Aug 26 13:09:08.593044: FIPS Product: YES Aug 26 13:09:08.593083: FIPS Kernel: NO Aug 26 13:09:08.593087: FIPS Mode: NO Aug 26 13:09:08.593089: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:08.593230: Initializing NSS Aug 26 13:09:08.593237: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:08.627234: NSS initialized Aug 26 13:09:08.627253: NSS crypto library initialized Aug 26 13:09:08.627256: FIPS HMAC integrity support [enabled] Aug 26 13:09:08.627259: FIPS mode disabled for pluto daemon Aug 26 13:09:08.667182: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:08.667266: libcap-ng support [enabled] Aug 26 13:09:08.667272: Linux audit support [enabled] Aug 26 13:09:08.667378: Linux audit activated Aug 26 13:09:08.667388: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1807 Aug 26 13:09:08.667390: core dump dir: /tmp Aug 26 13:09:08.667392: secrets file: /etc/ipsec.secrets Aug 26 13:09:08.667393: leak-detective enabled Aug 26 13:09:08.667395: NSS crypto [enabled] Aug 26 13:09:08.667396: XAUTH PAM support [enabled] Aug 26 13:09:08.667482: | libevent is using pluto's memory allocator Aug 26 13:09:08.667487: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:08.667502: | libevent_malloc: new ptr-libevent@0x55e7d9af1738 size 40 Aug 26 13:09:08.667504: | libevent_malloc: new ptr-libevent@0x55e7d9af16b8 size 40 Aug 26 13:09:08.667506: | libevent_malloc: new ptr-libevent@0x55e7d9af1638 size 40 Aug 26 13:09:08.667508: | creating event base Aug 26 13:09:08.667511: | libevent_malloc: new ptr-libevent@0x55e7d9ae3268 size 56 Aug 26 13:09:08.667514: | libevent_malloc: new ptr-libevent@0x55e7d9a64da8 size 664 Aug 26 13:09:08.667523: | libevent_malloc: new ptr-libevent@0x55e7d9b2bd58 size 24 Aug 26 13:09:08.667525: | libevent_malloc: new ptr-libevent@0x55e7d9b2bda8 size 384 Aug 26 13:09:08.667533: | libevent_malloc: new ptr-libevent@0x55e7d9b2bd18 size 16 Aug 26 13:09:08.667535: | libevent_malloc: new ptr-libevent@0x55e7d9af15b8 size 40 Aug 26 13:09:08.667537: | libevent_malloc: new ptr-libevent@0x55e7d9af1538 size 48 Aug 26 13:09:08.667540: | libevent_realloc: new ptr-libevent@0x55e7d9a64a38 size 256 Aug 26 13:09:08.667542: | libevent_malloc: new ptr-libevent@0x55e7d9b2bf58 size 16 Aug 26 13:09:08.667546: | libevent_free: release ptr-libevent@0x55e7d9ae3268 Aug 26 13:09:08.667549: | libevent initialized Aug 26 13:09:08.667552: | libevent_realloc: new ptr-libevent@0x55e7d9ae3268 size 64 Aug 26 13:09:08.667556: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:08.667566: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:08.667568: NAT-Traversal support [enabled] Aug 26 13:09:08.667570: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:08.667574: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:08.667576: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:08.667601: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:08.667603: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:08.667605: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:08.667636: Encryption algorithms: Aug 26 13:09:08.667642: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:08.667645: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:08.667647: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:08.667650: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:08.667652: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:08.667657: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:08.667660: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:08.667662: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:08.667664: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:08.667666: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:08.667668: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:08.667671: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:08.667673: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:08.667675: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:08.667678: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:08.667679: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:08.667682: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:08.667686: Hash algorithms: Aug 26 13:09:08.667688: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:08.667690: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:08.667692: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:08.667694: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:08.667696: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:08.667704: PRF algorithms: Aug 26 13:09:08.667706: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:08.667708: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:08.667710: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:08.667712: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:08.667714: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:08.667716: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:08.667732: Integrity algorithms: Aug 26 13:09:08.667734: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:08.667737: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:08.667739: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:08.667741: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:08.667744: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:08.667746: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:08.667748: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:08.667750: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:08.667752: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:08.667759: DH algorithms: Aug 26 13:09:08.667762: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:08.667763: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:08.667765: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:08.667769: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:08.667771: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:08.667772: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:08.667774: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:08.667776: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:08.667778: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:08.667780: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:08.667782: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:08.667784: testing CAMELLIA_CBC: Aug 26 13:09:08.667786: Camellia: 16 bytes with 128-bit key Aug 26 13:09:08.667867: Camellia: 16 bytes with 128-bit key Aug 26 13:09:08.667887: Camellia: 16 bytes with 256-bit key Aug 26 13:09:08.667906: Camellia: 16 bytes with 256-bit key Aug 26 13:09:08.667923: testing AES_GCM_16: Aug 26 13:09:08.667925: empty string Aug 26 13:09:08.667942: one block Aug 26 13:09:08.667958: two blocks Aug 26 13:09:08.667973: two blocks with associated data Aug 26 13:09:08.667989: testing AES_CTR: Aug 26 13:09:08.667991: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:08.668008: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:08.668025: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:08.668042: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:08.668058: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:08.668074: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:08.668091: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:08.668122: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:08.668140: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:08.668172: testing AES_CBC: Aug 26 13:09:08.668174: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:08.668191: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.668232: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.668251: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:08.668272: testing AES_XCBC: Aug 26 13:09:08.668275: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:08.668368: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:08.668447: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:08.668520: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:08.668596: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:08.668670: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:08.668746: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:08.668917: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:08.669003: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:08.669084: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:08.669225: testing HMAC_MD5: Aug 26 13:09:08.669228: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:08.669364: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:08.669458: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:08.669576: 8 CPU cores online Aug 26 13:09:08.669579: starting up 7 crypto helpers Aug 26 13:09:08.669608: started thread for crypto helper 0 Aug 26 13:09:08.669634: | starting up helper thread 0 Aug 26 13:09:08.669640: started thread for crypto helper 1 Aug 26 13:09:08.669647: | starting up helper thread 1 Aug 26 13:09:08.669650: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:08.669676: started thread for crypto helper 2 Aug 26 13:09:08.669663: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:08.669682: | starting up helper thread 2 Aug 26 13:09:08.669687: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:08.669700: | starting up helper thread 3 Aug 26 13:09:08.669702: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:08.669697: started thread for crypto helper 3 Aug 26 13:09:08.669712: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:08.669713: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:08.669748: started thread for crypto helper 4 Aug 26 13:09:08.669773: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:08.669773: | starting up helper thread 4 Aug 26 13:09:08.669781: started thread for crypto helper 5 Aug 26 13:09:08.669785: | starting up helper thread 5 Aug 26 13:09:08.669804: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:08.669798: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:08.669807: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:08.669824: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:08.669808: started thread for crypto helper 6 Aug 26 13:09:08.669868: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:08.669812: | starting up helper thread 6 Aug 26 13:09:08.669878: | checking IKEv1 state table Aug 26 13:09:08.669878: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:08.669883: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:08.669884: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.669890: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:08.669892: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.669894: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:08.669896: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:08.669897: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:08.669899: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.669900: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.669902: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:08.669904: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:08.669905: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.669907: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:08.669908: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:08.669910: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.669912: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.669931: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:08.669933: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:08.669935: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.669936: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.669938: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:08.669940: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:08.669941: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669943: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:08.669945: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669946: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.669948: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:08.669950: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.669951: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:08.669953: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:08.669955: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:08.669956: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:08.669958: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:08.669959: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:08.669961: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669963: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.669964: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669966: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:08.669968: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:08.669972: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:08.669973: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:08.669975: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:08.669977: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:08.669978: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:08.669980: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669982: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:08.669983: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669985: | INFO: category: informational flags: 0: Aug 26 13:09:08.669987: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669988: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:08.669990: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.669992: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:08.669993: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:08.669995: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:08.669997: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:08.669998: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:08.670000: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:08.670002: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:08.670003: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:08.670005: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.670007: | -> UNDEFINED EVENT_NULL Aug 26 13:09:08.670008: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:08.670010: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:08.670012: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.670013: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:08.670015: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:08.670017: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:08.670021: | checking IKEv2 state table Aug 26 13:09:08.670025: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:08.670027: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:08.670029: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.670031: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:08.670033: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:08.670035: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:08.670037: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:08.670039: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:08.670041: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:08.670042: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:08.670044: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:08.670046: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:08.670048: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:08.670050: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:08.670051: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:08.670053: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:08.670055: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:08.670056: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:08.670058: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:08.670060: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:08.670062: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:08.670064: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:08.670066: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:08.670068: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:08.670070: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:08.670072: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:08.670074: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.670076: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:08.670077: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:08.670079: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:08.670081: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.670083: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:08.670085: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:08.670087: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:08.670089: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:08.670090: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:08.670092: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:08.670094: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:08.670096: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:08.670098: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:08.670100: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:08.670101: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:08.670103: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:08.670105: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:08.670107: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:08.670109: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:08.670111: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:08.670119: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:08.670171: | Hard-wiring algorithms Aug 26 13:09:08.670174: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:08.670177: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:08.670178: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:08.670180: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:08.670181: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:08.670183: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:08.670185: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:08.670186: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:08.670188: | adding AES_CTR to kernel algorithm db Aug 26 13:09:08.670190: | adding AES_CBC to kernel algorithm db Aug 26 13:09:08.670191: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:08.670193: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:08.670195: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:08.670197: | adding NULL to kernel algorithm db Aug 26 13:09:08.670198: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:08.670200: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:08.670202: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:08.670203: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:08.670205: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:08.670207: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:08.670208: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:08.670210: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:08.670211: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:08.670213: | adding NONE to kernel algorithm db Aug 26 13:09:08.670228: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:08.670232: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:08.670234: | setup kernel fd callback Aug 26 13:09:08.670236: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55e7d9aeb458 Aug 26 13:09:08.670238: | libevent_malloc: new ptr-libevent@0x55e7d9b2a3b8 size 128 Aug 26 13:09:08.670240: | libevent_malloc: new ptr-libevent@0x55e7d9b31558 size 16 Aug 26 13:09:08.670244: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55e7d9b314e8 Aug 26 13:09:08.670246: | libevent_malloc: new ptr-libevent@0x55e7d9b2a468 size 128 Aug 26 13:09:08.670248: | libevent_malloc: new ptr-libevent@0x55e7d9b311b8 size 16 Aug 26 13:09:08.670407: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:08.670416: selinux support is enabled. Aug 26 13:09:08.670587: | unbound context created - setting debug level to 5 Aug 26 13:09:08.670622: | /etc/hosts lookups activated Aug 26 13:09:08.670635: | /etc/resolv.conf usage activated Aug 26 13:09:08.670685: | outgoing-port-avoid set 0-65535 Aug 26 13:09:08.670703: | outgoing-port-permit set 32768-60999 Aug 26 13:09:08.670705: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:08.670707: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:08.670709: | Setting up events, loop start Aug 26 13:09:08.670712: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55e7d9b31988 Aug 26 13:09:08.670714: | libevent_malloc: new ptr-libevent@0x55e7d9b3d7e8 size 128 Aug 26 13:09:08.670716: | libevent_malloc: new ptr-libevent@0x55e7d9b48ad8 size 16 Aug 26 13:09:08.670720: | libevent_realloc: new ptr-libevent@0x55e7d9b48b18 size 256 Aug 26 13:09:08.670723: | libevent_malloc: new ptr-libevent@0x55e7d9b48c48 size 8 Aug 26 13:09:08.670725: | libevent_realloc: new ptr-libevent@0x55e7d9b48c88 size 144 Aug 26 13:09:08.670727: | libevent_malloc: new ptr-libevent@0x55e7d9aefa28 size 152 Aug 26 13:09:08.670729: | libevent_malloc: new ptr-libevent@0x55e7d9b48d48 size 16 Aug 26 13:09:08.670732: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:08.670734: | libevent_malloc: new ptr-libevent@0x55e7d9b48d88 size 8 Aug 26 13:09:08.670737: | libevent_malloc: new ptr-libevent@0x55e7d9a66308 size 152 Aug 26 13:09:08.670739: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:08.670741: | libevent_malloc: new ptr-libevent@0x55e7d9b48dc8 size 8 Aug 26 13:09:08.670743: | libevent_malloc: new ptr-libevent@0x55e7d9a70508 size 152 Aug 26 13:09:08.670745: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:08.670746: | libevent_malloc: new ptr-libevent@0x55e7d9b48e08 size 8 Aug 26 13:09:08.670748: | libevent_realloc: release ptr-libevent@0x55e7d9b48c88 Aug 26 13:09:08.670750: | libevent_realloc: new ptr-libevent@0x55e7d9b48e48 size 256 Aug 26 13:09:08.670752: | libevent_malloc: new ptr-libevent@0x55e7d9a683b8 size 152 Aug 26 13:09:08.670754: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:08.671002: | created addconn helper (pid:1868) using fork+execve Aug 26 13:09:08.671016: | forked child 1868 Aug 26 13:09:08.671059: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.671076: listening for IKE messages Aug 26 13:09:08.671104: | Inspecting interface lo Aug 26 13:09:08.671110: | found lo with address 127.0.0.1 Aug 26 13:09:08.671114: | Inspecting interface eth0 Aug 26 13:09:08.671117: | found eth0 with address 192.0.2.254 Aug 26 13:09:08.671119: | Inspecting interface eth1 Aug 26 13:09:08.671122: | found eth1 with address 192.1.2.23 Aug 26 13:09:08.671200: Kernel supports NIC esp-hw-offload Aug 26 13:09:08.671208: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:09:08.671225: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.671229: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.671232: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:09:08.671253: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:09:08.671268: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.671271: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.671273: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:09:08.671296: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:08.671321: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:08.671325: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:08.671327: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:08.671371: | no interfaces to sort Aug 26 13:09:08.671374: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:08.671379: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49408 Aug 26 13:09:08.671381: | libevent_malloc: new ptr-libevent@0x55e7d9b3d738 size 128 Aug 26 13:09:08.671384: | libevent_malloc: new ptr-libevent@0x55e7d9b49478 size 16 Aug 26 13:09:08.671388: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:08.671413: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b494b8 Aug 26 13:09:08.671417: | libevent_malloc: new ptr-libevent@0x55e7d9ae3f18 size 128 Aug 26 13:09:08.671419: | libevent_malloc: new ptr-libevent@0x55e7d9b49528 size 16 Aug 26 13:09:08.671422: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:08.671424: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49568 Aug 26 13:09:08.671427: | libevent_malloc: new ptr-libevent@0x55e7d9ae3fc8 size 128 Aug 26 13:09:08.671429: | libevent_malloc: new ptr-libevent@0x55e7d9b495d8 size 16 Aug 26 13:09:08.671432: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:09:08.671433: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49618 Aug 26 13:09:08.671436: | libevent_malloc: new ptr-libevent@0x55e7d9ae2f88 size 128 Aug 26 13:09:08.671438: | libevent_malloc: new ptr-libevent@0x55e7d9b49688 size 16 Aug 26 13:09:08.671441: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:09:08.671443: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b496c8 Aug 26 13:09:08.671445: | libevent_malloc: new ptr-libevent@0x55e7d9aeb298 size 128 Aug 26 13:09:08.671447: | libevent_malloc: new ptr-libevent@0x55e7d9b49738 size 16 Aug 26 13:09:08.671450: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:08.671452: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49778 Aug 26 13:09:08.671454: | libevent_malloc: new ptr-libevent@0x55e7d9aebdb8 size 128 Aug 26 13:09:08.671455: | libevent_malloc: new ptr-libevent@0x55e7d9b497e8 size 16 Aug 26 13:09:08.671458: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:08.671461: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:08.671463: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:08.671489: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:08.671501: | saving Modulus Aug 26 13:09:08.671503: | saving PublicExponent Aug 26 13:09:08.671506: | ignoring PrivateExponent Aug 26 13:09:08.671508: | ignoring Prime1 Aug 26 13:09:08.671510: | ignoring Prime2 Aug 26 13:09:08.671512: | ignoring Exponent1 Aug 26 13:09:08.671514: | ignoring Exponent2 Aug 26 13:09:08.671516: | ignoring Coefficient Aug 26 13:09:08.671518: | ignoring CKAIDNSS Aug 26 13:09:08.671539: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:08.671542: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:08.671544: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:08.671549: | certs and keys locked by 'process_secret' Aug 26 13:09:08.671552: | certs and keys unlocked by 'process_secret' Aug 26 13:09:08.671560: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.671565: | spent 0.482 milliseconds in whack Aug 26 13:09:08.689428: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.689475: listening for IKE messages Aug 26 13:09:08.701785: | Inspecting interface lo Aug 26 13:09:08.701802: | found lo with address 127.0.0.1 Aug 26 13:09:08.701807: | Inspecting interface eth0 Aug 26 13:09:08.701811: | found eth0 with address 192.0.2.254 Aug 26 13:09:08.701813: | Inspecting interface eth1 Aug 26 13:09:08.701817: | found eth1 with address 192.1.2.23 Aug 26 13:09:08.701873: | no interfaces to sort Aug 26 13:09:08.701885: | libevent_free: release ptr-libevent@0x55e7d9b3d738 Aug 26 13:09:08.701890: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49408 Aug 26 13:09:08.701893: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49408 Aug 26 13:09:08.701897: | libevent_malloc: new ptr-libevent@0x55e7d9b3d738 size 128 Aug 26 13:09:08.701906: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:08.701911: | libevent_free: release ptr-libevent@0x55e7d9ae3f18 Aug 26 13:09:08.701914: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b494b8 Aug 26 13:09:08.701917: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b494b8 Aug 26 13:09:08.701920: | libevent_malloc: new ptr-libevent@0x55e7d9ae3f18 size 128 Aug 26 13:09:08.701925: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:08.701930: | libevent_free: release ptr-libevent@0x55e7d9ae3fc8 Aug 26 13:09:08.701933: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49568 Aug 26 13:09:08.701935: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49568 Aug 26 13:09:08.701938: | libevent_malloc: new ptr-libevent@0x55e7d9ae3fc8 size 128 Aug 26 13:09:08.701943: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:09:08.701948: | libevent_free: release ptr-libevent@0x55e7d9ae2f88 Aug 26 13:09:08.701951: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49618 Aug 26 13:09:08.701954: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49618 Aug 26 13:09:08.701957: | libevent_malloc: new ptr-libevent@0x55e7d9ae2f88 size 128 Aug 26 13:09:08.701962: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:09:08.701966: | libevent_free: release ptr-libevent@0x55e7d9aeb298 Aug 26 13:09:08.701969: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b496c8 Aug 26 13:09:08.701971: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b496c8 Aug 26 13:09:08.701974: | libevent_malloc: new ptr-libevent@0x55e7d9aeb298 size 128 Aug 26 13:09:08.701979: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:08.701984: | libevent_free: release ptr-libevent@0x55e7d9aebdb8 Aug 26 13:09:08.701987: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49778 Aug 26 13:09:08.701990: | add_fd_read_event_handler: new ethX-pe@0x55e7d9b49778 Aug 26 13:09:08.701993: | libevent_malloc: new ptr-libevent@0x55e7d9aebdb8 size 128 Aug 26 13:09:08.701998: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:08.702002: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:08.702006: forgetting secrets Aug 26 13:09:08.702018: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:08.702035: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:08.702053: | saving Modulus Aug 26 13:09:08.702057: | saving PublicExponent Aug 26 13:09:08.702061: | ignoring PrivateExponent Aug 26 13:09:08.702065: | ignoring Prime1 Aug 26 13:09:08.702068: | ignoring Prime2 Aug 26 13:09:08.702072: | ignoring Exponent1 Aug 26 13:09:08.702075: | ignoring Exponent2 Aug 26 13:09:08.702078: | ignoring Coefficient Aug 26 13:09:08.702081: | ignoring CKAIDNSS Aug 26 13:09:08.702101: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:08.702105: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:08.702109: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:08.702116: | certs and keys locked by 'process_secret' Aug 26 13:09:08.702119: | certs and keys unlocked by 'process_secret' Aug 26 13:09:08.702131: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.702140: | spent 0.483 milliseconds in whack Aug 26 13:09:08.702745: | processing signal PLUTO_SIGCHLD Aug 26 13:09:08.702760: | waitpid returned pid 1868 (exited with status 0) Aug 26 13:09:08.702766: | reaped addconn helper child (status 0) Aug 26 13:09:08.702771: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:08.702775: | spent 0.0183 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:08.751146: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.751174: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.751178: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.751181: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.751184: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.751188: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.751196: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.751200: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:08.751261: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:08.751266: | from whack: got --esp= Aug 26 13:09:08.751308: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:08.752115: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.752126: | loading left certificate 'north' pubkey Aug 26 13:09:08.752198: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b50698 Aug 26 13:09:08.752202: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b50798 Aug 26 13:09:08.752204: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b511a8 Aug 26 13:09:08.752315: | unreference key: 0x55e7d9a37c48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.752424: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:09:08.752432: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:08.752645: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.752651: | loading right certificate 'east' pubkey Aug 26 13:09:08.752708: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b51618 Aug 26 13:09:08.752712: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b50ab8 Aug 26 13:09:08.752714: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b4cf28 Aug 26 13:09:08.752716: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b510a8 Aug 26 13:09:08.752717: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b4cb28 Aug 26 13:09:08.752859: | unreference key: 