Aug 26 13:09:10.565525: FIPS Product: YES Aug 26 13:09:10.565564: FIPS Kernel: NO Aug 26 13:09:10.565567: FIPS Mode: NO Aug 26 13:09:10.565570: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:10.565713: Initializing NSS Aug 26 13:09:10.565719: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:10.589996: NSS initialized Aug 26 13:09:10.590010: NSS crypto library initialized Aug 26 13:09:10.590013: FIPS HMAC integrity support [enabled] Aug 26 13:09:10.590015: FIPS mode disabled for pluto daemon Aug 26 13:09:10.622512: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:10.622596: libcap-ng support [enabled] Aug 26 13:09:10.622604: Linux audit support [enabled] Aug 26 13:09:10.622622: Linux audit activated Aug 26 13:09:10.622625: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:4559 Aug 26 13:09:10.622627: core dump dir: /tmp Aug 26 13:09:10.622629: secrets file: /etc/ipsec.secrets Aug 26 13:09:10.622630: leak-detective enabled Aug 26 13:09:10.622632: NSS crypto [enabled] Aug 26 13:09:10.622633: XAUTH PAM support [enabled] Aug 26 13:09:10.622690: | libevent is using pluto's memory allocator Aug 26 13:09:10.622695: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:10.622708: | libevent_malloc: new ptr-libevent@0x563af5528738 size 40 Aug 26 13:09:10.622710: | libevent_malloc: new ptr-libevent@0x563af55286b8 size 40 Aug 26 13:09:10.622713: | libevent_malloc: new ptr-libevent@0x563af5528638 size 40 Aug 26 13:09:10.622714: | creating event base Aug 26 13:09:10.622717: | libevent_malloc: new ptr-libevent@0x563af551a268 size 56 Aug 26 13:09:10.622721: | libevent_malloc: new ptr-libevent@0x563af549bda8 size 664 Aug 26 13:09:10.622731: | libevent_malloc: new ptr-libevent@0x563af5562d58 size 24 Aug 26 13:09:10.622733: | libevent_malloc: new ptr-libevent@0x563af5562da8 size 384 Aug 26 13:09:10.622741: | libevent_malloc: new ptr-libevent@0x563af5562d18 size 16 Aug 26 13:09:10.622743: | libevent_malloc: new ptr-libevent@0x563af55285b8 size 40 Aug 26 13:09:10.622745: | libevent_malloc: new ptr-libevent@0x563af5528538 size 48 Aug 26 13:09:10.622749: | libevent_realloc: new ptr-libevent@0x563af549ba38 size 256 Aug 26 13:09:10.622750: | libevent_malloc: new ptr-libevent@0x563af5562f58 size 16 Aug 26 13:09:10.622754: | libevent_free: release ptr-libevent@0x563af551a268 Aug 26 13:09:10.622757: | libevent initialized Aug 26 13:09:10.622760: | libevent_realloc: new ptr-libevent@0x563af551a268 size 64 Aug 26 13:09:10.622762: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:10.622773: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:10.622775: NAT-Traversal support [enabled] Aug 26 13:09:10.622776: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:10.622781: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:10.622786: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:10.622813: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:10.622816: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:10.622818: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:10.622871: Encryption algorithms: Aug 26 13:09:10.622878: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:10.622881: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:10.622884: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:10.622886: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:10.622888: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:10.622895: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:10.622897: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:10.622900: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:10.622902: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:10.622904: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:10.622906: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:10.622909: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:10.622911: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:10.622913: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:10.622916: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:10.622917: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:10.622919: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:10.622924: Hash algorithms: Aug 26 13:09:10.622926: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:10.622928: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:10.622930: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:10.622932: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:10.622934: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:10.622943: PRF algorithms: Aug 26 13:09:10.622945: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:10.622947: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:10.622949: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:10.622951: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:10.622953: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:10.622955: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:10.622972: Integrity algorithms: Aug 26 13:09:10.622974: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:10.622976: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:10.622979: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:10.622981: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:10.622984: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:10.622986: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:10.622988: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:10.622990: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:10.622992: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:10.622999: DH algorithms: Aug 26 13:09:10.623001: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:10.623003: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:10.623005: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:10.623009: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:10.623011: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:10.623012: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:10.623014: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:10.623016: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:10.623018: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:10.623020: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:10.623022: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:10.623024: testing CAMELLIA_CBC: Aug 26 13:09:10.623026: Camellia: 16 bytes with 128-bit key Aug 26 13:09:10.623120: Camellia: 16 bytes with 128-bit key Aug 26 13:09:10.623142: Camellia: 16 bytes with 256-bit key Aug 26 13:09:10.623162: Camellia: 16 bytes with 256-bit key Aug 26 13:09:10.623179: testing AES_GCM_16: Aug 26 13:09:10.623182: empty string Aug 26 13:09:10.623201: one block Aug 26 13:09:10.623217: two blocks Aug 26 13:09:10.623234: two blocks with associated data Aug 26 13:09:10.623250: testing AES_CTR: Aug 26 13:09:10.623252: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:10.623271: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:10.623293: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:10.623318: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:10.623336: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:10.623353: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:10.623370: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:10.623387: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:10.623413: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:10.623443: testing AES_CBC: Aug 26 13:09:10.623447: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:10.623474: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.623530: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.623561: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:10.623598: testing AES_XCBC: Aug 26 13:09:10.623603: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:10.623741: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:10.623873: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:10.624002: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:10.624153: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:10.624282: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:10.624398: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:10.624689: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:10.624843: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:10.624971: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:10.625224: testing HMAC_MD5: Aug 26 13:09:10.625230: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:10.625430: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:10.625592: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:10.625795: 8 CPU cores online Aug 26 13:09:10.625801: starting up 7 crypto helpers Aug 26 13:09:10.625835: started thread for crypto helper 0 Aug 26 13:09:10.625865: | starting up helper thread 0 Aug 26 13:09:10.625874: started thread for crypto helper 1 Aug 26 13:09:10.625880: | starting up helper thread 1 Aug 26 13:09:10.625880: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:10.625937: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:10.625943: started thread for crypto helper 2 Aug 26 13:09:10.625948: | starting up helper thread 2 Aug 26 13:09:10.625943: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.625967: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:10.625970: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:10.625977: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:10.625978: started thread for crypto helper 3 Aug 26 13:09:10.625987: | starting up helper thread 3 Aug 26 13:09:10.626000: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:10.626003: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:10.626009: started thread for crypto helper 4 Aug 26 13:09:10.626012: | starting up helper thread 4 Aug 26 13:09:10.626018: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:10.626021: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:10.626029: started thread for crypto helper 5 Aug 26 13:09:10.626031: | starting up helper thread 5 Aug 26 13:09:10.626038: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:10.626039: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:10.626050: started thread for crypto helper 6 Aug 26 13:09:10.626051: | starting up helper thread 6 Aug 26 13:09:10.626056: | checking IKEv1 state table Aug 26 13:09:10.626057: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:10.626063: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:10.626067: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626070: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:10.626073: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626076: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:10.626079: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:10.626081: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:10.626084: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.626086: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.626089: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:10.626091: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:10.626094: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.626096: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:10.626099: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:10.626101: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.626103: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.626105: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:10.626108: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:10.626111: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.626113: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.626115: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:10.626118: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:10.626121: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626124: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:10.626127: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626130: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626133: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:10.626136: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626140: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:10.626142: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:10.626145: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:10.626147: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:10.626149: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:10.626152: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:10.626155: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626158: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.626160: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626163: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:10.626165: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:10.626171: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:10.626174: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:10.626177: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:10.626179: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:10.626182: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:10.626184: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626187: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:10.626190: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626193: | INFO: category: informational flags: 0: Aug 26 13:09:10.626195: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626198: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:10.626200: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626203: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:10.626206: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:10.626208: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:10.626211: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:10.626214: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:10.626216: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:10.626219: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:10.626222: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:10.626224: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.626227: | -> UNDEFINED EVENT_NULL Aug 26 13:09:10.626230: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:10.626232: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:10.626235: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.626238: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:10.626241: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:10.626243: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:10.626250: | checking IKEv2 state table Aug 26 13:09:10.626256: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:10.626260: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:10.626263: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626266: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:10.626269: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:10.626272: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:10.626275: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:10.626278: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:10.626281: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:10.626284: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:10.626287: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:10.626320: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:10.626324: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:10.626327: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:10.626330: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:10.626332: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:10.626336: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626339: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:10.626342: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:10.626345: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:10.626348: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:10.626351: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:10.626354: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:10.626361: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:10.626364: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:10.626367: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:10.626370: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.626373: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:10.626376: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:10.626379: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:10.626382: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.626385: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:10.626388: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:10.626391: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:10.626394: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:10.626397: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:10.626400: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:10.626404: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:10.626407: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:10.626410: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:10.626413: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:10.626416: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:10.626419: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:10.626422: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:10.626425: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:10.626428: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:10.626432: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:10.626448: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:10.626519: | Hard-wiring algorithms Aug 26 13:09:10.626524: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:10.626529: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:10.626532: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:10.626535: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:10.626537: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:10.626540: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:10.626543: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:10.626546: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:10.626549: | adding AES_CTR to kernel algorithm db Aug 26 13:09:10.626551: | adding AES_CBC to kernel algorithm db Aug 26 13:09:10.626554: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:10.626557: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:10.626560: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:10.626563: | adding NULL to kernel algorithm db Aug 26 13:09:10.626566: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:10.626569: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:10.626571: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:10.626574: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:10.626577: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:10.626580: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:10.626582: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:10.626585: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:10.626588: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:10.626590: | adding NONE to kernel algorithm db Aug 26 13:09:10.626615: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:10.626623: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:10.626627: | setup kernel fd callback Aug 26 13:09:10.626630: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563af5522458 Aug 26 13:09:10.626634: | libevent_malloc: new ptr-libevent@0x563af55613b8 size 128 Aug 26 13:09:10.626638: | libevent_malloc: new ptr-libevent@0x563af5568558 size 16 Aug 26 13:09:10.626646: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563af55684e8 Aug 26 13:09:10.626649: | libevent_malloc: new ptr-libevent@0x563af5561468 size 128 Aug 26 13:09:10.626651: | libevent_malloc: new ptr-libevent@0x563af55681b8 size 16 Aug 26 13:09:10.626890: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:10.626900: selinux support is enabled. Aug 26 13:09:10.627140: | unbound context created - setting debug level to 5 Aug 26 13:09:10.627170: | /etc/hosts lookups activated Aug 26 13:09:10.627186: | /etc/resolv.conf usage activated Aug 26 13:09:10.627256: | outgoing-port-avoid set 0-65535 Aug 26 13:09:10.627292: | outgoing-port-permit set 32768-60999 Aug 26 13:09:10.627298: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:10.627302: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:10.627305: | Setting up events, loop start Aug 26 13:09:10.627309: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563af5568988 Aug 26 13:09:10.627313: | libevent_malloc: new ptr-libevent@0x563af55747e8 size 128 Aug 26 13:09:10.627317: | libevent_malloc: new ptr-libevent@0x563af557fad8 size 16 Aug 26 13:09:10.627324: | libevent_realloc: new ptr-libevent@0x563af557fb18 size 256 Aug 26 13:09:10.627327: | libevent_malloc: new ptr-libevent@0x563af557fc48 size 8 Aug 26 13:09:10.627330: | libevent_realloc: new ptr-libevent@0x563af557fc88 size 144 Aug 26 13:09:10.627333: | libevent_malloc: new ptr-libevent@0x563af5526a28 size 152 Aug 26 13:09:10.627337: | libevent_malloc: new ptr-libevent@0x563af557fd48 size 16 Aug 26 13:09:10.627341: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:10.627344: | libevent_malloc: new ptr-libevent@0x563af557fd88 size 8 Aug 26 13:09:10.627349: | libevent_malloc: new ptr-libevent@0x563af549d308 size 152 Aug 26 13:09:10.627352: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:10.627356: | libevent_malloc: new ptr-libevent@0x563af557fdc8 size 8 Aug 26 13:09:10.627359: | libevent_malloc: new ptr-libevent@0x563af54a7508 size 152 Aug 26 13:09:10.627362: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:10.627365: | libevent_malloc: new ptr-libevent@0x563af557fe08 size 8 Aug 26 13:09:10.627368: | libevent_realloc: release ptr-libevent@0x563af557fc88 Aug 26 13:09:10.627371: | libevent_realloc: new ptr-libevent@0x563af557fe48 size 256 Aug 26 13:09:10.627374: | libevent_malloc: new ptr-libevent@0x563af549f3b8 size 152 Aug 26 13:09:10.627377: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:10.627712: | created addconn helper (pid:4618) using fork+execve Aug 26 13:09:10.627727: | forked child 4618 Aug 26 13:09:10.627780: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.627797: listening for IKE messages Aug 26 13:09:10.630488: | Inspecting interface lo Aug 26 13:09:10.630504: | found lo with address 127.0.0.1 Aug 26 13:09:10.630511: | Inspecting interface eth0 Aug 26 13:09:10.630516: | found eth0 with address 192.0.3.254 Aug 26 13:09:10.630520: | Inspecting interface eth1 Aug 26 13:09:10.630524: | found eth1 with address 192.1.3.33 Aug 26 13:09:10.630645: Kernel supports NIC esp-hw-offload Aug 26 13:09:10.630659: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:09:10.630682: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.630687: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.630689: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:09:10.630717: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:09:10.630736: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.630739: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.630742: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:09:10.630762: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:10.630780: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:10.630784: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:10.630786: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:10.630827: | no interfaces to sort Aug 26 13:09:10.630831: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:10.630836: | add_fd_read_event_handler: new ethX-pe@0x563af5580408 Aug 26 13:09:10.630839: | libevent_malloc: new ptr-libevent@0x563af5574738 size 128 Aug 26 13:09:10.630842: | libevent_malloc: new ptr-libevent@0x563af5580478 size 16 Aug 26 13:09:10.630847: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:10.630849: | add_fd_read_event_handler: new ethX-pe@0x563af55804b8 Aug 26 13:09:10.630851: | libevent_malloc: new ptr-libevent@0x563af551af18 size 128 Aug 26 13:09:10.630853: | libevent_malloc: new ptr-libevent@0x563af5580528 size 16 Aug 26 13:09:10.630856: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:10.630858: | add_fd_read_event_handler: new ethX-pe@0x563af5580568 Aug 26 13:09:10.630861: | libevent_malloc: new ptr-libevent@0x563af551afc8 size 128 Aug 26 13:09:10.630862: | libevent_malloc: new ptr-libevent@0x563af55805d8 size 16 Aug 26 13:09:10.630865: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:10.630867: | add_fd_read_event_handler: new ethX-pe@0x563af5580618 Aug 26 13:09:10.630870: | libevent_malloc: new ptr-libevent@0x563af5519f88 size 128 Aug 26 13:09:10.630872: | libevent_malloc: new ptr-libevent@0x563af5580688 size 16 Aug 26 13:09:10.630875: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:10.630876: | add_fd_read_event_handler: new ethX-pe@0x563af55806c8 Aug 26 13:09:10.630879: | libevent_malloc: new ptr-libevent@0x563af5522298 size 128 Aug 26 13:09:10.630881: | libevent_malloc: new ptr-libevent@0x563af5580738 size 16 Aug 26 13:09:10.630884: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:10.630885: | add_fd_read_event_handler: new ethX-pe@0x563af5580778 Aug 26 13:09:10.630887: | libevent_malloc: new ptr-libevent@0x563af5522db8 size 128 Aug 26 13:09:10.630889: | libevent_malloc: new ptr-libevent@0x563af55807e8 size 16 Aug 26 13:09:10.630892: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:10.630895: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:10.630897: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:10.630914: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:10.630927: | saving Modulus Aug 26 13:09:10.630930: | saving PublicExponent Aug 26 13:09:10.630933: | ignoring PrivateExponent Aug 26 13:09:10.630935: | ignoring Prime1 Aug 26 13:09:10.630937: | ignoring Prime2 Aug 26 13:09:10.630939: | ignoring Exponent1 Aug 26 13:09:10.630941: | ignoring Exponent2 Aug 26 13:09:10.630943: | ignoring Coefficient Aug 26 13:09:10.630945: | ignoring CKAIDNSS Aug 26 13:09:10.630969: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:10.630972: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:10.630975: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:10.630980: | certs and keys locked by 'process_secret' Aug 26 13:09:10.630984: | certs and keys unlocked by 'process_secret' Aug 26 13:09:10.630993: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.630999: | spent 0.576 milliseconds in whack Aug 26 13:09:10.657432: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.657459: listening for IKE messages Aug 26 13:09:10.657501: | Inspecting interface lo Aug 26 13:09:10.657509: | found lo with address 127.0.0.1 Aug 26 13:09:10.657513: | Inspecting interface eth0 Aug 26 13:09:10.657518: | found eth0 with address 192.0.3.254 Aug 26 13:09:10.657521: | Inspecting interface eth1 Aug 26 13:09:10.657525: | found eth1 with address 192.1.3.33 Aug 26 13:09:10.657584: | no interfaces to sort Aug 26 13:09:10.657595: | libevent_free: release ptr-libevent@0x563af5574738 Aug 26 13:09:10.657599: | free_event_entry: release EVENT_NULL-pe@0x563af5580408 Aug 26 13:09:10.657602: | add_fd_read_event_handler: new ethX-pe@0x563af5580408 Aug 26 13:09:10.657606: | libevent_malloc: new ptr-libevent@0x563af5574738 size 128 Aug 26 13:09:10.657614: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:10.657619: | libevent_free: release ptr-libevent@0x563af551af18 Aug 26 13:09:10.657622: | free_event_entry: release EVENT_NULL-pe@0x563af55804b8 Aug 26 13:09:10.657625: | add_fd_read_event_handler: new ethX-pe@0x563af55804b8 Aug 26 13:09:10.657628: | libevent_malloc: new ptr-libevent@0x563af551af18 size 128 Aug 26 13:09:10.657633: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:10.657637: | libevent_free: release ptr-libevent@0x563af551afc8 Aug 26 13:09:10.657640: | free_event_entry: release EVENT_NULL-pe@0x563af5580568 Aug 26 13:09:10.657643: | add_fd_read_event_handler: new ethX-pe@0x563af5580568 Aug 26 13:09:10.657646: | libevent_malloc: new ptr-libevent@0x563af551afc8 size 128 Aug 26 13:09:10.657651: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:10.657656: | libevent_free: release ptr-libevent@0x563af5519f88 Aug 26 13:09:10.657658: | free_event_entry: release EVENT_NULL-pe@0x563af5580618 Aug 26 13:09:10.657661: | add_fd_read_event_handler: new ethX-pe@0x563af5580618 Aug 26 13:09:10.657663: | libevent_malloc: new ptr-libevent@0x563af5519f88 size 128 Aug 26 13:09:10.657668: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:10.657671: | libevent_free: release ptr-libevent@0x563af5522298 Aug 26 13:09:10.657674: | free_event_entry: release EVENT_NULL-pe@0x563af55806c8 Aug 26 13:09:10.657676: | add_fd_read_event_handler: new ethX-pe@0x563af55806c8 Aug 26 13:09:10.657678: | libevent_malloc: new ptr-libevent@0x563af5522298 size 128 Aug 26 13:09:10.657683: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:10.657686: | libevent_free: release ptr-libevent@0x563af5522db8 Aug 26 13:09:10.657689: | free_event_entry: release EVENT_NULL-pe@0x563af5580778 Aug 26 13:09:10.657692: | add_fd_read_event_handler: new ethX-pe@0x563af5580778 Aug 26 13:09:10.657694: | libevent_malloc: new ptr-libevent@0x563af5522db8 size 128 Aug 26 