d a1 a6 c8 7c Aug 26 13:09:10.886863: | 2f a6 81 47 1d 02 17 b3 e1 77 28 5a c6 d9 21 47 Aug 26 13:09:10.886865: | d8 92 f2 bd 0e f3 9e 59 df 22 53 07 fb d5 ac 8d Aug 26 13:09:10.886866: | 07 9e b8 74 19 df b5 5f f1 24 f6 a7 83 5e 57 f0 Aug 26 13:09:10.886868: | b0 89 93 73 36 6c b7 9d 34 be f5 0f b2 a6 89 53 Aug 26 13:09:10.886869: | da 4c 17 94 75 c2 d1 6c 42 c2 0f 88 44 bb a2 10 Aug 26 13:09:10.886871: | 51 00 c6 19 1f 9e cf 60 7d f5 e2 cf ff f9 3e 9c Aug 26 13:09:10.886872: | 2e da 00 10 81 0c 6e 8f 23 27 86 2c 9d f7 6d 5a Aug 26 13:09:10.886874: | f1 31 74 8f 1a 17 96 05 81 4a f0 18 89 ae b6 bd Aug 26 13:09:10.886875: | 25 65 cd 38 26 b2 72 e1 b2 eb b0 12 43 70 4c 8a Aug 26 13:09:10.886877: | 73 14 a3 76 f8 05 b7 2b 24 df e1 dd 3d b1 47 24 Aug 26 13:09:10.886878: | 5b 01 ff 81 70 2a f2 1f 9e 76 9d 9d 2f 78 fd 9b Aug 26 13:09:10.886880: | 21 18 e3 e5 10 03 27 94 35 06 cd f3 79 b0 3f 80 Aug 26 13:09:10.886881: | 4b 07 c7 77 22 67 65 46 e3 5f 54 0f 3f 0f ad 3c Aug 26 13:09:10.886883: | 39 93 47 fe 9f da b7 23 52 bf 5c be 7b 47 aa c7 Aug 26 13:09:10.886884: | 4f 58 08 19 0a d6 21 3e 15 fb b9 9e ac 9b cd 26 Aug 26 13:09:10.886886: | d8 6e f4 f5 d5 9b 38 40 c2 24 1d 3a c2 1d bb 83 Aug 26 13:09:10.886887: | 90 43 88 34 c9 58 fa 16 ba 88 b8 02 ba 14 32 3d Aug 26 13:09:10.886889: | 86 69 19 95 ac fd 4c 54 2b 45 77 7a e7 b2 5e 36 Aug 26 13:09:10.886890: | e0 94 94 53 cb 6e 5e 8c b5 6f 26 37 fa 7e 2c 20 Aug 26 13:09:10.886892: | eb db c2 0d 7f 50 f8 c7 6e b1 bf Aug 26 13:09:10.886894: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.886896: | **parse ISAKMP Message: Aug 26 13:09:10.886898: | initiator cookie: Aug 26 13:09:10.886899: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.886901: | responder cookie: Aug 26 13:09:10.886902: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886904: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.886905: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.886907: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.886908: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.886910: | Message ID: 1 (0x1) Aug 26 13:09:10.886912: | length: 539 (0x21b) Aug 26 13:09:10.886913: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.886915: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.886917: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.886920: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.886923: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.886925: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.886926: | #1 is idle Aug 26 13:09:10.886929: | #1 idle Aug 26 13:09:10.886932: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.886933: | unpacking clear payload Aug 26 13:09:10.886935: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.886937: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.886938: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.886940: | flags: none (0x0) Aug 26 13:09:10.886941: | length: 511 (0x1ff) Aug 26 13:09:10.886943: | fragment number: 3 (0x3) Aug 26 13:09:10.886946: | total fragments: 5 (0x5) Aug 26 13:09:10.886948: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.886951: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.886953: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 13:09:10.886956: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.886959: | #1 spent 0.123 milliseconds in ikev2_process_packet() Aug 26 13:09:10.886961: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.886963: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.886965: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.886967: | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.886972: | spent 0.00108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.886977: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.886979: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886981: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886982: | 00 04 00 05 36 a5 1a 6b c3 31 2a 49 fa f7 fd c0 Aug 26 13:09:10.886984: | 2a a7 4c d0 9f c1 d2 c1 97 ec e1 cb 33 fd 32 4a Aug 26 13:09:10.886985: | 4d 8b 41 8a 4f b3 12 34 66 65 0d 50 72 9f ac 6c Aug 26 13:09:10.886987: | d0 bf cb 72 75 06 78 86 05 1c 0d 4b cd 30 56 87 Aug 26 13:09:10.886988: | 0c 52 ef fc 91 0b 0c 93 a1 71 6b 3e d4 e7 4c a3 Aug 26 13:09:10.886990: | 3b 11 af f6 03 d6 2d 1a de e5 3f 47 4e 83 e6 f4 Aug 26 13:09:10.886991: | 00 7c 0d 59 9b f3 5c 18 f5 81 04 f3 d8 ec 7c 42 Aug 26 13:09:10.886993: | 35 f7 fd 47 1a 0e d8 2d 2c 45 96 71 2f 11 c1 d6 Aug 26 13:09:10.886994: | 77 f8 cc 69 c3 a6 eb 36 4e 67 d7 09 a0 25 fe f3 Aug 26 13:09:10.886996: | 5c a8 5a 1f 9b 0f 64 b8 26 f9 31 86 a3 8e b5 8b Aug 26 13:09:10.886997: | 68 30 dd d9 6a 20 14 d4 07 4a a4 13 43 ea bc bf Aug 26 13:09:10.886999: | 7f 7b f5 94 8a 1b 24 85 da e2 20 53 93 64 da f1 Aug 26 13:09:10.887000: | d5 50 04 13 7d 03 80 b7 e8 5c 96 7e c1 2e bc ba Aug 26 13:09:10.887002: | 77 61 82 f6 8c aa 4f ac 42 ed 5d f9 28 82 6c a3 Aug 26 13:09:10.887003: | 4c 04 57 72 00 d5 b0 0f 40 81 7b 2a c2 5d 21 f3 Aug 26 13:09:10.887005: | 2e 14 8d a6 ae e0 24 23 8c a2 32 3a 4e 85 1b 6f Aug 26 13:09:10.887006: | ce 21 16 25 07 a3 e7 ec 20 42 b6 ac bb f8 a9 89 Aug 26 13:09:10.887008: | d6 6e 8d 17 b6 69 ce 2d 0d 77 40 6a 76 7e 37 12 Aug 26 13:09:10.887009: | b4 71 e6 35 5b 3a 89 4a de ff a9 df 24 c1 23 76 Aug 26 13:09:10.887011: | 4c 1a df 85 4a 5c 83 9e 57 0c aa bf fa 1f c5 d9 Aug 26 13:09:10.887012: | 22 88 75 05 b5 f2 73 a6 32 78 ff 0b 82 92 a6 ec Aug 26 13:09:10.887014: | e1 91 32 16 b3 25 81 50 9d 30 54 aa 15 34 a3 11 Aug 26 13:09:10.887015: | 08 2e 8e b9 b0 f6 28 fd 3c 1b 5b 4b 67 62 5c b1 Aug 26 13:09:10.887017: | cd 97 7b 7b 2f ff b8 3c 8d 2a 7e fe de 6c d5 67 Aug 26 13:09:10.887018: | 4f f9 c7 3a 86 df 4c 66 87 8c 7b 05 13 f4 ed 0e Aug 26 13:09:10.887020: | 63 58 7f 88 fd 7e e9 4f 98 c4 5c c6 c6 f8 d6 7d Aug 26 13:09:10.887022: | 4e 83 08 eb 10 d4 e2 aa 65 ee 0a 42 cf 76 7d da Aug 26 13:09:10.887024: | 33 8f 9e ba 6e 9f 56 a9 af 5b b2 27 3d e6 5d 0c Aug 26 13:09:10.887028: | f5 2d 65 fa ed cf c8 01 52 42 ca fe 0c 0b 8e 3c Aug 26 13:09:10.887030: | a9 a3 fd 36 73 53 62 8a 49 08 b7 78 0f 7f 4c b5 Aug 26 13:09:10.887033: | 7e e2 8e 25 38 d8 13 2b e0 4f 5c 37 6e be 88 19 Aug 26 13:09:10.887035: | 4a d4 99 a1 bc f6 0d b1 1b 66 49 Aug 26 13:09:10.887039: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.887042: | **parse ISAKMP Message: Aug 26 13:09:10.887045: | initiator cookie: Aug 26 13:09:10.887048: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.887050: | responder cookie: Aug 26 13:09:10.887052: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.887054: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.887056: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.887057: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.887059: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.887060: | Message ID: 1 (0x1) Aug 26 13:09:10.887062: | length: 539 (0x21b) Aug 26 13:09:10.887064: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.887066: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.887068: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.887071: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.887074: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.887076: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.887077: | #1 is idle Aug 26 13:09:10.887079: | #1 idle Aug 26 13:09:10.887081: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.887083: | unpacking clear payload Aug 26 13:09:10.887085: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.887088: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.887090: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.887091: | flags: none (0x0) Aug 26 13:09:10.887093: | length: 511 (0x1ff) Aug 26 13:09:10.887094: | fragment number: 4 (0x4) Aug 26 13:09:10.887096: | total fragments: 5 (0x5) Aug 26 13:09:10.887097: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.887099: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.887101: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 13:09:10.887104: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.887109: | #1 spent 0.133 milliseconds in ikev2_process_packet() Aug 26 13:09:10.887113: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.887116: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.887119: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.887122: | spent 0.148 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.887128: | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.887134: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.887136: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.887137: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 13:09:10.887139: | 00 05 00 05 7d 3e 13 b2 98 99 75 c0 af 7d fe bc Aug 26 13:09:10.887140: | 6d 07 6a 1b 51 55 af 20 ae f3 c7 4c 64 3d ce 2d Aug 26 13:09:10.887142: | 6f f6 d2 f3 0c 63 02 83 c8 db 99 80 5e 90 76 62 Aug 26 13:09:10.887143: | e1 ce 23 1c d6 15 f5 19 a7 c1 4a 85 55 04 eb 6a Aug 26 13:09:10.887145: | 9d b3 b1 ed ba ad d4 49 90 71 34 f3 72 05 a7 e0 Aug 26 13:09:10.887148: | d1 f9 bb e5 72 82 77 b1 41 a1 fe 10 7d 2b 09 e7 Aug 26 13:09:10.887149: | 11 69 66 25 2d 21 ed 3b f8 9b 01 21 70 09 52 c5 Aug 26 13:09:10.887151: | d2 c2 83 c7 d3 c0 cd 57 17 e9 d8 01 70 a8 8b b0 Aug 26 13:09:10.887152: | 7b 62 9b 59 bc 28 be 57 87 c8 cc ff 5e 99 7c fb Aug 26 13:09:10.887154: | 18 62 2b c2 0a fb 78 9f 70 42 cf de 9b 1a 20 a0 Aug 26 13:09:10.887155: | 39 0a 50 93 31 65 1c 26 3a 4e 2d 44 a4 bd c5 58 Aug 26 13:09:10.887157: | 05 29 47 09 73 06 86 6e 2c a0 f5 1e 26 f4 77 ac Aug 26 13:09:10.887158: | 8b 20 b2 d4 4e ee f3 cf 67 56 87 32 2e 3e e6 6f Aug 26 13:09:10.887160: | 97 1d 2e a2 fc cf 13 2c d5 0d bd f7 3e 01 1d 9d Aug 26 13:09:10.887161: | 72 8d 6e d8 9d 77 75 84 50 a7 f0 2e b0 4b 05 37 Aug 26 13:09:10.887163: | 46 0f e5 f7 f1 8a c3 0f af fa ed 62 dd 25 e2 00 Aug 26 13:09:10.887164: | 83 b4 46 19 96 6e da d9 1b b5 d8 cb a4 c6 10 28 Aug 26 13:09:10.887166: | 70 45 93 2c 91 f5 3d 57 8f aa a4 b1 f3 cb db 92 Aug 26 13:09:10.887167: | bb 01 91 e6 97 7a 21 fc 7b 31 51 0a d0 92 1f 48 Aug 26 13:09:10.887169: | e3 a4 ab 33 03 be cc ff a6 20 98 62 be 55 87 54 Aug 26 13:09:10.887170: | a8 10 4b ba 40 de ee df 5f 64 49 16 54 22 4c 53 Aug 26 13:09:10.887172: | a3 ff 3c dd 5a 80 d6 d7 22 9e c9 be 4c 06 6e 0b Aug 26 13:09:10.887173: | 49 bd 42 a4 65 47 80 b6 6f 65 Aug 26 13:09:10.887176: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.887178: | **parse ISAKMP Message: Aug 26 13:09:10.887179: | initiator cookie: Aug 26 13:09:10.887181: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.887182: | responder cookie: Aug 26 13:09:10.887184: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.887185: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.887187: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.887188: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.887190: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.887192: | Message ID: 1 (0x1) Aug 26 13:09:10.887193: | length: 394 (0x18a) Aug 26 13:09:10.887195: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.887197: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.887199: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.887202: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.887205: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.887207: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.887208: | #1 is idle Aug 26 13:09:10.887210: | #1 idle Aug 26 13:09:10.887212: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.887214: | unpacking clear payload Aug 26 13:09:10.887215: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.887217: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.887219: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.887220: | flags: none (0x0) Aug 26 13:09:10.887222: | length: 366 (0x16e) Aug 26 13:09:10.887223: | fragment number: 5 (0x5) Aug 26 13:09:10.887225: | total fragments: 5 (0x5) Aug 26 13:09:10.887226: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Aug 26 13:09:10.887228: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.887230: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 13:09:10.887232: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:10.887234: | Now let's proceed with state specific processing Aug 26 13:09:10.887235: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:10.887238: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:09:10.887242: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:09:10.887245: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:09:10.887247: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:09:10.887249: | libevent_free: release ptr-libevent@0x55560f4fb858 Aug 26 13:09:10.887251: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55560f4f3368 Aug 26 13:09:10.887253: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f3368 Aug 26 13:09:10.887256: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.887258: | libevent_malloc: new ptr-libevent@0x7fc8f8002888 size 128 Aug 26 13:09:10.887266: | #1 spent 0.0271 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:09:10.887269: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.887272: | crypto helper 2 resuming Aug 26 13:09:10.887272: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:10.887284: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:09:10.887286: | suspending state #1 and saving MD Aug 26 13:09:10.887309: | #1 is busy; has a suspended MD Aug 26 13:09:10.887303: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:09:10.887318: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.887325: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.887335: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.887342: | #1 spent 0.184 milliseconds in ikev2_process_packet() Aug 26 13:09:10.887347: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.887351: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.887358: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.887364: | spent 0.204 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.888107: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:09:10.888466: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001177 seconds Aug 26 13:09:10.888478: | (#1) spent 1.15 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:09:10.888481: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:09:10.888484: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.888488: | libevent_malloc: new ptr-libevent@0x7fc8f0000f48 size 128 Aug 26 13:09:10.888496: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:10.888505: | processing resume sending helper answer for #1 Aug 26 13:09:10.888517: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.888521: | crypto helper 2 replies to request ID 2 Aug 26 13:09:10.888524: | calling continuation function 0x55560d50cb50 Aug 26 13:09:10.888527: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:09:10.888530: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.888533: | already have all fragments, skipping fragment collection Aug 26 13:09:10.888536: | already have all fragments, skipping fragment collection Aug 26 13:09:10.888560: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:10.888564: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:09:10.888568: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:09:10.888571: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 13:09:10.888576: | flags: none (0x0) Aug 26 13:09:10.888579: | length: 193 (0xc1) Aug 26 13:09:10.888583: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.888585: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Aug 26 13:09:10.888587: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.888589: | **parse IKEv2 Certificate Payload: Aug 26 13:09:10.888590: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:09:10.888592: | flags: none (0x0) Aug 26 13:09:10.888594: | length: 1232 (0x4d0) Aug 26 13:09:10.888595: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.888597: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Aug 26 13:09:10.888599: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.888600: | **parse IKEv2 Certificate Request Payload: Aug 26 13:09:10.888602: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.888603: | flags: none (0x0) Aug 26 13:09:10.888605: | length: 25 (0x19) Aug 26 13:09:10.888607: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.888608: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 13:09:10.888610: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.888612: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.888613: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.888615: | flags: none (0x0) Aug 26 13:09:10.888616: | length: 191 (0xbf) Aug 26 13:09:10.888618: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.888620: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 13:09:10.888621: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.888623: | **parse IKEv2 Authentication Payload: Aug 26 13:09:10.888624: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.888626: | flags: none (0x0) Aug 26 13:09:10.888628: | length: 392 (0x188) Aug 26 13:09:10.888629: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.888631: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 13:09:10.888632: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.888634: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.888636: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.888637: | flags: none (0x0) Aug 26 13:09:10.888639: | length: 164 (0xa4) Aug 26 13:09:10.888640: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:09:10.888642: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.888644: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.888645: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.888647: | flags: none (0x0) Aug 26 13:09:10.888648: | length: 24 (0x18) Aug 26 13:09:10.888650: | number of TS: 1 (0x1) Aug 26 13:09:10.888652: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.888653: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.888655: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.888657: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.888658: | flags: none (0x0) Aug 26 13:09:10.888660: | length: 24 (0x18) Aug 26 13:09:10.888661: | number of TS: 1 (0x1) Aug 26 13:09:10.888663: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.888664: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:09:10.888666: | Now let's proceed with state specific processing Aug 26 13:09:10.888668: | calling processor Responder: process IKE_AUTH request Aug 26 13:09:10.888672: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Aug 26 13:09:10.888676: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.888680: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:09:10.888683: loading root certificate cache Aug 26 13:09:10.891679: | spent 2.93 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:09:10.891747: | spent 0.0252 milliseconds in get_root_certs() filtering CAs Aug 26 13:09:10.891754: | #1 spent 3.02 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:09:10.891758: | checking for known CERT payloads Aug 26 13:09:10.891762: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:09:10.891803: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.891812: | #1 spent 0.0517 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:09:10.891817: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.891868: | #1 spent 0.0497 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:09:10.891874: | missing or expired CRL Aug 26 13:09:10.891878: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:09:10.891881: | verify_end_cert trying profile IPsec Aug 26 13:09:10.891994: | certificate is valid (profile IPsec) Aug 26 13:09:10.892003: | #1 spent 0.124 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:09:10.892008: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.892080: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f501968 Aug 26 13:09:10.892085: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f500fa8 Aug 26 13:09:10.892088: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55560f500998 Aug 26 13:09:10.892214: | unreference key: 0x55560f50e628 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.892223: | #1 spent 0.21 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:09:10.892226: | #1 spent 3.49 milliseconds in decode_certs() Aug 26 13:09:10.892229: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.892230: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.892232: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.892233: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.892235: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.892236: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.892238: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:09:10.892239: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:09:10.892241: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:09:10.892242: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:09:10.892244: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.892246: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.892247: | received IDr payload - extracting our alleged ID Aug 26 