0x55e7d9b551e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.752976: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:09:08.752980: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:09:08.752985: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:08.752992: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 13:09:08.752994: | new hp@0x55e7d9b57b88 Aug 26 13:09:08.752998: added connection description "northnet-eastnets/0x1" Aug 26 13:09:08.753011: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.753038: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:09:08.753044: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.753049: | spent 1.91 milliseconds in whack Aug 26 13:09:08.753118: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.753128: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.753130: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.753132: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.753133: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:08.753136: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:08.753139: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.753141: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:08.753173: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:08.753175: | from whack: got --esp= Aug 26 13:09:08.753197: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:08.753266: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.753271: | loading left certificate 'north' pubkey Aug 26 13:09:08.753323: | unreference key: 0x55e7d9b51668 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753338: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b58598 Aug 26 13:09:08.753341: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b58548 Aug 26 13:09:08.753343: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b59668 Aug 26 13:09:08.753380: | unreference key: 0x55e7d9b50cd8 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:08.753413: | unreference key: 0x55e7d9b51448 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753459: | unreference key: 0x55e7d9b58798 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753537: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:09:08.753544: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:08.753600: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:08.753605: | loading right certificate 'east' pubkey Aug 26 13:09:08.753640: | unreference key: 0x55e7d9b57708 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753648: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b58548 Aug 26 13:09:08.753653: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b59668 Aug 26 13:09:08.753655: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b589c8 Aug 26 13:09:08.753657: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b58978 Aug 26 13:09:08.753658: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b58928 Aug 26 13:09:08.753691: | unreference key: 0x55e7d9b56668 192.1.2.23 cnt 1-- Aug 26 13:09:08.753723: | unreference key: 0x55e7d9b56b78 east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753754: | unreference key: 0x55e7d9b56dd8 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:08.753786: | unreference key: 0x55e7d9b574f8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753819: | unreference key: 0x55e7d9b58b48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:08.753852: | secrets entry for east already exists Aug 26 13:09:08.753858: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:08.753863: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:08.753866: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55e7d9b57b88: northnet-eastnets/0x1 Aug 26 13:09:08.753867: added connection description "northnet-eastnets/0x2" Aug 26 13:09:08.753875: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:08.753901: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:09:08.753908: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.753912: | spent 0.795 milliseconds in whack Aug 26 13:09:08.813725: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.814036: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:08.814043: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:08.814220: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:08.814234: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.814242: | spent 0.525 milliseconds in whack Aug 26 13:09:08.869674: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:08.869695: | old debugging base+cpu-usage + none Aug 26 13:09:08.869697: | base debugging = base+cpu-usage Aug 26 13:09:08.869699: | old impairing none + suppress-retransmits Aug 26 13:09:08.869715: | base impairing = suppress-retransmits Aug 26 13:09:08.869721: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:08.869726: | spent 0.0736 milliseconds in whack Aug 26 13:09:10.889801: | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.889832: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.889836: | b3 c9 36 04 cf b9 66 c7 00 00 00 00 00 00 00 00 Aug 26 13:09:10.889838: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:10.889841: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.889843: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:10.889845: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:10.889848: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:10.889850: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:10.889852: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:10.889854: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:10.889860: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:10.889863: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:10.889865: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:10.889867: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:10.889869: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:10.889871: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:10.889873: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:10.889875: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:10.889877: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:10.889879: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:10.889882: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:10.889884: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:10.889886: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:10.889888: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:10.889890: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:10.889892: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:10.889895: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:10.889897: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:10.889899: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:10.889901: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:10.889903: | 28 00 01 08 00 0e 00 00 5b 6d 6c 83 77 7c 06 9b Aug 26 13:09:10.889905: | be de ac 9d 5b 8c 1f 44 e3 93 2b 51 71 da 47 f2 Aug 26 13:09:10.889907: | d1 bb 2c 66 f1 73 0d 9d 6f 54 b7 48 42 37 ac b4 Aug 26 13:09:10.889910: | ce 92 fa ae 27 d5 de b4 db 9c 24 a4 86 a5 d9 b9 Aug 26 13:09:10.889912: | 07 f7 a5 ab 86 7e 98 c7 66 16 44 7d 14 12 52 da Aug 26 13:09:10.889914: | a8 4d b3 e8 65 ac 31 64 57 14 6f 61 e1 98 f5 ec Aug 26 13:09:10.889916: | 46 e8 cf 64 7f 05 86 40 21 9d 7e 5b a7 db c4 10 Aug 26 13:09:10.889919: | a6 ca d5 99 8c 73 58 b9 04 00 ad 2f 1d da 0e 5c Aug 26 13:09:10.889922: | 04 55 5f 7b 5a 63 0e 38 15 e4 ab 2b 27 df 5d d9 Aug 26 13:09:10.889924: | 2d 69 e0 10 86 8e d5 9a 86 09 10 44 8f 48 e8 04 Aug 26 13:09:10.889926: | bd 54 d0 67 a1 30 87 b5 cf f7 28 95 d3 aa 24 cf Aug 26 13:09:10.889929: | b2 cc c8 d0 ae d0 d6 6c 20 01 2c 82 eb 5b 13 76 Aug 26 13:09:10.889931: | 5a ec cf 26 d2 77 d4 f9 41 e9 34 7a 89 98 ea ea Aug 26 13:09:10.889934: | 4d 97 ac cb 6b d4 bb 4f 10 d3 da 63 60 5a 66 4d Aug 26 13:09:10.889936: | 10 bb 04 49 1e 3d de fd 60 fd 2e 4e 35 58 3e d9 Aug 26 13:09:10.889938: | 8b 86 d2 8d 5a aa f0 d4 73 7c 16 6e c4 e8 df 86 Aug 26 13:09:10.889940: | 68 78 7b e7 3c 4d 40 56 29 00 00 24 54 23 39 8d Aug 26 13:09:10.889943: | e2 9e 44 f2 b4 01 b6 16 b2 81 0d cd 11 63 aa 0c Aug 26 13:09:10.889945: | e8 fb 57 fe 4d d1 d6 d2 eb 48 bb f4 29 00 00 08 Aug 26 13:09:10.889947: | 00 00 40 2e 29 00 00 1c 00 00 40 04 35 9b a5 62 Aug 26 13:09:10.889949: | 6c 3e 01 d9 7e 2f 8e a6 9e 38 e1 4b 70 b4 4a 81 Aug 26 13:09:10.889951: | 00 00 00 1c 00 00 40 05 9a 88 fd a1 ae 5c 4b 3a Aug 26 13:09:10.889953: | 30 ed 90 7b 11 7f 06 b4 1d a8 1b 4b Aug 26 13:09:10.889960: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.889964: | **parse ISAKMP Message: Aug 26 13:09:10.889967: | initiator cookie: Aug 26 13:09:10.889969: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.889971: | responder cookie: Aug 26 13:09:10.889973: | 00 00 00 00 00 00 00 00 Aug 26 13:09:10.889976: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.889979: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.889981: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.889984: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.889989: | Message ID: 0 (0x0) Aug 26 13:09:10.889992: | length: 828 (0x33c) Aug 26 13:09:10.889995: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:10.889999: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:09:10.890002: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:10.890005: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.890008: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:10.890011: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.890013: | flags: none (0x0) Aug 26 13:09:10.890016: | length: 436 (0x1b4) Aug 26 13:09:10.890018: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:09:10.890021: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.890023: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.890026: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.890028: | flags: none (0x0) Aug 26 13:09:10.890031: | length: 264 (0x108) Aug 26 13:09:10.890034: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.890035: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.890037: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.890039: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:10.890040: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.890042: | flags: none (0x0) Aug 26 13:09:10.890044: | length: 36 (0x24) Aug 26 13:09:10.890045: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.890047: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.890049: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.890050: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.890052: | flags: none (0x0) Aug 26 13:09:10.890053: | length: 8 (0x8) Aug 26 13:09:10.890055: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.890057: | SPI size: 0 (0x0) Aug 26 13:09:10.890059: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.890060: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:10.890062: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.890064: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.890065: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.890067: | flags: none (0x0) Aug 26 13:09:10.890068: | length: 28 (0x1c) Aug 26 13:09:10.890070: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.890071: | SPI size: 0 (0x0) Aug 26 13:09:10.890073: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.890075: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.890076: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.890078: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.890080: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.890081: | flags: none (0x0) Aug 26 13:09:10.890083: | length: 28 (0x1c) Aug 26 13:09:10.890084: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.890086: | SPI size: 0 (0x0) Aug 26 13:09:10.890087: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.890089: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.890091: | DDOS disabled and no cookie sent, continuing Aug 26 13:09:10.890095: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.890099: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.890101: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:10.890104: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 13:09:10.890106: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 13:09:10.890108: | find_next_host_connection returns empty Aug 26 13:09:10.890110: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.890114: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:10.890116: | find_next_host_connection returns empty Aug 26 13:09:10.890118: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:09:10.890121: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:09:10.890124: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.890126: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.890128: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 13:09:10.890130: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 13:09:10.890131: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.890133: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 13:09:10.890135: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 13:09:10.890137: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:10.890138: | find_next_host_connection returns empty Aug 26 13:09:10.890140: | found connection: northnet-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 13:09:10.890156: | creating state object #1 at 0x55e7d9b59c78 Aug 26 13:09:10.890158: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:10.890165: | pstats #1 ikev2.ike started Aug 26 13:09:10.890167: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:10.890169: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:09:10.890173: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.890181: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.890184: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:10.890189: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:10.890192: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:09:10.890196: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:09:10.890200: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:09:10.890203: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:09:10.890206: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:09:10.890208: | Now let's proceed with state specific processing Aug 26 13:09:10.890211: | calling processor Respond to IKE_SA_INIT Aug 26 13:09:10.890221: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.890225: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 13:09:10.890232: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.890238: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.890241: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.890244: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.890247: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.890253: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.890255: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.890258: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.890265: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.890267: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:09:10.890271: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.890273: | local proposal 1 type PRF has 2 transforms Aug 26 13:09:10.890274: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.890276: | local proposal 1 type DH has 8 transforms Aug 26 13:09:10.890278: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:10.890280: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.890282: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.890283: | local proposal 2 type PRF has 2 transforms Aug 26 13:09:10.890285: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.890287: | local proposal 2 type DH has 8 transforms Aug 26 13:09:10.890297: | local proposal 2 type ESN has 0 transforms Aug 26 13:09:10.890301: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.890303: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.890306: | local proposal 3 type PRF has 2 transforms Aug 26 13:09:10.890308: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.890310: | local proposal 3 type DH has 8 transforms Aug 26 13:09:10.890313: | local proposal 3 type ESN has 0 transforms Aug 26 13:09:10.890315: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.890317: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.890319: | local proposal 4 type PRF has 2 transforms Aug 26 13:09:10.890320: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.890322: | local proposal 4 type DH has 8 transforms Aug 26 13:09:10.890324: | local proposal 4 type ESN has 0 transforms Aug 26 13:09:10.890325: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.890328: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.890330: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.890332: | length: 100 (0x64) Aug 26 13:09:10.890333: | prop #: 1 (0x1) Aug 26 13:09:10.890335: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.890336: | spi size: 0 (0x0) Aug 26 13:09:10.890338: | # transforms: 11 (0xb) Aug 26 13:09:10.890341: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:10.890343: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890346: | length: 12 (0xc) Aug 26 13:09:10.890363: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.890365: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.890367: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.890369: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.890371: | length/value: 256 (0x100) Aug 26 13:09:10.890373: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.890375: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890378: | length: 8 (0x8) Aug 26 13:09:10.890380: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890382: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.890384: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:10.890386: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:09:10.890388: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:09:10.890390: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:09:10.890406: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890409: | length: 8 (0x8) Aug 26 13:09:10.890411: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890413: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.890414: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890418: | length: 8 (0x8) Aug 26 13:09:10.890419: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890421: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.890423: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.890425: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:09:10.890440: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:09:10.890442: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:09:10.890444: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890447: | length: 8 (0x8) Aug 26 13:09:10.890449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890450: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.890452: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890455: | length: 8 (0x8) Aug 26 13:09:10.890456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890458: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.890460: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890463: | length: 8 (0x8) Aug 26 13:09:10.890464: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890466: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.890468: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890471: | length: 8 (0x8) Aug 26 13:09:10.890472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890474: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.890476: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890479: | length: 8 (0x8) Aug 26 13:09:10.890480: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890484: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.890486: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890489: | length: 8 (0x8) Aug 26 13:09:10.890491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890492: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.890494: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890496: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.890497: | length: 8 (0x8) Aug 26 13:09:10.890499: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890500: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.890503: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:09:10.890506: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:09:10.890507: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.890509: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.890511: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.890512: | length: 100 (0x64) Aug 26 13:09:10.890514: | prop #: 2 (0x2) Aug 26 13:09:10.890530: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.890532: | spi size: 0 (0x0) Aug 26 13:09:10.890533: | # transforms: 11 (0xb) Aug 26 13:09:10.890536: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.890537: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890540: | length: 12 (0xc) Aug 26 13:09:10.890542: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.890544: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.890545: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.890547: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.890549: | length/value: 128 (0x80) Aug 26 13:09:10.890550: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890554: | length: 8 (0x8) Aug 26 13:09:10.890555: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890557: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.890559: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890562: | length: 8 (0x8) Aug 26 13:09:10.890563: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890578: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.890580: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890583: | length: 8 (0x8) Aug 26 13:09:10.890584: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890586: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.890587: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890590: | length: 8 (0x8) Aug 26 13:09:10.890592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890594: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.890595: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890598: | length: 8 (0x8) Aug 26 13:09:10.890600: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890601: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.890603: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890606: | length: 8 (0x8) Aug 26 13:09:10.890608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890610: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.890612: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890615: | length: 8 (0x8) Aug 26 13:09:10.890617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890618: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.890620: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890623: | length: 8 (0x8) Aug 26 13:09:10.890624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890626: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.890628: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890631: | length: 8 (0x8) Aug 26 13:09:10.890632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890634: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.890636: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890637: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.890654: | length: 8 (0x8) Aug 26 13:09:10.890656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890659: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.890663: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:09:10.890665: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:09:10.890667: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.890669: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.890671: | length: 116 (0x74) Aug 26 13:09:10.890674: | prop #: 3 (0x3) Aug 26 13:09:10.890676: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.890679: | spi size: 0 (0x0) Aug 26 13:09:10.890681: | # transforms: 13 (0xd) Aug 26 13:09:10.890683: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.890686: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890691: | length: 12 (0xc) Aug 26 13:09:10.890693: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.890696: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.890698: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.890700: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.890701: | length/value: 256 (0x100) Aug 26 13:09:10.890703: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890705: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890707: | length: 8 (0x8) Aug 26 13:09:10.890708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890710: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.890712: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890715: | length: 8 (0x8) Aug 26 13:09:10.890716: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890718: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.890720: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890723: | length: 8 (0x8) Aug 26 13:09:10.890724: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.890726: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.890728: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890731: | length: 8 (0x8) Aug 26 13:09:10.890733: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.890734: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.890737: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890740: | length: 8 (0x8) Aug 26 13:09:10.890742: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890744: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.890745: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890749: | length: 8 (0x8) Aug 26 13:09:10.890750: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890752: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.890754: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890757: | length: 8 (0x8) Aug 26 13:09:10.890759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890762: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.890764: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890767: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890769: | length: 8 (0x8) Aug 26 13:09:10.890772: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890774: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.890777: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890782: | length: 8 (0x8) Aug 26 13:09:10.890785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890787: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.890790: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890794: | length: 8 (0x8) Aug 26 13:09:10.890796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890797: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.890799: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890802: | length: 8 (0x8) Aug 26 13:09:10.890804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890806: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.890807: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890809: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.890811: | length: 8 (0x8) Aug 26 13:09:10.890812: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890814: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.890816: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:09:10.890818: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:09:10.890820: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.890822: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.890823: | length: 116 (0x74) Aug 26 13:09:10.890825: | prop #: 4 (0x4) Aug 26 13:09:10.890827: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.890828: | spi size: 0 (0x0) Aug 26 13:09:10.890830: | # transforms: 13 (0xd) Aug 26 13:09:10.890832: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.890834: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890837: | length: 12 (0xc) Aug 26 13:09:10.890838: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.890840: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.890842: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.890843: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.890845: | length/value: 128 (0x80) Aug 26 13:09:10.890847: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890852: | length: 8 (0x8) Aug 26 13:09:10.890854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890855: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.890857: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890860: | length: 8 (0x8) Aug 26 13:09:10.890862: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.890863: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.890865: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890868: | length: 8 (0x8) Aug 26 13:09:10.890870: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.890872: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.890873: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890877: | length: 8 (0x8) Aug 26 13:09:10.890878: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.890880: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.890882: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890885: | length: 8 (0x8) Aug 26 13:09:10.890886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890888: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.890890: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890893: | length: 8 (0x8) Aug 26 13:09:10.890894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890896: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.890898: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890901: | length: 8 (0x8) Aug 26 13:09:10.890902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890904: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.890906: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890907: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890909: | length: 8 (0x8) Aug 26 13:09:10.890911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890912: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.890914: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890917: | length: 8 (0x8) Aug 26 13:09:10.890919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890920: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.890922: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890925: | length: 8 (0x8) Aug 26 13:09:10.890927: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890928: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.890930: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.890933: | length: 8 (0x8) Aug 26 13:09:10.890935: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890936: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.890938: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.890940: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.890941: | length: 8 (0x8) Aug 26 13:09:10.890943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.890945: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.890947: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:09:10.890950: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:09:10.890953: "northnet-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:09:10.890956: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:09:10.890958: | converting proposal to internal trans attrs Aug 26 13:09:10.890961: | natd_hash: rcookie is zero Aug 26 13:09:10.890971: | natd_hash: hasher=0x55e7d8139800(20) Aug 26 13:09:10.890973: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.890975: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.890977: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.890978: | natd_hash: port=500 Aug 26 13:09:10.890980: | natd_hash: hash= 9a 88 fd a1 ae 5c 4b 3a 30 ed 90 7b 11 7f 06 b4 Aug 26 13:09:10.890981: | natd_hash: hash= 1d a8 1b 4b Aug 26 13:09:10.890983: | natd_hash: rcookie is zero Aug 26 13:09:10.890986: | natd_hash: hasher=0x55e7d8139800(20) Aug 26 13:09:10.890988: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.890990: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.890991: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.891006: | natd_hash: port=500 Aug 26 13:09:10.891007: | natd_hash: hash= 35 9b a5 62 6c 3e 01 d9 7e 2f 8e a6 9e 38 e1 4b Aug 26 13:09:10.891009: | natd_hash: hash= 70 b4 4a 81 Aug 26 13:09:10.891011: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:10.891012: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:10.891014: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:10.891016: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:09:10.891020: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:09:10.891022: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b59c08 Aug 26 