13:09:10.657698: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:10.657701: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:10.657703: forgetting secrets Aug 26 13:09:10.657712: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:10.657725: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:10.657739: | saving Modulus Aug 26 13:09:10.657743: | saving PublicExponent Aug 26 13:09:10.657746: | ignoring PrivateExponent Aug 26 13:09:10.657749: | ignoring Prime1 Aug 26 13:09:10.657752: | ignoring Prime2 Aug 26 13:09:10.657754: | ignoring Exponent1 Aug 26 13:09:10.657757: | ignoring Exponent2 Aug 26 13:09:10.657760: | ignoring Coefficient Aug 26 13:09:10.657763: | ignoring CKAIDNSS Aug 26 13:09:10.657784: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:10.657787: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:10.657791: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:10.657796: | certs and keys locked by 'process_secret' Aug 26 13:09:10.657799: | certs and keys unlocked by 'process_secret' Aug 26 13:09:10.657808: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.657817: | spent 0.394 milliseconds in whack Aug 26 13:09:10.658404: | processing signal PLUTO_SIGCHLD Aug 26 13:09:10.658420: | waitpid returned pid 4618 (exited with status 0) Aug 26 13:09:10.658429: | reaped addconn helper child (status 0) Aug 26 13:09:10.658434: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:10.658439: | spent 0.0238 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:10.687444: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.687468: | old debugging base+cpu-usage + none Aug 26 13:09:10.687472: | base debugging = base+cpu-usage Aug 26 13:09:10.687475: | old impairing none + suppress-retransmits Aug 26 13:09:10.687477: | base impairing = suppress-retransmits Aug 26 13:09:10.687485: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.687493: | spent 0.0584 milliseconds in whack Aug 26 13:09:10.743756: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.743783: | old debugging base+cpu-usage + none Aug 26 13:09:10.743787: | base debugging = base+cpu-usage Aug 26 13:09:10.743791: | old impairing suppress-retransmits + suppress-retransmits Aug 26 13:09:10.743795: | base impairing = suppress-retransmits Aug 26 13:09:10.743804: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.743812: | spent 0.0672 milliseconds in whack Aug 26 13:09:10.878839: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.878869: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.878885: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.878886: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.878888: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.878891: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.878897: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.878899: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:10.878937: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:10.878939: | from whack: got --esp= Aug 26 13:09:10.878962: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:10.879386: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.879399: | loading left certificate 'north' pubkey Aug 26 13:09:10.879474: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5583e78 Aug 26 13:09:10.879478: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5583e28 Aug 26 13:09:10.879480: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5583dd8 Aug 26 13:09:10.879581: | unreference key: 0x563af5583ec8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.879730: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:09:10.879733: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:09:10.879738: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:10.880194: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.880200: | loading right certificate 'east' pubkey Aug 26 13:09:10.880261: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5586f68 Aug 26 13:09:10.880268: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5588178 Aug 26 13:09:10.880270: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5587538 Aug 26 13:09:10.880272: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5587068 Aug 26 13:09:10.880273: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5583b28 Aug 26 13:09:10.880535: | unreference key: 0x563af558ce58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.880618: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:09:10.880625: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:10.880633: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:09:10.880636: | new hp@0x563af558b9a8 Aug 26 13:09:10.880639: added connection description "northnet-eastnets/0x1" Aug 26 13:09:10.880651: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.880670: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 13:09:10.880680: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.880687: | spent 1.81 milliseconds in whack Aug 26 13:09:10.880748: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.880759: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.880762: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.880765: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.880767: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.880769: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.880774: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.880777: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:10.880829: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:10.880834: | from whack: got --esp= Aug 26 13:09:10.880862: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:10.880935: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.880940: | loading left certificate 'north' pubkey Aug 26 13:09:10.880979: | unreference key: 0x563af55884b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.880989: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590158 Aug 26 13:09:10.880991: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590108 Aug 26 13:09:10.880992: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590a88 Aug 26 13:09:10.881038: | unreference key: 0x563af5587368 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:10.881093: | unreference key: 0x563af5587588 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881153: | unreference key: 0x563af55901a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881208: | secrets entry for north already exists Aug 26 13:09:10.881215: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:09:10.881314: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:09:10.881324: | loading right certificate 'east' pubkey Aug 26 13:09:10.881378: | unreference key: 0x563af558e238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881390: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590108 Aug 26 13:09:10.881392: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590a88 Aug 26 13:09:10.881394: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590488 Aug 26 13:09:10.881396: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af5590438 Aug 26 13:09:10.881397: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55903e8 Aug 26 13:09:10.881433: | unreference key: 0x563af558c108 192.1.2.23 cnt 1-- Aug 26 13:09:10.881467: | unreference key: 0x563af558d8b8 east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881500: | unreference key: 0x563af558dad8 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:10.881532: | unreference key: 0x563af558e028 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881567: | unreference key: 0x563af55905b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.881648: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:09:10.881655: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:09:10.881660: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:09:10.881663: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x563af558b9a8: northnet-eastnets/0x1 Aug 26 13:09:10.881665: added connection description "northnet-eastnets/0x2" Aug 26 13:09:10.881675: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:10.881687: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 13:09:10.881696: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.881703: | spent 0.944 milliseconds in whack Aug 26 13:09:10.887465: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:10.887485: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:09:10.887489: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:10.887492: initiating all conns with alias='northnet-eastnets' Aug 26 13:09:10.887500: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:10.887505: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:10.887508: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 13:09:10.887511: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:10.887527: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:10.887563: | creating state object #1 at 0x563af55913f8 Aug 26 13:09:10.887566: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:10.887574: | pstats #1 ikev2.ike started Aug 26 13:09:10.887577: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:10.887581: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:10.887599: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.887606: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:10.887611: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:10.887615: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:10.887619: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #1 "northnet-eastnets/0x2" Aug 26 13:09:10.887623: "northnet-eastnets/0x2" #1: initiating v2 parent SA Aug 26 13:09:10.887645: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Aug 26 13:09:10.887654: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.887662: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.887666: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.887672: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.887676: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.887681: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.887685: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:10.887691: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.887702: "northnet-eastnets/0x2": constructed local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.887711: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:09:10.887714: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af558ade8 Aug 26 13:09:10.887718: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.887722: | libevent_malloc: new ptr-libevent@0x563af558cda8 size 128 Aug 26 13:09:10.887733: | #1 spent 0.228 milliseconds in ikev2_parent_outI1() Aug 26 13:09:10.887737: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.887737: | crypto helper 0 resuming Aug 26 13:09:10.887746: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:10.887742: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.887754: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:09:10.887765: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:10.887769: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:10.887774: | start processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:10.887777: | connection 'northnet-eastnets/0x1' +POLICY_UP Aug 26 13:09:10.887780: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:10.887783: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:10.887788: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x1" IKE SA #1 "northnet-eastnets/0x2" Aug 26 13:09:10.887793: | stop processing: connection "northnet-eastnets/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:10.887796: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 13:09:10.887800: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:10.887804: | spent 0.336 milliseconds in whack Aug 26 13:09:10.888356: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000601 seconds Aug 26 13:09:10.888366: | (#1) spent 0.601 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:09:10.888369: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:10.888371: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.888373: | libevent_malloc: new ptr-libevent@0x7fa820002888 size 128 Aug 26 13:09:10.888379: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:10.888388: | processing resume sending helper answer for #1 Aug 26 13:09:10.888398: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.888403: | crypto helper 0 replies to request ID 1 Aug 26 13:09:10.888419: | calling continuation function 0x563af528ab50 Aug 26 13:09:10.888422: | ikev2_parent_outI1_continue for #1 Aug 26 13:09:10.888467: | **emit ISAKMP Message: Aug 26 13:09:10.888471: | initiator cookie: Aug 26 13:09:10.888474: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.888476: | responder cookie: Aug 26 13:09:10.888479: | 00 00 00 00 00 00 00 00 Aug 26 13:09:10.888482: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.888485: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.888488: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.888491: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.888494: | Message ID: 0 (0x0) Aug 26 13:09:10.888497: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.888513: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.888517: | Emitting ikev2_proposals ... Aug 26 13:09:10.888520: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:10.888524: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.888526: | flags: none (0x0) Aug 26 13:09:10.888533: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.888536: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.888540: | discarding INTEG=NONE Aug 26 13:09:10.888543: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.888546: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.888549: | prop #: 1 (0x1) Aug 26 13:09:10.888552: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.888555: | spi size: 0 (0x0) Aug 26 13:09:10.888558: | # transforms: 11 (0xb) Aug 26 13:09:10.888561: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.888564: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888568: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888570: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.888574: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.888577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888580: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.888583: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.888586: | length/value: 256 (0x100) Aug 26 13:09:10.888589: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.888592: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888595: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888597: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.888600: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.888604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888613: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888619: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.888622: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.888625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888631: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888634: | discarding INTEG=NONE Aug 26 13:09:10.888636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888642: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888644: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.888648: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888656: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888664: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.888667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888676: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888679: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888683: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888686: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.888689: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888695: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888697: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888702: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888705: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.888708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888714: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888716: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888724: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.888728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888749: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888752: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888761: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.888765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888770: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888773: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888781: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.888784: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888789: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888792: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888794: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.888801: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888804: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.888807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888810: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888813: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888816: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:10.888819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.888822: | discarding INTEG=NONE Aug 26 13:09:10.888825: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.888828: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.888830: | prop #: 2 (0x2) Aug 26 13:09:10.888833: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.888836: | spi size: 0 (0x0) Aug 26 13:09:10.888839: | # transforms: 11 (0xb) Aug 26 13:09:10.888842: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.888846: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.888849: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888855: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.888857: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.888859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888861: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.888863: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.888865: | length/value: 128 (0x80) Aug 26 13:09:10.888866: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.888868: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888870: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888871: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.888873: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.888875: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888878: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888880: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888883: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.888885: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.888899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888903: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888904: | discarding INTEG=NONE Aug 26 13:09:10.888906: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888907: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888922: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888924: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.888925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888930: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888932: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888935: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888937: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.888939: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888942: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888944: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888960: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888961: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.888963: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888968: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888971: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888973: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.888975: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.888978: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.888980: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.888981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.888996: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.888998: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.889000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889003: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889005: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889008: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889010: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.889011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889015: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889016: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889020: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889022: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.889024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889028: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889031: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.889032: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889034: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.889036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889039: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889041: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:10.889043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.889045: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.889046: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.889048: | prop #: 3 (0x3) Aug 26 13:09:10.889049: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.889051: | spi size: 0 (0x0) Aug 26 13:09:10.889053: | # transforms: 13 (0xd) Aug 26 13:09:10.889055: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.889056: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.889058: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889061: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.889063: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.889065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889066: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.889068: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.889070: | length/value: 256 (0x100) Aug 26 13:09:10.889071: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.889073: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889076: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.889078: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.889080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889083: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889085: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889088: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.889089: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.889091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889096: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889097: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889101: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.889102: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.889104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889108: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889109: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889112: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.889114: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.889116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889119: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889121: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889124: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889126: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.889128: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889131: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889133: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889136: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889137: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.889139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889143: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889144: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889149: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.889151: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889153: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889154: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889156: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889159: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889161: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.889164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889169: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889172: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889174: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.889175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889177: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889179: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889181: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889184: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889185: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.889187: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889191: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889192: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889196: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889197: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.889199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889201: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889203: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889204: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889206: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.889207: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889209: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.889211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889214: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889216: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:10.889218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.889220: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.889221: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.889223: | prop #: 4 (0x4) Aug 26 13:09:10.889224: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.889226: | spi size: 0 (0x0) Aug 26 13:09:10.889227: | # transforms: 13 (0xd) Aug 26 13:09:10.889229: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.889231: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.889234: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889237: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.889239: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.889240: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889242: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.889244: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.889245: | length/value: 128 (0x80) Aug 26 