13:09:10.892249: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.892250: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.892252: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.892253: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.892255: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.892257: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.892258: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.892260: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.892261: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.892265: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.892266: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.892268: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.892275: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.892278: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 13:09:10.892280: | X509: CERT and ID matches current connection Aug 26 13:09:10.892282: | CERT_X509_SIGNATURE CR: Aug 26 13:09:10.892283: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.892285: | 2b 92 25 e9 Aug 26 13:09:10.892287: | cert blob content is not binary ASN.1 Aug 26 13:09:10.892293: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Aug 26 13:09:10.892303: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892309: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892312: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 13:09:10.892324: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.892328: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 13:09:10.892331: | The remote specified our ID in its IDr payload Aug 26 13:09:10.892337: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892343: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.892374: | received CERTREQ payload; going to decode it Aug 26 13:09:10.892378: | CERT_X509_SIGNATURE CR: Aug 26 13:09:10.892381: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.892383: | 2b 92 25 e9 Aug 26 13:09:10.892386: | cert blob content is not binary ASN.1 Aug 26 13:09:10.892388: | verifying AUTH payload Aug 26 13:09:10.892403: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892415: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.892422: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892428: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892434: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.892620: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 13:09:10.892628: | #1 spent 0.188 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:10.892634: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 13:09:10.892639: | #1 spent 0.246 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:10.892643: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:09:10.892646: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:10.892648: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.892652: | libevent_free: release ptr-libevent@0x7fc8f8002888 Aug 26 13:09:10.892654: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f3368 Aug 26 13:09:10.892656: | event_schedule: new EVENT_SA_REKEY-pe@0x55560f4f3368 Aug 26 13:09:10.892658: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:09:10.892660: | libevent_malloc: new ptr-libevent@0x55560f50efd8 size 128 Aug 26 13:09:10.892736: | pstats #1 ikev2.ike established Aug 26 13:09:10.892745: | **emit ISAKMP Message: Aug 26 13:09:10.892748: | initiator cookie: Aug 26 13:09:10.892751: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.892753: | responder cookie: Aug 26 13:09:10.892756: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.892759: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.892762: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.892764: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.892767: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.892770: | Message ID: 1 (0x1) Aug 26 13:09:10.892773: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.892776: | IKEv2 CERT: send a certificate? Aug 26 13:09:10.892779: | IKEv2 CERT: OK to send a certificate (always) Aug 26 13:09:10.892781: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.892784: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892787: | flags: none (0x0) Aug 26 13:09:10.892790: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.892793: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892796: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.892804: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.892821: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.892825: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892828: | flags: none (0x0) Aug 26 13:09:10.892831: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.892835: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.892838: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892842: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:09:10.892845: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.892847: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.892850: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.892852: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.892855: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.892858: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.892861: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.892863: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.892866: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.892868: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.892871: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.892875: | my identity 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.892879: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 13:09:10.892889: | assembled IDr payload Aug 26 13:09:10.892893: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.892896: | ****emit IKEv2 Certificate Payload: Aug 26 13:09:10.892899: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892902: | flags: none (0x0) Aug 26 13:09:10.892905: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.892909: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.892912: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892916: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 13:09:10.892919: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 13:09:10.892921: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:09:10.892924: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:09:10.892927: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:09:10.892930: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:09:10.892932: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:09:10.892935: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:09:10.892937: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:09:10.892940: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:09:10.892942: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:09:10.892945: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:09:10.892947: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:09:10.892950: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:09:10.892953: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:09:10.892955: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:09:10.892958: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:09:10.892961: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:09:10.892963: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:09:10.892966: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:09:10.892968: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:09:10.892971: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:09:10.892974: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 13:09:10.892977: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.892979: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 13:09:10.892982: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 13:09:10.892984: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.892987: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 13:09:10.892990: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 13:09:10.892992: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 13:09:10.892995: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 13:09:10.892998: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 13:09:10.893001: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 13:09:10.893003: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 13:09:10.893006: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 13:09:10.893008: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 13:09:10.893011: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 13:09:10.893014: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 13:09:10.893019: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 13:09:10.893021: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 13:09:10.893024: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 13:09:10.893026: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 13:09:10.893029: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 13:09:10.893032: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 13:09:10.893034: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 13:09:10.893037: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 13:09:10.893039: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 13:09:10.893042: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 13:09:10.893045: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 13:09:10.893047: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 13:09:10.893050: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 13:09:10.893052: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 13:09:10.893055: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 13:09:10.893058: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 13:09:10.893060: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 13:09:10.893063: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 13:09:10.893066: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.893068: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 13:09:10.893071: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.893074: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 13:09:10.893076: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 13:09:10.893079: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 13:09:10.893081: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 13:09:10.893084: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 13:09:10.893086: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:09:10.893089: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.893091: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 13:09:10.893094: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 13:09:10.893097: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.893100: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 13:09:10.893102: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 13:09:10.893105: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 13:09:10.893108: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 13:09:10.893110: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 13:09:10.893113: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 13:09:10.893115: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 13:09:10.893118: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 13:09:10.893120: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 13:09:10.893123: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 13:09:10.893126: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 13:09:10.893129: | emitting length of IKEv2 Certificate Payload: 1265 Aug 26 13:09:10.893132: | CHILD SA proposals received Aug 26 13:09:10.893135: | going to assemble AUTH payload Aug 26 13:09:10.893138: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:10.893141: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.893143: | flags: none (0x0) Aug 26 13:09:10.893146: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.893150: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:09:10.893162: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.893165: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.893179: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 13:09:10.893247: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:09:10.902602: | #1 spent 6.97 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:10.902620: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:10.902623: | rsa signature a9 e7 66 1a fd 50 65 bd cb c8 41 11 79 e3 c4 a2 Aug 26 13:09:10.902624: | rsa signature 9b 00 26 ea 24 ed 14 e9 5a 05 c9 fa d8 4a 86 3c Aug 26 13:09:10.902626: | rsa signature 16 6f 6e 43 41 60 54 e9 fa 1f c7 af c0 49 44 ab Aug 26 13:09:10.902627: | rsa signature 0a c3 5f 99 17 b0 4e 46 a9 9e 56 39 22 1d d7 37 Aug 26 13:09:10.902629: | rsa signature 65 b4 f8 1f 44 e4 4d fa 5a 03 16 d7 9f 82 2f a9 Aug 26 13:09:10.902631: | rsa signature 22 74 7e 0b eb 60 1b 2f 1c b6 11 cf d1 4a 65 18 Aug 26 13:09:10.902632: | rsa signature 91 49 4b 9f d5 d6 65 94 21 62 26 2b c9 29 d9 65 Aug 26 13:09:10.902634: | rsa signature 1f fa b1 cb ed f5 37 49 c9 16 5b 8b 09 66 51 40 Aug 26 13:09:10.902635: | rsa signature 18 6f c0 2d 98 e5 30 e2 a8 d2 08 b2 9c 40 c4 15 Aug 26 13:09:10.902637: | rsa signature aa f4 09 dc 54 c5 a4 98 07 e9 18 c9 82 a2 3e 54 Aug 26 13:09:10.902638: | rsa signature 37 c1 26 02 6d 02 5a e2 3e 44 ac 97 da d5 cd ac Aug 26 13:09:10.902640: | rsa signature 5c 66 8f 79 e9 15 1d f0 e9 63 99 77 19 ad eb 48 Aug 26 13:09:10.902641: | rsa signature 73 7a 1d 67 34 cb b5 d3 05 8d e8 45 8e 94 0e a3 Aug 26 13:09:10.902643: | rsa signature fa 14 e8 aa d0 d9 0e 2d da e0 fc 51 0a 46 32 d0 Aug 26 13:09:10.902644: | rsa signature 74 e0 fe 12 ba 8b 5b 85 b5 0b 98 1d 58 d9 55 ab Aug 26 13:09:10.902646: | rsa signature a7 1b 0e c2 44 06 eb b2 1d 45 1f e9 78 5a 09 ae Aug 26 13:09:10.902648: | rsa signature 85 2c 0c 3d f5 50 21 0c b1 a2 7f 23 76 a0 b2 69 Aug 26 13:09:10.902649: | rsa signature d1 d7 ba 58 af f1 7c 28 0d 7e 05 b3 10 fa 8a 46 Aug 26 13:09:10.902651: | rsa signature ae 37 c4 d5 3a 3b 9e d1 d7 78 5a 8d ba 9a 16 b2 Aug 26 13:09:10.902652: | rsa signature 75 63 f1 ec b6 fb 51 71 e6 89 a1 4a c8 ec 08 40 Aug 26 13:09:10.902654: | rsa signature 9e be e2 6a 28 20 96 a0 95 50 fe d7 5b 5f 4d 4c Aug 26 13:09:10.902655: | rsa signature 87 22 88 65 62 6c ac 7f e5 95 27 75 1d 05 07 36 Aug 26 13:09:10.902657: | rsa signature fa 71 a1 8c 35 40 01 a8 9c 48 ce 7a 1e 39 2d 88 Aug 26 13:09:10.902658: | rsa signature 83 0d 57 93 bc 30 f9 76 7a 05 74 b3 43 0b be da Aug 26 13:09:10.902661: | #1 spent 7.13 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:10.902664: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 13:09:10.902669: | creating state object #2 at 0x55560f507498 Aug 26 13:09:10.902671: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:10.902674: | pstats #2 ikev2.child started Aug 26 13:09:10.902677: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:09:10.902681: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.902686: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.902689: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:10.902695: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:10.902697: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:09:10.902699: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.902702: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.902704: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.902706: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.902708: | length: 16 (0x10) Aug 26 13:09:10.902709: | start port: 0 (0x0) Aug 26 13:09:10.902711: | end port: 65535 (0xffff) Aug 26 13:09:10.902713: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.902715: | TS low c0 00 03 00 Aug 26 13:09:10.902717: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.902718: | TS high c0 00 03 ff Aug 26 13:09:10.902720: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.902722: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.902723: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.902725: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.902727: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.902728: | length: 16 (0x10) Aug 26 13:09:10.902730: | start port: 0 (0x0) Aug 26 13:09:10.902731: | end port: 65535 (0xffff) Aug 26 13:09:10.902733: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.902734: | TS low c0 00 02 00 Aug 26 13:09:10.902736: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.902738: | TS high c0 00 02 ff Aug 26 13:09:10.902739: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.902741: | looking for best SPD in current connection Aug 26 13:09:10.902745: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.902748: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902752: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.902755: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.902756: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.902758: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.902761: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.902763: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902767: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:10.902768: | looking for better host pair Aug 26 13:09:10.902772: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.902775: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:10.902776: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 13:09:10.902786: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.902788: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.902789: | results matched Aug 26 13:09:10.902793: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.902797: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.902800: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.902803: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902806: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.902808: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.902811: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.902813: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.902815: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.902817: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902820: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:10.902822: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 13:09:10.902829: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.902830: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.902832: | results matched Aug 26 13:09:10.902836: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.902839: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.902842: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:10.902845: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902848: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.902850: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.902851: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.902853: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.902855: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.902858: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.902861: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:10.902863: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.902864: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.902866: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.902868: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.902869: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.902871: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Aug 26 13:09:10.902873: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:10.902875: | printing contents struct traffic_selector Aug 26 13:09:10.902877: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.902878: | ipprotoid: 0 Aug 26 13:09:10.902880: | port range: 0-65535 Aug 26 13:09:10.902882: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:10.902884: | printing contents struct traffic_selector Aug 26 13:09:10.902885: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.902887: | ipprotoid: 0 Aug 26 13:09:10.902888: | port range: 0-65535 Aug 26 