Aug 26 13:09:10.531603: FIPS Product: YES Aug 26 13:09:10.531717: FIPS Kernel: NO Aug 26 13:09:10.531721: FIPS Mode: NO Aug 26 13:09:10.531723: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:10.531882: Initializing NSS Aug 26 13:09:10.531891: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:10.564693: NSS initialized Aug 26 13:09:10.564708: NSS crypto library initialized Aug 26 13:09:10.564710: FIPS HMAC integrity support [enabled] Aug 26 13:09:10.564712: FIPS mode disabled for pluto daemon Aug 26 13:09:10.592630: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:10.593113: libcap-ng support [enabled] Aug 26 13:09:10.593125: Linux audit support [enabled] Aug 26 13:09:10.593436: Linux audit activated Aug 26 13:09:10.593448: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:4533 Aug 26 13:09:10.593452: core dump dir: /tmp Aug 26 13:09:10.593454: secrets file: /etc/ipsec.secrets Aug 26 13:09:10.593457: leak-detective enabled Aug 26 13:09:10.593459: NSS crypto [enabled] Aug 26 13:09:10.593461: XAUTH PAM support [enabled] Aug 26 13:09:10.593537: | libevent is using pluto's memory allocator Aug 26 13:09:10.593544: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:10.593560: | libevent_malloc: new ptr-libevent@0x555ab9c986e8 size 40 Aug 26 13:09:10.593566: | libevent_malloc: new ptr-libevent@0x555ab9c98668 size 40 Aug 26 13:09:10.593570: | libevent_malloc: new ptr-libevent@0x555ab9c985e8 size 40 Aug 26 13:09:10.593572: | creating event base Aug 26 13:09:10.593577: | libevent_malloc: new ptr-libevent@0x555ab9c8a218 size 56 Aug 26 13:09:10.593582: | libevent_malloc: new ptr-libevent@0x555ab9c0bd78 size 664 Aug 26 13:09:10.593594: | libevent_malloc: new ptr-libevent@0x555ab9cd2d08 size 24 Aug 26 13:09:10.593597: | libevent_malloc: new ptr-libevent@0x555ab9cd2d58 size 384 Aug 26 13:09:10.593607: | libevent_malloc: new ptr-libevent@0x555ab9cd2cc8 size 16 Aug 26 13:09:10.593611: | libevent_malloc: new ptr-libevent@0x555ab9c98568 size 40 Aug 26 13:09:10.593614: | libevent_malloc: new ptr-libevent@0x555ab9c984e8 size 48 Aug 26 13:09:10.593619: | libevent_realloc: new ptr-libevent@0x555ab9c0ba08 size 256 Aug 26 13:09:10.593622: | libevent_malloc: new ptr-libevent@0x555ab9cd2f08 size 16 Aug 26 13:09:10.593628: | libevent_free: release ptr-libevent@0x555ab9c8a218 Aug 26 13:09:10.593632: | libevent initialized Aug 26 13:09:10.593636: | libevent_realloc: new ptr-libevent@0x555ab9c8a218 size 64 Aug 26 13:09:10.593640: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:10.593658: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:10.593661: NAT-Traversal support [enabled] Aug 26 13:09:10.593664: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:10.593671: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:10.593675: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:10.593711: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:10.593715: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:10.593718: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:10.593769: Encryption algorithms: Aug 26 13:09:10.593778: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:10.593783: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:10.593787: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:10.593791: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:10.593795: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:10.593804: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:10.593809: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:10.593813: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:10.593817: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:10.593821: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:10.593825: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:10.593829: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:10.593833: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:10.593837: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:10.593841: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:10.593844: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:10.593848: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:10.593855: Hash algorithms: Aug 26 13:09:10.593859: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:10.593862: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:10.593865: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:10.593869: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:10.593872: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:10.593885: PRF algorithms: Aug 26 13:09:10.593888: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:10.593892: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:10.593895: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:10.593899: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:10.593902: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:10.593906: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:10.593933: Integrity algorithms: Aug 26 13:09:10.593937: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:10.593941: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:10.593945: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:10.593950: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:10.593954: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:10.593957: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:10.593961: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:10.593964: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:10.593968: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:10.593981: DH algorithms: Aug 26 13:09:10.593985: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:10.593988: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:10.593991: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:10.593997: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:10.594001: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:10.594004: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:10.594007: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:10.594011: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:10.594014: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:10.594017: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:10.594021: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:10.594023: testing CAMELLIA_CBC: Aug 26 13:09:10.594027: Camellia: 16 bytes with 128-bit key Aug 26 13:09:10.594146: Camellia: 16 bytes with 128-bit key Aug 26 13:09:10.594180: Camellia: 16 bytes with 256-bit key Aug 26 13:09:10.594213: Camellia: 16 bytes with 256-bit key Aug 26 13:09:10.594242: testing AES_GCM_16: Aug 26 13:09:10.594246: empty string Aug 26 13:09:10.594276: one block Aug 26 13:09:10.594308: two blocks Aug 26 13:09:10.594340: two blocks with associated data Aug 26 13:09:10.594367: testing AES_CTR: Aug 26 13:09:10.594371: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:10.594398: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:10.594427: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:10.594455: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:10.594482: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:10.594511: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:10.594553: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:10.594581: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:10.594611: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:10.594642: testing AES_CBC: Aug 26 13:09:10.594647: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:10.594677: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.594723: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.594753: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.594790: testing AES_XCBC: Aug 26 13:09:10.594794: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:10.594926: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:10.595057: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:10.595210: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:10.595364: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:10.595505: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:10.595641: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:10.595869: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:10.595960: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:10.596106: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:10.596368: testing HMAC_MD5: Aug 26 13:09:10.596377: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:10.596556: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:10.596725: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:10.596982: 8 CPU cores online Aug 26 13:09:10.596988: starting up 7 crypto helpers Aug 26 13:09:10.597025: started thread for crypto helper 0 Aug 26 13:09:10.597031: | starting up helper thread 0 Aug 26 13:09:10.597051: started thread for crypto helper 1 Aug 26 13:09:10.597054: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:10.597055: | starting up helper thread 1 Aug 26 13:09:10.597058: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.597090: | starting up helper thread 2 Aug 26 13:09:10.597097: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:10.597082: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:10.597085: started thread for crypto helper 2 Aug 26 13:09:10.597108: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:10.597136: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:10.597138: started thread for crypto helper 3 Aug 26 13:09:10.597142: | starting up helper thread 3 Aug 26 13:09:10.597157: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:10.597160: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:10.597180: started thread for crypto helper 4 Aug 26 13:09:10.597181: | starting up helper thread 4 Aug 26 13:09:10.597189: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:10.597192: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:10.597201: started thread for crypto helper 5 Aug 26 13:09:10.597203: | starting up helper thread 5 Aug 26 13:09:10.597210: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:10.597212: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:10.597220: started thread for crypto helper 6 Aug 26 13:09:10.597222: | starting up helper thread 6 Aug 26 13:09:10.597224: | checking IKEv1 state table Aug 26 13:09:10.597230: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:10.597238: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:10.597240: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597244: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:10.597246: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597249: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:10.597252: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:10.597254: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:10.597257: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.597260: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.597263: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:10.597265: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:10.597268: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.597270: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.597273: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:10.597275: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.597278: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.597280: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:10.597283: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:10.597286: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.597305: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.597311: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:10.597315: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:10.597317: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597320: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:10.597323: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597326: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597328: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:10.597331: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597334: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:10.597336: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:10.597339: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:10.597342: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:10.597344: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:10.597347: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:10.597349: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597352: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.597355: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597358: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:10.597360: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:10.597367: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:10.597369: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:10.597372: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:10.597375: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:10.597378: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:10.597380: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597383: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:10.597386: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597389: | INFO: category: informational flags: 0: Aug 26 13:09:10.597391: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597394: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:10.597397: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597400: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:10.597403: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:10.597405: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:10.597408: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.597411: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:10.597414: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:10.597417: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:10.597419: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:10.597422: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.597425: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.597427: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:10.597430: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.597433: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.597435: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:10.597438: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:10.597441: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:10.597448: | checking IKEv2 state table Aug 26 13:09:10.597454: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:10.597457: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:10.597460: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597464: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:10.597467: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:10.597470: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:10.597473: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:10.597476: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:10.597478: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:10.597481: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:10.597484: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:10.597487: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:10.597490: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:10.597492: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:10.597495: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:10.597498: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:10.597501: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597504: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:10.597507: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.597510: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:10.597513: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:10.597516: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.597519: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:10.597524: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:10.597527: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:10.597530: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:10.597533: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.597536: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:10.597539: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:10.597542: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:10.597545: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.597547: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:10.597551: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:10.597554: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:10.597557: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.597560: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:10.597563: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:10.597566: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:10.597569: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:10.597572: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:10.597575: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:10.597578: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:10.597582: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:10.597585: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:10.597588: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:10.597591: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:10.597594: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:10.597608: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:10.598371: | Hard-wiring algorithms Aug 26 13:09:10.598381: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:10.598386: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:10.598389: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:10.598392: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:10.598395: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:10.598397: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:10.598400: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:10.598403: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:10.598405: | adding AES_CTR to kernel algorithm db Aug 26 13:09:10.598408: | adding AES_CBC to kernel algorithm db Aug 26 13:09:10.598410: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:10.598413: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:10.598416: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:10.598418: | adding NULL to kernel algorithm db Aug 26 13:09:10.598421: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:10.598424: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:10.598427: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:10.598429: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:10.598432: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:10.598434: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:10.598437: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:10.598439: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:10.598442: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:10.598444: | adding NONE to kernel algorithm db Aug 26 13:09:10.598471: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:10.598478: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:10.598481: | setup kernel fd callback Aug 26 13:09:10.598485: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555ab9c92408 Aug 26 13:09:10.598489: | libevent_malloc: new ptr-libevent@0x555ab9cd1368 size 128 Aug 26 13:09:10.598492: | libevent_malloc: new ptr-libevent@0x555ab9cd8508 size 16 Aug 26 13:09:10.598499: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555ab9cd8498 Aug 26 13:09:10.598502: | libevent_malloc: new ptr-libevent@0x555ab9cd1418 size 128 Aug 26 13:09:10.598505: | libevent_malloc: new ptr-libevent@0x555ab9cd8168 size 16 Aug 26 13:09:10.598746: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:10.598753: selinux support is enabled. Aug 26 13:09:10.599409: | unbound context created - setting debug level to 5 Aug 26 13:09:10.599440: | /etc/hosts lookups activated Aug 26 13:09:10.599454: | /etc/resolv.conf usage activated Aug 26 13:09:10.599518: | outgoing-port-avoid set 0-65535 Aug 26 13:09:10.599548: | outgoing-port-permit set 32768-60999 Aug 26 13:09:10.599551: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:10.599555: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:10.599558: | Setting up events, loop start Aug 26 13:09:10.599561: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555ab9cd8938 Aug 26 13:09:10.599565: | libevent_malloc: new ptr-libevent@0x555ab9ce4798 size 128 Aug 26 13:09:10.599568: | libevent_malloc: new ptr-libevent@0x555ab9cefa88 size 16 Aug 26 13:09:10.599574: | libevent_realloc: new ptr-libevent@0x555ab9cefac8 size 256 Aug 26 13:09:10.599578: | libevent_malloc: new ptr-libevent@0x555ab9cefbf8 size 8 Aug 26 13:09:10.599581: | libevent_realloc: new ptr-libevent@0x555ab9cefc38 size 144 Aug 26 13:09:10.599584: | libevent_malloc: new ptr-libevent@0x555ab9c969d8 size 152 Aug 26 13:09:10.599588: | libevent_malloc: new ptr-libevent@0x555ab9cefcf8 size 16 Aug 26 13:09:10.599592: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:10.599595: | libevent_malloc: new ptr-libevent@0x555ab9cefd38 size 8 Aug 26 13:09:10.599599: | libevent_malloc: new ptr-libevent@0x555ab9c0d2d8 size 152 Aug 26 13:09:10.599602: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:10.599605: | libevent_malloc: new ptr-libevent@0x555ab9cefd78 size 8 Aug 26 13:09:10.599608: | libevent_malloc: new ptr-libevent@0x555ab9c174e8 size 152 Aug 26 13:09:10.599611: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:10.599614: | libevent_malloc: new ptr-libevent@0x555ab9cefdb8 size 8 Aug 26 13:09:10.599617: | libevent_realloc: release ptr-libevent@0x555ab9cefc38 Aug 26 13:09:10.599620: | libevent_realloc: new ptr-libevent@0x555ab9cefdf8 size 256 Aug 26 13:09:10.599623: | libevent_malloc: new ptr-libevent@0x555ab9c0f398 size 152 Aug 26 13:09:10.599626: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:10.599994: | created addconn helper (pid:4593) using fork+execve Aug 26 13:09:10.600008: | forked child 4593 Aug 26 13:09:10.600050: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.600406: listening for IKE messages Aug 26 13:09:10.600798: | Inspecting interface lo Aug 26 13:09:10.600806: | found lo with address 127.0.0.1 Aug 26 13:09:10.600812: | Inspecting interface eth0 Aug 26 13:09:10.600816: | found eth0 with address 192.0.3.254 Aug 26 13:09:10.600820: | Inspecting interface eth1 Aug 26 13:09:10.600824: | found eth1 with address 192.1.3.33 Aug 26 13:09:10.600932: Kernel supports NIC esp-hw-offload Aug 26 13:09:10.600944: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:09:10.600986: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.600991: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.600995: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:09:10.601029: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:09:10.601049: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.601053: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.601057: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:09:10.601080: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:10.601099: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.601104: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.601107: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:10.601181: | no interfaces to sort Aug 26 13:09:10.601187: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:10.601196: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf03b8 Aug 26 13:09:10.601199: | libevent_malloc: new ptr-libevent@0x555ab9ce46e8 size 128 Aug 26 13:09:10.601203: | libevent_malloc: new ptr-libevent@0x555ab9cf0428 size 16 Aug 26 13:09:10.601210: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:10.601213: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0468 Aug 26 13:09:10.601217: | libevent_malloc: new ptr-libevent@0x555ab9c8aec8 size 128 Aug 26 13:09:10.601220: | libevent_malloc: new ptr-libevent@0x555ab9cf04d8 size 16 Aug 26 13:09:10.601225: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:10.601228: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0518 Aug 26 13:09:10.601231: | libevent_malloc: new ptr-libevent@0x555ab9c8af78 size 128 Aug 26 13:09:10.601234: | libevent_malloc: new ptr-libevent@0x555ab9cf0588 size 16 Aug 26 13:09:10.601239: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:10.601241: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf05c8 Aug 26 13:09:10.601245: | libevent_malloc: new ptr-libevent@0x555ab9c89f38 size 128 Aug 26 13:09:10.601248: | libevent_malloc: new ptr-libevent@0x555ab9cf0638 size 16 Aug 26 13:09:10.601253: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:10.601256: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0678 Aug 26 13:09:10.601260: | libevent_malloc: new ptr-libevent@0x555ab9c92248 size 128 Aug 26 13:09:10.601263: | libevent_malloc: new ptr-libevent@0x555ab9cf06e8 size 16 Aug 26 13:09:10.601267: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:10.601270: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0728 Aug 26 13:09:10.601273: | libevent_malloc: new ptr-libevent@0x555ab9c92d68 size 128 Aug 26 13:09:10.601276: | libevent_malloc: new ptr-libevent@0x555ab9cf0798 size 16 Aug 26 13:09:10.601280: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:10.601285: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:10.601292: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:10.601314: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:10.601332: | saving Modulus Aug 26 13:09:10.601336: | saving PublicExponent Aug 26 13:09:10.601340: | ignoring PrivateExponent Aug 26 13:09:10.601343: | ignoring Prime1 Aug 26 13:09:10.601347: | ignoring Prime2 Aug 26 13:09:10.601350: | ignoring Exponent1 Aug 26 13:09:10.601353: | ignoring Exponent2 Aug 26 13:09:10.601356: | ignoring Coefficient Aug 26 13:09:10.601360: | ignoring CKAIDNSS Aug 26 13:09:10.601395: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:10.601398: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:10.601406: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:10.601413: | certs and keys locked by 'process_secret' Aug 26 13:09:10.601417: | certs and keys unlocked by 'process_secret' Aug 26 13:09:10.601427: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.601435: | spent 1.38 milliseconds in whack Aug 26 13:09:10.623393: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.623411: listening for IKE messages Aug 26 13:09:10.630485: | Inspecting interface lo Aug 26 13:09:10.630503: | found lo with address 127.0.0.1 Aug 26 13:09:10.630507: | Inspecting interface eth0 Aug 26 13:09:10.630511: | found eth0 with address 192.0.3.254 Aug 26 13:09:10.630514: | Inspecting interface eth1 Aug 26 13:09:10.630518: | found eth1 with address 192.1.3.33 Aug 26 13:09:10.630578: | no interfaces to sort Aug 26 13:09:10.630588: | libevent_free: release ptr-libevent@0x555ab9ce46e8 Aug 26 13:09:10.630592: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf03b8 Aug 26 13:09:10.630595: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf03b8 Aug 26 13:09:10.630598: | libevent_malloc: new ptr-libevent@0x555ab9ce46e8 size 128 Aug 26 13:09:10.630607: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:10.630611: | libevent_free: release ptr-libevent@0x555ab9c8aec8 Aug 26 13:09:10.630614: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0468 Aug 26 13:09:10.630616: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0468 Aug 26 13:09:10.630619: | libevent_malloc: new ptr-libevent@0x555ab9c8aec8 size 128 Aug 26 13:09:10.630624: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:10.630628: | libevent_free: release ptr-libevent@0x555ab9c8af78 Aug 26 13:09:10.630631: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0518 Aug 26 13:09:10.630634: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0518 Aug 26 13:09:10.630636: | libevent_malloc: new ptr-libevent@0x555ab9c8af78 size 128 Aug 26 13:09:10.630641: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:10.630645: | libevent_free: release ptr-libevent@0x555ab9c89f38 Aug 26 13:09:10.630647: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf05c8 Aug 26 13:09:10.630650: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf05c8 Aug 26 13:09:10.630653: | libevent_malloc: new ptr-libevent@0x555ab9c89f38 size 128 Aug 26 13:09:10.630658: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:10.630661: | libevent_free: release ptr-libevent@0x555ab9c92248 Aug 26 13:09:10.630664: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0678 Aug 26 13:09:10.630667: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0678 Aug 26 13:09:10.630669: | libevent_malloc: new ptr-libevent@0x555ab9c92248 size 128 Aug 26 13:09:10.630674: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:10.630678: | libevent_free: release ptr-libevent@0x555ab9c92d68 Aug 26 13:09:10.630680: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0728 Aug 26 13:09:10.630683: | add_fd_read_event_handler: new ethX-pe@0x555ab9cf0728 Aug 26 13:09:10.630686: | libevent_malloc: new ptr-libevent@0x555ab9c92d68 size 128 Aug 26 13:09:10.630691: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:10.630694: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:10.630697: forgetting secrets Aug 26 13:09:10.630709: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:10.630723: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:10.630738: | saving Modulus Aug 26 13:09:10.630741: | saving PublicExponent Aug 26 13:09:10.630745: | ignoring PrivateExponent Aug 26 13:09:10.630748: | ignoring Prime1 Aug 26 13:09:10.630752: | ignoring Prime2 Aug 26 13:09:10.630755: | ignoring Exponent1 Aug 26 13:09:10.630758: | ignoring Exponent2 Aug 26 13:09:10.630761: | ignoring Coefficient Aug 26 13:09:10.630764: | ignoring CKAIDNSS Aug 26 13:09:10.630786: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:10.630789: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:10.630792: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:10.630797: | certs and keys locked by 'process_secret' Aug 26 13:09:10.630800: | certs and keys unlocked by 'process_secret' Aug 26 13:09:10.630809: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.630817: | spent 0.402 milliseconds in whack Aug 26 13:09:10.631412: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.631432: | waitpid returned pid 4593 (exited with status 0) Aug 26 13:09:10.631440: | reaped addconn helper child (status 0) Aug 26 13:09:10.631446: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.631451: | spent 0.0219 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.658048: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.658068: | old debugging base+cpu-usage + none Aug 26 13:09:10.658071: | base debugging = base+cpu-usage Aug 26 13:09:10.658074: | old impairing none + suppress-retransmits Aug 26 13:09:10.658075: | base impairing = suppress-retransmits Aug 26 13:09:10.658082: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.658088: | spent 0.0458 milliseconds in whack Aug 26 13:09:10.713644: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.713685: | old debugging base+cpu-usage + none Aug 26 13:09:10.713690: | base debugging = base+cpu-usage Aug 26 13:09:10.713693: | old impairing suppress-retransmits + suppress-retransmits Aug 26 13:09:10.713696: | base impairing = suppress-retransmits Aug 26 13:09:10.713704: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.713711: | spent 0.0738 milliseconds in whack Aug 26 13:09:10.856462: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.856492: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.856497: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.856500: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.856503: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.856508: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.856516: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.856520: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:10.856574: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:10.856577: | from whack: got --esp= Aug 26 13:09:10.856601: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:10.857154: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.857171: | loading left certificate 'north' pubkey Aug 26 13:09:10.857284: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf3e28 Aug 26 13:09:10.857328: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf3dd8 Aug 26 13:09:10.857332: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf3d88 Aug 26 13:09:10.857450: | unreference key: 0x555ab9cf3e78 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.857580: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:09:10.857584: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:09:10.857590: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:10.858010: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.858016: | loading right certificate 'east' pubkey Aug 26 13:09:10.858077: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf6f18 Aug 26 13:09:10.858088: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf8128 Aug 26 13:09:10.858091: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf74e8 Aug 26 13:09:10.858093: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf7018 Aug 26 13:09:10.858094: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9cf3ad8 Aug 26 13:09:10.858285: | unreference key: 0x555ab9cfce08 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.858393: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:09:10.858401: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:10.858411: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:09:10.858413: | new hp@0x555ab9cfb958 Aug 26 13:09:10.858417: added connection description "northnet-eastnets/0x1" Aug 26 13:09:10.858431: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.858451: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 13:09:10.858462: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.858471: | spent 1.98 milliseconds in whack Aug 26 13:09:10.858535: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.858551: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.858555: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.858558: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.858561: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.858564: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.858570: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.858573: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:10.858628: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:10.858633: | from whack: got --esp= Aug 26 13:09:10.858669: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:10.858779: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.858786: | loading left certificate 'north' pubkey Aug 26 13:09:10.858841: | unreference key: 0x555ab9cf8468 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.858854: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d00108 Aug 26 13:09:10.858858: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d000b8 Aug 26 13:09:10.858861: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d00a38 Aug 26 13:09:10.858906: | unreference key: 0x555ab9cf7318 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:10.858951: | unreference key: 0x555ab9cf7538 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859005: | unreference key: 0x555ab9d00158 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859051: | secrets entry for north already exists Aug 26 13:09:10.859060: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:10.859141: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.859147: | loading right certificate 'east' pubkey Aug 26 13:09:10.859199: | unreference key: 0x555ab9cfe1e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859212: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d000b8 Aug 26 13:09:10.859215: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d00a38 Aug 26 13:09:10.859218: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d00438 Aug 26 13:09:10.859221: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d003e8 Aug 26 13:09:10.859224: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d00398 Aug 26 13:09:10.859268: | unreference key: 0x555ab9cfc0b8 192.1.2.23 cnt 1-- Aug 26 13:09:10.859319: | unreference key: 0x555ab9cfd868 east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859368: | unreference key: 0x555ab9cfda88 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:10.859412: | unreference key: 0x555ab9cfdfd8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859460: | unreference key: 0x555ab9d00568 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.859569: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:09:10.859579: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:10.859587: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:09:10.859592: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x555ab9cfb958: northnet-eastnets/0x1 Aug 26 13:09:10.859595: added connection description "northnet-eastnets/0x2" Aug 26 13:09:10.859607: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.859627: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 13:09:10.859637: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.859643: | spent 1.11 milliseconds in whack Aug 26 13:09:10.866628: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.866657: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:09:10.866662: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.866666: initiating all conns with alias='northnet-eastnets' Aug 26 13:09:10.866673: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.866679: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:10.866682: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 13:09:10.866686: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:10.866689: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:10.866714: | creating state object #1 at 0x555ab9d013a8 Aug 26 13:09:10.866718: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:10.866726: | pstats #1 ikev2.ike started Aug 26 13:09:10.866730: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:10.866746: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:10.866752: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.866760: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:10.866765: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:10.866769: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:10.866774: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Aug 26 13:09:10.866778: "northnet-eastnets/0x2" #1: initiating v2 parent SA Aug 26 13:09:10.866788: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Aug 26 13:09:10.866810: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.866818: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.866822: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.866828: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.866832: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.866851: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.866854: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.866873: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.866885: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.866906: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:09:10.866923: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9cfad98 Aug 26 13:09:10.866927: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.866931: | libevent_malloc: new ptr-libevent@0x555ab9cfcd58 size 128 Aug 26 13:09:10.866946: | #1 spent 0.265 milliseconds in ikev2_parent_outI1() Aug 26 13:09:10.866948: | crypto helper 0 resuming Aug 26 13:09:10.866950: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.866962: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:10.866969: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.866976: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:09:10.866978: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.866982: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:10.866986: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:10.866989: | connection 'northnet-eastnets/0x1' +POLICY_UP Aug 26 13:09:10.866993: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:10.866996: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:10.867001: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Aug 26 13:09:10.867006: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:10.867010: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 13:09:10.867013: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.867018: | spent 0.392 milliseconds in whack Aug 26 13:09:10.867565: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000588 seconds Aug 26 13:09:10.867574: | (#1) spent 0.588 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:09:10.867577: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:10.867579: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.867582: | libevent_malloc: new ptr-libevent@0x7f44c8002888 size 128 Aug 26 13:09:10.867587: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.867593: | processing resume sending helper answer for #1 Aug 26 13:09:10.867600: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.867604: | crypto helper 0 replies to request ID 1 Aug 26 13:09:10.867607: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:10.867610: | ikev2_parent_outI1_continue for #1 Aug 26 13:09:10.867639: | **emit ISAKMP Message: Aug 26 13:09:10.867642: | initiator cookie: Aug 26 13:09:10.867645: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.867648: | responder cookie: Aug 26 13:09:10.867651: | 00 00 00 00 00 00 00 00 Aug 26 13:09:10.867654: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.867657: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.867660: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.867663: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.867665: | Message ID: 0 (0x0) Aug 26 13:09:10.867668: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.867684: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.867687: | Emitting ikev2_proposals ... Aug 26 13:09:10.867690: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:10.867693: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.867696: | flags: none (0x0) Aug 26 13:09:10.867702: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.867705: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.867708: | discarding INTEG=NONE Aug 26 13:09:10.867711: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.867714: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.867717: | prop #: 1 (0x1) Aug 26 13:09:10.867720: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.867722: | spi size: 0 (0x0) Aug 26 13:09:10.867725: | # transforms: 11 (0xb) Aug 26 13:09:10.867728: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.867731: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867736: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.867739: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.867742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867745: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.867748: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.867751: | length/value: 256 (0x100) Aug 26 13:09:10.867754: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.867756: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867762: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.867764: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.867768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867774: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867777: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867779: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867782: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.867785: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.867788: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867794: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867796: | discarding INTEG=NONE Aug 26 13:09:10.867799: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867807: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.867810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867815: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867818: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867823: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867826: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.867829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867834: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867839: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867845: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867847: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.867851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867856: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867859: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867864: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867867: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.867870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867876: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867878: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867884: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867886: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.867889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867895: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867898: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867903: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867906: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.867909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867915: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867918: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867923: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867926: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.867929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867934: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867937: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867940: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.867945: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.867948: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.867952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867955: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.867957: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.867960: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:10.867963: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.867966: | discarding INTEG=NONE Aug 26 13:09:10.867969: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.867971: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.867974: | prop #: 2 (0x2) Aug 26 13:09:10.867977: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.867979: | spi size: 0 (0x0) Aug 26 13:09:10.867982: | # transforms: 11 (0xb) Aug 26 13:09:10.867985: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.867988: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.867991: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.867994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.867996: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.867999: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.868002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868005: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.868007: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.868010: | length/value: 128 (0x80) Aug 26 13:09:10.868013: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.868015: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868021: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868023: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.868026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868032: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868035: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868040: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868043: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.868046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868052: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868054: | discarding INTEG=NONE Aug 26 13:09:10.868057: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868065: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.868068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868075: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868078: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868085: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.868089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868094: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868097: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868105: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.868108: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868114: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868117: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868122: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868125: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.868128: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868133: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868139: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868159: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.868168: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868171: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868174: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868176: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868179: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868181: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868184: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.868187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868190: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868193: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868195: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868198: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868205: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.868208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868213: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868216: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868219: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.868221: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868224: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.868227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868236: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:10.868239: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.868241: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.868244: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.868247: | prop #: 3 (0x3) Aug 26 13:09:10.868250: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.868252: | spi size: 0 (0x0) Aug 26 13:09:10.868255: | # transforms: 13 (0xd) Aug 26 13:09:10.868258: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.868261: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.868264: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868269: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.868272: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.868275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868277: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.868280: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.868283: | length/value: 256 (0x100) Aug 26 13:09:10.868285: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.868299: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868307: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868310: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.868313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868319: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868322: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868327: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868330: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.868333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868340: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868343: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868348: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.868351: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.868354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868357: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868359: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868362: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868367: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.868370: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.868373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868379: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868390: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.868393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868407: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868409: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.868425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868430: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868433: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868441: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.868444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868450: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868452: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868455: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868457: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868460: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.868464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868467: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868470: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868472: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868477: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868480: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.868483: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868486: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868488: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868491: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868499: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.868502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868505: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868508: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868510: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868513: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868515: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868518: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.868521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868526: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868529: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868546: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.868549: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868551: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.868554: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868560: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868563: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:10.868566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.868569: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.868571: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.868574: | prop #: 4 (0x4) Aug 26 13:09:10.868576: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.868579: | spi size: 0 (0x0) Aug 26 13:09:10.868581: | # transforms: 13 (0xd) Aug 26 13:09:10.868585: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.868588: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.868591: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868597: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.868599: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.868602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868605: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.868608: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.868611: | length/value: 128 (0x80) Aug 26 13:09:10.868614: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.868616: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868621: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868624: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.868627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868633: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868638: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868641: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.868644: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.868647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868652: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868660: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.868663: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.868666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868673: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868675: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868680: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.868683: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.868686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868692: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868695: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868700: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868702: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.868706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868710: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868713: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868715: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868720: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868723: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.868726: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868729: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868732: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868735: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868743: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.868746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868754: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868760: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868762: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.868765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868771: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868774: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868779: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868781: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.868784: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868787: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868790: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868793: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868801: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.868804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868812: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868818: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868820: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.868825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868830: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868833: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.868836: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.868838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.868841: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.868844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.868847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.868850: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.868852: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:10.868855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.868858: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:09:10.868861: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.868864: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.868867: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.868870: | flags: none (0x0) Aug 26 13:09:10.868872: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.868876: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.868879: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.868882: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.868885: | ikev2 g^x eb 7d 6f ad 19 65 d7 7b b3 8f ce 9d ce 07 26 0b Aug 26 13:09:10.868888: | ikev2 g^x 6d f5 77 d0 46 f6 c7 07 36 2c 7f e5 f7 10 08 10 Aug 26 13:09:10.868891: | ikev2 g^x 7c 36 62 d8 1f 19 b3 b2 23 21 47 64 19 1d d2 75 Aug 26 13:09:10.868894: | ikev2 g^x 1e bc e5 3c e2 1c 2a 5b 9c 95 0a 4d df a0 39 73 Aug 26 13:09:10.868896: | ikev2 g^x 41 5b 1c 00 b1 fb 81 44 51 6d 9e dc be 4e 34 b9 Aug 26 13:09:10.868899: | ikev2 g^x 45 5d c6 95 5b 9c bc f5 79 90 83 c4 8d e3 34 aa Aug 26 13:09:10.868901: | ikev2 g^x be d3 a8 db d6 15 6d 72 fc bf 2a 16 91 ea 9b 0f Aug 26 13:09:10.868904: | ikev2 g^x b1 6a 05 d5 b8 83 80 90 33 d7 16 1e e3 ff 3e 9a Aug 26 13:09:10.868907: | ikev2 g^x 77 09 56 19 11 18 5e 40 24 02 54 29 2a 46 1c 51 Aug 26 13:09:10.868909: | ikev2 g^x 84 3e 1f e7 d6 34 b5 c1 51 57 bc 40 ae a0 87 cc Aug 26 13:09:10.868912: | ikev2 g^x 7e f3 7a 6c 4f ad e4 4f 29 cb df 85 5d a7 85 3e Aug 26 13:09:10.868914: | ikev2 g^x 73 88 07 48 10 c2 78 50 e4 c5 53 46 a7 fc cc 43 Aug 26 13:09:10.868917: | ikev2 g^x ba 98 87 45 cb 4d 3f 9d 4f d8 c8 57 79 2d 34 df Aug 26 13:09:10.868919: | ikev2 g^x d8 17 d4 43 3e ca a2 f1 7b 04 b1 c5 77 f7 cd a1 Aug 26 13:09:10.868922: | ikev2 g^x 53 f4 31 84 f7 6c 77 b8 cf 28 fb 74 05 56 ac 9d Aug 26 13:09:10.868925: | ikev2 g^x bd d1 64 98 20 92 5d dd 4a 8c da cc 60 e9 75 b8 Aug 26 13:09:10.868927: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.868930: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:10.868933: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.868936: | flags: none (0x0) Aug 26 13:09:10.868939: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:10.868943: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.868947: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.868950: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.868953: | IKEv2 nonce 6b 6f b5 e0 0a 8f 9d 65 09 38 be b9 a5 e8 be 13 Aug 26 13:09:10.868955: | IKEv2 nonce 59 e8 29 2b 48 6b d8 20 1e 7a 42 d6 72 40 72 3e Aug 26 13:09:10.868958: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.868961: | Adding a v2N Payload Aug 26 13:09:10.868963: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.868966: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.868969: | flags: none (0x0) Aug 26 13:09:10.868971: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.868974: | SPI size: 0 (0x0) Aug 26 13:09:10.868977: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.868980: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.868983: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.868986: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:10.868989: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:10.868992: | natd_hash: rcookie is zero Aug 26 13:09:10.869006: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:10.869009: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.869011: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.869014: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.869017: | natd_hash: port=500 Aug 26 13:09:10.869019: | natd_hash: hash= 23 41 38 66 70 5d e3 27 cc 55 15 23 45 2b 2f 33 Aug 26 13:09:10.869022: | natd_hash: hash= f6 85 53 d1 Aug 26 13:09:10.869024: | Adding a v2N Payload Aug 26 13:09:10.869027: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.869029: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.869032: | flags: none (0x0) Aug 26 13:09:10.869035: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.869037: | SPI size: 0 (0x0) Aug 26 13:09:10.869040: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.869043: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.869046: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.869049: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.869052: | Notify data 23 41 38 66 70 5d e3 27 cc 55 15 23 45 2b 2f 33 Aug 26 13:09:10.869055: | Notify data f6 85 53 d1 Aug 26 13:09:10.869057: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.869060: | natd_hash: rcookie is zero Aug 26 13:09:10.869066: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:10.869069: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.869071: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.869074: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.869076: | natd_hash: port=500 Aug 26 13:09:10.869079: | natd_hash: hash= 13 7d 91 4b 60 cc 9b 51 4f cb f3 f7 61 3a 56 de Aug 26 13:09:10.869094: | natd_hash: hash= 81 20 1f d7 Aug 26 13:09:10.869096: | Adding a v2N Payload Aug 26 13:09:10.869099: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.869101: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.869104: | flags: none (0x0) Aug 26 13:09:10.869119: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.869121: | SPI size: 0 (0x0) Aug 26 13:09:10.869124: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.869127: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.869133: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.869136: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.869139: | Notify data 13 7d 91 4b 60 cc 9b 51 4f cb f3 f7 61 3a 56 de Aug 26 13:09:10.869141: | Notify data 81 20 1f d7 Aug 26 13:09:10.869144: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.869147: | emitting length of ISAKMP Message: 828 Aug 26 13:09:10.869154: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:10.869165: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.869169: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:10.869172: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:10.869176: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:10.869179: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:09:10.869183: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:10.869188: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:10.869191: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:10.869202: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:10.869212: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.869216: | 0e ea 1f 14 0a 7b 00 47 00 00 00 00 00 00 00 00 Aug 26 13:09:10.869218: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:10.869221: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.869224: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:10.869226: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:10.869229: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:10.869231: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:10.869234: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:10.869236: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:10.869239: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:10.869241: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:10.869244: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:10.869246: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:10.869249: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:10.869252: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:10.869254: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:10.869257: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:10.869259: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:10.869262: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:10.869264: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:10.869267: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:10.869269: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:10.869272: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:10.869275: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:10.869277: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:10.869280: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:10.869282: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:10.869285: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:10.869287: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:10.869296: | 28 00 01 08 00 0e 00 00 eb 7d 6f ad 19 65 d7 7b Aug 26 13:09:10.869300: | b3 8f ce 9d ce 07 26 0b 6d f5 77 d0 46 f6 c7 07 Aug 26 13:09:10.869302: | 36 2c 7f e5 f7 10 08 10 7c 36 62 d8 1f 19 b3 b2 Aug 26 13:09:10.869305: | 23 21 47 64 19 1d d2 75 1e bc e5 3c e2 1c 2a 5b Aug 26 13:09:10.869307: | 9c 95 0a 4d df a0 39 73 41 5b 1c 00 b1 fb 81 44 Aug 26 13:09:10.869310: | 51 6d 9e dc be 4e 34 b9 45 5d c6 95 5b 9c bc f5 Aug 26 13:09:10.869312: | 79 90 83 c4 8d e3 34 aa be d3 a8 db d6 15 6d 72 Aug 26 13:09:10.869315: | fc bf 2a 16 91 ea 9b 0f b1 6a 05 d5 b8 83 80 90 Aug 26 13:09:10.869318: | 33 d7 16 1e e3 ff 3e 9a 77 09 56 19 11 18 5e 40 Aug 26 13:09:10.869320: | 24 02 54 29 2a 46 1c 51 84 3e 1f e7 d6 34 b5 c1 Aug 26 13:09:10.869323: | 51 57 bc 40 ae a0 87 cc 7e f3 7a 6c 4f ad e4 4f Aug 26 13:09:10.869325: | 29 cb df 85 5d a7 85 3e 73 88 07 48 10 c2 78 50 Aug 26 13:09:10.869328: | e4 c5 53 46 a7 fc cc 43 ba 98 87 45 cb 4d 3f 9d Aug 26 13:09:10.869330: | 4f d8 c8 57 79 2d 34 df d8 17 d4 43 3e ca a2 f1 Aug 26 13:09:10.869333: | 7b 04 b1 c5 77 f7 cd a1 53 f4 31 84 f7 6c 77 b8 Aug 26 13:09:10.869335: | cf 28 fb 74 05 56 ac 9d bd d1 64 98 20 92 5d dd Aug 26 13:09:10.869338: | 4a 8c da cc 60 e9 75 b8 29 00 00 24 6b 6f b5 e0 Aug 26 13:09:10.869340: | 0a 8f 9d 65 09 38 be b9 a5 e8 be 13 59 e8 29 2b Aug 26 13:09:10.869343: | 48 6b d8 20 1e 7a 42 d6 72 40 72 3e 29 00 00 08 Aug 26 13:09:10.869346: | 00 00 40 2e 29 00 00 1c 00 00 40 04 23 41 38 66 Aug 26 13:09:10.869348: | 70 5d e3 27 cc 55 15 23 45 2b 2f 33 f6 85 53 d1 Aug 26 13:09:10.869351: | 00 00 00 1c 00 00 40 05 13 7d 91 4b 60 cc 9b 51 Aug 26 13:09:10.869353: | 4f cb f3 f7 61 3a 56 de 81 20 1f d7 Aug 26 13:09:10.869450: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.869457: | libevent_free: release ptr-libevent@0x555ab9cfcd58 Aug 26 13:09:10.869460: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9cfad98 Aug 26 13:09:10.869463: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:10.869467: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:10.869475: | event_schedule: new EVENT_RETRANSMIT-pe@0x555ab9cfad98 Aug 26 13:09:10.869479: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:09:10.869482: | libevent_malloc: new ptr-libevent@0x555ab9d00398 size 128 Aug 26 13:09:10.869488: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.611941 Aug 26 13:09:10.869492: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:10.869497: | #1 spent 1.81 milliseconds in resume sending helper answer Aug 26 13:09:10.869502: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:10.869506: | libevent_free: release ptr-libevent@0x7f44c8002888 Aug 26 13:09:10.872647: | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.872673: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.872678: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.872681: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 13:09:10.872683: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.872685: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:09:10.872688: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b2 4d 86 86 Aug 26 13:09:10.872691: | 33 07 d3 d9 87 d7 05 f3 c6 bf 14 91 29 72 bd 2b Aug 26 13:09:10.872693: | 24 6f a5 39 e4 c8 43 da 14 3c 3b 31 84 8e 97 72 Aug 26 13:09:10.872708: | 83 95 15 5e bd 57 2d 19 a6 b6 5f 13 98 ec de e8 Aug 26 13:09:10.872710: | 55 61 ab 29 3e ab 18 49 e9 d5 f3 46 ec dc ed dd Aug 26 13:09:10.872713: | 96 65 9c b6 34 3b 74 0e 0e d4 a9 7c ab dd ec 82 Aug 26 13:09:10.872715: | 3a 9f fc 3b 62 c4 5d a1 a8 73 2e 6f 2b 8f f5 21 Aug 26 13:09:10.872719: | 8b 44 58 3b 57 28 26 84 eb f3 f3 6e 8f da b6 30 Aug 26 13:09:10.872722: | 5a 96 ea d0 d1 fd 4a 56 5a 1f 96 7f 52 9e 25 83 Aug 26 13:09:10.872725: | d3 65 2c 04 77 c9 a3 ac c9 a9 ed d2 d1 dd 56 1b Aug 26 13:09:10.872727: | 0a 5c 8c 55 30 cd 2b 1a d3 c0 1a 21 ed e4 8a 59 Aug 26 13:09:10.872729: | 5c 81 40 bb 2d 2b a5 b2 18 89 78 71 e3 b1 ee 5a Aug 26 13:09:10.872732: | 3b 84 8e d9 98 fb 3c d3 3e 4c f2 e6 1a 9e a6 47 Aug 26 13:09:10.872734: | cf 16 b1 a4 73 0a 89 6a 91 ec 24 ec 11 7f 6d 1f Aug 26 13:09:10.872737: | 5c df 35 f7 60 94 c2 0a 84 f4 33 5f a5 9c 73 0e Aug 26 13:09:10.872739: | 19 35 57 fa f1 ad 89 b5 e8 13 63 77 d5 b0 0c 56 Aug 26 13:09:10.872742: | a1 42 ca b9 52 b5 10 9b d8 fe 29 cd 29 00 00 24 Aug 26 13:09:10.872744: | 23 4b 62 d8 3c 90 b2 dd a3 27 fa 61 96 5c 04 e8 Aug 26 13:09:10.872747: | 79 7f cc ef 06 56 44 b3 34 3c 33 98 a3 71 15 ce Aug 26 13:09:10.872749: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:09:10.872751: | cc 22 43 b3 9e f7 54 f1 f3 0b b1 cd fe 08 1e 6b Aug 26 13:09:10.872754: | 98 3d f2 8c 26 00 00 1c 00 00 40 05 cb d7 31 95 Aug 26 13:09:10.872756: | bf aa f9 43 d4 a5 89 ec 79 fe bb c5 d6 19 fb 5f Aug 26 13:09:10.872758: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 13:09:10.872761: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.872765: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.872769: | **parse ISAKMP Message: Aug 26 13:09:10.872772: | initiator cookie: Aug 26 13:09:10.872774: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.872776: | responder cookie: Aug 26 13:09:10.872778: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.872781: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.872783: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.872786: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.872788: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.872791: | Message ID: 0 (0x0) Aug 26 13:09:10.872806: | length: 457 (0x1c9) Aug 26 13:09:10.872809: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:10.872813: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:09:10.872817: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:10.872824: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.872829: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.872832: | #1 is idle Aug 26 13:09:10.872847: | #1 idle Aug 26 13:09:10.872850: | unpacking clear payload Aug 26 13:09:10.872852: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.872854: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:10.872856: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.872857: | flags: none (0x0) Aug 26 13:09:10.872859: | length: 40 (0x28) Aug 26 13:09:10.872861: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:09:10.872862: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.872864: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.872866: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.872867: | flags: none (0x0) Aug 26 13:09:10.872869: | length: 264 (0x108) Aug 26 13:09:10.872871: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.872872: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.872874: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.872876: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:10.872877: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.872879: | flags: none (0x0) Aug 26 13:09:10.872880: | length: 36 (0x24) Aug 26 13:09:10.872882: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.872885: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.872887: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.872888: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.872890: | flags: none (0x0) Aug 26 13:09:10.872891: | length: 8 (0x8) Aug 26 13:09:10.872893: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.872895: | SPI size: 0 (0x0) Aug 26 13:09:10.872897: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.872898: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:10.872900: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.872901: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.872903: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.872904: | flags: none (0x0) Aug 26 13:09:10.872920: | length: 28 (0x1c) Aug 26 13:09:10.872921: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.872923: | SPI size: 0 (0x0) Aug 26 13:09:10.872924: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.872926: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.872928: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.872929: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.872931: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:09:10.872932: | flags: none (0x0) Aug 26 13:09:10.872934: | length: 28 (0x1c) Aug 26 13:09:10.872935: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.872937: | SPI size: 0 (0x0) Aug 26 13:09:10.872939: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.872940: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.872942: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.872944: | ***parse IKEv2 Certificate Request Payload: Aug 26 13:09:10.872945: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.872947: | flags: none (0x0) Aug 26 13:09:10.872949: | length: 25 (0x19) Aug 26 13:09:10.872950: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.872952: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 13:09:10.872954: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:09:10.872958: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:10.872961: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:10.872962: | Now let's proceed with state specific processing Aug 26 13:09:10.872964: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:10.872967: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:09:10.872978: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.872980: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:09:10.872983: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.872985: | local proposal 1 type PRF has 2 transforms Aug 26 13:09:10.872987: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.872988: | local proposal 1 type DH has 8 transforms Aug 26 13:09:10.872990: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:10.872992: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.872994: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.872997: | local proposal 2 type PRF has 2 transforms Aug 26 13:09:10.872998: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.873000: | local proposal 2 type DH has 8 transforms Aug 26 13:09:10.873002: | local proposal 2 type ESN has 0 transforms Aug 26 13:09:10.873004: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.873005: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.873007: | local proposal 3 type PRF has 2 transforms Aug 26 13:09:10.873009: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.873010: | local proposal 3 type DH has 8 transforms Aug 26 13:09:10.873012: | local proposal 3 type ESN has 0 transforms Aug 26 13:09:10.873014: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.873016: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.873017: | local proposal 4 type PRF has 2 transforms Aug 26 13:09:10.873019: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.873021: | local proposal 4 type DH has 8 transforms Aug 26 13:09:10.873022: | local proposal 4 type ESN has 0 transforms Aug 26 13:09:10.873025: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.873028: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.873031: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.873033: | length: 36 (0x24) Aug 26 13:09:10.873036: | prop #: 1 (0x1) Aug 26 13:09:10.873038: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.873040: | spi size: 0 (0x0) Aug 26 13:09:10.873041: | # transforms: 3 (0x3) Aug 26 13:09:10.873044: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:10.873046: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.873049: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.873051: | length: 12 (0xc) Aug 26 13:09:10.873052: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.873054: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.873056: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.873058: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.873059: | length/value: 256 (0x100) Aug 26 13:09:10.873062: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.873064: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.873067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.873069: | length: 8 (0x8) Aug 26 13:09:10.873072: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.873074: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.873077: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:10.873080: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.873083: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.873085: | length: 8 (0x8) Aug 26 13:09:10.873088: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.873091: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.873095: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.873099: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:09:10.873103: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:09:10.873106: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.873109: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:09:10.873112: | converting proposal to internal trans attrs Aug 26 13:09:10.873128: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:10.873132: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.873135: | natd_hash: rcookie= 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.873138: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.873140: | natd_hash: port=500 Aug 26 13:09:10.873141: | natd_hash: hash= cb d7 31 95 bf aa f9 43 d4 a5 89 ec 79 fe bb c5 Aug 26 13:09:10.873143: | natd_hash: hash= d6 19 fb 5f Aug 26 13:09:10.873148: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:10.873150: | natd_hash: icookie= 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.873152: | natd_hash: rcookie= 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.873153: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.873154: | natd_hash: port=500 Aug 26 13:09:10.873156: | natd_hash: hash= cc 22 43 b3 9e f7 54 f1 f3 0b b1 cd fe 08 1e 6b Aug 26 13:09:10.873158: | natd_hash: hash= 98 3d f2 8c Aug 26 13:09:10.873160: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:10.873161: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:10.873163: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:10.873165: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:09:10.873170: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:09:10.873172: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:09:10.873175: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:10.873177: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:10.873179: | libevent_free: release ptr-libevent@0x555ab9d00398 Aug 26 13:09:10.873181: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555ab9cfad98 Aug 26 13:09:10.873183: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9cfad98 Aug 26 13:09:10.873186: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.873188: | libevent_malloc: new ptr-libevent@0x7f44c8002888 size 128 Aug 26 13:09:10.873196: | #1 spent 0.228 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:09:10.873199: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.873202: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:09:10.873203: | crypto helper 2 resuming Aug 26 13:09:10.873204: | suspending state #1 and saving MD Aug 26 13:09:10.873218: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:09:10.873219: | #1 is busy; has a suspended MD Aug 26 13:09:10.873225: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:09:10.873227: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.873233: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.873237: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.873242: | #1 spent 0.571 milliseconds in ikev2_process_packet() Aug 26 13:09:10.873247: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.873250: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.873253: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.873257: | spent 0.586 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.874295: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:09:10.874816: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00159 seconds Aug 26 13:09:10.874825: | (#1) spent 1.58 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:09:10.874828: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:09:10.874831: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.874834: | libevent_malloc: new ptr-libevent@0x7f44c0000f48 size 128 Aug 26 13:09:10.874842: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:10.874853: | processing resume sending helper answer for #1 Aug 26 13:09:10.874866: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.874872: | crypto helper 2 replies to request ID 2 Aug 26 13:09:10.874875: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:10.874879: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:09:10.874887: | creating state object #2 at 0x555ab9d05a68 Aug 26 13:09:10.874891: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:10.874896: | pstats #2 ikev2.child started Aug 26 13:09:10.874900: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:09:10.874906: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.874926: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.874931: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:10.874936: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:10.874939: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.874943: | libevent_free: release ptr-libevent@0x7f44c8002888 Aug 26 13:09:10.874947: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9cfad98 Aug 26 13:09:10.874950: | event_schedule: new EVENT_SA_REPLACE-pe@0x555ab9cfad98 Aug 26 13:09:10.874955: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:09:10.874958: | libevent_malloc: new ptr-libevent@0x7f44c8002888 size 128 Aug 26 13:09:10.874976: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:09:10.874983: | **emit ISAKMP Message: Aug 26 13:09:10.874986: | initiator cookie: Aug 26 13:09:10.874989: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.874992: | responder cookie: Aug 26 