13:09:10.889247: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.889249: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889252: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.889253: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.889255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889257: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889259: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889260: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889263: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.889265: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:10.889267: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889269: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889270: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889272: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889275: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.889277: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.889279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889281: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889282: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889284: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889287: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.889297: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.889300: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889303: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889306: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889308: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889315: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.889317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889322: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889324: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889327: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889328: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:10.889330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889334: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889335: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889338: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889340: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:10.889342: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889345: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889347: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889352: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:10.889354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889355: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889357: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889359: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889360: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889362: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889363: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:10.889365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889369: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889370: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889375: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:10.889377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889387: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:10.889390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889393: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889395: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.889396: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.889398: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.889400: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:10.889402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.889403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.889405: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.889407: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:10.889409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.889410: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:09:10.889412: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.889414: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:10.889416: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.889417: | flags: none (0x0) Aug 26 13:09:10.889419: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.889421: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:10.889423: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.889425: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:10.889427: | ikev2 g^x 5b 6d 6c 83 77 7c 06 9b be de ac 9d 5b 8c 1f 44 Aug 26 13:09:10.889429: | ikev2 g^x e3 93 2b 51 71 da 47 f2 d1 bb 2c 66 f1 73 0d 9d Aug 26 13:09:10.889431: | ikev2 g^x 6f 54 b7 48 42 37 ac b4 ce 92 fa ae 27 d5 de b4 Aug 26 13:09:10.889432: | ikev2 g^x db 9c 24 a4 86 a5 d9 b9 07 f7 a5 ab 86 7e 98 c7 Aug 26 13:09:10.889434: | ikev2 g^x 66 16 44 7d 14 12 52 da a8 4d b3 e8 65 ac 31 64 Aug 26 13:09:10.889435: | ikev2 g^x 57 14 6f 61 e1 98 f5 ec 46 e8 cf 64 7f 05 86 40 Aug 26 13:09:10.889437: | ikev2 g^x 21 9d 7e 5b a7 db c4 10 a6 ca d5 99 8c 73 58 b9 Aug 26 13:09:10.889438: | ikev2 g^x 04 00 ad 2f 1d da 0e 5c 04 55 5f 7b 5a 63 0e 38 Aug 26 13:09:10.889440: | ikev2 g^x 15 e4 ab 2b 27 df 5d d9 2d 69 e0 10 86 8e d5 9a Aug 26 13:09:10.889441: | ikev2 g^x 86 09 10 44 8f 48 e8 04 bd 54 d0 67 a1 30 87 b5 Aug 26 13:09:10.889443: | ikev2 g^x cf f7 28 95 d3 aa 24 cf b2 cc c8 d0 ae d0 d6 6c Aug 26 13:09:10.889444: | ikev2 g^x 20 01 2c 82 eb 5b 13 76 5a ec cf 26 d2 77 d4 f9 Aug 26 13:09:10.889446: | ikev2 g^x 41 e9 34 7a 89 98 ea ea 4d 97 ac cb 6b d4 bb 4f Aug 26 13:09:10.889447: | ikev2 g^x 10 d3 da 63 60 5a 66 4d 10 bb 04 49 1e 3d de fd Aug 26 13:09:10.889449: | ikev2 g^x 60 fd 2e 4e 35 58 3e d9 8b 86 d2 8d 5a aa f0 d4 Aug 26 13:09:10.889450: | ikev2 g^x 73 7c 16 6e c4 e8 df 86 68 78 7b e7 3c 4d 40 56 Aug 26 13:09:10.889452: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:10.889454: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:10.889455: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.889457: | flags: none (0x0) Aug 26 13:09:10.889459: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:10.889462: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.889464: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.889466: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:10.889467: | IKEv2 nonce 54 23 39 8d e2 9e 44 f2 b4 01 b6 16 b2 81 0d cd Aug 26 13:09:10.889469: | IKEv2 nonce 11 63 aa 0c e8 fb 57 fe 4d d1 d6 d2 eb 48 bb f4 Aug 26 13:09:10.889471: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:10.889472: | Adding a v2N Payload Aug 26 13:09:10.889474: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.889476: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.889477: | flags: none (0x0) Aug 26 13:09:10.889479: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.889481: | SPI size: 0 (0x0) Aug 26 13:09:10.889483: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.889485: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.889486: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.889488: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:10.889491: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:10.889493: | natd_hash: rcookie is zero Aug 26 13:09:10.889503: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:10.889505: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.889507: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.889508: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.889510: | natd_hash: port=500 Aug 26 13:09:10.889512: | natd_hash: hash= 35 9b a5 62 6c 3e 01 d9 7e 2f 8e a6 9e 38 e1 4b Aug 26 13:09:10.889513: | natd_hash: hash= 70 b4 4a 81 Aug 26 13:09:10.889515: | Adding a v2N Payload Aug 26 13:09:10.889516: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.889518: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.889519: | flags: none (0x0) Aug 26 13:09:10.889521: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.889523: | SPI size: 0 (0x0) Aug 26 13:09:10.889524: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.889526: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.889528: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.889530: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.889532: | Notify data 35 9b a5 62 6c 3e 01 d9 7e 2f 8e a6 9e 38 e1 4b Aug 26 13:09:10.889533: | Notify data 70 b4 4a 81 Aug 26 13:09:10.889535: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.889537: | natd_hash: rcookie is zero Aug 26 13:09:10.889541: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:10.889542: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.889544: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:10.889545: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.889547: | natd_hash: port=500 Aug 26 13:09:10.889549: | natd_hash: hash= 9a 88 fd a1 ae 5c 4b 3a 30 ed 90 7b 11 7f 06 b4 Aug 26 13:09:10.889550: | natd_hash: hash= 1d a8 1b 4b Aug 26 13:09:10.889552: | Adding a v2N Payload Aug 26 13:09:10.889553: | ***emit IKEv2 Notify Payload: Aug 26 13:09:10.889555: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.889556: | flags: none (0x0) Aug 26 13:09:10.889558: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.889559: | SPI size: 0 (0x0) Aug 26 13:09:10.889561: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.889563: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:10.889567: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.889569: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:10.889571: | Notify data 9a 88 fd a1 ae 5c 4b 3a 30 ed 90 7b 11 7f 06 b4 Aug 26 13:09:10.889572: | Notify data 1d a8 1b 4b Aug 26 13:09:10.889574: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:10.889576: | emitting length of ISAKMP Message: 828 Aug 26 13:09:10.889581: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:10.889589: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.889592: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:10.889594: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:10.889596: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:10.889598: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:09:10.889600: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:10.889603: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:10.889605: "northnet-eastnets/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:10.889615: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:10.889623: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.889625: | b3 c9 36 04 cf b9 66 c7 00 00 00 00 00 00 00 00 Aug 26 13:09:10.889626: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:10.889629: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.889631: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:10.889633: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:10.889636: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:10.889638: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:10.889640: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:10.889641: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:10.889643: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:10.889644: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:10.889646: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:10.889647: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:10.889649: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:10.889650: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:10.889652: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:10.889653: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:10.889655: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:10.889656: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:10.889658: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:10.889659: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:10.889661: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:10.889662: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:10.889664: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:10.889665: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:10.889667: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:10.889668: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:10.889670: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:10.889671: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:10.889673: | 28 00 01 08 00 0e 00 00 5b 6d 6c 83 77 7c 06 9b Aug 26 13:09:10.889676: | be de ac 9d 5b 8c 1f 44 e3 93 2b 51 71 da 47 f2 Aug 26 13:09:10.889677: | d1 bb 2c 66 f1 73 0d 9d 6f 54 b7 48 42 37 ac b4 Aug 26 13:09:10.889679: | ce 92 fa ae 27 d5 de b4 db 9c 24 a4 86 a5 d9 b9 Aug 26 13:09:10.889680: | 07 f7 a5 ab 86 7e 98 c7 66 16 44 7d 14 12 52 da Aug 26 13:09:10.889682: | a8 4d b3 e8 65 ac 31 64 57 14 6f 61 e1 98 f5 ec Aug 26 13:09:10.889683: | 46 e8 cf 64 7f 05 86 40 21 9d 7e 5b a7 db c4 10 Aug 26 13:09:10.889685: | a6 ca d5 99 8c 73 58 b9 04 00 ad 2f 1d da 0e 5c Aug 26 13:09:10.889686: | 04 55 5f 7b 5a 63 0e 38 15 e4 ab 2b 27 df 5d d9 Aug 26 13:09:10.889688: | 2d 69 e0 10 86 8e d5 9a 86 09 10 44 8f 48 e8 04 Aug 26 13:09:10.889689: | bd 54 d0 67 a1 30 87 b5 cf f7 28 95 d3 aa 24 cf Aug 26 13:09:10.889691: | b2 cc c8 d0 ae d0 d6 6c 20 01 2c 82 eb 5b 13 76 Aug 26 13:09:10.889692: | 5a ec cf 26 d2 77 d4 f9 41 e9 34 7a 89 98 ea ea Aug 26 13:09:10.889694: | 4d 97 ac cb 6b d4 bb 4f 10 d3 da 63 60 5a 66 4d Aug 26 13:09:10.889695: | 10 bb 04 49 1e 3d de fd 60 fd 2e 4e 35 58 3e d9 Aug 26 13:09:10.889697: | 8b 86 d2 8d 5a aa f0 d4 73 7c 16 6e c4 e8 df 86 Aug 26 13:09:10.889698: | 68 78 7b e7 3c 4d 40 56 29 00 00 24 54 23 39 8d Aug 26 13:09:10.889700: | e2 9e 44 f2 b4 01 b6 16 b2 81 0d cd 11 63 aa 0c Aug 26 13:09:10.889701: | e8 fb 57 fe 4d d1 d6 d2 eb 48 bb f4 29 00 00 08 Aug 26 13:09:10.889703: | 00 00 40 2e 29 00 00 1c 00 00 40 04 35 9b a5 62 Aug 26 13:09:10.889704: | 6c 3e 01 d9 7e 2f 8e a6 9e 38 e1 4b 70 b4 4a 81 Aug 26 13:09:10.889706: | 00 00 00 1c 00 00 40 05 9a 88 fd a1 ae 5c 4b 3a Aug 26 13:09:10.889707: | 30 ed 90 7b 11 7f 06 b4 1d a8 1b 4b Aug 26 13:09:10.889784: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.889791: | libevent_free: release ptr-libevent@0x563af558cda8 Aug 26 13:09:10.889794: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af558ade8 Aug 26 13:09:10.889797: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:10.889800: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:10.889807: | event_schedule: new EVENT_RETRANSMIT-pe@0x563af558ade8 Aug 26 13:09:10.889810: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:09:10.889813: | libevent_malloc: new ptr-libevent@0x563af55903e8 size 128 Aug 26 13:09:10.889819: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.632273 Aug 26 13:09:10.889823: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:10.889828: | #1 spent 1.36 milliseconds in resume sending helper answer Aug 26 13:09:10.889834: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:10.889837: | libevent_free: release ptr-libevent@0x7fa820002888 Aug 26 13:09:10.893099: | spent 0.00264 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.893121: | *received 457 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.893125: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.893127: | 21 20 22 20 00 00 00 00 00 00 01 c9 22 00 00 28 Aug 26 13:09:10.893128: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:09:10.893130: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:09:10.893131: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c9 88 ac aa Aug 26 13:09:10.893133: | fd a3 61 c4 6c 82 64 6b d7 93 2a d3 b6 17 cb ee Aug 26 13:09:10.893134: | 7a b4 60 0c 08 63 5a a3 62 aa d6 a1 36 a7 7c a0 Aug 26 13:09:10.893136: | d8 b7 ed 91 4a 71 5c f8 03 64 5a e6 a3 50 2e 87 Aug 26 13:09:10.893137: | 25 ad 43 bb a8 b2 1f 86 9d 71 65 e2 4b b3 4c d8 Aug 26 13:09:10.893139: | c6 79 6b 53 06 7d 0c a4 82 57 09 cb 53 d6 1e 0f Aug 26 13:09:10.893140: | 85 c2 0d 7e a4 0c 5e 0b 97 02 b4 bd 01 8a 1f ff Aug 26 13:09:10.893144: | 78 b7 24 82 f3 38 88 62 17 e2 03 a1 af eb b4 74 Aug 26 13:09:10.893146: | e5 57 66 56 36 81 c7 7f 6d 12 99 21 a1 4e 61 6d Aug 26 13:09:10.893147: | 6c bd 04 43 fe f5 57 8e b7 bc e2 de 8d 68 81 d4 Aug 26 13:09:10.893149: | a1 59 7c 8e b9 4b 85 0d db ef c2 1e 22 d2 41 8a Aug 26 13:09:10.893150: | 0c e3 a4 20 b5 e6 21 30 6a 88 86 98 44 26 f0 22 Aug 26 13:09:10.893152: | 3f 77 cd de ce a9 f6 67 fc 7f d7 ab 2f 35 85 bf Aug 26 13:09:10.893153: | c2 9a a4 9f 6a 0a 51 4d 94 63 e0 ca 60 49 e8 f3 Aug 26 13:09:10.893155: | 25 05 c2 e7 0f df 0c f9 9c 94 9a 0a 08 6f b0 92 Aug 26 13:09:10.893156: | 79 99 35 d4 6a e3 01 1c cb 81 df db b0 89 28 8a Aug 26 13:09:10.893158: | bb da 85 e5 ec e5 9d e6 01 8d c5 54 29 00 00 24 Aug 26 13:09:10.893159: | b1 d2 17 99 6c b5 25 88 ed a2 59 16 76 db c9 db Aug 26 13:09:10.893161: | c5 db c8 3a 8b f2 00 40 4a 8a 25 0e 15 c7 5b f3 Aug 26 13:09:10.893162: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:09:10.893164: | d5 36 1a bb 59 3c 41 c7 c5 b4 65 af 91 de 4b aa Aug 26 13:09:10.893165: | 60 ff 29 e9 26 00 00 1c 00 00 40 05 be ca 7e 3b Aug 26 13:09:10.893167: | e5 d5 f1 20 4c 56 32 3f 6c ae b9 c5 15 b5 40 7d Aug 26 13:09:10.893169: | 00 00 00 19 04 58 13 71 57 9d ee 1a 15 74 03 12 Aug 26 13:09:10.893170: | 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.893174: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.893176: | **parse ISAKMP Message: Aug 26 13:09:10.893178: | initiator cookie: Aug 26 13:09:10.893179: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.893181: | responder cookie: Aug 26 13:09:10.893182: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.893191: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.893193: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.893195: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:10.893197: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.893199: | Message ID: 0 (0x0) Aug 26 13:09:10.893200: | length: 457 (0x1c9) Aug 26 13:09:10.893202: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:10.893206: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:09:10.893229: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:10.893237: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.893242: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.893245: | #1 is idle Aug 26 13:09:10.893247: | #1 idle Aug 26 13:09:10.893250: | unpacking clear payload Aug 26 13:09:10.893252: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.893255: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:10.893258: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:10.893261: | flags: none (0x0) Aug 26 13:09:10.893263: | length: 40 (0x28) Aug 26 13:09:10.893266: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:09:10.893268: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:10.893271: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:10.893273: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:10.893276: | flags: none (0x0) Aug 26 13:09:10.893278: | length: 264 (0x108) Aug 26 13:09:10.893280: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.893283: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:10.893286: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:10.893292: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:10.893296: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.893299: | flags: none (0x0) Aug 26 13:09:10.893301: | length: 36 (0x24) Aug 26 13:09:10.893304: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:10.893308: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.893311: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.893314: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.893316: | flags: none (0x0) Aug 26 13:09:10.893318: | length: 8 (0x8) Aug 26 13:09:10.893321: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.893323: | SPI size: 0 (0x0) Aug 26 13:09:10.893326: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:10.893329: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:10.893331: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.893334: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.893336: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:10.893339: | flags: none (0x0) Aug 26 13:09:10.893341: | length: 28 (0x1c) Aug 26 13:09:10.893343: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.893345: | SPI size: 0 (0x0) Aug 26 13:09:10.893348: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:10.893351: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.893353: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:10.893355: | ***parse IKEv2 Notify Payload: Aug 26 13:09:10.893357: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:09:10.893360: | flags: none (0x0) Aug 26 13:09:10.893362: | length: 28 (0x1c) Aug 26 13:09:10.893364: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:10.893367: | SPI size: 0 (0x0) Aug 26 13:09:10.893369: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:10.893372: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:10.893374: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.893377: | ***parse IKEv2 Certificate Request Payload: Aug 26 13:09:10.893380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.893382: | flags: none (0x0) Aug 26 13:09:10.893385: | length: 25 (0x19) Aug 26 13:09:10.893387: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.893390: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Aug 26 13:09:10.893394: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:09:10.893398: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:10.893402: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:10.893405: | Now let's proceed with state specific processing Aug 26 13:09:10.893407: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:10.893411: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:09:10.893429: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:10.893434: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:09:10.893438: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.893440: | local proposal 1 type PRF has 2 transforms Aug 26 13:09:10.893443: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.893445: | local proposal 1 type DH has 8 transforms Aug 26 13:09:10.893447: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:10.893451: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.893453: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.893458: | local proposal 2 type PRF has 2 transforms Aug 26 13:09:10.893461: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.893463: | local proposal 2 type DH has 8 transforms Aug 26 13:09:10.893466: | local proposal 2 type ESN has 0 transforms Aug 26 13:09:10.893468: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:10.893471: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.893473: | local proposal 3 type PRF has 2 transforms Aug 26 13:09:10.893475: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.893478: | local proposal 3 type DH has 8 transforms Aug 26 13:09:10.893481: | local proposal 3 type ESN has 0 transforms Aug 26 13:09:10.893484: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.893486: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.893489: | local proposal 4 type PRF has 2 transforms Aug 26 13:09:10.893491: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.893493: | local proposal 4 type DH has 8 transforms Aug 26 13:09:10.893496: | local proposal 4 type ESN has 0 transforms Aug 26 13:09:10.893499: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:10.893502: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.893504: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.893507: | length: 36 (0x24) Aug 26 13:09:10.893509: | prop #: 1 (0x1) Aug 26 13:09:10.893512: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:10.893514: | spi size: 0 (0x0) Aug 26 13:09:10.893517: | # transforms: 3 (0x3) Aug 26 13:09:10.893520: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:10.893524: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.893526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.893529: | length: 12 (0xc) Aug 26 13:09:10.893532: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.893534: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.893537: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.893540: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.893542: | length/value: 256 (0x100) Aug 26 13:09:10.893547: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.893550: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.893552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.893555: | length: 8 (0x8) Aug 26 13:09:10.893557: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:10.893560: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:10.893564: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:10.893567: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.893569: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.893571: | length: 8 (0x8) Aug 26 13:09:10.893574: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:10.893576: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:10.893580: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:10.893584: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:09:10.893589: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:09:10.893592: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.893595: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:09:10.893598: | converting proposal to internal trans attrs Aug 26 13:09:10.893613: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:10.893616: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.893619: | natd_hash: rcookie= 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.893623: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:10.893626: | natd_hash: port=500 Aug 26 13:09:10.893628: | natd_hash: hash= be ca 7e 3b e5 d5 f1 20 4c 56 32 3f 6c ae b9 c5 Aug 26 13:09:10.893631: | natd_hash: hash= 15 b5 40 7d Aug 26 13:09:10.893637: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:10.893640: | natd_hash: icookie= b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.893643: | natd_hash: rcookie= 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.893645: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:10.893648: | natd_hash: port=500 Aug 26 13:09:10.893650: | natd_hash: hash= d5 36 1a bb 59 3c 41 c7 c5 b4 65 af 91 de 4b aa Aug 26 13:09:10.893652: | natd_hash: hash= 60 ff 29 e9 Aug 26 13:09:10.893655: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:10.893658: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:10.893660: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:10.893664: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:09:10.893671: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:09:10.893675: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:09:10.893678: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:10.893681: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:10.893685: | libevent_free: release ptr-libevent@0x563af55903e8 Aug 26 13:09:10.893688: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563af558ade8 Aug 26 13:09:10.893691: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af558ade8 Aug 26 13:09:10.893695: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:10.893699: | libevent_malloc: new ptr-libevent@0x7fa820002888 size 128 Aug 26 13:09:10.893710: | #1 spent 0.297 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:09:10.893716: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.893720: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:09:10.893717: | crypto helper 2 resuming Aug 26 13:09:10.893727: | suspending state #1 and saving MD Aug 26 13:09:10.893738: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:09:10.893744: | #1 is busy; has a suspended MD Aug 26 13:09:10.893750: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:09:10.893754: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:10.893758: | "northnet-eastnets/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:10.893763: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.893768: | #1 spent 0.626 milliseconds in ikev2_process_packet() Aug 26 13:09:10.893772: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.893775: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.893778: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.893783: | spent 0.641 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.894311: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:09:10.894587: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000837 seconds Aug 26 13:09:10.894594: | (#1) spent 0.84 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:09:10.894596: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:09:10.894598: | scheduling resume sending helper answer for #1 Aug 26 13:09:10.894601: | libevent_malloc: new ptr-libevent@0x7fa818000f48 size 128 Aug 26 13:09:10.894609: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:10.894617: | processing resume sending helper answer for #1 Aug 26 13:09:10.894625: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:10.894629: | crypto helper 2 replies to request ID 2 Aug 26 13:09:10.894630: | calling continuation function 0x563af528ab50 Aug 26 13:09:10.894632: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:09:10.894639: | creating state object #2 at 0x563af5595ab8 Aug 26 13:09:10.894641: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:10.894643: | pstats #2 ikev2.child started Aug 26 13:09:10.894645: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:09:10.894649: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:10.894653: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:10.894656: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:10.894659: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:10.894662: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:10.894664: | libevent_free: release ptr-libevent@0x7fa820002888 Aug 26 13:09:10.894666: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af558ade8 Aug 26 13:09:10.894668: | event_schedule: new EVENT_SA_REPLACE-pe@0x563af558ade8 Aug 26 13:09:10.894670: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:09:10.894672: | libevent_malloc: new ptr-libevent@0x7fa820002888 size 128 Aug 26 13:09:10.894675: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:09:10.894679: | **emit ISAKMP Message: Aug 26 13:09:10.894681: | initiator cookie: Aug 26 13:09:10.894683: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.894684: | responder cookie: Aug 26 13:09:10.894686: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.894688: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.894690: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.894692: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.894693: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.894695: | Message ID: 1 (0x1) Aug 26 13:09:10.894697: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.894699: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:10.894701: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.894703: | flags: none (0x0) Aug 26 13:09:10.894705: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:10.894707: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.894709: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:10.894715: | IKEv2 CERT: send a certificate? Aug 26 13:09:10.894717: | IKEv2 CERT: OK to send a