13:09:10.902891: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.902893: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:09:10.902897: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.902902: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.902903: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.902906: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.902908: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.902911: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.902914: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.902917: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.902922: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.902924: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:09:10.902927: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.902928: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.902930: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.902932: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.902933: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.902936: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.902937: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.902939: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.902941: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.902942: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.902944: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.902946: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.902947: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.902949: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.902951: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.902952: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.902954: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.902956: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.902957: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.902959: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.902961: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.902962: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.902964: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.902966: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.902968: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.902970: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.902972: | length: 32 (0x20) Aug 26 13:09:10.902973: | prop #: 1 (0x1) Aug 26 13:09:10.902975: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.902977: | spi size: 4 (0x4) Aug 26 13:09:10.902978: | # transforms: 2 (0x2) Aug 26 13:09:10.902980: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.902982: | remote SPI ac 79 74 ac Aug 26 13:09:10.902984: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:10.902986: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.902988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.902989: | length: 12 (0xc) Aug 26 13:09:10.902991: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.902993: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.902995: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.902996: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.902998: | length/value: 256 (0x100) Aug 26 13:09:10.903001: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.903003: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903004: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903007: | length: 8 (0x8) Aug 26 13:09:10.903009: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903011: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903013: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.903015: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:09:10.903017: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:09:10.903019: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:09:10.903021: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:09:10.903024: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:09:10.903026: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.903028: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903029: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903031: | length: 32 (0x20) Aug 26 13:09:10.903032: | prop #: 2 (0x2) Aug 26 13:09:10.903034: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903036: | spi size: 4 (0x4) Aug 26 13:09:10.903037: | # transforms: 2 (0x2) Aug 26 13:09:10.903039: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.903041: | remote SPI ac 79 74 ac Aug 26 13:09:10.903043: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.903044: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903047: | length: 12 (0xc) Aug 26 13:09:10.903049: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903051: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.903052: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903054: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903056: | length/value: 128 (0x80) Aug 26 13:09:10.903058: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903059: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903061: | length: 8 (0x8) Aug 26 13:09:10.903062: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903064: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903066: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:09:10.903068: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:09:10.903070: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903071: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903073: | length: 48 (0x30) Aug 26 13:09:10.903075: | prop #: 3 (0x3) Aug 26 13:09:10.903076: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903078: | spi size: 4 (0x4) Aug 26 13:09:10.903079: | # transforms: 4 (0x4) Aug 26 13:09:10.903081: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.903083: | remote SPI ac 79 74 ac Aug 26 13:09:10.903085: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.903086: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903089: | length: 12 (0xc) Aug 26 13:09:10.903091: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903093: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.903094: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903096: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903098: | length/value: 256 (0x100) Aug 26 13:09:10.903099: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903104: | length: 8 (0x8) Aug 26 13:09:10.903105: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903107: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.903109: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903112: | length: 8 (0x8) Aug 26 13:09:10.903114: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903115: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.903117: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903119: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903120: | length: 8 (0x8) Aug 26 13:09:10.903122: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903123: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903126: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:09:10.903127: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:09:10.903129: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903131: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.903132: | length: 48 (0x30) Aug 26 13:09:10.903134: | prop #: 4 (0x4) Aug 26 13:09:10.903135: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903137: | spi size: 4 (0x4) Aug 26 13:09:10.903138: | # transforms: 4 (0x4) Aug 26 13:09:10.903140: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.903142: | remote SPI ac 79 74 ac Aug 26 13:09:10.903144: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.903145: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903148: | length: 12 (0xc) Aug 26 13:09:10.903150: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903152: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.903153: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903155: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903157: | length/value: 128 (0x80) Aug 26 13:09:10.903158: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903161: | length: 8 (0x8) Aug 26 13:09:10.903163: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903165: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.903167: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903170: | length: 8 (0x8) Aug 26 13:09:10.903171: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903173: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.903175: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903176: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903178: | length: 8 (0x8) Aug 26 13:09:10.903179: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903181: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903183: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:09:10.903185: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:09:10.903188: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=ac7974ac;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:09:10.903191: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=ac7974ac;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:09:10.903194: | converting proposal to internal trans attrs Aug 26 13:09:10.903212: | netlink_get_spi: allocated 0x7e40a7ce for esp.0@192.1.2.23 Aug 26 13:09:10.903214: | Emitting ikev2_proposal ... Aug 26 13:09:10.903216: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.903217: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.903219: | flags: none (0x0) Aug 26 13:09:10.903222: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.903224: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.903226: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903228: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.903229: | prop #: 1 (0x1) Aug 26 13:09:10.903231: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903233: | spi size: 4 (0x4) Aug 26 13:09:10.903234: | # transforms: 2 (0x2) Aug 26 13:09:10.903236: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.903238: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.903240: | our spi 7e 40 a7 ce Aug 26 13:09:10.903242: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903245: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903247: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.903249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903250: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903252: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903254: | length/value: 256 (0x100) Aug 26 13:09:10.903256: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.903257: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903259: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903261: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903262: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903265: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903268: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903270: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.903272: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.903274: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:09:10.903276: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.903278: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.903279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.903281: | flags: none (0x0) Aug 26 13:09:10.903282: | number of TS: 1 (0x1) Aug 26 13:09:10.903285: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.903287: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.903294: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.903297: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.903299: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.903302: | start port: 0 (0x0) Aug 26 13:09:10.903308: | end port: 65535 (0xffff) Aug 26 13:09:10.903312: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.903315: | ipv4 start c0 00 03 00 Aug 26 13:09:10.903318: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.903320: | ipv4 end c0 00 03 ff Aug 26 13:09:10.903323: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.903326: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.903329: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.903332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.903334: | flags: none (0x0) Aug 26 13:09:10.903337: | number of TS: 1 (0x1) Aug 26 13:09:10.903341: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.903344: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.903347: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.903350: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.903352: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.903355: | start port: 0 (0x0) Aug 26 13:09:10.903357: | end port: 65535 (0xffff) Aug 26 13:09:10.903361: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.903363: | ipv4 start c0 00 02 00 Aug 26 13:09:10.903366: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.903369: | ipv4 end c0 00 02 ff Aug 26 13:09:10.903372: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.903374: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.903377: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.903381: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.903541: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:09:10.903549: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:09:10.903552: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:10.903555: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.903558: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.903562: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.903564: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.903567: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.903570: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.903574: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.903577: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.903579: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.903582: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.903586: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.903589: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.903592: | netlink: enabling tunnel mode Aug 26 13:09:10.903594: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.903597: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.903669: | netlink response for Add SA esp.ac7974ac@192.1.3.33 included non-error error Aug 26 13:09:10.903674: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.903678: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.903680: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.903682: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.903684: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.903686: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.903688: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.903692: | netlink: enabling tunnel mode Aug 26 13:09:10.903694: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.903696: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.903728: | netlink response for Add SA esp.7e40a7ce@192.1.2.23 included non-error error Aug 26 13:09:10.903732: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.903737: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:10.903739: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.903760: | raw_eroute result=success Aug 26 13:09:10.903764: | set up incoming SA, ref=0/0 Aug 26 13:09:10.903766: | sr for #2: unrouted Aug 26 13:09:10.903768: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.903770: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.903772: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.903773: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.903775: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.903777: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.903779: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.903782: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:09:10.903784: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.903788: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:10.903790: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.903801: | raw_eroute result=success Aug 26 13:09:10.903804: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.903807: | command executing up-client Aug 26 13:09:10.903826: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.903832: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.903848: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:09:10.903852: | popen cmd is 1403 chars long Aug 26 13:09:10.903855: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.903858: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:09:10.903860: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:09:10.903863: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:09:10.903866: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 13:09:10.903870: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 13:09:10.903873: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 13:09:10.903875: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 13:09:10.903878: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 13:09:10.903880: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:09:10.903882: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.903884: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 13:09:10.903885: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Aug 26 13:09:10.903887: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 13:09:10.903889: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 13:09:10.903890: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 13:09:10.903892: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xac7: Aug 26 13:09:10.903894: | cmd(1360):974ac SPI_OUT=0x7e40a7ce ipsec _updown 2>&1: Aug 26 13:09:10.914440: | route_and_eroute: firewall_notified: true Aug 26 13:09:10.914456: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:10.914460: | command executing prepare-client Aug 26 13:09:10.914491: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.914498: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.914534: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 13:09:10.914538: | popen cmd is 1408 chars long Aug 26 13:09:10.914540: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:10.914542: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:09:10.914543: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.914545: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:10.914547: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:10.914548: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:10.914550: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:10.914552: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 13:09:10.914556: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 13:09:10.914557: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:10.914559: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:10.914561: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:10.914562: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Aug 26 13:09:10.914564: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:09:10.914566: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:09:10.914567: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:09:10.914569: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:09:10.914571: | cmd(1360):0xac7974ac SPI_OUT=0x7e40a7ce ipsec _updown 2>&1: Aug 26 13:09:10.925218: | running updown command "ipsec _updown" for verb route Aug 26 13:09:10.925231: | command executing route-client Aug 26 13:09:10.925252: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.925256: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.925270: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 13:09:10.925273: | popen cmd is 1406 chars long Aug 26 13:09:10.925275: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:10.925277: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 13:09:10.925278: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 13:09:10.925280: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 13:09:10.925282: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Aug 26 13:09:10.925283: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Aug 26 13:09:10.925285: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Aug 26 13:09:10.925287: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Aug 26 13:09:10.925293: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Aug 26 13:09:10.925297: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:09:10.925299: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 13:09:10.925301: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 13:09:10.925307: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Aug 26 13:09:10.925310: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 13:09:10.925312: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 13:09:10.925315: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 13:09:10.925318: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 13:09:10.925320: | cmd(1360):ac7974ac SPI_OUT=0x7e40a7ce ipsec _updown 2>&1: Aug 26 13:09:10.938385: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55560f4e3578,sr=0x55560f4e3578} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:10.938471: | #1 spent 1.84 milliseconds in install_ipsec_sa() Aug 26 13:09:10.938480: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:09:10.938484: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.938488: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.938494: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.938497: | emitting length of IKEv2 Encryption Payload: 1961 Aug 26 13:09:10.938501: | emitting length of ISAKMP Message: 1989 Aug 26 13:09:10.938511: | **parse ISAKMP Message: Aug 26 13:09:10.938514: | initiator cookie: Aug 26 13:09:10.938517: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.938519: | responder cookie: Aug 26 13:09:10.938521: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.938524: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.938527: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.938530: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.938534: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.938536: | Message ID: 1 (0x1) Aug 26 13:09:10.938539: | length: 1989 (0x7c5) Aug 26 13:09:10.938542: | **parse IKEv2 Encryption Payload: Aug 26 13:09:10.938545: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.938547: | flags: none (0x0) Aug 26 13:09:10.938550: | length: 1961 (0x7a9) Aug 26 13:09:10.938553: | **emit ISAKMP Message: Aug 26 13:09:10.938555: | initiator cookie: Aug 26 13:09:10.938558: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.938560: | responder cookie: Aug 26 13:09:10.938562: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.938565: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.938568: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.938570: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.938572: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.938575: | Message ID: 1 (0x1) Aug 26 13:09:10.938578: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.938581: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.938585: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.938587: | flags: none (0x0) Aug 26 13:09:10.938590: | fragment number: 1 (0x1) Aug 26 13:09:10.938592: | total fragments: 5 (0x5) Aug 26 13:09:10.938596: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Aug 26 13:09:10.938599: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.938602: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.938605: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.938620: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.938622: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 13:09:10.938626: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.938628: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.938629: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.938631: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.938632: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.938634: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.938635: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.938637: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.938639: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.938640: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.938642: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Aug 26 13:09:10.938643: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Aug 26 13:09:10.938645: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Aug 26 13:09:10.938646: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Aug 26 13:09:10.938648: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Aug 26 13:09:10.938649: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Aug 26 13:09:10.938651: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Aug 26 13:09:10.938653: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Aug 26 13:09:10.938654: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Aug 26 13:09:10.938656: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Aug 26 13:09:10.938657: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Aug 26 13:09:10.938659: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Aug 26 13:09:10.938660: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Aug 26 13:09:10.938662: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:09:10.938663: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 Aug 26 13:09:10.938665: | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 Aug 26 13:09:10.938667: | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 Aug 26 13:09:10.938668: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Aug 26 13:09:10.938670: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.938671: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.938673: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.938675: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.938677: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.938679: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.938705: | **emit ISAKMP Message: Aug 26 13:09:10.938707: | initiator cookie: Aug 26 13:09:10.938709: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.938710: | responder cookie: Aug 26 13:09:10.938712: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.938713: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.938715: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.938717: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.938718: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.938720: | Message ID: 1 (0x1) Aug 26 13:09:10.938722: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.938724: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.938726: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.938728: | flags: none (0x0) Aug 26 13:09:10.938729: | fragment number: 2 (0x2) Aug 26 13:09:10.938731: | total fragments: 5 (0x5) Aug 26 13:09:10.938733: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.938735: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.938737: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.938740: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.938744: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.938747: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.938749: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.938752: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.938755: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.938758: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.938760: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.938763: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.938766: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.938768: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Aug 26 13:09:10.938771: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Aug 26 13:09:10.938774: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Aug 26 13:09:10.938776: | cleartext fragment b1 1e 7c b3 bf 11 96 94 23 ca 97 5e c7 66 36 55 Aug 26 13:09:10.938779: | cleartext fragment 71 49 95 8d 0c 2a 5c 30 4d 58 29 a3 7b 4d 3b 3f Aug 26 13:09:10.938781: | cleartext fragment 03 06 46 a6 04 63 71 0d e1 59 4f 9c ec 3a 17 24 Aug 26 13:09:10.938784: | cleartext fragment 8d 91 6a a8 e2 da 57 41 de f4 ff 65 bf f6 11 34 Aug 26 13:09:10.938786: | cleartext fragment d3 7d 5a 7f 6e 3a 3b 74 3c 51 2b e4 bf ce 6b b2 Aug 26 13:09:10.938789: | cleartext fragment 14 47 26 52 f5 57 28 bc c5 fb f9 bc 2d 4e b9 f8 Aug 26 13:09:10.938791: | cleartext fragment 46 54 c7 95 41 a7 a4 b4 d3 b3 fe 55 4b df f5 c3 Aug 26 13:09:10.938794: | cleartext fragment 78 39 8b 4e 04 57 c0 1d 5b 17 3c 28 eb 40 9d 1d Aug 26 13:09:10.938796: | cleartext fragment 7c b3 bb 0f f0 63 c7 c0 84 b0 4e e4 a9 7c c5 4b Aug 26 13:09:10.938799: | cleartext fragment 08 43 a6 2d 00 22 fd 98 d4 03 d0 ad 97 85 d1 48 Aug 26 13:09:10.938801: | cleartext fragment 15 d3 e4 e5 2d 46 7c ab 41 97 05 27 61 77 3d b6 Aug 26 13:09:10.938805: | cleartext fragment b1 58 a0 5f e0 8d 26 84 9b 03 20 ce 5e 27 7f 7d Aug 26 13:09:10.938807: | cleartext fragment 14 03 b6 9d 6b 9f fd 0c d4 c7 2d eb be ea 62 87 Aug 26 13:09:10.938811: | cleartext fragment fa 99 e0 a6 1c 85 4f 34 da 93 2e 5f db 03 10 58 Aug 26 13:09:10.938813: | cleartext fragment a8 c4 99 17 2d b1 bc e5 7b bd af 0e 28 aa a5 74 Aug 26 13:09:10.938816: | cleartext fragment ea 69 74 5e fa 2c c3 00 3c 2f 58 d0 20 cf e3 46 Aug 26 13:09:10.938819: | cleartext fragment 8d de aa f9 f7 30 5c 16 05 04 89 4c 92 9b 8a 33 Aug 26 13:09:10.938821: | cleartext fragment 11 70 83 17 58 24 2a 4b ab be b6 ec 84 9c 78 9c Aug 26 13:09:10.938824: | cleartext fragment 11 04 2a 02 ce 27 83 a1 1f 2b 38 3f 27 7d Aug 26 13:09:10.938826: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.938829: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.938833: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.938835: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.938840: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.938852: | **emit ISAKMP Message: Aug 26 13:09:10.938855: | initiator cookie: Aug 26 13:09:10.938857: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.938860: | responder cookie: Aug 26 13:09:10.938862: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.938865: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.938868: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.938871: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.938874: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.938877: | Message ID: 1 (0x1) Aug 26 13:09:10.938880: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.938883: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.938886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.938889: | flags: none (0x0) Aug 26 13:09:10.938892: | fragment number: 3 (0x3) Aug 26 13:09:10.938894: | total fragments: 5 (0x5) Aug 26 13:09:10.938898: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.938901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.938905: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.938908: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.938912: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.938916: | cleartext fragment 46 94 63 ff 64 59 4e 6c 87 ca 3e e6 31 df 1e 7d Aug 26 13:09:10.938918: | cleartext fragment 48 88 02 c7 9d fa 4a d7 f2 5b a5 fd 7f 1b c6 dc Aug 26 13:09:10.938921: | cleartext fragment 1a bb a6 c4 f8 32 cd bf a7 0b 71 8b 2b 31 41 17 Aug 26 13:09:10.938924: | cleartext fragment 25 a4 18 52 7d 32 fc 0f 5f b8 bb ca e1 94 1a 42 Aug 26 13:09:10.938926: | cleartext fragment 4d 1f 37 16 67 84 ae b4 32 42 9c 5a 91 71 62 b4 Aug 26 13:09:10.938929: | cleartext fragment 4b 07 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Aug 26 13:09:10.938931: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Aug 26 13:09:10.938934: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Aug 26 13:09:10.938937: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 13:09:10.938940: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.938942: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Aug 26 13:09:10.938945: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Aug 26 13:09:10.938948: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Aug 26 13:09:10.938951: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Aug 26 13:09:10.938953: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Aug 26 13:09:10.938956: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Aug 26 13:09:10.938959: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.938961: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Aug 26 13:09:10.938964: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Aug 26 13:09:10.938967: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:09:10.938969: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.938972: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Aug 26 13:09:10.938974: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Aug 26 13:09:10.938977: | cleartext fragment 03 81 81 00 3a 56 a3 7d b1 4e 62 2f 82 0d e3 fe Aug 26 13:09:10.938980: | cleartext fragment 74 40 ef cb eb 93 ea ad e4 74 8b 80 6f ae 8b 65 Aug 26 13:09:10.938984: | cleartext fragment 87 12 a6 24 0d 21 9c 5f 70 5c 6f d9 66 8d 98 8b Aug 26 13:09:10.938987: | cleartext fragment ea 59 f8 96 52 6a 6c 86 d6 7d ba 37 a9 8c 33 8c Aug 26 13:09:10.938990: | cleartext fragment 77 18 23 0b 1b 2a 66 47 e7 95 94 e6 75 84 30 d4 Aug 26 13:09:10.938992: | cleartext fragment db b8 23 eb 89 82 a9 fd ed 46 8b ce 46 7f f9 19 Aug 26 13:09:10.938995: | cleartext fragment 8f 49 da 29 2e 1e 97 cd 12 42 86 c7 57 fc Aug 26 13:09:10.938998: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.939001: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.939004: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.939007: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.939009: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.939019: | **emit ISAKMP Message: Aug 26 13:09:10.939022: | initiator cookie: Aug 26 13:09:10.939025: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.939028: | responder cookie: Aug 26 13:09:10.939031: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939034: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.939037: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.939041: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.939044: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.939046: | Message ID: 1 (0x1) Aug 26 13:09:10.939049: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.939052: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.939055: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.939057: | flags: none (0x0) Aug 26 13:09:10.939060: | fragment number: 4 (0x4) Aug 26 13:09:10.939062: | total fragments: 5 (0x5) Aug 26 13:09:10.939065: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.939068: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.939071: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.939073: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.939079: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.939081: | cleartext fragment 4f 0a 19 26 8a a1 0d 26 81 4d 53 f4 5c 92 a1 03 Aug 26 13:09:10.939083: | cleartext fragment 03 8d 6c 51 33 cc 21 00 01 88 01 00 00 00 a9 e7 Aug 26 13:09:10.939084: | cleartext fragment 66 1a fd 50 65 bd cb c8 41 11 79 e3 c4 a2 9b 00 Aug 26 13:09:10.939086: | cleartext fragment 26 ea 24 ed 14 e9 5a 05 c9 fa d8 4a 86 3c 16 6f Aug 26 13:09:10.939087: | cleartext fragment 6e 43 41 60 54 e9 fa 1f c7 af c0 49 44 ab 0a c3 Aug 26 13:09:10.939089: | cleartext fragment 5f 99 17 b0 4e 46 a9 9e 56 39 22 1d d7 37 65 b4 Aug 26 13:09:10.939090: | cleartext fragment f8 1f 44 e4 4d fa 5a 03 16 d7 9f 82 2f a9 22 74 Aug 26 13:09:10.939092: | cleartext fragment 7e 0b eb 60 1b 2f 1c b6 11 cf d1 4a 65 18 91 49 Aug 26 13:09:10.939094: | cleartext fragment 4b 9f d5 d6 65 94 21 62 26 2b c9 29 d9 65 1f fa Aug 26 13:09:10.939095: | cleartext fragment b1 cb ed f5 37 49 c9 16 5b 8b 09 66 51 40 18 6f Aug 26 13:09:10.939097: | cleartext fragment c0 2d 98 e5 30 e2 a8 d2 08 b2 9c 40 c4 15 aa f4 Aug 26 13:09:10.939098: | cleartext fragment 09 dc 54 c5 a4 98 07 e9 18 c9 82 a2 3e 54 37 c1 Aug 26 13:09:10.939100: | cleartext fragment 26 02 6d 02 5a e2 3e 44 ac 97 da d5 cd ac 5c 66 Aug 26 13:09:10.939101: | cleartext fragment 8f 79 e9 15 1d f0 e9 63 99 77 19 ad eb 48 73 7a Aug 26 13:09:10.939103: | cleartext fragment 1d 67 34 cb b5 d3 05 8d e8 45 8e 94 0e a3 fa 14 Aug 26 13:09:10.939104: | cleartext fragment e8 aa d0 d9 0e 2d da e0 fc 51 0a 46 32 d0 74 e0 Aug 26 13:09:10.939107: | cleartext fragment fe 12 ba 8b 5b 85 b5 0b 98 1d 58 d9 55 ab a7 1b Aug 26 13:09:10.939109: | cleartext fragment 0e c2 44 06 eb b2 1d 45 1f e9 78 5a 09 ae 85 2c Aug 26 13:09:10.939111: | cleartext fragment 0c 3d f5 50 21 0c b1 a2 7f 23 76 a0 b2 69 d1 d7 Aug 26 13:09:10.939112: | cleartext fragment ba 58 af f1 7c 28 0d 7e 05 b3 10 fa 8a 46 ae 37 Aug 26 13:09:10.939114: | cleartext fragment c4 d5 3a 3b 9e d1 d7 78 5a 8d ba 9a 16 b2 75 63 Aug 26 13:09:10.939115: | cleartext fragment f1 ec b6 fb 51 71 e6 89 a1 4a c8 ec 08 40 9e be Aug 26 13:09:10.939117: | cleartext fragment e2 6a 28 20 96 a0 95 50 fe d7 5b 5f 4d 4c 87 22 Aug 26 13:09:10.939118: | cleartext fragment 88 65 62 6c ac 7f e5 95 27 75 1d 05 07 36 fa 71 Aug 26 13:09:10.939120: | cleartext fragment a1 8c 35 40 01 a8 9c 48 ce 7a 1e 39 2d 88 83 0d Aug 26 13:09:10.939121: | cleartext fragment 57 93 bc 30 f9 76 7a 05 74 b3 43 0b be da 2c 00 Aug 26 13:09:10.939123: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 7e 40 a7 ce 03 00 Aug 26 13:09:10.939124: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 13:09:10.939126: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Aug 26 13:09:10.939128: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Aug 26 13:09:10.939129: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.939131: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.939133: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.939135: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.939136: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.939142: | **emit ISAKMP Message: Aug 26 13:09:10.939144: | initiator cookie: Aug 26 13:09:10.939146: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.939147: | responder cookie: Aug 26 13:09:10.939149: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939150: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.939152: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.939154: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.939155: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.939157: | Message ID: 1 (0x1) Aug 26 13:09:10.939159: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.939160: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.939162: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.939164: | flags: none (0x0) Aug 26 13:09:10.939165: | fragment number: 5 (0x5) Aug 26 13:09:10.939167: | total fragments: 5 (0x5) Aug 26 13:09:10.939169: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.939170: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.939172: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.939174: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.939176: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.939178: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Aug 26 13:09:10.939180: | cleartext fragment c0 00 02 ff Aug 26 13:09:10.939181: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.939183: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.939185: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.939187: | emitting length of IKEv2 Encrypted Fragment: 53 Aug 26 13:09:10.939188: | emitting length of ISAKMP Message: 81 Aug 26 13:09:10.939194: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:09:10.939200: | #1 spent 15 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:09:10.939207: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.939211: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.939215: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:09:10.939217: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:09:10.939220: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:10.939223: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:09:10.939227: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:10.939231: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.939234: | pstats #2 ikev2.child established Aug 26 13:09:10.939243: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:10.939248: | NAT-T: encaps is 'auto' Aug 26 13:09:10.939252: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xac7974ac <0x7e40a7ce xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:09:10.939258: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:10.939260: | sending fragments ... Aug 26 13:09:10.939268: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.939272: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939274: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 13:09:10.939277: | 00 01 00 05 eb 5c c1 f7 69 6e 94 a2 78 a2 4c 2b Aug 26 13:09:10.939279: | 17 4d b6 a6 c6 b7 9b ff be d9 3e c9 a0 2c 4a 83 Aug 26 13:09:10.939281: | 99 5d 3c f0 d2 b6 6c 1f d6 2f 8a a3 a2 f0 4f f8 Aug 26 13:09:10.939284: | ea 07 23 81 dd d1 a4 17 c7 8f 6f 70 0e 9e 5e a0 Aug 26 13:09:10.939286: | c5 5f 1b bf 34 63 36 a9 70 70 09 92 f5 87 a0 ca Aug 26 13:09:10.939304: | 43 8d 56 e6 0a fe c5 10 a2 ea d8 50 9e b1 f7 fd Aug 26 13:09:10.939308: | e8 c5 f3 b3 5c d9 64 28 fb f5 b2 8c 9f 10 7b f5 Aug 26 13:09:10.939310: | 77 c5 c8 14 c8 a1 88 5e 09 0d 99 1a 49 1f 84 f7 Aug 26 13:09:10.939313: | e6 fe 03 6f 8b f2 23 48 ab ed 33 93 83 e3 f4 41 Aug 26 13:09:10.939315: | 23 d6 69 77 25 18 fd 4f 9c 48 76 4b f2 8f 51 73 Aug 26 13:09:10.939318: | 59 11 4e d3 39 9c 85 8e ae 07 af 9b d3 5c 86 70 Aug 26 13:09:10.939320: | 84 c7 fd 23 79 c5 b5 6c 48 2d b2 d8 85 12 7c e4 Aug 26 13:09:10.939323: | 7d ae fb 38 a8 60 c8 f9 17 83 dd eb cb e2 bc 85 Aug 26 13:09:10.939325: | 81 e3 80 76 c0 0c af 75 e7 13 cc 0e 4a f4 0f d8 Aug 26 13:09:10.939327: | bd 4e 1e 0d dd c6 44 3b aa f6 f8 e1 83 e6 e9 1d Aug 26 13:09:10.939330: | fe 02 b8 ea 10 9f 26 61 0a 82 29 ad d0 e5 1c 3f Aug 26 13:09:10.939332: | ed 26 44 d3 0e ce b8 38 ef e2 e3 bf ff 0f c9 1f Aug 26 13:09:10.939335: | 02 e5 78 ef 3a 37 4e 5b 85 07 77 7f 7b 5c d7 6e Aug 26 13:09:10.939337: | b4 34 36 60 f1 a2 72 f3 82 92 fc 3e a7 05 99 07 Aug 26 13:09:10.939340: | fb ab 56 ca 90 61 d4 fb d3 75 72 60 ac f0 59 67 Aug 26 13:09:10.939343: | ce c9 62 ea ab c3 11 44 39 1a a8 1b 28 f2 05 68 Aug 26 13:09:10.939345: | 8e ff 4f d7 a0 c3 47 8f c4 18 15 a8 fe 48 37 58 Aug 26 13:09:10.939348: | 0f 69 91 92 3a 30 89 e6 da f5 da 29 43 0d 98 94 Aug 26 13:09:10.939350: | 4b bc cf b4 f2 45 ec 8e a0 db da 25 a9 ff 9b 21 Aug 26 13:09:10.939353: | 5d a8 a6 1d f5 a3 09 90 9d fa 1c c9 84 0b ac 7a Aug 26 13:09:10.939357: | 01 71 49 9d 51 e4 89 4f 47 85 df 7f 25 c9 17 98 Aug 26 13:09:10.939359: | 64 b0 47 39 74 1e 25 b6 00 5c 87 c3 3a 6c ec 6b Aug 26 13:09:10.939362: | 3d 53 67 f1 19 60 c7 cc d6 c3 96 bc 54 5d 9a b2 Aug 26 13:09:10.939365: | a7 b6 8a 35 d3 a4 d3 c0 78 39 1d a2 34 6a 92 f7 Aug 26 13:09:10.939368: | 59 89 a4 83 fc 8b cc 53 07 9f 9e 80 6d 44 37 28 Aug 26 13:09:10.939370: | e3 c5 dd 4e ee 26 05 6b 95 44 9d 76 c7 ad c2 fd Aug 26 13:09:10.939373: | 49 