13:09:10.891025: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.891028: | libevent_malloc: new ptr-libevent@0x55e7d9b510f8 size 128 Aug 26 13:09:10.891036: | #1 spent 0.816 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:09:10.891054: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.891057: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:10.891058: | suspending state #1 and saving MD Aug 26 13:09:10.891060: | crypto helper 0 resuming Aug 26 13:09:10.891060: | #1 is busy; has a suspended MD Aug 26 13:09:10.891077: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:10.891085: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.891088: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:09:10.891090: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.891098: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.891104: | #1 spent 1.28 milliseconds in ikev2_process_packet() Aug 26 13:09:10.891108: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.891110: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.891112: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.891114: | spent 1.29 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.892015: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000926 seconds Aug 26 13:09:10.892025: | (#1) spent 0.932 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:09:10.892028: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:10.892030: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.892032: | libevent_malloc: new ptr-libevent@0x7f9cd4002888 size 128 Aug 26 13:09:10.892038: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.892069: | processing resume sending helper answer for #1 Aug 26 13:09:10.892078: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.892082: | crypto helper 0 replies to request ID 1 Aug 26 13:09:10.892084: | calling continuation function 0x55e7d8064b50 Aug 26 13:09:10.892086: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:09:10.892110: | **emit ISAKMP Message: Aug 26 13:09:10.892112: | initiator cookie: Aug 26 13:09:10.892113: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.892115: | responder cookie: Aug 26 13:09:10.892116: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.892118: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.892120: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.892122: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.892124: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.892126: | Message ID: 0 (0x0) Aug 26 13:09:10.892128: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.892130: | Emitting ikev2_proposal ... Aug 26 13:09:10.892132: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:10.892133: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892135: | flags: none (0x0) Aug 26 13:09:10.892150: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.892153: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892155: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.892156: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.892158: | prop #: 1 (0x1) Aug 26 13:09:10.892160: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.892161: | spi size: 0 (0x0) Aug 26 13:09:10.892163: | # transforms: 3 (0x3) Aug 26 13:09:10.892165: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.892167: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.892169: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.892171: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.892172: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.892174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.892176: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.892178: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.892180: | length/value: 256 (0x100) Aug 26 13:09:10.892182: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.892184: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.892185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.892188: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.892190: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.892193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.892194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.892196: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.892198: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.892200: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.892201: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.892203: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.892205: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.892207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.892209: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.892210: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:09:10.892212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.892214: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:09:10.892216: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.892218: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.892220: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892222: | flags: none (0x0) Aug 26 13:09:10.892223: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.892225: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.892227: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892230: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.892231: | ikev2 g^x c9 88 ac aa fd a3 61 c4 6c 82 64 6b d7 93 2a d3 Aug 26 13:09:10.892233: | ikev2 g^x b6 17 cb ee 7a b4 60 0c 08 63 5a a3 62 aa d6 a1 Aug 26 13:09:10.892235: | ikev2 g^x 36 a7 7c a0 d8 b7 ed 91 4a 71 5c f8 03 64 5a e6 Aug 26 13:09:10.892236: | ikev2 g^x a3 50 2e 87 25 ad 43 bb a8 b2 1f 86 9d 71 65 e2 Aug 26 13:09:10.892238: | ikev2 g^x 4b b3 4c d8 c6 79 6b 53 06 7d 0c a4 82 57 09 cb Aug 26 13:09:10.892239: | ikev2 g^x 53 d6 1e 0f 85 c2 0d 7e a4 0c 5e 0b 97 02 b4 bd Aug 26 13:09:10.892241: | ikev2 g^x 01 8a 1f ff 78 b7 24 82 f3 38 88 62 17 e2 03 a1 Aug 26 13:09:10.892243: | ikev2 g^x af eb b4 74 e5 57 66 56 36 81 c7 7f 6d 12 99 21 Aug 26 13:09:10.892244: | ikev2 g^x a1 4e 61 6d 6c bd 04 43 fe f5 57 8e b7 bc e2 de Aug 26 13:09:10.892246: | ikev2 g^x 8d 68 81 d4 a1 59 7c 8e b9 4b 85 0d db ef c2 1e Aug 26 13:09:10.892247: | ikev2 g^x 22 d2 41 8a 0c e3 a4 20 b5 e6 21 30 6a 88 86 98 Aug 26 13:09:10.892249: | ikev2 g^x 44 26 f0 22 3f 77 cd de ce a9 f6 67 fc 7f d7 ab Aug 26 13:09:10.892250: | ikev2 g^x 2f 35 85 bf c2 9a a4 9f 6a 0a 51 4d 94 63 e0 ca Aug 26 13:09:10.892252: | ikev2 g^x 60 49 e8 f3 25 05 c2 e7 0f df 0c f9 9c 94 9a 0a Aug 26 13:09:10.892254: | ikev2 g^x 08 6f b0 92 79 99 35 d4 6a e3 01 1c cb 81 df db Aug 26 13:09:10.892255: | ikev2 g^x b0 89 28 8a bb da 85 e5 ec e5 9d e6 01 8d c5 54 Aug 26 13:09:10.892257: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.892258: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:10.892260: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.892262: | flags: none (0x0) Aug 26 13:09:10.892264: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:10.892267: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.892269: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892271: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.892272: | IKEv2 nonce b1 d2 17 99 6c b5 25 88 ed a2 59 16 76 db c9 db Aug 26 13:09:10.892274: | IKEv2 nonce c5 db c8 3a 8b f2 00 40 4a 8a 25 0e 15 c7 5b f3 Aug 26 13:09:10.892276: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.892279: | Adding a v2N Payload Aug 26 13:09:10.892280: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.892282: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892283: | flags: none (0x0) Aug 26 13:09:10.892286: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.892287: | SPI size: 0 (0x0) Aug 26 13:09:10.892297: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.892300: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.892303: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892306: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:10.892308: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:10.892317: | natd_hash: hasher=0x55e7d8139800(20) Aug 26 13:09:10.892319: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.892321: | natd_hash: rcookie= 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.892323: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.892324: | natd_hash: port=500 Aug 26 13:09:10.892326: | natd_hash: hash= d5 36 1a bb 59 3c 41 c7 c5 b4 65 af 91 de 4b aa Aug 26 13:09:10.892328: | natd_hash: hash= 60 ff 29 e9 Aug 26 13:09:10.892329: | Adding a v2N Payload Aug 26 13:09:10.892331: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.892333: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892334: | flags: none (0x0) Aug 26 13:09:10.892336: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.892337: | SPI size: 0 (0x0) Aug 26 13:09:10.892339: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.892341: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.892343: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892345: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.892347: | Notify data d5 36 1a bb 59 3c 41 c7 c5 b4 65 af 91 de 4b aa Aug 26 13:09:10.892348: | Notify data 60 ff 29 e9 Aug 26 13:09:10.892350: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.892354: | natd_hash: hasher=0x55e7d8139800(20) Aug 26 13:09:10.892355: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.892357: | natd_hash: rcookie= 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.892359: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.892360: | natd_hash: port=500 Aug 26 13:09:10.892362: | natd_hash: hash= be ca 7e 3b e5 d5 f1 20 4c 56 32 3f 6c ae b9 c5 Aug 26 13:09:10.892363: | natd_hash: hash= 15 b5 40 7d Aug 26 13:09:10.892365: | Adding a v2N Payload Aug 26 13:09:10.892366: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.892368: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892370: | flags: none (0x0) Aug 26 13:09:10.892371: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.892373: | SPI size: 0 (0x0) Aug 26 13:09:10.892374: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.892376: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.892380: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892382: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.892383: | Notify data be ca 7e 3b e5 d5 f1 20 4c 56 32 3f 6c ae b9 c5 Aug 26 13:09:10.892385: | Notify data 15 b5 40 7d Aug 26 13:09:10.892386: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.892388: | going to send a certreq Aug 26 13:09:10.892390: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 13:09:10.892391: | ***emit IKEv2 Certificate Request Payload: Aug 26 13:09:10.892393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.892395: | flags: none (0x0) Aug 26 13:09:10.892396: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.892398: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.892400: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.892929: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 13:09:10.892940: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 13:09:10.892942: | CA cert public key hash Aug 26 13:09:10.892944: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.892945: | 2b 92 25 e9 Aug 26 13:09:10.892947: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 13:09:10.892949: | emitting length of ISAKMP Message: 457 Aug 26 13:09:10.892955: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.892958: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:09:10.892960: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:09:10.892962: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:09:10.892964: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:09:10.892967: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:09:10.892970: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.892974: "northnet-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:09:10.892977: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:10.892984: | sending 457 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.892986: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.892988: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 13:09:10.892989: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.892991: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:09:10.892992: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c9 88 ac aa Aug 26 13:09:10.892994: | fd a3 61 c4 6c 82 64 6b d7 93 2a d3 b6 17 cb ee Aug 26 13:09:10.892995: | 7a b4 60 0c 08 63 5a a3 62 aa d6 a1 36 a7 7c a0 Aug 26 13:09:10.892999: | d8 b7 ed 91 4a 71 5c f8 03 64 5a e6 a3 50 2e 87 Aug 26 13:09:10.893005: | 25 ad 43 bb a8 b2 1f 86 9d 71 65 e2 4b b3 4c d8 Aug 26 13:09:10.893008: | c6 79 6b 53 06 7d 0c a4 82 57 09 cb 53 d6 1e 0f Aug 26 13:09:10.893010: | 85 c2 0d 7e a4 0c 5e 0b 97 02 b4 bd 01 8a 1f ff Aug 26 13:09:10.893012: | 78 b7 24 82 f3 38 88 62 17 e2 03 a1 af eb b4 74 Aug 26 13:09:10.893014: | e5 57 66 56 36 81 c7 7f 6d 12 99 21 a1 4e 61 6d Aug 26 13:09:10.893015: | 6c bd 04 43 fe f5 57 8e b7 bc e2 de 8d 68 81 d4 Aug 26 13:09:10.893019: | a1 59 7c 8e b9 4b 85 0d db ef c2 1e 22 d2 41 8a Aug 26 13:09:10.893020: | 0c e3 a4 20 b5 e6 21 30 6a 88 86 98 44 26 f0 22 Aug 26 13:09:10.893022: | 3f 77 cd de ce a9 f6 67 fc 7f d7 ab 2f 35 85 bf Aug 26 13:09:10.893023: | c2 9a a4 9f 6a 0a 51 4d 94 63 e0 ca 60 49 e8 f3 Aug 26 13:09:10.893025: | 25 05 c2 e7 0f df 0c f9 9c 94 9a 0a 08 6f b0 92 Aug 26 13:09:10.893027: | 79 99 35 d4 6a e3 01 1c cb 81 df db b0 89 28 8a Aug 26 13:09:10.893028: | bb da 85 e5 ec e5 9d e6 01 8d c5 54 29 00 00 24 Aug 26 13:09:10.893030: | b1 d2 17 99 6c b5 25 88 ed a2 59 16 76 db c9 db Aug 26 13:09:10.893031: | c5 db c8 3a 8b f2 00 40 4a 8a 25 0e 15 c7 5b f3 Aug 26 13:09:10.893033: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:09:10.893034: | d5 36 1a bb 59 3c 41 c7 c5 b4 65 af 91 de 4b aa Aug 26 13:09:10.893036: | 60 ff 29 e9 26 00 00 1c 00 00 40 05 be ca 7e 3b Aug 26 13:09:10.893037: | e5 d5 f1 20 4c 56 32 3f 6c ae b9 c5 15 b5 40 7d Aug 26 13:09:10.893039: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 13:09:10.893040: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.893084: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.893088: | libevent_free: release ptr-libevent@0x55e7d9b510f8 Aug 26 13:09:10.893091: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b59c08 Aug 26 13:09:10.893093: | event_schedule: new EVENT_SO_DISCARD-pe@0x55e7d9b59c08 Aug 26 13:09:10.893096: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:09:10.893098: | libevent_malloc: new ptr-libevent@0x55e7d9b620f8 size 128 Aug 26 13:09:10.893102: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.893108: | #1 spent 0.999 milliseconds in resume sending helper answer Aug 26 13:09:10.893114: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.893117: | libevent_free: release ptr-libevent@0x7f9cd4002888 Aug 26 13:09:10.906335: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.906365: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.906370: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906373: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:09:10.906376: | 00 01 00 05 d2 e9 9c 54 6f f5 72 9c 91 0d a4 3a Aug 26 13:09:10.906379: | 30 cd 4b 19 7d bf 5f a5 90 d4 42 27 2e 24 f8 19 Aug 26 13:09:10.906382: | b2 8e 84 b1 32 b7 e2 d8 8b f6 09 45 1a a0 da e5 Aug 26 13:09:10.906385: | 9a b1 02 1f 3d fd e3 db 5c 49 de da ea 4f 14 a2 Aug 26 13:09:10.906388: | 96 c0 d9 53 93 c5 e7 f8 78 22 84 18 6f 85 16 af Aug 26 13:09:10.906391: | 0b 3b 3c f8 26 90 8c 4a bc 97 76 9f 17 c4 96 ce Aug 26 13:09:10.906394: | 6f fa a0 d3 a0 c9 9a eb cd 5b e3 85 a7 64 48 47 Aug 26 13:09:10.906397: | b5 45 31 38 71 db 45 6d 64 6d 7e 35 18 28 aa c1 Aug 26 13:09:10.906400: | 92 a3 71 7e 75 bb 56 25 20 eb b2 1b 17 3c 98 64 Aug 26 13:09:10.906403: | cd 15 55 98 6a ce 20 f0 70 e9 14 20 be bc 2b 1a Aug 26 13:09:10.906405: | 39 3c 6b 3d 33 e7 22 a9 c1 1e 59 89 20 e0 81 35 Aug 26 13:09:10.906408: | 40 2e 0c 80 91 2c 27 86 f5 6a d6 ac 20 e6 2e ac Aug 26 13:09:10.906411: | 53 6a 9e 05 d9 9a 4f 4d 21 63 9e 03 94 92 0e 00 Aug 26 13:09:10.906414: | 11 86 45 cc be 10 69 2e a2 58 03 d8 83 26 2a 5e Aug 26 13:09:10.906417: | 83 99 c0 a6 38 4e 78 50 56 6e 61 8d 87 b9 f4 ec Aug 26 13:09:10.906420: | ae 3f fc 8b aa a9 a2 f6 6a 0d 57 d1 99 16 43 37 Aug 26 13:09:10.906423: | ff 4f f7 a3 a5 df 71 f1 3e 57 3e f3 8a cb b3 22 Aug 26 13:09:10.906426: | 15 aa 4f 80 bc 5c 16 83 0a 8b f6 97 f7 ca 14 41 Aug 26 13:09:10.906429: | 47 83 e3 e8 e3 28 6b 04 88 2c b2 5a 86 de 69 33 Aug 26 13:09:10.906432: | 2a 12 99 58 a2 76 ad 21 01 ee 88 e5 58 a3 b4 0c Aug 26 13:09:10.906434: | 0a 11 c5 34 2f 59 8b 71 6d b3 45 93 67 f8 37 04 Aug 26 13:09:10.906440: | 6b e4 e8 76 96 d9 ce 76 64 83 27 7d df ea ac eb Aug 26 13:09:10.906443: | ab ea f6 32 32 28 f8 0b ad 4b aa 1b a8 bc ed 04 Aug 26 13:09:10.906446: | a5 15 9c 95 0c 2b 77 1b 93 13 af 2d 04 ad c1 0e Aug 26 13:09:10.906449: | 30 73 2a 3d 94 1d 10 b5 48 95 47 1f 72 d2 be 9c Aug 26 13:09:10.906452: | 6d de a1 e7 fb 6b 68 2a 5c 80 3b 0e bc 5b 30 cd Aug 26 13:09:10.906455: | 8e 90 00 f9 4c 6a 33 ca 48 51 e7 2d 32 4e 20 c4 Aug 26 13:09:10.906458: | 86 58 3e 6c 45 ae d5 12 4c 40 72 5f 79 91 27 cf Aug 26 13:09:10.906461: | dc 16 90 95 9a 17 74 26 a6 7f f5 56 3d e8 c0 26 Aug 26 13:09:10.906463: | 3f 8c 83 04 a1 e4 d3 da cb c5 e5 80 f5 d4 e3 d1 Aug 26 13:09:10.906466: | 87 cd 91 2a cb 8c f4 1d f5 b9 a3 6f b4 3f 98 d8 Aug 26 13:09:10.906469: | e3 6a 63 bf 02 96 89 6b e0 5d 52 Aug 26 13:09:10.906475: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.906480: | **parse ISAKMP Message: Aug 26 13:09:10.906483: | initiator cookie: Aug 26 13:09:10.906486: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.906489: | responder cookie: Aug 26 13:09:10.906492: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906495: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.906498: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.906502: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.906505: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.906508: | Message ID: 1 (0x1) Aug 26 13:09:10.906511: | length: 539 (0x21b) Aug 26 13:09:10.906514: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.906518: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.906523: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.906531: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.906535: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:10.906540: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:10.906544: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.906550: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:09:10.906553: | unpacking clear payload Aug 26 13:09:10.906556: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.906559: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.906563: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.906566: | flags: none (0x0) Aug 26 13:09:10.906569: | length: 511 (0x1ff) Aug 26 13:09:10.906572: | fragment number: 1 (0x1) Aug 26 13:09:10.906575: | total fragments: 5 (0x5) Aug 26 13:09:10.906578: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.906584: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:10.906587: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.906592: | received IKE encrypted fragment number '1', total number '5', next payload '35' Aug 26 13:09:10.906596: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:09:10.906602: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.906608: | #1 spent 0.256 milliseconds in ikev2_process_packet() Aug 26 13:09:10.906613: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.906618: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.906621: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.906626: | spent 0.274 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.906639: | spent 0.00175 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.906650: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.906653: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906656: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.906659: | 00 02 00 05 73 12 9c b4 a0 5f 74 10 d4 cc b4 bc Aug 26 13:09:10.906662: | 46 9a 0d ca 5a 51 b0 b8 20 2b c4 8c f8 83 19 10 Aug 26 13:09:10.906665: | 09 7a 61 09 28 11 4e d1 50 6b dd 9f ba 32 4d b2 Aug 26 13:09:10.906668: | 89 0c c2 6d 2a c9 d6 8f 78 59 b6 3a d1 fa d0 00 Aug 26 13:09:10.906671: | f9 2d 6e 4b dd e5 f0 90 87 b5 03 a4 39 4e 22 fd Aug 26 13:09:10.906674: | 53 65 b1 cb 88 5b 0b 61 14 8d 6d 88 9d 4d e1 5a Aug 26 13:09:10.906677: | a6 f6 bc 57 bf e8 89 68 20 1c 7e 72 e6 a4 42 56 Aug 26 13:09:10.906680: | 93 ac cc cb e8 4a d7 5e 05 2b 48 ef 4f df 09 36 Aug 26 13:09:10.906683: | f1 a6 76 9b 59 a5 14 8d b9 23 b1 35 68 9a ce 94 Aug 26 13:09:10.906686: | 8d 20 2d 1a f4 b7 c0 f4 62 ea 7a 8b 41 d4 c7 d9 Aug 26 13:09:10.906689: | 7b 69 5f 33 2d 84 f0 b7 a3 c1 95 43 65 61 73 b4 Aug 26 13:09:10.906692: | 19 64 d4 60 5c c9 5d a7 ed e7 66 43 67 cc e4 b8 Aug 26 13:09:10.906695: | f8 cd e3 e1 f9 29 28 58 e9 91 4b ce 56 c3 06 da Aug 26 13:09:10.906698: | b5 de dd e2 93 7c 95 a9 22 b9 e4 28 6a e0 4e 5d Aug 26 13:09:10.906701: | b2 28 be 74 08 f1 ff 85 cc f1 33 9f 87 d3 2b 64 Aug 26 13:09:10.906704: | 4d f2 f9 79 3d 6e a9 76 8e 76 10 5d 1d 8b d2 64 Aug 26 13:09:10.906707: | d2 55 57 9f 92 49 83 d3 9a fa 67 88 f4 ed 0d 9c Aug 26 13:09:10.906710: | ad 97 f2 85 08 9b aa 72 d3 f2 e1 c7 9e 6d a7 5f Aug 26 13:09:10.906713: | a5 a2 9c f6 d6 00 18 be e6 b6 1e be b5 58 d2 30 Aug 26 13:09:10.906716: | ff 80 72 d9 c4 0e ad f6 12 d2 16 73 a1 f3 77 f0 Aug 26 13:09:10.906719: | 10 5c f6 1d 5a e6 a7 47 a9 a8 be 24 df 80 d9 ea Aug 26 13:09:10.906722: | da a6 37 0f 86 77 69 ce 14 e4 d6 17 82 4c 9c d9 Aug 26 13:09:10.906724: | 25 08 cd 9e e8 8c 13 f8 c0 df 1c f6 37 ef 7b c4 Aug 26 13:09:10.906727: | 45 42 98 0f 79 6d ad 91 a2 27 4c 79 c4 62 c1 d2 Aug 26 13:09:10.906730: | 4b ed 19 43 8a 32 16 9a dc 52 61 af 56 5e 58 f8 Aug 26 13:09:10.906733: | a4 d9 69 a6 5e 8e 41 ba 83 0b 30 0a 4c 01 27 ec Aug 26 13:09:10.906736: | 41 94 88 e0 5f 51 dd cf ad 79 ca 60 a8 97 f4 59 Aug 26 13:09:10.906739: | ec 75 e7 84 87 c3 0e 63 44 fa 81 f9 22 49 e8 0d Aug 26 13:09:10.906742: | 35 be 19 0b bb 46 63 af 4d 1b b8 b1 a8 df cd 38 Aug 26 13:09:10.906745: | d8 9b e2 8f 8a 15 c4 81 3e 83 82 ec fe e4 6f b2 Aug 26 13:09:10.906748: | 5d 27 f4 95 6a be 67 a5 e1 a2 d6 d8 67 c2 02 7e Aug 26 13:09:10.906751: | 05 0e f9 58 5d 8f 85 f3 ef 42 35 Aug 26 13:09:10.906756: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.906760: | **parse ISAKMP Message: Aug 26 13:09:10.906763: | initiator cookie: Aug 26 13:09:10.906765: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.906768: | responder cookie: Aug 26 13:09:10.906771: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906774: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.906777: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.906780: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.906783: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.906786: | Message ID: 1 (0x1) Aug 26 13:09:10.906789: | length: 539 (0x21b) Aug 26 13:09:10.906793: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.906796: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.906800: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.906807: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.906814: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.906817: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.906820: | #1 is idle Aug 26 13:09:10.906823: | #1 idle Aug 26 13:09:10.906828: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.906831: | unpacking clear payload Aug 26 13:09:10.906834: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.906837: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.906841: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.906844: | flags: none (0x0) Aug 26 13:09:10.906846: | length: 511 (0x1ff) Aug 26 13:09:10.906850: | fragment number: 2 (0x2) Aug 26 13:09:10.906853: | total fragments: 5 (0x5) Aug 26 13:09:10.906856: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.906859: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.906862: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 13:09:10.906868: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.906873: | #1 spent 0.229 milliseconds in ikev2_process_packet() Aug 26 13:09:10.906878: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.906882: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.906885: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.906889: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.906897: | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.906907: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.906910: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906913: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.906916: | 00 03 00 05 24 f4 04 40 24 07 76 f6 14 97 8f a5 Aug 26 13:09:10.906919: | 76 64 34 4d 74 31 44 e1 e9 73 3f 1f e9 6b 60 ea Aug 26 13:09:10.906922: | 9c 13 3e f1 87 08 47 49 91 37 50 3e 72 15 66 9f Aug 26 13:09:10.906925: | 2c 01 f1 aa 39 58 88 7f e9 fc a8 08 44 22 ee c7 Aug 26 13:09:10.906928: | cf d0 76 09 b2 1a d3 9d 97 97 84 fe 10 00 b7 05 Aug 26 13:09:10.906931: | 26 ae ca e7 bc 0a 32 96 da 56 64 c4 58 74 95 1e Aug 26 13:09:10.906934: | 90 28 2b ca 68 34 81 7c 1d 73 2e b9 2e e0 93 be Aug 26 13:09:10.906937: | 90 8e 40 ee 08 a9 aa 62 14 b2 7f 50 b6 5b b9 40 Aug 26 13:09:10.906940: | 33 cb 26 29 5d 4d c1 14 dd d3 4d 20 1d 2d 61 5c Aug 26 13:09:10.906943: | ce 74 0f 41 db 15 bc 8b 06 b2 a6 6a 97 ca b3 ae Aug 26 13:09:10.906946: | 45 fd 6f 3b 23 7d ac 45 31 e0 da ba bb 03 14 ba Aug 26 13:09:10.906949: | b9 85 1d b5 61 f2 58 7d ab 0d e6 e6 4a 9f 49 6b Aug 26 13:09:10.906951: | 4e f4 e8 f8 7d c4 b3 22 06 f1 d1 00 96 5d dc 33 Aug 26 13:09:10.906955: | eb 79 4f 70 ea b6 11 97 cd c4 85 99 05 4f ad aa Aug 26 13:09:10.906957: | 26 f5 7d 4f fd ac af 8d a5 af 81 2e df c8 2e 11 Aug 26 13:09:10.906960: | 55 93 86 38 1c 7d 5a 83 3f b4 fc 30 a5 74 3c af Aug 26 13:09:10.906963: | 90 7c d3 e0 76 ad 4a 35 35 6c d2 02 80 35 e9 c0 Aug 26 13:09:10.906966: | 49 17 09 f9 52 ba 50 b2 1e 25 a1 6c 05 bb 68 05 Aug 26 13:09:10.906969: | 4b 03 d2 b3 e5 86 79 41 ab f3 cf 4e 62 12 af 98 Aug 26 13:09:10.906972: | b9 34 12 08 51 f2 7f 8d 5c c1 f9 f6 a5 b9 a5 35 Aug 26 13:09:10.906975: | 4c 96 68 94 b3 4e bd 13 96 a0 0f e0 6e 93 71 4c Aug 26 13:09:10.906978: | e4 cc 01 8e 93 c7 04 e5 dc 9a 20 a9 ac 67 c5 99 Aug 26 13:09:10.906981: | 3e 6d 89 2b 04 e1 f4 09 f7 eb cb 4d 87 b3 4f 08 Aug 26 13:09:10.906984: | 66 73 4c 80 f2 e1 cb 1f c0 0b 50 9d 1d 1d c5 76 Aug 26 13:09:10.906987: | 3a 7a 82 bb a6 5e 26 bf 02 8d 5d fc 55 5e 30 70 Aug 26 13:09:10.906992: | 27 d4 24 c1 5b f6 d9 3d 8a 1a 2a f8 3a ce a6 09 Aug 26 13:09:10.906995: | 2e d4 c9 d7 ff 36 c4 45 d0 26 5c d7 01 96 8b c0 Aug 26 13:09:10.906998: | 2a 3c 1c 3d 46 8b ce 91 d9 ae 3e 4a 5f d5 dd e6 Aug 26 13:09:10.907001: | 01 39 49 2d 4a e9 cf 14 56 09 33 62 a8 c2 e9 a4 Aug 26 13:09:10.907004: | f8 4f d2 1d dc f3 e8 99 66 6e 7e 6a 17 ea 41 a3 Aug 26 13:09:10.907007: | 9e 19 57 d9 b3 d5 8c fb f8 09 81 b3 bd f6 bc a1 Aug 26 13:09:10.907010: | 0c df 08 d9 74 3f bb 6c 7c f9 a5 Aug 26 13:09:10.907014: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.907018: | **parse ISAKMP Message: Aug 26 13:09:10.907021: | initiator cookie: Aug 26 13:09:10.907023: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.907026: | responder cookie: Aug 26 13:09:10.907029: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.907032: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.907035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.907038: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.907041: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.907044: | Message ID: 1 (0x1) Aug 26 13:09:10.907047: | length: 539 (0x21b) Aug 26 13:09:10.907051: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.907054: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.907058: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.907064: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.907069: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.907072: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.907075: | #1 is idle Aug 26 13:09:10.907078: | #1 idle Aug 26 13:09:10.907083: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.907086: | unpacking clear payload Aug 26 13:09:10.907089: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.907092: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.907095: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.907098: | flags: none (0x0) Aug 26 13:09:10.907101: | length: 511 (0x1ff) Aug 26 13:09:10.907104: | fragment number: 3 (0x3) Aug 26 13:09:10.907106: | total fragments: 5 (0x5) Aug 26 13:09:10.907110: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.907113: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.907116: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 13:09:10.907122: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.907127: | #1 spent 0.225 milliseconds in ikev2_process_packet() Aug 26 13:09:10.907131: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.907135: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.907138: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.907143: | spent 0.241 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.907151: | spent 0.00156 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.907160: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.907163: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.907166: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.907170: | 00 04 00 05 fa 90 77 c3 88 a6 d5 54 28 94 a1 be Aug 26 13:09:10.907172: | 1c e8 d3 71 29 99 95 d1 43 8a 37 92 a1 65 c4 2f Aug 26 13:09:10.907177: | 5c 42 90 0c 47 6f ac 8b 9e 01 d7 aa af 28 bf 25 Aug 26 13:09:10.907180: | e4 29 df ee ad 5e 47 c3 72 1c 73 47 f5 42 4a 33 Aug 26 13:09:10.907183: | c3 ed ce 66 c9 24 f1 3b 4a f4 ff ff d0 b1 71 ac Aug 26 13:09:10.907186: | f0 ae f6 c1 ce 07 6e 2f 06 1d 8c 81 f5 09 ce 69 Aug 26 13:09:10.907189: | 2e 68 7a 03 a8 cf 84 2f ad 9c ca a7 20 eb 5e a0 Aug 26 13:09:10.907192: | 5a c9 f5 29 a0 b4 db 7e 58 d5 2f 27 1a 28 f0 e0 Aug 26 13:09:10.907195: | 31 b0 d0 ab 75 86 3b 2d 66 10 82 3d 1d 32 41 7f Aug 26 13:09:10.907198: | cd f3 a3 af c6 13 75 e7 4a 92 5d e8 46 8a b6 d2 Aug 26 13:09:10.907201: | 3c f2 07 44 5a 6e 6d be c7 e9 56 6c e4 72 78 bb Aug 26 13:09:10.907204: | fd ab 79 cc 64 a1 5e 32 9d cc 87 b3 05 d4 89 e8 Aug 26 13:09:10.907207: | 7a 74 67 1c 8a cd 0c b4 2f 8c 46 bb 4a 21 2e 38 Aug 26 13:09:10.907210: | 16 13 8e be 10 b1 49 d8 a5 1a c4 5c a2 6d 74 51 Aug 26 13:09:10.907212: | bc 79 38 b0 99 2a cf 57 d6 4b a1 d0 c2 f1 1c 49 Aug 26 13:09:10.907215: | 56 9b 37 d2 92 01 6e 15 bd fc f0 b1 5f 69 4a cf Aug 26 13:09:10.907218: | 4b 23 b3 eb 1a c8 85 19 f1 7d e3 d9 93 61 91 33 Aug 26 13:09:10.907221: | db a8 4c ed 44 26 79 89 17 da 2b 08 52 f9 07 b7 Aug 26 13:09:10.907224: | 85 51 12 46 96 92 2d a5 9b 9d e6 a9 71 0f 6d 96 Aug 26 13:09:10.907227: | 5e 89 33 a7 64 86 28 7b b3 e9 1b e7 65 7a b7 0b Aug 26 13:09:10.907230: | e7 ce be 9c 45 bb 68 66 91 16 07 1d 5b 06 27 74 Aug 26 13:09:10.907233: | 8f 84 77 f7 5a 32 17 2a 8a a4 44 6f 31 dc 49 e2 Aug 26 13:09:10.907236: | 9c 19 99 ae 52 e9 1d 18 3e 87 08 45 fb 0f eb 1b Aug 26 13:09:10.907239: | 41 08 0f 6c cb 27 a9 52 8b 8d 9e a2 4e 7b d4 2a Aug 26 13:09:10.907242: | 33 ba 0d 4f 77 7f 3d 51 3a 7b fc da c9 7b f0 13 Aug 26 13:09:10.907245: | 70 6b c4 43 c1 8d de e5 72 d4 da 13 e3 91 4a 15 Aug 26 13:09:10.907248: | 38 36 81 4b 09 66 24 86 1e 05 35 97 1a 17 b4 62 Aug 26 13:09:10.907251: | 4d 5b fa b9 0e 7c f8 f9 77 78 b7 53 51 59 c5 4f Aug 26 13:09:10.907254: | fd fa 1a 7e 38 a6 0f 94 b5 d4 b1 f7 12 9d f6 ce Aug 26 13:09:10.907262: | 7c 8b 6f 77 4c 1c 4d 10 d7 a2 b8 64 ed 41 2f 52 Aug 26 13:09:10.907269: | 09 ad 7e e3 79 2f 5d 67 78 8c 52 60 43 d3 13 fe Aug 26 13:09:10.907278: | 2d ab 28 2c 1d a1 d2 09 e1 a7 4a Aug 26 13:09:10.907294: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.907301: | **parse ISAKMP Message: Aug 26 13:09:10.907305: | initiator cookie: Aug 26 13:09:10.907308: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.907311: | responder cookie: Aug 26 13:09:10.907313: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.907316: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.907319: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.907322: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.907325: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.907328: | Message ID: 1 (0x1) Aug 26 13:09:10.907331: | length: 539 (0x21b) Aug 26 13:09:10.907334: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.907338: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.907341: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.907348: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.907353: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.907356: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.907359: | #1 is idle Aug 26 13:09:10.907362: | #1 idle Aug 26 13:09:10.907367: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.907370: | unpacking clear payload Aug 26 13:09:10.907374: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.907377: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.907380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.907383: | flags: none (0x0) Aug 26 13:09:10.907386: | length: 511 (0x1ff) Aug 26 13:09:10.907389: | fragment number: 4 (0x4) Aug 26 13:09:10.907392: | total fragments: 5 (0x5) Aug 26 13:09:10.907395: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.907398: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.907402: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 13:09:10.907408: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.907412: | #1 spent 0.249 milliseconds in ikev2_process_packet() Aug 26 13:09:10.907417: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.907421: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.907424: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.907428: | spent 0.264 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.907437: | spent 0.00157 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.907447: | *received 394 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:10.907450: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.907453: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 13:09:10.907456: | 00 05 00 05 17 32 8e 03 47 e7 92 de 64 78 06 1f Aug 26 13:09:10.907459: | 92 b8 bf 54 1b 99 8c 0c 6a 46 ca 37 37 0a da 73 Aug 26 13:09:10.907462: | b0 94 b5 a9 37 4b c5 42 e4 43 1f 0c fb 6d 07 a8 Aug 26 13:09:10.907465: | 3d 11 71 35 3d 36 98 e4 7b 3b 4f d0 38 15 6a 75 Aug 26 13:09:10.907467: | ad a3 d3 e6 f0 29 03 93 e9 cb 50 39 cc bc e1 1b Aug 26 13:09:10.907470: | fa 3c d9 43 3c 6a 45 fd 31 cb 3e ef c4 82 1a 7c Aug 26 13:09:10.907473: | e9 5c a6 74 ef 39 97 13 97 80 69 4e 35 eb 64 fa Aug 26 13:09:10.907476: | 1b 17 67 20 dc 8a 47 70 1e 30 d1 c3 ca f8 73 88 Aug 26 13:09:10.907479: | 0a 59 f7 50 eb ed 76 a6 79 e7 d1 94 03 1d c4 23 Aug 26 13:09:10.907481: | dc d9 59 e6 0f b8 d5 db 35 c5 a8 17 24 12 71 fe Aug 26 13:09:10.907484: | 8e cb 69 8a 98 e5 26 59 ad f9 9b 42 b1 cc 3e 86 Aug 26 13:09:10.907487: | 52 72 95 36 84 8f bf 9b ec a7 16 10 65 39 c5 fe Aug 26 13:09:10.907490: | d8 97 59 d5 c5 25 2f 28 11 2c cc 87 14 28 59 06 Aug 26 13:09:10.907492: | 21 e2 fe d8 25 1d 2e 05 53 3f 37 cf 76 f8 d9 7a Aug 26 13:09:10.907495: | d6 06 4a 50 65 ce 89 00 a2 60 49 1f 0a 43 df a7 Aug 26 13:09:10.907498: | 7a f7 2a 3f ff 49 5a c6 e7 dd 0a 39 58 11 75 7b Aug 26 13:09:10.907501: | 30 8a 7a 8d 3b 20 3b bf 83 03 aa 1c b2 af 2c 2f Aug 26 13:09:10.907504: | a3 eb 47 dc 0f d9 da 08 95 2f 88 b4 fe a5 b4 eb Aug 26 13:09:10.907506: | 10 53 a2 b1 07 ac c4 d7 47 2d e7 40 10 89 74 a5 Aug 26 13:09:10.907509: | 6b b7 5c 39 3e d5 7d cd 76 32 ee b2 3e 2b d8 f2 Aug 26 13:09:10.907512: | 99 3b 73 7e 21 e7 13 03 77 1e e4 db bb 68 f9 50 Aug 26 13:09:10.907515: | 0f 12 9d bd 4f 59 22 ae 11 14 f0 ed 71 8f b5 a7 Aug 26 13:09:10.907518: | b6 6b 33 0d 9a e5 21 79 93 19 Aug 26 13:09:10.907522: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:10.907526: | **parse ISAKMP Message: Aug 26 13:09:10.907529: | initiator cookie: Aug 26 13:09:10.907531: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.907534: | responder cookie: Aug 26 13:09:10.907537: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.907540: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.907543: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.907546: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.907549: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.907552: | Message ID: 1 (0x1) Aug 26 13:09:10.907556: | length: 394 (0x18a) Aug 26 13:09:10.907560: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.907563: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:10.907567: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:10.907573: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.907578: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.907581: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:10.907584: | #1 is idle Aug 26 13:09:10.907587: | #1 idle Aug 26 13:09:10.907592: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:10.907594: | unpacking clear payload Aug 26 13:09:10.907597: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.907600: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.907603: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.907606: | flags: none (0x0) Aug 26 13:09:10.907609: | length: 366 (0x16e) Aug 26 13:09:10.907612: | fragment number: 5 (0x5) Aug 26 13:09:10.907615: | total fragments: 5 (0x5) Aug 26 13:09:10.907618: | processing payload: ISAKMP_NEXT_v2SKF (len=358) Aug 26 13:09:10.907621: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.907624: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 13:09:10.907628: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:10.907631: | Now let's proceed with state specific processing Aug 26 13:09:10.907634: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:10.907638: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:09:10.907643: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:09:10.907648: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:09:10.907652: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:09:10.907656: | libevent_free: release ptr-libevent@0x55e7d9b620f8 Aug 26 13:09:10.907660: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55e7d9b59c08 Aug 26 13:09:10.907664: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b59c08 Aug 26 13:09:10.907668: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.907672: | libevent_malloc: new ptr-libevent@0x7f9cd4002888 size 128 Aug 26 13:09:10.907684: | #1 spent 0.0448 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:09:10.907690: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.907690: | crypto helper 1 resuming Aug 26 13:09:10.907695: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:10.907706: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:09:10.907715: | suspending state #1 and saving MD Aug 26 13:09:10.907719: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:09:10.907720: | #1 is busy; has a suspended MD Aug 26 13:09:10.907730: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.907734: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.907739: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.907745: | #1 spent 0.296 milliseconds in ikev2_process_packet() Aug 26 13:09:10.907751: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:10.907755: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.907758: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.907762: | spent 0.314 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.908380: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:09:10.908703: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.000983 seconds Aug 26 13:09:10.908711: | (#1) spent 0.977 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:09:10.908714: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:09:10.908716: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.908718: | libevent_malloc: new ptr-libevent@0x7f9ccc000f48 size 128 Aug 26 13:09:10.908725: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:10.908732: | processing resume sending helper answer for #1 Aug 26 13:09:10.908741: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:10.908745: | crypto helper 1 replies to request ID 2 Aug 26 13:09:10.908748: | calling continuation function 0x55e7d8064b50 Aug 26 13:09:10.908751: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:09:10.908754: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:10.908757: | already have all fragments, skipping fragment collection Aug 26 13:09:10.908760: | already have all fragments, skipping fragment collection Aug 26 13:09:10.908783: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:10.908787: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:09:10.908790: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:09:10.908793: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 13:09:10.908796: | flags: none (0x0) Aug 26 13:09:10.908799: | length: 193 (0xc1) Aug 26 13:09:10.908801: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.908804: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Aug 26 13:09:10.908807: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.908810: | **parse IKEv2 Certificate Payload: Aug 26 13:09:10.908812: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:09:10.908815: | flags: none (0x0) Aug 26 13:09:10.908817: | length: 1232 (0x4d0) Aug 26 13:09:10.908820: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.908822: | processing payload: ISAKMP_NEXT_v2CERT (len=1227) Aug 26 13:09:10.908824: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.908827: | **parse IKEv2 Certificate Request Payload: Aug 26 13:09:10.908830: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.908833: | flags: none (0x0) Aug 26 13:09:10.908835: | length: 25 (0x19) Aug 26 13:09:10.908838: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.908840: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 13:09:10.908843: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.908846: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.908849: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.908851: | flags: none (0x0) Aug 26 13:09:10.908854: | length: 191 (0xbf) Aug 26 13:09:10.908856: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.908859: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 13:09:10.908862: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.908865: | **parse IKEv2 Authentication Payload: Aug 26 13:09:10.908868: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.908870: | flags: none (0x0) Aug 26 13:09:10.908873: | length: 392 (0x188) Aug 26 13:09:10.908875: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.908878: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 13:09:10.908883: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.908887: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.908890: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.908893: | flags: none (0x0) Aug 26 13:09:10.908895: | length: 164 (0xa4) Aug 26 13:09:10.908898: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:09:10.908900: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.908903: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.908906: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.908909: | flags: none (0x0) Aug 26 13:09:10.908911: | length: 24 (0x18) Aug 26 13:09:10.908914: | number of TS: 1 (0x1) Aug 26 13:09:10.908917: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.908919: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.908922: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.908925: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.908928: | flags: none (0x0) Aug 26 13:09:10.908930: | length: 24 (0x18) Aug 26 13:09:10.908933: | number of TS: 1 (0x1) Aug 26 13:09:10.908936: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.908939: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:09:10.908942: | Now let's proceed with state specific processing Aug 26 13:09:10.908945: | calling processor Responder: process IKE_AUTH request Aug 26 13:09:10.908952: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Aug 26 13:09:10.908959: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:10.908966: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:09:10.908970: loading root certificate cache Aug 26 13:09:10.912165: | spent 3.14 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:09:10.912195: | spent 0.0185 milliseconds in get_root_certs() filtering CAs Aug 26 13:09:10.912201: | #1 spent 3.19 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:09:10.912204: | checking for known CERT payloads Aug 26 13:09:10.912206: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:09:10.912233: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.912238: | #1 spent 0.0337 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:09:10.912242: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.912276: | #1 spent 0.0328 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:09:10.912279: | missing or expired CRL Aug 26 13:09:10.912282: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:09:10.912285: | verify_end_cert trying profile IPsec Aug 26 13:09:10.912404: | certificate is valid (profile IPsec) Aug 26 13:09:10.912417: | #1 spent 0.13 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:09:10.912425: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.912494: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b68208 Aug 26 13:09:10.912500: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b67848 Aug 26 13:09:10.912502: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e7d9b73d18 Aug 26 13:09:10.912648: | unreference key: 0x55e7d9b74ec8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.912660: | #1 spent 0.228 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:09:10.912669: | #1 spent 3.66 milliseconds in decode_certs() Aug 26 13:09:10.912673: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.912676: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.912679: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.912682: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.912685: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.912687: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.912690: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:09:10.912693: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:09:10.912696: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:09:10.912699: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:09:10.912701: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.912704: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.912706: | received IDr payload - extracting our alleged ID Aug 26 13:09:10.912709: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.912712: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.912715: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.912717: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.912720: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.912723: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.912739: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.912741: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.912743: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.912746: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.912749: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.912752: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.912765: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.912769: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 13:09:10.912772: | X509: CERT and ID matches current connection Aug 26 13:09:10.912775: | CERT_X509_SIGNATURE CR: Aug 26 13:09:10.912778: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.912780: | 2b 92 25 e9 Aug 26 13:09:10.912782: | cert blob content is not binary ASN.1 Aug 26 13:09:10.912786: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Aug 26 13:09:10.912793: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912800: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912803: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 13:09:10.912814: "northnet-eastnets/0x2" #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.912819: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 13:09:10.912824: | The remote specified our ID in its IDr payload Aug 26 13:09:10.912831: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912838: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.912868: | received CERTREQ payload; going to decode it Aug 26 13:09:10.912872: | CERT_X509_SIGNATURE CR: Aug 26 13:09:10.912876: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.912878: | 2b 92 25 e9 Aug 26 13:09:10.912881: | cert blob content is not binary ASN.1 Aug 26 13:09:10.912883: | verifying AUTH payload Aug 26 13:09:10.912900: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912912: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:09:10.912918: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912925: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.912931: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.913120: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 13:09:10.913129: | #1 spent 0.192 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:10.913132: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 13:09:10.913137: | #1 spent 0.249 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:10.913141: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:09:10.913146: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:10.913149: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.913154: | libevent_free: release ptr-libevent@0x7f9cd4002888 Aug 26 13:09:10.913158: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b59c08 Aug 26 13:09:10.913162: | event_schedule: new EVENT_SA_REKEY-pe@0x55e7d9b59c08 Aug 26 13:09:10.913166: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:09:10.913169: | libevent_malloc: new ptr-libevent@0x55e7d9b75878 size 128 Aug 26 13:09:10.913256: | pstats #1 ikev2.ike established Aug 26 13:09:10.913265: | **emit ISAKMP Message: Aug 26 13:09:10.913269: | initiator cookie: Aug 26 13:09:10.913272: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.913275: | responder cookie: Aug 26 13:09:10.913277: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.913281: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.913284: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.913287: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.913312: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.913315: | Message ID: 1 (0x1) Aug 26 13:09:10.913319: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.913323: | IKEv2 CERT: send a certificate? Aug 26 13:09:10.913326: | IKEv2 CERT: OK to send a certificate (always) Aug 26 13:09:10.913329: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.913332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.913335: | flags: none (0x0) Aug 26 13:09:10.913339: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.913344: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.913349: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.913358: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.913375: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.913379: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.913382: | flags: none (0x0) Aug 26 13:09:10.913385: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.913389: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.913392: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.913396: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:09:10.913399: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.913401: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.913404: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.913406: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.913408: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.913411: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.913413: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.913416: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.913418: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.913421: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.913423: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.913426: | my identity 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.913429: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 13:09:10.913438: | assembled IDr payload Aug 26 13:09:10.913442: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.913445: | ****emit IKEv2 Certificate Payload: Aug 26 13:09:10.913448: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.913451: | flags: none (0x0) Aug 26 13:09:10.913454: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.913458: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.913461: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.913464: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 13:09:10.913468: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 13:09:10.913470: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:09:10.913473: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:09:10.913475: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:09:10.913478: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:09:10.913480: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:09:10.913483: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:09:10.913485: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:09:10.913488: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:09:10.913490: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:09:10.913493: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:09:10.913495: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:09:10.913499: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:09:10.913502: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:09:10.913504: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:09:10.913507: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:09:10.913509: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:09:10.913512: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:09:10.913514: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:09:10.913517: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:09:10.913519: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:09:10.913522: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 13:09:10.913524: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.913527: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 13:09:10.913529: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 13:09:10.913532: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.913534: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 13:09:10.913537: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 13:09:10.913540: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 13:09:10.913542: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 13:09:10.913545: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 13:09:10.913547: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 13:09:10.913550: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 13:09:10.913552: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 13:09:10.913555: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 13:09:10.913557: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 13:09:10.913560: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 13:09:10.913562: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 13:09:10.913564: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 13:09:10.913579: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 13:09:10.913581: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 13:09:10.913583: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 13:09:10.913585: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 13:09:10.913601: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 13:09:10.913603: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 13:09:10.913605: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 13:09:10.913606: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 13:09:10.913608: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 13:09:10.913609: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 13:09:10.913611: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 13:09:10.913612: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 13:09:10.913614: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 13:09:10.913615: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 13:09:10.913617: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 13:09:10.913619: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 13:09:10.913620: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.913622: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 13:09:10.913623: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.913625: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 13:09:10.913626: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 13:09:10.913628: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 13:09:10.913629: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 13:09:10.913632: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 13:09:10.913634: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:09:10.913635: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.913637: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 13:09:10.913639: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 13:09:10.913640: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.913642: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 13:09:10.913643: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 13:09:10.913645: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 13:09:10.913646: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 13:09:10.913648: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 13:09:10.913649: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 13:09:10.913651: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 13:09:10.913652: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 13:09:10.913654: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 13:09:10.913655: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 13:09:10.913657: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 13:09:10.913659: | emitting length of IKEv2 Certificate Payload: 1265 Aug 26 13:09:10.913661: | CHILD SA proposals received Aug 26 13:09:10.913662: | going to assemble AUTH payload Aug 26 13:09:10.913664: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:10.913666: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.913668: | flags: none (0x0) Aug 26 13:09:10.913670: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.913672: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:09:10.913674: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.913676: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.913686: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 13:09:10.913738: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:09:10.924202: | #1 spent 9.64 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:10.924236: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:10.924239: | rsa signature 76 0e be be ba 12 61 ac 51 75 5e c0 f0 27 51 a6 Aug 26 13:09:10.924242: | rsa signature bd 63 52 42 95 c9 88 93 fb d3 a0 73 27 b7 d3 b1 Aug 26 13:09:10.924245: | rsa signature 5b 8c 83 30 4c c0 61 c2 ca fc 97 e9 c1 6c 2a 6a Aug 26 13:09:10.924247: | rsa signature 5e a4 5f ad 0e ea 07 c3 2d 79 7b 34 bf 76 d3 a1 Aug 26 13:09:10.924250: | rsa signature de 17 ed d8 72 d0 bc 82 3e b1 54 ce a9 15 1e ef Aug 26 13:09:10.924252: | rsa signature af f5 d8 11 8b a8 21 ee b0 6a a6 7d 2c 68 73 7c Aug 26 13:09:10.924255: | rsa signature 68 9c 5a 14 21 78 a3 eb 9c 91 18 1a 05 17 3e 53 Aug 26 13:09:10.924258: | rsa signature d6 ae b0 fa b5 f6 b5 47 55 b1 ea d6 17 03 77 c0 Aug 26 13:09:10.924260: | rsa signature 8f bc f4 df 5e f4 ae 5f 6d 9a c8 22 46 5d e7 78 Aug 26 13:09:10.924262: | rsa signature 52 56 63 68 76 35 a0 21 86 68 66 c6 f7 02 9b 14 Aug 26 13:09:10.924265: | rsa signature fd 04 34 3f 80 e8 a0 97 77 1c 36 7c f6 0a 17 49 Aug 26 13:09:10.924267: | rsa signature 1a 22 35 69 2e 3f 2e 13 2b 69 5a 09 1b d7 f3 18 Aug 26 13:09:10.924273: | rsa signature 9a 1f 1d fc d5 b8 87 14 25 00 6d e9 3a 5b 72 b0 Aug 26 13:09:10.924276: | rsa signature 3f de 95 14 0f c5 8d bd 7e a3 ac c4 65 bd 8e cd Aug 26 13:09:10.924278: | rsa signature 67 2d 20 0e d2 f3 89 4c e8 f8 c2 2f e2 44 54 b4 Aug 26 13:09:10.924281: | rsa signature 14 a0 4d 48 fb 0b 02 92 52 57 04 08 db a0 dd 2c Aug 26 13:09:10.924283: | rsa signature ce da c2 fb 32 87 9a 10 73 72 43 b8 1f 59 ef af Aug 26 13:09:10.924286: | rsa signature ad 8f 86 f5 d6 c4 f5 7a 12 ea 78 66 e0 8a 79 83 Aug 26 13:09:10.924291: | rsa signature 30 b1 ed e9 52 43 5b df 32 f6 ce 5a ad 38 12 e1 Aug 26 13:09:10.924294: | rsa signature 59 8d ae ce f8 e7 ae 23 ab 86 44 e6 30 25 77 46 Aug 26 13:09:10.924297: | rsa signature a1 d2 a3 69 da 04 40 d3 63 77 f5 d4 db 12 d4 64 Aug 26 13:09:10.924299: | rsa signature 7f 7f e1 41 8c 69 d2 03 9f 86 8c 99 4e 06 50 0a Aug 26 13:09:10.924301: | rsa signature 55 09 cc 61 a9 12 a8 6f 88 dd 13 90 f7 cc 6e 10 Aug 26 13:09:10.924304: | rsa signature fd 04 fb 32 36 6b 49 f1 5e 17 fa 8e 25 bb 9b d2 Aug 26 13:09:10.924309: | #1 spent 9.83 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:10.924312: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 13:09:10.924319: | creating state object #2 at 0x55e7d9b6e358 Aug 26 13:09:10.924323: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:10.924327: | pstats #2 ikev2.child started Aug 26 13:09:10.924330: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:09:10.924336: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.924343: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.924361: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:10.924365: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:10.924368: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:09:10.924371: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.924375: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.924378: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.924380: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.924383: | length: 16 (0x10) Aug 26 13:09:10.924385: | start port: 0 (0x0) Aug 26 13:09:10.924388: | end port: 65535 (0xffff) Aug 26 13:09:10.924391: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.924393: | TS low c0 00 03 00 Aug 26 13:09:10.924396: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.924398: | TS high c0 00 03 ff Aug 26 13:09:10.924401: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.924404: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.924406: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.924409: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.924411: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.924413: | length: 16 (0x10) Aug 26 13:09:10.924416: | start port: 0 (0x0) Aug 26 13:09:10.924418: | end port: 65535 (0xffff) Aug 26 13:09:10.924421: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.924423: | TS low c0 00 02 00 Aug 26 13:09:10.924426: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.924428: | TS high c0 00 02 ff Aug 26 13:09:10.924431: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.924433: | looking for best SPD in current connection Aug 26 13:09:10.924439: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.924444: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924450: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.924455: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.924458: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.924461: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.924464: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.924468: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924473: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:10.924476: | looking for better host pair Aug 26 13:09:10.924481: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:10.924486: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:10.924488: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 13:09:10.924501: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.924504: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.924506: | results matched Aug 26 13:09:10.924512: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.924518: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.924523: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:10.924527: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924532: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.924535: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.924538: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.924541: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.924544: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.924548: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924553: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:10.924556: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 13:09:10.924566: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.924569: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:10.924571: | results matched Aug 26 