certificate (always) Aug 26 13:09:10.894718: | IDr payload will be sent Aug 26 13:09:10.894729: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:09:10.894732: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.894733: | flags: none (0x0) Aug 26 13:09:10.894735: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.894737: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:09:10.894739: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.894744: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:09:10.894746: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.894747: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.894749: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.894750: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.894752: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.894753: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.894755: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:09:10.894757: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:09:10.894758: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:09:10.894760: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:09:10.894761: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:09:10.894763: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.894764: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Aug 26 13:09:10.894771: | Sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.894773: | ****emit IKEv2 Certificate Payload: Aug 26 13:09:10.894775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.894777: | flags: none (0x0) Aug 26 13:09:10.894778: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.894781: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.894782: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.894785: | emitting 1227 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 13:09:10.894786: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 13:09:10.894788: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:09:10.894789: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:09:10.894791: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:09:10.894792: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:09:10.894794: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:09:10.894795: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:09:10.894797: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:09:10.894799: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:09:10.894800: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:09:10.894802: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:09:10.894803: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:09:10.894805: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:09:10.894806: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:09:10.894808: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:09:10.894809: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:09:10.894811: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:09:10.894812: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:09:10.894814: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:09:10.894815: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:09:10.894817: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:09:10.894818: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 13:09:10.894820: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:09:10.894821: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 13:09:10.894824: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 13:09:10.894825: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 13:09:10.894827: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 13:09:10.894828: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 13:09:10.894830: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 13:09:10.894831: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 13:09:10.894833: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 13:09:10.894835: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 13:09:10.894836: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 13:09:10.894838: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 13:09:10.894839: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 13:09:10.894841: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 13:09:10.894842: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 13:09:10.894844: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 13:09:10.894845: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 13:09:10.894847: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 13:09:10.894848: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 13:09:10.894850: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 13:09:10.894851: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 13:09:10.894853: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 13:09:10.894854: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 13:09:10.894856: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 13:09:10.894857: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 13:09:10.894859: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 13:09:10.894860: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 13:09:10.894862: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 13:09:10.894863: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 13:09:10.894865: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 13:09:10.894866: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 13:09:10.894868: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 13:09:10.894869: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 13:09:10.894871: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:09:10.894872: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 13:09:10.894874: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 13:09:10.894875: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 13:09:10.894877: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 13:09:10.894878: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 13:09:10.894880: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 13:09:10.894881: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.894883: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 13:09:10.894884: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 13:09:10.894886: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 13:09:10.894888: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 13:09:10.894889: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 13:09:10.894891: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 13:09:10.894892: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 13:09:10.894894: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 13:09:10.894895: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 13:09:10.894897: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 13:09:10.894898: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 13:09:10.894901: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 13:09:10.894903: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 13:09:10.894904: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 13:09:10.894906: | emitting length of IKEv2 Certificate Payload: 1232 Aug 26 13:09:10.894908: | IKEv2 CERTREQ: send a cert request? Aug 26 13:09:10.894910: | IKEv2 CERTREQ: OK to send a certificate request Aug 26 13:09:10.894916: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Aug 26 13:09:10.894918: | connection->kind is CK_PERMANENT so send CERTREQ Aug 26 13:09:10.894920: | ****emit IKEv2 Certificate Request Payload: Aug 26 13:09:10.894922: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.894923: | flags: none (0x0) Aug 26 13:09:10.894925: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.894927: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 13:09:10.894929: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.895587: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Aug 26 13:09:10.895607: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Aug 26 13:09:10.895611: | CA cert public key hash Aug 26 13:09:10.895614: | 58 13 71 57 9d ee 1a 15 74 03 12 80 12 4d c1 85 Aug 26 13:09:10.895616: | 2b 92 25 e9 Aug 26 13:09:10.895619: | emitting length of IKEv2 Certificate Request Payload: 25 Aug 26 13:09:10.895623: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.895626: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.895629: | flags: none (0x0) Aug 26 13:09:10.895631: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.895635: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:09:10.895638: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.895641: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.895645: | emitting 183 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:09:10.895648: | IDr 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.895650: | IDr 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.895653: | IDr 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.895655: | IDr 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.895658: | IDr 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.895660: | IDr 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.895662: | IDr 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.895665: | IDr 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.895667: | IDr 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.895670: | IDr 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.895672: | IDr 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.895674: | IDr 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.895677: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 13:09:10.895679: | not sending INITIAL_CONTACT Aug 26 13:09:10.895682: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:10.895685: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.895688: | flags: none (0x0) Aug 26 13:09:10.895690: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.895693: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.895714: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.895720: | #1 spent 1.09 milliseconds Aug 26 13:09:10.895733: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 13:09:10.895790: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 13:09:10.903287: | #1 spent 7.3 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:10.903304: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:10.903308: | rsa signature 76 dd b1 67 98 ae 5a f6 13 ed 62 83 5c a7 bd 8d Aug 26 13:09:10.903311: | rsa signature d5 d6 60 32 96 37 b4 6b 3e ff 72 20 d0 15 bb 04 Aug 26 13:09:10.903314: | rsa signature 74 57 ca aa ec 2b 51 58 8e 07 30 0f 73 7f 21 46 Aug 26 13:09:10.903317: | rsa signature 29 be 55 60 9e e7 5e b3 08 48 66 98 65 f7 1f fb Aug 26 13:09:10.903320: | rsa signature 13 e6 5c 53 da 76 34 9e 1b a1 28 e3 03 27 bd 61 Aug 26 13:09:10.903322: | rsa signature b5 4d be c9 b3 e8 f0 6f 15 40 99 83 cf 8f 41 b6 Aug 26 13:09:10.903324: | rsa signature 8b 76 92 2a 0c a5 8d 37 f7 ea 58 bd 62 1d cb 9d Aug 26 13:09:10.903327: | rsa signature a1 5c 31 f4 71 1e 7a 7c 98 e2 15 73 bb 89 30 45 Aug 26 13:09:10.903330: | rsa signature 37 35 79 f7 0d 8f b1 c4 49 8b f7 50 0c 67 61 7c Aug 26 13:09:10.903332: | rsa signature 46 4b b8 8d 15 3e fd 0a 77 75 6f 85 9f 6d ea 3d Aug 26 13:09:10.903335: | rsa signature be 06 d2 a7 0c 36 42 94 4f 99 ee e8 e0 b3 30 ad Aug 26 13:09:10.903338: | rsa signature 3a 0b 24 6a fd 99 57 46 ee a9 fd 7d af c6 89 24 Aug 26 13:09:10.903340: | rsa signature ad 17 33 5d 77 9b 63 c1 05 59 5b d1 f7 92 28 09 Aug 26 13:09:10.903343: | rsa signature d4 5f f1 49 8b 63 6a 87 77 4d c2 99 32 29 e0 94 Aug 26 13:09:10.903346: | rsa signature 5d e0 5d fd 7d fe 73 c2 2f 5c 3f 02 26 57 f9 8e Aug 26 13:09:10.903348: | rsa signature 0d 82 af 89 c9 b4 2a c2 6e fa 60 66 d9 da 3b 04 Aug 26 13:09:10.903351: | rsa signature ef 1e a0 11 63 73 0b b4 79 f3 de ff cf 16 c3 fa Aug 26 13:09:10.903354: | rsa signature c9 75 50 33 2f 9e ba 34 67 90 e2 94 28 22 ef f9 Aug 26 13:09:10.903356: | rsa signature 19 6a 88 79 c2 db 44 55 0b 46 e8 ea cc 0f 36 9d Aug 26 13:09:10.903359: | rsa signature bc f0 3c 40 0e 19 25 a7 f7 2f 53 a4 cf 64 28 a2 Aug 26 13:09:10.903362: | rsa signature 3b 1a b2 7a 23 fe cf ee be c4 cd 42 64 f1 cc 4e Aug 26 13:09:10.903364: | rsa signature c0 1a 7e 11 c1 39 c9 dd 91 a6 42 6a 5f b0 66 fd Aug 26 13:09:10.903367: | rsa signature 7e 84 8f 11 68 1e ba b0 3d 2d fb 91 92 5d 27 7e Aug 26 13:09:10.903369: | rsa signature b9 a2 d4 f3 74 b9 d9 92 3a 59 73 17 5c ba 8b 3e Aug 26 13:09:10.903374: | #1 spent 7.48 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:10.903378: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 13:09:10.903381: | getting first pending from state #1 Aug 26 13:09:10.903385: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Aug 26 13:09:10.903391: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:10.903410: | netlink_get_spi: allocated 0xe2708c7e for esp.0@192.1.3.33 Aug 26 13:09:10.903415: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:09:10.903421: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:10.903428: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.903432: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:10.903440: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:09:10.903444: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.903449: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.903452: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:10.903456: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.903464: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.903475: | Emitting ikev2_proposals ... Aug 26 13:09:10.903479: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:10.903482: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.903485: | flags: none (0x0) Aug 26 13:09:10.903488: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:10.903491: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.903494: | discarding INTEG=NONE Aug 26 13:09:10.903496: | discarding DH=NONE Aug 26 13:09:10.903499: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903502: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903504: | prop #: 1 (0x1) Aug 26 13:09:10.903507: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903509: | spi size: 4 (0x4) Aug 26 13:09:10.903512: | # transforms: 2 (0x2) Aug 26 13:09:10.903515: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.903518: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.903521: | our spi e2 70 8c 7e Aug 26 13:09:10.903524: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903529: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903532: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.903535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903538: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903541: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903543: | length/value: 256 (0x100) Aug 26 13:09:10.903546: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.903549: | discarding INTEG=NONE Aug 26 13:09:10.903551: | discarding DH=NONE Aug 26 13:09:10.903554: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903557: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903560: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903562: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903574: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.903578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.903586: | discarding INTEG=NONE Aug 26 13:09:10.903588: | discarding DH=NONE Aug 26 13:09:10.903591: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903594: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903596: | prop #: 2 (0x2) Aug 26 13:09:10.903599: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903601: | spi size: 4 (0x4) Aug 26 13:09:10.903604: | # transforms: 2 (0x2) Aug 26 13:09:10.903607: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903611: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.903614: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.903616: | our spi e2 70 8c 7e Aug 26 13:09:10.903619: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903625: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903628: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.903631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903634: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903637: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903640: | length/value: 128 (0x80) Aug 26 13:09:10.903643: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.903646: | discarding INTEG=NONE Aug 26 13:09:10.903648: | discarding DH=NONE Aug 26 13:09:10.903651: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903654: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903657: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903659: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903666: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903669: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903672: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:09:10.903675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.903678: | discarding DH=NONE Aug 26 13:09:10.903680: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903683: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903686: | prop #: 3 (0x3) Aug 26 13:09:10.903689: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903692: | spi size: 4 (0x4) Aug 26 13:09:10.903695: | # transforms: 4 (0x4) Aug 26 13:09:10.903698: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903701: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.903705: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.903708: | our spi e2 70 8c 7e Aug 26 13:09:10.903711: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903716: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903719: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.903722: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903725: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903728: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903733: | length/value: 256 (0x100) Aug 26 13:09:10.903736: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.903739: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903745: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903748: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.903751: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903755: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903758: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903761: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903766: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903769: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.903773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903779: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903782: | discarding DH=NONE Aug 26 13:09:10.903785: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903788: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903790: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903793: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903803: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903806: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:10.903809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.903811: | discarding DH=NONE Aug 26 13:09:10.903814: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.903817: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.903820: | prop #: 4 (0x4) Aug 26 13:09:10.903823: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.903826: | spi size: 4 (0x4) Aug 26 13:09:10.903829: | # transforms: 4 (0x4) Aug 26 13:09:10.903832: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:10.903836: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:10.903839: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:10.903842: | our spi e2 70 8c 7e Aug 26 13:09:10.903845: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903850: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.903852: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:10.903856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903859: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.903862: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.903865: | length/value: 128 (0x80) Aug 26 13:09:10.903870: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:10.903872: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903875: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903878: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903881: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:10.903884: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903887: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903890: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903893: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903898: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:10.903901: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:10.903904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903910: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903912: | discarding DH=NONE Aug 26 13:09:10.903915: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:10.903917: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.903920: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.903923: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.903926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.903929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:10.903932: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:10.903935: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:10.903938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:10.903940: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:09:10.903943: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:10.903947: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.903950: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.903953: | flags: none (0x0) Aug 26 13:09:10.903956: | number of TS: 1 (0x1) Aug 26 13:09:10.903959: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.903962: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.903965: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.903968: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.903971: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.903973: | start port: 0 (0x0) Aug 26 13:09:10.903976: | end port: 65535 (0xffff) Aug 26 13:09:10.903980: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.903982: | ipv4 start c0 00 03 00 Aug 26 13:09:10.903985: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.903988: | ipv4 end c0 00 03 ff Aug 26 13:09:10.903990: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.903993: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:10.903997: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.904000: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.904003: | flags: none (0x0) Aug 26 13:09:10.904005: | number of TS: 1 (0x1) Aug 26 13:09:10.904009: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.904012: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:10.904014: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:10.904017: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.904020: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.904023: | start port: 0 (0x0) Aug 26 13:09:10.904025: | end port: 65535 (0xffff) Aug 26 13:09:10.904028: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:10.904031: | ipv4 start c0 00 02 00 Aug 26 13:09:10.904034: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:10.904036: | ipv4 end c0 00 02 ff Aug 26 13:09:10.904039: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:10.904042: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:10.904044: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:10.904047: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:10.904050: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.904054: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:10.904057: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:10.904060: | emitting length of IKEv2 Encryption Payload: 2274 Aug 26 13:09:10.904063: | emitting length of ISAKMP Message: 2302 Aug 26 13:09:10.904067: | **parse ISAKMP Message: Aug 26 13:09:10.904070: | initiator cookie: Aug 26 13:09:10.904073: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.904075: | responder cookie: Aug 26 13:09:10.904077: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.904080: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:10.904083: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.904086: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.904089: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.904092: | Message ID: 1 (0x1) Aug 26 13:09:10.904094: | length: 2302 (0x8fe) Aug 26 13:09:10.904097: | **parse IKEv2 Encryption Payload: Aug 26 13:09:10.904100: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.904102: | flags: none (0x0) Aug 26 13:09:10.904105: | length: 2274 (0x8e2) Aug 26 13:09:10.904108: | **emit ISAKMP Message: Aug 26 13:09:10.904110: | initiator cookie: Aug 26 13:09:10.904113: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.904115: | responder cookie: Aug 26 13:09:10.904117: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.904120: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.904123: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.904125: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.904128: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.904130: | Message ID: 1 (0x1) Aug 26 13:09:10.904133: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.904136: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.904139: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:10.904141: | flags: none (0x0) Aug 26 13:09:10.904143: | fragment number: 1 (0x1) Aug 26 13:09:10.904146: | total fragments: 5 (0x5) Aug 26 13:09:10.904149: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:09:10.904152: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.904157: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.904161: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.904169: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.904172: | cleartext fragment 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Aug 26 13:09:10.904175: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.904177: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.904180: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.904182: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.904185: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.904187: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Aug 26 13:09:10.904190: | cleartext fragment 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Aug 26 13:09:10.904193: | cleartext fragment 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.904195: | cleartext fragment 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Aug 26 13:09:10.904198: | cleartext fragment 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Aug 26 13:09:10.904201: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 13:09:10.904203: | cleartext fragment 67 26 00 04 d0 04 30 82 04 c7 30 82 04 30 a0 03 Aug 26 13:09:10.904206: | cleartext fragment 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Aug 26 13:09:10.904208: | cleartext fragment 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Aug 26 13:09:10.904211: | cleartext fragment 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Aug 26 13:09:10.904213: | cleartext fragment 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Aug 26 13:09:10.904216: | cleartext fragment 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Aug 26 13:09:10.904218: | cleartext fragment 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Aug 26 13:09:10.904221: | cleartext fragment 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Aug 26 13:09:10.904224: | cleartext fragment 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Aug 26 13:09:10.904227: | cleartext fragment 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Aug 26 13:09:10.904230: | cleartext fragment 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Aug 26 13:09:10.904232: | cleartext fragment 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Aug 26 13:09:10.904235: | cleartext fragment 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.904237: | cleartext fragment 2e 6f 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 Aug 26 13:09:10.905325: | cleartext fragment 30 39 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 Aug 26 13:09:10.905332: | cleartext fragment 33 30 39 30 37 35 33 5a 30 81 b6 31 0b 30 09 06 Aug 26 13:09:10.905336: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.905338: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Aug 26 13:09:10.905342: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.905346: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.905350: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.905352: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.905355: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.905375: | **emit ISAKMP Message: Aug 26 13:09:10.905379: | initiator cookie: Aug 26 13:09:10.905382: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.905385: | responder cookie: Aug 26 13:09:10.905387: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.905390: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.905393: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.905399: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.905402: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.905404: | Message ID: 1 (0x1) Aug 26 13:09:10.905407: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.905410: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.905413: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.905416: | flags: none (0x0) Aug 26 13:09:10.905419: | fragment number: 2 (0x2) Aug 26 13:09:10.905422: | total fragments: 5 (0x5) Aug 26 13:09:10.905425: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.905429: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.905432: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.905435: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.905441: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.905444: | cleartext fragment 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Aug 26 13:09:10.905446: | cleartext fragment 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Aug 26 13:09:10.905449: | cleartext fragment 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Aug 26 13:09:10.905452: | cleartext fragment 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Aug 26 13:09:10.905454: | cleartext fragment 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Aug 26 13:09:10.905457: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:09:10.905459: | cleartext fragment 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 13:09:10.905462: | cleartext fragment 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Aug 26 13:09:10.905464: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Aug 26 13:09:10.905467: | cleartext fragment 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Aug 26 13:09:10.905469: | cleartext fragment 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Aug 26 13:09:10.905472: | cleartext fragment 82 01 81 00 c0 59 bd 4b 40 fd f4 2c e7 cf 9e f3 Aug 26 13:09:10.905474: | cleartext fragment 29 e6 61 73 de ab 42 3d cc 51 1a e8 79 d6 53 46 Aug 26 13:09:10.905476: | cleartext fragment a1 fd 66 d1 9e ab b4 65 76 51 ad 3f 6f 8f ef d2 Aug 26 13:09:10.905479: | cleartext fragment 73 f9 fd 8f 44 b0 6c 36 4b 95 c3 b2 45 0f 31 0c Aug 26 13:09:10.905481: | cleartext fragment e9 df 35 95 44 c0 19 53 8d df 6a 4b b2 af d6 d3 Aug 26 13:09:10.905484: | cleartext fragment e8 dd f5 20 df 9c cd 8a f7 6a 09 92 60 00 45 44 Aug 26 13:09:10.905487: | cleartext fragment 39 4c 17 6c 06 02 91 37 4b f5 6a c3 5e 21 c6 64 Aug 26 13:09:10.905490: | cleartext fragment 32 32 98 1d b7 99 1f 3c 13 fe ec c7 a4 a5 3b 37 Aug 26 13:09:10.905492: | cleartext fragment 30 df e4 31 95 47 91 b1 ca 96 66 b7 9e 49 65 a2 Aug 26 13:09:10.905495: | cleartext fragment 4c 79 54 17 ed 68 19 34 9d 7e 67 91 27 51 f0 ee Aug 26 13:09:10.905498: | cleartext fragment cb b3 90 68 7c 1d fd 83 32 06 2e e6 6f d5 f0 62 Aug 26 13:09:10.905500: | cleartext fragment 00 4d ef 11 90 b6 ad 61 83 0b 21 94 18 d9 2b 88 Aug 26 13:09:10.905503: | cleartext fragment 09 0d 33 2e 3b 71 18 f4 ce 4a 45 f3 37 f4 db c0 Aug 26 13:09:10.905505: | cleartext fragment d6 ab c2 da da cd 6d e0 a3 9d 21 53 19 34 b1 0c Aug 26 13:09:10.905508: | cleartext fragment d9 63 7c 45 b7 26 a4 d9 d6 93 25 1e 1f 74 3c 07 Aug 26 13:09:10.905511: | cleartext fragment 32 69 9b bc 0f db ba 3e 30 85 a4 3d ec 5c 70 fe Aug 26 13:09:10.905513: | cleartext fragment fe 7d 64 3c 2c 48 b3 8a eb 26 bf 05 d4 33 1e c3 Aug 26 13:09:10.905516: | cleartext fragment f7 1c 24 c9 99 e3 d1 99 91 df 32 10 d5 7c 31 7e Aug 26 13:09:10.905519: | cleartext fragment 9e 6f 70 01 dc 0d d7 21 03 76 4d f5 b2 e3 Aug 26 13:09:10.905524: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.905527: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.905530: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.905533: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.905536: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.905545: | **emit ISAKMP Message: Aug 26 13:09:10.905549: | initiator cookie: Aug 26 13:09:10.905552: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.905554: | responder cookie: Aug 26 13:09:10.905557: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.905560: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.905563: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.905566: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.905569: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.905571: | Message ID: 1 (0x1) Aug 26 13:09:10.905574: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.905578: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.905580: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.905583: | flags: none (0x0) Aug 26 13:09:10.905586: | fragment number: 3 (0x3) Aug 26 13:09:10.905590: | total fragments: 5 (0x5) Aug 26 13:09:10.905593: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.905597: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.905600: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.905604: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.905608: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.905612: | cleartext fragment 87 30 94 8c b2 0a c0 b4 d9 0b d4 d9 37 e0 7a 73 Aug 26 13:09:10.905614: | cleartext fragment 13 50 8d 6f 93 9a 7c 5a 1a b2 87 7e 0c 64 60 cb Aug 26 13:09:10.905617: | cleartext fragment 4b 2c ef 22 75 b1 7c 60 3e e3 e5 f1 94 38 51 8f Aug 26 13:09:10.905620: | cleartext fragment 00 e8 35 7b b5 01 ed c1 c4 fd a3 4b 56 42 d6 8b Aug 26 13:09:10.905623: | cleartext fragment 64 38 74 95 c4 13 70 f0 f0 23 29 57 2b ef 74 97 Aug 26 13:09:10.905625: | cleartext fragment 97 76 8d 30 48 91 02 03 01 00 01 a3 81 e4 30 81 Aug 26 13:09:10.905628: | cleartext fragment e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Aug 26 13:09:10.905630: | cleartext fragment 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Aug 26 13:09:10.905633: | cleartext fragment 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.905635: | cleartext fragment 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Aug 26 13:09:10.905638: | cleartext fragment 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Aug 26 13:09:10.905641: | cleartext fragment 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Aug 26 13:09:10.905644: | cleartext fragment 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Aug 26 13:09:10.905647: | cleartext fragment 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Aug 26 13:09:10.905650: | cleartext fragment 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Aug 26 13:09:10.905652: | cleartext fragment 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Aug 26 13:09:10.905655: | cleartext fragment 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Aug 26 13:09:10.905658: | cleartext fragment a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Aug 26 13:09:10.905661: | cleartext fragment 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Aug 26 13:09:10.905664: | cleartext fragment 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Aug 26 13:09:10.905667: | cleartext fragment 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Aug 26 13:09:10.905671: | cleartext fragment 00 03 81 81 00 9e e9 26 57 73 c2 4c 64 c6 ab d6 Aug 26 13:09:10.905674: | cleartext fragment d3 1a 13 4f 6b 48 e3 17 b2 3d fb 30 93 2d 15 92 Aug 26 13:09:10.905677: | cleartext fragment 6e a3 60 29 10 1d 3e a7 93 48 3c 40 5b af 9e e5 Aug 26 13:09:10.905679: | cleartext fragment 93 b7 2f d5 4b 9f db bd ab 5d 03 57 3a 1a f9 81 Aug 26 13:09:10.905682: | cleartext fragment 87 13 dd 32 e7 93 b5 9e 3b 40 3c c6 c9 d5 ce c6 Aug 26 13:09:10.905684: | cleartext fragment c7 5d da 89 36 3d d0 36 82 fd b2 ab 00 2a 7c 0e Aug 26 13:09:10.905687: | cleartext fragment a7 ad 3e e2 b1 5a 0d 88 45 26 48 51 b3 c7 79 d7 Aug 26 13:09:10.905690: | cleartext fragment 04 e7 47 5f 28 f8 63 fb ae 58 52 8b ba 60 ce 19 Aug 26 13:09:10.905693: | cleartext fragment ac fa 4e 65 7d 24 00 00 19 04 58 13 71 57 Aug 26 13:09:10.905696: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.905699: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.905703: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.905706: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.905709: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.905717: | **emit ISAKMP Message: Aug 26 13:09:10.905720: | initiator cookie: Aug 26 13:09:10.905723: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.905725: | responder cookie: Aug 26 13:09:10.905728: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.905730: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.905733: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.905736: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.905739: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.905741: | Message ID: 1 (0x1) Aug 26 13:09:10.905744: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.905747: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.905750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.905753: | flags: none (0x0) Aug 26 13:09:10.905755: | fragment number: 4 (0x4) Aug 26 13:09:10.905758: | total fragments: 5 (0x5) Aug 26 13:09:10.905761: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.905765: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.905767: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.905771: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.905779: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.905782: | cleartext fragment 9d ee 1a 15 74 03 12 80 12 4d c1 85 2b 92 25 e9 Aug 26 13:09:10.905784: | cleartext fragment 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 13:09:10.905787: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:09:10.905789: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:09:10.905792: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:09:10.905794: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:09:10.905797: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:09:10.905799: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:09:10.905802: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:09:10.905804: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:09:10.905807: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:09:10.905810: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:09:10.905814: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 21 Aug 26 13:09:10.905816: | cleartext fragment 00 01 88 01 00 00 00 76 dd b1 67 98 ae 5a f6 13 Aug 26 13:09:10.905819: | cleartext fragment ed 62 83 5c a7 bd 8d d5 d6 60 32 96 37 b4 6b 3e Aug 26 13:09:10.905821: | cleartext fragment ff 72 20 d0 15 bb 04 74 57 ca aa ec 2b 51 58 8e Aug 26 13:09:10.905824: | cleartext fragment 07 30 0f 73 7f 21 46 29 be 55 60 9e e7 5e b3 08 Aug 26 13:09:10.905827: | cleartext fragment 48 66 98 65 f7 1f fb 13 e6 5c 53 da 76 34 9e 1b Aug 26 13:09:10.905829: | cleartext fragment a1 28 e3 03 27 bd 61 b5 4d be c9 b3 e8 f0 6f 15 Aug 26 13:09:10.905832: | cleartext fragment 40 99 83 cf 8f 41 b6 8b 76 92 2a 0c a5 8d 37 f7 Aug 26 13:09:10.905834: | cleartext fragment ea 58 bd 62 1d cb 9d a1 5c 31 f4 71 1e 7a 7c 98 Aug 26 13:09:10.905836: | cleartext fragment e2 15 73 bb 89 30 45 37 35 79 f7 0d 8f b1 c4 49 Aug 26 13:09:10.905839: | cleartext fragment 8b f7 50 0c 67 61 7c 46 4b b8 8d 15 3e fd 0a 77 Aug 26 13:09:10.905840: | cleartext fragment 75 6f 85 9f 6d ea 3d be 06 d2 a7 0c 36 42 94 4f Aug 26 13:09:10.905842: | cleartext fragment 99 ee e8 e0 b3 30 ad 3a 0b 24 6a fd 99 57 46 ee Aug 26 13:09:10.905844: | cleartext fragment a9 fd 7d af c6 89 24 ad 17 33 5d 77 9b 63 c1 05 Aug 26 13:09:10.905845: | cleartext fragment 59 5b d1 f7 92 28 09 d4 5f f1 49 8b 63 6a 87 77 Aug 26 13:09:10.905847: | cleartext fragment 4d c2 99 32 29 e0 94 5d e0 5d fd 7d fe 73 c2 2f Aug 26 13:09:10.905848: | cleartext fragment 5c 3f 02 26 57 f9 8e 0d 82 af 89 c9 b4 2a c2 6e Aug 26 13:09:10.905850: | cleartext fragment fa 60 66 d9 da 3b 04 ef 1e a0 11 63 73 0b Aug 26 13:09:10.905852: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.905854: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.905856: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.905857: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:09:10.905859: | emitting length of ISAKMP Message: 539 Aug 26 13:09:10.905865: | **emit ISAKMP Message: Aug 26 13:09:10.905866: | initiator cookie: Aug 26 13:09:10.905868: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.905870: | responder cookie: Aug 26 13:09:10.905871: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.905873: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:10.905874: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.905876: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.905878: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:10.905879: | Message ID: 1 (0x1) Aug 26 13:09:10.905881: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:10.905884: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:09:10.905886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.905889: | flags: none (0x0) Aug 26 13:09:10.905892: | fragment number: 5 (0x5) Aug 26 13:09:10.905894: | total fragments: 5 (0x5) Aug 26 13:09:10.905898: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:09:10.905901: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.905904: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:09:10.905907: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:09:10.905911: | emitting 333 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:09:10.905914: | cleartext fragment b4 79 f3 de ff cf 16 c3 fa c9 75 50 33 2f 9e ba Aug 26 13:09:10.905917: | cleartext fragment 34 67 90 e2 94 28 22 ef f9 19 6a 88 79 c2 db 44 Aug 26 13:09:10.905920: | cleartext fragment 55 0b 46 e8 ea cc 0f 36 9d bc f0 3c 40 0e 19 25 Aug 26 13:09:10.905923: | cleartext fragment a7 f7 2f 53 a4 cf 64 28 a2 3b 1a b2 7a 23 fe cf Aug 26 13:09:10.905927: | cleartext fragment ee be c4 cd 42 64 f1 cc 4e c0 1a 7e 11 c1 39 c9 Aug 26 13:09:10.905930: | cleartext fragment dd 91 a6 42 6a 5f b0 66 fd 7e 84 8f 11 68 1e ba Aug 26 13:09:10.905933: | cleartext fragment b0 3d 2d fb 91 92 5d 27 7e b9 a2 d4 f3 74 b9 d9 Aug 26 13:09:10.905935: | cleartext fragment 92 3a 59 73 17 5c ba 8b 3e 2c 00 00 a4 02 00 00 Aug 26 13:09:10.905938: | cleartext fragment 20 01 03 04 02 e2 70 8c 7e 03 00 00 0c 01 00 00 Aug 26 13:09:10.905940: | cleartext fragment 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 00 Aug 26 13:09:10.905943: | cleartext fragment 20 02 03 04 02 e2 70 8c 7e 03 00 00 0c 01 00 00 Aug 26 13:09:10.905945: | cleartext fragment 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 00 Aug 26 13:09:10.905948: | cleartext fragment 30 03 03 04 04 e2 70 8c 7e 03 00 00 0c 01 00 00 Aug 26 13:09:10.905950: | cleartext fragment 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 13:09:10.905953: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 Aug 26 13:09:10.905955: | cleartext fragment 30 04 03 04 04 e2 70 8c 7e 03 00 00 0c 01 00 00 Aug 26 13:09:10.905958: | cleartext fragment 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 Aug 26 13:09:10.905960: | cleartext fragment 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 Aug 26 13:09:10.905962: | cleartext fragment 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 Aug 26 13:09:10.905965: | cleartext fragment 00 c0 00 03 ff 00 00 00 18 01 00 00 00 07 00 00 Aug 26 13:09:10.905967: | cleartext fragment 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Aug 26 13:09:10.905970: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:10.905973: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:09:10.905976: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:09:10.905979: | emitting length of IKEv2 Encrypted Fragment: 366 Aug 26 13:09:10.905982: | emitting length of ISAKMP Message: 394 Aug 26 13:09:10.905994: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.906000: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:10.906005: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:09:10.906008: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:09:10.906012: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:09:10.906015: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:09:10.906020: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:10.906025: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:09:10.906031: "northnet-eastnets/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:09:10.906046: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:10.906049: | sending fragments ... Aug 26 13:09:10.906056: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.906059: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906061: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:09:10.906064: | 00 01 00 05 d2 e9 9c 54 6f f5 72 9c 91 0d a4 3a Aug 26 13:09:10.906066: | 30 cd 4b 19 7d bf 5f a5 90 d4 42 27 2e 24 f8 19 Aug 26 13:09:10.906069: | b2 8e 84 b1 32 b7 e2 d8 8b f6 09 45 1a a0 da e5 Aug 26 13:09:10.906074: | 9a b1 02 1f 3d fd e3 db 5c 49 de da ea 4f 14 a2 Aug 26 13:09:10.906077: | 96 c0 d9 53 93 c5 e7 f8 78 22 84 18 6f 85 16 af Aug 26 13:09:10.906079: | 0b 3b 3c f8 26 90 8c 4a bc 97 76 9f 17 c4 96 ce Aug 26 13:09:10.906082: | 6f fa a0 d3 a0 c9 9a eb cd 5b e3 85 a7 64 48 47 Aug 26 13:09:10.906084: | b5 45 31 38 71 db 45 6d 64 6d 7e 35 18 28 aa c1 Aug 26 13:09:10.906086: | 92 a3 71 7e 75 bb 56 25 20 eb b2 1b 17 3c 98 64 Aug 26 13:09:10.906089: | cd 15 55 98 6a ce 20 f0 70 e9 14 20 be bc 2b 1a Aug 26 13:09:10.906091: | 39 3c 6b 3d 33 e7 22 a9 c1 1e 59 89 20 e0 81 35 Aug 26 13:09:10.906094: | 40 2e 0c 80 91 2c 27 86 f5 6a d6 ac 20 e6 2e ac Aug 26 13:09:10.906097: | 53 6a 9e 05 d9 9a 4f 4d 21 63 9e 03 94 92 0e 00 Aug 26 13:09:10.906099: | 11 86 45 cc be 10 69 2e a2 58 03 d8 83 26 2a 5e Aug 26 13:09:10.906102: | 83 99 c0 a6 38 4e 78 50 56 6e 61 8d 87 b9 f4 ec Aug 26 13:09:10.906104: | ae 3f fc 8b aa a9 a2 f6 6a 0d 57 d1 99 16 43 37 Aug 26 13:09:10.906107: | ff 4f f7 a3 a5 df 71 f1 3e 57 3e f3 8a cb b3 22 Aug 26 13:09:10.906109: | 15 aa 4f 80 bc 5c 16 83 0a 8b f6 97 f7 ca 14 41 Aug 26 13:09:10.906112: | 47 83 e3 e8 e3 28 6b 04 88 2c b2 5a 86 de 69 33 Aug 26 13:09:10.906115: | 2a 12 99 58 a2 76 ad 21 01 ee 88 e5 58 a3 b4 0c Aug 26 13:09:10.906117: | 0a 11 c5 34 2f 59 8b 71 6d b3 45 93 67 f8 37 04 Aug 26 13:09:10.906120: | 6b e4 e8 76 96 d9 ce 76 64 83 27 7d df ea ac eb Aug 26 13:09:10.906122: | ab ea f6 32 32 28 f8 0b ad 4b aa 1b a8 bc ed 04 Aug 26 13:09:10.906125: | a5 15 9c 95 0c 2b 77 1b 93 13 af 2d 04 ad c1 0e Aug 26 13:09:10.906128: | 30 73 2a 3d 94 1d 10 b5 48 95 47 1f 72 d2 be 9c Aug 26 13:09:10.906131: | 6d de a1 e7 fb 6b 68 2a 5c 80 3b 0e bc 5b 30 cd Aug 26 13:09:10.906133: | 8e 90 00 f9 4c 6a 33 ca 48 51 e7 2d 32 4e 20 c4 Aug 26 13:09:10.906135: | 86 58 3e 6c 45 ae d5 12 4c 40 72 5f 79 91 27 cf Aug 26 13:09:10.906138: | dc 16 90 95 9a 17 74 26 a6 7f f5 56 3d e8 c0 26 Aug 26 13:09:10.906140: | 3f 8c 83 04 a1 e4 d3 da cb c5 e5 80 f5 d4 e3 d1 Aug 26 13:09:10.906143: | 87 cd 91 2a cb 8c f4 1d f5 b9 a3 6f b4 3f 98 d8 Aug 26 13:09:10.906146: | e3 6a 63 bf 02 96 89 6b e0 5d 52 Aug 26 13:09:10.906210: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.906215: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906218: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.906221: | 00 02 00 05 73 12 9c b4 a0 5f 74 10 d4 cc b4 bc Aug 26 13:09:10.906223: | 46 9a 0d ca 5a 51 b0 b8 20 2b c4 8c f8 83 19 10 Aug 26 13:09:10.906226: | 09 7a 61 09 28 11 4e d1 50 6b dd 9f ba 32 4d b2 Aug 26 13:09:10.906229: | 89 0c c2 6d 2a c9 d6 8f 78 59 b6 3a d1 fa d0 00 Aug 26 13:09:10.906231: | f9 2d 6e 4b dd e5 f0 90 87 b5 03 a4 39 4e 22 fd Aug 26 13:09:10.906234: | 53 65 b1 cb 88 5b 0b 61 14 8d 6d 88 9d 4d e1 5a Aug 26 13:09:10.906237: | a6 f6 bc 57 bf e8 89 68 20 1c 7e 72 e6 a4 42 56 Aug 26 13:09:10.906240: | 93 ac cc cb e8 4a d7 5e 05 2b 48 ef 4f df 09 36 Aug 26 13:09:10.906242: | f1 a6 76 9b 59 a5 14 8d b9 23 b1 35 68 9a ce 94 Aug 26 13:09:10.906245: | 8d 20 2d 1a f4 b7 c0 f4 62 ea 7a 8b 41 d4 c7 d9 Aug 26 13:09:10.906247: | 7b 69 5f 33 2d 84 f0 b7 a3 c1 95 43 65 61 73 b4 Aug 26 13:09:10.906250: | 19 64 d4 60 5c c9 5d a7 ed e7 66 43 67 cc e4 b8 Aug 26 13:09:10.906252: | f8 cd e3 e1 f9 29 28 58 e9 91 4b ce 56 c3 06 da Aug 26 13:09:10.906254: | b5 de dd e2 93 7c 95 a9 22 b9 e4 28 6a e0 4e 5d Aug 26 13:09:10.906257: | b2 28 be 74 08 f1 ff 85 cc f1 33 9f 87 d3 2b 64 Aug 26 13:09:10.906260: | 4d f2 f9 79 3d 6e a9 76 8e 76 10 5d 1d 8b d2 64 Aug 26 13:09:10.906262: | d2 55 57 9f 92 49 83 d3 9a fa 67 88 f4 ed 0d 9c Aug 26 13:09:10.906265: | ad 97 f2 85 08 9b aa 72 d3 f2 e1 c7 9e 6d a7 5f Aug 26 13:09:10.906267: | a5 a2 9c f6 d6 00 18 be e6 b6 1e be b5 58 d2 30 Aug 26 13:09:10.906270: | ff 80 72 d9 c4 0e ad f6 12 d2 16 73 a1 f3 77 f0 Aug 26 13:09:10.906276: | 10 5c f6 1d 5a e6 a7 47 a9 a8 be 24 df 80 d9 ea Aug 26 13:09:10.906279: | da a6 37 0f 86 77 69 ce 14 e4 d6 17 82 4c 9c d9 Aug 26 13:09:10.906281: | 25 08 cd 9e e8 8c 13 f8 c0 df 1c f6 37 ef 7b c4 Aug 26 13:09:10.906284: | 45 42 98 0f 79 6d ad 91 a2 27 4c 79 c4 62 c1 d2 Aug 26 13:09:10.906287: | 4b ed 19 43 8a 32 16 9a dc 52 61 af 56 5e 58 f8 Aug 26 13:09:10.906296: | a4 d9 69 a6 5e 8e 41 ba 83 0b 30 0a 4c 01 27 ec Aug 26 13:09:10.906299: | 41 94 88 e0 5f 51 dd cf ad 79 ca 60 a8 97 f4 59 Aug 26 13:09:10.906302: | ec 75 e7 84 87 c3 0e 63 44 fa 81 f9 22 49 e8 0d Aug 26 13:09:10.906304: | 35 be 19 0b bb 46 63 af 4d 1b b8 b1 a8 df cd 38 Aug 26 13:09:10.906307: | d8 9b e2 8f 8a 15 c4 81 3e 83 82 ec fe e4 6f b2 Aug 26 13:09:10.906309: | 5d 27 f4 95 6a be 67 a5 e1 a2 d6 d8 67 c2 02 7e Aug 26 13:09:10.906312: | 05 0e f9 58 5d 8f 85 f3 ef 42 35 Aug 26 13:09:10.906335: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.906339: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906342: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.906344: | 00 03 00 05 24 f4 04 40 24 07 76 f6 14 97 8f a5 Aug 26 13:09:10.906347: | 76 64 34 4d 74 31 44 e1 e9 73 3f 1f e9 6b 60 ea Aug 26 13:09:10.906349: | 9c 13 3e f1 87 08 47 49 91 37 50 3e 72 15 66 9f Aug 26 13:09:10.906352: | 2c 01 f1 aa 39 58 88 7f e9 fc a8 08 44 22 ee c7 Aug 26 13:09:10.906354: | cf d0 76 09 b2 1a d3 9d 97 97 84 fe 10 00 b7 05 Aug 26 13:09:10.906357: | 26 ae ca e7 bc 0a 32 96 da 56 64 c4 58 74 95 1e Aug 26 13:09:10.906360: | 90 28 2b ca 68 34 81 7c 1d 73 2e b9 2e e0 93 be Aug 26 13:09:10.906362: | 90 8e 40 ee 08 a9 aa 62 14 b2 7f 50 b6 5b b9 40 Aug 26 13:09:10.906365: | 33 cb 26 29 5d 4d c1 14 dd d3 4d 20 1d 2d 61 5c Aug 26 13:09:10.906368: | ce 74 0f 41 db 15 bc 8b 06 b2 a6 6a 97 ca b3 ae Aug 26 13:09:10.906371: | 45 fd 6f 3b 23 7d ac 45 31 e0 da ba bb 03 14 ba Aug 26 13:09:10.906373: | b9 85 1d b5 61 f2 58 7d ab 0d e6 e6 4a 9f 49 6b Aug 26 13:09:10.906376: | 4e f4 e8 f8 7d c4 b3 22 06 f1 d1 00 96 5d dc 33 Aug 26 13:09:10.906378: | eb 79 4f 70 ea b6 11 97 cd c4 85 99 05 4f ad aa Aug 26 13:09:10.906381: | 26 f5 7d 4f fd ac af 8d a5 af 81 2e df c8 2e 11 Aug 26 13:09:10.906383: | 55 93 86 38 1c 7d 5a 83 3f b4 fc 30 a5 74 3c af Aug 26 13:09:10.906386: | 90 7c d3 e0 76 ad 4a 35 35 6c d2 02 80 35 e9 c0 Aug 26 13:09:10.906388: | 49 17 09 f9 52 ba 50 b2 1e 25 a1 6c 05 bb 68 05 Aug 26 13:09:10.906391: | 4b 03 d2 b3 e5 86 79 41 ab f3 cf 4e 62 12 af 98 Aug 26 13:09:10.906393: | b9 34 12 08 51 f2 7f 8d 5c c1 f9 f6 a5 b9 a5 35 Aug 26 13:09:10.906396: | 4c 96 68 94 b3 4e bd 13 96 a0 0f e0 6e 93 71 4c Aug 26 13:09:10.906398: | e4 cc 01 8e 93 c7 04 e5 dc 9a 20 a9 ac 67 c5 99 Aug 26 13:09:10.906400: | 3e 6d 89 2b 04 e1 f4 09 f7 eb cb 4d 87 b3 4f 08 Aug 26 13:09:10.906403: | 66 73 4c 80 f2 e1 cb 1f c0 0b 50 9d 1d 1d c5 76 Aug 26 13:09:10.906405: | 3a 7a 82 bb a6 5e 26 bf 02 8d 5d fc 55 5e 30 70 Aug 26 13:09:10.906408: | 27 d4 24 c1 5b f6 d9 3d 8a 1a 2a f8 3a ce a6 09 Aug 26 13:09:10.906410: | 2e d4 c9 d7 ff 36 c4 45 d0 26 5c d7 01 96 8b c0 Aug 26 13:09:10.906413: | 2a 3c 1c 3d 46 8b ce 91 d9 ae 3e 4a 5f d5 dd e6 Aug 26 13:09:10.906415: | 01 39 49 2d 4a e9 cf 14 56 09 33 62 a8 c2 e9 a4 Aug 26 13:09:10.906418: | f8 4f d2 1d dc f3 e8 99 66 6e 7e 6a 17 ea 41 a3 Aug 26 13:09:10.906420: | 9e 19 57 d9 b3 d5 8c fb f8 09 81 b3 bd f6 bc a1 Aug 26 13:09:10.906423: | 0c df 08 d9 74 3f bb 6c 7c f9 a5 Aug 26 13:09:10.906438: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.906442: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906444: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.906447: | 00 04 00 05 fa 90 77 c3 88 a6 d5 54 28 94 a1 be Aug 26 13:09:10.906451: | 1c e8 d3 71 29 99 95 d1 43 8a 37 92 a1 65 c4 2f Aug 26 13:09:10.906454: | 5c 42 90 0c 47 6f ac 8b 9e 01 d7 aa af 28 bf 25 Aug 26 13:09:10.906456: | e4 29 df ee ad 5e 47 c3 72 1c 73 47 f5 42 4a 33 Aug 26 13:09:10.906459: | c3 ed ce 66 c9 24 f1 3b 4a f4 ff ff d0 b1 71 ac Aug 26 13:09:10.906461: | f0 ae f6 c1 ce 07 6e 2f 06 1d 8c 81 f5 09 ce 69 Aug 26 13:09:10.906464: | 2e 68 7a 03 a8 cf 84 2f ad 9c ca a7 20 eb 5e a0 Aug 26 13:09:10.906466: | 5a c9 f5 29 a0 b4 db 7e 58 d5 2f 27 1a 28 f0 e0 Aug 26 13:09:10.906469: | 31 b0 d0 ab 75 86 3b 2d 66 10 82 3d 1d 32 41 7f Aug 26 13:09:10.906472: | cd f3 a3 af c6 13 75 e7 4a 92 5d e8 46 8a b6 d2 Aug 26 13:09:10.906474: | 3c f2 07 44 5a 6e 6d be c7 e9 56 6c e4 72 78 bb Aug 26 13:09:10.906477: | fd ab 79 cc 64 a1 5e 32 9d cc 87 b3 05 d4 89 e8 Aug 26 13:09:10.906479: | 7a 74 67 1c 8a cd 0c b4 2f 8c 46 bb 4a 21 2e 38 Aug 26 13:09:10.906481: | 16 13 8e be 10 b1 49 d8 a5 1a c4 5c a2 6d 74 51 Aug 26 13:09:10.906484: | bc 79 38 b0 99 2a cf 57 d6 4b a1 d0 c2 f1 1c 49 Aug 26 13:09:10.906486: | 56 9b 37 d2 92 01 6e 15 bd fc f0 b1 5f 69 4a cf Aug 26 13:09:10.906489: | 4b 23 b3 eb 1a c8 85 19 f1 7d e3 d9 93 61 91 33 Aug 26 13:09:10.906491: | db a8 4c ed 44 26 79 89 17 da 2b 08 52 f9 07 b7 Aug 26 13:09:10.906494: | 85 51 12 46 96 92 2d a5 9b 9d e6 a9 71 0f 6d 96 Aug 26 13:09:10.906496: | 5e 89 33 a7 64 86 28 7b b3 e9 1b e7 65 7a b7 0b Aug 26 13:09:10.906498: | e7 ce be 9c 45 bb 68 66 91 16 07 1d 5b 06 27 74 Aug 26 13:09:10.906501: | 8f 84 77 f7 5a 32 17 2a 8a a4 44 6f 31 dc 49 e2 Aug 26 13:09:10.906503: | 9c 19 99 ae 52 e9 1d 18 3e 87 08 45 fb 0f eb 1b Aug 26 13:09:10.906505: | 41 08 0f 6c cb 27 a9 52 8b 8d 9e a2 4e 7b d4 2a Aug 26 13:09:10.906508: | 33 ba 0d 4f 77 7f 3d 51 3a 7b fc da c9 7b f0 13 Aug 26 13:09:10.906510: | 70 6b c4 43 c1 8d de e5 72 d4 da 13 e3 91 4a 15 Aug 26 13:09:10.906513: | 38 36 81 4b 09 66 24 86 1e 05 35 97 1a 17 b4 62 Aug 26 13:09:10.906515: | 4d 5b fa b9 0e 7c f8 f9 77 78 b7 53 51 59 c5 4f Aug 26 13:09:10.906517: | fd fa 1a 7e 38 a6 0f 94 b5 d4 b1 f7 12 9d f6 ce Aug 26 13:09:10.906520: | 7c 8b 6f 77 4c 1c 4d 10 d7 a2 b8 64 ed 41 2f 52 Aug 26 13:09:10.906522: | 09 ad 7e e3 79 2f 5d 67 78 8c 52 60 43 d3 13 fe Aug 26 13:09:10.906525: | 2d ab 28 2c 1d a1 d2 09 e1 a7 4a Aug 26 13:09:10.906542: | sending 394 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:10.906546: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.906549: | 35 20 23 08 00 00 00 01 00 00 01 8a 00 00 01 6e Aug 26 13:09:10.906552: | 00 05 00 05 17 32 8e 03 47 e7 92 de 64 78 06 1f Aug 26 13:09:10.906554: | 92 b8 bf 54 1b 99 8c 0c 6a 46 ca 37 37 0a da 73 Aug 26 13:09:10.906557: | b0 94 b5 a9 37 4b c5 42 e4 43 1f 0c fb 6d 07 a8 Aug 26 13:09:10.906559: | 3d 11 71 35 3d 36 98 e4 7b 3b 4f d0 38 15 6a 75 Aug 26 13:09:10.906561: | ad a3 d3 e6 f0 29 03 93 e9 cb 50 39 cc bc e1 1b Aug 26 13:09:10.906564: | fa 3c d9 43 3c 6a 45 fd 31 cb 3e ef c4 82 1a 7c Aug 26 13:09:10.906566: | e9 5c a6 74 ef 39 97 13 97 80 69 4e 35 eb 64 fa Aug 26 13:09:10.906569: | 1b 17 67 20 dc 8a 47 70 1e 30 d1 c3 ca f8 73 88 Aug 26 13:09:10.906571: | 0a 59 f7 50 eb ed 76 a6 79 e7 d1 94 03 1d c4 23 Aug 26 13:09:10.906574: | dc d9 59 e6 0f b8 d5 db 35 c5 a8 17 24 12 71 fe Aug 26 13:09:10.906577: | 8e cb 69 8a 98 e5 26 59 ad f9 9b 42 b1 cc 3e 86 Aug 26 13:09:10.906579: | 52 72 95 36 84 8f bf 9b ec a7 16 10 65 39 c5 fe Aug 26 13:09:10.906582: | d8 97 59 d5 c5 25 2f 28 11 2c cc 87 14 28 59 06 Aug 26 13:09:10.906585: | 21 e2 fe d8 25 1d 2e 05 53 3f 37 cf 76 f8 d9 7a Aug 26 13:09:10.906587: | d6 06 4a 50 65 ce 89 00 a2 60 49 1f 0a 43 df a7 Aug 26 13:09:10.906590: | 7a f7 2a 3f ff 49 5a c6 e7 dd 0a 39 58 11 75 7b Aug 26 13:09:10.906592: | 30 8a 7a 8d 3b 20 3b bf 83 03 aa 1c b2 af 2c 2f Aug 26 13:09:10.906597: | a3 eb 47 dc 0f d9 da 08 95 2f 88 b4 fe a5 b4 eb Aug 26 13:09:10.906600: | 10 53 a2 b1 07 ac c4 d7 47 2d e7 40 10 89 74 a5 Aug 26 13:09:10.906602: | 6b b7 5c 39 3e d5 7d cd 76 32 ee b2 3e 2b d8 f2 Aug 26 13:09:10.906605: | 99 3b 73 7e 21 e7 13 03 77 1e e4 db bb 68 f9 50 Aug 26 13:09:10.906608: | 0f 12 9d bd 4f 59 22 ae 11 14 f0 ed 71 8f b5 a7 Aug 26 13:09:10.906610: | b6 6b 33 0d 9a e5 21 79 93 19 Aug 26 13:09:10.906624: | sent 5 fragments Aug 26 13:09:10.906629: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:10.906632: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:10.906644: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fa820002b78 Aug 26 13:09:10.906649: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:09:10.906654: | libevent_malloc: new ptr-libevent@0x563af559a498 size 128 Aug 26 13:09:10.906661: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.64911 Aug 26 13:09:10.906667: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:10.906674: | #1 spent 2.15 milliseconds Aug 26 13:09:10.906678: | #1 spent 