19 2f fb cf fd a6 f8 a4 84 21 Aug 26 13:09:10.939433: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.939439: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939442: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.939445: | 00 02 00 05 3f e9 3d d7 60 2c 3f 24 3d 5b 0f c1 Aug 26 13:09:10.939447: | 20 a5 7f fe ac 68 f2 a1 96 4a a7 53 45 4c 68 3d Aug 26 13:09:10.939450: | b8 27 b7 f2 de 04 74 77 e0 b8 cf 7e a6 38 66 21 Aug 26 13:09:10.939452: | 57 d9 b8 36 44 9c ba 72 31 02 c0 67 62 53 71 40 Aug 26 13:09:10.939455: | 4b f5 a5 a4 35 b3 4f 3d 78 7b e9 7e 3b 3b 98 22 Aug 26 13:09:10.939458: | b1 ba d4 49 d5 c5 ad ed db e9 38 9f 91 a8 1e 46 Aug 26 13:09:10.939461: | e1 fd 86 c3 8f 19 f7 c9 35 60 b1 74 ea 89 31 9b Aug 26 13:09:10.939463: | 9d 29 1d 62 55 f0 f1 d2 dd a2 5c 4c d8 9a d4 19 Aug 26 13:09:10.939466: | a4 ce 14 f4 fe f5 bf c0 42 21 34 13 f6 e0 e6 68 Aug 26 13:09:10.939468: | fc f4 ce ca 4b f7 2a 3f 98 bb e2 8c 49 5e 23 b7 Aug 26 13:09:10.939471: | 63 95 34 8a 4c ea f8 18 66 59 69 6c 19 83 e1 96 Aug 26 13:09:10.939474: | cc 42 4b a1 95 bf 35 e8 ba 76 ef 20 eb 56 9d 6b Aug 26 13:09:10.939476: | d9 4c 4d e5 2e 89 4f 5e 64 76 4e bb 83 81 99 a8 Aug 26 13:09:10.939479: | 06 ea f9 cb 16 1c b2 83 83 4e dc 7d 91 ea ea e8 Aug 26 13:09:10.939481: | f0 59 8d 8d 72 26 8e d5 9d 0f d0 90 1e b0 5c 6f Aug 26 13:09:10.939484: | fc 94 ce 41 2e 4f 22 03 26 b0 27 dc aa 43 32 5d Aug 26 13:09:10.939487: | 3f c0 96 17 ff f2 f8 31 ab 7f 0c 7a 6e 01 86 f7 Aug 26 13:09:10.939489: | af aa f2 e2 9b c7 b4 27 07 9e be e3 27 82 e7 1d Aug 26 13:09:10.939492: | c2 1d 38 f2 37 7d ff 81 e8 d4 7c 4a d3 f8 b8 be Aug 26 13:09:10.939495: | c5 4b e8 45 75 9c 0f bd 07 cb 8e 5f 21 a3 f2 87 Aug 26 13:09:10.939497: | d6 32 54 0e 2a f0 99 f5 d5 28 a2 c3 8a ea eb 45 Aug 26 13:09:10.939500: | 69 c5 8b 5a 5e 3f d8 19 c9 45 f2 80 75 12 16 7a Aug 26 13:09:10.939504: | 0c 22 6a b6 de 35 a0 5b 73 95 de 9a f5 97 41 5b Aug 26 13:09:10.939506: | 83 3c 6e 24 f8 a5 78 55 49 8f 95 5b db 55 f0 e1 Aug 26 13:09:10.939509: | 56 69 e4 6c 6e a7 22 f4 23 53 d9 50 47 ef 19 16 Aug 26 13:09:10.939512: | fa 70 ea 6a 40 28 07 04 e7 54 5e ad a6 13 8e ad Aug 26 13:09:10.939514: | 43 9d 05 f8 4e e5 87 70 38 4b 4e 28 e5 c5 00 c0 Aug 26 13:09:10.939517: | d6 3b 63 70 dd f0 9b 27 84 6e fb 2b b0 39 21 9a Aug 26 13:09:10.939520: | 02 2a b5 bb 67 69 38 f0 66 6e b9 b0 66 97 4e f7 Aug 26 13:09:10.939522: | 6d 6e 5d 2b af 44 7d f6 b5 54 e5 de 2f b7 46 ed Aug 26 13:09:10.939525: | 25 d4 8d c4 74 02 e9 70 1e f9 7d f2 74 18 f2 81 Aug 26 13:09:10.939528: | e0 df 5b fc 6f 6a d7 36 25 e4 f8 Aug 26 13:09:10.939555: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.939560: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939562: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.939565: | 00 03 00 05 4f 4e d7 06 74 fb d2 a5 38 95 98 b3 Aug 26 13:09:10.939567: | 8b 3c 5a 5f be ce 49 f7 5e 54 51 dd 51 48 e5 46 Aug 26 13:09:10.939570: | 41 33 4f d6 82 69 6f 53 fe 8e 33 ae 1a b9 59 e7 Aug 26 13:09:10.939572: | 6d 3b 62 45 41 6e d8 62 60 fb 0d 36 79 1b b8 a0 Aug 26 13:09:10.939575: | 1d 33 a8 1c 62 f6 0e c4 b5 88 71 c4 87 22 72 83 Aug 26 13:09:10.939578: | d2 71 7a b3 56 26 82 34 10 b0 3c 5b f0 53 71 53 Aug 26 13:09:10.939582: | b2 b1 30 b2 40 14 63 a5 1e d0 fd 9e 1a a9 d4 6a Aug 26 13:09:10.939585: | 9c 1c 03 2a 24 ae c8 9b a2 88 25 36 4e 58 09 6f Aug 26 13:09:10.939588: | 30 67 0b cb d5 4a 90 50 4e f9 f6 45 9c 7b 87 50 Aug 26 13:09:10.939590: | 13 b2 2b 82 d2 5a 6e 89 c3 eb 3d e8 8a 39 cc 37 Aug 26 13:09:10.939593: | 84 06 96 4e 09 f8 2f 68 11 63 97 df 86 c3 d3 4b Aug 26 13:09:10.939595: | 92 6a 91 ce cc 55 56 66 be 8f 80 d2 96 7a 78 7c Aug 26 13:09:10.939598: | d7 da 42 da d8 63 3f 7f a6 ec 30 72 8e 43 3a 2c Aug 26 13:09:10.939600: | 61 7c 46 b3 41 6b 37 f2 1d 12 20 7a 52 8c 83 8f Aug 26 13:09:10.939603: | 78 ad c0 dd 07 07 2c 94 0d 7a 87 8b 21 89 a4 d7 Aug 26 13:09:10.939605: | e3 f8 3a 1b c8 97 33 47 1f ad 42 d0 2f 6f a1 57 Aug 26 13:09:10.939608: | 27 a7 da 05 0f 0c 1b e1 55 b9 e7 4d 14 b6 f2 af Aug 26 13:09:10.939611: | 1b 1c 43 e3 60 36 b8 d1 94 79 4e f5 9b fb 21 4b Aug 26 13:09:10.939613: | fb 15 2a 4e 41 a8 c0 f3 d8 74 2c 0e a6 c7 af ad Aug 26 13:09:10.939616: | 40 88 62 7e 03 84 dc b5 ae 5f a0 cd 0f ce c1 d1 Aug 26 13:09:10.939618: | 7d 2b fd 9f 3c ef 36 d9 ff 7d 25 49 4b 9f 40 da Aug 26 13:09:10.939621: | ce 9a e3 15 20 6a ca 31 d8 98 67 49 6a 15 02 7d Aug 26 13:09:10.939623: | a7 67 c2 c2 19 78 8b 0a fc 63 73 f9 40 e4 10 23 Aug 26 13:09:10.939625: | c1 43 a5 b8 2d 39 e0 fe 43 38 1d fc af dc f0 b0 Aug 26 13:09:10.939628: | 3d 1a af 7b 20 31 be 93 5b d6 0d bf 18 fb f8 fa Aug 26 13:09:10.939630: | c1 e4 b9 e7 0e 50 bc a4 50 e1 88 f3 d8 03 e5 06 Aug 26 13:09:10.939633: | c5 6c 78 a3 e9 92 6c 74 a9 bc 06 9b 1d 07 30 9c Aug 26 13:09:10.939635: | 48 2f ba ba 08 df 23 c2 8c e7 44 ef c8 88 62 1a Aug 26 13:09:10.939638: | fd 40 52 fb 22 82 65 d7 8f c1 93 9e 31 26 9e e4 Aug 26 13:09:10.939640: | 05 d1 a1 84 a6 da 25 34 90 e1 4d 0d 25 1a 95 ea Aug 26 13:09:10.939643: | 9c 9d 32 63 3d b6 c1 77 3d 14 51 3d d2 25 69 77 Aug 26 13:09:10.939645: | 37 74 76 fd ed 20 92 8c 46 4b 1f Aug 26 13:09:10.939663: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.939667: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939670: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.939672: | 00 04 00 05 34 d0 c2 4a aa 3b 48 cd 8a fe 46 fc Aug 26 13:09:10.939675: | 4e 03 4a 5d 90 ab 1d 95 58 ef c1 e8 82 d1 eb d7 Aug 26 13:09:10.939677: | a5 d4 bc b2 53 03 46 9e a4 e5 a9 af dd e4 99 97 Aug 26 13:09:10.939680: | 54 87 51 e4 10 35 7b 1c 06 3a 11 7c 5c a1 11 7e Aug 26 13:09:10.939682: | f7 7b 74 33 8e 35 2b bf dc bf f2 69 e2 cb 40 1f Aug 26 13:09:10.939685: | c5 b4 fa f8 f3 3c d1 a9 cd 1e 65 70 97 c1 8a 35 Aug 26 13:09:10.939687: | 13 8f e2 03 c5 30 4a da e6 78 a6 75 96 56 4f 30 Aug 26 13:09:10.939690: | e5 3c 32 e9 3e 2d 26 8e b1 3c fe cb be 4d 4b 19 Aug 26 13:09:10.939692: | 2d 55 36 51 4e ed 68 66 4e 36 25 8b fb eb b1 5a Aug 26 13:09:10.939695: | 13 11 58 6b 17 5d a2 1a 1d c9 d1 70 b2 f3 8b 3c Aug 26 13:09:10.939698: | 44 8f 54 82 1b f9 c5 1f e3 47 6d cb 5c 51 04 43 Aug 26 13:09:10.939700: | ab f1 2d 4c b1 8d b9 80 33 9e 56 1d 28 e4 90 ea Aug 26 13:09:10.939703: | 9f 49 19 80 eb 28 e8 26 6a b9 8e f2 4a 55 cc 89 Aug 26 13:09:10.939705: | 37 9f 97 52 c1 8f f8 6b 55 6c 65 1b dc 53 0b a8 Aug 26 13:09:10.939707: | e9 3d 47 ab d2 2c 87 43 80 e6 93 06 77 da 4c 67 Aug 26 13:09:10.939710: | a3 30 e7 36 5c bc c8 8c 33 a3 cb 8d 99 df e1 0a Aug 26 13:09:10.939713: | 3b 42 8f b8 6d 40 70 f7 c3 81 4d 24 cd 33 e9 c2 Aug 26 13:09:10.939715: | 19 91 f0 c8 41 f1 e8 32 12 8a 61 a3 a5 a8 d7 2c Aug 26 13:09:10.939718: | fa a3 ea 5f f4 20 7f 58 d7 37 d9 f6 52 af e1 18 Aug 26 13:09:10.939720: | df 47 ca 97 6e 18 a5 b8 6c 68 cc 2c e1 6a 1c 9f Aug 26 13:09:10.939722: | 61 99 ce f2 f7 58 87 4d d8 b1 3f f3 46 fc 54 57 Aug 26 13:09:10.939725: | c9 be a4 d2 ca 03 aa a8 4d 42 6a 4b 7a 3a a2 bf Aug 26 13:09:10.939729: | ee d4 f1 fa e5 ac 86 c8 e5 89 80 ea 98 cc 80 b4 Aug 26 13:09:10.939732: | 42 7a 61 9f 9d a8 f7 d6 8a 0d 03 58 b1 16 13 66 Aug 26 13:09:10.939734: | 7c c3 61 c1 d5 cc 3f 24 0f 05 aa c1 7a 42 34 ec Aug 26 13:09:10.939736: | 4c 1d 21 5c 2d 9a c8 85 f7 79 51 3a 4c 61 e0 3e Aug 26 13:09:10.939739: | 97 07 c2 8d 76 64 5b 12 73 33 3d 73 b8 88 24 7e Aug 26 13:09:10.939742: | 84 52 16 cd 5b 6c 0d 48 74 5e fa 6d 4b ca 6d 4f Aug 26 13:09:10.939744: | c1 95 a2 5f 78 40 a0 b8 37 20 34 98 e8 59 27 68 Aug 26 13:09:10.939747: | 10 c6 1d 16 2c 5f 52 f3 fc 22 80 0e 15 36 09 50 Aug 26 13:09:10.939749: | 5e 73 98 7e 3b 07 a7 39 6c 65 73 1b d6 17 c3 e6 Aug 26 13:09:10.939752: | e1 c2 9d aa 1d da a3 47 9a 43 8c Aug 26 13:09:10.939768: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.939772: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.939775: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 13:09:10.939777: | 00 05 00 05 39 9f 6d 50 ce 3a 22 a2 29 1d 4d fa Aug 26 13:09:10.939780: | 21 68 eb f8 68 4e db f1 84 c9 9c 01 5b 68 ad b7 Aug 26 13:09:10.939782: | e1 1b 5b 97 1e 70 67 10 11 6d 90 67 f1 c0 13 11 Aug 26 13:09:10.939784: | 96 Aug 26 13:09:10.939795: | sent 5 fragments Aug 26 13:09:10.939799: | releasing whack for #2 (sock=fd@-1) Aug 26 13:09:10.939802: | releasing whack and unpending for parent #1 Aug 26 13:09:10.939805: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 13:09:10.939810: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:10.939815: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc8f8002b78 Aug 26 13:09:10.939819: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:09:10.939823: | libevent_malloc: new ptr-libevent@0x55560f5021e8 size 128 Aug 26 13:09:10.939841: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.939852: | #1 spent 15.8 milliseconds in resume sending helper answer Aug 26 13:09:10.939859: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.939865: | libevent_free: release ptr-libevent@0x7fc8f0000f48 Aug 26 13:09:10.939885: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.939891: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.939897: | spent 0.00593 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.939900: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.939904: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.939909: | spent 0.00427 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.939912: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.939916: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.939920: | spent 0.00432 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.982588: | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.982615: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.982619: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.982621: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 13:09:10.982622: | 68 cc d7 3b 26 97 37 c6 8b 07 1e d8 92 eb bc 16 Aug 26 13:09:10.982624: | 38 48 90 6e 85 24 03 97 2b 7c 38 12 f9 b9 3c 4f Aug 26 13:09:10.982625: | 42 ef 6d 87 70 94 ad 84 4b 7a 3d db a6 70 09 67 Aug 26 13:09:10.982627: | 13 13 ed ec f8 97 ad 9a 7c d0 e5 62 7e 3c 31 cc Aug 26 13:09:10.982629: | e6 01 6e 4e a3 38 bc 75 57 7a 7c 9e 12 02 de 9f Aug 26 13:09:10.982630: | 05 8b f5 2c 8e 06 bf 5e cc 20 ba 59 c3 a5 5e a3 Aug 26 13:09:10.982632: | dd 73 bd ec 6b a4 14 de ee 6d b5 d3 03 4b f7 ac Aug 26 13:09:10.982633: | c9 df 63 e9 0e e7 10 7e 09 fa bc d7 b9 3c d5 d5 Aug 26 13:09:10.982635: | 88 3b ab 62 f9 7e 75 06 d4 a8 3c ec c4 8f cc 7c Aug 26 13:09:10.982636: | 4e 2e 10 a3 b6 40 a2 f5 9b 88 fa 2a 8d 58 dc e0 Aug 26 13:09:10.982640: | 82 3e e5 03 74 f6 16 5a cb e8 5a 47 5f ca 8c e2 Aug 26 13:09:10.982641: | 45 e2 fe df 31 65 00 8d f1 42 c1 35 a4 2d 1b f5 Aug 26 13:09:10.982643: | f3 cd 1f 87 cb ac a5 5a f3 8e de 27 70 86 02 66 Aug 26 13:09:10.982644: | 9d dc 8f 70 28 4e de ba 54 05 e8 05 37 53 93 b2 Aug 26 13:09:10.982646: | fd b2 f5 9b d9 ef 3c 53 ab 20 77 4b b6 f5 16 ad Aug 26 13:09:10.982647: | aa e3 a8 e0 85 36 9e 9e 72 b6 a4 a5 a8 52 c0 08 Aug 26 13:09:10.982649: | 1a b9 9f d0 67 da ad 89 64 72 cb a1 f4 f8 71 5a Aug 26 13:09:10.982650: | 6a 8b 91 6d 92 ee 86 1c 3c 23 2e c3 30 e6 06 e6 Aug 26 13:09:10.982652: | 96 56 bc 10 31 4c 60 34 fe 55 45 b1 64 48 63 04 Aug 26 13:09:10.982654: | 89 e4 2c 7a 01 97 69 da 96 7e a7 bc 19 6c 23 8d Aug 26 13:09:10.982655: | 6e b8 c0 e4 8a f4 74 06 93 c9 cc db 0c 77 55 f8 Aug 26 13:09:10.982657: | 31 b1 8a 0a 66 bb d6 dc 7b e8 cd a5 b8 38 f5 ef Aug 26 13:09:10.982658: | 2a 56 d8 51 80 24 a3 8f 3c 9e 8a 03 59 74 37 2b Aug 26 13:09:10.982660: | 0d 10 b8 d9 15 79 32 bc ae e6 77 73 c1 fb 5e af Aug 26 13:09:10.982661: | 0c eb a3 d2 f6 d9 59 8d b9 3e 4e ac a1 b1 8c 88 Aug 26 13:09:10.982663: | 55 1a 1e 2c d8 82 06 91 34 40 2e ea 6a 76 b3 dd Aug 26 13:09:10.982664: | e4 2a 22 49 32 8b a6 ee 07 51 6b 9b 10 52 ed 22 Aug 26 13:09:10.982666: | e3 33 e9 45 8b 97 27 c9 7c 7f c3 74 f2 db 69 71 Aug 26 13:09:10.982667: | 3e 08 47 62 61 ea 9d 6b 76 57 37 ff 4d 56 36 92 Aug 26 13:09:10.982669: | db b1 93 b6 4d 2c 25 b4 e4 49 5b ac e5 c1 1b 1a Aug 26 13:09:10.982670: | 47 c3 06 2f 9a 08 63 24 06 f9 64 f2 e0 17 65 6b Aug 26 13:09:10.982672: | 63 bb ac 62 8e 13 22 3a 15 19 b2 f7 cb 3f a1 61 Aug 26 13:09:10.982673: | 13 e1 45 f1 0c 8a b9 ec d3 9c 19 ed a9 63 b4 39 Aug 26 13:09:10.982675: | bd 49 3a b6 53 ac 02 45 56 54 86 85 23 fe f0 f7 Aug 26 13:09:10.982676: | 95 49 bc db 8d 7e a3 3c a0 f2 a3 b2 b8 28 8a 92 Aug 26 13:09:10.982678: | 74 54 e5 4f 96 28 d7 0a b2 Aug 26 13:09:10.982681: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.982684: | **parse ISAKMP Message: Aug 26 13:09:10.982686: | initiator cookie: Aug 26 13:09:10.982687: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.982689: | responder cookie: Aug 26 13:09:10.982690: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.982692: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.982694: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.982696: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:10.982698: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.982699: | Message ID: 2 (0x2) Aug 26 13:09:10.982701: | length: 601 (0x259) Aug 26 13:09:10.982703: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:10.982705: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:09:10.982708: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:09:10.982713: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.982715: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:10.982718: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:10.982720: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:09:10.982723: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 13:09:10.982725: | unpacking clear payload Aug 26 13:09:10.982726: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:10.982728: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:10.982730: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.982732: | flags: none (0x0) Aug 26 13:09:10.982734: | length: 573 (0x23d) Aug 26 13:09:10.982737: | processing payload: ISAKMP_NEXT_v2SK (len=569) Aug 26 13:09:10.982740: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:10.982742: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:09:10.982756: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:10.982759: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.982760: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.982762: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.982764: | flags: none (0x0) Aug 26 13:09:10.982765: | length: 196 (0xc4) Aug 26 13:09:10.982767: | processing payload: ISAKMP_NEXT_v2SA (len=192) Aug 26 13:09:10.982769: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.982770: | **parse IKEv2 Nonce Payload: Aug 26 13:09:10.982772: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.982774: | flags: none (0x0) Aug 26 13:09:10.982775: | length: 36 (0x24) Aug 26 13:09:10.982777: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.982778: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.982780: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.982782: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.982783: | flags: none (0x0) Aug 26 13:09:10.982785: | length: 264 (0x108) Aug 26 13:09:10.982786: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.982788: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.982790: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.982791: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.982793: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.982795: | flags: none (0x0) Aug 26 13:09:10.982796: | length: 24 (0x18) Aug 26 13:09:10.982798: | number of TS: 1 (0x1) Aug 26 13:09:10.982799: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.982801: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.982803: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.982804: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.982806: | flags: none (0x0) Aug 26 13:09:10.982807: | length: 24 (0x18) Aug 26 13:09:10.982809: | number of TS: 1 (0x1) Aug 26 13:09:10.982810: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.982813: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 13:09:10.982815: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:10.982818: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.982822: | creating state object #3 at 0x55560f4fac38 Aug 26 13:09:10.982824: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:09:10.982831: | pstats #3 ikev2.child started Aug 26 13:09:10.982833: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:09:10.982837: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.982844: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.982846: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 13:09:10.982850: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Aug 26 13:09:10.982852: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:10.982855: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:10.982859: | forcing ST #1 to CHILD #1.#3 in FSM processor Aug 26 13:09:10.982861: | Now let's proceed with state specific processing Aug 26 13:09:10.982863: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:10.982866: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:10.982870: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 13:09:10.982874: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.982878: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.982880: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.982882: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.982885: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.982887: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.982889: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.982892: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.982896: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.982899: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:09:10.982901: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.982903: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.982905: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.982906: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.982908: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.982910: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:10.982912: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.982913: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.982915: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.982917: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.982919: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.982922: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:10.982925: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.982928: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.982930: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.982931: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.982933: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.982935: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:10.982936: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.982938: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.982940: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.982941: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.982943: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.982945: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:10.982947: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.982949: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.982950: | length: 40 (0x28) Aug 26 13:09:10.982952: | prop #: 1 (0x1) Aug 26 13:09:10.982953: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.982956: | spi size: 4 (0x4) Aug 26 13:09:10.982958: | # transforms: 3 (0x3) Aug 26 13:09:10.982960: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.982962: | remote SPI c8 91 c1 48 Aug 26 13:09:10.982964: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:10.982966: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982969: | length: 12 (0xc) Aug 26 13:09:10.982971: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.982973: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.982974: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.982976: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.982978: | length/value: 256 (0x100) Aug 26 13:09:10.982981: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.982983: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982986: | length: 8 (0x8) Aug 26 13:09:10.982987: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.982990: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.982993: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.982997: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:09:10.983000: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:09:10.983003: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:09:10.983007: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983010: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.983012: | length: 8 (0x8) Aug 26 