13:09:10.924577: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.924582: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.924587: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:10.924591: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924596: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.924599: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.924601: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.924604: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.924607: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.924611: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.924618: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:10.924620: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.924623: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.924626: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.924628: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.924631: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.924634: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Aug 26 13:09:10.924637: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:10.924639: | printing contents struct traffic_selector Aug 26 13:09:10.924642: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.924644: | ipprotoid: 0 Aug 26 13:09:10.924647: | port range: 0-65535 Aug 26 13:09:10.924650: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:10.924653: | printing contents struct traffic_selector Aug 26 13:09:10.924655: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:10.924657: | ipprotoid: 0 Aug 26 13:09:10.924659: | port range: 0-65535 Aug 26 13:09:10.924663: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.924667: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:09:10.924672: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.924678: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.924681: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.924685: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.924688: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.924692: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.924695: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.924699: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.924707: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.924710: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:09:10.924714: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.924717: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.924719: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.924722: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.924724: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.924727: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.924730: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.924732: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.924735: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.924737: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.924740: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.924743: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.924745: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.924748: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.924750: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.924752: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.924755: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.924759: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.924762: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.924764: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.924767: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.924769: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.924772: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.924774: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.924778: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.924780: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.924783: | length: 32 (0x20) Aug 26 13:09:10.924785: | prop #: 1 (0x1) Aug 26 13:09:10.924788: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.924790: | spi size: 4 (0x4) Aug 26 13:09:10.924793: | # transforms: 2 (0x2) Aug 26 13:09:10.924796: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.924798: | remote SPI e2 70 8c 7e Aug 26 13:09:10.924801: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:10.924804: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.924809: | length: 12 (0xc) Aug 26 13:09:10.924812: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.924814: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.924817: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.924820: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.924823: | length/value: 256 (0x100) Aug 26 13:09:10.924827: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.924830: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924833: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.924835: | length: 8 (0x8) Aug 26 13:09:10.924838: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.924840: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.924844: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.924847: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:09:10.924850: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:09:10.924853: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:09:10.924856: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:09:10.924860: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:09:10.924863: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.924866: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.924868: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.924871: | length: 32 (0x20) Aug 26 13:09:10.924873: | prop #: 2 (0x2) Aug 26 13:09:10.924876: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.924878: | spi size: 4 (0x4) Aug 26 13:09:10.924880: | # transforms: 2 (0x2) Aug 26 13:09:10.924883: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.924885: | remote SPI e2 70 8c 7e Aug 26 13:09:10.924888: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.924891: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.924896: | length: 12 (0xc) Aug 26 13:09:10.924898: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.924901: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.924903: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.924907: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.924910: | length/value: 128 (0x80) Aug 26 13:09:10.924913: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924915: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.924917: | length: 8 (0x8) Aug 26 13:09:10.924920: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.924922: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.924926: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:09:10.924928: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:09:10.924931: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.924934: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.924936: | length: 48 (0x30) Aug 26 13:09:10.924938: | prop #: 3 (0x3) Aug 26 13:09:10.924941: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.924943: | spi size: 4 (0x4) Aug 26 13:09:10.924946: | # transforms: 4 (0x4) Aug 26 13:09:10.924949: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.924951: | remote SPI e2 70 8c 7e Aug 26 13:09:10.924954: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.924956: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.924961: | length: 12 (0xc) Aug 26 13:09:10.924964: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.924966: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.924969: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.924971: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.924974: | length/value: 256 (0x100) Aug 26 13:09:10.924977: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.924979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.924981: | length: 8 (0x8) Aug 26 13:09:10.924984: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.924986: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.924989: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925009: | length: 8 (0x8) Aug 26 13:09:10.925011: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.925014: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.925017: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925019: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.925022: | length: 8 (0x8) Aug 26 13:09:10.925024: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.925027: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.925030: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:09:10.925033: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:09:10.925036: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.925038: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.925041: | length: 48 (0x30) Aug 26 13:09:10.925043: | prop #: 4 (0x4) Aug 26 13:09:10.925046: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.925048: | spi size: 4 (0x4) Aug 26 13:09:10.925050: | # transforms: 4 (0x4) Aug 26 13:09:10.925053: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.925056: | remote SPI e2 70 8c 7e Aug 26 13:09:10.925058: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:10.925061: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925066: | length: 12 (0xc) Aug 26 13:09:10.925069: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.925072: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.925075: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.925078: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.925080: | length/value: 128 (0x80) Aug 26 13:09:10.925083: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925088: | length: 8 (0x8) Aug 26 13:09:10.925091: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.925093: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.925096: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925101: | length: 8 (0x8) Aug 26 13:09:10.925103: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.925106: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.925109: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925111: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.925114: | length: 8 (0x8) Aug 26 13:09:10.925116: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.925119: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.925122: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:09:10.925125: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:09:10.925131: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=e2708c7e;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:09:10.925136: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e2708c7e;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:09:10.925138: | converting proposal to internal trans attrs Aug 26 13:09:10.925160: | netlink_get_spi: allocated 0xc89c9723 for esp.0@192.1.2.23 Aug 26 13:09:10.925163: | Emitting ikev2_proposal ... Aug 26 13:09:10.925166: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.925169: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.925172: | flags: none (0x0) Aug 26 13:09:10.925176: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.925179: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.925182: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.925184: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.925187: | prop #: 1 (0x1) Aug 26 13:09:10.925189: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.925192: | spi size: 4 (0x4) Aug 26 13:09:10.925194: | # transforms: 2 (0x2) Aug 26 13:09:10.925197: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.925200: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.925203: | our spi c8 9c 97 23 Aug 26 13:09:10.925206: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925211: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.925213: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.925216: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.925219: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.925222: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.925224: | length/value: 256 (0x100) Aug 26 13:09:10.925227: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.925231: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.925234: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.925236: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.925239: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.925242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.925245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.925248: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.925251: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.925253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.925256: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:09:10.925259: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.925262: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.925264: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.925267: | flags: none (0x0) Aug 26 13:09:10.925269: | number of TS: 1 (0x1) Aug 26 13:09:10.925273: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.925275: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.925278: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.925281: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.925283: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.925286: | start port: 0 (0x0) Aug 26 13:09:10.925291: | end port: 65535 (0xffff) Aug 26 13:09:10.925297: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.925300: | ipv4 start c0 00 03 00 Aug 26 13:09:10.925302: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.925305: | ipv4 end c0 00 03 ff Aug 26 13:09:10.925308: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.925310: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.925313: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.925316: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.925318: | flags: none (0x0) Aug 26 13:09:10.925321: | number of TS: 1 (0x1) Aug 26 13:09:10.925324: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.925327: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.925329: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.925332: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.925334: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.925337: | start port: 0 (0x0) Aug 26 13:09:10.925339: | end port: 65535 (0xffff) Aug 26 13:09:10.925342: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.925357: | ipv4 start c0 00 02 00 Aug 26 13:09:10.925360: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.925362: | ipv4 end c0 00 02 ff Aug 26 13:09:10.925365: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.925367: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.925370: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.925374: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.925537: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:09:10.925548: | #1 spent 1.24 milliseconds Aug 26 13:09:10.925551: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:09:10.925554: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:10.925557: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.925560: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.925563: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.925565: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.925568: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.925572: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.925575: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.925579: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.925581: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.925584: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.925588: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.925591: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.925594: | netlink: enabling tunnel mode Aug 26 13:09:10.925597: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.925600: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.925684: | netlink response for Add SA esp.e2708c7e@192.1.3.33 included non-error error Aug 26 13:09:10.925689: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.925692: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.925695: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.925697: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.925700: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.925704: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.925706: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.925709: | netlink: enabling tunnel mode Aug 26 13:09:10.925712: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.925714: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.925753: | netlink response for Add SA esp.c89c9723@192.1.2.23 included non-error error Aug 26 13:09:10.925757: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.925764: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:10.925767: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.927344: | raw_eroute result=success Aug 26 13:09:10.927355: | set up incoming SA, ref=0/0 Aug 26 13:09:10.927359: | sr for #2: unrouted Aug 26 13:09:10.927362: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.927366: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.927369: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.927372: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.927375: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.927377: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.927381: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.927385: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:09:10.927388: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.927396: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:10.927400: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.927423: | raw_eroute result=success Aug 26 13:09:10.927427: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.927432: | command executing up-client Aug 26 13:09:10.927461: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.927467: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.927485: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:09:10.927489: | popen cmd is 1403 chars long Aug 26 13:09:10.927492: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.927494: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:09:10.927497: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:09:10.927500: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:09:10.927502: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 13:09:10.927505: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 13:09:10.927508: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 13:09:10.927510: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 13:09:10.927513: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 13:09:10.927515: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:09:10.927518: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.927521: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 13:09:10.927523: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TR: Aug 26 13:09:10.927526: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 13:09:10.927528: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 13:09:10.927531: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 13:09:10.927534: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe27: Aug 26 13:09:10.927536: | cmd(1360):08c7e SPI_OUT=0xc89c9723 ipsec _updown 2>&1: Aug 26 13:09:10.936834: | route_and_eroute: firewall_notified: true Aug 26 13:09:10.936860: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:10.936865: | command executing prepare-client Aug 26 13:09:10.936901: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.936908: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.936933: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 13:09:10.936937: | popen cmd is 1408 chars long Aug 26 13:09:10.936941: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:10.936944: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:09:10.936946: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.936949: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:10.936951: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:10.936954: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:10.936957: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:10.936959: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 13:09:10.936962: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 13:09:10.936964: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:10.936967: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:10.936969: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:10.936972: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAR: Aug 26 13:09:10.936975: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:09:10.936978: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:09:10.936980: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:09:10.936983: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:09:10.936985: | cmd(1360):0xe2708c7e SPI_OUT=0xc89c9723 ipsec _updown 2>&1: Aug 26 13:09:10.947537: | running updown command "ipsec _updown" for verb route Aug 26 13:09:10.947551: | command executing route-client Aug 26 13:09:10.947585: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.947594: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.947616: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 13:09:10.947622: | popen cmd is 1406 chars long Aug 26 13:09:10.947626: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:10.947629: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 13:09:10.947632: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 13:09:10.947634: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 13:09:10.947637: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Aug 26 13:09:10.947640: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Aug 26 13:09:10.947642: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Aug 26 13:09:10.947645: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Aug 26 13:09:10.947648: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Aug 26 13:09:10.947651: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:09:10.947654: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 13:09:10.947657: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 13:09:10.947660: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF: Aug 26 13:09:10.947663: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 13:09:10.947666: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 13:09:10.947670: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 13:09:10.947673: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 13:09:10.947676: | cmd(1360):e2708c7e SPI_OUT=0xc89c9723 ipsec _updown 2>&1: Aug 26 13:09:10.960321: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55e7d9b4a008,sr=0x55e7d9b4a008} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:10.960462: | #1 spent 2.04 milliseconds in install_ipsec_sa() Aug 26 13:09:10.960472: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:09:10.960477: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.960482: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.960486: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.960490: | emitting length of IKEv2 Encryption Payload: 1961 Aug 26 13:09:10.960494: | emitting length of ISAKMP Message: 1989 Aug 26 13:09:10.960506: | **parse ISAKMP Message: Aug 26 13:09:10.960509: | initiator cookie: Aug 26 13:09:10.960512: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.960515: | responder cookie: Aug 26 13:09:10.960518: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.960521: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.960524: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.960530: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.960534: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.960537: | Message ID: 1 (0x1) Aug 26 13:09:10.960540: | length: 1989 (0x7c5) Aug 26 13:09:10.960543: | **parse IKEv2 Encryption Payload: Aug 26 13:09:10.960546: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.960548: | flags: none (0x0) Aug 26 13:09:10.960550: | length: 1961 (0x7a9) Aug 26 13:09:10.960552: | **emit ISAKMP Message: Aug 26 13:09:10.960555: | initiator cookie: Aug 26 13:09:10.960557: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.960560: | responder cookie: Aug 26 13:09:10.960562: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.960565: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.960568: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.960571: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.960573: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.960576: | Message ID: 1 (0x1) Aug 26 13:09:10.960579: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.960582: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.960585: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.960587: | flags: none (0x0) Aug 26 13:09:10.960590: | fragment number: 1 (0x1) Aug 26 13:09:10.960592: | total fragments: 5 (0x5) Aug 26 13:09:10.960595: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Aug 26 13:09:10.960599: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.960602: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.960605: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.960636: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.960639: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 13:09:10.960642: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.960645: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.960647: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.960650: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.960665: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.960667: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.960669: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.960672: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.960674: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.960675: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.960677: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Aug 26 13:09:10.960678: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Aug 26 13:09:10.960680: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Aug 26 13:09:10.960682: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Aug 26 13:09:10.960683: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Aug 26 13:09:10.960685: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Aug 26 13:09:10.960686: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Aug 26 13:09:10.960688: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Aug 26 13:09:10.960689: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Aug 26 13:09:10.960691: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Aug 26 13:09:10.960694: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Aug 26 13:09:10.960696: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Aug 26 13:09:10.960698: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Aug 26 13:09:10.960699: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:09:10.960701: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 Aug 26 13:09:10.960702: | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 Aug 26 13:09:10.960704: | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 Aug 26 13:09:10.960706: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Aug 26 13:09:10.960707: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.960709: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.960711: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.960713: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.960715: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.960717: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.960740: | **emit ISAKMP Message: Aug 26 13:09:10.960743: | initiator cookie: Aug 26 13:09:10.960744: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.960746: | responder cookie: Aug 26 13:09:10.960747: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.960749: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.960751: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.960753: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.960754: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.960756: | Message ID: 1 (0x1) Aug 26 13:09:10.960758: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.960760: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.960761: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.960763: | flags: none (0x0) Aug 26 13:09:10.960764: | fragment number: 2 (0x2) Aug 26 13:09:10.960766: | total fragments: 5 (0x5) Aug 26 13:09:10.960768: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.960770: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.960772: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.960774: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.960777: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.960778: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.960780: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.960782: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.960783: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.960785: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.960786: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.960788: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.960790: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.960791: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Aug 26 13:09:10.960793: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Aug 26 13:09:10.960794: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Aug 26 13:09:10.960796: | cleartext fragment b1 1e 7c b3 bf 11 96 94 23 ca 97 5e c7 66 36 55 Aug 26 13:09:10.960799: | cleartext fragment 71 49 95 8d 0c 2a 5c 30 4d 58 29 a3 7b 4d 3b 3f Aug 26 13:09:10.960800: | cleartext fragment 03 06 46 a6 04 63 71 0d e1 59 4f 9c ec 3a 17 24 Aug 26 13:09:10.960802: | cleartext fragment 8d 91 6a a8 e2 da 57 41 de f4 ff 65 bf f6 11 34 Aug 26 13:09:10.960803: | cleartext fragment d3 7d 5a 7f 6e 3a 3b 74 3c 51 2b e4 bf ce 6b b2 Aug 26 13:09:10.960805: | cleartext fragment 14 47 26 52 f5 57 28 bc c5 fb f9 bc 2d 4e b9 f8 Aug 26 13:09:10.960807: | cleartext fragment 46 54 c7 95 41 a7 a4 b4 d3 b3 fe 55 4b df f5 c3 Aug 26 13:09:10.960808: | cleartext fragment 78 39 8b 4e 04 57 c0 1d 5b 17 3c 28 eb 40 9d 1d Aug 26 13:09:10.960810: | cleartext fragment 7c b3 bb 0f f0 63 c7 c0 84 b0 4e e4 a9 7c c5 4b Aug 26 13:09:10.960811: | cleartext fragment 08 43 a6 2d 00 22 fd 98 d4 03 d0 ad 97 85 d1 48 Aug 26 13:09:10.960813: | cleartext fragment 15 d3 e4 e5 2d 46 7c ab 41 97 05 27 61 77 3d b6 Aug 26 13:09:10.960815: | cleartext fragment b1 58 a0 5f e0 8d 26 84 9b 03 20 ce 5e 27 7f 7d Aug 26 13:09:10.960816: | cleartext fragment 14 03 b6 9d 6b 9f fd 0c d4 c7 2d eb be ea 62 87 Aug 26 13:09:10.960818: | cleartext fragment fa 99 e0 a6 1c 85 4f 34 da 93 2e 5f db 03 10 58 Aug 26 13:09:10.960819: | cleartext fragment a8 c4 99 17 2d b1 bc e5 7b bd af 0e 28 aa a5 74 Aug 26 13:09:10.960821: | cleartext fragment ea 69 74 5e fa 2c c3 00 3c 2f 58 d0 20 cf e3 46 Aug 26 13:09:10.960822: | cleartext fragment 8d de aa f9 f7 30 5c 16 05 04 89 4c 92 9b 8a 33 Aug 26 13:09:10.960824: | cleartext fragment 11 70 83 17 58 24 2a 4b ab be b6 ec 84 9c 78 9c Aug 26 13:09:10.960826: | cleartext fragment 11 04 2a 02 ce 27 83 a1 1f 2b 38 3f 27 7d Aug 26 13:09:10.960827: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.960829: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.960831: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.960833: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.960834: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.960841: | **emit ISAKMP Message: Aug 26 13:09:10.960843: | initiator cookie: Aug 26 13:09:10.960844: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.960846: | responder cookie: Aug 26 13:09:10.960847: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.960849: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.960851: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.960853: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.960854: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.960856: | Message ID: 1 (0x1) Aug 26 13:09:10.960857: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.960859: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.960861: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.960862: | flags: none (0x0) Aug 26 13:09:10.960864: | fragment number: 3 (0x3) Aug 26 13:09:10.960866: | total fragments: 5 (0x5) Aug 26 