10.7 milliseconds in resume sending helper answer Aug 26 13:09:10.906685: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:10.906690: | libevent_free: release ptr-libevent@0x7fa818000f48 Aug 26 13:09:10.961521: | spent 0.00301 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.961547: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.961552: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961555: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 13:09:10.961557: | 00 01 00 05 16 e1 ae cd d3 e6 4c fe 83 ee 7e 39 Aug 26 13:09:10.961559: | 42 83 c1 8f 97 96 7a e8 cd 2c f2 e1 c1 06 a0 42 Aug 26 13:09:10.961562: | 30 2b b0 68 4a ff 2f 80 00 d9 27 23 d3 ed ec 7c Aug 26 13:09:10.961564: | 59 b8 5a d1 f0 8c 06 a5 44 06 55 17 69 18 fb 48 Aug 26 13:09:10.961566: | 97 0a 77 be d5 b1 0a b3 f5 d6 4c 3b c8 a9 09 63 Aug 26 13:09:10.961569: | c7 99 17 6c fe 6f ff 72 8a a1 75 75 05 f7 7e ad Aug 26 13:09:10.961571: | 6b 22 67 a5 c1 a9 83 9a d6 2f e8 78 c9 dd b8 c0 Aug 26 13:09:10.961573: | 8d 95 c2 74 e0 76 59 c4 17 49 58 85 c8 74 9e 6f Aug 26 13:09:10.961576: | 09 d7 3f 7a 18 89 68 d6 9b 93 89 84 ff 7b 8f 2c Aug 26 13:09:10.961578: | 86 c0 44 2e 50 bf a7 48 26 c2 99 1b 8a d3 05 56 Aug 26 13:09:10.961581: | 66 5a dc 29 49 c7 31 18 6e 0b 6b c9 7d 20 ce 22 Aug 26 13:09:10.961583: | 04 ee 8e 56 57 55 b3 f9 3f d2 b0 42 6a 4a 25 66 Aug 26 13:09:10.961585: | df 19 b2 86 40 70 98 ce f0 71 47 43 e8 46 a7 0e Aug 26 13:09:10.961588: | 75 13 f6 8d 70 b1 23 b6 cd d6 24 40 09 aa 02 55 Aug 26 13:09:10.961590: | 76 78 4c e4 93 78 a5 48 e7 f8 20 48 a2 38 b4 09 Aug 26 13:09:10.961593: | 14 83 97 72 3b 6a 14 30 5e cf 52 7f 69 be 2b 16 Aug 26 13:09:10.961595: | 5b 4b c4 19 bf f5 7f 5c 9f 36 3c e4 27 f7 09 57 Aug 26 13:09:10.961598: | be 26 9f 0f 00 ce dc 56 76 6a e5 49 3b 01 5f 80 Aug 26 13:09:10.961601: | 89 69 3f 54 08 13 88 51 56 4d a5 47 4d 8f 09 2e Aug 26 13:09:10.961603: | cc e8 7c db c8 9c 4c f4 e6 f2 cf 49 10 51 39 de Aug 26 13:09:10.961606: | 08 a8 e9 cc 93 52 70 bb 74 71 e0 58 bd d8 07 d9 Aug 26 13:09:10.961608: | eb e4 88 a6 d3 45 12 58 c8 a2 f9 33 87 fa 07 f2 Aug 26 13:09:10.961610: | 49 6e 47 10 ce b1 15 3f c1 15 11 31 b9 59 4b ca Aug 26 13:09:10.961613: | fa 6d 4d 80 c9 87 c5 fb db 5e df c3 cc 89 88 c2 Aug 26 13:09:10.961615: | 41 07 fc 9c 7d 1d 76 59 03 ff a5 27 3c b7 2e 10 Aug 26 13:09:10.961618: | 47 ce 50 20 9c d0 10 cb 2e f6 74 02 f5 ed 09 0f Aug 26 13:09:10.961620: | 94 1d 77 80 c2 95 48 aa 2a 78 8c b0 7d 6e b3 95 Aug 26 13:09:10.961625: | 68 99 8a 05 87 14 a6 b6 bc 6f 3f 83 a8 e0 d6 bf Aug 26 13:09:10.961628: | b0 38 3c 9b e8 ee 69 fa 88 56 02 1e 07 00 93 22 Aug 26 13:09:10.961630: | 42 74 b9 a4 18 c0 d0 a6 94 c3 7b e4 ee db 50 77 Aug 26 13:09:10.961633: | 53 5d 11 3f 3d a0 5c 6c 76 1b 0a 10 42 64 cf 13 Aug 26 13:09:10.961635: | 1a 08 52 3e 63 0d ef 46 b2 04 53 Aug 26 13:09:10.961641: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.961645: | **parse ISAKMP Message: Aug 26 13:09:10.961648: | initiator cookie: Aug 26 13:09:10.961651: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.961654: | responder cookie: Aug 26 13:09:10.961656: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961659: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.961662: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.961665: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.961668: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.961670: | Message ID: 1 (0x1) Aug 26 13:09:10.961673: | length: 539 (0x21b) Aug 26 13:09:10.961676: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.961680: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.961685: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.961693: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.961697: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.961702: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.961707: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.961710: | #2 is idle Aug 26 13:09:10.961713: | #2 idle Aug 26 13:09:10.961716: | unpacking clear payload Aug 26 13:09:10.961719: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.961723: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.961726: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:10.961729: | flags: none (0x0) Aug 26 13:09:10.961732: | length: 511 (0x1ff) Aug 26 13:09:10.961735: | fragment number: 1 (0x1) Aug 26 13:09:10.961737: | total fragments: 5 (0x5) Aug 26 13:09:10.961740: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.961743: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.961747: | received IKE encrypted fragment number '1', total number '5', next payload '36' Aug 26 13:09:10.961750: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:09:10.961757: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.961763: | #1 spent 0.226 milliseconds in ikev2_process_packet() Aug 26 13:09:10.961767: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.961771: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.961775: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.961779: | spent 0.243 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.961790: | spent 0.00163 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.961800: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.961804: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961806: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.961809: | 00 02 00 05 9d 12 e7 b5 01 b5 32 a1 56 f5 1e d3 Aug 26 13:09:10.961811: | 7e 20 f5 8d c8 43 db 3f bb aa 9d fd 72 54 61 ea Aug 26 13:09:10.961814: | e7 e8 48 a7 93 74 29 ff 71 3f 96 dc a2 7e bc 4b Aug 26 13:09:10.961817: | 6b 88 08 2b 10 20 9e ab bd c1 00 90 b3 32 49 52 Aug 26 13:09:10.961822: | dc ff 95 77 7a 65 78 72 e4 14 6c 75 b9 97 77 c1 Aug 26 13:09:10.961825: | 3c 49 74 d3 e5 ab 0a 2b 50 96 58 08 a9 4f 7c 91 Aug 26 13:09:10.961827: | ea d4 d4 1b c2 75 ef 43 09 7e 54 e0 c3 f9 67 c7 Aug 26 13:09:10.961830: | d2 7d af ad 3f 2f 7c d3 d3 d3 ed dd 4d c3 b6 2c Aug 26 13:09:10.961832: | 79 cb 2f 22 6d 14 f7 73 06 3d 7f 93 5b e4 bf b2 Aug 26 13:09:10.961835: | 82 d2 c2 f5 f1 80 18 cf 4f a3 b6 71 bb 30 84 f3 Aug 26 13:09:10.961838: | 8d 4a 35 a4 9d 17 a9 d4 68 f1 09 3c 8b a0 e6 3b Aug 26 13:09:10.961840: | b7 05 c0 b6 31 a3 47 fc d3 ec ee fc 16 da a6 6d Aug 26 13:09:10.961843: | b0 42 cb 55 9e ea f7 8d 2a b4 b5 82 a2 84 95 ae Aug 26 13:09:10.961845: | 0b 31 a9 33 40 9f 6c 6a 95 28 22 78 cf 66 52 ca Aug 26 13:09:10.961848: | 24 9b 91 0b a5 54 e7 64 d0 6e 1b 84 18 1f 4f 25 Aug 26 13:09:10.961850: | af 86 f7 2b 66 2e f0 9e cd ce d0 ee 3e 2a a5 93 Aug 26 13:09:10.961853: | 47 9a 7a 98 24 f0 49 82 f0 7e ce 9f de 1f b0 1b Aug 26 13:09:10.961856: | 7f a2 60 2b 9e 52 11 6d da a3 7a 17 5c d1 e1 f3 Aug 26 13:09:10.961858: | 79 08 f6 4f 9f 12 47 06 e6 54 59 bd 3f 8d 5f 28 Aug 26 13:09:10.961861: | 36 16 7f 61 55 62 b3 c1 08 ed a8 b6 ff b4 93 52 Aug 26 13:09:10.961863: | 6c 49 71 b1 52 c4 10 8f 9c 94 d1 b3 1f ef 26 fe Aug 26 13:09:10.961866: | c3 9e 44 b7 60 6e 99 58 81 1a 8b 0c 33 28 b5 b3 Aug 26 13:09:10.961869: | 9c 50 00 ad 5f a6 99 e3 9d e0 8b 09 00 cb 3f a3 Aug 26 13:09:10.961871: | 44 77 51 6b 6d 8c 84 74 10 8f b7 ec a0 f1 3d 86 Aug 26 13:09:10.961874: | a4 9f a2 c1 22 35 82 96 53 c9 f6 45 05 91 3c 57 Aug 26 13:09:10.961877: | 41 f8 19 ae a5 91 8d 9b e4 96 6c 63 8a 98 37 57 Aug 26 13:09:10.961879: | e8 24 2e 66 1f be 91 b8 ec d1 c3 29 b5 4d c5 58 Aug 26 13:09:10.961882: | 02 03 83 5b 0a 6e 89 6a 04 93 41 8a 9c ba f7 2b Aug 26 13:09:10.961885: | 9f 48 9d c8 7d 1b 24 32 bb f1 fb 0d 61 37 42 ac Aug 26 13:09:10.961887: | 82 2e 62 08 85 f2 3e b9 da 05 eb f0 0e f5 b0 ff Aug 26 13:09:10.961890: | 1f 83 97 31 79 ef f5 cf 8f 78 5d f2 88 52 15 83 Aug 26 13:09:10.961892: | db 85 9d f9 d2 ad ee 3c 5d 2b 02 Aug 26 13:09:10.961897: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.961900: | **parse ISAKMP Message: Aug 26 13:09:10.961903: | initiator cookie: Aug 26 13:09:10.961906: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.961908: | responder cookie: Aug 26 13:09:10.961911: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.961914: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.961916: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.961919: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.961922: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.961924: | Message ID: 1 (0x1) Aug 26 13:09:10.961927: | length: 539 (0x21b) Aug 26 13:09:10.961930: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.961933: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.961936: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.961942: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.961946: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.961950: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.961955: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.961958: | #2 is idle Aug 26 13:09:10.961960: | #2 idle Aug 26 13:09:10.961962: | unpacking clear payload Aug 26 13:09:10.961965: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.961968: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.961971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.961975: | flags: none (0x0) Aug 26 13:09:10.961978: | length: 511 (0x1ff) Aug 26 13:09:10.961981: | fragment number: 2 (0x2) Aug 26 13:09:10.961983: | total fragments: 5 (0x5) Aug 26 13:09:10.961986: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.961989: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.961992: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 13:09:10.961997: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.962002: | #1 spent 0.207 milliseconds in ikev2_process_packet() Aug 26 13:09:10.962006: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.962010: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.962013: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.962017: | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.962024: | spent 0.00152 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.962034: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.962036: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962039: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.962042: | 00 03 00 05 57 1f 27 f3 3f 33 c6 7d dc 44 3f 85 Aug 26 13:09:10.962045: | ba 95 5f 0e 47 32 c8 ea 62 87 aa 4f fd d9 96 ed Aug 26 13:09:10.962047: | 25 90 9a 8c 9b af d6 a2 66 69 26 b8 f7 d4 18 a9 Aug 26 13:09:10.962050: | 1c fb ef c7 d9 af b8 78 7d 4d 24 06 ff cb 5d fa Aug 26 13:09:10.962053: | ad c6 09 3a 74 cf c0 01 b5 b9 8a c6 a5 29 ab a3 Aug 26 13:09:10.962055: | 2e 97 a9 00 49 44 ce f2 a5 b8 79 dc 7b 27 24 eb Aug 26 13:09:10.962058: | da bf b5 08 11 43 c2 0c d0 6c 48 21 98 a6 33 d3 Aug 26 13:09:10.962061: | d6 23 2b 34 dd 54 bb c0 89 14 83 a6 ea d6 3d 79 Aug 26 13:09:10.962063: | cf 98 23 b8 12 e2 e7 d8 7b 0d 3a 24 4f 2b 62 a5 Aug 26 13:09:10.962065: | 41 38 87 54 28 7a 5f 6c e4 21 cd 4c 71 11 15 36 Aug 26 13:09:10.962068: | 9b a3 9c 8a 06 e1 97 1c 7d a2 7e 13 9d 71 70 93 Aug 26 13:09:10.962070: | 24 99 e3 93 cf 77 97 43 56 e9 90 37 94 61 22 d0 Aug 26 13:09:10.962073: | a0 b5 3f 9e ed 0e 4b 29 0a 82 b8 b8 05 af 57 63 Aug 26 13:09:10.962075: | 9d 67 c1 04 17 ef cf 9c 27 f6 21 f0 d9 01 78 78 Aug 26 13:09:10.962078: | 54 1b 07 72 b5 3c fa 1a f7 7f a5 65 e0 27 01 55 Aug 26 13:09:10.962080: | fa 42 a1 e1 68 7e f9 87 ab 27 97 11 ba ae 7b b9 Aug 26 13:09:10.962082: | 24 44 f5 d1 ff 61 a9 52 84 3a 96 d3 91 ad b3 5b Aug 26 13:09:10.962085: | f1 3b a0 87 66 9d 56 39 1e 4f c1 83 0b 66 ab fb Aug 26 13:09:10.962088: | a5 e5 aa 16 77 03 bd cb d3 be 52 03 a0 e2 43 6f Aug 26 13:09:10.962090: | f9 47 2f 01 0c 8d bd 4e 2c 1c df 9d 5f cf 90 d7 Aug 26 13:09:10.962092: | 57 4b 56 6f 54 43 f0 2e 86 b0 af be 73 c9 4f e3 Aug 26 13:09:10.962095: | 45 d7 0d 9f db 7b 51 d4 f3 25 14 bb 89 05 c2 55 Aug 26 13:09:10.962097: | d9 ef 37 24 7a 7a 1a df 82 61 35 cd 04 df 7f 1d Aug 26 13:09:10.962099: | 62 03 a7 93 c7 9e 4f 60 88 48 c6 a3 60 5c d7 ef Aug 26 13:09:10.962102: | 8f 21 0b 87 67 b8 27 28 5e f5 e7 1e c0 94 a9 52 Aug 26 13:09:10.962104: | 25 76 9a b8 b8 84 41 4d 5b 97 7d 3d 4c 2a 73 4a Aug 26 13:09:10.962107: | a4 4f ae 63 8d b9 eb 13 c7 45 35 61 cb e0 15 7e Aug 26 13:09:10.962109: | da 9e c2 b9 9e b0 4e d1 09 21 7a f7 78 6f 2c c5 Aug 26 13:09:10.962111: | 74 78 ca 92 bd 1b 28 17 88 5c df 3e ca a7 b9 65 Aug 26 13:09:10.962114: | c4 d1 79 6d e3 4a ff 53 b8 71 97 78 ff da 69 04 Aug 26 13:09:10.962117: | 38 09 d9 f0 87 12 4b 65 82 b5 03 d0 56 30 56 aa Aug 26 13:09:10.962119: | d5 96 47 86 4e b7 86 1d 92 c1 99 Aug 26 13:09:10.962124: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.962127: | **parse ISAKMP Message: Aug 26 13:09:10.962134: | initiator cookie: Aug 26 13:09:10.962136: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.962139: | responder cookie: Aug 26 13:09:10.962141: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962145: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.962148: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.962150: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.962153: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.962156: | Message ID: 1 (0x1) Aug 26 13:09:10.962158: | length: 539 (0x21b) Aug 26 13:09:10.962162: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.962165: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.962169: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.962175: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.962178: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.962183: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962187: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962190: | #2 is idle Aug 26 13:09:10.962193: | #2 idle Aug 26 13:09:10.962196: | unpacking clear payload Aug 26 13:09:10.962198: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.962201: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.962204: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.962207: | flags: none (0x0) Aug 26 13:09:10.962209: | length: 511 (0x1ff) Aug 26 13:09:10.962212: | fragment number: 3 (0x3) Aug 26 13:09:10.962215: | total fragments: 5 (0x5) Aug 26 13:09:10.962218: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.962221: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.962225: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 13:09:10.962230: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.962236: | #1 spent 0.207 milliseconds in ikev2_process_packet() Aug 26 13:09:10.962241: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.962244: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.962247: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.962252: | spent 0.223 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.962259: | spent 0.00144 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.962268: | *received 539 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.962272: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962275: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:09:10.962278: | 00 04 00 05 5d fb 38 4e 99 a7 bf 17 5b 1a a2 fe Aug 26 13:09:10.962281: | a4 38 96 55 64 46 d3 6e 87 9c 36 67 8e f8 f6 09 Aug 26 13:09:10.962283: | 2e 99 f8 ed 27 76 a4 ea 40 62 dd 50 df ee 71 ca Aug 26 13:09:10.962286: | 78 75 f5 3f d1 0a 62 df cc 01 1f f4 7b 49 eb e2 Aug 26 13:09:10.962305: | c3 65 2a 76 7e 2d 95 d3 18 f5 58 37 52 08 f6 70 Aug 26 13:09:10.962312: | c6 7a 09 59 20 3f 3d a7 1b 1a c7 fa 09 4a c1 ee Aug 26 13:09:10.962315: | dc c8 e7 bc 37 41 39 73 a3 05 a6 67 19 1b ea b6 Aug 26 13:09:10.962318: | 8d 7e 83 82 14 35 fb f3 63 9c bf 67 b3 7a a3 b1 Aug 26 13:09:10.962320: | b5 2d b0 ac bd fd e8 d5 13 9d 7c a4 c8 4a a5 63 Aug 26 13:09:10.962322: | 94 d0 c7 b7 5a 0e 94 ea dc 8c 3e 03 09 fa 2c c0 Aug 26 13:09:10.962325: | 59 29 72 19 38 a6 2c eb 5c 12 5f e5 7b 60 8f 41 Aug 26 13:09:10.962328: | aa 9d 71 02 68 62 2e a7 b5 d1 cb ad 87 92 b3 fc Aug 26 13:09:10.962332: | d3 98 db b6 b8 b1 6d f8 73 7c 85 13 2e 90 66 93 Aug 26 13:09:10.962335: | 9e 7f b9 5a 35 1f 2b bb df ea 6a 11 72 5f 93 b4 Aug 26 13:09:10.962338: | a0 f5 b8 76 bb b0 3b 4d de aa 50 c1 76 fb cb cf Aug 26 13:09:10.962340: | b3 11 76 a0 ad 2d d7 3a 73 75 8e 76 98 d5 d3 53 Aug 26 13:09:10.962343: | 69 97 d9 1b 6f 37 ac 75 a0 8b 2e 8a bb 39 a0 08 Aug 26 13:09:10.962346: | bc 48 12 7c 1e 9b 0c b5 fd a4 ef f3 c4 ad bb 87 Aug 26 13:09:10.962348: | 8b 1a cd 03 f0 13 52 6e c1 49 11 ca 81 ea b9 f9 Aug 26 13:09:10.962351: | 5e bf 7a 09 73 8d 27 50 76 e9 b7 ce 5e 40 01 88 Aug 26 13:09:10.962354: | 50 7a 3f de 4b 75 a0 62 a9 3a fa 1b 34 39 87 4d Aug 26 13:09:10.962357: | 22 ce c5 e5 65 03 05 50 fa fe de 0b bd db f2 b3 Aug 26 13:09:10.962359: | a9 60 bd d4 dc 7c 97 d6 0a bc e1 0a 72 55 95 92 Aug 26 13:09:10.962362: | 37 6e bb f5 48 6d 2d f2 31 21 68 09 b3 fc 98 fa Aug 26 13:09:10.962365: | 2a 93 f6 aa 23 57 a5 ff 0d 21 d8 77 88 30 a5 73 Aug 26 13:09:10.962367: | c8 37 a8 9b 39 15 64 51 aa d1 2b d4 fc 93 4b df Aug 26 13:09:10.962370: | cd 82 58 39 d3 16 bb 68 a4 c4 17 29 a9 1f 02 1f Aug 26 13:09:10.962372: | ed 92 6b 8a 64 fd 78 7e 90 4e 12 db 1f 11 97 57 Aug 26 13:09:10.962374: | 33 b3 d5 a8 62 21 e9 83 1a 09 2f 00 7c 33 12 f5 Aug 26 13:09:10.962377: | c1 3e b5 4b 89 55 c0 05 21 ca e5 fd 29 1a b7 01 Aug 26 13:09:10.962379: | 40 97 53 72 c3 d1 44 27 81 c8 a6 c0 55 2f 5f d1 Aug 26 13:09:10.962381: | b6 12 3b fd c8 7b 06 e5 60 bb b3 Aug 26 13:09:10.962385: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.962389: | **parse ISAKMP Message: Aug 26 13:09:10.962391: | initiator cookie: Aug 26 13:09:10.962394: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.962396: | responder cookie: Aug 26 13:09:10.962399: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962401: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.962404: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.962406: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.962409: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.962412: | Message ID: 1 (0x1) Aug 26 13:09:10.962414: | length: 539 (0x21b) Aug 26 13:09:10.962417: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.962420: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.962424: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.962430: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.962433: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.962438: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962442: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962444: | #2 is idle Aug 26 13:09:10.962447: | #2 idle Aug 26 13:09:10.962449: | unpacking clear payload Aug 26 13:09:10.962452: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.962454: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.962457: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.962460: | flags: none (0x0) Aug 26 13:09:10.962462: | length: 511 (0x1ff) Aug 26 13:09:10.962465: | fragment number: 4 (0x4) Aug 26 13:09:10.962467: | total fragments: 5 (0x5) Aug 26 13:09:10.962470: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:09:10.962473: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.962476: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 13:09:10.962481: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:10.962487: | #1 spent 0.208 milliseconds in ikev2_process_packet() Aug 26 13:09:10.962492: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:10.962495: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:10.962498: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:10.962502: | spent 0.223 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:10.962510: | spent 0.00141 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:10.962517: | *received 81 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:10.962519: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962521: | 35 20 23 20 00 00 00 01 00 00 00 51 00 00 00 35 Aug 26 13:09:10.962522: | 00 05 00 05 0f b2 bd 50 55 92 56 b2 7f a1 07 0e Aug 26 13:09:10.962524: | 73 04 fc 18 36 bd 12 2e 72 6d dc 71 3a ac 7c e2 Aug 26 13:09:10.962525: | 59 0f 95 67 59 04 59 58 df a6 5f 21 34 c8 6a e8 Aug 26 13:09:10.962527: | 05 Aug 26 13:09:10.962529: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:10.962531: | **parse ISAKMP Message: Aug 26 13:09:10.962533: | initiator cookie: Aug 26 13:09:10.962534: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:10.962536: | responder cookie: Aug 26 13:09:10.962537: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:10.962539: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:09:10.962541: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:10.962542: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:10.962544: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:10.962545: | Message ID: 1 (0x1) Aug 26 13:09:10.962547: | length: 81 (0x51) Aug 26 13:09:10.962549: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:10.962551: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:10.962553: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:10.962556: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:10.962558: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:10.962561: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962563: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:10.962565: | #2 is idle Aug 26 13:09:10.962566: | #2 idle Aug 26 13:09:10.962568: | unpacking clear payload Aug 26 13:09:10.962569: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:09:10.962571: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:09:10.962573: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.962575: | flags: none (0x0) Aug 26 13:09:10.962576: | length: 53 (0x35) Aug 26 13:09:10.962578: | fragment number: 5 (0x5) Aug 26 13:09:10.962579: | total fragments: 5 (0x5) Aug 26 13:09:10.962581: | processing payload: ISAKMP_NEXT_v2SKF (len=45) Aug 26 13:09:10.962583: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:10.962585: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 13:09:10.962608: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:10.962610: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:10.962612: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:10.962614: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 13:09:10.962616: | flags: none (0x0) Aug 26 13:09:10.962617: | length: 191 (0xbf) Aug 26 13:09:10.962619: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:09:10.962621: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 13:09:10.962622: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 13:09:10.962626: | **parse IKEv2 Certificate Payload: Aug 26 13:09:10.962628: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:10.962629: | flags: none (0x0) Aug 26 13:09:10.962631: | length: 1265 (0x4f1) Aug 26 13:09:10.962633: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:09:10.962634: | processing payload: ISAKMP_NEXT_v2CERT (len=1260) Aug 26 13:09:10.962636: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:10.962638: | **parse IKEv2 Authentication Payload: Aug 26 13:09:10.962639: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:10.962641: | flags: none (0x0) Aug 26 13:09:10.962642: | length: 392 (0x188) Aug 26 13:09:10.962644: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:10.962646: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 13:09:10.962647: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:10.962649: | **parse IKEv2 Security Association Payload: Aug 26 13:09:10.962651: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:10.962652: | flags: none (0x0) Aug 26 13:09:10.962654: | length: 36 (0x24) Aug 26 13:09:10.962655: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:09:10.962657: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:10.962659: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:10.962660: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:10.962662: | flags: none (0x0) Aug 26 13:09:10.962664: | length: 24 (0x18) Aug 26 13:09:10.962665: | number of TS: 1 (0x1) Aug 26 13:09:10.962667: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:10.962668: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:10.962670: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:10.962672: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:10.962673: | flags: none (0x0) Aug 26 13:09:10.962675: | length: 24 (0x18) Aug 26 13:09:10.962676: | number of TS: 1 (0x1) Aug 26 13:09:10.962678: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:10.962680: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:09:10.962682: | Now let's proceed with state specific processing Aug 26 13:09:10.962683: | calling processor Initiator: process IKE_AUTH response Aug 26 13:09:10.962688: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:09:10.962691: loading root certificate cache Aug 26 13:09:10.966476: | spent 3.73 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:09:10.966523: | spent 0.0275 milliseconds in get_root_certs() filtering CAs Aug 26 13:09:10.966531: | #1 spent 3.8 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:09:10.966535: | checking for known CERT payloads Aug 26 13:09:10.966539: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:09:10.966573: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.966579: | #1 spent 0.0425 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:09:10.966582: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.966618: | #1 spent 0.035 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:09:10.966622: | missing or expired CRL Aug 26 13:09:10.966624: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:09:10.966626: | verify_end_cert trying profile IPsec Aug 26 13:09:10.966711: | certificate is valid (profile IPsec) Aug 26 13:09:10.966717: | #1 spent 0.0916 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:09:10.966721: "northnet-eastnets/0x1" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:09:10.966799: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55aae08 Aug 26 13:09:10.966808: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55aa448 Aug 26 13:09:10.966812: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55a1b98 Aug 26 13:09:10.966815: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55a3b88 Aug 26 13:09:10.966817: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x563af55ad628 Aug 26 13:09:10.967008: | unreference key: 0x563af55b0468 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:10.967017: | #1 spent 0.284 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:09:10.967020: | #1 spent 4.29 milliseconds in decode_certs() Aug 26 13:09:10.967023: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:09:10.967024: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:09:10.967026: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:09:10.967028: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:09:10.967029: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:09:10.967031: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:09:10.967032: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:09:10.967034: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.967035: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:09:10.967037: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:09:10.967038: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:09:10.967040: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:09:10.967047: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.967050: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 13:09:10.967052: | X509: CERT and ID matches current connection Aug 26 13:09:10.967056: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967060: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.967088: | verifying AUTH payload Aug 26 13:09:10.967100: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967107: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:09:10.967111: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967114: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967118: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.967220: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 13:09:10.967224: | #1 spent 0.103 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:10.967226: "northnet-eastnets/0x1" #2: Authenticated using RSA Aug 26 13:09:10.967236: | #1 spent 0.142 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:10.967241: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:09:10.967246: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:09:10.967249: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:10.967253: | libevent_free: release ptr-libevent@0x7fa820002888 Aug 26 13:09:10.967257: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563af558ade8 Aug 26 13:09:10.967260: | event_schedule: new EVENT_SA_REKEY-pe@0x563af558ade8 Aug 26 13:09:10.967264: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:09:10.967268: | libevent_malloc: new ptr-libevent@0x563af55b3228 size 128 Aug 26 13:09:10.967371: | pstats #1 ikev2.ike established Aug 26 13:09:10.967381: | TSi: parsing 1 traffic selectors Aug 26 13:09:10.967386: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.967389: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.967392: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.967395: | length: 16 (0x10) Aug 26 13:09:10.967398: | start port: 0 (0x0) Aug 26 13:09:10.967400: | end port: 65535 (0xffff) Aug 26 13:09:10.967403: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.967406: | TS low c0 00 03 00 Aug 26 