13:09:10.983015: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.983018: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.983022: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.983025: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:09:10.983029: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:09:10.983032: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:09:10.983036: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:09:10.983041: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:09:10.983043: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.983047: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.983049: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.983052: | length: 40 (0x28) Aug 26 13:09:10.983054: | prop #: 2 (0x2) Aug 26 13:09:10.983057: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.983059: | spi size: 4 (0x4) Aug 26 13:09:10.983062: | # transforms: 3 (0x3) Aug 26 13:09:10.983065: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.983067: | remote SPI c8 91 c1 48 Aug 26 13:09:10.983070: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.983073: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983078: | length: 12 (0xc) Aug 26 13:09:10.983080: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.983083: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.983085: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.983090: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.983093: | length/value: 128 (0x80) Aug 26 13:09:10.983096: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983101: | length: 8 (0x8) Aug 26 13:09:10.983104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.983107: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.983109: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983112: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.983115: | length: 8 (0x8) Aug 26 13:09:10.983117: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.983120: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.983124: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Aug 26 13:09:10.983127: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Aug 26 13:09:10.983130: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.983131: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.983133: | length: 56 (0x38) Aug 26 13:09:10.983134: | prop #: 3 (0x3) Aug 26 13:09:10.983136: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.983138: | spi size: 4 (0x4) Aug 26 13:09:10.983139: | # transforms: 5 (0x5) Aug 26 13:09:10.983141: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.983143: | remote SPI c8 91 c1 48 Aug 26 13:09:10.983144: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.983146: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983149: | length: 12 (0xc) Aug 26 13:09:10.983151: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.983153: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.983154: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.983156: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.983157: | length/value: 256 (0x100) Aug 26 13:09:10.983159: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983162: | length: 8 (0x8) Aug 26 13:09:10.983164: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.983166: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.983168: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983169: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983171: | length: 8 (0x8) Aug 26 13:09:10.983173: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.983174: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.983176: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983179: | length: 8 (0x8) Aug 26 13:09:10.983181: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.983182: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.983184: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983186: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.983187: | length: 8 (0x8) Aug 26 13:09:10.983189: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.983191: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.983193: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 13:09:10.983195: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 13:09:10.983197: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.983198: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.983200: | length: 56 (0x38) Aug 26 13:09:10.983201: | prop #: 4 (0x4) Aug 26 13:09:10.983203: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.983206: | spi size: 4 (0x4) Aug 26 13:09:10.983207: | # transforms: 5 (0x5) Aug 26 13:09:10.983209: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.983211: | remote SPI c8 91 c1 48 Aug 26 13:09:10.983213: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.983215: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983218: | length: 12 (0xc) Aug 26 13:09:10.983219: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.983221: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.983223: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.983224: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.983226: | length/value: 128 (0x80) Aug 26 13:09:10.983228: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983229: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983231: | length: 8 (0x8) Aug 26 13:09:10.983233: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.983234: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.983236: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983239: | length: 8 (0x8) Aug 26 13:09:10.983241: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.983243: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.983244: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.983247: | length: 8 (0x8) Aug 26 13:09:10.983249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.983251: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.983252: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.983254: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.983256: | length: 8 (0x8) Aug 26 13:09:10.983257: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.983259: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.983261: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 13:09:10.983263: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 13:09:10.983267: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=c891c148;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.983270: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=c891c148;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.983272: | converting proposal to internal trans attrs Aug 26 13:09:10.983276: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:09:10.983278: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 13:09:10.983280: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.983282: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.983284: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.983285: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.983287: | length: 16 (0x10) Aug 26 13:09:10.983296: | start port: 0 (0x0) Aug 26 13:09:10.983298: | end port: 65535 (0xffff) Aug 26 13:09:10.983300: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.983301: | TS low c0 00 03 00 Aug 26 13:09:10.983303: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.983305: | TS high c0 00 03 ff Aug 26 13:09:10.983306: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.983310: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.983311: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.983313: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.983314: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.983316: | length: 16 (0x10) Aug 26 13:09:10.983318: | start port: 0 (0x0) Aug 26 13:09:10.983319: | end port: 65535 (0xffff) Aug 26 13:09:10.983321: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.983322: | TS low c0 00 16 00 Aug 26 13:09:10.983324: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.983325: | TS high c0 00 16 ff Aug 26 13:09:10.983327: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.983328: | looking for best SPD in current connection Aug 26 13:09:10.983333: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.983336: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983340: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.983342: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.983357: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.983359: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.983361: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.983363: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983380: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:10.983382: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.983383: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.983385: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.983387: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.983388: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.983390: | found better spd route for TSi[0],TSr[0] Aug 26 13:09:10.983392: | looking for better host pair Aug 26 13:09:10.983395: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.983398: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:10.983400: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 13:09:10.983409: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.983411: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.983413: | results matched Aug 26 13:09:10.983417: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.983420: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.983423: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.983427: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983430: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.983432: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.983433: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.983435: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.983437: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.983440: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983443: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:10.983446: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.983447: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.983449: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.983451: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.983452: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.983454: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 13:09:10.983460: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.983462: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.983464: | results matched Aug 26 13:09:10.983467: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.983471: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.983474: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:10.983476: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983479: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.983481: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.983483: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.983485: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.983487: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.983489: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.983492: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Aug 26 13:09:10.983494: | did not find a better connection using host pair Aug 26 13:09:10.983496: | printing contents struct traffic_selector Aug 26 13:09:10.983497: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.983499: | ipprotoid: 0 Aug 26 13:09:10.983501: | port range: 0-65535 Aug 26 13:09:10.983503: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:10.983504: | printing contents struct traffic_selector Aug 26 13:09:10.983506: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.983507: | ipprotoid: 0 Aug 26 13:09:10.983509: | port range: 0-65535 Aug 26 13:09:10.983511: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.983514: | adding Child Responder KE and nonce nr work-order 3 for state #3 Aug 26 13:09:10.983516: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f2088 Aug 26 13:09:10.983519: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:10.983522: | libevent_malloc: new ptr-libevent@0x7fc8f0000f48 size 128 Aug 26 13:09:10.983524: | libevent_realloc: release ptr-libevent@0x55560f47c4c8 Aug 26 13:09:10.983527: | libevent_realloc: new ptr-libevent@0x55560f4e5f38 size 128 Aug 26 13:09:10.983537: | #3 spent 0.667 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 13:09:10.983541: | crypto helper 3 resuming Aug 26 13:09:10.983543: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.983551: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:09:10.983559: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.983562: | crypto helper 3 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Aug 26 13:09:10.983563: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:10.983567: | suspending state #3 and saving MD Aug 26 13:09:10.983572: | #3 is busy; has a suspended MD Aug 26 13:09:10.983577: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.983581: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.983585: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.983590: | #1 spent 0.983 milliseconds in ikev2_process_packet() Aug 26 13:09:10.983594: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.983597: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.983600: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.983605: | spent 0.998 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.984158: | crypto helper 3 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000596 seconds Aug 26 13:09:10.984165: | (#3) spent 0.603 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Aug 26 13:09:10.984167: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:09:10.984169: | scheduling resume sending helper answer for #3 Aug 26 13:09:10.984172: | libevent_malloc: new ptr-libevent@0x7fc8f4002888 size 128 Aug 26 13:09:10.984179: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:10.984185: | processing resume sending helper answer for #3 Aug 26 13:09:10.984192: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.984197: | crypto helper 3 replies to request ID 3 Aug 26 13:09:10.984200: | calling continuation function 0x55560d50cb50 Aug 26 13:09:10.984203: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Aug 26 13:09:10.984207: | adding DHv2 for child sa work-order 4 for state #3 Aug 26 13:09:10.984210: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.984214: | libevent_free: release ptr-libevent@0x7fc8f0000f48 Aug 26 13:09:10.984218: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f2088 Aug 26 13:09:10.984222: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f2088 Aug 26 13:09:10.984226: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:10.984229: | libevent_malloc: new ptr-libevent@0x7fc8f0000f48 size 128 Aug 26 13:09:10.984239: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.984243: | crypto helper 4 resuming Aug 26 13:09:10.984244: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:10.984256: | crypto helper 4 starting work-order 4 for state #3 Aug 26 13:09:10.984261: | suspending state #3 and saving MD Aug 26 13:09:10.984266: | crypto helper 4 doing crypto (DHv2 for child sa); request ID 4 Aug 26 13:09:10.984269: | #3 is busy; has a suspended MD Aug 26 13:09:10.984278: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.984282: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.984286: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:10.984324: | #3 spent 0.0913 milliseconds in resume sending helper answer Aug 26 13:09:10.984330: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.984334: | libevent_free: release ptr-libevent@0x7fc8f4002888 Aug 26 13:09:10.985181: | crypto helper 4 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.000915 seconds Aug 26 13:09:10.985193: | (#3) spent 0.923 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Aug 26 13:09:10.985196: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Aug 26 13:09:10.985198: | scheduling resume sending helper answer for #3 Aug 26 13:09:10.985201: | libevent_malloc: new ptr-libevent@0x7fc8e8001f78 size 128 Aug 26 13:09:10.985207: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:10.985216: | processing resume sending helper answer for #3 Aug 26 13:09:10.985227: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.985232: | crypto helper 4 replies to request ID 4 Aug 26 13:09:10.985235: | calling continuation function 0x55560d50d9d0 Aug 26 13:09:10.985240: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Aug 26 13:09:10.985265: | **emit ISAKMP Message: Aug 26 13:09:10.985269: | initiator cookie: Aug 26 13:09:10.985272: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.985275: | responder cookie: Aug 26 13:09:10.985278: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.985281: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.985285: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.985300: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:10.985307: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.985311: | Message ID: 2 (0x2) Aug 26 13:09:10.985327: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.985330: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.985334: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985337: | flags: none (0x0) Aug 26 13:09:10.985341: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.985344: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985348: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.985377: | netlink_get_spi: allocated 0xb8c6ac13 for esp.0@192.1.2.23 Aug 26 13:09:10.985396: | Emitting ikev2_proposal ... Aug 26 13:09:10.985399: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.985402: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985405: | flags: none (0x0) Aug 26 13:09:10.985409: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.985413: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985416: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.985420: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.985423: | prop #: 1 (0x1) Aug 26 13:09:10.985426: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.985428: | spi size: 4 (0x4) Aug 26 13:09:10.985431: | # transforms: 3 (0x3) Aug 26 13:09:10.985435: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.985439: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.985442: | our spi b8 c6 ac 13 Aug 26 13:09:10.985445: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.985447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.985450: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.985453: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.985456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.985459: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.985462: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.985465: | length/value: 256 (0x100) Aug 26 13:09:10.985470: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.985473: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.985475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.985478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.985481: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.985484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.985487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.985491: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.985493: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.985497: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.985499: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.985502: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.985506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.985509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.985512: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.985515: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:10.985518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.985521: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:09:10.985524: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.985528: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:10.985530: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985533: | flags: none (0x0) Aug 26 13:09:10.985536: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.985539: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985543: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.985546: | IKEv2 nonce 4d d2 70 8a 12 59 a6 55 35 5c 37 1a 3a 89 75 5e Aug 26 13:09:10.985548: | IKEv2 nonce 4c 89 89 58 bb a6 0a 80 ef a2 a6 7f 09 77 1a 19 Aug 26 13:09:10.985551: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.985553: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.985556: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985558: | flags: none (0x0) Aug 26 13:09:10.985561: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.985564: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.985567: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985570: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.985573: | ikev2 g^x 13 ca dd 3f 14 53 b5 11 59 28 b9 32 6d 1f b5 1c Aug 26 13:09:10.985576: | ikev2 g^x c4 a3 68 06 69 5e 8f c3 5e 9d 10 c2 c8 ba b2 76 Aug 26 13:09:10.985578: | ikev2 g^x 44 36 21 4f 76 4c 7f 57 f4 5e 34 49 9a b6 2c 7b Aug 26 13:09:10.985581: | ikev2 g^x f5 23 93 8b 8f 66 d4 95 4a 84 8f 49 16 45 2b a1 Aug 26 