13:09:10.960867: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.960869: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.960871: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.960873: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.960875: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.960877: | cleartext fragment 46 94 63 ff 64 59 4e 6c 87 ca 3e e6 31 df 1e 7d Aug 26 13:09:10.960879: | cleartext fragment 48 88 02 c7 9d fa 4a d7 f2 5b a5 fd 7f 1b c6 dc Aug 26 13:09:10.960880: | cleartext fragment 1a bb a6 c4 f8 32 cd bf a7 0b 71 8b 2b 31 41 17 Aug 26 13:09:10.960883: | cleartext fragment 25 a4 18 52 7d 32 fc 0f 5f b8 bb ca e1 94 1a 42 Aug 26 13:09:10.960885: | cleartext fragment 4d 1f 37 16 67 84 ae b4 32 42 9c 5a 91 71 62 b4 Aug 26 13:09:10.960886: | cleartext fragment 4b 07 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Aug 26 13:09:10.960888: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Aug 26 13:09:10.960889: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Aug 26 13:09:10.960891: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 13:09:10.960894: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.960897: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Aug 26 13:09:10.960899: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Aug 26 13:09:10.960902: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Aug 26 13:09:10.960904: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Aug 26 13:09:10.960907: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Aug 26 13:09:10.960909: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Aug 26 13:09:10.960912: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:09:10.960915: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Aug 26 13:09:10.960917: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Aug 26 13:09:10.960920: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:09:10.960923: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:09:10.960925: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Aug 26 13:09:10.960928: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Aug 26 13:09:10.960931: | cleartext fragment 03 81 81 00 3a 56 a3 7d b1 4e 62 2f 82 0d e3 fe Aug 26 13:09:10.960934: | cleartext fragment 74 40 ef cb eb 93 ea ad e4 74 8b 80 6f ae 8b 65 Aug 26 13:09:10.960936: | cleartext fragment 87 12 a6 24 0d 21 9c 5f 70 5c 6f d9 66 8d 98 8b Aug 26 13:09:10.960939: | cleartext fragment ea 59 f8 96 52 6a 6c 86 d6 7d ba 37 a9 8c 33 8c Aug 26 13:09:10.960942: | cleartext fragment 77 18 23 0b 1b 2a 66 47 e7 95 94 e6 75 84 30 d4 Aug 26 13:09:10.960944: | cleartext fragment db b8 23 eb 89 82 a9 fd ed 46 8b ce 46 7f f9 19 Aug 26 13:09:10.960947: | cleartext fragment 8f 49 da 29 2e 1e 97 cd 12 42 86 c7 57 fc Aug 26 13:09:10.960949: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.960953: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.960956: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.960959: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.960961: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.960968: | **emit ISAKMP Message: Aug 26 13:09:10.960972: | initiator cookie: Aug 26 13:09:10.960974: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.960977: | responder cookie: Aug 26 13:09:10.960979: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.960982: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.960985: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.960987: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.960990: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.960993: | Message ID: 1 (0x1) Aug 26 13:09:10.960995: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.960998: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.961001: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.961004: | flags: none (0x0) Aug 26 13:09:10.961006: | fragment number: 4 (0x4) Aug 26 13:09:10.961009: | total fragments: 5 (0x5) Aug 26 13:09:10.961013: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.961018: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.961021: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.961025: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.961036: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.961039: | cleartext fragment 4f 0a 19 26 8a a1 0d 26 81 4d 53 f4 5c 92 a1 03 Aug 26 13:09:10.961042: | cleartext fragment 03 8d 6c 51 33 cc 21 00 01 88 01 00 00 00 76 0e Aug 26 13:09:10.961045: | cleartext fragment be be ba 12 61 ac 51 75 5e c0 f0 27 51 a6 bd 63 Aug 26 13:09:10.961047: | cleartext fragment 52 42 95 c9 88 93 fb d3 a0 73 27 b7 d3 b1 5b 8c Aug 26 13:09:10.961049: | cleartext fragment 83 30 4c c0 61 c2 ca fc 97 e9 c1 6c 2a 6a 5e a4 Aug 26 13:09:10.961052: | cleartext fragment 5f ad 0e ea 07 c3 2d 79 7b 34 bf 76 d3 a1 de 17 Aug 26 13:09:10.961054: | cleartext fragment ed d8 72 d0 bc 82 3e b1 54 ce a9 15 1e ef af f5 Aug 26 13:09:10.961057: | cleartext fragment d8 11 8b a8 21 ee b0 6a a6 7d 2c 68 73 7c 68 9c Aug 26 13:09:10.961059: | cleartext fragment 5a 14 21 78 a3 eb 9c 91 18 1a 05 17 3e 53 d6 ae Aug 26 13:09:10.961062: | cleartext fragment b0 fa b5 f6 b5 47 55 b1 ea d6 17 03 77 c0 8f bc Aug 26 13:09:10.961064: | cleartext fragment f4 df 5e f4 ae 5f 6d 9a c8 22 46 5d e7 78 52 56 Aug 26 13:09:10.961067: | cleartext fragment 63 68 76 35 a0 21 86 68 66 c6 f7 02 9b 14 fd 04 Aug 26 13:09:10.961069: | cleartext fragment 34 3f 80 e8 a0 97 77 1c 36 7c f6 0a 17 49 1a 22 Aug 26 13:09:10.961072: | cleartext fragment 35 69 2e 3f 2e 13 2b 69 5a 09 1b d7 f3 18 9a 1f Aug 26 13:09:10.961074: | cleartext fragment 1d fc d5 b8 87 14 25 00 6d e9 3a 5b 72 b0 3f de Aug 26 13:09:10.961077: | cleartext fragment 95 14 0f c5 8d bd 7e a3 ac c4 65 bd 8e cd 67 2d Aug 26 13:09:10.961080: | cleartext fragment 20 0e d2 f3 89 4c e8 f8 c2 2f e2 44 54 b4 14 a0 Aug 26 13:09:10.961082: | cleartext fragment 4d 48 fb 0b 02 92 52 57 04 08 db a0 dd 2c ce da Aug 26 13:09:10.961084: | cleartext fragment c2 fb 32 87 9a 10 73 72 43 b8 1f 59 ef af ad 8f Aug 26 13:09:10.961087: | cleartext fragment 86 f5 d6 c4 f5 7a 12 ea 78 66 e0 8a 79 83 30 b1 Aug 26 13:09:10.961089: | cleartext fragment ed e9 52 43 5b df 32 f6 ce 5a ad 38 12 e1 59 8d Aug 26 13:09:10.961092: | cleartext fragment ae ce f8 e7 ae 23 ab 86 44 e6 30 25 77 46 a1 d2 Aug 26 13:09:10.961094: | cleartext fragment a3 69 da 04 40 d3 63 77 f5 d4 db 12 d4 64 7f 7f Aug 26 13:09:10.961097: | cleartext fragment e1 41 8c 69 d2 03 9f 86 8c 99 4e 06 50 0a 55 09 Aug 26 13:09:10.961099: | cleartext fragment cc 61 a9 12 a8 6f 88 dd 13 90 f7 cc 6e 10 fd 04 Aug 26 13:09:10.961102: | cleartext fragment fb 32 36 6b 49 f1 5e 17 fa 8e 25 bb 9b d2 2c 00 Aug 26 13:09:10.961104: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 c8 9c 97 23 03 00 Aug 26 13:09:10.961107: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 13:09:10.961110: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 Aug 26 13:09:10.961112: | cleartext fragment ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Aug 26 13:09:10.961115: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.961118: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.961121: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.961123: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.961125: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.961134: | **emit ISAKMP Message: Aug 26 13:09:10.961138: | initiator cookie: Aug 26 13:09:10.961141: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.961143: | responder cookie: Aug 26 13:09:10.961147: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961150: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.961153: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.961156: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.961158: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.961161: | Message ID: 1 (0x1) Aug 26 13:09:10.961164: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.961167: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.961169: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.961172: | flags: none (0x0) Aug 26 13:09:10.961174: | fragment number: 5 (0x5) Aug 26 13:09:10.961177: | total fragments: 5 (0x5) Aug 26 13:09:10.961180: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.961183: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.961186: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.961189: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.961194: | emitting 20 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.961197: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Aug 26 13:09:10.961199: | cleartext fragment c0 00 02 ff Aug 26 13:09:10.961202: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.961205: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.961208: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.961211: | emitting length of IKEv2 Encrypted Fragment: 53 Aug 26 13:09:10.961214: | emitting length of ISAKMP Message: 81 Aug 26 13:09:10.961224: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:09:10.961233: | #1 spent 18.5 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:09:10.961242: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.961249: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.961255: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:09:10.961258: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:09:10.961262: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:10.961267: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:09:10.961273: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:10.961278: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:10.961282: | pstats #2 ikev2.child established Aug 26 13:09:10.961297: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:10.961307: | NAT-T: encaps is 'auto' Aug 26 13:09:10.961312: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe2708c7e <0xc89c9723 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:09:10.961318: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:10.961321: | sending fragments ... Aug 26 13:09:10.961343: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.961348: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961351: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 13:09:10.961353: | 00 01 00 05 16 e1 ae cd d3 e6 4c fe 83 ee 7e 39 Aug 26 13:09:10.961355: | 42 83 c1 8f 97 96 7a e8 cd 2c f2 e1 c1 06 a0 42 Aug 26 13:09:10.961357: | 30 2b b0 68 4a ff 2f 80 00 d9 27 23 d3 ed ec 7c Aug 26 13:09:10.961360: | 59 b8 5a d1 f0 8c 06 a5 44 06 55 17 69 18 fb 48 Aug 26 13:09:10.961362: | 97 0a 77 be d5 b1 0a b3 f5 d6 4c 3b c8 a9 09 63 Aug 26 13:09:10.961365: | c7 99 17 6c fe 6f ff 72 8a a1 75 75 05 f7 7e ad Aug 26 13:09:10.961367: | 6b 22 67 a5 c1 a9 83 9a d6 2f e8 78 c9 dd b8 c0 Aug 26 13:09:10.961370: | 8d 95 c2 74 e0 76 59 c4 17 49 58 85 c8 74 9e 6f Aug 26 13:09:10.961372: | 09 d7 3f 7a 18 89 68 d6 9b 93 89 84 ff 7b 8f 2c Aug 26 13:09:10.961374: | 86 c0 44 2e 50 bf a7 48 26 c2 99 1b 8a d3 05 56 Aug 26 13:09:10.961376: | 66 5a dc 29 49 c7 31 18 6e 0b 6b c9 7d 20 ce 22 Aug 26 13:09:10.961379: | 04 ee 8e 56 57 55 b3 f9 3f d2 b0 42 6a 4a 25 66 Aug 26 13:09:10.961381: | df 19 b2 86 40 70 98 ce f0 71 47 43 e8 46 a7 0e Aug 26 13:09:10.961383: | 75 13 f6 8d 70 b1 23 b6 cd d6 24 40 09 aa 02 55 Aug 26 13:09:10.961386: | 76 78 4c e4 93 78 a5 48 e7 f8 20 48 a2 38 b4 09 Aug 26 13:09:10.961388: | 14 83 97 72 3b 6a 14 30 5e cf 52 7f 69 be 2b 16 Aug 26 13:09:10.961390: | 5b 4b c4 19 bf f5 7f 5c 9f 36 3c e4 27 f7 09 57 Aug 26 13:09:10.961393: | be 26 9f 0f 00 ce dc 56 76 6a e5 49 3b 01 5f 80 Aug 26 13:09:10.961395: | 89 69 3f 54 08 13 88 51 56 4d a5 47 4d 8f 09 2e Aug 26 13:09:10.961412: | cc e8 7c db c8 9c 4c f4 e6 f2 cf 49 10 51 39 de Aug 26 13:09:10.961414: | 08 a8 e9 cc 93 52 70 bb 74 71 e0 58 bd d8 07 d9 Aug 26 13:09:10.961417: | eb e4 88 a6 d3 45 12 58 c8 a2 f9 33 87 fa 07 f2 Aug 26 13:09:10.961419: | 49 6e 47 10 ce b1 15 3f c1 15 11 31 b9 59 4b ca Aug 26 13:09:10.961421: | fa 6d 4d 80 c9 87 c5 fb db 5e df c3 cc 89 88 c2 Aug 26 13:09:10.961424: | 41 07 fc 9c 7d 1d 76 59 03 ff a5 27 3c b7 2e 10 Aug 26 13:09:10.961426: | 47 ce 50 20 9c d0 10 cb 2e f6 74 02 f5 ed 09 0f Aug 26 13:09:10.961429: | 94 1d 77 80 c2 95 48 aa 2a 78 8c b0 7d 6e b3 95 Aug 26 13:09:10.961431: | 68 99 8a 05 87 14 a6 b6 bc 6f 3f 83 a8 e0 d6 bf Aug 26 13:09:10.961434: | b0 38 3c 9b e8 ee 69 fa 88 56 02 1e 07 00 93 22 Aug 26 13:09:10.961436: | 42 74 b9 a4 18 c0 d0 a6 94 c3 7b e4 ee db 50 77 Aug 26 13:09:10.961439: | 53 5d 11 3f 3d a0 5c 6c 76 1b 0a 10 42 64 cf 13 Aug 26 13:09:10.961441: | 1a 08 52 3e 63 0d ef 46 b2 04 53 Aug 26 13:09:10.961506: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.961511: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961514: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.961517: | 00 02 00 05 9d 12 e7 b5 01 b5 32 a1 56 f5 1e d3 Aug 26 13:09:10.961519: | 7e 20 f5 8d c8 43 db 3f bb aa 9d fd 72 54 61 ea Aug 26 13:09:10.961522: | e7 e8 48 a7 93 74 29 ff 71 3f 96 dc a2 7e bc 4b Aug 26 13:09:10.961524: | 6b 88 08 2b 10 20 9e ab bd c1 00 90 b3 32 49 52 Aug 26 13:09:10.961527: | dc ff 95 77 7a 65 78 72 e4 14 6c 75 b9 97 77 c1 Aug 26 13:09:10.961529: | 3c 49 74 d3 e5 ab 0a 2b 50 96 58 08 a9 4f 7c 91 Aug 26 13:09:10.961532: | ea d4 d4 1b c2 75 ef 43 09 7e 54 e0 c3 f9 67 c7 Aug 26 13:09:10.961535: | d2 7d af ad 3f 2f 7c d3 d3 d3 ed dd 4d c3 b6 2c Aug 26 13:09:10.961537: | 79 cb 2f 22 6d 14 f7 73 06 3d 7f 93 5b e4 bf b2 Aug 26 13:09:10.961540: | 82 d2 c2 f5 f1 80 18 cf 4f a3 b6 71 bb 30 84 f3 Aug 26 13:09:10.961543: | 8d 4a 35 a4 9d 17 a9 d4 68 f1 09 3c 8b a0 e6 3b Aug 26 13:09:10.961545: | b7 05 c0 b6 31 a3 47 fc d3 ec ee fc 16 da a6 6d Aug 26 13:09:10.961548: | b0 42 cb 55 9e ea f7 8d 2a b4 b5 82 a2 84 95 ae Aug 26 13:09:10.961551: | 0b 31 a9 33 40 9f 6c 6a 95 28 22 78 cf 66 52 ca Aug 26 13:09:10.961553: | 24 9b 91 0b a5 54 e7 64 d0 6e 1b 84 18 1f 4f 25 Aug 26 13:09:10.961558: | af 86 f7 2b 66 2e f0 9e cd ce d0 ee 3e 2a a5 93 Aug 26 13:09:10.961561: | 47 9a 7a 98 24 f0 49 82 f0 7e ce 9f de 1f b0 1b Aug 26 13:09:10.961564: | 7f a2 60 2b 9e 52 11 6d da a3 7a 17 5c d1 e1 f3 Aug 26 13:09:10.961566: | 79 08 f6 4f 9f 12 47 06 e6 54 59 bd 3f 8d 5f 28 Aug 26 13:09:10.961569: | 36 16 7f 61 55 62 b3 c1 08 ed a8 b6 ff b4 93 52 Aug 26 13:09:10.961571: | 6c 49 71 b1 52 c4 10 8f 9c 94 d1 b3 1f ef 26 fe Aug 26 13:09:10.961574: | c3 9e 44 b7 60 6e 99 58 81 1a 8b 0c 33 28 b5 b3 Aug 26 13:09:10.961577: | 9c 50 00 ad 5f a6 99 e3 9d e0 8b 09 00 cb 3f a3 Aug 26 13:09:10.961579: | 44 77 51 6b 6d 8c 84 74 10 8f b7 ec a0 f1 3d 86 Aug 26 13:09:10.961582: | a4 9f a2 c1 22 35 82 96 53 c9 f6 45 05 91 3c 57 Aug 26 13:09:10.961585: | 41 f8 19 ae a5 91 8d 9b e4 96 6c 63 8a 98 37 57 Aug 26 13:09:10.961587: | e8 24 2e 66 1f be 91 b8 ec d1 c3 29 b5 4d c5 58 Aug 26 13:09:10.961590: | 02 03 83 5b 0a 6e 89 6a 04 93 41 8a 9c ba f7 2b Aug 26 13:09:10.961593: | 9f 48 9d c8 7d 1b 24 32 bb f1 fb 0d 61 37 42 ac Aug 26 13:09:10.961595: | 82 2e 62 08 85 f2 3e b9 da 05 eb f0 0e f5 b0 ff Aug 26 13:09:10.961598: | 1f 83 97 31 79 ef f5 cf 8f 78 5d f2 88 52 15 83 Aug 26 13:09:10.961600: | db 85 9d f9 d2 ad ee 3c 5d 2b 02 Aug 26 13:09:10.961623: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.961627: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961630: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.961632: | 00 03 00 05 57 1f 27 f3 3f 33 c6 7d dc 44 3f 85 Aug 26 13:09:10.961635: | ba 95 5f 0e 47 32 c8 ea 62 87 aa 4f fd d9 96 ed Aug 26 13:09:10.961637: | 25 90 9a 8c 9b af d6 a2 66 69 26 b8 f7 d4 18 a9 Aug 26 13:09:10.961640: | 1c fb ef c7 d9 af b8 78 7d 4d 24 06 ff cb 5d fa Aug 26 13:09:10.961643: | ad c6 09 3a 74 cf c0 01 b5 b9 8a c6 a5 29 ab a3 Aug 26 13:09:10.961645: | 2e 97 a9 00 49 44 ce f2 a5 b8 79 dc 7b 27 24 eb Aug 26 13:09:10.961648: | da bf b5 08 11 43 c2 0c d0 6c 48 21 98 a6 33 d3 Aug 26 13:09:10.961650: | d6 23 2b 34 dd 54 bb c0 89 14 83 a6 ea d6 3d 79 Aug 26 13:09:10.961653: | cf 98 23 b8 12 e2 e7 d8 7b 0d 3a 24 4f 2b 62 a5 Aug 26 13:09:10.961656: | 41 38 87 54 28 7a 5f 6c e4 21 cd 4c 71 11 15 36 Aug 26 13:09:10.961658: | 9b a3 9c 8a 06 e1 97 1c 7d a2 7e 13 9d 71 70 93 Aug 26 13:09:10.961661: | 24 99 e3 93 cf 77 97 43 56 e9 90 37 94 61 22 d0 Aug 26 13:09:10.961663: | a0 b5 3f 9e ed 0e 4b 29 0a 82 b8 b8 05 af 57 63 Aug 26 13:09:10.961666: | 9d 67 c1 04 17 ef cf 9c 27 f6 21 f0 d9 01 78 78 Aug 26 13:09:10.961668: | 54 1b 07 72 b5 3c fa 1a f7 7f a5 65 e0 27 01 55 Aug 26 13:09:10.961671: | fa 42 a1 e1 68 7e f9 87 ab 27 97 11 ba ae 7b b9 Aug 26 13:09:10.961673: | 24 44 f5 d1 ff 61 a9 52 84 3a 96 d3 91 ad b3 5b Aug 26 13:09:10.961676: | f1 3b a0 87 66 9d 56 39 1e 4f c1 83 0b 66 ab fb Aug 26 13:09:10.961678: | a5 e5 aa 16 77 03 bd cb d3 be 52 03 a0 e2 43 6f Aug 26 13:09:10.961681: | f9 47 2f 01 0c 8d bd 4e 2c 1c df 9d 5f cf 90 d7 Aug 26 13:09:10.961683: | 57 4b 56 6f 54 43 f0 2e 86 b0 af be 73 c9 4f e3 Aug 26 13:09:10.961685: | 45 d7 0d 9f db 7b 51 d4 f3 25 14 bb 89 05 c2 55 Aug 26 13:09:10.961688: | d9 ef 37 24 7a 7a 1a df 82 61 35 cd 04 df 7f 1d Aug 26 13:09:10.961690: | 62 03 a7 93 c7 9e 4f 60 88 48 c6 a3 60 5c d7 ef Aug 26 13:09:10.961692: | 8f 21 0b 87 67 b8 27 28 5e f5 e7 1e c0 94 a9 52 Aug 26 13:09:10.961695: | 25 76 9a b8 b8 84 41 4d 5b 97 7d 3d 4c 2a 73 4a Aug 26 13:09:10.961697: | a4 4f ae 63 8d b9 eb 13 c7 45 35 61 cb e0 15 7e Aug 26 13:09:10.961699: | da 9e c2 b9 9e b0 4e d1 09 21 7a f7 78 6f 2c c5 Aug 26 13:09:10.961702: | 74 78 ca 92 bd 1b 28 17 88 5c df 3e ca a7 b9 65 Aug 26 13:09:10.961704: | c4 d1 79 6d e3 4a ff 53 b8 71 97 78 ff da 69 04 Aug 26 13:09:10.961706: | 38 09 d9 f0 87 12 4b 65 82 b5 03 d0 56 30 56 aa Aug 26 13:09:10.961710: | d5 96 47 86 4e b7 86 1d 92 c1 99 Aug 26 13:09:10.961728: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.961732: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961734: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.961737: | 00 04 00 05 5d fb 38 4e 99 a7 bf 17 5b 1a a2 fe Aug 26 13:09:10.961739: | a4 38 96 55 64 46 d3 6e 87 9c 36 67 8e f8 f6 09 Aug 26 13:09:10.961742: | 2e 99 f8 ed 27 76 a4 ea 40 62 dd 50 df ee 71 ca Aug 26 13:09:10.961744: | 78 75 f5 3f d1 0a 62 df cc 01 1f f4 7b 49 eb e2 Aug 26 13:09:10.961746: | c3 65 2a 76 7e 2d 95 d3 18 f5 58 37 52 08 f6 70 Aug 26 13:09:10.961749: | c6 7a 09 59 20 3f 3d a7 1b 1a c7 fa 09 4a c1 ee Aug 26 13:09:10.961751: | dc c8 e7 bc 37 41 39 73 a3 05 a6 67 19 1b ea b6 Aug 26 13:09:10.961753: | 8d 7e 83 82 14 35 fb f3 63 9c bf 67 b3 7a a3 b1 Aug 26 13:09:10.961756: | b5 2d b0 ac bd fd e8 d5 13 9d 7c a4 c8 4a a5 63 Aug 26 13:09:10.961758: | 94 d0 c7 b7 5a 0e 94 ea dc 8c 3e 03 09 fa 2c c0 Aug 26 13:09:10.961760: | 59 29 72 19 38 a6 2c eb 5c 12 5f e5 7b 60 8f 41 Aug 26 13:09:10.961763: | aa 9d 71 02 68 62 2e a7 b5 d1 cb ad 87 92 b3 fc Aug 26 13:09:10.961765: | d3 98 db b6 b8 b1 6d f8 73 7c 85 13 2e 90 66 93 Aug 26 13:09:10.961767: | 9e 7f b9 5a 35 1f 2b bb df ea 6a 11 72 5f 93 b4 Aug 26 13:09:10.961770: | a0 f5 b8 76 bb b0 3b 4d de aa 50 c1 76 fb cb cf Aug 26 13:09:10.961773: | b3 11 76 a0 ad 2d d7 3a 73 75 8e 76 98 d5 d3 53 Aug 26 13:09:10.961775: | 69 97 d9 1b 6f 37 ac 75 a0 8b 2e 8a bb 39 a0 08 Aug 26 13:09:10.961778: | bc 48 12 7c 1e 9b 0c b5 fd a4 ef f3 c4 ad bb 87 Aug 26 13:09:10.961780: | 8b 1a cd 03 f0 13 52 6e c1 49 11 ca 81 ea b9 f9 Aug 26 13:09:10.961783: | 5e bf 7a 09 73 8d 27 50 76 e9 b7 ce 5e 40 01 88 Aug 26 13:09:10.961785: | 50 7a 3f de 4b 75 a0 62 a9 3a fa 1b 34 39 87 4d Aug 26 13:09:10.961788: | 22 ce c5 e5 65 03 05 50 fa fe de 0b bd db f2 b3 Aug 26 13:09:10.961791: | a9 60 bd d4 dc 7c 97 d6 0a bc e1 0a 72 55 95 92 Aug 26 13:09:10.961793: | 37 6e bb f5 48 6d 2d f2 31 21 68 09 b3 fc 98 fa Aug 26 13:09:10.961796: | 2a 93 f6 aa 23 57 a5 ff 0d 21 d8 77 88 30 a5 73 Aug 26 13:09:10.961799: | c8 37 a8 9b 39 15 64 51 aa d1 2b d4 fc 93 4b df Aug 26 13:09:10.961801: | cd 82 58 39 d3 16 bb 68 a4 c4 17 29 a9 1f 02 1f Aug 26 13:09:10.961804: | ed 92 6b 8a 64 fd 78 7e 90 4e 12 db 1f 11 97 57 Aug 26 13:09:10.961806: | 33 b3 d5 a8 62 21 e9 83 1a 09 2f 00 7c 33 12 f5 Aug 26 13:09:10.961809: | c1 3e b5 4b 89 55 c0 05 21 ca e5 fd 29 1a b7 01 Aug 26 13:09:10.961811: | 40 97 53 72 c3 d1 44 27 81 c8 a6 c0 55 2f 5f d1 Aug 26 13:09:10.961814: | b6 12 3b fd c8 7b 06 e5 60 bb b3 Aug 26 13:09:10.961831: | sending 81 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:10.961835: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961838: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 13:09:10.961841: | 00 05 00 05 0f b2 bd 50 55 92 56 b2 7f a1 07 0e Aug 26 13:09:10.961843: | 73 04 fc 18 36 bd 12 2e 72 6d dc 71 3a ac 7c e2 Aug 26 13:09:10.961846: | 59 0f 95 67 59 04 59 58 df a6 5f 21 34 c8 6a e8 Aug 26 13:09:10.961848: | 05 Aug 26 13:09:10.961860: | sent 5 fragments Aug 26 13:09:10.961865: | releasing whack for #2 (sock=fd@-1) Aug 26 13:09:10.961868: | releasing whack and unpending for parent #1 Aug 26 13:09:10.961872: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 13:09:10.961878: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:10.961882: | event_schedule: new EVENT_SA_REKEY-pe@0x7f9cd4002b78 Aug 26 13:09:10.961887: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:09:10.961892: | libevent_malloc: new ptr-libevent@0x55e7d9b67188 size 128 Aug 26 13:09:10.961909: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.961921: | #1 spent 19.4 milliseconds in resume sending helper answer Aug 26 13:09:10.961927: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:10.961932: | libevent_free: release ptr-libevent@0x7f9ccc000f48 Aug 26 13:09:10.961949: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.961954: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.961959: | spent 0.00551 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.961962: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.961966: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.961969: | spent 0.00373 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.961972: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.961976: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.961979: | spent 0.00366 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.003114: | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:11.003142: | *received 601 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:11.003148: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.003151: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 13:09:11.003154: | 7e 99 d5 e0 b7 48 07 c0 96 71 06 00 d1 ed 5e 99 Aug 26 13:09:11.003157: | 57 31 bd bd 93 e9 37 0b e5 47 34 eb dc 43 70 56 Aug 26 13:09:11.003159: | d7 c2 b6 64 23 99 2c 89 c4 0a 57 92 8f 08 d9 b5 Aug 26 13:09:11.003161: | 43 2f 62 7a 66 c4 ad d7 8e 3c c9 11 0e 21 60 cf Aug 26 13:09:11.003165: | a2 4b 2e bd 46 77 c1 ac da 39 70 30 15 6b d4 4c Aug 26 13:09:11.003167: | aa ab 02 51 09 09 87 fb 8b db 04 86 82 7f aa 56 Aug 26 13:09:11.003170: | fd f2 82 b0 43 0c 6f 2d d3 16 5c 57 80 7f aa 97 Aug 26 13:09:11.003172: | ad b3 48 5d 2f ba f9 ff 14 e3 cc ca b7 f6 b5 44 Aug 26 13:09:11.003175: | 2b 0a a5 7c 0b e6 cd bb 08 13 68 5f 61 0c 25 f7 Aug 26 13:09:11.003177: | ba e0 63 3e 11 8e c0 39 00 14 1c 6c d5 20 84 49 Aug 26 13:09:11.003180: | 9e cc 7b 7a 5e e9 a4 b9 c2 3c f2 fa ed 92 8a 97 Aug 26 13:09:11.003183: | 12 d4 cd 88 0c 30 56 2a 2b da 74 6d 96 b0 3b 76 Aug 26 13:09:11.003186: | 22 9f 00 61 51 ee 32 2a 7f b2 3d 68 18 54 d3 e8 Aug 26 13:09:11.003188: | 37 04 be d5 10 84 63 c8 b0 8c eb d3 49 a5 c3 64 Aug 26 13:09:11.003191: | 22 46 1d 0e 8e f2 fd 09 92 7a 9f d7 8b 49 dc fa Aug 26 13:09:11.003193: | fd f5 bf 95 e9 90 3e c7 9f 9b 71 a5 96 41 a2 15 Aug 26 13:09:11.003196: | 20 69 9a 8e 30 8d 8c 96 67 34 36 8a b9 7e c9 8e Aug 26 13:09:11.003199: | c3 e3 07 cb 97 5e 5f 91 d7 2b 53 9e 20 6b 42 6d Aug 26 13:09:11.003201: | bf 09 73 7c 2e 5b 5c 1f 66 3a 45 e8 0a 58 78 98 Aug 26 13:09:11.003204: | cf 0e 01 e8 a8 b3 1d 3e 53 d7 16 36 e1 82 9d 80 Aug 26 13:09:11.003206: | 6e 8a b4 ac 33 09 09 81 40 a5 ad b9 c0 fd fd 4c Aug 26 13:09:11.003209: | 01 92 11 92 6b 67 93 78 e0 28 99 72 8f a8 08 10 Aug 26 13:09:11.003211: | 82 83 47 85 4b a9 3b 8b f1 8c 9d 93 00 dc 41 11 Aug 26 13:09:11.003214: | 81 80 51 3f 9f 30 8f 52 51 c0 ae 60 51 c9 ab ca Aug 26 13:09:11.003216: | 0a 5a 09 b2 88 43 bd bc 8c 4a a5 ba b2 79 f1 b7 Aug 26 13:09:11.003219: | a7 61 43 eb 5d 37 5a 41 32 b1 65 b6 9b e2 a3 ba Aug 26 13:09:11.003222: | 9d 0a c0 cb 8a 19 e8 7b f3 08 d3 53 f4 5d 03 38 Aug 26 13:09:11.003224: | 8f fb 5f 85 18 09 c4 4e cf a1 53 d2 a8 f8 67 9f Aug 26 13:09:11.003227: | 6b 28 cd f8 11 12 d4 69 68 2e 37 43 e9 c7 ae da Aug 26 13:09:11.003229: | 47 5c 3d 95 a3 0d 91 14 f6 77 7a a6 8f 79 11 23 Aug 26 13:09:11.003232: | 53 03 44 c4 45 23 16 c9 6f 52 18 d0 b4 94 fb 48 Aug 26 13:09:11.003235: | 18 23 1d 2f 67 56 5c 0d 08 dc 49 67 af 65 a0 51 Aug 26 13:09:11.003237: | 0b 6b 54 83 5e e2 d7 26 5b f0 80 f9 4d bd b5 a1 Aug 26 13:09:11.003240: | 5c b0 ae 12 74 c9 56 e7 13 06 87 9d 76 1c 66 74 Aug 26 13:09:11.003242: | 4e da 02 b4 01 2e 5b 00 fd 84 b5 f4 02 fb 70 99 Aug 26 13:09:11.003248: | ac d0 9c 4d fe ca 54 a4 cd Aug 26 13:09:11.003254: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:11.003259: | **parse ISAKMP Message: Aug 26 13:09:11.003262: | initiator cookie: Aug 26 13:09:11.003264: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:11.003267: | responder cookie: Aug 26 13:09:11.003270: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.003273: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:11.003276: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.003278: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:11.003282: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:11.003284: | Message ID: 2 (0x2) Aug 26 13:09:11.003287: | length: 601 (0x259) Aug 26 13:09:11.003315: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:11.003319: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:09:11.003324: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:09:11.003332: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:11.003336: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:11.003341: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:11.003345: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:09:11.003350: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 13:09:11.003353: | unpacking clear payload Aug 26 13:09:11.003355: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:11.003359: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:11.003362: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:11.003365: | flags: none (0x0) Aug 26 13:09:11.003368: | length: 573 (0x23d) Aug 26 13:09:11.003371: | processing payload: ISAKMP_NEXT_v2SK (len=569) Aug 26 13:09:11.003375: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:11.003379: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:09:11.003402: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:11.003406: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:11.003410: | **parse IKEv2 Security Association Payload: Aug 26 13:09:11.003413: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:11.003416: | flags: none (0x0) Aug 26 13:09:11.003419: | length: 196 (0xc4) Aug 26 13:09:11.003421: | processing payload: ISAKMP_NEXT_v2SA (len=192) Aug 26 13:09:11.003424: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.003427: | **parse IKEv2 Nonce Payload: Aug 26 13:09:11.003429: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:11.003432: | flags: none (0x0) Aug 26 13:09:11.003434: | length: 36 (0x24) Aug 26 13:09:11.003437: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:11.003440: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:11.003443: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:11.003445: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:11.003448: | flags: none (0x0) Aug 26 13:09:11.003451: | length: 264 (0x108) Aug 26 13:09:11.003453: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.003456: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:11.003459: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:11.003462: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:11.003465: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:11.003467: | flags: none (0x0) Aug 26 13:09:11.003470: | length: 24 (0x18) Aug 26 13:09:11.003473: | number of TS: 1 (0x1) Aug 26 13:09:11.003478: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:11.003481: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:11.003484: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:11.003486: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.003489: | flags: none (0x0) Aug 26 13:09:11.003492: | length: 24 (0x18) Aug 26 13:09:11.003495: | number of TS: 1 (0x1) Aug 26 13:09:11.003497: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:11.003501: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 13:09:11.003504: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:11.003510: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:11.003516: | creating state object #3 at 0x55e7d9b614d8 Aug 26 13:09:11.003519: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:09:11.003530: | pstats #3 ikev2.child started Aug 26 13:09:11.003534: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:09:11.003540: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:11.003550: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:11.003554: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 13:09:11.003561: | "northnet-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "northnet-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Aug 26 13:09:11.003566: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:11.003570: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:11.003573: | forcing ST #1 to CHILD #1.