13:09:10.967409: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.967412: | TS high c0 00 03 ff Aug 26 13:09:10.967414: | TSi: parsed 1 traffic selectors Aug 26 13:09:10.967417: | TSr: parsing 1 traffic selectors Aug 26 13:09:10.967420: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:10.967423: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:10.967425: | IP Protocol ID: 0 (0x0) Aug 26 13:09:10.967427: | length: 16 (0x10) Aug 26 13:09:10.967429: | start port: 0 (0x0) Aug 26 13:09:10.967432: | end port: 65535 (0xffff) Aug 26 13:09:10.967434: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:10.967437: | TS low c0 00 02 00 Aug 26 13:09:10.967439: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:10.967442: | TS high c0 00 02 ff Aug 26 13:09:10.967444: | TSr: parsed 1 traffic selectors Aug 26 13:09:10.967450: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:10.967455: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.967462: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:10.967466: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:10.967469: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:10.967472: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:10.967476: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.967480: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:10.967487: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:10.967490: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:10.967493: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:10.967496: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:10.967499: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:10.967502: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:10.967505: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:10.967507: | printing contents struct traffic_selector Aug 26 13:09:10.967510: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.967512: | ipprotoid: 0 Aug 26 13:09:10.967515: | port range: 0-65535 Aug 26 13:09:10.967518: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:10.967521: | printing contents struct traffic_selector Aug 26 13:09:10.967523: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:10.967526: | ipprotoid: 0 Aug 26 13:09:10.967531: | port range: 0-65535 Aug 26 13:09:10.967535: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:10.967548: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:09:10.967553: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:09:10.967558: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:10.967561: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:10.967564: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:10.967567: | local proposal 1 type DH has 1 transforms Aug 26 13:09:10.967569: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:10.967573: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.967576: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:10.967579: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:10.967581: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:10.967582: | local proposal 2 type DH has 1 transforms Aug 26 13:09:10.967584: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:10.967586: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:09:10.967588: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:10.967589: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:10.967591: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:10.967592: | local proposal 3 type DH has 1 transforms Aug 26 13:09:10.967594: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:10.967596: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.967597: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:10.967599: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:10.967601: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:10.967602: | local proposal 4 type DH has 1 transforms Aug 26 13:09:10.967604: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:10.967606: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:10.967608: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:10.967610: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:10.967612: | length: 32 (0x20) Aug 26 13:09:10.967613: | prop #: 1 (0x1) Aug 26 13:09:10.967615: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:10.967617: | spi size: 4 (0x4) Aug 26 13:09:10.967618: | # transforms: 2 (0x2) Aug 26 13:09:10.967620: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:10.967622: | remote SPI c8 9c 97 23 Aug 26 13:09:10.967624: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:10.967626: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.967628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:10.967629: | length: 12 (0xc) Aug 26 13:09:10.967631: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:10.967633: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:10.967635: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:10.967636: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:10.967638: | length/value: 256 (0x100) Aug 26 13:09:10.967641: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:10.967643: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:10.967645: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:10.967646: | length: 8 (0x8) Aug 26 13:09:10.967648: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:10.967649: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:10.967653: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:10.967656: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:09:10.967658: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:09:10.967660: | remote proposal 1 matches local proposal 1 Aug 26 13:09:10.967662: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:09:10.967666: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=c89c9723;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:09:10.967667: | converting proposal to internal trans attrs Aug 26 13:09:10.967672: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:10.967815: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:09:10.967820: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:10.967823: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.967825: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.967827: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.967829: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.967830: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.967833: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.967836: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.967839: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.967842: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.967845: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.967850: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.967853: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.967857: | netlink: enabling tunnel mode Aug 26 13:09:10.967860: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.967863: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.967946: | netlink response for Add SA esp.c89c9723@192.1.2.23 included non-error error Aug 26 13:09:10.967951: | set up outgoing SA, ref=0/0 Aug 26 13:09:10.967955: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:10.967958: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:10.967961: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:10.967964: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:10.967968: | setting IPsec SA replay-window to 32 Aug 26 13:09:10.967971: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:09:10.967974: | netlink: enabling tunnel mode Aug 26 13:09:10.967976: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:10.967979: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:10.968026: | netlink response for Add SA esp.e2708c7e@192.1.3.33 included non-error error Aug 26 13:09:10.968032: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.968040: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:10.968043: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.968068: | raw_eroute result=success Aug 26 13:09:10.968072: | set up incoming SA, ref=0/0 Aug 26 13:09:10.968075: | sr for #2: unrouted Aug 26 13:09:10.968079: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:10.968082: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:10.968085: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.968088: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:10.968091: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:10.968096: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:10.968099: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:10.968101: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:09:10.968104: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:10.968108: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:09:10.968111: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:10.968122: | raw_eroute result=success Aug 26 13:09:10.968125: | running updown command "ipsec _updown" for verb up Aug 26 13:09:10.968127: | command executing up-client Aug 26 13:09:10.968162: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.968168: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.968180: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:09:10.968183: | popen cmd is 1406 chars long Aug 26 13:09:10.968185: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:10.968187: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 13:09:10.968188: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 13:09:10.968190: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:10.968192: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:10.968193: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 13:09:10.968195: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:10.968197: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 13:09:10.968198: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Aug 26 13:09:10.968200: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:09:10.968202: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.968203: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 13:09:10.968205: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF: Aug 26 13:09:10.968207: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 13:09:10.968208: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 13:09:10.968210: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 13:09:10.968214: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 13:09:10.968215: | cmd(1360):c89c9723 SPI_OUT=0xe2708c7e ipsec _updown 2>&1: Aug 26 13:09:10.977787: | route_and_eroute: firewall_notified: true Aug 26 13:09:10.977808: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:10.977811: | command executing prepare-client Aug 26 13:09:10.977832: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.977837: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.977852: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 13:09:10.977854: | popen cmd is 1411 chars long Aug 26 13:09:10.977856: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:10.977858: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:10.977860: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:10.977861: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:10.977863: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:10.977865: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 13:09:10.977866: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 13:09:10.977868: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 13:09:10.977870: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Aug 26 13:09:10.977871: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:10.977873: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:10.977875: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:10.977877: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 13:09:10.977878: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 13:09:10.977880: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 13:09:10.977882: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 13:09:10.977883: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 13:09:10.977885: | cmd(1360):IN=0xc89c9723 SPI_OUT=0xe2708c7e ipsec _updown 2>&1: Aug 26 13:09:10.988391: | running updown command "ipsec _updown" for verb route Aug 26 13:09:10.988412: | command executing route-client Aug 26 13:09:10.988433: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.988438: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:10.988453: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 13:09:10.988455: | popen cmd is 1409 chars long Aug 26 13:09:10.988457: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:10.988459: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 13:09:10.988461: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 13:09:10.988462: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:10.988464: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:10.988466: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:09:10.988467: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:10.988469: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 13:09:10.988471: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Aug 26 13:09:10.988473: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 13:09:10.988474: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 13:09:10.988476: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 13:09:10.988478: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SA: Aug 26 13:09:10.988479: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 13:09:10.988481: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 13:09:10.988483: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 13:09:10.988484: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 13:09:10.988486: | cmd(1360):=0xc89c9723 SPI_OUT=0xe2708c7e ipsec _updown 2>&1: Aug 26 13:09:11.000533: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x563af5581008,sr=0x563af5581008} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:11.000623: | #1 spent 1.6 milliseconds in install_ipsec_sa() Aug 26 13:09:11.000632: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:09:11.000636: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:11.000643: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:09:11.000655: | libevent_free: release ptr-libevent@0x563af559a498 Aug 26 13:09:11.000662: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fa820002b78 Aug 26 13:09:11.000668: | #2 spent 6.72 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:09:11.000678: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.000682: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:09:11.000685: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:09:11.000689: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:11.000693: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:09:11.000698: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:09:11.000703: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.000706: | pstats #2 ikev2.child established Aug 26 13:09:11.000716: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:09:11.000728: | NAT-T: encaps is 'auto' Aug 26 13:09:11.000734: "northnet-eastnets/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xc89c9723 <0xe2708c7e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:09:11.000738: | releasing whack for #2 (sock=fd@26) Aug 26 13:09:11.000743: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 13:09:11.000746: | releasing whack and unpending for parent #1 Aug 26 13:09:11.000749: | unpending state #1 connection "northnet-eastnets/0x1" Aug 26 13:09:11.000758: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Aug 26 13:09:11.000762: | removing pending policy for no connection {0x563af556d9a8} Aug 26 13:09:11.000768: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:11.000777: | creating state object #3 at 0x563af55a1098 Aug 26 13:09:11.000780: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:09:11.000790: | pstats #3 ikev2.child started Aug 26 13:09:11.000794: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:09:11.000800: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:11.000812: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:11.000818: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:11.000823: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:11.000827: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 13:09:11.000830: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:11.000834: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Aug 26 13:09:11.000839: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:11.000846: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.000850: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:11.000854: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.000858: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:11.000863: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.000868: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:11.000873: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.000883: "northnet-eastnets/0x2": constructed local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.000896: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Aug 26 13:09:11.000900: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fa820002b78 Aug 26 13:09:11.000904: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:09:11.000912: | libevent_malloc: new ptr-libevent@0x563af55b0308 size 128 Aug 26 13:09:11.000921: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:11.000926: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:11.000931: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Aug 26 13:09:11.000934: | removing pending policy for no connection {0x563af546e898} Aug 26 13:09:11.000938: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:09:11.000944: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:09:11.000947: | event_schedule: new EVENT_SA_REKEY-pe@0x563af55a3de8 Aug 26 13:09:11.000951: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:09:11.000954: | libevent_malloc: new ptr-libevent@0x563af5583808 size 128 Aug 26 13:09:11.000957: | libevent_realloc: release ptr-libevent@0x563af551a268 Aug 26 13:09:11.000963: | libevent_realloc: new ptr-libevent@0x563af5582ee8 size 128 Aug 26 13:09:11.000968: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:11.000973: | #1 spent 7.19 milliseconds in ikev2_process_packet() Aug 26 13:09:11.000979: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:11.000982: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:11.000987: | spent 7.2 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:11.001001: | timer_event_cb: processing event@0x7fa820002b78 Aug 26 13:09:11.001005: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:09:11.001011: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:11.001018: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:09:11.001021: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:11.001025: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:11.001028: | libevent_malloc: new ptr-libevent@0x563af55821a8 size 128 Aug 26 13:09:11.001037: | libevent_free: release ptr-libevent@0x563af55b0308 Aug 26 13:09:11.001040: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fa820002b78 Aug 26 13:09:11.001045: | #3 spent 0.0432 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:11.001046: | crypto helper 1 resuming Aug 26 13:09:11.001051: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:09:11.001061: | crypto helper 1 starting work-order 3 for state #3 Aug 26 13:09:11.001064: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.001069: | crypto helper 1 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Aug 26 13:09:11.001070: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.001080: | spent 0.00932 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.001082: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.001085: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.001087: | spent 0.00264 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.001089: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.001091: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.001094: | spent 0.00249 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.002038: | crypto helper 1 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000968 seconds Aug 26 13:09:11.002054: | (#3) spent 0.979 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Aug 26 13:09:11.002059: | crypto helper 1 sending results from work-order 3 for state #3 to event queue Aug 26 13:09:11.002063: | scheduling resume sending helper answer for #3 Aug 26 13:09:11.002067: | libevent_malloc: new ptr-libevent@0x7fa81c002888 size 128 Aug 26 13:09:11.002077: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:11.002084: | processing resume sending helper answer for #3 Aug 26 13:09:11.002094: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:11.002097: | crypto helper 1 replies to request ID 3 Aug 26 13:09:11.002099: | calling continuation function 0x563af528ab50 Aug 26 13:09:11.002103: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Aug 26 13:09:11.002105: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.002107: | libevent_free: release ptr-libevent@0x563af55821a8 Aug 26 13:09:11.002109: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:11.002112: | event_schedule: new EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:11.002114: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:09:11.002116: | libevent_malloc: new ptr-libevent@0x563af55821a8 size 128 Aug 26 13:09:11.002120: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.002122: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:09:11.002124: | libevent_malloc: new ptr-libevent@0x563af55b0308 size 128 Aug 26 13:09:11.002127: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.002130: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 13:09:11.002132: | suspending state #3 and saving MD Aug 26 13:09:11.002134: | #3 is busy; has a suspended MD Aug 26 13:09:11.002136: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:11.002139: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:11.002141: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:09:11.002145: | #3 spent 0.0471 milliseconds in resume sending helper answer Aug 26 13:09:11.002148: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:11.002150: | libevent_free: release ptr-libevent@0x7fa81c002888 Aug 26 13:09:11.002154: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:09:11.002157: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:09:11.002160: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.002163: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:11.002168: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:11.002189: | **emit ISAKMP Message: Aug 26 13:09:11.002192: | initiator cookie: Aug 26 13:09:11.002193: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:11.002195: | responder cookie: Aug 26 13:09:11.002196: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.002198: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:11.002200: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.002202: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:11.002205: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:11.002207: | Message ID: 2 (0x2) Aug 26 13:09:11.002209: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:11.002211: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:11.002213: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002215: | flags: none (0x0) Aug 26 13:09:11.002217: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:11.002219: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002222: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:11.002242: | netlink_get_spi: allocated 0x4c107ad5 for esp.0@192.1.3.33 Aug 26 13:09:11.002245: | Emitting ikev2_proposals ... Aug 26 13:09:11.002247: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:11.002249: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002250: | flags: none (0x0) Aug 26 13:09:11.002252: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:11.002254: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002256: | discarding INTEG=NONE Aug 26 13:09:11.002258: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.002260: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002262: | prop #: 1 (0x1) Aug 26 13:09:11.002264: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.002265: | spi size: 4 (0x4) Aug 26 13:09:11.002267: | # transforms: 3 (0x3) Aug 26 13:09:11.002269: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.002271: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:11.002273: | our spi 4c 10 7a d5 Aug 26 13:09:11.002275: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002276: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002278: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.002280: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.002282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002284: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.002286: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.002302: | length/value: 256 (0x100) Aug 26 13:09:11.002308: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.002310: | discarding INTEG=NONE Aug 26 13:09:11.002311: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002315: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.002316: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.002319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002324: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002326: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002327: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.002329: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.002331: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.002333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002334: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002336: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002338: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:11.002340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.002342: | discarding INTEG=NONE Aug 26 13:09:11.002343: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.002345: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002346: | prop #: 2 (0x2) Aug 26 13:09:11.002348: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.002350: | spi size: 4 (0x4) Aug 26 13:09:11.002351: | # transforms: 3 (0x3) Aug 26 13:09:11.002353: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002356: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.002359: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:11.002362: | our spi 4c 10 7a d5 Aug 26 13:09:11.002364: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002369: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.002372: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.002375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002378: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.002381: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.002384: | length/value: 128 (0x80) Aug 26 13:09:11.002386: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.002389: | discarding INTEG=NONE Aug 26 13:09:11.002392: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002394: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002397: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.002400: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.002403: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002406: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002409: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002412: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002414: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.002430: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.002432: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.002435: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002438: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002456: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002460: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:11.002463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.002466: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.002468: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002471: | prop #: 3 (0x3) Aug 26 13:09:11.002473: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.002475: | spi size: 4 (0x4) Aug 26 13:09:11.002478: | # transforms: 5 (0x5) Aug 26 13:09:11.002481: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002484: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.002487: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:11.002489: | our spi 4c 10 7a d5 Aug 26 13:09:11.002492: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002494: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002497: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.002499: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.002502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002505: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.002507: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.002510: | length/value: 256 (0x100) Aug 26 