13:09:10.874995: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.874998: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.875001: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.875004: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.875007: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.875010: | Message ID: 1 (0x1) Aug 26 13:09:10.875013: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.875017: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.875020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.875023: | flags: none (0x0) Aug 26 13:09:10.875026: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.875030: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.875034: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.875044: | IKEv2 CERT: send a certificate? Aug 26 13:09:10.875048: | IKEv2 CERT: OK to send a certificate (always) Aug 26 13:09:10.875051: | IDr payload will be sent Aug 26 13:09:10.875066: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:09:10.875083: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.875086: | flags: none (0x0) Aug 26 13:09:10.875089: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.875093: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:09:10.875096: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.875102: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:09:10.875106: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.875109: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.875112: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.875115: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.875117: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.875120: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.875123: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:09:10.875126: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:09:10.875129: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:09:10.875132: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:09:10.875134: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.875137: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.875140: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Aug 26 13:09:10.875152: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.875156: | ****emit IKEv2 Certificate Payload: Aug 26 13:09:10.875159: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.875162: | flags: none (0x0) Aug 26 13:09:10.875165: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.875169: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.875173: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.875176: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 13:09:10.875180: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 13:09:10.875183: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:09:10.875185: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:09:10.875188: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:09:10.875190: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:09:10.875193: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:09:10.875196: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:09:10.875198: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:09:10.875201: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:09:10.875204: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:09:10.875207: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:09:10.875209: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:09:10.875212: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:09:10.875215: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:09:10.875217: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:09:10.875220: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:09:10.875222: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:09:10.875225: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:09:10.875228: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:09:10.875230: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:09:10.875233: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:09:10.875235: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 13:09:10.875238: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:09:10.875241: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 13:09:10.875245: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 13:09:10.875248: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 13:09:10.875251: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 13:09:10.875253: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 13:09:10.875256: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 13:09:10.875259: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 13:09:10.875261: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 13:09:10.875264: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 13:09:10.875267: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 13:09:10.875269: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 13:09:10.875272: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 13:09:10.875275: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 13:09:10.875277: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 13:09:10.875280: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 13:09:10.875283: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 13:09:10.875285: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 13:09:10.875309: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 13:09:10.875316: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 13:09:10.875319: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 13:09:10.875321: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 13:09:10.875324: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 13:09:10.875327: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 13:09:10.875329: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 13:09:10.875332: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 13:09:10.875335: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 13:09:10.875337: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 13:09:10.875340: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 13:09:10.875342: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 13:09:10.875345: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 13:09:10.875348: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 13:09:10.875350: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 13:09:10.875353: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:09:10.875356: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 13:09:10.875358: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 13:09:10.875361: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 13:09:10.875364: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 13:09:10.875366: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 13:09:10.875369: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 13:09:10.875372: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.875374: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 13:09:10.875377: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 13:09:10.875380: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 13:09:10.875382: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 13:09:10.875385: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 13:09:10.875388: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 13:09:10.875390: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 13:09:10.875393: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 13:09:10.875396: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 13:09:10.875398: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 13:09:10.875401: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 13:09:10.875404: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 13:09:10.875407: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 13:09:10.875409: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 13:09:10.875413: | emitting length of IKEv2 Certificate Payload: 1232 Aug 26 13:09:10.875416: | IKEv2 CERTREQ: send a cert request? Aug 26 13:09:10.875420: | IKEv2 CERTREQ: OK to send a certificate request Aug 26 13:09:10.875430: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Aug 26 13:09:10.875433: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 13:09:10.875436: | ****emit IKEv2 Certificate Request Payload: Aug 26 13:09:10.875439: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.875442: | flags: none (0x0) Aug 26 13:09:10.875444: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.875448: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.875451: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.876087: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 13:09:10.876099: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 13:09:10.876101: | CA cert public key hash Aug 26 13:09:10.876103: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.876105: | 2b 92 25 e9 Aug 26 13:09:10.876107: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 13:09:10.876110: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.876112: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.876113: | flags: none (0x0) Aug 26 13:09:10.876115: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.876118: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:09:10.876120: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.876122: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.876124: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:09:10.876126: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.876128: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.876129: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.876131: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.876132: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.876134: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.876135: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.876137: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.876139: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.876140: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.876142: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.876143: | IDr 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.876145: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 13:09:10.876147: | not sending INITIAL_CONTACT Aug 26 13:09:10.876149: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:10.876152: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.876154: | flags: none (0x0) Aug 26 13:09:10.876157: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.876160: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.876165: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.876172: | #1 spent 1.28 milliseconds Aug 26 13:09:10.876186: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 13:09:10.876241: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 13:09:10.884306: | #1 spent 8 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:10.884320: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:10.884324: | rsa signature 2a 76 82 a9 46 c3 f4 d9 53 49 27 c3 af d8 5f 68 Aug 26 13:09:10.884327: | rsa signature a7 fd eb a6 d8 67 a7 f9 bc 9c 07 f3 bf b6 95 ab Aug 26 13:09:10.884330: | rsa signature bb bf 8b f2 4c 6b 99 7d 63 00 96 4e 3e a1 7c 92 Aug 26 13:09:10.884332: | rsa signature 78 54 91 ce 80 74 7f 19 1f ef b4 5b 7c 20 6f 2e Aug 26 13:09:10.884335: | rsa signature 7e c9 75 e9 03 5f 65 7c 29 19 68 99 80 81 ae c3 Aug 26 13:09:10.884338: | rsa signature 6c cf 11 d2 14 d8 ed e8 79 53 d4 b3 4e 58 34 09 Aug 26 13:09:10.884341: | rsa signature c1 af c2 3c 47 67 e2 2d 98 de 14 31 22 c3 87 97 Aug 26 13:09:10.884344: | rsa signature 07 41 3f a0 be e6 fe cc de 39 e4 4f a0 a8 b0 4b Aug 26 13:09:10.884346: | rsa signature 88 31 74 f0 a2 9e 47 ff 46 e0 67 74 b5 01 8c 80 Aug 26 13:09:10.884349: | rsa signature 40 de f9 e7 14 76 b5 0e 27 3e 54 a8 4b 21 65 95 Aug 26 13:09:10.884352: | rsa signature 10 c4 1f 79 37 e0 0d 9d 04 65 8b fd 82 b5 7d 6d Aug 26 13:09:10.884354: | rsa signature c9 1b 37 bc af 1c eb 9c 88 0d 5e d2 e3 ab 2a 88 Aug 26 13:09:10.884357: | rsa signature a6 12 7c 52 df 39 e8 3b 1e 71 f7 7a ff 5e b3 80 Aug 26 13:09:10.884360: | rsa signature 03 76 08 56 b2 40 ae fd 7d cc 61 8e 8b 4b 46 6a Aug 26 13:09:10.884362: | rsa signature 64 05 c0 5b c4 38 39 47 7a 04 fb f5 1e e7 27 d0 Aug 26 13:09:10.884364: | rsa signature 93 60 a6 18 2b 57 75 6e c9 08 13 89 1f 01 26 e6 Aug 26 13:09:10.884367: | rsa signature d3 30 e3 f2 59 2b c9 f8 cc b6 f5 d3 1f b9 80 24 Aug 26 13:09:10.884370: | rsa signature 84 34 72 73 4b ff eb 13 fd 8d df b3 ff 3f 22 c2 Aug 26 13:09:10.884372: | rsa signature 9e 3e a8 f4 c7 e5 bc 21 0b 07 69 83 22 72 9b 66 Aug 26 13:09:10.884375: | rsa signature b5 18 75 39 8e 7d 20 72 e1 4b 5f 16 93 b6 e1 cc Aug 26 13:09:10.884377: | rsa signature 23 a7 06 fc 92 ff ce 33 1c a7 25 45 57 13 25 4c Aug 26 13:09:10.884380: | rsa signature 0e b4 51 9f 20 50 8a 06 30 ec 6b 78 5f 86 3e 1e Aug 26 13:09:10.884382: | rsa signature 71 31 28 09 8a d1 75 61 4c 2c 78 2d 8f c2 40 47 Aug 26 13:09:10.884385: | rsa signature f0 39 a6 0a 4b 16 28 9c 61 eb 2e 88 61 1f 2c 7d Aug 26 13:09:10.884391: | #1 spent 8.18 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:10.884395: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 13:09:10.884399: | getting first pending from state #1 Aug 26 13:09:10.884403: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Aug 26 13:09:10.884411: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:10.884928: | netlink_get_spi: allocated 0xac7974ac for esp.0@192.1.3.33 Aug 26 13:09:10.884937: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:09:10.884945: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.884952: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.884956: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.884976: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.884980: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.884986: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.884989: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.884994: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.885003: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.885016: | Emitting ikev2_proposals ... Aug 26 13:09:10.885021: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.885024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.885028: | flags: none (0x0) Aug 26 13:09:10.885032: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.885036: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.885039: | discarding INTEG=NONE Aug 26 13:09:10.885042: | discarding DH=NONE Aug 26 13:09:10.885044: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.885048: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885050: | prop #: 1 (0x1) Aug 26 13:09:10.885053: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.885055: | spi size: 4 (0x4) Aug 26 13:09:10.885058: | # transforms: 2 (0x2) Aug 26 13:09:10.885061: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.885065: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.885067: | our spi ac 79 74 ac Aug 26 13:09:10.885070: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885076: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.885078: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.885081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885084: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.885088: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.885091: | length/value: 256 (0x100) Aug 26 13:09:10.885094: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.885096: | discarding INTEG=NONE Aug 26 13:09:10.885099: | discarding DH=NONE Aug 26 13:09:10.885102: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885104: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.885107: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.885110: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.885113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885119: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885122: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.885125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.885130: | discarding INTEG=NONE Aug 26 13:09:10.885132: | discarding DH=NONE Aug 26 13:09:10.885135: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.885138: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885141: | prop #: 2 (0x2) Aug 26 13:09:10.885143: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.885146: | spi size: 4 (0x4) Aug 26 13:09:10.885148: | # transforms: 2 (0x2) Aug 26 13:09:10.885152: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885155: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.885158: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.885161: | our spi ac 79 74 ac Aug 26 13:09:10.885164: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885169: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.885172: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.885174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885177: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.885180: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.885183: | length/value: 128 (0x80) Aug 26 13:09:10.885186: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.885189: | discarding INTEG=NONE Aug 26 13:09:10.885191: | discarding DH=NONE Aug 26 13:09:10.885194: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885196: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.885199: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.885201: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.885204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885210: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885213: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.885216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.885218: | discarding DH=NONE Aug 26 13:09:10.885221: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.885224: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885226: | prop #: 3 (0x3) Aug 26 13:09:10.885229: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.885231: | spi size: 4 (0x4) Aug 26 13:09:10.885233: | # transforms: 4 (0x4) Aug 26 13:09:10.885237: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885240: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.885243: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.885245: | our spi ac 79 74 ac Aug 26 13:09:10.885248: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885254: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.885257: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.885260: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885263: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.885266: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.885271: | length/value: 256 (0x100) Aug 26 13:09:10.885274: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.885276: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885282: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.885285: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.885292: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885299: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885302: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885304: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885309: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.885312: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.885315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885317: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885320: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885322: | discarding DH=NONE Aug 26 13:09:10.885325: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885328: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.885331: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.885333: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.885337: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885343: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885346: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:10.885349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.885352: | discarding DH=NONE Aug 26 13:09:10.885355: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.885358: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.885360: | prop #: 4 (0x4) Aug 26 13:09:10.885376: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.885378: | spi size: 4 (0x4) Aug 26 13:09:10.885380: | # transforms: 4 (0x4) Aug 26 13:09:10.885384: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.885387: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.885405: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.885408: | our spi ac 79 74 ac Aug 26 13:09:10.885412: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885418: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.885420: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.885424: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885427: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.885430: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.885433: | length/value: 128 (0x80) Aug 26 13:09:10.885438: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.885441: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885447: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.885449: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.885452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885458: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885461: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885467: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.885470: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.885486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885492: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885494: | discarding DH=NONE Aug 26 13:09:10.885497: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.885500: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.885503: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.885505: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.885508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.885511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.885514: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.885517: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:10.885519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.885522: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:09:10.885526: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.885529: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.885533: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.885536: | flags: none (0x0) Aug 26 13:09:10.885538: | number of TS: 1 (0x1) Aug 26 13:09:10.885542: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.885546: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.885549: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.885552: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.885554: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.885557: | start port: 0 (0x0) Aug 26 13:09:10.885559: | end port: 65535 (0xffff) Aug 26 13:09:10.885562: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.885565: | ipv4 start c0 00 03 00 Aug 26 13:09:10.885568: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.885570: | ipv4 end c0 00 03 ff Aug 26 13:09:10.885573: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.885576: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.885578: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.885583: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.885585: | flags: none (0x0) Aug 26 13:09:10.885588: | number of TS: 1 (0x1) Aug 26 13:09:10.885591: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.885595: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.885598: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.885600: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.885603: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.885605: | start port: 0 (0x0) Aug 26 13:09:10.885608: | end port: 65535 (0xffff) Aug 26 13:09:10.885611: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.885613: | ipv4 start c0 00 02 00 Aug 26 13:09:10.885616: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.885618: | ipv4 end c0 00 02 ff Aug 26 13:09:10.885620: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.885623: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.885626: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:10.885629: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.885632: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.885635: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.885639: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.885641: | emitting length of IKEv2 Encryption Payload: 2274 Aug 26 13:09:10.885644: | emitting length of ISAKMP Message: 2302 Aug 26 13:09:10.885649: | **parse ISAKMP Message: Aug 26 13:09:10.885652: | initiator cookie: Aug 26 13:09:10.885654: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.885657: | responder cookie: Aug 26 13:09:10.885659: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.885662: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.885665: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.885668: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.885670: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.885671: | Message ID: 1 (0x1) Aug 26 13:09:10.885673: | length: 2302 (0x8fe) Aug 26 13:09:10.885675: | **parse IKEv2 Encryption Payload: Aug 26 13:09:10.885676: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.885678: | flags: none (0x0) Aug 26 13:09:10.885679: | length: 2274 (0x8e2) Aug 26 13:09:10.885681: | **emit ISAKMP Message: Aug 26 13:09:10.885683: | initiator cookie: Aug 26 13:09:10.885684: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.885686: | responder cookie: Aug 26 13:09:10.885687: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.885689: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.885690: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.885692: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.885694: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.885695: | Message ID: 1 (0x1) Aug 26 13:09:10.885697: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.885699: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.885701: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.885702: | flags: none (0x0) Aug 26 13:09:10.885704: | fragment number: 1 (0x1) Aug 26 13:09:10.885705: | total fragments: 5 (0x5) Aug 26 13:09:10.885707: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:09:10.885709: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.885713: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.885715: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.885723: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.885725: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Aug 26 13:09:10.885726: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.885728: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.885729: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.885731: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.885732: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.885734: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Aug 26 13:09:10.885735: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Aug 26 13:09:10.885737: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.885739: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Aug 26 13:09:10.885740: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Aug 26 13:09:10.885742: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 13:09:10.885743: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Aug 26 13:09:10.885745: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Aug 26 13:09:10.885746: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Aug 26 13:09:10.885748: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Aug 26 13:09:10.885749: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Aug 26 13:09:10.885751: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Aug 26 13:09:10.885752: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Aug 26 13:09:10.885754: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Aug 26 13:09:10.885756: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Aug 26 13:09:10.885757: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Aug 26 13:09:10.885759: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Aug 26 13:09:10.885760: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Aug 26 13:09:10.885762: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.885763: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 Aug 26 13:09:10.885765: | cleartext fragment 30 39 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 Aug 26 13:09:10.885766: | cleartext fragment 33 30 39 30 37 35 33 5a 30 81 b6 31 0b 30 09 06 Aug 26 13:09:10.885768: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.885770: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Aug 26 13:09:10.885771: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.885773: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.885775: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.885777: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.885778: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.885791: | **emit ISAKMP Message: Aug 26 13:09:10.885793: | initiator cookie: Aug 26 13:09:10.885794: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.885796: | responder cookie: Aug 26 13:09:10.885797: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.885799: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.885800: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.885803: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.885805: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.885806: | Message ID: 1 (0x1) Aug 26 13:09:10.885808: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.885810: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.885811: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.885813: | flags: none (0x0) Aug 26 13:09:10.885814: | fragment number: 2 (0x2) Aug 26 13:09:10.885816: | total fragments: 5 (0x5) Aug 26 13:09:10.885818: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.885820: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.885822: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.885824: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.885826: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.885827: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Aug 26 13:09:10.885829: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Aug 26 13:09:10.885831: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Aug 26 13:09:10.885832: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Aug 26 13:09:10.885834: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Aug 26 13:09:10.885835: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:09:10.885837: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 13:09:10.885838: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Aug 26 13:09:10.885840: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Aug 26 13:09:10.885841: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Aug 26 13:09:10.885843: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Aug 26 13:09:10.885845: | cleartext fragment 82 01 81 00 c0 59 bd 4b 40 fd f4 2c e7 cf 9e f3 Aug 26 13:09:10.885846: | cleartext fragment 29 e6 61 73 de ab 42 3d cc 51 1a e8 79 d6 53 46 Aug 26 13:09:10.885848: | cleartext fragment a1 fd 66 d1 9e ab b4 65 76 51 ad 3f 6f 8f ef d2 Aug 26 13:09:10.885849: | cleartext fragment 73 f9 fd 8f 44 b0 6c 36 4b 95 c3 b2 45 0f 31 0c Aug 26 13:09:10.885851: | cleartext fragment e9 df 35 95 44 c0 19 53 8d df 6a 4b b2 af d6 d3 Aug 26 13:09:10.885852: | cleartext fragment e8 dd f5 20 df 9c cd 8a f7 6a 09 92 60 00 45 44 Aug 26 13:09:10.885854: | cleartext fragment 39 4c 17 6c 06 02 91 37 4b f5 6a c3 5e 21 c6 64 Aug 26 13:09:10.885855: | cleartext fragment 32 32 98 1d b7 99 1f 3c 13 fe ec c7 a4 a5 3b 37 Aug 26 13:09:10.885857: | cleartext fragment 30 df e4 31 95 47 91 b1 ca 96 66 b7 9e 49 65 a2 Aug 26 13:09:10.885858: | cleartext fragment 4c 79 54 17 ed 68 19 34 9d 7e 67 91 27 51 f0 ee Aug 26 13:09:10.885860: | cleartext fragment cb b3 90 68 7c 1d fd 83 32 06 2e e6 6f d5 f0 62 Aug 26 13:09:10.885862: | cleartext fragment 00 4d ef 11 90 b6 ad 61 83 0b 21 94 18 d9 2b 88 Aug 26 13:09:10.885863: | cleartext fragment 09 0d 33 2e 3b 71 18 f4 ce 4a 45 f3 37 f4 db c0 Aug 26 13:09:10.885865: | cleartext fragment d6 ab c2 da da cd 6d e0 a3 9d 21 53 19 34 b1 0c Aug 26 13:09:10.885866: | cleartext fragment d9 63 7c 45 b7 26 a4 d9 d6 93 25 1e 1f 74 3c 07 Aug 26 13:09:10.885868: | cleartext fragment 32 69 9b bc 0f db ba 3e 30 85 a4 3d ec 5c 70 fe Aug 26 13:09:10.885869: | cleartext fragment fe 7d 64 3c 2c 48 b3 8a eb 26 bf 05 d4 33 1e c3 Aug 26 13:09:10.885871: | cleartext fragment f7 1c 24 c9 99 e3 d1 99 91 df 32 10 d5 7c 31 7e Aug 26 13:09:10.885872: | cleartext fragment 9e 6f 70 01 dc 0d d7 21 03 76 4d f5 b2 e3 Aug 26 13:09:10.885875: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.885877: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.885879: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.885880: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.885882: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.885886: | **emit ISAKMP Message: Aug 26 13:09:10.885888: | initiator cookie: Aug 26 13:09:10.885889: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.885891: | responder cookie: Aug 26 13:09:10.885892: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.885894: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.885896: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.885897: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.885899: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.885900: | Message ID: 1 (0x1) Aug 26 13:09:10.885902: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.885904: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.885905: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.885907: | flags: none (0x0) Aug 26 13:09:10.885908: | fragment number: 3 (0x3) Aug 26 13:09:10.885910: | total fragments: 5 (0x5) Aug 26 13:09:10.885912: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.885914: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.885915: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.885917: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.885919: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.885921: | cleartext fragment 87 30 94 8c b2 0a c0 b4 d9 0b d4 d9 37 e0 7a 73 Aug 26 13:09:10.885938: | cleartext fragment 13 50 8d 6f 93 9a 7c 5a 1a b2 87 7e 0c 64 60 cb Aug 26 13:09:10.885939: | cleartext fragment 4b 2c ef 22 75 b1 7c 60 3e e3 e5 f1 94 38 51 8f Aug 26 13:09:10.885941: | cleartext fragment 00 e8 35 7b b5 01 ed c1 c4 fd a3 4b 56 42 d6 8b Aug 26 13:09:10.885942: | cleartext fragment 64 38 74 95 c4 13 70 f0 f0 23 29 57 2b ef 74 97 Aug 26 13:09:10.885944: | cleartext fragment 97 76 8d 30 48 91 02 03 01 00 01 a3 81 e4 30 81 Aug 26 13:09:10.885946: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Aug 26 13:09:10.885947: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Aug 26 13:09:10.885949: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.885950: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Aug 26 13:09:10.885952: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Aug 26 13:09:10.885954: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Aug 26 13:09:10.885955: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Aug 26 13:09:10.885957: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Aug 26 13:09:10.885958: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Aug 26 13:09:10.885960: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Aug 26 13:09:10.885961: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Aug 26 13:09:10.885963: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Aug 26 13:09:10.885965: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Aug 26 13:09:10.885966: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Aug 26 13:09:10.885968: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Aug 26 13:09:10.885973: | cleartext fragment 00 03 81 81 00 9e e9 26 57 73 c2 4c 64 c6 ab d6 Aug 26 13:09:10.885976: | cleartext fragment d3 1a 13 4f 6b 48 e3 17 b2 3d fb 30 93 2d 15 92 Aug 26 13:09:10.885979: | cleartext fragment 6e a3 60 29 10 1d 3e a7 93 48 3c 40 5b af 9e e5 Aug 26 13:09:10.885982: | cleartext fragment 93 b7 2f d5 4b 9f db bd ab 5d 03 57 3a 1a f9 81 Aug 26 13:09:10.885984: | cleartext fragment 87 13 dd 32 e7 93 b5 9e 3b 40 3c c6 c9 d5 ce c6 Aug 26 13:09:10.885987: | cleartext fragment c7 5d da 89 36 3d d0 36 82 fd b2 ab 00 2a 7c 0e Aug 26 13:09:10.885990: | cleartext fragment a7 ad 3e e2 b1 5a 0d 88 45 26 48 51 b3 c7 79 d7 Aug 26 13:09:10.885992: | cleartext fragment 04 e7 47 5f 28 f8 63 fb ae 58 52 8b ba 60 ce 19 Aug 26 13:09:10.885994: | cleartext fragment ac fa 4e 65 7d 24 00 00 19 04 58 13 71 57 Aug 26 13:09:10.885997: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.886000: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.886004: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.886007: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.886009: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.886016: | **emit ISAKMP Message: Aug 26 13:09:10.886020: | initiator cookie: Aug 26 13:09:10.886023: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.886025: | responder cookie: Aug 26 13:09:10.886028: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886030: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.886033: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.886036: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.886039: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.886041: | Message ID: 1 (0x1) Aug 26 13:09:10.886044: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.886047: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.886050: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.886052: | flags: none (0x0) Aug 26 13:09:10.886055: | fragment number: 4 (0x4) Aug 26 13:09:10.886058: | total fragments: 5 (0x5) Aug 26 13:09:10.886061: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.886064: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.886067: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.886070: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.886079: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.886082: | cleartext fragment 9d ee 1a 15 74 03 12 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.886084: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 13:09:10.886087: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.886090: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.886093: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.886095: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.886098: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.886100: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.886103: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.886106: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.886108: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.886111: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.886116: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Aug 26 13:09:10.886119: | cleartext fragment 00 01 88 01 00 00 00 2a 76 82 a9 46 c3 f4 d9 53 Aug 26 13:09:10.886122: | cleartext fragment 49 27 c3 af d8 5f 68 a7 fd eb a6 d8 67 a7 f9 bc Aug 26 13:09:10.886124: | cleartext fragment 9c 07 f3 bf b6 95 ab bb bf 8b f2 4c 6b 99 7d 63 Aug 26 13:09:10.886127: | cleartext fragment 00 96 4e 3e a1 7c 92 78 54 91 ce 80 74 7f 19 1f Aug 26 13:09:10.886129: | cleartext fragment ef b4 5b 7c 20 6f 2e 7e c9 75 e9 03 5f 65 7c 29 Aug 26 13:09:10.886132: | cleartext fragment 19 68 99 80 81 ae c3 6c cf 11 d2 14 d8 ed e8 79 Aug 26 13:09:10.886135: | cleartext fragment 53 d4 b3 4e 58 34 09 c1 af c2 3c 47 67 e2 2d 98 Aug 26 13:09:10.886137: | cleartext fragment de 14 31 22 c3 87 97 07 41 3f a0 be e6 fe cc de Aug 26 13:09:10.886140: | cleartext fragment 39 e4 4f a0 a8 b0 4b 88 31 74 f0 a2 9e 47 ff 46 Aug 26 13:09:10.886143: | cleartext fragment e0 67 74 b5 01 8c 80 40 de f9 e7 14 76 b5 0e 27 Aug 26 13:09:10.886145: | cleartext fragment 3e 54 a8 4b 21 65 95 10 c4 1f 79 37 e0 0d 9d 04 Aug 26 13:09:10.886148: | cleartext fragment 65 8b fd 82 b5 7d 6d c9 1b 37 bc af 1c eb 9c 88 Aug 26 13:09:10.886151: | cleartext fragment 0d 5e d2 e3 ab 2a 88 a6 12 7c 52 df 39 e8 3b 1e Aug 26 13:09:10.886153: | cleartext fragment 71 f7 7a ff 5e b3 80 03 76 08 56 b2 40 ae fd 7d Aug 26 13:09:10.886156: | cleartext fragment cc 61 8e 8b 4b 46 6a 64 05 c0 5b c4 38 39 47 7a Aug 26 13:09:10.886159: | cleartext fragment 04 fb f5 1e e7 27 d0 93 60 a6 18 2b 57 75 6e c9 Aug 26 13:09:10.886161: | cleartext fragment 08 13 89 1f 01 26 e6 d3 30 e3 f2 59 2b c9 Aug 26 13:09:10.886164: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.886167: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.886170: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.886173: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.886175: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.886183: | **emit ISAKMP Message: Aug 26 13:09:10.886186: | initiator cookie: Aug 26 13:09:10.886188: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.886191: | responder cookie: Aug 26 13:09:10.886193: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886196: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.886199: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.886201: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.886204: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.886207: | Message ID: 1 (0x1) Aug 26 13:09:10.886209: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.886212: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.886215: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.886218: | flags: none (0x0) Aug 26 13:09:10.886220: | fragment number: 5 (0x5) Aug 26 13:09:10.886223: | total fragments: 5 (0x5) Aug 26 13:09:10.886226: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.886229: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.886232: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.886235: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.886238: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.886240: | cleartext fragment f8 cc b6 f5 d3 1f b9 80 24 84 34 72 73 4b ff eb Aug 26 13:09:10.886241: | cleartext fragment 13 fd 8d df b3 ff 3f 22 c2 9e 3e a8 f4 c7 e5 bc Aug 26 13:09:10.886243: | cleartext fragment 21 0b 07 69 83 22 72 9b 66 b5 18 75 39 8e 7d 20 Aug 26 13:09:10.886245: | cleartext fragment 72 e1 4b 5f 16 93 b6 e1 cc 23 a7 06 fc 92 ff ce Aug 26 13:09:10.886248: | cleartext fragment 33 1c a7 25 45 57 13 25 4c 0e b4 51 9f 20 50 8a Aug 26 13:09:10.886249: | cleartext fragment 06 30 ec 6b 78 5f 86 3e 1e 71 31 28 09 8a d1 75 Aug 26 13:09:10.886251: | cleartext fragment 61 4c 2c 78 2d 8f c2 40 47 f0 39 a6 0a 4b 16 28 Aug 26 13:09:10.886253: | cleartext fragment 9c 61 eb 2e 88 61 1f 2c 7d 2c 00 00 a4 02 00 00 Aug 26 13:09:10.886254: | cleartext fragment 20 01 03 04 02 ac 79 74 ac 03 00 00 0c 01 