13:09:10.985584: | ikev2 g^x 45 a8 3d 1f 31 25 81 7b 82 c7 bb 14 36 0e 1c cc Aug 26 13:09:10.985586: | ikev2 g^x 73 34 79 6c 10 98 ba 0e 16 a3 34 37 0d 45 fe c6 Aug 26 13:09:10.985589: | ikev2 g^x 31 bf 44 cd 8a 39 2c f0 f6 e0 0d 87 f8 b2 1d 97 Aug 26 13:09:10.985591: | ikev2 g^x 7c 90 c9 ea 9c ed 46 1e f1 27 9a e2 c0 16 e3 8e Aug 26 13:09:10.985596: | ikev2 g^x a9 94 1f 49 ff b3 6e ed 52 81 56 6b 2f 28 01 86 Aug 26 13:09:10.985598: | ikev2 g^x c6 52 44 26 77 70 fa 37 92 9d c8 79 b8 f8 19 f6 Aug 26 13:09:10.985601: | ikev2 g^x 40 af 09 33 80 2a d5 ae 69 e1 31 eb 89 dd 94 32 Aug 26 13:09:10.985603: | ikev2 g^x 93 7a e3 84 38 2e 63 80 e3 15 25 76 c4 ad 33 76 Aug 26 13:09:10.985606: | ikev2 g^x af f3 f9 5e 5b 2e f7 44 4c da 1f e9 f4 0c fc 84 Aug 26 13:09:10.985609: | ikev2 g^x 38 9e 0e 11 6c c4 b7 34 57 48 2a 2f 3b 34 74 25 Aug 26 13:09:10.985611: | ikev2 g^x 88 46 f6 9c e9 92 53 c1 f7 27 e9 91 65 82 60 44 Aug 26 13:09:10.985614: | ikev2 g^x d4 13 17 ae 8f e6 ad 77 16 d8 85 45 c8 33 a5 56 Aug 26 13:09:10.985617: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.985620: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.985622: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985625: | flags: none (0x0) Aug 26 13:09:10.985627: | number of TS: 1 (0x1) Aug 26 13:09:10.985629: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.985631: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985633: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.985635: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.985636: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.985638: | start port: 0 (0x0) Aug 26 13:09:10.985640: | end port: 65535 (0xffff) Aug 26 13:09:10.985642: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.985643: | ipv4 start c0 00 03 00 Aug 26 13:09:10.985645: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.985647: | ipv4 end c0 00 03 ff Aug 26 13:09:10.985648: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.985650: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.985652: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.985653: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.985655: | flags: none (0x0) Aug 26 13:09:10.985657: | number of TS: 1 (0x1) Aug 26 13:09:10.985659: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.985661: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.985662: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.985664: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.985665: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.985667: | start port: 0 (0x0) Aug 26 13:09:10.985668: | end port: 65535 (0xffff) Aug 26 13:09:10.985670: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.985672: | ipv4 start c0 00 16 00 Aug 26 13:09:10.985673: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.985675: | ipv4 end c0 00 16 ff Aug 26 13:09:10.985676: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.985678: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.985680: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.985683: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.985816: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:09:10.985820: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:10.985822: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.985824: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.985826: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.985828: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.985831: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.985834: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 13:09:10.985837: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.985840: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.985842: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.985844: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.985846: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.985848: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:10.985850: | netlink: enabling tunnel mode Aug 26 13:09:10.985853: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.985855: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.985932: | netlink response for Add SA esp.c891c148@192.1.3.33 included non-error error Aug 26 13:09:10.985937: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.985941: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.985944: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.985946: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.985949: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.985953: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.985956: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:10.985959: | netlink: enabling tunnel mode Aug 26 13:09:10.985962: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.985964: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.985997: | netlink response for Add SA esp.b8c6ac13@192.1.2.23 included non-error error Aug 26 13:09:10.986002: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:10.986007: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:10.986010: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.986031: | raw_eroute result=success Aug 26 13:09:10.986035: | set up incoming SA, ref=0/0 Aug 26 13:09:10.986036: | sr for #3: unrouted Aug 26 13:09:10.986039: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.986040: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.986042: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.986044: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.986046: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.986048: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.986051: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 13:09:10.986053: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55560f4e3578} and state: #3 Aug 26 13:09:10.986056: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:10.986063: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:10.986066: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.986077: | raw_eroute result=success Aug 26 13:09:10.986081: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.986083: | command executing up-client Aug 26 13:09:10.986103: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.986106: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.986119: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:09:10.986123: | popen cmd is 1405 chars long Aug 26 13:09:10.986125: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.986127: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:09:10.986128: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:09:10.986130: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:09:10.986132: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:10.986133: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 13:09:10.986135: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:10.986137: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:09:10.986138: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:09:10.986140: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:10.986142: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:10.986143: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:10.986145: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Aug 26 13:09:10.986147: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 13:09:10.986148: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 13:09:10.986150: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 13:09:10.986152: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc: Aug 26 13:09:10.986153: | cmd(1360):891c148 SPI_OUT=0xb8c6ac13 ipsec _updown 2>&1: Aug 26 13:09:10.996676: | route_and_eroute: firewall_notified: true Aug 26 13:09:10.996705: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55560f4f1518,sr=0x55560f4f1518} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:10.996764: | #1 spent 0.743 milliseconds in install_ipsec_sa() Aug 26 13:09:10.996769: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:09:10.996772: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.996774: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.996778: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.996780: | emitting length of IKEv2 Encryption Payload: 421 Aug 26 13:09:10.996782: | emitting length of ISAKMP Message: 449 Aug 26 13:09:10.996819: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:10.996837: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.996843: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Aug 26 13:09:10.996847: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Aug 26 13:09:10.996852: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:10.996855: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:09:10.996862: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:10.996867: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.996870: | pstats #3 ikev2.child established Aug 26 13:09:10.996878: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:10.996883: | NAT-T: encaps is 'auto' Aug 26 13:09:10.996889: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xc891c148 <0xb8c6ac13 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:09:10.996895: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:10.996904: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.996908: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.996910: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:09:10.996913: | be 88 9c 0d fe 05 44 2f d4 a1 a8 78 c2 07 8f bb Aug 26 13:09:10.996915: | db 70 68 c4 de e9 d3 ec 0d f2 7b d4 04 a6 1f f0 Aug 26 13:09:10.996918: | df 54 c0 af 0e 2b 49 c9 2c b7 6c 11 f1 72 aa a8 Aug 26 13:09:10.996920: | 02 24 5e 35 02 ff 45 f9 81 a3 e3 79 f5 0c 6e 41 Aug 26 13:09:10.996923: | 1e ba cd b3 34 ce 19 30 1c 21 45 46 5c 05 b7 c0 Aug 26 13:09:10.996925: | 25 2c 6c 3b 37 03 de ea f9 d1 85 4d 88 f1 01 b6 Aug 26 13:09:10.996928: | cd 89 df 16 95 49 5e 43 af 8e fc c9 24 62 e4 21 Aug 26 13:09:10.996930: | 1f e5 08 b7 6f 61 ba 83 39 7c e1 8c 75 53 07 e2 Aug 26 13:09:10.996933: | 5c 00 02 44 f3 f5 fd f2 5c fd 69 d5 13 d7 85 30 Aug 26 13:09:10.996935: | 8a 6d 61 92 d6 26 b9 0f d6 55 66 7a 83 4f a0 e0 Aug 26 13:09:10.996938: | 04 86 19 5c 8b ca 01 f3 62 9b 72 00 8e 45 18 3a Aug 26 13:09:10.996940: | 1b ec 94 21 71 64 ef 26 cb ff 22 83 4e 68 92 b5 Aug 26 13:09:10.996943: | 8e 99 9c 49 a4 5b 97 73 e0 7f ec 67 6d b9 dc 68 Aug 26 13:09:10.996945: | 62 c3 51 64 89 db c7 a1 2d f1 75 91 3b 24 5f ec Aug 26 13:09:10.996948: | 29 8a d2 0b ad 34 a4 e4 59 b1 fb f0 a6 f2 ea 01 Aug 26 13:09:10.996950: | 19 43 e3 b4 57 be 5d 00 0a 41 25 11 48 c1 90 6d Aug 26 13:09:10.996953: | d3 14 25 9f 97 3c 53 4d e5 39 f3 5e a2 e9 da 91 Aug 26 13:09:10.996956: | 4c f8 fc ea 3c 37 4f 3a f5 ed 07 88 11 db 3d a8 Aug 26 13:09:10.996959: | 16 eb 87 06 68 40 35 72 bb 1c 87 0e 8b 06 61 46 Aug 26 13:09:10.996961: | 9c 38 e3 f4 fe 04 ef af ff 88 0e 11 4b ee 59 82 Aug 26 13:09:10.996964: | 20 01 58 bf 01 6d 6a 45 1f 62 73 22 43 38 68 71 Aug 26 13:09:10.996967: | 67 9f 50 97 57 59 7f b4 ee 4f fb 58 84 73 dc 03 Aug 26 13:09:10.996970: | 7e 53 fe 83 2e b6 b4 61 31 e2 b1 63 49 30 97 79 Aug 26 13:09:10.996972: | 68 6b 0c 0f 02 61 31 89 8f 9d c2 b6 5e 40 c6 f7 Aug 26 13:09:10.996975: | c5 6e 6c 25 61 bd 0b 14 f3 92 6a bd 10 11 92 d1 Aug 26 13:09:10.996977: | 25 0b 48 bf 32 9d f3 2c f7 2e 0b 1d 76 bf 16 e6 Aug 26 13:09:10.996980: | c4 Aug 26 13:09:10.997024: | releasing whack for #3 (sock=fd@-1) Aug 26 13:09:10.997028: | releasing whack and unpending for parent #1 Aug 26 13:09:10.997032: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 13:09:10.997036: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:10.997038: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.997046: | libevent_free: release ptr-libevent@0x7fc8f0000f48 Aug 26 13:09:10.997051: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55560f4f2088 Aug 26 13:09:10.997053: | event_schedule: new EVENT_SA_REKEY-pe@0x55560f4f2088 Aug 26 13:09:10.997055: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Aug 26 13:09:10.997057: | libevent_malloc: new ptr-libevent@0x55560f50e7c8 size 128 Aug 26 13:09:10.997065: | #3 spent 1.6 milliseconds in resume sending helper answer Aug 26 13:09:10.997069: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.997072: | libevent_free: release ptr-libevent@0x7fc8e8001f78 Aug 26 13:09:10.997083: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.997087: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.997090: | spent 0.0038 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:13.513144: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:13.513347: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:13.513358: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:13.513510: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:13.513516: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:13.513525: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:13.513544: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:13.513565: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:13.513576: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:13.513598: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:13.513605: | spent 0.466 milliseconds in whack Aug 26 13:09:14.497000: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:14.497023: shutting down Aug 26 13:09:14.497033: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:09:14.497036: destroying root certificate cache Aug 26 13:09:14.497067: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:14.497071: forgetting secrets Aug 26 13:09:14.497086: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:14.497096: | unreference key: 0x55560f4f0c58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.497101: | unreference key: 0x55560f4f0538 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.497105: | unreference key: 0x55560f4f02d8 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:14.497109: | unreference key: 0x55560f4efdc8 east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.497115: | unreference key: 0x55560f4ee948 192.1.2.23 cnt 1-- Aug 26 13:09:14.497123: | unreference key: 0x55560f4eaba8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.497128: | unreference key: 0x55560f4ea438 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.497132: | unreference key: 0x55560f3d0c48 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:14.497138: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:09:14.497141: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:14.497144: | pass 0 Aug 26 13:09:14.497147: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.497150: | state #3 Aug 26 13:09:14.497154: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.497160: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.497165: | pstats #3 ikev2.child deleted completed Aug 26 13:09:14.497170: | #3 spent 3.88 milliseconds in total Aug 26 13:09:14.497175: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.497180: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 3.514s and sending notification Aug 26 13:09:14.497183: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:09:14.497189: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:14.497206: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:14.497215: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Aug 26 13:09:14.497219: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:09:14.497223: | Opening output PBS informational exchange delete request Aug 26 13:09:14.497227: | **emit ISAKMP Message: Aug 26 13:09:14.497230: | initiator cookie: Aug 26 13:09:14.497233: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.497236: | responder cookie: Aug 26 13:09:14.497238: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497241: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.497244: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.497247: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.497250: | flags: none (0x0) Aug 26 13:09:14.497253: | Message ID: 0 (0x0) Aug 26 13:09:14.497256: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.497260: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.497263: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.497266: | flags: none (0x0) Aug 26 13:09:14.497270: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.497273: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.497277: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.497324: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.497330: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.497333: | flags: none (0x0) Aug 26 13:09:14.497336: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.497339: | SPI size: 4 (0x4) Aug 26 13:09:14.497342: | number of SPIs: 1 (0x1) Aug 26 13:09:14.497345: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.497348: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.497352: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:09:14.497355: | local spis b8 c6 ac 13 Aug 26 13:09:14.497357: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.497361: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.497364: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.497367: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.497370: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.497373: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.497402: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:09:14.497406: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497409: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.497412: | f9 bb fb 5f 00 e5 de 13 aa 1a 72 e4 50 c3 72 e3 Aug 26 13:09:14.497414: | 89 d7 31 66 9a 61 65 f2 fe 7d 5a e4 44 98 b6 ab Aug 26 13:09:14.497417: | ab dc db ac ba Aug 26 13:09:14.497469: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:09:14.497475: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 13:09:14.497481: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:14.497484: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.497489: | libevent_free: release ptr-libevent@0x55560f50e7c8 Aug 26 13:09:14.497493: | free_event_entry: release EVENT_SA_REKEY-pe@0x55560f4f2088 Aug 26 13:09:14.497698: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.497708: | command executing down-client Aug 26 13:09:14.497749: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 13:09:14.497754: | popen cmd is 1298 chars long Aug 26 13:09:14.497758: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.497761: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:09:14.497764: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:09:14.497767: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:14.497770: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.497773: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 13:09:14.497776: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.497778: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 13:09:14.497781: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 13:09:14.497784: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:09:14.497787: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN: Aug 26 13:09:14.497790: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 13:09:14.497793: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 13:09:14.497796: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 13:09:14.497799: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 13:09:14.497801: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xc891c148 SPI_OUT=0xb8c6ac13 : Aug 26 13:09:14.497804: | cmd(1280):ipsec _updown 2>&1: Aug 26 13:09:14.512551: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.512567: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.512572: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.512580: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.512615: | delete esp.c891c148@192.1.3.33 Aug 26 13:09:14.512631: | netlink response for Del SA esp.c891c148@192.1.3.33 included non-error error Aug 26 13:09:14.512636: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.512642: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:14.512700: | raw_eroute result=success Aug 26 13:09:14.512707: | delete esp.b8c6ac13@192.1.2.23 Aug 26 13:09:14.512727: | netlink response for Del SA esp.b8c6ac13@192.1.2.23 included non-error error Aug 26 13:09:14.512742: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:09:14.512748: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:09:14.512751: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.512754: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Aug 26 13:09:14.512763: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:09:14.512804: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.512827: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.512830: | state #2 Aug 26 13:09:14.512838: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.512842: | pstats #2 ikev2.child deleted completed Aug 26 13:09:14.512849: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.512853: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 3.610s and sending notification Aug 26 