#3 in FSM processor Aug 26 13:09:11.003576: | Now let's proceed with state specific processing Aug 26 13:09:11.003579: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:11.003585: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:11.003589: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 13:09:11.003595: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:11.003602: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.003606: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:11.003610: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.003614: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:11.003619: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.003623: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:11.003627: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.003636: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.003640: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:09:11.003650: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:11.003653: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:11.003656: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:11.003659: | local proposal 1 type DH has 1 transforms Aug 26 13:09:11.003662: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:11.003665: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:11.003668: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:11.003671: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:11.003673: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:11.003676: | local proposal 2 type DH has 1 transforms Aug 26 13:09:11.003679: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:11.003682: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:11.003685: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:11.003688: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:11.003690: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:11.003693: | local proposal 3 type DH has 1 transforms Aug 26 13:09:11.003696: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:11.003699: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:11.003702: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:11.003705: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:11.003707: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:11.003710: | local proposal 4 type DH has 1 transforms Aug 26 13:09:11.003712: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:11.003716: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:11.003719: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.003722: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.003725: | length: 40 (0x28) Aug 26 13:09:11.003728: | prop #: 1 (0x1) Aug 26 13:09:11.003730: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.003733: | spi size: 4 (0x4) Aug 26 13:09:11.003736: | # transforms: 3 (0x3) Aug 26 13:09:11.003740: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:11.003742: | remote SPI 4c 10 7a d5 Aug 26 13:09:11.003746: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:09:11.003749: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003755: | length: 12 (0xc) Aug 26 13:09:11.003757: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.003760: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.003763: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.003766: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.003769: | length/value: 256 (0x100) Aug 26 13:09:11.003774: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:11.003777: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003782: | length: 8 (0x8) Aug 26 13:09:11.003785: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.003788: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.003792: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:11.003796: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:09:11.003799: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:09:11.003802: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:09:11.003805: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003808: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.003812: | length: 8 (0x8) Aug 26 13:09:11.003815: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.003818: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.003821: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:11.003824: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:09:11.003828: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:09:11.003832: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:09:11.003836: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:09:11.003840: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:09:11.003843: | remote proposal 1 matches local proposal 1 Aug 26 13:09:11.003846: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.003849: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.003852: | length: 40 (0x28) Aug 26 13:09:11.003855: | prop #: 2 (0x2) Aug 26 13:09:11.003857: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.003860: | spi size: 4 (0x4) Aug 26 13:09:11.003862: | # transforms: 3 (0x3) Aug 26 13:09:11.003867: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:11.003869: | remote SPI 4c 10 7a d5 Aug 26 13:09:11.003872: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:11.003875: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003880: | length: 12 (0xc) Aug 26 13:09:11.003883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.003886: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.003889: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.003892: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.003895: | length/value: 128 (0x80) Aug 26 13:09:11.003898: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003904: | length: 8 (0x8) Aug 26 13:09:11.003907: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.003909: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.003912: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003915: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.003917: | length: 8 (0x8) Aug 26 13:09:11.003920: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.003923: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.003927: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Aug 26 13:09:11.003930: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Aug 26 13:09:11.003933: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.003936: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.003938: | length: 56 (0x38) Aug 26 13:09:11.003941: | prop #: 3 (0x3) Aug 26 13:09:11.003944: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.003947: | spi size: 4 (0x4) Aug 26 13:09:11.003949: | # transforms: 5 (0x5) Aug 26 13:09:11.003952: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:11.003955: | remote SPI 4c 10 7a d5 Aug 26 13:09:11.003958: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:11.003961: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003966: | length: 12 (0xc) Aug 26 13:09:11.003969: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.003972: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.003977: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.003980: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.003982: | length/value: 256 (0x100) Aug 26 13:09:11.003986: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.003988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.003991: | length: 8 (0x8) Aug 26 13:09:11.003994: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.003997: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.004000: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004005: | length: 8 (0x8) Aug 26 13:09:11.004008: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.004012: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.004015: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004020: | length: 8 (0x8) Aug 26 13:09:11.004022: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.004025: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.004029: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004032: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.004034: | length: 8 (0x8) Aug 26 13:09:11.004037: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.004039: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.004044: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 13:09:11.004047: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 13:09:11.004050: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.004053: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.004056: | length: 56 (0x38) Aug 26 13:09:11.004058: | prop #: 4 (0x4) Aug 26 13:09:11.004061: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.004064: | spi size: 4 (0x4) Aug 26 13:09:11.004067: | # transforms: 5 (0x5) Aug 26 13:09:11.004070: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:11.004072: | remote SPI 4c 10 7a d5 Aug 26 13:09:11.004076: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:09:11.004079: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004084: | length: 12 (0xc) Aug 26 13:09:11.004087: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.004090: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.004093: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.004096: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.004099: | length/value: 128 (0x80) Aug 26 13:09:11.004102: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004107: | length: 8 (0x8) Aug 26 13:09:11.004110: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.004113: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.004117: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004122: | length: 8 (0x8) Aug 26 13:09:11.004124: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.004127: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.004131: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.004136: | length: 8 (0x8) Aug 26 13:09:11.004139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.004141: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.004144: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.004148: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.004151: | length: 8 (0x8) Aug 26 13:09:11.004154: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.004156: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.004161: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Aug 26 13:09:11.004164: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Aug 26 13:09:11.004170: "northnet-eastnets/0x2" #1: proposal 1:ESP:SPI=4c107ad5;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.004175: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=4c107ad5;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.004178: | converting proposal to internal trans attrs Aug 26 13:09:11.004183: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:09:11.004188: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 13:09:11.004191: | TSi: parsing 1 traffic selectors Aug 26 13:09:11.004194: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:11.004197: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.004200: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.004202: | length: 16 (0x10) Aug 26 13:09:11.004205: | start port: 0 (0x0) Aug 26 13:09:11.004208: | end port: 65535 (0xffff) Aug 26 13:09:11.004211: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:11.004213: | TS low c0 00 03 00 Aug 26 13:09:11.004216: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:11.004219: | TS high c0 00 03 ff Aug 26 13:09:11.004222: | TSi: parsed 1 traffic selectors Aug 26 13:09:11.004224: | TSr: parsing 1 traffic selectors Aug 26 13:09:11.004227: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:11.004230: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.004232: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.004235: | length: 16 (0x10) Aug 26 13:09:11.004237: | start port: 0 (0x0) Aug 26 13:09:11.004240: | end port: 65535 (0xffff) Aug 26 13:09:11.004243: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:11.004246: | TS low c0 00 16 00 Aug 26 13:09:11.004249: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:11.004251: | TS high c0 00 16 ff Aug 26 13:09:11.004254: | TSr: parsed 1 traffic selectors Aug 26 13:09:11.004256: | looking for best SPD in current connection Aug 26 13:09:11.004262: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:11.004268: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004275: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:11.004279: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:11.004282: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:11.004285: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:11.004293: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.004302: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004309: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:11.004312: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:11.004315: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:11.004318: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:11.004321: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.004326: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:11.004329: | found better spd route for TSi[0],TSr[0] Aug 26 13:09:11.004332: | looking for better host pair Aug 26 13:09:11.004337: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:11.004343: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:11.004346: | investigating connection "northnet-eastnets/0x2" as a better match Aug 26 13:09:11.004360: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:11.004364: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:11.004367: | results matched Aug 26 13:09:11.004373: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.004380: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.004386: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:11.004391: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004397: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:11.004401: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:11.004403: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:11.004406: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:11.004409: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.004414: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004419: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:11.004423: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:11.004426: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:11.004429: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:11.004432: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.004434: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:11.004437: | investigating connection "northnet-eastnets/0x1" as a better match Aug 26 13:09:11.004449: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:11.004452: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:09:11.004455: | results matched Aug 26 13:09:11.004461: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.004467: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.004473: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:11.004478: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004484: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:11.004487: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:11.004490: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:11.004493: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:11.004496: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.004501: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.004507: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Aug 26 13:09:11.004511: | did not find a better connection using host pair Aug 26 13:09:11.004514: | printing contents struct traffic_selector Aug 26 13:09:11.004517: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:11.004520: | ipprotoid: 0 Aug 26 13:09:11.004522: | port range: 0-65535 Aug 26 13:09:11.004527: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:11.004529: | printing contents struct traffic_selector Aug 26 13:09:11.004532: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:11.004534: | ipprotoid: 0 Aug 26 13:09:11.004536: | port range: 0-65535 Aug 26 13:09:11.004540: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:11.004548: | adding Child Responder KE and nonce nr work-order 3 for state #3 Aug 26 13:09:11.004552: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b58928 Aug 26 13:09:11.004556: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:11.004561: | libevent_malloc: new ptr-libevent@0x7f9ccc000f48 size 128 Aug 26 13:09:11.004565: | libevent_realloc: release ptr-libevent@0x55e7d9ae3268 Aug 26 13:09:11.004568: | libevent_realloc: new ptr-libevent@0x55e7d9b4c808 size 128 Aug 26 13:09:11.004581: | #3 spent 0.991 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 13:09:11.004586: | crypto helper 2 resuming Aug 26 13:09:11.004588: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.004603: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:09:11.004612: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.004619: | crypto helper 2 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Aug 26 13:09:11.004621: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:11.004629: | suspending state #3 and saving MD Aug 26 13:09:11.004632: | #3 is busy; has a suspended MD Aug 26 13:09:11.004637: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:11.004641: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:11.004646: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:11.004651: | #1 spent 1.49 milliseconds in ikev2_process_packet() Aug 26 13:09:11.004656: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:11.004659: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:11.004662: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:11.004666: | spent 1.51 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:11.005585: | crypto helper 2 finished build KE and nonce (Child Responder KE and nonce nr); request ID 3 time elapsed 0.000967 seconds Aug 26 13:09:11.005598: | (#3) spent 0.975 milliseconds in crypto helper computing work-order 3: Child Responder KE and nonce nr (pcr) Aug 26 13:09:11.005601: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:09:11.005603: | scheduling resume sending helper answer for #3 Aug 26 13:09:11.005605: | libevent_malloc: new ptr-libevent@0x7f9cd0002888 size 128 Aug 26 13:09:11.005613: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:11.005623: | processing resume sending helper answer for #3 Aug 26 13:09:11.005633: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:11.005638: | crypto helper 2 replies to request ID 3 Aug 26 13:09:11.005641: | calling continuation function 0x55e7d8064b50 Aug 26 13:09:11.005644: | ikev2_child_inIoutR_continue for #3 STATE_V2_CREATE_R Aug 26 13:09:11.005667: | adding DHv2 for child sa work-order 4 for state #3 Aug 26 13:09:11.005670: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.005674: | libevent_free: release ptr-libevent@0x7f9ccc000f48 Aug 26 13:09:11.005677: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b58928 Aug 26 13:09:11.005680: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b58928 Aug 26 13:09:11.005684: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:11.005687: | libevent_malloc: new ptr-libevent@0x7f9ccc000f48 size 128 Aug 26 13:09:11.005696: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.005715: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:11.005718: | suspending state #3 and saving MD Aug 26 13:09:11.005721: | #3 is busy; has a suspended MD Aug 26 13:09:11.005721: | crypto helper 5 resuming Aug 26 13:09:11.005725: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:11.005739: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:11.005732: | crypto helper 5 starting work-order 4 for state #3 Aug 26 13:09:11.005744: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:11.005748: | crypto helper 5 doing crypto (DHv2 for child sa); request ID 4 Aug 26 13:09:11.005751: | #3 spent 0.11 milliseconds in resume sending helper answer Aug 26 13:09:11.005757: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:11.005760: | libevent_free: release ptr-libevent@0x7f9cd0002888 Aug 26 13:09:11.006281: | crypto helper 5 finished crypto (DHv2 for child sa); request ID 4 time elapsed 0.000533 seconds Aug 26 13:09:11.006287: | (#3) spent 0.538 milliseconds in crypto helper computing work-order 4: DHv2 for child sa (dh) Aug 26 13:09:11.006298: | crypto helper 5 sending results from work-order 4 for state #3 to event queue Aug 26 13:09:11.006301: | scheduling resume sending helper answer for #3 Aug 26 13:09:11.006303: | libevent_malloc: new ptr-libevent@0x7f9cc4001f78 size 128 Aug 26 13:09:11.006309: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:11.006317: | processing resume sending helper answer for #3 Aug 26 13:09:11.006329: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:11.006335: | crypto helper 5 replies to request ID 4 Aug 26 13:09:11.006338: | calling continuation function 0x55e7d80659d0 Aug 26 13:09:11.006342: | ikev2_child_inIoutR_continue_continue for #3 STATE_V2_CREATE_R Aug 26 13:09:11.006365: | **emit ISAKMP Message: Aug 26 13:09:11.006369: | initiator cookie: Aug 26 13:09:11.006372: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:11.006375: | responder cookie: Aug 26 13:09:11.006377: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.006380: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:11.006383: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.006387: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:11.006390: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:11.006393: | Message ID: 2 (0x2) Aug 26 13:09:11.006396: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:11.006399: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:11.006402: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006405: | flags: none (0x0) Aug 26 13:09:11.006409: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:11.006412: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006419: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:11.006450: | netlink_get_spi: allocated 0xd4b5084d for esp.0@192.1.2.23 Aug 26 13:09:11.006454: | Emitting ikev2_proposal ... Aug 26 13:09:11.006457: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:11.006460: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006463: | flags: none (0x0) Aug 26 13:09:11.006467: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:11.006470: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006474: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.006477: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.006480: | prop #: 1 (0x1) Aug 26 13:09:11.006483: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.006486: | spi size: 4 (0x4) Aug 26 13:09:11.006489: | # transforms: 3 (0x3) Aug 26 13:09:11.006492: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.006496: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:11.006499: | our spi d4 b5 08 4d Aug 26 13:09:11.006502: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.006505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.006508: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.006511: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.006515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.006518: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.006521: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.006524: | length/value: 256 (0x100) Aug 26 13:09:11.006527: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.006530: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.006533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.006536: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.006539: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.006542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.006545: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.006548: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.006551: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.006554: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.006557: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.006560: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.006564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.006567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.006570: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.006573: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:11.006576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.006579: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:09:11.006582: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:11.006585: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:11.006589: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006592: | flags: none (0x0) Aug 26 13:09:11.006595: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.006598: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006601: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:11.006604: | IKEv2 nonce b8 7f a3 3d 8c 43 e9 8f b5 37 3b 4d 22 c8 41 95 Aug 26 13:09:11.006606: | IKEv2 nonce 96 7b 92 72 7e c3 3b 50 a3 37 62 7f dd ed 59 5f Aug 26 13:09:11.006609: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:11.006612: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:11.006615: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006617: | flags: none (0x0) Aug 26 13:09:11.006620: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.006623: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:11.006626: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006629: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:11.006632: | ikev2 g^x 05 a2 77 a3 b9 ee ab d1 6a 3f 93 95 3f 5a 5d fa Aug 26 13:09:11.006635: | ikev2 g^x 87 63 f0 06 8a 6e 26 f0 f9 15 c6 35 81 29 f0 94 Aug 26 13:09:11.006637: | ikev2 g^x 27 3b b8 8b 68 40 d9 3f 56 86 ac 4f af 23 d6 bb Aug 26 13:09:11.006640: | ikev2 g^x 9f 9c 08 97 a5 3b d0 b4 89 cc 41 33 cb 83 cd b4 Aug 26 13:09:11.006642: | ikev2 g^x ec 9d db 8f 0e bf 3a 0e 12 ea a8 fa 35 69 df a1 Aug 26 13:09:11.006645: | ikev2 g^x 77 55 e7 3a 4a 7e 27 7f c7 72 c1 69 30 e9 20 7f Aug 26 13:09:11.006648: | ikev2 g^x fd 5e b1 bb 09 30 48 81 a0 d3 11 66 f5 18 2f bb Aug 26 13:09:11.006650: | ikev2 g^x 12 3a 63 7e e5 23 a8 a3 b2 51 a0 e7 18 e9 9a 0b Aug 26 13:09:11.006653: | ikev2 g^x d0 25 76 70 be e7 e1 89 58 a0 d5 b0 e3 0e 3a 42 Aug 26 13:09:11.006656: | ikev2 g^x bc a5 6e 0f a6 76 a0 cf 09 b8 cf f3 b3 e2 ee a3 Aug 26 13:09:11.006658: | ikev2 g^x 5c 09 1d 1c 35 2e d7 10 3c 0b 99 54 a1 16 78 98 Aug 26 13:09:11.006661: | ikev2 g^x 98 6b 5d ea 83 ca be f9 ce c7 44 ec d7 4c be bb Aug 26 13:09:11.006663: | ikev2 g^x af 7b 16 b3 9b a5 96 0e 5a ee 69 e3 f2 0b 73 7a Aug 26 13:09:11.006665: | ikev2 g^x 9e b7 f6 07 9d 6e 30 7c a8 24 df 27 24 06 5e b0 Aug 26 13:09:11.006668: | ikev2 g^x 15 99 f8 19 bd bf 6c 7c 22 46 00 d8 d5 37 8a ac Aug 26 13:09:11.006670: | ikev2 g^x 96 ea d3 8a 3e 22 ab c0 32 26 b4 82 7f b0 b9 ad Aug 26 13:09:11.006673: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:11.006676: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:11.006679: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006682: | flags: none (0x0) Aug 26 13:09:11.006684: | number of TS: 1 (0x1) Aug 26 13:09:11.006687: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:11.006691: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006693: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:11.006696: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.006699: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.006701: | start port: 0 (0x0) Aug 26 13:09:11.006704: | end port: 65535 (0xffff) Aug 26 13:09:11.006707: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:11.006710: | ipv4 start c0 00 03 00 Aug 26 13:09:11.006713: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:11.006716: | ipv4 end c0 00 03 ff Aug 26 13:09:11.006718: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:11.006723: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:11.006726: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:11.006728: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.006731: | flags: none (0x0) Aug 26 13:09:11.006733: | number of TS: 1 (0x1) Aug 26 13:09:11.006737: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:11.006740: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.006743: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:11.006745: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.006748: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.006750: | start port: 0 (0x0) Aug 26 13:09:11.006751: | end port: 65535 (0xffff) Aug 26 13:09:11.006753: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:11.006755: | ipv4 start c0 00 16 00 Aug 26 13:09:11.006757: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:11.006758: | ipv4 end c0 00 16 ff Aug 26 13:09:11.006760: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:11.006761: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:11.006764: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:11.006766: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:11.006900: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:09:11.006904: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:11.006906: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:11.006908: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.006910: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:11.006912: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.006914: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:11.006917: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 13:09:11.006920: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:11.006923: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:11.006925: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:11.006927: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:11.006929: | setting IPsec SA replay-window to 32 Aug 26 13:09:11.006931: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:11.006933: | netlink: enabling tunnel mode Aug 26 13:09:11.006936: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:11.006938: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:11.007000: | netlink response for Add SA esp.4c107ad5@192.1.3.33 included non-error error Aug 26 13:09:11.007006: | set up outgoing SA, ref=0/0 Aug 26 13:09:11.007009: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:11.007012: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:11.007015: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:11.007018: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:11.007022: | setting IPsec SA replay-window to 32 Aug 26 13:09:11.007025: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:11.007028: | netlink: enabling tunnel mode Aug 26 13:09:11.007031: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:11.007034: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:11.007071: | netlink response for Add SA esp.d4b5084d@192.1.2.23 included non-error error Aug 26 13:09:11.007078: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:11.007086: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:11.007090: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:11.007115: | raw_eroute result=success Aug 26 13:09:11.007119: | set up incoming SA, ref=0/0 Aug 26 13:09:11.007122: | sr for #3: unrouted Aug 26 13:09:11.007125: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:11.007127: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:11.007131: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.007134: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:11.007136: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.007139: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:11.007143: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 13:09:11.007147: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55e7d9b4a008} and state: #3 Aug 26 13:09:11.007151: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:11.007158: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:11.007161: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:11.007174: | raw_eroute result=success Aug 26 13:09:11.007179: | running updown command "ipsec _updown" for verb up Aug 26 13:09:11.007182: | command executing up-client Aug 26 13:09:11.007212: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.007219: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.007239: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:09:11.007243: | popen cmd is 1405 chars long Aug 26 13:09:11.007247: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:11.007250: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:09:11.007253: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:09:11.007255: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:09:11.007258: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:11.007261: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 13:09:11.007264: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:11.007267: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:09:11.007272: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:09:11.007275: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:11.007278: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:11.007281: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:11.007284: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_: Aug 26 13:09:11.007287: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 13:09:11.007297: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 13:09:11.007300: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 13:09:11.007302: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4: Aug 26 13:09:11.007305: | cmd(1360):c107ad5 SPI_OUT=0xd4b5084d ipsec _updown 2>&1: Aug 26 13:09:11.017751: | route_and_eroute: firewall_notified: true Aug 26 13:09:11.017770: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55e7d9b57db8,sr=0x55e7d9b57db8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:11.017917: | #1 spent 0.9 milliseconds in install_ipsec_sa() Aug 26 13:09:11.017930: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:09:11.017934: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:11.017939: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:11.017943: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:11.017946: | emitting length of IKEv2 Encryption Payload: 421 Aug 26 13:09:11.017949: | emitting length of ISAKMP Message: 449 Aug 26 13:09:11.018000: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:11.018018: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.018022: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Aug 26 13:09:11.018026: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Aug 26 13:09:11.018031: | child state #3: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:11.018034: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:09:11.018040: | Message ID: recv #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:11.018045: | Message ID: sent #1.