00 00 Aug 26 13:09:10.886256: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Aug 26 13:09:10.886258: | cleartext fragment 20 02 03 04 02 ac 79 74 ac 03 00 00 0c 01 00 00 Aug 26 13:09:10.886259: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Aug 26 13:09:10.886261: | cleartext fragment 30 03 03 04 04 ac 79 74 ac 03 00 00 0c 01 00 00 Aug 26 13:09:10.886262: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 13:09:10.886264: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Aug 26 13:09:10.886266: | cleartext fragment 30 04 03 04 04 ac 79 74 ac 03 00 00 0c 01 00 00 Aug 26 13:09:10.886267: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 13:09:10.886269: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Aug 26 13:09:10.886270: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Aug 26 13:09:10.886272: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Aug 26 13:09:10.886274: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Aug 26 13:09:10.886275: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.886277: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.886279: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.886281: | emitting length of IKEv2 Encrypted Fragment: 366 Aug 26 13:09:10.886283: | emitting length of ISAKMP Message: 394 Aug 26 13:09:10.886298: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.886307: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.886312: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:09:10.886316: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:09:10.886320: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:09:10.886323: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:09:10.886329: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:10.886335: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:09:10.886341: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:09:10.886355: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:10.886359: | sending fragments ... Aug 26 13:09:10.886365: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.886368: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886371: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:09:10.886374: | 00 01 00 05 28 71 b7 07 39 21 6a 61 f7 d5 d5 23 Aug 26 13:09:10.886376: | b5 fc 6e 84 62 0a 5e 87 60 5e 5f 33 a0 54 c6 dc Aug 26 13:09:10.886379: | da 8e bf d6 be 51 98 3b 70 63 c2 5a 9f 9c 05 8d Aug 26 13:09:10.886384: | f3 fa 0e e8 69 c3 ca 42 44 26 bf 96 f2 f1 fd 19 Aug 26 13:09:10.886386: | f4 f9 3b c7 5e cf d6 cd fa 28 9f 0f 6b aa b0 75 Aug 26 13:09:10.886389: | 97 6e 61 62 f1 bb f8 67 06 85 af 05 5b 13 33 b5 Aug 26 13:09:10.886391: | 56 a4 6d ab d2 6d 6b da 2d ec 84 4a ee 47 48 23 Aug 26 13:09:10.886394: | 89 8f 58 e9 1a d4 e9 76 12 eb b9 5b d1 f8 a2 eb Aug 26 13:09:10.886396: | 36 3d 21 53 49 83 c3 b2 b2 b3 8b a5 4f e4 cd 15 Aug 26 13:09:10.886399: | 27 7c c3 59 5c a4 86 1e f4 97 08 07 ff 17 24 6b Aug 26 13:09:10.886402: | 8d 37 bb 3d 7c 51 eb 2d 04 d9 52 a0 3b 55 d4 21 Aug 26 13:09:10.886404: | ed a9 d7 04 dd c6 47 29 61 65 d8 2b de 37 a5 97 Aug 26 13:09:10.886407: | 3e c7 4d 23 84 ee 4b 45 05 e9 99 0c c4 85 c4 86 Aug 26 13:09:10.886410: | dd 66 0d 8d e2 ed 0b 96 17 fe 0e 80 b2 0a 5e dd Aug 26 13:09:10.886413: | e2 67 41 24 8f 30 01 02 bd ae da a7 f7 e3 ac 1f Aug 26 13:09:10.886415: | f8 64 e2 51 82 be 1b 61 48 b8 af 6d ca dc f1 f7 Aug 26 13:09:10.886418: | a0 3c 17 4b 20 af 32 e0 ce b6 b8 1c 13 b0 5d b7 Aug 26 13:09:10.886420: | 95 2b 00 66 6c a3 b0 6b ec 36 dc b6 ab 42 26 28 Aug 26 13:09:10.886422: | ce 58 f6 42 14 7d 72 80 e4 6b a7 7e 8c 27 48 70 Aug 26 13:09:10.886425: | 2d 78 d3 c8 cd ec 54 73 d0 9a 1b ba 4c 01 83 51 Aug 26 13:09:10.886427: | e8 3f 9c 61 7d 9b d0 ed ca 89 14 67 0a f7 43 33 Aug 26 13:09:10.886429: | 05 0e 01 d9 de 02 5f 50 0d fd b1 66 a8 3a 4d 78 Aug 26 13:09:10.886432: | c1 c6 8a 92 28 ae c6 ba 05 45 21 9f ec 40 af 96 Aug 26 13:09:10.886434: | be 9e fe bd ab 6e 7a bc 1e 4d d4 19 57 0d 58 0c Aug 26 13:09:10.886436: | 68 84 83 3f d4 54 a8 e1 51 25 3e b6 3c ab 2c 51 Aug 26 13:09:10.886438: | 84 99 d3 06 4b 7f 49 a1 8a 72 eb 05 e7 40 28 e7 Aug 26 13:09:10.886441: | cc d7 72 90 f5 7b ea eb 6f 25 96 91 1b ae 81 89 Aug 26 13:09:10.886443: | 1a 79 bf c8 b9 e2 d4 cf 16 41 39 0b d1 7f a9 77 Aug 26 13:09:10.886446: | f7 43 c2 5a 84 9b 8e 20 c0 97 5f a4 fc c6 29 95 Aug 26 13:09:10.886448: | e4 f1 a9 3d 02 a1 99 57 04 14 d0 59 0b fb 90 98 Aug 26 13:09:10.886451: | e6 78 49 86 ff 32 9d d5 f0 43 e4 5f 09 85 22 b9 Aug 26 13:09:10.886453: | 39 d2 9b 49 0b 87 30 51 64 55 d8 Aug 26 13:09:10.886506: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.886511: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886514: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886516: | 00 02 00 05 2d f3 de 4e bd 59 e1 24 50 99 79 f2 Aug 26 13:09:10.886519: | bd b4 70 0c 34 13 97 70 e5 3d fe cb bb 0b 52 66 Aug 26 13:09:10.886522: | 6d ba af ee 17 d8 bd b9 4c 64 07 f3 3f 8e 13 a4 Aug 26 13:09:10.886524: | b1 2f fe 27 c8 34 00 e9 5f 81 a9 18 46 96 14 27 Aug 26 13:09:10.886527: | 57 79 e5 c9 1d 78 98 f4 51 ff 0e e5 13 45 61 ea Aug 26 13:09:10.886529: | 02 05 03 b7 dd d8 f1 86 16 e4 03 69 11 7a 63 71 Aug 26 13:09:10.886532: | 19 45 39 b6 d8 c1 e2 ca 3e b9 40 58 12 25 a1 19 Aug 26 13:09:10.886534: | 83 ce 00 fb 15 b5 b1 8c 18 cf 98 2d ad 70 d0 8b Aug 26 13:09:10.886537: | 37 1b eb b0 de eb 47 57 a9 a1 80 42 05 b3 d4 d0 Aug 26 13:09:10.886539: | 5d 30 bf 91 41 2e e9 89 3d a7 60 a3 3c 8f 65 12 Aug 26 13:09:10.886542: | e3 22 18 93 ee fc d7 e7 f3 31 69 29 94 88 43 4c Aug 26 13:09:10.886544: | 54 27 16 07 ff 7c 80 36 0e f2 83 af 17 a8 be 68 Aug 26 13:09:10.886547: | 0e ac f4 a3 49 1c 09 b8 05 f0 79 f5 c6 c3 08 a8 Aug 26 13:09:10.886549: | 39 82 ec ae a0 be 94 0b 6f 84 67 26 2f 3c fb e9 Aug 26 13:09:10.886552: | 48 04 91 41 b1 9c c5 4e 9b 89 b8 b3 3b e5 4a f7 Aug 26 13:09:10.886555: | b0 1b 1a 16 d4 db 2e a9 40 8f 68 17 1a 9d 96 4c Aug 26 13:09:10.886557: | 58 a2 4c 4d cf e8 fd 18 c9 9f 78 25 64 c6 2a d7 Aug 26 13:09:10.886560: | a5 54 95 5c af 2d fc 0c ca 25 b4 f0 a4 47 f2 6a Aug 26 13:09:10.886562: | 32 3f c3 c9 8d 2d 99 ad 64 b3 02 45 fd 68 28 9b Aug 26 13:09:10.886565: | 8c d7 c1 78 93 92 e5 e8 3d e5 eb d9 95 90 3b c1 Aug 26 13:09:10.886571: | 87 3a e3 06 d7 ba 72 27 76 cc 0a cd 4f e9 1b 01 Aug 26 13:09:10.886574: | 9c fe ba 8c e1 50 dd b3 5c 1a d7 71 08 45 9c 73 Aug 26 13:09:10.886577: | 20 92 56 67 61 c8 40 48 8d 20 e2 a3 6d 23 5a 18 Aug 26 13:09:10.886580: | ad 27 f4 ab 24 b3 77 9a a7 a8 ea ba 72 eb 1c 41 Aug 26 13:09:10.886582: | d8 c9 4f ec 7c 6f b1 36 cc cb c9 6d c6 b0 b2 69 Aug 26 13:09:10.886585: | 1a f7 c9 60 04 de 5b 79 cb 77 24 a6 26 df 51 78 Aug 26 13:09:10.886587: | 2a 14 d8 de 18 e2 56 d6 ca 24 b8 95 cb 3c 0d af Aug 26 13:09:10.886590: | 27 63 06 18 d8 f2 4c db a3 56 f1 f1 03 9e ee 47 Aug 26 13:09:10.886592: | a6 ab 34 a8 f0 d1 4e 5d d1 cf 86 df 62 12 a2 fd Aug 26 13:09:10.886595: | 1f fb 70 61 77 5d b5 88 b5 7d 6d be 73 f7 16 99 Aug 26 13:09:10.886598: | b0 b6 cb 6e c1 9d 14 f6 c3 e2 c1 b4 19 d9 cb 67 Aug 26 13:09:10.886600: | 0a 8c f5 ad 55 58 1a 3c 1b 07 db Aug 26 13:09:10.886624: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.886628: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886631: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886634: | 00 03 00 05 9a a8 ef d5 b3 a4 6f d4 1d ce ba b5 Aug 26 13:09:10.886637: | 97 69 ee 6f a4 e4 49 b9 a9 57 5b 8f 1c 1b ad cf Aug 26 13:09:10.886639: | 9a fa e5 cc 08 1b 7e fc 24 56 7e 52 26 a3 41 ec Aug 26 13:09:10.886642: | 81 4c 36 c1 ff 3b 52 34 d8 a9 3d d0 24 a1 f9 73 Aug 26 13:09:10.886644: | 3d 85 fb 38 86 41 c2 4a 6d fb 32 7a fd ae ad fb Aug 26 13:09:10.886647: | cd 44 e0 e8 09 5e 06 d2 cd 89 e5 27 b4 07 10 c5 Aug 26 13:09:10.886649: | 80 44 4c 2e 67 97 bd c6 69 a1 81 50 5a 4b 2c e7 Aug 26 13:09:10.886652: | 80 c6 c5 7a 41 ef 61 99 2a 67 0f 96 e2 49 d2 ff Aug 26 13:09:10.886655: | 6a 57 d3 57 af a7 e0 99 d3 6f 77 37 1a 42 a3 cc Aug 26 13:09:10.886658: | 43 5c 67 d5 f1 cc 8a e5 11 c7 a6 d9 15 41 ad e6 Aug 26 13:09:10.886660: | 69 cb eb da 0f e9 05 59 c1 8c 4e 37 2f 4a d7 2d Aug 26 13:09:10.886663: | 72 f4 bc 44 af 54 85 0e 4c 5a 21 9d a1 a6 c8 7c Aug 26 13:09:10.886665: | 2f a6 81 47 1d 02 17 b3 e1 77 28 5a c6 d9 21 47 Aug 26 13:09:10.886668: | d8 92 f2 bd 0e f3 9e 59 df 22 53 07 fb d5 ac 8d Aug 26 13:09:10.886671: | 07 9e b8 74 19 df b5 5f f1 24 f6 a7 83 5e 57 f0 Aug 26 13:09:10.886673: | b0 89 93 73 36 6c b7 9d 34 be f5 0f b2 a6 89 53 Aug 26 13:09:10.886675: | da 4c 17 94 75 c2 d1 6c 42 c2 0f 88 44 bb a2 10 Aug 26 13:09:10.886678: | 51 00 c6 19 1f 9e cf 60 7d f5 e2 cf ff f9 3e 9c Aug 26 13:09:10.886681: | 2e da 00 10 81 0c 6e 8f 23 27 86 2c 9d f7 6d 5a Aug 26 13:09:10.886683: | f1 31 74 8f 1a 17 96 05 81 4a f0 18 89 ae b6 bd Aug 26 13:09:10.886686: | 25 65 cd 38 26 b2 72 e1 b2 eb b0 12 43 70 4c 8a Aug 26 13:09:10.886689: | 73 14 a3 76 f8 05 b7 2b 24 df e1 dd 3d b1 47 24 Aug 26 13:09:10.886691: | 5b 01 ff 81 70 2a f2 1f 9e 76 9d 9d 2f 78 fd 9b Aug 26 13:09:10.886694: | 21 18 e3 e5 10 03 27 94 35 06 cd f3 79 b0 3f 80 Aug 26 13:09:10.886697: | 4b 07 c7 77 22 67 65 46 e3 5f 54 0f 3f 0f ad 3c Aug 26 13:09:10.886700: | 39 93 47 fe 9f da b7 23 52 bf 5c be 7b 47 aa c7 Aug 26 13:09:10.886702: | 4f 58 08 19 0a d6 21 3e 15 fb b9 9e ac 9b cd 26 Aug 26 13:09:10.886705: | d8 6e f4 f5 d5 9b 38 40 c2 24 1d 3a c2 1d bb 83 Aug 26 13:09:10.886708: | 90 43 88 34 c9 58 fa 16 ba 88 b8 02 ba 14 32 3d Aug 26 13:09:10.886710: | 86 69 19 95 ac fd 4c 54 2b 45 77 7a e7 b2 5e 36 Aug 26 13:09:10.886713: | e0 94 94 53 cb 6e 5e 8c b5 6f 26 37 fa 7e 2c 20 Aug 26 13:09:10.886715: | eb db c2 0d 7f 50 f8 c7 6e b1 bf Aug 26 13:09:10.886733: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.886737: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886740: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.886743: | 00 04 00 05 36 a5 1a 6b c3 31 2a 49 fa f7 fd c0 Aug 26 13:09:10.886747: | 2a a7 4c d0 9f c1 d2 c1 97 ec e1 cb 33 fd 32 4a Aug 26 13:09:10.886750: | 4d 8b 41 8a 4f b3 12 34 66 65 0d 50 72 9f ac 6c Aug 26 13:09:10.886753: | d0 bf cb 72 75 06 78 86 05 1c 0d 4b cd 30 56 87 Aug 26 13:09:10.886756: | 0c 52 ef fc 91 0b 0c 93 a1 71 6b 3e d4 e7 4c a3 Aug 26 13:09:10.886759: | 3b 11 af f6 03 d6 2d 1a de e5 3f 47 4e 83 e6 f4 Aug 26 13:09:10.886761: | 00 7c 0d 59 9b f3 5c 18 f5 81 04 f3 d8 ec 7c 42 Aug 26 13:09:10.886764: | 35 f7 fd 47 1a 0e d8 2d 2c 45 96 71 2f 11 c1 d6 Aug 26 13:09:10.886766: | 77 f8 cc 69 c3 a6 eb 36 4e 67 d7 09 a0 25 fe f3 Aug 26 13:09:10.886769: | 5c a8 5a 1f 9b 0f 64 b8 26 f9 31 86 a3 8e b5 8b Aug 26 13:09:10.886771: | 68 30 dd d9 6a 20 14 d4 07 4a a4 13 43 ea bc bf Aug 26 13:09:10.886774: | 7f 7b f5 94 8a 1b 24 85 da e2 20 53 93 64 da f1 Aug 26 13:09:10.886777: | d5 50 04 13 7d 03 80 b7 e8 5c 96 7e c1 2e bc ba Aug 26 13:09:10.886779: | 77 61 82 f6 8c aa 4f ac 42 ed 5d f9 28 82 6c a3 Aug 26 13:09:10.886782: | 4c 04 57 72 00 d5 b0 0f 40 81 7b 2a c2 5d 21 f3 Aug 26 13:09:10.886785: | 2e 14 8d a6 ae e0 24 23 8c a2 32 3a 4e 85 1b 6f Aug 26 13:09:10.886787: | ce 21 16 25 07 a3 e7 ec 20 42 b6 ac bb f8 a9 89 Aug 26 13:09:10.886790: | d6 6e 8d 17 b6 69 ce 2d 0d 77 40 6a 76 7e 37 12 Aug 26 13:09:10.886792: | b4 71 e6 35 5b 3a 89 4a de ff a9 df 24 c1 23 76 Aug 26 13:09:10.886795: | 4c 1a df 85 4a 5c 83 9e 57 0c aa bf fa 1f c5 d9 Aug 26 13:09:10.886797: | 22 88 75 05 b5 f2 73 a6 32 78 ff 0b 82 92 a6 ec Aug 26 13:09:10.886800: | e1 91 32 16 b3 25 81 50 9d 30 54 aa 15 34 a3 11 Aug 26 13:09:10.886802: | 08 2e 8e b9 b0 f6 28 fd 3c 1b 5b 4b 67 62 5c b1 Aug 26 13:09:10.886805: | cd 97 7b 7b 2f ff b8 3c 8d 2a 7e fe de 6c d5 67 Aug 26 13:09:10.886807: | 4f f9 c7 3a 86 df 4c 66 87 8c 7b 05 13 f4 ed 0e Aug 26 13:09:10.886810: | 63 58 7f 88 fd 7e e9 4f 98 c4 5c c6 c6 f8 d6 7d Aug 26 13:09:10.886813: | 4e 83 08 eb 10 d4 e2 aa 65 ee 0a 42 cf 76 7d da Aug 26 13:09:10.886815: | 33 8f 9e ba 6e 9f 56 a9 af 5b b2 27 3d e6 5d 0c Aug 26 13:09:10.886818: | f5 2d 65 fa ed cf c8 01 52 42 ca fe 0c 0b 8e 3c Aug 26 13:09:10.886820: | a9 a3 fd 36 73 53 62 8a 49 08 b7 78 0f 7f 4c b5 Aug 26 13:09:10.886823: | 7e e2 8e 25 38 d8 13 2b e0 4f 5c 37 6e be 88 19 Aug 26 13:09:10.886825: | 4a d4 99 a1 bc f6 0d b1 1b 66 49 Aug 26 13:09:10.886842: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.886845: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.886848: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 13:09:10.886851: | 00 05 00 05 7d 3e 13 b2 98 99 75 c0 af 7d fe bc Aug 26 13:09:10.886853: | 6d 07 6a 1b 51 55 af 20 ae f3 c7 4c 64 3d ce 2d Aug 26 13:09:10.886856: | 6f f6 d2 f3 0c 63 02 83 c8 db 99 80 5e 90 76 62 Aug 26 13:09:10.886858: | e1 ce 23 1c d6 15 f5 19 a7 c1 4a 85 55 04 eb 6a Aug 26 13:09:10.886861: | 9d b3 b1 ed ba ad d4 49 90 71 34 f3 72 05 a7 e0 Aug 26 13:09:10.886863: | d1 f9 bb e5 72 82 77 b1 41 a1 fe 10 7d 2b 09 e7 Aug 26 13:09:10.886866: | 11 69 66 25 2d 21 ed 3b f8 9b 01 21 70 09 52 c5 Aug 26 13:09:10.886868: | d2 c2 83 c7 d3 c0 cd 57 17 e9 d8 01 70 a8 8b b0 Aug 26 13:09:10.886871: | 7b 62 9b 59 bc 28 be 57 87 c8 cc ff 5e 99 7c fb Aug 26 13:09:10.886873: | 18 62 2b c2 0a fb 78 9f 70 42 cf de 9b 1a 20 a0 Aug 26 13:09:10.886876: | 39 0a 50 93 31 65 1c 26 3a 4e 2d 44 a4 bd c5 58 Aug 26 13:09:10.886878: | 05 29 47 09 73 06 86 6e 2c a0 f5 1e 26 f4 77 ac Aug 26 13:09:10.886881: | 8b 20 b2 d4 4e ee f3 cf 67 56 87 32 2e 3e e6 6f Aug 26 13:09:10.886883: | 97 1d 2e a2 fc cf 13 2c d5 0d bd f7 3e 01 1d 9d Aug 26 13:09:10.886886: | 72 8d 6e d8 9d 77 75 84 50 a7 f0 2e b0 4b 05 37 Aug 26 13:09:10.886888: | 46 0f e5 f7 f1 8a c3 0f af fa ed 62 dd 25 e2 00 Aug 26 13:09:10.886891: | 83 b4 46 19 96 6e da d9 1b b5 d8 cb a4 c6 10 28 Aug 26 13:09:10.886895: | 70 45 93 2c 91 f5 3d 57 8f aa a4 b1 f3 cb db 92 Aug 26 13:09:10.886898: | bb 01 91 e6 97 7a 21 fc 7b 31 51 0a d0 92 1f 48 Aug 26 13:09:10.886901: | e3 a4 ab 33 03 be cc ff a6 20 98 62 be 55 87 54 Aug 26 13:09:10.886903: | a8 10 4b ba 40 de ee df 5f 64 49 16 54 22 4c 53 Aug 26 13:09:10.886906: | a3 ff 3c dd 5a 80 d6 d7 22 9e c9 be 4c 06 6e 0b Aug 26 13:09:10.886908: | 49 bd 42 a4 65 47 80 b6 6f 65 Aug 26 13:09:10.886920: | sent 5 fragments Aug 26 13:09:10.886925: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:10.886928: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:10.886939: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f44c8002b78 Aug 26 13:09:10.886943: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:09:10.886947: | libevent_malloc: new ptr-libevent@0x555ab9d0a448 size 128 Aug 26 13:09:10.886954: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.629404 Aug 26 13:09:10.886960: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.886966: | #1 spent 2.51 milliseconds Aug 26 13:09:10.886970: | #1 spent 12 milliseconds in resume sending helper answer Aug 26 13:09:10.886976: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:10.886980: | libevent_free: release ptr-libevent@0x7f44c0000f48 Aug 26 13:09:10.940101: | spent 0.00254 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.940122: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.940125: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940127: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 13:09:10.940128: | 00 01 00 05 eb 5c c1 f7 69 6e 94 a2 78 a2 4c 2b Aug 26 13:09:10.940130: | 17 4d b6 a6 c6 b7 9b ff be d9 3e c9 a0 2c 4a 83 Aug 26 13:09:10.940131: | 99 5d 3c f0 d2 b6 6c 1f d6 2f 8a a3 a2 f0 4f f8 Aug 26 13:09:10.940133: | ea 07 23 81 dd d1 a4 17 c7 8f 6f 70 0e 9e 5e a0 Aug 26 13:09:10.940134: | c5 5f 1b bf 34 63 36 a9 70 70 09 92 f5 87 a0 ca Aug 26 13:09:10.940136: | 43 8d 56 e6 0a fe c5 10 a2 ea d8 50 9e b1 f7 fd Aug 26 13:09:10.940137: | e8 c5 f3 b3 5c d9 64 28 fb f5 b2 8c 9f 10 7b f5 Aug 26 13:09:10.940139: | 77 c5 c8 14 c8 a1 88 5e 09 0d 99 1a 49 1f 84 f7 Aug 26 13:09:10.940140: | e6 fe 03 6f 8b f2 23 48 ab ed 33 93 83 e3 f4 41 Aug 26 13:09:10.940142: | 23 d6 69 77 25 18 fd 4f 9c 48 76 4b f2 8f 51 73 Aug 26 13:09:10.940143: | 59 11 4e d3 39 9c 85 8e ae 07 af 9b d3 5c 86 70 Aug 26 13:09:10.940145: | 84 c7 fd 23 79 c5 b5 6c 48 2d b2 d8 85 12 7c e4 Aug 26 13:09:10.940146: | 7d ae fb 38 a8 60 c8 f9 17 83 dd eb cb e2 bc 85 Aug 26 13:09:10.940148: | 81 e3 80 76 c0 0c af 75 e7 13 cc 0e 4a f4 0f d8 Aug 26 13:09:10.940154: | bd 4e 1e 0d dd c6 44 3b aa f6 f8 e1 83 e6 e9 1d Aug 26 13:09:10.940159: | fe 02 b8 ea 10 9f 26 61 0a 82 29 ad d0 e5 1c 3f Aug 26 13:09:10.940161: | ed 26 44 d3 0e ce b8 38 ef e2 e3 bf ff 0f c9 1f Aug 26 13:09:10.940164: | 02 e5 78 ef 3a 37 4e 5b 85 07 77 7f 7b 5c d7 6e Aug 26 13:09:10.940166: | b4 34 36 60 f1 a2 72 f3 82 92 fc 3e a7 05 99 07 Aug 26 13:09:10.940169: | fb ab 56 ca 90 61 d4 fb d3 75 72 60 ac f0 59 67 Aug 26 13:09:10.940171: | ce c9 62 ea ab c3 11 44 39 1a a8 1b 28 f2 05 68 Aug 26 13:09:10.940174: | 8e ff 4f d7 a0 c3 47 8f c4 18 15 a8 fe 48 37 58 Aug 26 13:09:10.940177: | 0f 69 91 92 3a 30 89 e6 da f5 da 29 43 0d 98 94 Aug 26 13:09:10.940179: | 4b bc cf b4 f2 45 ec 8e a0 db da 25 a9 ff 9b 21 Aug 26 13:09:10.940181: | 5d a8 a6 1d f5 a3 09 90 9d fa 1c c9 84 0b ac 7a Aug 26 13:09:10.940182: | 01 71 49 9d 51 e4 89 4f 47 85 df 7f 25 c9 17 98 Aug 26 13:09:10.940184: | 64 b0 47 39 74 1e 25 b6 00 5c 87 c3 3a 6c ec 6b Aug 26 13:09:10.940187: | 3d 53 67 f1 19 60 c7 cc d6 c3 96 bc 54 5d 9a b2 Aug 26 13:09:10.940189: | a7 b6 8a 35 d3 a4 d3 c0 78 39 1d a2 34 6a 92 f7 Aug 26 13:09:10.940190: | 59 89 a4 83 fc 8b cc 53 07 9f 9e 80 6d 44 37 28 Aug 26 13:09:10.940192: | e3 c5 dd 4e ee 26 05 6b 95 44 9d 76 c7 ad c2 fd Aug 26 13:09:10.940193: | 49 19 2f fb cf fd a6 f8 a4 84 21 Aug 26 13:09:10.940198: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.940201: | **parse ISAKMP Message: Aug 26 13:09:10.940203: | initiator cookie: Aug 26 13:09:10.940204: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.940206: | responder cookie: Aug 26 13:09:10.940207: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940209: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.940211: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.940213: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.940215: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.940217: | Message ID: 1 (0x1) Aug 26 13:09:10.940218: | length: 539 (0x21b) Aug 26 13:09:10.940220: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.940223: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.940226: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.940230: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.940233: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.940236: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940239: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940241: | #2 is idle Aug 26 13:09:10.940242: | #2 idle Aug 26 13:09:10.940244: | unpacking clear payload Aug 26 13:09:10.940245: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.940247: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.940249: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.940251: | flags: none (0x0) Aug 26 13:09:10.940253: | length: 511 (0x1ff) Aug 26 13:09:10.940254: | fragment number: 1 (0x1) Aug 26 13:09:10.940256: | total fragments: 5 (0x5) Aug 26 13:09:10.940258: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.940260: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.940262: | received IKE encrypted fragment number '1', total number '5', next payload '36' Aug 26 13:09:10.940264: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:09:10.940267: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.940271: | #1 spent 0.158 milliseconds in ikev2_process_packet() Aug 26 13:09:10.940274: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.940280: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.940285: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.940339: | spent 0.214 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.940353: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.940365: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.940368: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940371: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.940374: | 00 02 00 05 3f e9 3d d7 60 2c 3f 24 3d 5b 0f c1 Aug 26 13:09:10.940376: | 20 a5 7f fe ac 68 f2 a1 96 4a a7 53 45 4c 68 3d Aug 26 13:09:10.940379: | b8 27 b7 f2 de 04 74 77 e0 b8 cf 7e a6 38 66 21 Aug 26 13:09:10.940381: | 57 d9 b8 36 44 9c ba 72 31 02 c0 67 62 53 71 40 Aug 26 13:09:10.940386: | 4b f5 a5 a4 35 b3 4f 3d 78 7b e9 7e 3b 3b 98 22 Aug 26 13:09:10.940389: | b1 ba d4 49 d5 c5 ad ed db e9 38 9f 91 a8 1e 46 Aug 26 13:09:10.940391: | e1 fd 86 c3 8f 19 f7 c9 35 60 b1 74 ea 89 31 9b Aug 26 13:09:10.940394: | 9d 29 1d 62 55 f0 f1 d2 dd a2 5c 4c d8 9a d4 19 Aug 26 13:09:10.940396: | a4 ce 14 f4 fe f5 bf c0 42 21 34 13 f6 e0 e6 68 Aug 26 13:09:10.940399: | fc f4 ce ca 4b f7 2a 3f 98 bb e2 8c 49 5e 23 b7 Aug 26 13:09:10.940401: | 63 95 34 8a 4c ea f8 18 66 59 69 6c 19 83 e1 96 Aug 26 13:09:10.940404: | cc 42 4b a1 95 bf 35 e8 ba 76 ef 20 eb 56 9d 6b Aug 26 13:09:10.940406: | d9 4c 4d e5 2e 89 4f 5e 64 76 4e bb 83 81 99 a8 Aug 26 13:09:10.940409: | 06 ea f9 cb 16 1c b2 83 83 4e dc 7d 91 ea ea e8 Aug 26 13:09:10.940412: | f0 59 8d 8d 72 26 8e d5 9d 0f d0 90 1e b0 5c 6f Aug 26 13:09:10.940414: | fc 94 ce 41 2e 4f 22 03 26 b0 27 dc aa 43 32 5d Aug 26 13:09:10.940417: | 3f c0 96 17 ff f2 f8 31 ab 7f 0c 7a 6e 01 86 f7 Aug 26 13:09:10.940419: | af aa f2 e2 9b c7 b4 27 07 9e be e3 27 82 e7 1d Aug 26 13:09:10.940422: | c2 1d 38 f2 37 7d ff 81 e8 d4 7c 4a d3 f8 b8 be Aug 26 13:09:10.940424: | c5 4b e8 45 75 9c 0f bd 07 cb 8e 5f 21 a3 f2 87 Aug 26 13:09:10.940426: | d6 32 54 0e 2a f0 99 f5 d5 28 a2 c3 8a ea eb 45 Aug 26 13:09:10.940429: | 69 c5 8b 5a 5e 3f d8 19 c9 45 f2 80 75 12 16 7a Aug 26 13:09:10.940431: | 0c 22 6a b6 de 35 a0 5b 73 95 de 9a f5 97 41 5b Aug 26 13:09:10.940434: | 83 3c 6e 24 f8 a5 78 55 49 8f 95 5b db 55 f0 e1 Aug 26 13:09:10.940437: | 56 69 e4 6c 6e a7 22 f4 23 53 d9 50 47 ef 19 16 Aug 26 13:09:10.940439: | fa 70 ea 6a 40 28 07 04 e7 54 5e ad a6 13 8e ad Aug 26 13:09:10.940442: | 43 9d 05 f8 4e e5 87 70 38 4b 4e 28 e5 c5 00 c0 Aug 26 13:09:10.940445: | d6 3b 63 70 dd f0 9b 27 84 6e fb 2b b0 39 21 9a Aug 26 13:09:10.940448: | 02 2a b5 bb 67 69 38 f0 66 6e b9 b0 66 97 4e f7 Aug 26 13:09:10.940451: | 6d 6e 5d 2b af 44 7d f6 b5 54 e5 de 2f b7 46 ed Aug 26 13:09:10.940454: | 25 d4 8d c4 74 02 e9 70 1e f9 7d f2 74 18 f2 81 Aug 26 13:09:10.940457: | e0 df 5b fc 6f 6a d7 36 25 e4 f8 Aug 26 13:09:10.940462: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.940466: | **parse ISAKMP Message: Aug 26 13:09:10.940469: | initiator cookie: Aug 26 13:09:10.940471: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.940474: | responder cookie: Aug 26 13:09:10.940476: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940479: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.940482: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.940485: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.940487: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.940489: | Message ID: 1 (0x1) Aug 26 13:09:10.940491: | length: 539 (0x21b) Aug 26 13:09:10.940493: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.940495: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.940497: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.940501: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.940503: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.940505: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940508: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940510: | #2 is idle Aug 26 13:09:10.940511: | #2 idle Aug 26 13:09:10.940513: | unpacking clear payload Aug 26 13:09:10.940514: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.940516: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.940518: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.940521: | flags: none (0x0) Aug 26 13:09:10.940523: | length: 511 (0x1ff) Aug 26 13:09:10.940525: | fragment number: 2 (0x2) Aug 26 13:09:10.940526: | total fragments: 5 (0x5) Aug 26 13:09:10.940528: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.940530: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.940532: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 13:09:10.940535: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.940539: | #1 spent 0.17 milliseconds in ikev2_process_packet() Aug 26 13:09:10.940541: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.940543: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.940545: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.940548: | spent 0.18 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.940554: | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.940560: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.940562: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940564: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.940565: | 00 03 00 05 4f 4e d7 06 74 fb d2 a5 38 95 98 b3 Aug 26 13:09:10.940567: | 8b 3c 5a 5f be ce 49 f7 5e 54 51 dd 51 48 e5 46 Aug 26 13:09:10.940568: | 41 33 4f d6 82 69 6f 53 fe 8e 33 ae 1a b9 59 e7 Aug 26 13:09:10.940570: | 6d 3b 62 45 41 6e d8 62 60 fb 0d 36 79 1b b8 a0 Aug 26 13:09:10.940571: | 1d 33 a8 1c 62 f6 0e c4 b5 88 71 c4 87 22 72 83 Aug 26 13:09:10.940573: | d2 71 7a b3 56 26 82 34 10 b0 3c 5b f0 53 71 53 Aug 26 13:09:10.940575: | b2 b1 30 b2 40 14 63 a5 1e d0 fd 9e 1a a9 d4 6a Aug 26 13:09:10.940576: | 9c 1c 03 2a 24 ae c8 9b a2 88 25 36 4e 58 09 6f Aug 26 13:09:10.940578: | 30 67 0b cb d5 4a 90 50 4e f9 f6 45 9c 7b 87 50 Aug 26 13:09:10.940579: | 13 b2 2b 82 d2 5a 6e 89 c3 eb 3d e8 8a 39 cc 37 Aug 26 13:09:10.940581: | 84 06 96 4e 09 f8 2f 68 11 63 97 df 86 c3 d3 4b Aug 26 13:09:10.940582: | 92 6a 91 ce cc 55 56 66 be 8f 80 d2 96 7a 78 7c Aug 26 13:09:10.940584: | d7 da 42 da d8 63 3f 7f a6 ec 30 72 8e 43 3a 2c Aug 26 13:09:10.940585: | 61 7c 46 b3 41 6b 37 f2 1d 12 20 7a 52 8c 83 8f Aug 26 13:09:10.940587: | 78 ad c0 dd 07 07 2c 94 0d 7a 87 8b 21 89 a4 d7 Aug 26 13:09:10.940588: | e3 f8 3a 1b c8 97 33 47 1f ad 42 d0 2f 6f a1 57 Aug 26 13:09:10.940590: | 27 a7 da 05 0f 0c 1b e1 55 b9 e7 4d 14 b6 f2 af Aug 26 13:09:10.940592: | 1b 1c 43 e3 60 36 b8 d1 94 79 4e f5 9b fb 21 4b Aug 26 13:09:10.940594: | fb 15 2a 4e 41 a8 c0 f3 d8 74 2c 0e a6 c7 af ad Aug 26 13:09:10.940596: | 40 88 62 7e 03 84 dc b5 ae 5f a0 cd 0f ce c1 d1 Aug 26 13:09:10.940599: | 7d 2b fd 9f 3c ef 36 d9 ff 7d 25 49 4b 9f 40 da Aug 26 13:09:10.940601: | ce 9a e3 15 20 6a ca 31 d8 98 67 49 6a 15 02 7d Aug 26 13:09:10.940604: | a7 67 c2 c2 19 78 8b 0a fc 63 73 f9 40 e4 10 23 Aug 26 13:09:10.940606: | c1 43 a5 b8 2d 39 e0 fe 43 38 1d fc af dc f0 b0 Aug 26 13:09:10.940608: | 3d 1a af 7b 20 31 be 93 5b d6 0d bf 18 fb f8 fa Aug 26 13:09:10.940611: | c1 e4 b9 e7 0e 50 bc a4 50 e1 88 f3 d8 03 e5 06 Aug 26 13:09:10.940614: | c5 6c 78 a3 e9 92 6c 74 a9 bc 06 9b 1d 07 30 9c Aug 26 13:09:10.940616: | 48 2f ba ba 08 df 23 c2 8c e7 44 ef c8 88 62 1a Aug 26 13:09:10.940619: | fd 40 52 fb 22 82 65 d7 8f c1 93 9e 31 26 9e e4 Aug 26 13:09:10.940621: | 05 d1 a1 84 a6 da 25 34 90 e1 4d 0d 25 1a 95 ea Aug 26 13:09:10.940624: | 9c 9d 32 63 3d b6 c1 77 3d 14 51 3d d2 25 69 77 Aug 26 13:09:10.940626: | 37 74 76 fd ed 20 92 8c 46 4b 1f Aug 26 13:09:10.940631: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.940634: | **parse ISAKMP Message: Aug 26 13:09:10.940638: | initiator cookie: Aug 26 13:09:10.940641: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.940644: | responder cookie: Aug 26 13:09:10.940646: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940649: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.940652: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.940654: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.940657: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.940659: | Message ID: 1 (0x1) Aug 26 13:09:10.940663: | length: 539 (0x21b) Aug 26 13:09:10.940666: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.940670: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.940673: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.940678: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.940682: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.940686: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940690: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940693: | #2 is idle Aug 26 13:09:10.940695: | #2 idle Aug 26 13:09:10.940697: | unpacking clear payload Aug 26 13:09:10.940699: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.940702: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.940705: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.940708: | flags: none (0x0) Aug 26 13:09:10.940710: | length: 511 (0x1ff) Aug 26 13:09:10.940713: | fragment number: 3 (0x3) Aug 26 13:09:10.940715: | total fragments: 5 (0x5) Aug 26 13:09:10.940718: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.940720: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.940723: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 13:09:10.940729: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.940734: | #1 spent 0.176 milliseconds in ikev2_process_packet() Aug 26 13:09:10.940739: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.940742: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.940745: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.940750: | spent 0.193 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.940758: | spent 0.0017 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.940768: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.940771: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940774: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.940777: | 00 04 00 05 34 d0 c2 4a aa 3b 48 cd 8a fe 46 fc Aug 26 13:09:10.940778: | 4e 03 4a 5d 90 ab 1d 95 58 ef c1 e8 82 d1 eb d7 Aug 26 13:09:10.940780: | a5 d4 bc b2 53 03 46 9e a4 e5 a9 af dd e4 99 97 Aug 26 13:09:10.940781: | 54 87 51 e4 10 35 7b 1c 06 3a 11 7c 5c a1 11 7e Aug 26 13:09:10.940783: | f7 7b 74 33 8e 35 2b bf dc bf f2 69 e2 cb 40 1f Aug 26 13:09:10.940784: | c5 b4 fa f8 f3 3c d1 a9 cd 1e 65 70 97 c1 8a 35 Aug 26 13:09:10.940786: | 13 8f e2 03 c5 30 4a da e6 78 a6 75 96 56 4f 30 Aug 26 13:09:10.940787: | e5 3c 32 e9 3e 2d 26 8e b1 3c fe cb be 4d 4b 19 Aug 26 13:09:10.940789: | 2d 55 36 51 4e ed 68 66 4e 36 25 8b fb eb b1 5a Aug 26 13:09:10.940790: | 13 11 58 6b 17 5d a2 1a 1d c9 d1 70 b2 f3 8b 3c Aug 26 13:09:10.940792: | 44 8f 54 82 1b f9 c5 1f e3 47 6d cb 5c 51 04 43 Aug 26 13:09:10.940793: | ab f1 2d 4c b1 8d b9 80 33 9e 56 1d 28 e4 90 ea Aug 26 13:09:10.940797: | 9f 49 19 80 eb 28 e8 26 6a b9 8e f2 4a 55 cc 89 Aug 26 13:09:10.940798: | 37 9f 97 52 c1 8f f8 6b 55 6c 65 1b dc 53 0b a8 Aug 26 13:09:10.940800: | e9 3d 47 ab d2 2c 87 43 80 e6 93 06 77 da 4c 67 Aug 26 13:09:10.940801: | a3 30 e7 36 5c bc c8 8c 33 a3 cb 8d 99 df e1 0a Aug 26 13:09:10.940803: | 3b 42 8f b8 6d 40 70 f7 c3 81 4d 24 cd 33 e9 c2 Aug 26 13:09:10.940804: | 19 91 f0 c8 41 f1 e8 32 12 8a 61 a3 a5 a8 d7 2c Aug 26 13:09:10.940806: | fa a3 ea 5f f4 20 7f 58 d7 37 d9 f6 52 af e1 18 Aug 26 13:09:10.940807: | df 47 ca 97 6e 18 a5 b8 6c 68 cc 2c e1 6a 1c 9f Aug 26 13:09:10.940809: | 61 99 ce f2 f7 58 87 4d d8 b1 3f f3 46 fc 54 57 Aug 26 13:09:10.940810: | c9 be a4 d2 ca 03 aa a8 4d 42 6a 4b 7a 3a a2 bf Aug 26 13:09:10.940812: | ee d4 f1 fa e5 ac 86 c8 e5 89 80 ea 98 cc 80 b4 Aug 26 13:09:10.940814: | 42 7a 61 9f 9d a8 f7 d6 8a 0d 03 58 b1 16 13 66 Aug 26 13:09:10.940815: | 7c c3 61 c1 d5 cc 3f 24 0f 05 aa c1 7a 42 34 ec Aug 26 13:09:10.940817: | 4c 1d 21 5c 2d 9a c8 85 f7 79 51 3a 4c 61 e0 3e Aug 26 13:09:10.940818: | 97 07 c2 8d 76 64 5b 12 73 33 3d 73 b8 88 24 7e Aug 26 13:09:10.940820: | 84 52 16 cd 5b 6c 0d 48 74 5e fa 6d 4b ca 6d 4f Aug 26 13:09:10.940821: | c1 95 a2 5f 78 40 a0 b8 37 20 34 98 e8 59 27 68 Aug 26 13:09:10.940823: | 10 c6 1d 16 2c 5f 52 f3 fc 22 80 0e 15 36 09 50 Aug 26 13:09:10.940824: | 5e 73 98 7e 3b 07 a7 39 6c 65 73 1b d6 17 c3 e6 Aug 26 13:09:10.940826: | e1 c2 9d aa 1d da a3 47 9a 43 8c Aug 26 13:09:10.940829: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.940830: | **parse ISAKMP Message: Aug 26 13:09:10.940832: | initiator cookie: Aug 26 13:09:10.940834: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.940835: | responder cookie: Aug 26 13:09:10.940837: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940838: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.940840: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.940843: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.940845: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.940848: | Message ID: 1 (0x1) Aug 26 13:09:10.940850: | length: 539 (0x21b) Aug 26 13:09:10.940853: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.940855: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.940858: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.940863: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.940866: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.940870: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940875: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.940877: | #2 is idle Aug 26 13:09:10.940879: | #2 idle Aug 26 13:09:10.940882: | unpacking clear payload Aug 26 13:09:10.940884: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.940887: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.940889: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.940892: | flags: none (0x0) Aug 26 13:09:10.940894: | length: 511 (0x1ff) Aug 26 13:09:10.940897: | fragment number: 4 (0x4) Aug 26 13:09:10.940899: | total fragments: 5 (0x5) Aug 26 13:09:10.940902: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.940904: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.940907: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 13:09:10.940912: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.940918: | #1 spent 0.155 milliseconds in ikev2_process_packet() Aug 26 13:09:10.940922: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.940926: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.940929: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.940933: | spent 0.17 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.940940: | spent 0.00145 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.940949: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.940953: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940955: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 13:09:10.940958: | 00 05 00 05 39 9f 6d 50 ce 3a 22 a2 29 1d 4d fa Aug 26 13:09:10.940960: | 21 68 eb f8 68 4e db f1 84 c9 9c 01 5b 68 ad b7 Aug 26 13:09:10.940963: | e1 1b 5b 97 1e 70 67 10 11 6d 90 67 f1 c0 13 11 Aug 26 13:09:10.940965: | 96 Aug 26 13:09:10.940969: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.940973: | **parse ISAKMP Message: Aug 26 13:09:10.940975: | initiator cookie: Aug 26 13:09:10.940977: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.940980: | responder cookie: Aug 26 13:09:10.940983: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.940985: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.940988: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.940991: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.940994: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.940996: | Message ID: 1 (0x1) Aug 26 13:09:10.940999: | length: 81 (0x51) Aug 26 13:09:10.941002: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.941005: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.941008: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.941014: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.941018: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.941022: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.941027: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.941029: | #2 is idle Aug 26 13:09:10.941032: | #2 idle Aug 26 13:09:10.941035: | unpacking clear payload Aug 26 13:09:10.941038: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.941040: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.941043: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.941046: | flags: none (0x0) Aug 26 13:09:10.941048: | length: 53 (0x35) Aug 26 13:09:10.941051: | fragment number: 5 (0x5) Aug 26 13:09:10.941054: | total fragments: 5 (0x5) Aug 26 13:09:10.941057: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Aug 26 13:09:10.941060: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.941063: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 13:09:10.941098: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:10.941103: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.941106: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.941109: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 13:09:10.941112: | flags: none (0x0) Aug 26 13:09:10.941114: | length: 191 (0xbf) Aug 26 13:09:10.941117: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.941120: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 13:09:10.941123: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.941126: | **parse IKEv2 Certificate Payload: Aug 26 13:09:10.941131: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.941134: | flags: none (0x0) Aug 26 13:09:10.941137: | length: 1265 (0x4f1) Aug 26 13:09:10.941140: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.941142: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Aug 26 13:09:10.941145: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.941148: | **parse IKEv2 Authentication Payload: Aug 26 13:09:10.941151: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.941154: | flags: none (0x0) Aug 26 13:09:10.941157: | length: 392 (0x188) Aug 26 13:09:10.941160: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.941163: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 13:09:10.941165: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.941168: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.941171: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.941174: | flags: none (0x0) Aug 26 13:09:10.941176: | length: 36 (0x24) Aug 26 13:09:10.941179: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:09:10.941181: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.941184: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.941187: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.941190: | flags: none (0x0) Aug 26 13:09:10.941193: | length: 24 (0x18) Aug 26 13:09:10.941196: | number of TS: 1 (0x1) Aug 26 13:09:10.941198: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.941201: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.941204: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.941206: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.941209: | flags: none (0x0) Aug 26 13:09:10.941211: | length: 24 (0x18) Aug 26 13:09:10.941214: | number of TS: 1 (0x1) Aug 26 13:09:10.941217: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.941220: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:09:10.941223: | Now let's proceed with state specific processing Aug 26 13:09:10.941225: | calling processor Initiator: process IKE_AUTH response Aug 26 13:09:10.941233: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:09:10.941237: loading root certificate cache Aug 26 13:09:10.944789: | spent 3.5 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:09:10.944824: | spent 0.0217 milliseconds in get_root_certs() filtering CAs Aug 26 13:09:10.944830: | #1 spent 3.56 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:09:10.944833: | checking for known CERT payloads Aug 26 13:09:10.944835: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:09:10.944863: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.944868: | #1 spent 0.0341 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:09:10.944872: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.944906: | #1 spent 0.034 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:09:10.944910: | missing or expired CRL Aug 26 13:09:10.944913: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:09:10.944915: | verify_end_cert trying profile IPsec Aug 26 13:09:10.945002: | certificate is valid (profile IPsec) Aug 26 13:09:10.945008: | #1 spent 0.095 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:09:10.945013: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.945076: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d1adb8 Aug 26 13:09:10.945083: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d1a3f8 Aug 26 13:09:10.945086: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d11b48 Aug 26 13:09:10.945087: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d13b38 Aug 26 13:09:10.945089: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555ab9d1d5d8 Aug 26 13:09:10.945325: | unreference key: 0x555ab9d20418 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.945342: | #1 spent 0.282 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:09:10.945347: | #1 spent 4.04 milliseconds in decode_certs() Aug 26 13:09:10.945352: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.945355: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.945358: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.945360: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.945362: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.945363: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.945365: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.945366: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.945368: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.945370: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.945371: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.945373: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.945382: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.945386: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 13:09:10.945388: | X509: CERT and ID matches current connection Aug 26 13:09:10.945394: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.945401: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.945465: | verifying AUTH payload Aug 26 13:09:10.945482: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.945493: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.945499: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.945506: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.945512: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.945666: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 13:09:10.945675: | #1 spent 0.157 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:10.945679: "northnet-eastnets/0x1" #2: Authenticated using RSA Aug 26 13:09:10.945692: | #1 spent 0.221 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:10.945697: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:09:10.945703: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:09:10.945706: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:10.945712: | libevent_free: release ptr-libevent@0x7f44c8002888 Aug 26 13:09:10.945716: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555ab9cfad98 Aug 26 13:09:10.945719: | event_schedule: new EVENT_SA_REKEY-pe@0x555ab9cfad98 Aug 26 13:09:10.945723: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:09:10.945726: | libevent_malloc: new ptr-libevent@0x555ab9d231d8 size 128 Aug 26 13:09:10.945833: | pstats #1 ikev2.ike established Aug 26 13:09:10.945843: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.945848: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.945851: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.945854: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.945857: | length: 16 (0x10) Aug 26 13:09:10.945859: | start port: 0 (0x0) Aug 26 13:09:10.945862: | end port: 65535 (0xffff) Aug 26 13:09:10.945865: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.945868: | TS low c0 00 03 00 Aug 26 13:09:10.945871: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.945874: | TS high c0 00 03 ff Aug 26 13:09:10.945877: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.945879: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.945882: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.945885: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.945887: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.945890: | length: 16 (0x10) Aug 26 13:09:10.945893: | start port: 0 (0x0) Aug 26 13:09:10.945895: | end port: 65535 (0xffff) Aug 26 13:09:10.945898: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.945900: | TS low c0 00 02 00 Aug 26 13:09:10.945903: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.945906: | TS high c0 00 02 ff Aug 26 13:09:10.945908: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.945915: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:10.945920: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.945928: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.945931: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.945934: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.945937: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.945940: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.945945: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.945951: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:10.945954: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.945957: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.945960: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.945963: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.945966: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.945969: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:10.945971: | printing contents struct traffic_selector Aug 26 13:09:10.945974: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.945976: | ipprotoid: 0 Aug 26 13:09:10.945979: | port range: 0-65535 Aug 26 13:09:10.945983: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.945986: | printing contents struct traffic_selector Aug 26 13:09:10.945988: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.945991: | ipprotoid: 0 Aug 26 13:09:10.945993: | port range: 0-65535 Aug 26 13:09:10.946000: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:10.946015: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.946019: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:09:10.946023: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.946026: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.946029: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.946032: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.946034: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.946038: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.946041: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.946044: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.946046: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.946049: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.946052: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.946055: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.946058: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.946061: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.946063: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.946066: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.946068: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.946071: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.946074: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.946077: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.946080: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.946082: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.946085: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.946088: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.946091: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.946094: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.946097: | length: 32 (0x20) Aug 26 13:09:10.946100: | prop #: 1 (0x1) Aug 26 13:09:10.946103: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.946105: | spi size: 4 (0x4) Aug 26 13:09:10.946108: | # transforms: 2 (0x2) Aug 26 13:09:10.946112: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.946114: | remote SPI 7e 40 a7 ce Aug 26 13:09:10.946118: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:10.946121: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.946123: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.946126: | length: 12 (0xc) Aug 26 13:09:10.946129: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.946131: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.946134: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.946137: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.946140: | length/value: 256 (0x100) Aug 26 13:09:10.946145: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.946148: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.946150: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.946153: | length: 8 (0x8) Aug 26 13:09:10.946155: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.946158: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.946162: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.946167: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:09:10.946172: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:09:10.946175: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.946178: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:09:10.946183: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=7e40a7ce;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:09:10.946186: | converting proposal to internal trans attrs Aug 26 13:09:10.946192: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.946420: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:09:10.946430: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:10.946433: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.946451: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.946455: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.946458: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.946461: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.946465: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.946469: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.946473: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.946476: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.946479: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.946484: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.946488: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.946491: | netlink: enabling tunnel mode Aug 26 13:09:10.946494: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.946497: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.946574: | netlink response for Add SA esp.7e40a7ce@192.1.2.23 included non-error error Aug 26 13:09:10.946579: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.946582: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.946586: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.946588: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.946591: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.946595: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.946598: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.946601: | netlink: enabling tunnel mode Aug 26 13:09:10.946604: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.946607: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.946641: | netlink response for Add SA esp.ac7974ac@192.1.3.33 included non-error error Aug 26 13:09:10.946646: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.946653: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:10.946657: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.946679: | raw_eroute result=success Aug 26 13:09:10.946683: | set up incoming SA, ref=0/0 Aug 26 13:09:10.946686: | sr for #2: unrouted Aug 26 13:09:10.946689: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.946692: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.946695: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.946698: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.946701: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.946706: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.946710: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.946714: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:09:10.946718: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.946726: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:09:10.946730: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.946742: | raw_eroute result=success Aug 26 13:09:10.946746: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.946749: | command executing up-client Aug 26 13:09:10.946779: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.946786: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.946806: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:09:10.946810: | popen cmd is 1406 chars long Aug 26 13:09:10.946813: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.946816: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 13:09:10.946818: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 13:09:10.946821: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:10.946824: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:10.946827: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 13:09:10.946830: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:10.946832: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 13:09:10.946835: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 13:09:10.946838: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:09:10.946841: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.946844: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 13:09:10.946847: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Aug 26 13:09:10.946849: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 13:09:10.946852: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 13:09:10.946855: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 13:09:10.946859: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 13:09:10.946875: | cmd(1360):7e40a7ce SPI_OUT=0xac7974ac ipsec _updown 2>&1: Aug 26 13:09:10.956626: | route_and_eroute: firewall_notified: true Aug 26 13:09:10.956649: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:10.956654: | command executing prepare-client Aug 26 13:09:10.956687: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.956695: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.956716: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 13:09:10.956721: | popen cmd is 1411 chars long Aug 26 13:09:10.956724: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:10.956727: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:10.956730: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.956733: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:10.956736: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:10.956739: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 13:09:10.956742: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 13:09:10.956745: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 13:09:10.956747: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:09:10.956750: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:10.956753: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:10.956756: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:10.956759: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 13:09:10.956762: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 13:09:10.956764: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 13:09:10.956767: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 13:09:10.956770: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 13:09:10.956773: | cmd(1360):IN=0x7e40a7ce SPI_OUT=0xac7974ac ipsec _updown 2>&1: Aug 26 13:09:10.967278: | running updown command "ipsec _updown" for verb route Aug 26 13:09:10.967300: | command executing route-client Aug 26 13:09:10.967334: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967342: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967365: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 13:09:10.967369: | popen cmd is 1409 chars long Aug 26 13:09:10.967373: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:10.967376: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 13:09:10.967379: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 13:09:10.967382: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:10.967385: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:10.967388: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:10.967390: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:10.967393: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 13:09:10.967396: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:09:10.967399: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:09:10.967402: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 13:09:10.967404: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 13:09:10.967407: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Aug 26 13:09:10.967408: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 13:09:10.967410: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 13:09:10.967412: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 13:09:10.967413: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 13:09:10.967415: | cmd(1360):=0x7e40a7ce SPI_OUT=0xac7974ac ipsec _updown 2>&1: Aug 26 13:09:10.980224: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x555ab9cf0fb8,sr=0x555ab9cf0fb8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:10.980317: | #1 spent 1.95 milliseconds in install_ipsec_sa() Aug 26 13:09:10.980327: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:09:10.980332: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:10.980336: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:09:10.980350: | libevent_free: release ptr-libevent@0x555ab9d0a448 Aug 26 13:09:10.980357: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f44c8002b78 Aug 26 13:09:10.980364: | #2 spent 7.09 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:09:10.980374: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.980378: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:09:10.980381: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:09:10.980386: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:10.980389: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:09:10.980395: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:09:10.980400: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.980404: | pstats #2 ikev2.child established Aug 26 13:09:10.980411: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:09:10.980420: | NAT-T: encaps is 'auto' Aug 26 13:09:10.980424: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x7e40a7ce <0xac7974ac xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:09:10.980428: | releasing whack for #2 (sock=fd@26) Aug 26 13:09:10.980430: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 13:09:10.980432: | releasing whack and unpending for parent #1 Aug 26 13:09:10.980434: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 13:09:10.980440: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Aug 26 13:09:10.980443: | removing pending policy for no connection {0x555ab9cdd958} Aug 26 13:09:10.980449: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:10.980457: | creating state object #3 at 0x555ab9d11048 Aug 26 13:09:10.980459: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:09:10.980466: | pstats #3 ikev2.child started Aug 26 13:09:10.980469: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:09:10.980473: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.980482: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.980485: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:10.980488: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:10.980491: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 13:09:10.980494: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:10.980496: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Aug 26 13:09:10.980499: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.980504: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.980506: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.980509: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.980511: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.980514: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.980518: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.980521: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.980525: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.980534: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 13:09:10.980538: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f44c8002b78 Aug 26 13:09:10.980541: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:09:10.980545: | libevent_malloc: new ptr-libevent@0x555ab9d202b8 size 128 Aug 26 13:09:10.980552: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:10.980555: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:10.980557: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Aug 26 13:09:10.980559: | removing pending policy for no connection {0x555ab9bde898} Aug 26 13:09:10.980561: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:09:10.980565: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:09:10.980567: | event_schedule: new EVENT_SA_REKEY-pe@0x555ab9d13d98 Aug 26 13:09:10.980569: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:09:10.980571: | libevent_malloc: new ptr-libevent@0x555ab9cf37b8 size 128 Aug 26 13:09:10.980573: | libevent_realloc: release ptr-libevent@0x555ab9c8a218 Aug 26 13:09:10.980577: | libevent_realloc: new ptr-libevent@0x555ab9cf2e98 size 128 Aug 26 13:09:10.980581: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.980584: | #1 spent 7.6 milliseconds in ikev2_process_packet() Aug 26 13:09:10.980589: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.980591: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.980594: | spent 7.61 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.980605: | timer_event_cb: processing event@0x7f44c8002b78 Aug 26 13:09:10.980607: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:09:10.980610: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:10.980615: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:09:10.980617: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:10.980619: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:10.980621: | libevent_malloc: new ptr-libevent@0x555ab9cf2158 size 128 Aug 26 13:09:10.980626: | libevent_free: release ptr-libevent@0x555ab9d202b8 Aug 26 13:09:10.980630: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f44c8002b78 Aug 26 13:09:10.980633: | crypto helper 1 resuming Aug 26 13:09:10.980635: | #3 spent 0.0286 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:10.980642: | crypto helper 1 starting work-order 3 for state #3 Aug 26 13:09:10.980649: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:09:10.980652: | crypto helper 1 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 13:09:10.980653: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.980659: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.980665: | spent 0.00776 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.980668: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.980672: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.980675: | spent 0.00347 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.980677: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.980681: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.980684: | spent 0.00365 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.981342: | crypto helper 1 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000688 seconds Aug 26 13:09:10.981355: | (#3) spent 0.69 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 13:09:10.981358: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Aug 26 13:09:10.981362: | scheduling resume sending helper answer for #3 Aug 26 13:09:10.981381: | libevent_malloc: new ptr-libevent@0x7f44c4002888 size 128 Aug 26 13:09:10.981390: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:10.981448: | processing resume sending helper answer for #3 Aug 26 13:09:10.981457: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.981461: | crypto helper 1 replies to request ID 3 Aug 26 13:09:10.981463: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:10.981467: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 13:09:10.981469: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.981471: | libevent_free: release ptr-libevent@0x555ab9cf2158 Aug 26 13:09:10.981474: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:10.981476: | event_schedule: new EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:10.981479: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:09:10.981481: | libevent_malloc: new ptr-libevent@0x555ab9cf2158 size 128 Aug 26 13:09:10.981484: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.981486: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:09:10.981488: | libevent_malloc: new ptr-libevent@0x555ab9d202b8 size 128 Aug 26 13:09:10.981492: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.981495: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 13:09:10.981497: | suspending state #3 and saving MD Aug 26 13:09:10.981498: | #3 is busy; has a suspended MD Aug 26 13:09:10.981501: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.981504: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.981506: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:09:10.981510: | #3 spent 0.0479 milliseconds in resume sending helper answer Aug 26 13:09:10.981513: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:10.981515: | libevent_free: release ptr-libevent@0x7f44c4002888 Aug 26 13:09:10.981518: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:09:10.981521: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:09:10.981524: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.981527: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:10.981532: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:10.981554: | **emit ISAKMP Message: Aug 26 13:09:10.981556: | initiator cookie: Aug 26 13:09:10.981558: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.981559: | responder cookie: Aug 26 13:09:10.981561: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.981563: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.981565: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.981567: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:10.981570: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.981571: | Message ID: 2 (0x2) Aug 26 13:09:10.981573: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.981576: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.981578: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.981579: | flags: none (0x0) Aug 26 13:09:10.981581: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.981583: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.981586: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.981606: | netlink_get_spi: allocated 0xc891c148 for esp.0@192.1.3.33 Aug 26 13:09:10.981608: | Emitting ikev2_proposals ... Aug 26 13:09:10.981610: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.981612: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.981614: | flags: none (0x0) Aug 26 13:09:10.981616: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.981618: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.981620: | discarding INTEG=NONE Aug 26 13:09:10.981622: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.981624: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981626: | prop #: 1 (0x1) Aug 26 13:09:10.981627: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.981629: | spi size: 4 (0x4) Aug 26 13:09:10.981631: | # transforms: 3 (0x3) Aug 26 13:09:10.981633: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.981635: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.981637: | our spi c8 91 c1 48 Aug 26 13:09:10.981638: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981642: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.981644: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.981646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981649: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.981653: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.981655: | length/value: 256 (0x100) Aug 26 13:09:10.981658: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.981661: | discarding INTEG=NONE Aug 26 13:09:10.981664: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.981673: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.981676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981685: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981688: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981690: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.981693: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.981696: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.981699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981705: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981708: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:10.981711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.981714: | discarding INTEG=NONE Aug 26 13:09:10.981717: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.981720: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981722: | prop #: 2 (0x2) Aug 26 13:09:10.981725: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.981727: | spi size: 4 (0x4) Aug 26 13:09:10.981730: | # transforms: 3 (0x3) Aug 26 13:09:10.981733: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981737: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.981740: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.981743: | our spi c8 91 c1 48 Aug 26 13:09:10.981745: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981751: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.981754: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.981757: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981759: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.981762: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.981765: | length/value: 128 (0x80) Aug 26 13:09:10.981768: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.981771: | discarding INTEG=NONE Aug 26 13:09:10.981774: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.981783: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.981787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981794: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981797: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981800: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.981802: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.981805: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.981808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981814: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981818: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:10.981821: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.981825: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.981827: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981830: | prop #: 3 (0x3) Aug 26 13:09:10.981833: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.981835: | spi size: 4 (0x4) Aug 26 13:09:10.981838: | # transforms: 5 (0x5) Aug 26 13:09:10.981842: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981845: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.981848: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.981851: | our spi c8 91 c1 48 Aug 26 13:09:10.981854: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981859: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.981862: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.981865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981868: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.981871: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.981873: | length/value: 256 (0x100) Aug 26 13:09:10.981876: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.981879: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981884: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.981887: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.981890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981896: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981899: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981904: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.981907: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.981910: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981916: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981919: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981924: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.981927: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.981931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981938: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981941: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.981944: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.981949: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.981952: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.981956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.981959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.981961: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.981964: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:10.981967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.981970: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.981973: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.981975: | prop #: 4 (0x4) Aug 26 13:09:10.981978: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.981980: | spi size: 4 (0x4) Aug 26 13:09:10.981983: | # transforms: 5 (0x5) Aug 26 13:09:10.981986: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.981989: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.981992: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.981995: | our spi c8 91 c1 48 Aug 26 13:09:10.981998: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982003: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.982005: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.982008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.982011: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.982014: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.982016: | length/value: 128 (0x80) Aug 26 13:09:10.982019: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.982021: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982027: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.982029: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.982032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.982038: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.982041: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982046: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.982049: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.982052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982055: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.982058: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.982061: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982066: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.982069: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.982074: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.982080: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.982083: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.982085: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.982088: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.982090: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.982094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.982097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.982100: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.982102: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:10.982105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.982108: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:09:10.982111: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.982114: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:10.982117: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.982120: | flags: none (0x0) Aug 26 13:09:10.982123: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.982126: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.982130: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.982133: | IKEv2 nonce 10 b2 1f 15 15 33 02 51 9f f5 27 6f a8 26 8e f7 Aug 26 13:09:10.982136: | IKEv2 nonce d7 22 5f 3b 96 7d fe dc 8f a2 ff e9 f6 d8 79 a0 Aug 26 13:09:10.982139: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.982142: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.982145: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.982147: | flags: none (0x0) Aug 26 13:09:10.982151: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.982154: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.982157: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.982161: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.982164: | ikev2 g^x ed 93 18 db 06 79 72 30 d3 6a 68 5e 09 ad 6a 7c Aug 26 13:09:10.982167: | ikev2 g^x 39 05 e8 ed dc b0 59 53 51 74 fb 69 8f 98 0d 5d Aug 26 13:09:10.982169: | ikev2 g^x 94 f3 8a f8 ee 8f 2b d3 8f 2b 65 41 ee f9 2b ab Aug 26 13:09:10.982172: | ikev2 g^x 13 0f 1d 7a 62 41 e4 c1 86 f9 05 e2 a4 27 4f e0 Aug 26 13:09:10.982175: | ikev2 g^x a7 55 22 d6 e6 7e e5 f5 a2 03 12 98 ec b2 78 2d Aug 26 13:09:10.982177: | ikev2 g^x 56 35 99 22 39 67 5d 96 3f f2 17 b3 a3 9c 97 d3 Aug 26 13:09:10.982180: | ikev2 g^x 69 db e1 c0 26 55 24 68 ba ec 9c 81 b3 85 ce 56 Aug 26 13:09:10.982183: | ikev2 g^x 07 59 f4 98 0a 24 9a 20 54 82 13 45 36 8f a6 5e Aug 26 13:09:10.982186: | ikev2 g^x 2b ce c2 74 c4 03 f4 ae d9 e3 4d 0f 1e 97 f4 71 Aug 26 13:09:10.982188: | ikev2 g^x a8 97 60 91 47 b4 0a 3f be 36 e4 f9 a1 30 8a 5e Aug 26 13:09:10.982191: | ikev2 g^x 4f 2f f3 b5 fb 46 e7 d5 94 db c6 5e 61 b5 78 0f Aug 26 13:09:10.982193: | ikev2 g^x 4c 59 52 f5 17 81 0d 27 5c ff d0 a2 6b 01 33 79 Aug 26 13:09:10.982198: | ikev2 g^x ad 3e 65 56 c7 ac 98 02 c2 6b d3 17 a4 a9 d7 c6 Aug 26 13:09:10.982201: | ikev2 g^x 95 35 81 4a 1c 8e 51 4a 42 b8 f6 33 bd f4 eb 90 Aug 26 13:09:10.982203: | ikev2 g^x 29 c3 33 43 7d be 78 8d 20 9e 08 0c 09 67 a3 3d Aug 26 13:09:10.982206: | ikev2 g^x 33 1b cd b2 35 de f0 f9 0b f7 32 16 22 98 ed 86 Aug 26 13:09:10.982209: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.982213: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.982216: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.982219: | flags: none (0x0) Aug 26 13:09:10.982222: | number of TS: 1 (0x1) Aug 26 13:09:10.982226: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.982229: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.982232: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.982235: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.982238: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.982241: | start port: 0 (0x0) Aug 26 13:09:10.982244: | end port: 65535 (0xffff) Aug 26 13:09:10.982247: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.982250: | ipv4 start c0 00 03 00 Aug 26 13:09:10.982252: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.982255: | ipv4 end c0 00 03 ff Aug 26 13:09:10.982258: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.982261: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.982264: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.982267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.982270: | flags: none (0x0) Aug 26 13:09:10.982273: | number of TS: 1 (0x1) Aug 26 13:09:10.982276: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.982280: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.982282: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.982286: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.982298: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.982304: | start port: 0 (0x0) Aug 26 13:09:10.982307: | end port: 65535 (0xffff) Aug 26 13:09:10.982310: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.982312: | ipv4 start c0 00 16 00 Aug 26 13:09:10.982314: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.982317: | ipv4 end c0 00 16 ff Aug 26 13:09:10.982319: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.982322: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.982325: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:10.982328: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.982332: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.982336: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.982339: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 13:09:10.982342: | emitting length of ISAKMP Message: 601 Aug 26 13:09:10.982371: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.982378: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 13:09:10.982381: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 13:09:10.982385: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 13:09:10.982391: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:09:10.982395: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:10.982400: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:09:10.982404: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:10.982417: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:10.982427: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.982430: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.982433: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 13:09:10.982436: | 68 cc d7 3b 26 97 37 c6 8b 07 1e d8 92 eb bc 16 Aug 26 13:09:10.982438: | 38 48 90 6e 85 24 03 97 2b 7c 38 12 f9 b9 3c 4f Aug 26 13:09:10.982441: | 42 ef 6d 87 70 94 ad 84 4b 7a 3d db a6 70 09 67 Aug 26 13:09:10.982443: | 13 13 ed ec f8 97 ad 9a 7c d0 e5 62 7e 3c 31 cc Aug 26 13:09:10.982446: | e6 01 6e 4e a3 38 bc 75 57 7a 7c 9e 12 02 de 9f Aug 26 13:09:10.982449: | 05 8b f5 2c 8e 06 bf 5e cc 20 ba 59 c3 a5 5e a3 Aug 26 13:09:10.982451: | dd 73 bd ec 6b a4 14 de ee 6d b5 d3 03 4b f7 ac Aug 26 13:09:10.982454: | c9 df 63 e9 0e e7 10 7e 09 fa bc d7 b9 3c d5 d5 Aug 26 13:09:10.982456: | 88 3b ab 62 f9 7e 75 06 d4 a8 3c ec c4 8f cc 7c Aug 26 13:09:10.982459: | 4e 2e 10 a3 b6 40 a2 f5 9b 88 fa 2a 8d 58 dc e0 Aug 26 13:09:10.982461: | 82 3e e5 03 74 f6 16 5a cb e8 5a 47 5f ca 8c e2 Aug 26 13:09:10.982464: | 45 e2 fe df 31 65 00 8d f1 42 c1 35 a4 2d 1b f5 Aug 26 13:09:10.982466: | f3 cd 1f 87 cb ac a5 5a f3 8e de 27 70 86 02 66 Aug 26 13:09:10.982469: | 9d dc 8f 70 28 4e de ba 54 05 e8 05 37 53 93 b2 Aug 26 13:09:10.982471: | fd b2 f5 9b d9 ef 3c 53 ab 20 77 4b b6 f5 16 ad Aug 26 13:09:10.982474: | aa e3 a8 e0 85 36 9e 9e 72 b6 a4 a5 a8 52 c0 08 Aug 26 13:09:10.982477: | 1a b9 9f d0 67 da ad 89 64 72 cb a1 f4 f8 71 5a Aug 26 13:09:10.982479: | 6a 8b 91 6d 92 ee 86 1c 3c 23 2e c3 30 e6 06 e6 Aug 26 13:09:10.982482: | 96 56 bc 10 31 4c 60 34 fe 55 45 b1 64 48 63 04 Aug 26 13:09:10.982484: | 89 e4 2c 7a 01 97 69 da 96 7e a7 bc 19 6c 23 8d Aug 26 13:09:10.982487: | 6e b8 c0 e4 8a f4 74 06 93 c9 cc db 0c 77 55 f8 Aug 26 13:09:10.982489: | 31 b1 8a 0a 66 bb d6 dc 7b e8 cd a5 b8 38 f5 ef Aug 26 13:09:10.982492: | 2a 56 d8 51 80 24 a3 8f 3c 9e 8a 03 59 74 37 2b Aug 26 13:09:10.982494: | 0d 10 b8 d9 15 79 32 bc ae e6 77 73 c1 fb 5e af Aug 26 13:09:10.982497: | 0c eb a3 d2 f6 d9 59 8d b9 3e 4e ac a1 b1 8c 88 Aug 26 13:09:10.982499: | 55 1a 1e 2c d8 82 06 91 34 40 2e ea 6a 76 b3 dd Aug 26 13:09:10.982502: | e4 2a 22 49 32 8b a6 ee 07 51 6b 9b 10 52 ed 22 Aug 26 13:09:10.982504: | e3 33 e9 45 8b 97 27 c9 7c 7f c3 74 f2 db 69 71 Aug 26 13:09:10.982507: | 3e 08 47 62 61 ea 9d 6b 76 57 37 ff 4d 56 36 92 Aug 26 13:09:10.982509: | db b1 93 b6 4d 2c 25 b4 e4 49 5b ac e5 c1 1b 1a Aug 26 13:09:10.982512: | 47 c3 06 2f 9a 08 63 24 06 f9 64 f2 e0 17 65 6b Aug 26 13:09:10.982515: | 63 bb ac 62 8e 13 22 3a 15 19 b2 f7 cb 3f a1 61 Aug 26 13:09:10.982517: | 13 e1 45 f1 0c 8a b9 ec d3 9c 19 ed a9 63 b4 39 Aug 26 13:09:10.982520: | bd 49 3a b6 53 ac 02 45 56 54 86 85 23 fe f0 f7 Aug 26 13:09:10.982522: | 95 49 bc db 8d 7e a3 3c a0 f2 a3 b2 b8 28 8a 92 Aug 26 13:09:10.982524: | 74 54 e5 4f 96 28 d7 0a b2 Aug 26 13:09:10.982575: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:10.982580: | libevent_free: release ptr-libevent@0x555ab9cf2158 Aug 26 13:09:10.982584: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:10.982587: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:10.982590: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:10.982602: | event_schedule: new EVENT_RETRANSMIT-pe@0x555ab9c8a218 Aug 26 13:09:10.982606: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Aug 26 13:09:10.982609: | libevent_malloc: new ptr-libevent@0x555ab9cf2158 size 128 Aug 26 13:09:10.982614: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.725067 Aug 26 13:09:10.982620: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:10.982625: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:10.982630: | #1 spent 1.07 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:09:10.982636: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:09:10.982639: | libevent_free: release ptr-libevent@0x555ab9d202b8 Aug 26 13:09:10.997041: | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.997062: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.997065: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.997067: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:09:10.997069: | be 88 9c 0d fe 05 44 2f d4 a1 a8 78 c2 07 8f bb Aug 26 13:09:10.997070: | db 70 68 c4 de e9 d3 ec 0d f2 7b d4 04 a6 1f f0 Aug 26 13:09:10.997072: | df 54 c0 af 0e 2b 49 c9 2c b7 6c 11 f1 72 aa a8 Aug 26 13:09:10.997073: | 02 24 5e 35 02 ff 45 f9 81 a3 e3 79 f5 0c 6e 41 Aug 26 13:09:10.997075: | 1e ba cd b3 34 ce 19 30 1c 21 45 46 5c 05 b7 c0 Aug 26 13:09:10.997076: | 25 2c 6c 3b 37 03 de ea f9 d1 85 4d 88 f1 01 b6 Aug 26 13:09:10.997078: | cd 89 df 16 95 49 5e 43 af 8e fc c9 24 62 e4 21 Aug 26 13:09:10.997079: | 1f e5 08 b7 6f 61 ba 83 39 7c e1 8c 75 53 07 e2 Aug 26 13:09:10.997081: | 5c 00 02 44 f3 f5 fd f2 5c fd 69 d5 13 d7 85 30 Aug 26 13:09:10.997082: | 8a 6d 61 92 d6 26 b9 0f d6 55 66 7a 83 4f a0 e0 Aug 26 13:09:10.997084: | 04 86 19 5c 8b ca 01 f3 62 9b 72 00 8e 45 18 3a Aug 26 13:09:10.997085: | 1b ec 94 21 71 64 ef 26 cb ff 22 83 4e 68 92 b5 Aug 26 13:09:10.997087: | 8e 99 9c 49 a4 5b 97 73 e0 7f ec 67 6d b9 dc 68 Aug 26 13:09:10.997089: | 62 c3 51 64 89 db c7 a1 2d f1 75 91 3b 24 5f ec Aug 26 13:09:10.997090: | 29 8a d2 0b ad 34 a4 e4 59 b1 fb f0 a6 f2 ea 01 Aug 26 13:09:10.997092: | 19 43 e3 b4 57 be 5d 00 0a 41 25 11 48 c1 