13:09:14.512858: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:09:14.512863: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:14.512873: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:14.512882: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:09:14.512888: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:09:14.512891: | Opening output PBS informational exchange delete request Aug 26 13:09:14.512895: | **emit ISAKMP Message: Aug 26 13:09:14.512899: | initiator cookie: Aug 26 13:09:14.512902: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.512905: | responder cookie: Aug 26 13:09:14.512907: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.512911: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.512914: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.512918: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.512922: | flags: none (0x0) Aug 26 13:09:14.512925: | Message ID: 1 (0x1) Aug 26 13:09:14.512929: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.512933: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.512937: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.512940: | flags: none (0x0) Aug 26 13:09:14.512945: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.512949: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.512954: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.512969: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.512973: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.512976: | flags: none (0x0) Aug 26 13:09:14.512979: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.512982: | SPI size: 4 (0x4) Aug 26 13:09:14.512985: | number of SPIs: 1 (0x1) Aug 26 13:09:14.512990: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.512996: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.513001: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:09:14.513004: | local spis 7e 40 a7 ce Aug 26 13:09:14.513007: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.513011: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.513016: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.513020: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.513023: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.513026: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.513050: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:14.513055: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.513058: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.513062: | 45 58 28 1c fc 64 c4 74 c7 0d 9a cc f5 ea 37 4c Aug 26 13:09:14.513065: | cf de 7e ed ad fd 2b e6 7c a2 f3 08 e1 14 b6 3c Aug 26 13:09:14.513068: | eb bf 38 9a 1e Aug 26 13:09:14.513118: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:09:14.513123: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:09:14.513130: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Aug 26 13:09:14.513137: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Aug 26 13:09:14.513141: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.513149: | libevent_free: release ptr-libevent@0x55560f5021e8 Aug 26 13:09:14.513154: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc8f8002b78 Aug 26 13:09:14.513214: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.513220: | command executing down-client Aug 26 13:09:14.513263: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 13:09:14.513268: | popen cmd is 1296 chars long Aug 26 13:09:14.513274: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.513280: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:09:14.513283: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:09:14.513286: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:14.513296: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:14.513302: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 13:09:14.513304: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:14.513307: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:09:14.513310: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:09:14.513313: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:14.513316: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN_P: Aug 26 13:09:14.513318: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 13:09:14.513321: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 13:09:14.513324: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 13:09:14.513327: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 13:09:14.513329: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xac7974ac SPI_OUT=0x7e40a7ce ip: Aug 26 13:09:14.513332: | cmd(1280):sec _updown 2>&1: Aug 26 13:09:14.526831: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.526848: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.526853: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.526857: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.526896: | delete esp.ac7974ac@192.1.3.33 Aug 26 13:09:14.526914: | netlink response for Del SA esp.ac7974ac@192.1.3.33 included non-error error Aug 26 13:09:14.526918: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.526925: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:14.526945: | raw_eroute result=success Aug 26 13:09:14.526949: | delete esp.7e40a7ce@192.1.2.23 Aug 26 13:09:14.526959: | netlink response for Del SA esp.7e40a7ce@192.1.2.23 included non-error error Aug 26 13:09:14.526970: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.526973: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:09:14.526982: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:09:14.526992: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.527008: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.527011: | state #1 Aug 26 13:09:14.527013: | pass 1 Aug 26 13:09:14.527016: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.527018: | state #1 Aug 26 13:09:14.527024: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.527027: | pstats #1 ikev2.ike deleted completed Aug 26 13:09:14.527034: | #1 spent 22.4 milliseconds in total Aug 26 13:09:14.527039: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.527043: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 3.657s and sending notification Aug 26 13:09:14.527046: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:09:14.527091: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:09:14.527096: | Opening output PBS informational exchange delete request Aug 26 13:09:14.527099: | **emit ISAKMP Message: Aug 26 13:09:14.527102: | initiator cookie: Aug 26 13:09:14.527105: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.527107: | responder cookie: Aug 26 13:09:14.527110: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.527116: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.527119: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.527122: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.527126: | flags: none (0x0) Aug 26 13:09:14.527129: | Message ID: 2 (0x2) Aug 26 13:09:14.527132: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.527136: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.527139: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.527141: | flags: none (0x0) Aug 26 13:09:14.527145: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.527148: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.527151: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.527167: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.527170: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.527172: | flags: none (0x0) Aug 26 13:09:14.527175: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:09:14.527178: | SPI size: 0 (0x0) Aug 26 13:09:14.527180: | number of SPIs: 0 (0x0) Aug 26 13:09:14.527184: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.527187: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.527190: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:09:14.527193: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.527196: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.527200: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.527202: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:09:14.527205: | emitting length of ISAKMP Message: 65 Aug 26 13:09:14.527233: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:14.527237: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.527239: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 13:09:14.527242: | 50 82 b2 e1 0f 53 77 ae 34 61 73 d0 32 71 ad ba Aug 26 13:09:14.527245: | d2 e8 d6 4a d4 87 15 f1 ea 8f 72 4c dc 45 05 03 Aug 26 13:09:14.527247: | f8 Aug 26 13:09:14.527303: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 13:09:14.527310: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:09:14.527315: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Aug 26 13:09:14.527320: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Aug 26 13:09:14.527323: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.527331: | libevent_free: release ptr-libevent@0x55560f50efd8 Aug 26 13:09:14.527335: | free_event_entry: release EVENT_SA_REKEY-pe@0x55560f4f3368 Aug 26 13:09:14.527338: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:14.527341: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.527344: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:09:14.527348: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:09:14.527358: | unreference key: 0x55560f500bb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 13:09:14.527391: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.527404: | unreference key: 0x55560f500bb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.527410: | unreference key: 0x55560f500d58 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.527415: | unreference key: 0x55560f50b898 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:14.527442: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.527446: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:14.527449: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.527452: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.527470: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.527480: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:14.527483: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.527486: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:14.527489: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.527492: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:14.527496: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 13:09:14.527501: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 13:09:14.527504: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:09:14.527519: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:09:14.527523: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:14.527525: | pass 0 Aug 26 13:09:14.527528: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.527530: | pass 1 Aug 26 13:09:14.527532: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.527536: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:14.527538: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.527541: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.527554: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.527563: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:14.527567: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.527569: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:14.527573: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:09:14.527576: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:14.527579: | command executing unroute-client Aug 26 13:09:14.527614: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 13:09:14.527620: | popen cmd is 1277 chars long Aug 26 13:09:14.527623: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:14.527626: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:09:14.527628: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:14.527631: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:14.527634: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:14.527637: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:14.527640: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 13:09:14.527642: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 13:09:14.527645: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 13:09:14.527648: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:09:14.527651: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 13:09:14.527653: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:09:14.527656: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:09:14.527659: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:09:14.527662: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:09:14.527664: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:14.545712: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545731: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545734: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545738: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545766: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545801: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545834: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545862: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545894: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545923: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545951: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.545982: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546010: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546038: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546066: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546329: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546364: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546397: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546422: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546434: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546445: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546458: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546470: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546482: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546494: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546506: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546520: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546532: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546544: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546557: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546569: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546595: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546619: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546627: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546639: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546652: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546664: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.546677: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.553709: | free hp@0x55560f4f12e8 Aug 26 13:09:14.553724: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 13:09:14.553730: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 13:09:14.553769: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:09:14.553772: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:09:14.553786: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:09:14.553790: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:09:14.553794: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:09:14.553797: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:09:14.553801: shutting down interface eth0/eth0 192.0.22.254:4500 Aug 26 13:09:14.553804: shutting down interface eth0/eth0 192.0.22.254:500 Aug 26 13:09:14.553807: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:09:14.553810: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:09:14.553814: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:09:14.553828: | libevent_free: release ptr-libevent@0x55560f4d6998 Aug 26 13:09:14.553831: | free_event_entry: release EVENT_NULL-pe@0x55560f4e27c8 Aug 26 13:09:14.553842: | libevent_free: release ptr-libevent@0x55560f47d178 Aug 26 13:09:14.553846: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2878 Aug 26 13:09:14.553852: | libevent_free: release ptr-libevent@0x55560f47d228 Aug 26 13:09:14.553855: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2928 Aug 26 13:09:14.553861: | libevent_free: release ptr-libevent@0x55560f47c1e8 Aug 26 13:09:14.553864: | free_event_entry: release EVENT_NULL-pe@0x55560f4e29d8 Aug 26 13:09:14.553870: | libevent_free: release ptr-libevent@0x55560f4844f8 Aug 26 13:09:14.553873: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2a88 Aug 26 13:09:14.553882: | libevent_free: release ptr-libevent@0x55560f485018 Aug 26 13:09:14.553886: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2b38 Aug 26 13:09:14.553892: | libevent_free: release ptr-libevent@0x55560f4e3198 Aug 26 13:09:14.553896: | free_event_entry: release EVENT_NULL-pe@0x55560f4e2be8 Aug 26 13:09:14.553902: | libevent_free: release ptr-libevent@0x55560f4e32f8 Aug 26 13:09:14.553905: | free_event_entry: release EVENT_NULL-pe@0x55560f4e3288 Aug 26 13:09:14.553912: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:14.554265: | libevent_free: release ptr-libevent@0x55560f4d6a48 Aug 26 13:09:14.554272: | free_event_entry: release EVENT_NULL-pe@0x55560f4cabe8 Aug 26 13:09:14.554278: | libevent_free: release ptr-libevent@0x55560f4c36c8 Aug 26 13:09:14.554281: | free_event_entry: release EVENT_NULL-pe@0x55560f4ca748 Aug 26 13:09:14.554284: | libevent_free: release ptr-libevent@0x55560f4c3618 Aug 26 13:09:14.554287: | free_event_entry: release EVENT_NULL-pe@0x55560f4846b8 Aug 26 13:09:14.554298: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:09:14.554301: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:09:14.554304: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:09:14.554306: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:09:14.554309: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:09:14.554312: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:09:14.554314: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:09:14.554317: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:09:14.554332: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:09:14.554336: | libevent_free: release ptr-libevent@0x55560f488c88 Aug 26 13:09:14.554340: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:09:14.554343: | libevent_free: release ptr-libevent@0x55560f3ff308 Aug 26 13:09:14.554347: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:09:14.554350: | libevent_free: release ptr-libevent@0x55560f409508 Aug 26 13:09:14.554353: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:09:14.554356: | libevent_free: release ptr-libevent@0x55560f4013b8 Aug 26 13:09:14.554358: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:09:14.554361: | releasing event base Aug 26 13:09:14.554373: | libevent_free: release ptr-libevent@0x55560f4e20a8 Aug 26 13:09:14.554376: | libevent_free: release ptr-libevent@0x55560f4c5008 Aug 26 13:09:14.554380: | libevent_free: release ptr-libevent@0x55560f4c4fb8 Aug 26 13:09:14.554383: | libevent_free: release ptr-libevent@0x55560f4e5f38 Aug 26 13:09:14.554386: | libevent_free: release ptr-libevent@0x55560f4c4f78 Aug 26 13:09:14.554389: | libevent_free: release ptr-libevent@0x55560f4e1d38 Aug 26 13:09:14.554392: | libevent_free: release ptr-libevent@0x55560f4e1fa8 Aug 26 13:09:14.554394: | libevent_free: release ptr-libevent@0x55560f4c51b8 Aug 26 13:09:14.554397: | libevent_free: release ptr-libevent@0x55560f4ca7b8 Aug 26 13:09:14.554399: | libevent_free: release ptr-libevent@0x55560f4ca418 Aug 26 13:09:14.554402: | libevent_free: release ptr-libevent@0x55560f4e33a8 Aug 26 13:09:14.554405: | libevent_free: release ptr-libevent@0x55560f4e3248 Aug 26 13:09:14.554407: | libevent_free: release ptr-libevent@0x55560f4e2ba8 Aug 26 13:09:14.554410: | libevent_free: release ptr-libevent@0x55560f4e2af8 Aug 26 13:09:14.554427: | libevent_free: release ptr-libevent@0x55560f4e2a48 Aug 26 13:09:14.554430: | libevent_free: release ptr-libevent@0x55560f4e2998 Aug 26 13:09:14.554432: | libevent_free: release ptr-libevent@0x55560f4e28e8 Aug 26 13:09:14.554435: | libevent_free: release ptr-libevent@0x55560f4e2838 Aug 26 13:09:14.554438: | libevent_free: release ptr-libevent@0x55560f3fda38 Aug 26 13:09:14.554441: | libevent_free: release ptr-libevent@0x55560f4e2028 Aug 26 13:09:14.554443: | libevent_free: release ptr-libevent@0x55560f4e1fe8 Aug 26 13:09:14.554446: | libevent_free: release ptr-libevent@0x55560f4e1ea8 Aug 26 13:09:14.554451: | libevent_free: release ptr-libevent@0x55560f4e2068 Aug 26 13:09:14.554453: | libevent_free: release ptr-libevent@0x55560f4e1d78 Aug 26 13:09:14.554456: | libevent_free: release ptr-libevent@0x55560f48a818 Aug 26 13:09:14.554459: | libevent_free: release ptr-libevent@0x55560f48a798 Aug 26 13:09:14.554462: | libevent_free: release ptr-libevent@0x55560f3fdda8 Aug 26 13:09:14.554464: | releasing global libevent data Aug 26 13:09:14.554468: | libevent_free: release ptr-libevent@0x55560f48a998 Aug 26 13:09:14.554471: | libevent_free: release ptr-libevent@0x55560f48a918 Aug 26 13:09:14.554474: | libevent_free: release ptr-libevent@0x55560f48a898 Aug 26 13:09:14.554517: leak detective found no leaks