#3 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.018048: | pstats #3 ikev2.child established Aug 26 13:09:11.018056: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:11.018061: | NAT-T: encaps is 'auto' Aug 26 13:09:11.018066: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x4c107ad5 <0xd4b5084d xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:09:11.018071: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:11.018079: | sending 449 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:11.018083: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.018086: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:09:11.018089: | ec 07 02 cd b7 32 c3 d7 ba 0e 6d bb 27 c6 7d 72 Aug 26 13:09:11.018091: | aa 48 45 4b 3c 76 e0 f8 17 d0 31 6d 90 55 b1 0d Aug 26 13:09:11.018097: | be 9e 80 b1 5c 3a f8 75 36 c8 c4 cd 8d 7e 6c 7a Aug 26 13:09:11.018100: | 16 ad 51 e9 00 78 32 09 aa d3 39 7b ae 56 5e 6e Aug 26 13:09:11.018102: | a3 99 01 44 e9 fb 72 32 53 cd bf b0 ca a5 f1 19 Aug 26 13:09:11.018105: | ba 23 0f 87 fe d9 b3 e1 10 56 5d 48 e5 4e 52 b8 Aug 26 13:09:11.018107: | 49 06 54 12 48 8f 29 32 bc 96 bb 65 09 f7 93 b7 Aug 26 13:09:11.018109: | b1 8c be a4 d4 a2 7c d1 c4 8c 4b 88 88 19 16 99 Aug 26 13:09:11.018112: | a6 b7 76 8d 1a ad 49 b3 93 e0 47 8a ac 56 73 a3 Aug 26 13:09:11.018115: | 74 aa cd 0a dc bc 2c 81 7f 0c f6 0e f3 c5 45 bd Aug 26 13:09:11.018117: | b9 4f bc 91 b2 9a ce b1 82 a2 e7 7a fb e8 be 10 Aug 26 13:09:11.018120: | 30 71 ac 29 07 fd cc ce 7f da 44 73 a5 35 22 ac Aug 26 13:09:11.018122: | bc 1a 79 a9 66 60 b8 43 f9 6a 35 c9 d1 f9 aa 2f Aug 26 13:09:11.018125: | 61 8b 2a bc e2 fb 52 53 d2 13 52 21 90 18 74 6b Aug 26 13:09:11.018127: | 9f 80 3b fe 43 26 f2 59 79 eb 65 26 f4 35 c8 09 Aug 26 13:09:11.018130: | 6c 91 2c 80 04 fd 17 53 79 59 d1 59 fc 20 9d cf Aug 26 13:09:11.018132: | b7 68 92 8d c4 f6 bb b1 3d f1 6d 27 6c 2f f5 d1 Aug 26 13:09:11.018135: | 4f a5 cf 2a 35 ab 1e 08 77 e4 9e d1 59 a0 6b f8 Aug 26 13:09:11.018137: | 1f 1e be df 80 7b 85 6a 80 30 97 de 63 0f e1 22 Aug 26 13:09:11.018140: | 5f 93 f2 e4 52 1f f5 e6 22 c8 0c 67 4d ce a2 06 Aug 26 13:09:11.018142: | ef 70 99 b2 d9 8c c6 96 19 fa c8 81 b4 bb 50 94 Aug 26 13:09:11.018145: | f2 67 b5 96 48 42 f0 70 0c db 6f 7a 18 86 36 e5 Aug 26 13:09:11.018147: | d6 db 3d 93 50 4e 53 66 1e c0 72 3b f4 c8 3a a8 Aug 26 13:09:11.018150: | 88 35 a1 b7 1d 68 25 bc 45 8e be 70 98 0e 7a 03 Aug 26 13:09:11.018152: | 48 2a 08 7f 66 74 dd b7 45 c1 7b 19 24 d0 0a 1f Aug 26 13:09:11.018155: | f9 cd 45 fa e9 3a e6 37 8a b1 d3 93 73 e9 75 32 Aug 26 13:09:11.018157: | 99 Aug 26 13:09:11.018210: | releasing whack for #3 (sock=fd@-1) Aug 26 13:09:11.018215: | releasing whack and unpending for parent #1 Aug 26 13:09:11.018218: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 13:09:11.018223: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:11.018226: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.018236: | libevent_free: release ptr-libevent@0x7f9ccc000f48 Aug 26 13:09:11.018242: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e7d9b58928 Aug 26 13:09:11.018245: | event_schedule: new EVENT_SA_REKEY-pe@0x55e7d9b58928 Aug 26 13:09:11.018249: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Aug 26 13:09:11.018254: | libevent_malloc: new ptr-libevent@0x55e7d9b68888 size 128 Aug 26 13:09:11.018263: | #3 spent 1.78 milliseconds in resume sending helper answer Aug 26 13:09:11.018268: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:11.018273: | libevent_free: release ptr-libevent@0x7f9cc4001f78 Aug 26 13:09:11.018287: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.018316: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.018322: | spent 0.00638 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:13.513060: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:13.513283: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:13.513318: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:13.513464: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:13.513469: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:13.513480: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:13.513500: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:13.513521: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:13.513531: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:13.513553: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:13.513565: | spent 0.489 milliseconds in whack Aug 26 13:09:14.492242: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:14.492265: shutting down Aug 26 13:09:14.492274: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:09:14.492278: destroying root certificate cache Aug 26 13:09:14.492333: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:14.492338: forgetting secrets Aug 26 13:09:14.492351: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:14.492361: | unreference key: 0x55e7d9b574f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.492366: | unreference key: 0x55e7d9b56dd8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.492370: | unreference key: 0x55e7d9b56b78 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:14.492373: | unreference key: 0x55e7d9b56668 east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.492379: | unreference key: 0x55e7d9b551e8 192.1.2.23 cnt 1-- Aug 26 13:09:14.492386: | unreference key: 0x55e7d9b51448 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.492391: | unreference key: 0x55e7d9b50cd8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.492395: | unreference key: 0x55e7d9a37c48 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:14.492401: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:09:14.492405: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:14.492407: | pass 0 Aug 26 13:09:14.492410: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.492413: | state #3 Aug 26 13:09:14.492416: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.492422: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.492425: | pstats #3 ikev2.child deleted completed Aug 26 13:09:14.492430: | #3 spent 4.4 milliseconds in total Aug 26 13:09:14.492435: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.492440: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_R) aged 3.488s and sending notification Aug 26 13:09:14.492443: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:09:14.492448: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:14.492464: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:14.492471: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=0B Aug 26 13:09:14.492475: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:09:14.492478: | Opening output PBS informational exchange delete request Aug 26 13:09:14.492482: | **emit ISAKMP Message: Aug 26 13:09:14.492485: | initiator cookie: Aug 26 13:09:14.492487: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.492490: | responder cookie: Aug 26 13:09:14.492492: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.492495: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.492498: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.492501: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.492504: | flags: none (0x0) Aug 26 13:09:14.492506: | Message ID: 0 (0x0) Aug 26 13:09:14.492509: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.492513: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.492516: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.492518: | flags: none (0x0) Aug 26 13:09:14.492522: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.492527: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.492531: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.492545: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.492548: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.492551: | flags: none (0x0) Aug 26 13:09:14.492554: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.492557: | SPI size: 4 (0x4) Aug 26 13:09:14.492559: | number of SPIs: 1 (0x1) Aug 26 13:09:14.492563: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.492566: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.492569: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:09:14.492571: | local spis d4 b5 08 4d Aug 26 13:09:14.492574: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.492577: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.492580: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.492584: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.492586: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.492589: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.492612: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:09:14.492616: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.492619: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.492622: | 49 b3 fd 63 4f 58 97 6c 36 67 de 3c 4c 11 04 98 Aug 26 13:09:14.492624: | 3f 03 8f 19 de a4 cf 37 3d 49 04 1a 43 6f 5f 41 Aug 26 13:09:14.492626: | 22 d6 90 9a 64 Aug 26 13:09:14.492678: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:09:14.492683: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 13:09:14.492688: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:14.492691: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.492696: | libevent_free: release ptr-libevent@0x55e7d9b68888 Aug 26 13:09:14.492699: | free_event_entry: release EVENT_SA_REKEY-pe@0x55e7d9b58928 Aug 26 13:09:14.493869: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.493880: | command executing down-client Aug 26 13:09:14.493921: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824951' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 13:09:14.493925: | popen cmd is 1298 chars long Aug 26 13:09:14.493929: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.493932: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:09:14.493937: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:09:14.493940: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:14.493944: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.493947: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 13:09:14.493950: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.493953: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 13:09:14.493956: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 13:09:14.493959: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:09:14.493962: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824951' PLUTO_CONN: Aug 26 13:09:14.493965: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 13:09:14.493968: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 13:09:14.493972: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 13:09:14.493975: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 13:09:14.493978: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4c107ad5 SPI_OUT=0xd4b5084d : Aug 26 13:09:14.493981: | cmd(1280):ipsec _updown 2>&1: Aug 26 13:09:14.505312: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.505336: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.505341: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.505348: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.505397: | delete esp.4c107ad5@192.1.3.33 Aug 26 13:09:14.505422: | netlink response for Del SA esp.4c107ad5@192.1.3.33 included non-error error Aug 26 13:09:14.505427: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.505435: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:14.505457: | raw_eroute result=success Aug 26 13:09:14.505462: | delete esp.d4b5084d@192.1.2.23 Aug 26 13:09:14.505478: | netlink response for Del SA esp.d4b5084d@192.1.2.23 included non-error error Aug 26 13:09:14.505490: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:09:14.505495: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:09:14.505498: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.505502: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Aug 26 13:09:14.505512: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:09:14.505555: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.505577: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.505580: | state #2 Aug 26 13:09:14.505586: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.505590: | pstats #2 ikev2.child deleted completed Aug 26 13:09:14.505596: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.505601: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_R) aged 3.581s and sending notification Aug 26 13:09:14.505609: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:09:14.505613: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:14.505623: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:14.505632: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:09:14.505637: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:09:14.505640: | Opening output PBS informational exchange delete request Aug 26 13:09:14.505644: | **emit ISAKMP Message: Aug 26 13:09:14.505647: | initiator cookie: Aug 26 13:09:14.505650: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.505653: | responder cookie: Aug 26 13:09:14.505656: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.505659: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.505663: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.505666: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.505670: | flags: none (0x0) Aug 26 13:09:14.505673: | Message ID: 1 (0x1) Aug 26 13:09:14.505676: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.505680: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.505683: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.505686: | flags: none (0x0) Aug 26 13:09:14.505690: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.505693: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.505697: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.505711: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.505715: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.505717: | flags: none (0x0) Aug 26 13:09:14.505721: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.505723: | SPI size: 4 (0x4) Aug 26 13:09:14.505726: | number of SPIs: 1 (0x1) Aug 26 13:09:14.505730: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.505733: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.505737: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:09:14.505740: | local spis c8 9c 97 23 Aug 26 13:09:14.505743: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.505747: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.505750: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.505754: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.505757: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.505760: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.505784: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:14.505788: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.505791: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.505794: | 45 e2 81 af 73 d7 49 e1 8d a6 30 18 32 8d 01 9a Aug 26 13:09:14.505797: | 4b 54 c4 30 09 9f 42 72 8a 73 72 ba de e8 40 59 Aug 26 13:09:14.505799: | 46 c9 88 2a 6f Aug 26 13:09:14.505850: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:09:14.505855: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:09:14.505861: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Aug 26 13:09:14.505866: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Aug 26 13:09:14.505872: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.505881: | libevent_free: release ptr-libevent@0x55e7d9b67188 Aug 26 13:09:14.505886: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f9cd4002b78 Aug 26 13:09:14.506075: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.506082: | command executing down-client Aug 26 13:09:14.507682: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 13:09:14.507698: | popen cmd is 1296 chars long Aug 26 13:09:14.507702: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.507705: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:09:14.507708: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:09:14.507711: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:14.507713: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:14.507716: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 13:09:14.507718: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:14.507721: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:09:14.507724: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:09:14.507727: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:14.507729: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CONN_P: Aug 26 13:09:14.507732: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 13:09:14.507735: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 13:09:14.507737: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 13:09:14.507740: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 13:09:14.507743: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe2708c7e SPI_OUT=0xc89c9723 ip: Aug 26 13:09:14.507745: | cmd(1280):sec _updown 2>&1: Aug 26 13:09:14.521981: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.522000: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.522004: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.522011: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.522228: | delete esp.e2708c7e@192.1.3.33 Aug 26 13:09:14.522378: | netlink response for Del SA esp.e2708c7e@192.1.3.33 included non-error error Aug 26 13:09:14.522387: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.522398: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:14.522622: | raw_eroute result=success Aug 26 13:09:14.522630: | delete esp.c89c9723@192.1.2.23 Aug 26 13:09:14.522735: | netlink response for Del SA esp.c89c9723@192.1.2.23 included non-error error Aug 26 13:09:14.522749: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.522753: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:09:14.522763: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:09:14.522773: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.522790: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.522793: | state #1 Aug 26 13:09:14.522796: | pass 1 Aug 26 13:09:14.522799: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.522801: | state #1 Aug 26 13:09:14.522806: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:14.522810: | pstats #1 ikev2.ike deleted completed Aug 26 13:09:14.522818: | #1 spent 27.2 milliseconds in total Aug 26 13:09:14.522823: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:09:14.522827: "northnet-eastnets/0x2" #1: deleting state (STATE_PARENT_R2) aged 3.632s and sending notification Aug 26 13:09:14.522830: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:09:14.523001: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:09:14.523008: | Opening output PBS informational exchange delete request Aug 26 13:09:14.523012: | **emit ISAKMP Message: Aug 26 13:09:14.523015: | initiator cookie: Aug 26 13:09:14.523018: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.523021: | responder cookie: Aug 26 13:09:14.523023: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.523026: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.523029: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.523033: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.523038: | flags: none (0x0) Aug 26 13:09:14.523040: | Message ID: 2 (0x2) Aug 26 13:09:14.523043: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.523047: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.523050: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.523052: | flags: none (0x0) Aug 26 13:09:14.523056: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.523059: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.523063: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.523079: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.523082: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.523085: | flags: none (0x0) Aug 26 13:09:14.523088: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:09:14.523091: | SPI size: 0 (0x0) Aug 26 13:09:14.523093: | number of SPIs: 0 (0x0) Aug 26 13:09:14.523097: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.523100: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:09:14.523103: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:09:14.523106: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.523109: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.523112: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.523117: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:09:14.523120: | emitting length of ISAKMP Message: 65 Aug 26 13:09:14.523151: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:14.523155: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.523158: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 13:09:14.523161: | 34 40 3b a6 cb e7 c5 88 75 0f 39 ff 09 b4 7e 83 Aug 26 13:09:14.523163: | ca 9c 1e 9f b8 48 96 43 12 eb c1 43 a1 86 c7 b5 Aug 26 13:09:14.523166: | 1c Aug 26 13:09:14.523215: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 13:09:14.523219: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:09:14.523224: | Message ID: #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Aug 26 13:09:14.523229: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Aug 26 13:09:14.523233: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.523242: | libevent_free: release ptr-libevent@0x55e7d9b75878 Aug 26 13:09:14.523247: | free_event_entry: release EVENT_SA_REKEY-pe@0x55e7d9b59c08 Aug 26 13:09:14.523251: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:14.523255: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.523258: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:09:14.523262: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:09:14.523271: | unreference key: 0x55e7d9b67458 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 13:09:14.523315: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.523332: | unreference key: 0x55e7d9b67458 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.523339: | unreference key: 0x55e7d9b675f8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:14.523343: | unreference key: 0x55e7d9b72138 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:14.523376: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:14.523381: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:14.523384: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.523387: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.523499: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.523512: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:14.523516: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.523520: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:14.523523: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.523526: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:14.523531: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 13:09:14.523537: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 13:09:14.523540: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:09:14.523555: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:09:14.523559: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:14.523563: | pass 0 Aug 26 13:09:14.523566: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.523568: | pass 1 Aug 26 13:09:14.523571: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:14.523574: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:14.523577: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.523580: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.525180: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.525199: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:14.525203: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:14.525207: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:14.525210: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:09:14.525213: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:14.525216: | command executing unroute-client Aug 26 13:09:14.525254: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 13:09:14.525258: | popen cmd is 1277 chars long Aug 26 13:09:14.525261: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:14.525264: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:09:14.525267: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:14.525269: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:14.525272: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:14.525275: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:14.525278: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 13:09:14.525280: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 13:09:14.525283: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 13:09:14.525286: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:09:14.525292: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 13:09:14.525296: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:09:14.525299: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:09:14.525302: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:09:14.525305: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:09:14.525307: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:14.540611: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540661: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540692: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540721: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540751: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540780: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540812: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540841: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540870: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540899: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540929: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540962: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.540992: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541021: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541050: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541079: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541111: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541140: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541168: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541196: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541223: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541253: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541282: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541317: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541350: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541382: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541601: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541635: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541668: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541704: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541739: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541766: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541793: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.541821: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542200: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542235: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542267: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542302: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542341: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542374: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542409: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542442: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542474: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542504: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542535: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542569: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542601: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542633: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542664: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.542696: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:14.550232: | free hp@0x55e7d9b57b88 Aug 26 13:09:14.550245: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 13:09:14.550249: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 13:09:14.550297: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:09:14.550304: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:09:14.550315: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:09:14.550317: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:09:14.550320: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:09:14.550322: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:09:14.550324: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:09:14.550326: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:09:14.550329: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:09:14.550340: | libevent_free: release ptr-libevent@0x55e7d9b3d738 Aug 26 13:09:14.550343: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49408 Aug 26 13:09:14.550351: | libevent_free: release ptr-libevent@0x55e7d9ae3f18 Aug 26 13:09:14.550353: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b494b8 Aug 26 13:09:14.550357: | libevent_free: release ptr-libevent@0x55e7d9ae3fc8 Aug 26 13:09:14.550360: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49568 Aug 26 13:09:14.550366: | libevent_free: release ptr-libevent@0x55e7d9ae2f88 Aug 26 13:09:14.550368: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49618 Aug 26 13:09:14.550373: | libevent_free: release ptr-libevent@0x55e7d9aeb298 Aug 26 13:09:14.550375: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b496c8 Aug 26 13:09:14.550380: | libevent_free: release ptr-libevent@0x55e7d9aebdb8 Aug 26 13:09:14.550383: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b49778 Aug 26 13:09:14.550392: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:14.550864: | libevent_free: release ptr-libevent@0x55e7d9b3d7e8 Aug 26 13:09:14.550871: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b31988 Aug 26 13:09:14.550875: | libevent_free: release ptr-libevent@0x55e7d9b2a468 Aug 26 13:09:14.550877: | free_event_entry: release EVENT_NULL-pe@0x55e7d9b314e8 Aug 26 13:09:14.550880: | libevent_free: release ptr-libevent@0x55e7d9b2a3b8 Aug 26 13:09:14.550881: | free_event_entry: release EVENT_NULL-pe@0x55e7d9aeb458 Aug 26 13:09:14.550885: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:09:14.550886: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:09:14.550890: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:09:14.550892: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:09:14.550894: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:09:14.550895: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:09:14.550897: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:09:14.550899: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:09:14.550900: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:09:14.550905: | libevent_free: release ptr-libevent@0x55e7d9aefa28 Aug 26 13:09:14.550907: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:09:14.550910: | libevent_free: release ptr-libevent@0x55e7d9a66308 Aug 26 13:09:14.550912: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:09:14.550915: | libevent_free: release ptr-libevent@0x55e7d9a70508 Aug 26 13:09:14.550916: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:09:14.550919: | libevent_free: release ptr-libevent@0x55e7d9a683b8 Aug 26 13:09:14.550920: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:09:14.550922: | releasing event base Aug 26 13:09:14.550932: | libevent_free: release ptr-libevent@0x55e7d9b48e48 Aug 26 13:09:14.550934: | libevent_free: release ptr-libevent@0x55e7d9b2bda8 Aug 26 13:09:14.550937: | libevent_free: release ptr-libevent@0x55e7d9b2bd58 Aug 26 13:09:14.550938: | libevent_free: release ptr-libevent@0x55e7d9b4c808 Aug 26 13:09:14.550940: | libevent_free: release ptr-libevent@0x55e7d9b2bd18 Aug 26 13:09:14.550943: | libevent_free: release ptr-libevent@0x55e7d9b48ad8 Aug 26 13:09:14.550944: | libevent_free: release ptr-libevent@0x55e7d9b48d48 Aug 26 13:09:14.550946: | libevent_free: release ptr-libevent@0x55e7d9b2bf58 Aug 26 13:09:14.550948: | libevent_free: release ptr-libevent@0x55e7d9b31558 Aug 26 13:09:14.550949: | libevent_free: release ptr-libevent@0x55e7d9b311b8 Aug 26 13:09:14.550951: | libevent_free: release ptr-libevent@0x55e7d9b497e8 Aug 26 13:09:14.550952: | libevent_free: release ptr-libevent@0x55e7d9b49738 Aug 26 13:09:14.550954: | libevent_free: release ptr-libevent@0x55e7d9b49688 Aug 26 13:09:14.550956: | libevent_free: release ptr-libevent@0x55e7d9b495d8 Aug 26 13:09:14.550957: | libevent_free: release ptr-libevent@0x55e7d9b49528 Aug 26 13:09:14.550959: | libevent_free: release ptr-libevent@0x55e7d9b49478 Aug 26 13:09:14.550960: | libevent_free: release ptr-libevent@0x55e7d9a64a38 Aug 26 13:09:14.550962: | libevent_free: release ptr-libevent@0x55e7d9b48dc8 Aug 26 13:09:14.550964: | libevent_free: release ptr-libevent@0x55e7d9b48d88 Aug 26 13:09:14.550965: | libevent_free: release ptr-libevent@0x55e7d9b48c48 Aug 26 13:09:14.550967: | libevent_free: release ptr-libevent@0x55e7d9b48e08 Aug 26 13:09:14.550969: | libevent_free: release ptr-libevent@0x55e7d9b48b18 Aug 26 13:09:14.550970: | libevent_free: release ptr-libevent@0x55e7d9af15b8 Aug 26 13:09:14.550972: | libevent_free: release ptr-libevent@0x55e7d9af1538 Aug 26 13:09:14.550974: | libevent_free: release ptr-libevent@0x55e7d9a64da8 Aug 26 13:09:14.550975: | releasing global libevent data Aug 26 13:09:14.550978: | libevent_free: release ptr-libevent@0x55e7d9af1738 Aug 26 13:09:14.550979: | libevent_free: release ptr-libevent@0x55e7d9af16b8 Aug 26 13:09:14.550981: | libevent_free: release ptr-libevent@0x55e7d9af1638 Aug 26 13:09:14.551046: leak detective found no leaks