90 6d Aug 26 13:09:10.997093: | d3 14 25 9f 97 3c 53 4d e5 39 f3 5e a2 e9 da 91 Aug 26 13:09:10.997095: | 4c f8 fc ea 3c 37 4f 3a f5 ed 07 88 11 db 3d a8 Aug 26 13:09:10.997096: | 16 eb 87 06 68 40 35 72 bb 1c 87 0e 8b 06 61 46 Aug 26 13:09:10.997098: | 9c 38 e3 f4 fe 04 ef af ff 88 0e 11 4b ee 59 82 Aug 26 13:09:10.997099: | 20 01 58 bf 01 6d 6a 45 1f 62 73 22 43 38 68 71 Aug 26 13:09:10.997101: | 67 9f 50 97 57 59 7f b4 ee 4f fb 58 84 73 dc 03 Aug 26 13:09:10.997102: | 7e 53 fe 83 2e b6 b4 61 31 e2 b1 63 49 30 97 79 Aug 26 13:09:10.997104: | 68 6b 0c 0f 02 61 31 89 8f 9d c2 b6 5e 40 c6 f7 Aug 26 13:09:10.997105: | c5 6e 6c 25 61 bd 0b 14 f3 92 6a bd 10 11 92 d1 Aug 26 13:09:10.997107: | 25 0b 48 bf 32 9d f3 2c f7 2e 0b 1d 76 bf 16 e6 Aug 26 13:09:10.997108: | c4 Aug 26 13:09:10.997112: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.997115: | **parse ISAKMP Message: Aug 26 13:09:10.997117: | initiator cookie: Aug 26 13:09:10.997119: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:10.997120: | responder cookie: Aug 26 13:09:10.997122: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:10.997124: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.997126: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.997127: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:10.997131: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.997133: | Message ID: 2 (0x2) Aug 26 13:09:10.997135: | length: 449 (0x1c1) Aug 26 13:09:10.997137: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:10.997140: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:09:10.997143: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:10.997148: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.997150: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.997153: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.997156: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.997157: | #3 is idle Aug 26 13:09:10.997159: | #3 idle Aug 26 13:09:10.997161: | unpacking clear payload Aug 26 13:09:10.997162: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:10.997164: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:10.997166: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.997168: | flags: none (0x0) Aug 26 13:09:10.997169: | length: 421 (0x1a5) Aug 26 13:09:10.997171: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:09:10.997173: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:10.997189: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:10.997191: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.997193: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.997195: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.997196: | flags: none (0x0) Aug 26 13:09:10.997198: | length: 44 (0x2c) Aug 26 13:09:10.997199: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:09:10.997201: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.997203: | **parse IKEv2 Nonce Payload: Aug 26 13:09:10.997204: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.997206: | flags: none (0x0) Aug 26 13:09:10.997207: | length: 36 (0x24) Aug 26 13:09:10.997209: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.997211: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.997212: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.997214: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.997216: | flags: none (0x0) Aug 26 13:09:10.997217: | length: 264 (0x108) Aug 26 13:09:10.997219: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.997221: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.997222: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.997224: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.997226: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.997227: | flags: none (0x0) Aug 26 13:09:10.997229: | length: 24 (0x18) Aug 26 13:09:10.997230: | number of TS: 1 (0x1) Aug 26 13:09:10.997232: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.997234: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.997235: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.997237: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.997238: | flags: none (0x0) Aug 26 13:09:10.997240: | length: 24 (0x18) Aug 26 13:09:10.997242: | number of TS: 1 (0x1) Aug 26 13:09:10.997243: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.997245: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:10.997249: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.997251: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:09:10.997254: | Now let's proceed with state specific processing Aug 26 13:09:10.997256: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:10.997266: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.997268: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:09:10.997271: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.997273: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.997275: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.997276: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.997278: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.997280: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:10.997282: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.997284: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.997285: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.997287: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.997308: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.997310: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:10.997312: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.997314: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.997315: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.997317: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.997318: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.997320: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:10.997322: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.997324: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.997325: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.997327: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.997329: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.997331: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:10.997333: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.997334: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.997336: | length: 40 (0x28) Aug 26 13:09:10.997338: | prop #: 1 (0x1) Aug 26 13:09:10.997339: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.997341: | spi size: 4 (0x4) Aug 26 13:09:10.997343: | # transforms: 3 (0x3) Aug 26 13:09:10.997345: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.997347: | remote SPI b8 c6 ac 13 Aug 26 13:09:10.997349: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:10.997351: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.997359: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.997362: | length: 12 (0xc) Aug 26 13:09:10.997365: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.997368: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.997371: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.997374: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.997377: | length/value: 256 (0x100) Aug 26 13:09:10.997382: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.997385: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.997388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.997391: | length: 8 (0x8) Aug 26 13:09:10.997394: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.997399: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.997403: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.997406: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.997409: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.997412: | length: 8 (0x8) Aug 26 13:09:10.997415: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.997418: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.997422: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.997438: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:09:10.997443: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:09:10.997446: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.997449: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:09:10.997454: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=b8c6ac13;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:09:10.997457: | converting proposal to internal trans attrs Aug 26 13:09:10.997463: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:09:10.997470: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:09:10.997473: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:10.997476: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 13:09:10.997481: | libevent_free: release ptr-libevent@0x555ab9cf2158 Aug 26 13:09:10.997484: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555ab9c8a218 Aug 26 13:09:10.997487: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:10.997491: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:10.997494: | libevent_malloc: new ptr-libevent@0x555ab9d1a968 size 128 Aug 26 13:09:10.997505: | #3 spent 0.23 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:09:10.997510: | crypto helper 3 resuming Aug 26 13:09:10.997511: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.997524: | crypto helper 3 starting work-order 4 for state #3 Aug 26 13:09:10.997528: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:09:10.997529: | crypto helper 3 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 13:09:10.997535: | suspending state #3 and saving MD Aug 26 13:09:10.997544: | #3 is busy; has a suspended MD Aug 26 13:09:10.997549: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.997553: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.997557: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.997562: | #1 spent 0.49 milliseconds in ikev2_process_packet() Aug 26 13:09:10.997567: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.997570: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.997573: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.997577: | spent 0.505 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.998359: | crypto helper 3 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000829 seconds Aug 26 13:09:10.998376: | (#3) spent 0.839 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 13:09:10.998380: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 13:09:10.998386: | scheduling resume sending helper answer for #3 Aug 26 13:09:10.998390: | libevent_malloc: new ptr-libevent@0x7f44b8001f78 size 128 Aug 26 13:09:10.998400: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:10.998408: | processing resume sending helper answer for #3 Aug 26 13:09:10.998418: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.998421: | crypto helper 3 replies to request ID 4 Aug 26 13:09:10.998423: | calling continuation function 0x555ab87f99d0 Aug 26 13:09:10.998426: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 13:09:10.998429: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.998431: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.998433: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.998435: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.998437: | length: 16 (0x10) Aug 26 13:09:10.998438: | start port: 0 (0x0) Aug 26 13:09:10.998440: | end port: 65535 (0xffff) Aug 26 13:09:10.998442: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.998444: | TS low c0 00 03 00 Aug 26 13:09:10.998446: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.998447: | TS high c0 00 03 ff Aug 26 13:09:10.998449: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.998451: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.998452: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.998454: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.998456: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.998457: | length: 16 (0x10) Aug 26 13:09:10.998459: | start port: 0 (0x0) Aug 26 13:09:10.998460: | end port: 65535 (0xffff) Aug 26 13:09:10.998462: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.998463: | TS low c0 00 16 00 Aug 26 13:09:10.998465: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.998467: | TS high c0 00 16 ff Aug 26 13:09:10.998470: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.998476: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.998481: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.998488: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.998492: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.998495: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.998497: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.998501: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.998506: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.998512: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:10.998515: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.998517: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.998520: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.998523: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.998525: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.998528: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:10.998530: | printing contents struct traffic_selector Aug 26 13:09:10.998533: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.998535: | ipprotoid: 0 Aug 26 13:09:10.998538: | port range: 0-65535 Aug 26 13:09:10.998542: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.998544: | printing contents struct traffic_selector Aug 26 13:09:10.998546: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.998549: | ipprotoid: 0 Aug 26 13:09:10.998551: | port range: 0-65535 Aug 26 13:09:10.998554: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:10.998559: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.998769: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:09:10.998776: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:10.998779: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.998782: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.998785: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.998788: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.998791: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.998796: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.998800: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.998803: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.998806: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.998809: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.998814: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.998817: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:10.998821: | netlink: enabling tunnel mode Aug 26 13:09:10.998825: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.998827: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.998912: | netlink response for Add SA esp.b8c6ac13@192.1.2.23 included non-error error Aug 26 13:09:10.998918: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.998922: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.998925: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.998928: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.998931: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.998936: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.998939: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:10.998942: | netlink: enabling tunnel mode Aug 26 13:09:10.998945: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.998948: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.998988: | netlink response for Add SA esp.c891c148@192.1.3.33 included non-error error Aug 26 13:09:10.998994: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:10.999002: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:10.999006: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.999034: | raw_eroute result=success Aug 26 13:09:10.999039: | set up incoming SA, ref=0/0 Aug 26 13:09:10.999042: | sr for #3: unrouted Aug 26 13:09:10.999045: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.999048: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.999051: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.999054: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.999057: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.999060: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.999064: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.999068: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 13:09:10.999071: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:10.999079: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:09:10.999082: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.999096: | raw_eroute result=success Aug 26 13:09:10.999101: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.999104: | command executing up-client Aug 26 13:09:10.999127: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.999132: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.999145: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:09:10.999148: | popen cmd is 1408 chars long Aug 26 13:09:10.999150: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.999151: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 13:09:10.999153: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 13:09:10.999155: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:10.999157: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:10.999158: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 13:09:10.999160: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:10.999162: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 13:09:10.999163: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Aug 26 13:09:10.999165: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:10.999167: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:10.999168: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:10.999170: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Aug 26 13:09:10.999172: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:09:10.999174: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:09:10.999175: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:09:10.999177: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:09:10.999179: | cmd(1360):0xb8c6ac13 SPI_OUT=0xc891c148 ipsec _updown 2>&1: Aug 26 13:09:11.009094: | route_and_eroute: firewall_notified: true Aug 26 13:09:11.009115: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:11.009120: | command executing prepare-client Aug 26 13:09:11.009154: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.009163: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.009189: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Aug 26 13:09:11.009194: | popen cmd is 1413 chars long Aug 26 13:09:11.009198: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:11.009201: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:11.009204: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:11.009207: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:11.009210: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:11.009213: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 13:09:11.009216: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 13:09:11.009220: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 13:09:11.009223: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:09:11.009226: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:09:11.009229: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Aug 26 13:09:11.009232: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Aug 26 13:09:11.009235: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Aug 26 13:09:11.009238: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Aug 26 13:09:11.009240: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Aug 26 13:09:11.009243: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Aug 26 13:09:11.009247: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Aug 26 13:09:11.009250: | cmd(1360):I_IN=0xb8c6ac13 SPI_OUT=0xc891c148 ipsec _updown 2>&1: Aug 26 13:09:11.019249: | running updown command "ipsec _updown" for verb route Aug 26 13:09:11.019261: | command executing route-client Aug 26 13:09:11.019282: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.019287: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.019307: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Aug 26 13:09:11.019312: | popen cmd is 1411 chars long Aug 26 13:09:11.019314: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:11.019316: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 13:09:11.019318: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 13:09:11.019320: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:11.019321: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:11.019323: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Aug 26 13:09:11.019325: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:11.019327: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 13:09:11.019328: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Aug 26 13:09:11.019330: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:11.019332: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:11.019333: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:11.019335: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 13:09:11.019337: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 13:09:11.019339: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 13:09:11.019340: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 13:09:11.019342: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 13:09:11.019344: | cmd(1360):IN=0xb8c6ac13 SPI_OUT=0xc891c148 ipsec _updown 2>&1: Aug 26 13:09:11.035493: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x555ab9cfbb88,sr=0x555ab9cfbb88} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:11.035992: | #1 spent 2.28 milliseconds in install_ipsec_sa() Aug 26 13:09:11.036003: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:09:11.036008: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.036021: | libevent_free: release ptr-libevent@0x555ab9d1a968 Aug 26 13:09:11.036029: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:11.036043: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.036048: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 13:09:11.036052: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:09:11.036057: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:11.036061: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:09:11.036068: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:09:11.036077: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.036081: | pstats #3 ikev2.child established Aug 26 13:09:11.036092: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Aug 26 13:09:11.036105: | NAT-T: encaps is 'auto' Aug 26 13:09:11.036111: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xb8c6ac13 <0xc891c148 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:09:11.036117: | releasing whack for #3 (sock=fd@25) Aug 26 13:09:11.036125: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:09:11.036128: | releasing whack and unpending for parent #1 Aug 26 13:09:11.036132: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 13:09:11.036138: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 13:09:11.036141: | event_schedule: new EVENT_SA_REKEY-pe@0x555ab9c8a218 Aug 26 13:09:11.036146: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 13:09:11.036151: | libevent_malloc: new ptr-libevent@0x555ab9d0ab98 size 128 Aug 26 13:09:11.036163: | #3 spent 2.8 milliseconds in resume sending helper answer Aug 26 13:09:11.036170: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:11.036175: | libevent_free: release ptr-libevent@0x7f44b8001f78 Aug 26 13:09:11.036193: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.036200: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.036206: | spent 0.00661 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.036209: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.036212: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.036216: | spent 0.00389 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.036219: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.036222: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.036226: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.098096: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.098493: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.098506: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.098672: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:11.098679: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:11.098690: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:11.098714: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:11.098738: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:11.098748: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:11.098773: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.098783: | spent 0.677 milliseconds in whack Aug 26 13:09:13.348319: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:13.348349: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:09:13.348355: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:13.348362: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:13.348377: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:13.348392: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:13.348398: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:13.348410: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:13.348416: | spent 0.107 milliseconds in whack Aug 26 13:09:14.164522: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:14.164722: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:14.164728: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:14.164872: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:14.164877: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:14.164886: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:14.164901: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:14.164924: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:14.164934: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:14.164958: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:14.164965: | spent 0.453 milliseconds in whack Aug 26 13:09:14.497560: | spent 0.00249 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.497588: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.497592: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497595: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.497597: | f9 bb fb 5f 00 e5 de 13 aa 1a 72 e4 50 c3 72 e3 Aug 26 13:09:14.497600: | 89 d7 31 66 9a 61 65 f2 fe 7d 5a e4 44 98 b6 ab Aug 26 13:09:14.497602: | ab dc db ac ba Aug 26 13:09:14.497607: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.497611: | **parse ISAKMP Message: Aug 26 13:09:14.497614: | initiator cookie: Aug 26 13:09:14.497616: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.497619: | responder cookie: Aug 26 13:09:14.497621: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497624: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.497627: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.497630: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.497635: | flags: none (0x0) Aug 26 13:09:14.497638: | Message ID: 0 (0x0) Aug 26 13:09:14.497641: | length: 69 (0x45) Aug 26 13:09:14.497644: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.497648: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.497653: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.497660: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.497663: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.497668: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.497671: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:09:14.497676: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 13:09:14.497679: | unpacking clear payload Aug 26 13:09:14.497682: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.497685: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.497688: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.497690: | flags: none (0x0) Aug 26 13:09:14.497693: | length: 41 (0x29) Aug 26 13:09:14.497696: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:09:14.497701: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:09:14.497704: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.497729: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.497733: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.497736: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.497739: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.497742: | flags: none (0x0) Aug 26 13:09:14.497744: | length: 12 (0xc) Aug 26 13:09:14.497747: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.497750: | SPI size: 4 (0x4) Aug 26 13:09:14.497752: | number of SPIs: 1 (0x1) Aug 26 13:09:14.497755: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:09:14.497758: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.497763: | Now let's proceed with state specific processing Aug 26 13:09:14.497765: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.497769: | an informational request should send a response Aug 26 13:09:14.497792: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.497796: | **emit ISAKMP Message: Aug 26 13:09:14.497799: | initiator cookie: Aug 26 13:09:14.497801: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.497804: | responder cookie: Aug 26 13:09:14.497806: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497809: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.497812: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.497815: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.497818: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.497821: | Message ID: 0 (0x0) Aug 26 13:09:14.497824: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.497827: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.497830: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.497833: | flags: none (0x0) Aug 26 13:09:14.497836: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.497839: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.497843: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.497856: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:09:14.497860: | SPI b8 c6 ac 13 Aug 26 13:09:14.497862: | delete PROTO_v2_ESP SA(0xb8c6ac13) Aug 26 13:09:14.497866: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:09:14.497869: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:09:14.497872: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xb8c6ac13) Aug 26 13:09:14.497875: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 13:09:14.497878: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.497882: | libevent_free: release ptr-libevent@0x555ab9d0ab98 Aug 26 13:09:14.497886: | free_event_entry: release EVENT_SA_REKEY-pe@0x555ab9c8a218 Aug 26 13:09:14.497889: | event_schedule: new EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:14.497893: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 13:09:14.497897: | libevent_malloc: new ptr-libevent@0x7f44b8001f78 size 128 Aug 26 13:09:14.497901: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.497904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.497906: | flags: none (0x0) Aug 26 13:09:14.497909: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.497912: | SPI size: 4 (0x4) Aug 26 13:09:14.497914: | number of SPIs: 1 (0x1) Aug 26 13:09:14.497918: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.497921: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.497924: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:09:14.497927: | local SPIs c8 91 c1 48 Aug 26 13:09:14.497930: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.497933: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.497936: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.497939: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.497942: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.497945: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.497967: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.497972: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.497975: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.497978: | 70 f9 eb 34 d9 30 ad e2 60 e3 e3 2a c3 0b 09 04 Aug 26 13:09:14.497980: | fd e7 65 9b 82 f9 4f dc 64 9d 44 fe 4e 2a 70 1d Aug 26 13:09:14.497983: | 1c 10 a5 4f e4 Aug 26 13:09:14.498012: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:09:14.498019: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:09:14.498025: | #1 spent 0.24 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:09:14.498031: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.498035: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:09:14.498038: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:09:14.498043: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:09:14.498048: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.498051: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:09:14.498056: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.498061: | #1 spent 0.473 milliseconds in ikev2_process_packet() Aug 26 13:09:14.498066: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.498070: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.498073: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.498077: | spent 0.489 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.498084: | timer_event_cb: processing event@0x555ab9c8a218 Aug 26 13:09:14.498087: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 13:09:14.498092: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.498096: | picked newest_ipsec_sa #3 for #3 Aug 26 13:09:14.498099: | replacing stale CHILD SA Aug 26 13:09:14.498103: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:09:14.498106: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.498110: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:14.498114: | creating state object #4 at 0x555ab9d12da8 Aug 26 13:09:14.498117: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:09:14.498126: | pstats #4 ikev2.child started Aug 26 13:09:14.498130: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 13:09:14.498136: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:14.498145: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.498150: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.498155: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.498159: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:09:14.498175: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.498181: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 13:09:14.498185: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x555ab9d09928 Aug 26 13:09:14.498189: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:09:14.498192: | libevent_malloc: new ptr-libevent@0x555ab9d1a968 size 128 Aug 26 13:09:14.498198: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:14.498203: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f44c8002b78 Aug 26 13:09:14.498206: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 13:09:14.498211: | libevent_malloc: new ptr-libevent@0x555ab9d202b8 size 128 Aug 26 13:09:14.498214: | libevent_free: release ptr-libevent@0x7f44b8001f78 Aug 26 13:09:14.498218: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:14.498222: | #3 spent 0.138 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:09:14.498226: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.498230: | timer_event_cb: processing event@0x555ab9d09928 Aug 26 13:09:14.498233: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:09:14.498238: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.498244: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:09:14.498247: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:14.498250: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:09:14.498253: | libevent_malloc: new ptr-libevent@0x7f44b8001f78 size 128 Aug 26 13:09:14.498261: | libevent_free: release ptr-libevent@0x555ab9d1a968 Aug 26 13:09:14.498265: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x555ab9d09928 Aug 26 13:09:14.498269: | #4 spent 0.0379 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:14.498274: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.498278: | timer_event_cb: processing event@0x7f44c8002b78 Aug 26 13:09:14.498281: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 13:09:14.498286: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.498294: | picked newest_ipsec_sa #3 for #3 Aug 26 13:09:14.498299: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:09:14.498302: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 13:09:14.498305: | pstats #3 ikev2.child deleted completed Aug 26 13:09:14.498309: | #3 spent 4.77 milliseconds in total Aug 26 13:09:14.498313: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:14.498317: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.517s and NOT sending notification Aug 26 13:09:14.498320: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:09:14.498325: | get_sa_info esp.b8c6ac13@192.1.2.23 Aug 26 13:09:14.498338: | get_sa_info esp.c891c148@192.1.3.33 Aug 26 13:09:14.498346: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Aug 26 13:09:14.498350: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.498408: | crypto helper 4 resuming Aug 26 13:09:14.498416: | crypto helper 4 starting work-order 5 for state #4 Aug 26 13:09:14.498421: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 13:09:14.499400: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.000978 seconds Aug 26 13:09:14.499414: | (#4) spent 0.988 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:09:14.499418: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Aug 26 13:09:14.499422: | scheduling resume sending helper answer for #4 Aug 26 13:09:14.499425: | libevent_malloc: new ptr-libevent@0x7f44bc002888 size 128 Aug 26 13:09:14.499431: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:14.499442: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.499446: | command executing down-client Aug 26 13:09:14.499476: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.499484: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.499504: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_ Aug 26 13:09:14.499508: | popen cmd is 1419 chars long Aug 26 13:09:14.499511: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.499515: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 13:09:14.499518: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 13:09:14.499521: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 13:09:14.499523: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.499526: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 13:09:14.499529: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.499532: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 13:09:14.499535: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Aug 26 13:09:14.499538: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:09:14.499541: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Aug 26 13:09:14.499544: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Aug 26 13:09:14.499547: | cmd( 960): PLUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Aug 26 13:09:14.499549: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Aug 26 13:09:14.499551: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 13:09:14.499557: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 13:09:14.499560: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 13:09:14.499562: | cmd(1360):no' SPI_IN=0xb8c6ac13 SPI_OUT=0xc891c148 ipsec _updown 2>&1: Aug 26 13:09:14.513347: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.513362: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.513366: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.513371: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.513401: | delete esp.b8c6ac13@192.1.2.23 Aug 26 13:09:14.513417: | netlink response for Del SA esp.b8c6ac13@192.1.2.23 included non-error error Aug 26 13:09:14.513421: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.513428: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.513447: | raw_eroute result=success Aug 26 13:09:14.513452: | delete esp.c891c148@192.1.3.33 Aug 26 13:09:14.513462: | netlink response for Del SA esp.c891c148@192.1.3.33 included non-error error Aug 26 13:09:14.513472: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.513475: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:09:14.513482: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.513526: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:14.513549: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:09:14.513552: | can't expire unused IKE SA #1; it has the child #4 Aug 26 13:09:14.513558: | libevent_free: release ptr-libevent@0x555ab9d202b8 Aug 26 13:09:14.513565: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f44c8002b78 Aug 26 13:09:14.513568: | in statetime_stop() and could not find #3 Aug 26 13:09:14.513571: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.513590: | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.513607: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.513610: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.513613: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.513615: | 45 58 28 1c fc 64 c4 74 c7 0d 9a cc f5 ea 37 4c Aug 26 13:09:14.513618: | cf de 7e ed ad fd 2b e6 7c a2 f3 08 e1 14 b6 3c Aug 26 13:09:14.513620: | eb bf 38 9a 1e Aug 26 13:09:14.513625: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.513629: | **parse ISAKMP Message: Aug 26 13:09:14.513632: | initiator cookie: Aug 26 13:09:14.513635: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.513637: | responder cookie: Aug 26 13:09:14.513640: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.513643: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.513646: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.513648: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.513652: | flags: none (0x0) Aug 26 13:09:14.513655: | Message ID: 1 (0x1) Aug 26 13:09:14.513657: | length: 69 (0x45) Aug 26 13:09:14.513660: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.513664: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.513667: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.513674: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.513677: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.513684: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.513688: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:14.513692: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 13:09:14.513694: | unpacking clear payload Aug 26 13:09:14.513697: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.513700: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.513703: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.513706: | flags: none (0x0) Aug 26 13:09:14.513709: | length: 41 (0x29) Aug 26 13:09:14.513711: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:09:14.513716: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:14.513719: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.513737: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.513740: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.513743: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.513746: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513749: | flags: none (0x0) Aug 26 13:09:14.513751: | length: 12 (0xc) Aug 26 13:09:14.513754: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.513756: | SPI size: 4 (0x4) Aug 26 13:09:14.513759: | number of SPIs: 1 (0x1) Aug 26 13:09:14.513762: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:09:14.513764: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.513767: | Now let's proceed with state specific processing Aug 26 13:09:14.513770: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.513773: | an informational request should send a response Aug 26 13:09:14.513796: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.513800: | **emit ISAKMP Message: Aug 26 13:09:14.513803: | initiator cookie: Aug 26 13:09:14.513805: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.513808: | responder cookie: Aug 26 13:09:14.513810: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.513813: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.513816: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.513818: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.513821: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.513824: | Message ID: 1 (0x1) Aug 26 13:09:14.513827: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.513830: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.513833: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513835: | flags: none (0x0) Aug 26 13:09:14.513839: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.513842: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.513845: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.513860: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:09:14.513863: | SPI 7e 40 a7 ce Aug 26 13:09:14.513866: | delete PROTO_v2_ESP SA(0x7e40a7ce) Aug 26 13:09:14.513869: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:09:14.513872: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:09:14.513875: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x7e40a7ce) Aug 26 13:09:14.513879: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:09:14.513882: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.513886: | libevent_free: release ptr-libevent@0x555ab9cf37b8 Aug 26 13:09:14.513891: | free_event_entry: release EVENT_SA_REKEY-pe@0x555ab9d13d98 Aug 26 13:09:14.513895: | event_schedule: new EVENT_SA_REPLACE-pe@0x555ab9d13d98 Aug 26 13:09:14.513899: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:09:14.513902: | libevent_malloc: new ptr-libevent@0x7f44c4003878 size 128 Aug 26 13:09:14.513907: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.513910: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513912: | flags: none (0x0) Aug 26 13:09:14.513915: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.513917: | SPI size: 4 (0x4) Aug 26 13:09:14.513920: | number of SPIs: 1 (0x1) Aug 26 13:09:14.513923: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.513927: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.513930: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:09:14.513932: | local SPIs ac 79 74 ac Aug 26 13:09:14.513935: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.513938: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.513941: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.513945: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.513947: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.513950: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.513967: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.513970: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.513973: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.513975: | 2b c3 31 47 dd c1 cb 87 67 67 61 9c 0d d3 10 f0 Aug 26 13:09:14.513978: | 23 ad c8 fd 86 3a d7 95 af 19 6a af 36 44 6a 31 Aug 26 13:09:14.513980: | 9e 24 eb cd be Aug 26 13:09:14.514014: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:14.514020: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:14.514026: | #1 spent 0.234 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:09:14.514032: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.514036: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:09:14.514039: | Message ID: updating counters for #1 to 1 after switching state Aug 26 13:09:14.514044: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:14.514048: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.514051: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:09:14.514056: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.514061: | #1 spent 0.45 milliseconds in ikev2_process_packet() Aug 26 13:09:14.514065: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.514069: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.514072: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.514076: | spent 0.465 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.514086: | processing resume sending helper answer for #4 Aug 26 13:09:14.514091: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:09:14.514095: | crypto helper 4 replies to request ID 5 Aug 26 13:09:14.514098: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:14.514101: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 13:09:14.514105: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.514108: | libevent_free: release ptr-libevent@0x7f44b8001f78 Aug 26 13:09:14.514113: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9c8a218 Aug 26 13:09:14.514116: | event_schedule: new EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:14.514119: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:09:14.514123: | libevent_malloc: new ptr-libevent@0x555ab9d202b8 size 128 Aug 26 13:09:14.514128: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.514131: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:09:14.514134: | libevent_malloc: new ptr-libevent@0x555ab9d1a968 size 128 Aug 26 13:09:14.514139: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.514142: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:09:14.514145: | suspending state #4 and saving MD Aug 26 13:09:14.514148: | #4 is busy; has a suspended MD Aug 26 13:09:14.514153: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:14.514156: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:14.514160: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:09:14.514165: | #4 spent 0.0691 milliseconds in resume sending helper answer Aug 26 13:09:14.514169: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:09:14.514172: | libevent_free: release ptr-libevent@0x7f44bc002888 Aug 26 13:09:14.514177: | processing signal PLUTO_SIGCHLD Aug 26 13:09:14.514182: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:14.514186: | spent 0.00498 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:14.514192: | timer_event_cb: processing event@0x555ab9d13d98 Aug 26 13:09:14.514195: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:09:14.514200: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.514204: | picked newest_ipsec_sa #2 for #2 Aug 26 13:09:14.514207: | replacing stale CHILD SA Aug 26 13:09:14.514211: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:09:14.514214: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.514217: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:14.514221: | creating state object #5 at 0x555ab9d11048 Aug 26 13:09:14.514224: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 13:09:14.514231: | pstats #5 ikev2.child started Aug 26 13:09:14.514234: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 13:09:14.514239: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:14.514246: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.514250: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.514255: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.514261: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.514265: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:09:14.514268: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:14.514272: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Aug 26 13:09:14.514276: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:14.514282: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.514285: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:14.514294: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.514301: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:14.514305: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.514308: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:14.514313: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.514321: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.514327: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:09:14.514330: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f44bc002b78 Aug 26 13:09:14.514334: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 13:09:14.514337: | libevent_malloc: new ptr-libevent@0x7f44bc002888 size 128 Aug 26 13:09:14.514343: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:14.514346: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f44c8002b78 Aug 26 13:09:14.514350: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:09:14.514353: | libevent_malloc: new ptr-libevent@0x555ab9d1aba8 size 128 Aug 26 13:09:14.514356: | libevent_free: release ptr-libevent@0x7f44c4003878 Aug 26 13:09:14.514359: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555ab9d13d98 Aug 26 13:09:14.514364: | #2 spent 0.168 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:09:14.514367: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.514371: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:09:14.514375: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:09:14.514381: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.514386: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:14.514391: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:14.514395: | **emit ISAKMP Message: Aug 26 13:09:14.514398: | initiator cookie: Aug 26 13:09:14.514401: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.514404: | responder cookie: Aug 26 13:09:14.514406: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.514409: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.514414: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.514417: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:14.514419: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:14.514422: | Message ID: 3 (0x3) Aug 26 13:09:14.514425: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.514428: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.514431: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.514434: | flags: none (0x0) Aug 26 13:09:14.514437: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.514440: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.514443: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.514457: | netlink_get_spi: allocated 0xde860803 for esp.0@192.1.3.33 Aug 26 13:09:14.514460: | Emitting ikev2_proposals ... Aug 26 13:09:14.514463: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:14.514466: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.514469: | flags: none (0x0) Aug 26 13:09:14.514472: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:14.514475: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.514478: | discarding INTEG=NONE Aug 26 13:09:14.514480: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.514483: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514486: | prop #: 1 (0x1) Aug 26 13:09:14.514488: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.514491: | spi size: 4 (0x4) Aug 26 13:09:14.514494: | # transforms: 3 (0x3) Aug 26 13:09:14.514497: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.514500: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.514503: | our spi de 86 08 03 Aug 26 13:09:14.514506: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514511: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.514514: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.514517: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514520: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.514523: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.514526: | length/value: 256 (0x100) Aug 26 13:09:14.514529: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.514531: | discarding INTEG=NONE Aug 26 13:09:14.514534: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514542: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514554: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514556: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514559: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514562: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514575: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:14.514578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514580: | discarding INTEG=NONE Aug 26 13:09:14.514583: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.514586: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514588: | prop #: 2 (0x2) Aug 26 13:09:14.514591: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.514593: | spi size: 4 (0x4) Aug 26 13:09:14.514596: | # transforms: 3 (0x3) Aug 26 13:09:14.514599: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514602: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.514606: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.514608: | our spi de 86 08 03 Aug 26 13:09:14.514611: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514616: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.514619: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.514621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514624: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.514627: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.514629: | length/value: 128 (0x80) Aug 26 13:09:14.514632: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.514634: | discarding INTEG=NONE Aug 26 13:09:14.514637: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514643: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514645: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514649: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514655: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514657: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514660: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514663: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514666: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514678: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:14.514681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514683: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.514686: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514690: | prop #: 3 (0x3) Aug 26 13:09:14.514693: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.514696: | spi size: 4 (0x4) Aug 26 13:09:14.514698: | # transforms: 5 (0x5) Aug 26 13:09:14.514702: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514705: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.514708: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.514710: | our spi de 86 08 03 Aug 26 13:09:14.514713: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514719: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.514721: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.514724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514727: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.514730: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.514733: | length/value: 256 (0x100) Aug 26 13:09:14.514736: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.514739: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514744: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514747: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.514750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514756: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514759: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514764: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514767: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.514770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514776: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514779: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514782: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514787: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514791: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514794: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514797: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514799: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514802: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514805: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514808: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514811: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514814: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514818: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514821: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:14.514824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514826: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.514829: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:14.514832: | prop #: 4 (0x4) Aug 26 13:09:14.514834: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.514837: | spi size: 4 (0x4) Aug 26 13:09:14.514840: | # transforms: 5 (0x5) Aug 26 13:09:14.514843: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514846: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.514849: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.514852: | our spi de 86 08 03 Aug 26 13:09:14.514855: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514860: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.514863: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.514866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514869: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.514871: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.514874: | length/value: 128 (0x80) Aug 26 13:09:14.514877: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.514879: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514885: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514888: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.514891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514897: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514899: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514905: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514907: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.514911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514917: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514919: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514925: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514928: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514937: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514941: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514943: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514946: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514949: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514955: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514958: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514961: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:14.514964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514967: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:09:14.514970: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:14.514973: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 13:09:14.514976: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:09:14.514981: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.514985: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:09:14.516028: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:09:14.516044: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:14.516050: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:14.516056: | #1 spent 0.679 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:09:14.516061: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:09:14.516066: | libevent_free: release ptr-libevent@0x555ab9d1a968 Aug 26 13:09:14.516073: | timer_event_cb: processing event@0x7f44bc002b78 Aug 26 13:09:14.516077: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 13:09:14.516082: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.516087: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 13:09:14.516090: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9d13d98 Aug 26 13:09:14.516094: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:09:14.516097: | libevent_malloc: new ptr-libevent@0x555ab9d1a968 size 128 Aug 26 13:09:14.516106: | libevent_free: release ptr-libevent@0x7f44bc002888 Aug 26 13:09:14.516109: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f44bc002b78 Aug 26 13:09:14.516114: | #5 spent 0.0399 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:14.516116: | crypto helper 5 resuming Aug 26 13:09:14.516132: | crypto helper 5 starting work-order 6 for state #5 Aug 26 13:09:14.516138: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 13:09:14.517106: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000967 seconds Aug 26 13:09:14.517123: | (#5) spent 0.971 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:09:14.517128: | crypto helper 5 sending results from work-order 6 for state #5 to event queue Aug 26 13:09:14.517132: | scheduling resume sending helper answer for #5 Aug 26 13:09:14.517136: | libevent_malloc: new ptr-libevent@0x7f44b0002888 size 128 Aug 26 13:09:14.517146: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:14.516119: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.517159: | timer_event_cb: processing event@0x7f44c8002b78 Aug 26 13:09:14.517163: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:09:14.517169: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.517174: | picked newest_ipsec_sa #2 for #2 Aug 26 13:09:14.517177: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:09:14.517180: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:09:14.517183: | pstats #2 ikev2.child deleted completed Aug 26 13:09:14.517187: | #2 spent 7.26 milliseconds in total Aug 26 13:09:14.517192: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:14.517196: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 3.642s and NOT sending notification Aug 26 13:09:14.517200: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:09:14.517205: | get_sa_info esp.7e40a7ce@192.1.2.23 Aug 26 13:09:14.517220: | get_sa_info esp.ac7974ac@192.1.3.33 Aug 26 13:09:14.517230: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:09:14.517234: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.517292: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.517300: | command executing down-client Aug 26 13:09:14.517331: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.517337: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.517356: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CO Aug 26 13:09:14.517361: | popen cmd is 1417 chars long Aug 26 13:09:14.517364: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.517367: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 13:09:14.517370: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 13:09:14.517372: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 13:09:14.517375: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.517378: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Aug 26 13:09:14.517381: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.517384: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 13:09:14.517387: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 13:09:14.517392: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:14.517395: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:14.517398: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:14.517401: | cmd( 960):LUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Aug 26 13:09:14.517403: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Aug 26 13:09:14.517406: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Aug 26 13:09:14.517409: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Aug 26 13:09:14.517412: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Aug 26 13:09:14.517414: | cmd(1360):' SPI_IN=0x7e40a7ce SPI_OUT=0xac7974ac ipsec _updown 2>&1: Aug 26 13:09:14.533023: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.533039: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.533044: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.533049: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.533095: | delete esp.7e40a7ce@192.1.2.23 Aug 26 13:09:14.533115: | netlink response for Del SA esp.7e40a7ce@192.1.2.23 included non-error error Aug 26 13:09:14.533120: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.533128: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.533153: | raw_eroute result=success Aug 26 13:09:14.533159: | delete esp.ac7974ac@192.1.3.33 Aug 26 13:09:14.533171: | netlink response for Del SA esp.ac7974ac@192.1.3.33 included non-error error Aug 26 13:09:14.533185: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.533190: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:09:14.533197: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.533207: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:14.533225: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:09:14.533229: | can't expire unused IKE SA #1; it has the child #5 Aug 26 13:09:14.533238: | libevent_free: release ptr-libevent@0x555ab9d1aba8 Aug 26 13:09:14.533242: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f44c8002b78 Aug 26 13:09:14.533247: | in statetime_stop() and could not find #2 Aug 26 13:09:14.533251: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.533276: | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.533300: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.533306: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.533310: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 13:09:14.533313: | 50 82 b2 e1 0f 53 77 ae 34 61 73 d0 32 71 ad ba Aug 26 13:09:14.533315: | d2 e8 d6 4a d4 87 15 f1 ea 8f 72 4c dc 45 05 03 Aug 26 13:09:14.533317: | f8 Aug 26 13:09:14.533323: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.533328: | **parse ISAKMP Message: Aug 26 13:09:14.533331: | initiator cookie: Aug 26 13:09:14.533333: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.533336: | responder cookie: Aug 26 13:09:14.533338: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.533341: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.533344: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.533347: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.533354: | flags: none (0x0) Aug 26 13:09:14.533357: | Message ID: 2 (0x2) Aug 26 13:09:14.533359: | length: 65 (0x41) Aug 26 13:09:14.533362: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.533366: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.533370: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.533377: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.533381: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.533386: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.533390: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:09:14.533394: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 13:09:14.533397: | unpacking clear payload Aug 26 13:09:14.533400: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.533403: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.533406: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.533409: | flags: none (0x0) Aug 26 13:09:14.533412: | length: 37 (0x25) Aug 26 13:09:14.533414: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:09:14.533419: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:14.533423: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.533455: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.533460: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.533463: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.533466: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.533469: | flags: none (0x0) Aug 26 13:09:14.533472: | length: 8 (0x8) Aug 26 13:09:14.533474: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:09:14.533477: | SPI size: 0 (0x0) Aug 26 13:09:14.533480: | number of SPIs: 0 (0x0) Aug 26 13:09:14.533483: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:09:14.533486: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.533488: | Now let's proceed with state specific processing Aug 26 13:09:14.533491: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.533495: | an informational request should send a response Aug 26 13:09:14.533519: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.533524: | **emit ISAKMP Message: Aug 26 13:09:14.533527: | initiator cookie: Aug 26 13:09:14.533530: | 0e ea 1f 14 0a 7b 00 47 Aug 26 13:09:14.533532: | responder cookie: Aug 26 13:09:14.533535: | 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.533538: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.533541: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.533543: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.533546: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.533548: | Message ID: 2 (0x2) Aug 26 13:09:14.533551: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.533555: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.533558: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.533561: | flags: none (0x0) Aug 26 13:09:14.533564: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.533568: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.533571: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.533591: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.533598: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.533601: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.533604: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:09:14.533606: | emitting length of ISAKMP Message: 57 Aug 26 13:09:14.533627: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.533631: | 0e ea 1f 14 0a 7b 00 47 5d 69 60 96 75 f1 e7 27 Aug 26 13:09:14.533634: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 13:09:14.533637: | cb 82 1c 59 93 aa ae b6 75 d0 08 82 f8 ab b5 d9 Aug 26 13:09:14.533639: | 27 df 8f 27 bb b3 f1 40 7f Aug 26 13:09:14.533690: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:09:14.533698: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:09:14.533702: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.533706: | pstats #5 ikev2.child deleted other Aug 26 13:09:14.533710: | #5 spent 0.0399 milliseconds in total Aug 26 13:09:14.533716: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.533721: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.533726: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.019s and NOT sending notification Aug 26 13:09:14.533729: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 13:09:14.533733: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.533739: | libevent_free: release ptr-libevent@0x555ab9d1a968 Aug 26 13:09:14.533743: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9d13d98 Aug 26 13:09:14.533747: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.533755: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.533768: | raw_eroute result=success Aug 26 13:09:14.533772: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.533775: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 13:09:14.533783: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.533789: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.533794: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.533800: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.533803: | pstats #4 ikev2.child deleted other Aug 26 13:09:14.533806: | #4 spent 1.09 milliseconds in total Aug 26 13:09:14.533811: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.533816: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.533820: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.035s and NOT sending notification Aug 26 13:09:14.533823: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 13:09:14.533826: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:14.533830: | libevent_free: release ptr-libevent@0x555ab9d202b8 Aug 26 13:09:14.533833: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555ab9c8a218 Aug 26 13:09:14.533837: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.533845: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.533856: | raw_eroute result=success Aug 26 13:09:14.533863: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.533866: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 13:09:14.533870: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.533898: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.533904: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.533908: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:09:14.533912: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:09:14.533916: | pstats #1 ikev2.ike deleted completed Aug 26 13:09:14.533921: | #1 spent 30.5 milliseconds in total Aug 26 13:09:14.533926: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.533930: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 3.667s and NOT sending notification Aug 26 13:09:14.533933: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:09:14.533980: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.533986: | libevent_free: release ptr-libevent@0x555ab9d231d8 Aug 26 13:09:14.533991: | free_event_entry: release EVENT_SA_REKEY-pe@0x555ab9cfad98 Aug 26 13:09:14.533996: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:14.533999: | picked newest_isakmp_sa #0 for #1 Aug 26 13:09:14.534003: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:09:14.534007: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Aug 26 13:09:14.534010: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:09:14.534015: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.534017: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:09:14.534021: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:09:14.534030: | unreference key: 0x555ab9cfe1e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 13:09:14.534054: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.534067: | unreference key: 0x555ab9cfe1e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.534074: | unreference key: 0x555ab9d09998 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.534080: | unreference key: 0x555ab9d11eb8 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:14.534086: | unreference key: 0x555ab9d1cd68 east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.534092: | unreference key: 0x555ab9d12058 192.1.2.23 cnt 1-- Aug 26 13:09:14.534120: | in statetime_stop() and could not find #1 Aug 26 13:09:14.534125: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.534130: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:09:14.534134: | STF_OK but no state object remains Aug 26 13:09:14.534137: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.534140: | in statetime_stop() and could not find #1 Aug 26 13:09:14.534145: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.534149: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.534152: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.534161: | spent 0.849 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.534171: | processing resume sending helper answer for #5 Aug 26 13:09:14.534175: | crypto helper 5 replies to request ID 6 Aug 26 13:09:14.534177: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:14.534180: | work-order 6 state #5 crypto result suppressed Aug 26 13:09:14.534202: | (#5) spent 0.0257 milliseconds in resume sending helper answer Aug 26 13:09:14.534206: | libevent_free: release ptr-libevent@0x7f44b0002888 Aug 26 13:09:14.534210: | processing signal PLUTO_SIGCHLD Aug 26 13:09:14.534216: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:14.534220: | spent 0.00587 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:14.534226: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:09:14.534230: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 13:09:14.534233: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:14.534237: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:14.534241: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 13:09:14.534244: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:14.534247: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.534252: | creating state object #6 at 0x555ab9d013a8 Aug 26 13:09:14.534255: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 13:09:14.534260: | pstats #6 ikev2.ike started Aug 26 13:09:14.534264: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:14.534267: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:14.534272: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.534278: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:14.534282: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:14.534286: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:14.534294: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Aug 26 13:09:14.534301: "northnet-eastnets/0x2" #6: initiating v2 parent SA Aug 26 13:09:14.534316: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:14.534322: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 13:09:14.534326: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555ab9d13d98 Aug 26 13:09:14.534330: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:09:14.534333: | libevent_malloc: new ptr-libevent@0x555ab9d1aba8 size 128 Aug 26 13:09:14.534344: | #6 spent 0.103 milliseconds in ikev2_parent_outI1() Aug 26 13:09:14.534350: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:14.534353: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:14.534350: | crypto helper 6 resuming Aug 26 13:09:14.534374: | crypto helper 6 starting work-order 7 for state #6 Aug 26 13:09:14.534380: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 13:09:14.535364: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000983 seconds Aug 26 13:09:14.535378: | (#6) spent 0.993 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 13:09:14.535382: | crypto helper 6 sending results from work-order 7 for state #6 to event queue Aug 26 13:09:14.535385: | scheduling resume sending helper answer for #6 Aug 26 13:09:14.535389: | libevent_malloc: new ptr-libevent@0x7f44b4002888 size 128 Aug 26 13:09:14.535396: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:14.534362: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:14.535408: | spent 0.138 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:09:14.535416: | processing resume sending helper answer for #6 Aug 26 13:09:14.535423: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:14.535427: | crypto helper 6 replies to request ID 7 Aug 26 13:09:14.535429: | calling continuation function 0x555ab87f8b50 Aug 26 13:09:14.535432: | ikev2_parent_outI1_continue for #6 Aug 26 13:09:14.535438: | **emit ISAKMP Message: Aug 26 13:09:14.535441: | initiator cookie: Aug 26 13:09:14.535444: | 2b 7a 7b 28 fb 8d 24 c2 Aug 26 13:09:14.535446: | responder cookie: Aug 26 13:09:14.535449: | 00 00 00 00 00 00 00 00 Aug 26 13:09:14.535452: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.535455: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.535458: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:14.535461: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:14.535464: | Message ID: 0 (0x0) Aug 26 13:09:14.535467: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.535484: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:14.535488: | Emitting ikev2_proposals ... Aug 26 13:09:14.535491: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:14.535494: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.535497: | flags: none (0x0) Aug 26 13:09:14.535500: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:14.535504: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.535507: | discarding INTEG=NONE Aug 26 13:09:14.535510: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.535513: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.535516: | prop #: 1 (0x1) Aug 26 13:09:14.535519: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.535521: | spi size: 0 (0x0) Aug 26 13:09:14.535524: | # transforms: 11 (0xb) Aug 26 13:09:14.535527: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.535530: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.535544: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.535547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535551: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.535554: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.535557: | length/value: 256 (0x100) Aug 26 13:09:14.535560: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.535563: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535568: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.535571: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.535575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535578: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535583: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535589: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.535592: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.535595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535601: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535604: | discarding INTEG=NONE Aug 26 13:09:14.535606: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535612: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535615: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.535618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535624: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535627: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535635: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.535638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535647: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535655: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.535659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535666: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535669: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535678: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.535681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535687: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535690: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535698: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.535701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535707: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535710: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535716: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535718: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.535721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.535742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535750: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535753: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.535756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535759: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.535762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535768: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535771: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:14.535774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.535776: | discarding INTEG=NONE Aug 26 13:09:14.535779: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.535782: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.535785: | prop #: 2 (0x2) Aug 26 13:09:14.535789: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.535792: | spi size: 0 (0x0) Aug 26 13:09:14.535795: | # transforms: 11 (0xb) Aug 26 13:09:14.535798: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.535801: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.535804: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535810: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.535813: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.535816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535819: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.535822: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.535824: | length/value: 128 (0x80) Aug 26 13:09:14.535827: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.535830: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535836: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.535838: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.535841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535847: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535850: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535856: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.535859: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.535862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535871: | discarding INTEG=NONE Aug 26 13:09:14.535874: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535882: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.535885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535894: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535902: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.535906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535909: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535912: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535921: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535924: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.535928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535934: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535936: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535944: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.535948: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535956: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535965: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.535968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535974: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535977: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.535985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.535988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.535991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.535994: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.535997: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.535999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536002: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536005: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.536008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536014: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536019: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.536022: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536025: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.536028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536035: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536038: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:14.536041: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.536044: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.536047: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.536050: | prop #: 3 (0x3) Aug 26 13:09:14.536053: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.536055: | spi size: 0 (0x0) Aug 26 13:09:14.536058: | # transforms: 13 (0xd) Aug 26 13:09:14.536061: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.536064: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.536067: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536072: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.536076: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.536079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536082: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.536085: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.536087: | length/value: 256 (0x100) Aug 26 13:09:14.536090: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.536093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536099: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.536102: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.536105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536111: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536114: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536117: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536119: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.536122: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.536126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536131: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536134: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536140: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.536143: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.536146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536152: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536155: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536165: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.536167: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.536171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536177: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536179: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536187: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.536190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536196: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536198: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536203: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536206: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.536209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536215: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536217: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536225: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.536228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536233: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536236: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536243: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.536246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536251: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536253: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536261: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.536264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536271: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536274: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536279: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536282: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.536285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536293: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536300: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536303: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536308: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536311: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.536314: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536321: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536323: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536326: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.536329: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536331: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.536334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536340: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536343: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:14.536346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.536349: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.536351: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:14.536354: | prop #: 4 (0x4) Aug 26 13:09:14.536356: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.536359: | spi size: 0 (0x0) Aug 26 13:09:14.536362: | # transforms: 13 (0xd) Aug 26 13:09:14.536365: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.536368: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.536370: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536373: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536376: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.536378: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.536382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536385: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.536388: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.536391: | length/value: 128 (0x80) Aug 26 13:09:14.536394: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.536397: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536403: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.536407: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.536411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536420: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536425: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.536428: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.536431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536437: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536439: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536442: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536444: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.536447: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.536451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536457: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536465: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.536468: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.536471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536478: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536480: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536488: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.536492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536495: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536497: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536500: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536503: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536506: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536508: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.536511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536514: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536517: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536520: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536532: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.536535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536542: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536545: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536553: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.536556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536562: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536565: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536570: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536572: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.536575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536578: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536581: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536583: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536588: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536591: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.536594: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536602: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536610: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.536613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536618: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536621: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.536623: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.536626: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.536629: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.536632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.536635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.536639: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.536642: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:14.536645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.536647: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:09:14.536650: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:14.536653: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:14.536656: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.536659: | flags: none (0x0) Aug 26 13:09:14.536661: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.536665: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:14.536668: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.536671: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:14.536675: | ikev2 g^x a5 23 25 3a 3b e8 9d 2c 76 7f 4c c4 0d 91 b0 fa Aug 26 13:09:14.536677: | ikev2 g^x a9 8a e0 39 5f 5c 3b 1e e2 a6 e0 a4 9b 41 16 2e Aug 26 13:09:14.536680: | ikev2 g^x 4f fa 45 f6 ca 77 77 36 2e 90 27 b4 68 dd 49 61 Aug 26 13:09:14.536682: | ikev2 g^x 02 a8 73 a5 86 4b 5b 9f f6 6d ad 77 67 e8 bf f0 Aug 26 13:09:14.536685: | ikev2 g^x 77 60 f6 28 f7 8f 77 6a 04 0d c2 d1 d2 74 d3 8c Aug 26 13:09:14.536687: | ikev2 g^x 49 2f 5a 0d 60 ce 49 fd c5 0b 96 b7 23 0b 17 09 Aug 26 13:09:14.536690: | ikev2 g^x 42 01 ac 75 94 c7 60 a7 54 73 3b 9f 78 dd fe f5 Aug 26 13:09:14.536692: | ikev2 g^x a0 7d 5b a0 3e 8f b3 bc 97 0a a2 04 29 29 12 6a Aug 26 13:09:14.536695: | ikev2 g^x 4d e0 59 f9 51 81 3b 79 25 3d 48 54 94 4a 00 c7 Aug 26 13:09:14.536697: | ikev2 g^x e4 6e f7 83 2d e2 3a 16 ce d6 0a 2b b6 3a 91 fe Aug 26 13:09:14.536700: | ikev2 g^x 78 ed 95 1f 0c 87 02 7c 43 e2 a3 b2 11 71 cd c9 Aug 26 13:09:14.536702: | ikev2 g^x e5 9a 18 5b 09 22 ba e8 63 86 c4 a8 b6 cc f7 6e Aug 26 13:09:14.536705: | ikev2 g^x 5f 43 e2 d9 7f 03 d5 f4 bd c0 41 b9 e9 01 f9 cc Aug 26 13:09:14.536708: | ikev2 g^x 0a 4f 09 9d f8 71 9e 5d 3f e0 10 f1 d3 2b 60 18 Aug 26 13:09:14.536710: | ikev2 g^x 5b 9a 16 37 9c 88 76 13 a0 ed a6 f8 f7 61 c3 17 Aug 26 13:09:14.536713: | ikev2 g^x 26 72 d7 b7 fa a8 33 bb 73 02 59 3e 68 e3 8b 63 Aug 26 13:09:14.536715: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:14.536718: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:14.536721: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:14.536723: | flags: none (0x0) Aug 26 13:09:14.536726: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:14.536730: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:14.536732: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.536735: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:14.536738: | IKEv2 nonce f0 3b f0 08 9e 4a 8f 95 07 7c 17 b0 89 c6 28 30 Aug 26 13:09:14.536741: | IKEv2 nonce e4 69 2a d6 cb 16 72 bb 2f 41 29 ad 7c 6d b5 d6 Aug 26 13:09:14.536743: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:14.536746: | Adding a v2N Payload Aug 26 13:09:14.536749: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.536752: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.536754: | flags: none (0x0) Aug 26 13:09:14.536757: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.536760: | SPI size: 0 (0x0) Aug 26 13:09:14.536763: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:14.536767: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.536770: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.536773: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:14.536777: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:14.536779: | natd_hash: rcookie is zero Aug 26 13:09:14.536795: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:14.536799: | natd_hash: icookie= 2b 7a 7b 28 fb 8d 24 c2 Aug 26 13:09:14.536801: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:14.536804: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:14.536806: | natd_hash: port=500 Aug 26 13:09:14.536809: | natd_hash: hash= da 1d 57 f4 65 91 40 01 c0 ee f1 02 40 7f 2d 94 Aug 26 13:09:14.536811: | natd_hash: hash= 50 ac ab 70 Aug 26 13:09:14.536814: | Adding a v2N Payload Aug 26 13:09:14.536816: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.536819: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.536822: | flags: none (0x0) Aug 26 13:09:14.536824: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.536827: | SPI size: 0 (0x0) Aug 26 13:09:14.536830: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:14.536833: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.536836: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.536839: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:14.536841: | Notify data da 1d 57 f4 65 91 40 01 c0 ee f1 02 40 7f 2d 94 Aug 26 13:09:14.536844: | Notify data 50 ac ab 70 Aug 26 13:09:14.536847: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:14.536849: | natd_hash: rcookie is zero Aug 26 13:09:14.536855: | natd_hash: hasher=0x555ab88cd800(20) Aug 26 13:09:14.536858: | natd_hash: icookie= 2b 7a 7b 28 fb 8d 24 c2 Aug 26 13:09:14.536860: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:14.536863: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:14.536865: | natd_hash: port=500 Aug 26 13:09:14.536868: | natd_hash: hash= 40 84 47 3a 27 26 b5 68 96 41 d9 d1 d6 e0 1c 96 Aug 26 13:09:14.536870: | natd_hash: hash= ab 18 66 5d Aug 26 13:09:14.536872: | Adding a v2N Payload Aug 26 13:09:14.536875: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.536877: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.536880: | flags: none (0x0) Aug 26 13:09:14.536883: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.536885: | SPI size: 0 (0x0) Aug 26 13:09:14.536888: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:14.536891: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.536894: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.536897: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:14.536899: | Notify data 40 84 47 3a 27 26 b5 68 96 41 d9 d1 d6 e0 1c 96 Aug 26 13:09:14.536902: | Notify data ab 18 66 5d Aug 26 13:09:14.536904: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:14.536907: | emitting length of ISAKMP Message: 828 Aug 26 13:09:14.536915: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:14.536921: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.536926: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:14.536929: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:14.536933: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:14.536937: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 13:09:14.536941: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 13:09:14.536946: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:14.536949: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:14.536954: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:14.536961: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 13:09:14.536964: | 2b 7a 7b 28 fb 8d 24 c2 00 00 00 00 00 00 00 00 Aug 26 13:09:14.536966: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:14.536969: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:14.536971: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:14.536974: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:14.536976: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:14.536979: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:14.536981: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:14.536984: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:14.536986: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:14.536989: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:14.536991: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:14.536994: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:14.536996: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:14.536999: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:14.537001: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:14.537003: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:14.537006: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:14.537009: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:14.537011: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:14.537014: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:14.537016: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:14.537019: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:14.537021: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:14.537023: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:14.537026: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:14.537028: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:14.537031: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:14.537033: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:14.537036: | 28 00 01 08 00 0e 00 00 a5 23 25 3a 3b e8 9d 2c Aug 26 13:09:14.537038: | 76 7f 4c c4 0d 91 b0 fa a9 8a e0 39 5f 5c 3b 1e Aug 26 13:09:14.537041: | e2 a6 e0 a4 9b 41 16 2e 4f fa 45 f6 ca 77 77 36 Aug 26 13:09:14.537043: | 2e 90 27 b4 68 dd 49 61 02 a8 73 a5 86 4b 5b 9f Aug 26 13:09:14.537046: | f6 6d ad 77 67 e8 bf f0 77 60 f6 28 f7 8f 77 6a Aug 26 13:09:14.537048: | 04 0d c2 d1 d2 74 d3 8c 49 2f 5a 0d 60 ce 49 fd Aug 26 13:09:14.537051: | c5 0b 96 b7 23 0b 17 09 42 01 ac 75 94 c7 60 a7 Aug 26 13:09:14.537053: | 54 73 3b 9f 78 dd fe f5 a0 7d 5b a0 3e 8f b3 bc Aug 26 13:09:14.537056: | 97 0a a2 04 29 29 12 6a 4d e0 59 f9 51 81 3b 79 Aug 26 13:09:14.537058: | 25 3d 48 54 94 4a 00 c7 e4 6e f7 83 2d e2 3a 16 Aug 26 13:09:14.537061: | ce d6 0a 2b b6 3a 91 fe 78 ed 95 1f 0c 87 02 7c Aug 26 13:09:14.537063: | 43 e2 a3 b2 11 71 cd c9 e5 9a 18 5b 09 22 ba e8 Aug 26 13:09:14.537066: | 63 86 c4 a8 b6 cc f7 6e 5f 43 e2 d9 7f 03 d5 f4 Aug 26 13:09:14.537068: | bd c0 41 b9 e9 01 f9 cc 0a 4f 09 9d f8 71 9e 5d Aug 26 13:09:14.537072: | 3f e0 10 f1 d3 2b 60 18 5b 9a 16 37 9c 88 76 13 Aug 26 13:09:14.537074: | a0 ed a6 f8 f7 61 c3 17 26 72 d7 b7 fa a8 33 bb Aug 26 13:09:14.537077: | 73 02 59 3e 68 e3 8b 63 29 00 00 24 f0 3b f0 08 Aug 26 13:09:14.537079: | 9e 4a 8f 95 07 7c 17 b0 89 c6 28 30 e4 69 2a d6 Aug 26 13:09:14.537082: | cb 16 72 bb 2f 41 29 ad 7c 6d b5 d6 29 00 00 08 Aug 26 13:09:14.537084: | 00 00 40 2e 29 00 00 1c 00 00 40 04 da 1d 57 f4 Aug 26 13:09:14.537087: | 65 91 40 01 c0 ee f1 02 40 7f 2d 94 50 ac ab 70 Aug 26 13:09:14.537089: | 00 00 00 1c 00 00 40 05 40 84 47 3a 27 26 b5 68 Aug 26 13:09:14.537092: | 96 41 d9 d1 d6 e0 1c 96 ab 18 66 5d Aug 26 13:09:14.537143: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.537149: | libevent_free: release ptr-libevent@0x555ab9d1aba8 Aug 26 13:09:14.537152: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555ab9d13d98 Aug 26 13:09:14.537155: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:14.537158: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:14.537162: | event_schedule: new EVENT_RETRANSMIT-pe@0x555ab9d13d98 Aug 26 13:09:14.537166: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Aug 26 13:09:14.537169: | libevent_malloc: new ptr-libevent@0x555ab9cf37b8 size 128 Aug 26 13:09:14.537175: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10240.279628 Aug 26 13:09:14.537179: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:14.537187: | #6 spent 1.73 milliseconds in resume sending helper answer Aug 26 13:09:14.537192: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:14.537195: | libevent_free: release ptr-libevent@0x7f44b4002888 Aug 26 13:09:15.077555: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:15.077575: shutting down Aug 26 13:09:15.077584: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:09:15.077588: destroying root certificate cache Aug 26 13:09:15.077613: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:15.077617: forgetting secrets Aug 26 13:09:15.077627: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:15.077635: | unreference key: 0x555ab9cfdfd8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077640: | unreference key: 0x555ab9cfda88 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077644: | unreference key: 0x555ab9cfd868 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:15.077647: | unreference key: 0x555ab9cfc0b8 east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077652: | unreference key: 0x555ab9cfce08 192.1.2.23 cnt 1-- Aug 26 13:09:15.077660: | unreference key: 0x555ab9cf7538 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077664: | unreference key: 0x555ab9cf7318 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077669: | unreference key: 0x555ab9cf3e78 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:15.077674: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:09:15.077677: | removing pending policy for no connection {0x555ab9bde898} Aug 26 13:09:15.077680: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:15.077683: | pass 0 Aug 26 13:09:15.077686: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.077688: | state #6 Aug 26 13:09:15.077692: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:15.077700: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:15.077703: | pstats #6 ikev2.ike deleted other Aug 26 13:09:15.077707: | #6 spent 2.82 milliseconds in total Aug 26 13:09:15.077712: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:15.077716: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.543s and NOT sending notification Aug 26 13:09:15.077720: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 13:09:15.077723: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:15.077726: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:15.077730: | libevent_free: release ptr-libevent@0x555ab9cf37b8 Aug 26 13:09:15.077733: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555ab9d13d98 Aug 26 13:09:15.077736: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:15.077739: | picked newest_isakmp_sa #0 for #6 Aug 26 13:09:15.077742: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:09:15.077746: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Aug 26 13:09:15.077749: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:09:15.077755: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:09:15.077758: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:09:15.077761: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:15.077763: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 13:09:15.077767: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:09:15.077781: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:15.077787: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:15.077790: | pass 1 Aug 26 13:09:15.077792: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.077796: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:15.077800: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:15.077803: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:15.077831: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:15.077842: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:15.077845: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.077848: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:15.077852: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.077854: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:15.077858: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 13:09:15.077861: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:15.077864: | command executing unroute-client Aug 26 13:09:15.077899: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Aug 26 13:09:15.077906: | popen cmd is 1282 chars long Aug 26 13:09:15.077909: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:15.077912: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:15.077915: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:15.077918: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:15.077921: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:15.077923: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 13:09:15.077926: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 13:09:15.077929: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 13:09:15.077931: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:09:15.077934: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 13:09:15.077937: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Aug 26 13:09:15.077939: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 13:09:15.077942: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 13:09:15.077945: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 13:09:15.077948: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 13:09:15.077950: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Aug 26 13:09:15.077953: | cmd(1280):&1: Aug 26 13:09:15.091096: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091116: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091120: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091122: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091125: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091127: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091129: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091132: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091134: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091137: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091139: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091142: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091144: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091146: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091149: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091151: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091154: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091156: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091158: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091161: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091166: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091169: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091171: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091174: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091176: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091178: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091181: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091183: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091185: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091188: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091190: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091192: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091195: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091197: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091200: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091202: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091204: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091207: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091209: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091211: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091214: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091216: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091218: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091221: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091223: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091225: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.091228: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.096979: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Aug 26 13:09:15.096994: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:09:15.097013: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:09:15.097015: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:15.097017: | pass 0 Aug 26 13:09:15.097019: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.097021: | pass 1 Aug 26 13:09:15.097023: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.097026: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:15.097028: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:15.097030: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:15.097060: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:15.097073: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:15.097078: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.097081: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:15.097085: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:09:15.097088: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:15.097091: | command executing unroute-client Aug 26 13:09:15.097129: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Aug 26 13:09:15.097136: | popen cmd is 1280 chars long Aug 26 13:09:15.097140: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:15.097143: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:15.097146: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:15.097149: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:15.097152: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:15.097155: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 13:09:15.097158: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 13:09:15.097161: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 13:09:15.097164: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:09:15.097167: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:09:15.097170: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 13:09:15.097173: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:09:15.097176: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:09:15.097178: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:09:15.097180: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:09:15.097182: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:15.106953: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106974: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106978: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106981: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106984: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106988: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106999: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107008: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107018: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107026: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107036: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107048: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107056: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107066: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107074: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107083: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107094: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107103: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107112: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107121: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107131: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107140: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107150: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107284: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107299: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107305: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107317: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107327: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107342: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107351: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107356: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107372: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107386: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107398: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107410: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107421: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107437: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107450: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107463: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107472: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107481: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107498: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107507: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107511: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107525: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107535: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107547: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.113960: | free hp@0x555ab9cfb958 Aug 26 13:09:15.113976: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 13:09:15.113983: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 13:09:15.114016: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:09:15.114019: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:09:15.114030: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:09:15.114032: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:09:15.114035: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:09:15.114037: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:09:15.114039: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:09:15.114041: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:09:15.114044: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:09:15.114054: | libevent_free: release ptr-libevent@0x555ab9ce46e8 Aug 26 13:09:15.114057: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf03b8 Aug 26 13:09:15.114064: | libevent_free: release ptr-libevent@0x555ab9c8aec8 Aug 26 13:09:15.114066: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0468 Aug 26 13:09:15.114071: | libevent_free: release ptr-libevent@0x555ab9c8af78 Aug 26 13:09:15.114073: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0518 Aug 26 13:09:15.114079: | libevent_free: release ptr-libevent@0x555ab9c89f38 Aug 26 13:09:15.114080: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf05c8 Aug 26 13:09:15.114085: | libevent_free: release ptr-libevent@0x555ab9c92248 Aug 26 13:09:15.114087: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0678 Aug 26 13:09:15.114092: | libevent_free: release ptr-libevent@0x555ab9c92d68 Aug 26 13:09:15.114094: | free_event_entry: release EVENT_NULL-pe@0x555ab9cf0728 Aug 26 13:09:15.114099: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:15.114468: | libevent_free: release ptr-libevent@0x555ab9ce4798 Aug 26 13:09:15.114476: | free_event_entry: release EVENT_NULL-pe@0x555ab9cd8938 Aug 26 13:09:15.114482: | libevent_free: release ptr-libevent@0x555ab9cd1418 Aug 26 13:09:15.114485: | free_event_entry: release EVENT_NULL-pe@0x555ab9cd8498 Aug 26 13:09:15.114489: | libevent_free: release ptr-libevent@0x555ab9cd1368 Aug 26 13:09:15.114491: | free_event_entry: release EVENT_NULL-pe@0x555ab9c92408 Aug 26 13:09:15.114496: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:09:15.114513: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:09:15.114516: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:09:15.114519: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:09:15.114522: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:09:15.114524: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:09:15.114527: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:09:15.114529: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:09:15.114532: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:09:15.114537: | libevent_free: release ptr-libevent@0x555ab9c969d8 Aug 26 13:09:15.114542: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:09:15.114545: | libevent_free: release ptr-libevent@0x555ab9c0d2d8 Aug 26 13:09:15.114548: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:09:15.114551: | libevent_free: release ptr-libevent@0x555ab9c174e8 Aug 26 13:09:15.114554: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:09:15.114557: | libevent_free: release ptr-libevent@0x555ab9c0f398 Aug 26 13:09:15.114560: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:09:15.114562: | releasing event base Aug 26 13:09:15.114575: | libevent_free: release ptr-libevent@0x555ab9cefdf8 Aug 26 13:09:15.114578: | libevent_free: release ptr-libevent@0x555ab9cd2d58 Aug 26 13:09:15.114582: | libevent_free: release ptr-libevent@0x555ab9cd2d08 Aug 26 13:09:15.114584: | libevent_free: release ptr-libevent@0x555ab9cf2e98 Aug 26 13:09:15.114587: | libevent_free: release ptr-libevent@0x555ab9cd2cc8 Aug 26 13:09:15.114590: | libevent_free: release ptr-libevent@0x555ab9cefa88 Aug 26 13:09:15.114593: | libevent_free: release ptr-libevent@0x555ab9cefcf8 Aug 26 13:09:15.114598: | libevent_free: release ptr-libevent@0x555ab9cd2f08 Aug 26 13:09:15.114600: | libevent_free: release ptr-libevent@0x555ab9cd8508 Aug 26 13:09:15.114603: | libevent_free: release ptr-libevent@0x555ab9cd8168 Aug 26 13:09:15.114606: | libevent_free: release ptr-libevent@0x555ab9cf0798 Aug 26 13:09:15.114608: | libevent_free: release ptr-libevent@0x555ab9cf06e8 Aug 26 13:09:15.114611: | libevent_free: release ptr-libevent@0x555ab9cf0638 Aug 26 13:09:15.114613: | libevent_free: release ptr-libevent@0x555ab9cf0588 Aug 26 13:09:15.114616: | libevent_free: release ptr-libevent@0x555ab9cf04d8 Aug 26 13:09:15.114618: | libevent_free: release ptr-libevent@0x555ab9cf0428 Aug 26 13:09:15.114621: | libevent_free: release ptr-libevent@0x555ab9c0ba08 Aug 26 13:09:15.114623: | libevent_free: release ptr-libevent@0x555ab9cefd78 Aug 26 13:09:15.114626: | libevent_free: release ptr-libevent@0x555ab9cefd38 Aug 26 13:09:15.114629: | libevent_free: release ptr-libevent@0x555ab9cefbf8 Aug 26 13:09:15.114631: | libevent_free: release ptr-libevent@0x555ab9cefdb8 Aug 26 13:09:15.114634: | libevent_free: release ptr-libevent@0x555ab9cefac8 Aug 26 13:09:15.114636: | libevent_free: release ptr-libevent@0x555ab9c98568 Aug 26 13:09:15.114639: | libevent_free: release ptr-libevent@0x555ab9c984e8 Aug 26 13:09:15.114655: | libevent_free: release ptr-libevent@0x555ab9c0bd78 Aug 26 13:09:15.114657: | releasing global libevent data Aug 26 13:09:15.114659: | libevent_free: release ptr-libevent@0x555ab9c986e8 Aug 26 13:09:15.114661: | libevent_free: release ptr-libevent@0x555ab9c98668 Aug 26 13:09:15.114662: | libevent_free: release ptr-libevent@0x555ab9c985e8 Aug 26 13:09:15.114705: leak detective found no leaks