13:09:11.002513: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.002515: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002520: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.002523: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.002526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002532: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002535: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002538: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.002540: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.002542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002546: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002547: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002551: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.002552: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.002554: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002556: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002558: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002559: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002561: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.002564: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.002566: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.002568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002571: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002573: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:11.002575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.002577: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.002578: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.002580: | prop #: 4 (0x4) Aug 26 13:09:11.002581: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.002583: | spi size: 4 (0x4) Aug 26 13:09:11.002585: | # transforms: 5 (0x5) Aug 26 13:09:11.002587: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.002588: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.002590: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:11.002592: | our spi 4c 10 7a d5 Aug 26 13:09:11.002594: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002595: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002597: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.002599: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.002600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002602: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.002604: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.002606: | length/value: 128 (0x80) Aug 26 13:09:11.002607: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.002609: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002612: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.002614: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.002616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002619: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002621: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002624: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.002626: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.002628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002631: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002633: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002635: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.002638: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.002641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002646: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.002648: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.002649: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.002651: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.002653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.002655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.002656: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.002658: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:11.002660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.002661: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:09:11.002663: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:11.002665: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:11.002667: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002669: | flags: none (0x0) Aug 26 13:09:11.002671: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.002673: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002676: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:11.002679: | IKEv2 nonce 2e ee fb e7 66 4a d8 b2 42 94 fe ff f4 78 a1 a7 Aug 26 13:09:11.002681: | IKEv2 nonce a8 29 05 34 ab 7c bb 6a d6 cf f7 a6 c8 14 4b 17 Aug 26 13:09:11.002684: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:11.002686: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:11.002689: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002691: | flags: none (0x0) Aug 26 13:09:11.002693: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.002697: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:11.002701: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002705: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:11.002708: | ikev2 g^x ed 2c ee eb 3a 1a 46 7a cc 06 22 6f f6 c9 2d fc Aug 26 13:09:11.002711: | ikev2 g^x 0b 9a 9b 12 7b 77 46 34 87 d6 50 71 9c 48 24 61 Aug 26 13:09:11.002714: | ikev2 g^x e9 34 3d d4 95 f7 a0 f4 3d 83 30 d8 00 df 08 4c Aug 26 13:09:11.002717: | ikev2 g^x 14 40 04 d5 4b c1 6d 65 5d 43 35 11 42 ab d7 d7 Aug 26 13:09:11.002720: | ikev2 g^x 25 7f 91 89 2a bf 27 c7 8f 1a 75 b0 90 a7 7f ee Aug 26 13:09:11.002723: | ikev2 g^x 7e b5 4e fe 23 0e a8 14 90 51 3f 28 12 dc 4a 12 Aug 26 13:09:11.002725: | ikev2 g^x 92 c7 69 b8 51 5d 26 fa cf da 11 30 4a d2 df ce Aug 26 13:09:11.002728: | ikev2 g^x d5 03 40 e5 9e 10 9f 0d a9 34 3e 3d 22 0a 5a 8d Aug 26 13:09:11.002731: | ikev2 g^x 5b 88 04 8d 2b 8c c3 76 5e 9c 8c 82 07 d8 f7 e9 Aug 26 13:09:11.002734: | ikev2 g^x 84 7b 0a 1f 43 2a 53 69 5b 71 b0 57 d8 f6 72 46 Aug 26 13:09:11.002737: | ikev2 g^x 42 d5 3b fb 2f 5b f6 37 41 eb 1a e6 27 a4 68 61 Aug 26 13:09:11.002741: | ikev2 g^x 63 07 a8 e7 06 55 1e 97 7b d1 d2 9d a1 4a 23 3f Aug 26 13:09:11.002746: | ikev2 g^x f0 58 dd 02 fb 82 1c b1 cb 68 71 e5 c0 bf f6 3d Aug 26 13:09:11.002749: | ikev2 g^x 84 5f a3 84 33 bf 08 e6 fd 23 6e df 20 4f 5f 46 Aug 26 13:09:11.002752: | ikev2 g^x 21 fd 2a 54 67 6a 75 1a 2f d9 22 9f 38 8c 56 2b Aug 26 13:09:11.002755: | ikev2 g^x 27 e9 ca d6 47 80 ae 1e 20 eb db a2 35 8e b5 f7 Aug 26 13:09:11.002758: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:11.002761: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:11.002765: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002768: | flags: none (0x0) Aug 26 13:09:11.002771: | number of TS: 1 (0x1) Aug 26 13:09:11.002775: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:11.002778: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002782: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:11.002785: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.002788: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.002791: | start port: 0 (0x0) Aug 26 13:09:11.002794: | end port: 65535 (0xffff) Aug 26 13:09:11.002798: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:11.002800: | ipv4 start c0 00 03 00 Aug 26 13:09:11.002804: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:11.002807: | ipv4 end c0 00 03 ff Aug 26 13:09:11.002810: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:11.002812: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:11.002815: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:11.002817: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.002820: | flags: none (0x0) Aug 26 13:09:11.002822: | number of TS: 1 (0x1) Aug 26 13:09:11.002825: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:11.002829: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.002831: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:11.002834: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.002836: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.002839: | start port: 0 (0x0) Aug 26 13:09:11.002842: | end port: 65535 (0xffff) Aug 26 13:09:11.002845: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:11.002847: | ipv4 start c0 00 16 00 Aug 26 13:09:11.002850: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:11.002853: | ipv4 end c0 00 16 ff Aug 26 13:09:11.002856: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:11.002859: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:11.002861: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:11.002865: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:11.002868: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:11.002872: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:11.002874: | emitting length of IKEv2 Encryption Payload: 573 Aug 26 13:09:11.002877: | emitting length of ISAKMP Message: 601 Aug 26 13:09:11.002904: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.002908: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 13:09:11.002911: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 13:09:11.002914: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 13:09:11.002919: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:09:11.002922: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:11.002926: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:09:11.002929: "northnet-eastnets/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:11.002942: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:11.002950: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:11.002954: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.002957: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Aug 26 13:09:11.002959: | 7e 99 d5 e0 b7 48 07 c0 96 71 06 00 d1 ed 5e 99 Aug 26 13:09:11.002962: | 57 31 bd bd 93 e9 37 0b e5 47 34 eb dc 43 70 56 Aug 26 13:09:11.002964: | d7 c2 b6 64 23 99 2c 89 c4 0a 57 92 8f 08 d9 b5 Aug 26 13:09:11.002967: | 43 2f 62 7a 66 c4 ad d7 8e 3c c9 11 0e 21 60 cf Aug 26 13:09:11.002969: | a2 4b 2e bd 46 77 c1 ac da 39 70 30 15 6b d4 4c Aug 26 13:09:11.002971: | aa ab 02 51 09 09 87 fb 8b db 04 86 82 7f aa 56 Aug 26 13:09:11.002973: | fd f2 82 b0 43 0c 6f 2d d3 16 5c 57 80 7f aa 97 Aug 26 13:09:11.002976: | ad b3 48 5d 2f ba f9 ff 14 e3 cc ca b7 f6 b5 44 Aug 26 13:09:11.002978: | 2b 0a a5 7c 0b e6 cd bb 08 13 68 5f 61 0c 25 f7 Aug 26 13:09:11.002981: | ba e0 63 3e 11 8e c0 39 00 14 1c 6c d5 20 84 49 Aug 26 13:09:11.002983: | 9e cc 7b 7a 5e e9 a4 b9 c2 3c f2 fa ed 92 8a 97 Aug 26 13:09:11.002986: | 12 d4 cd 88 0c 30 56 2a 2b da 74 6d 96 b0 3b 76 Aug 26 13:09:11.002989: | 22 9f 00 61 51 ee 32 2a 7f b2 3d 68 18 54 d3 e8 Aug 26 13:09:11.002991: | 37 04 be d5 10 84 63 c8 b0 8c eb d3 49 a5 c3 64 Aug 26 13:09:11.002994: | 22 46 1d 0e 8e f2 fd 09 92 7a 9f d7 8b 49 dc fa Aug 26 13:09:11.002997: | fd f5 bf 95 e9 90 3e c7 9f 9b 71 a5 96 41 a2 15 Aug 26 13:09:11.002999: | 20 69 9a 8e 30 8d 8c 96 67 34 36 8a b9 7e c9 8e Aug 26 13:09:11.003002: | c3 e3 07 cb 97 5e 5f 91 d7 2b 53 9e 20 6b 42 6d Aug 26 13:09:11.003005: | bf 09 73 7c 2e 5b 5c 1f 66 3a 45 e8 0a 58 78 98 Aug 26 13:09:11.003007: | cf 0e 01 e8 a8 b3 1d 3e 53 d7 16 36 e1 82 9d 80 Aug 26 13:09:11.003010: | 6e 8a b4 ac 33 09 09 81 40 a5 ad b9 c0 fd fd 4c Aug 26 13:09:11.003013: | 01 92 11 92 6b 67 93 78 e0 28 99 72 8f a8 08 10 Aug 26 13:09:11.003016: | 82 83 47 85 4b a9 3b 8b f1 8c 9d 93 00 dc 41 11 Aug 26 13:09:11.003018: | 81 80 51 3f 9f 30 8f 52 51 c0 ae 60 51 c9 ab ca Aug 26 13:09:11.003021: | 0a 5a 09 b2 88 43 bd bc 8c 4a a5 ba b2 79 f1 b7 Aug 26 13:09:11.003024: | a7 61 43 eb 5d 37 5a 41 32 b1 65 b6 9b e2 a3 ba Aug 26 13:09:11.003026: | 9d 0a c0 cb 8a 19 e8 7b f3 08 d3 53 f4 5d 03 38 Aug 26 13:09:11.003029: | 8f fb 5f 85 18 09 c4 4e cf a1 53 d2 a8 f8 67 9f Aug 26 13:09:11.003032: | 6b 28 cd f8 11 12 d4 69 68 2e 37 43 e9 c7 ae da Aug 26 13:09:11.003034: | 47 5c 3d 95 a3 0d 91 14 f6 77 7a a6 8f 79 11 23 Aug 26 13:09:11.003037: | 53 03 44 c4 45 23 16 c9 6f 52 18 d0 b4 94 fb 48 Aug 26 13:09:11.003040: | 18 23 1d 2f 67 56 5c 0d 08 dc 49 67 af 65 a0 51 Aug 26 13:09:11.003042: | 0b 6b 54 83 5e e2 d7 26 5b f0 80 f9 4d bd b5 a1 Aug 26 13:09:11.003045: | 5c b0 ae 12 74 c9 56 e7 13 06 87 9d 76 1c 66 74 Aug 26 13:09:11.003047: | 4e da 02 b4 01 2e 5b 00 fd 84 b5 f4 02 fb 70 99 Aug 26 13:09:11.003049: | ac d0 9c 4d fe ca 54 a4 cd Aug 26 13:09:11.003094: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:11.003098: | libevent_free: release ptr-libevent@0x563af55821a8 Aug 26 13:09:11.003101: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:11.003103: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:11.003105: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:11.003113: | event_schedule: new EVENT_RETRANSMIT-pe@0x563af551a268 Aug 26 13:09:11.003116: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Aug 26 13:09:11.003118: | libevent_malloc: new ptr-libevent@0x563af55821a8 size 128 Aug 26 13:09:11.003122: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10236.745579 Aug 26 13:09:11.003127: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:11.003130: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:11.003134: | #1 spent 0.937 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:09:11.003137: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:09:11.003139: | libevent_free: release ptr-libevent@0x563af55b0308 Aug 26 13:09:11.018225: | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:11.018248: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:11.018251: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.018253: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Aug 26 13:09:11.018255: | ec 07 02 cd b7 32 c3 d7 ba 0e 6d bb 27 c6 7d 72 Aug 26 13:09:11.018256: | aa 48 45 4b 3c 76 e0 f8 17 d0 31 6d 90 55 b1 0d Aug 26 13:09:11.018258: | be 9e 80 b1 5c 3a f8 75 36 c8 c4 cd 8d 7e 6c 7a Aug 26 13:09:11.018259: | 16 ad 51 e9 00 78 32 09 aa d3 39 7b ae 56 5e 6e Aug 26 13:09:11.018261: | a3 99 01 44 e9 fb 72 32 53 cd bf b0 ca a5 f1 19 Aug 26 13:09:11.018262: | ba 23 0f 87 fe d9 b3 e1 10 56 5d 48 e5 4e 52 b8 Aug 26 13:09:11.018264: | 49 06 54 12 48 8f 29 32 bc 96 bb 65 09 f7 93 b7 Aug 26 13:09:11.018265: | b1 8c be a4 d4 a2 7c d1 c4 8c 4b 88 88 19 16 99 Aug 26 13:09:11.018267: | a6 b7 76 8d 1a ad 49 b3 93 e0 47 8a ac 56 73 a3 Aug 26 13:09:11.018268: | 74 aa cd 0a dc bc 2c 81 7f 0c f6 0e f3 c5 45 bd Aug 26 13:09:11.018270: | b9 4f bc 91 b2 9a ce b1 82 a2 e7 7a fb e8 be 10 Aug 26 13:09:11.018271: | 30 71 ac 29 07 fd cc ce 7f da 44 73 a5 35 22 ac Aug 26 13:09:11.018273: | bc 1a 79 a9 66 60 b8 43 f9 6a 35 c9 d1 f9 aa 2f Aug 26 13:09:11.018274: | 61 8b 2a bc e2 fb 52 53 d2 13 52 21 90 18 74 6b Aug 26 13:09:11.018276: | 9f 80 3b fe 43 26 f2 59 79 eb 65 26 f4 35 c8 09 Aug 26 13:09:11.018277: | 6c 91 2c 80 04 fd 17 53 79 59 d1 59 fc 20 9d cf Aug 26 13:09:11.018279: | b7 68 92 8d c4 f6 bb b1 3d f1 6d 27 6c 2f f5 d1 Aug 26 13:09:11.018280: | 4f a5 cf 2a 35 ab 1e 08 77 e4 9e d1 59 a0 6b f8 Aug 26 13:09:11.018282: | 1f 1e be df 80 7b 85 6a 80 30 97 de 63 0f e1 22 Aug 26 13:09:11.018284: | 5f 93 f2 e4 52 1f f5 e6 22 c8 0c 67 4d ce a2 06 Aug 26 13:09:11.018285: | ef 70 99 b2 d9 8c c6 96 19 fa c8 81 b4 bb 50 94 Aug 26 13:09:11.018287: | f2 67 b5 96 48 42 f0 70 0c db 6f 7a 18 86 36 e5 Aug 26 13:09:11.018315: | d6 db 3d 93 50 4e 53 66 1e c0 72 3b f4 c8 3a a8 Aug 26 13:09:11.018319: | 88 35 a1 b7 1d 68 25 bc 45 8e be 70 98 0e 7a 03 Aug 26 13:09:11.018321: | 48 2a 08 7f 66 74 dd b7 45 c1 7b 19 24 d0 0a 1f Aug 26 13:09:11.018323: | f9 cd 45 fa e9 3a e6 37 8a b1 d3 93 73 e9 75 32 Aug 26 13:09:11.018324: | 99 Aug 26 13:09:11.018328: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:11.018331: | **parse ISAKMP Message: Aug 26 13:09:11.018333: | initiator cookie: Aug 26 13:09:11.018334: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:11.018336: | responder cookie: Aug 26 13:09:11.018337: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:11.018339: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:11.018341: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.018343: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:11.018347: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:11.018349: | Message ID: 2 (0x2) Aug 26 13:09:11.018351: | length: 449 (0x1c1) Aug 26 13:09:11.018353: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:11.018355: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:09:11.018358: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:11.018363: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:11.018365: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 13:09:11.018368: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:11.018371: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:11.018373: | #3 is idle Aug 26 13:09:11.018374: | #3 idle Aug 26 13:09:11.018376: | unpacking clear payload Aug 26 13:09:11.018377: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:11.018379: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:11.018381: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:11.018383: | flags: none (0x0) Aug 26 13:09:11.018384: | length: 421 (0x1a5) Aug 26 13:09:11.018386: | processing payload: ISAKMP_NEXT_v2SK (len=417) Aug 26 13:09:11.018388: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:11.018403: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:11.018405: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:11.018407: | **parse IKEv2 Security Association Payload: Aug 26 13:09:11.018409: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:11.018411: | flags: none (0x0) Aug 26 13:09:11.018412: | length: 44 (0x2c) Aug 26 13:09:11.018414: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:09:11.018415: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.018417: | **parse IKEv2 Nonce Payload: Aug 26 13:09:11.018419: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:11.018420: | flags: none (0x0) Aug 26 13:09:11.018422: | length: 36 (0x24) Aug 26 13:09:11.018424: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:11.018425: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:11.018427: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:11.018429: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:11.018430: | flags: none (0x0) Aug 26 13:09:11.018432: | length: 264 (0x108) Aug 26 13:09:11.018434: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.018435: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:11.018437: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:11.018439: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:11.018440: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:11.018442: | flags: none (0x0) Aug 26 13:09:11.018443: | length: 24 (0x18) Aug 26 13:09:11.018445: | number of TS: 1 (0x1) Aug 26 13:09:11.018447: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:11.018448: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:11.018450: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:11.018452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.018453: | flags: none (0x0) Aug 26 13:09:11.018455: | length: 24 (0x18) Aug 26 13:09:11.018456: | number of TS: 1 (0x1) Aug 26 13:09:11.018458: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:11.018460: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:11.018463: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:11.018465: | forcing ST #3 to CHILD #1.#3 in FSM processor Aug 26 13:09:11.018468: | Now let's proceed with state specific processing Aug 26 13:09:11.018470: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:11.018480: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.018482: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:09:11.018485: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:11.018487: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:11.018489: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:11.018490: | local proposal 1 type DH has 1 transforms Aug 26 13:09:11.018492: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:11.018494: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:11.018496: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:11.018498: | local proposal 2 type PRF has 0 transforms Aug 26 13:09:11.018499: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:11.018501: | local proposal 2 type DH has 1 transforms Aug 26 13:09:11.018502: | local proposal 2 type ESN has 1 transforms Aug 26 13:09:11.018504: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Aug 26 13:09:11.018506: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:11.018508: | local proposal 3 type PRF has 0 transforms Aug 26 13:09:11.018509: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:11.018511: | local proposal 3 type DH has 1 transforms Aug 26 13:09:11.018512: | local proposal 3 type ESN has 1 transforms Aug 26 13:09:11.018514: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:11.018516: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:11.018518: | local proposal 4 type PRF has 0 transforms Aug 26 13:09:11.018519: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:11.018521: | local proposal 4 type DH has 1 transforms Aug 26 13:09:11.018522: | local proposal 4 type ESN has 1 transforms Aug 26 13:09:11.018524: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:11.018526: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.018528: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.018530: | length: 40 (0x28) Aug 26 13:09:11.018531: | prop #: 1 (0x1) Aug 26 13:09:11.018533: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:11.018535: | spi size: 4 (0x4) Aug 26 13:09:11.018536: | # transforms: 3 (0x3) Aug 26 13:09:11.018538: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:11.018540: | remote SPI d4 b5 08 4d Aug 26 13:09:11.018542: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:11.018544: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.018546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.018548: | length: 12 (0xc) Aug 26 13:09:11.018549: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.018551: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.018553: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.018555: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.018556: | length/value: 256 (0x100) Aug 26 13:09:11.018559: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:11.018561: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.018563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.018564: | length: 8 (0x8) Aug 26 13:09:11.018566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.018568: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.018571: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:11.018573: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.018574: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.018576: | length: 8 (0x8) Aug 26 13:09:11.018577: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:11.018579: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:11.018581: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:11.018584: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Aug 26 13:09:11.018587: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Aug 26 13:09:11.018588: | remote proposal 1 matches local proposal 1 Aug 26 13:09:11.018590: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Aug 26 13:09:11.018594: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=d4b5084d;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Aug 26 13:09:11.018595: | converting proposal to internal trans attrs Aug 26 13:09:11.018599: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:09:11.018604: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Aug 26 13:09:11.018606: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:11.018608: | #3 STATE_V2_CREATE_I: retransmits: cleared Aug 26 13:09:11.018610: | libevent_free: release ptr-libevent@0x563af55821a8 Aug 26 13:09:11.018612: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563af551a268 Aug 26 13:09:11.018615: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:11.018617: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:09:11.018619: | libevent_malloc: new ptr-libevent@0x563af55aa9b8 size 128 Aug 26 13:09:11.018628: | #3 spent 0.154 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:09:11.018632: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.018634: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:09:11.018635: | crypto helper 3 resuming Aug 26 13:09:11.018636: | suspending state #3 and saving MD Aug 26 13:09:11.018653: | #3 is busy; has a suspended MD Aug 26 13:09:11.018647: | crypto helper 3 starting work-order 4 for state #3 Aug 26 13:09:11.018659: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:11.018665: | crypto helper 3 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Aug 26 13:09:11.018667: | "northnet-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:11.018675: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:11.018678: | #1 spent 0.411 milliseconds in ikev2_process_packet() Aug 26 13:09:11.018681: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:11.018683: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:11.018685: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:11.018687: | spent 0.42 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:11.019441: | crypto helper 3 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000775 seconds Aug 26 13:09:11.019454: | (#3) spent 0.776 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Aug 26 13:09:11.019460: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 13:09:11.019464: | scheduling resume sending helper answer for #3 Aug 26 13:09:11.019467: | libevent_malloc: new ptr-libevent@0x7fa810001f78 size 128 Aug 26 13:09:11.019476: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:11.019485: | processing resume sending helper answer for #3 Aug 26 13:09:11.019494: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:11.019498: | crypto helper 3 replies to request ID 4 Aug 26 13:09:11.019500: | calling continuation function 0x563af528b9d0 Aug 26 13:09:11.019504: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Aug 26 13:09:11.019507: | TSi: parsing 1 traffic selectors Aug 26 13:09:11.019510: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:11.019513: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.019515: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.019518: | length: 16 (0x10) Aug 26 13:09:11.019520: | start port: 0 (0x0) Aug 26 13:09:11.019523: | end port: 65535 (0xffff) Aug 26 13:09:11.019525: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:11.019528: | TS low c0 00 03 00 Aug 26 13:09:11.019530: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:11.019533: | TS high c0 00 03 ff Aug 26 13:09:11.019535: | TSi: parsed 1 traffic selectors Aug 26 13:09:11.019538: | TSr: parsing 1 traffic selectors Aug 26 13:09:11.019540: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:11.019543: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:11.019545: | IP Protocol ID: 0 (0x0) Aug 26 13:09:11.019547: | length: 16 (0x10) Aug 26 13:09:11.019550: | start port: 0 (0x0) Aug 26 13:09:11.019552: | end port: 65535 (0xffff) Aug 26 13:09:11.019555: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:11.019557: | TS low c0 00 16 00 Aug 26 13:09:11.019559: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:11.019562: | TS high c0 00 16 ff Aug 26 13:09:11.019564: | TSr: parsed 1 traffic selectors Aug 26 13:09:11.019569: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:11.019574: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.019581: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:11.019584: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:11.019586: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:11.019589: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:11.019592: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.019597: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:11.019602: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:11.019605: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:11.019608: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:11.019610: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:11.019613: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:11.019616: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:11.019618: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:11.019621: | printing contents struct traffic_selector Aug 26 13:09:11.019624: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:11.019626: | ipprotoid: 0 Aug 26 13:09:11.019629: | port range: 0-65535 Aug 26 13:09:11.019633: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:11.019635: | printing contents struct traffic_selector Aug 26 13:09:11.019638: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:11.019641: | ipprotoid: 0 Aug 26 13:09:11.019643: | port range: 0-65535 Aug 26 13:09:11.019647: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:11.019652: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:09:11.019852: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:09:11.019859: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:11.019862: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:11.019866: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.019870: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:11.019873: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.019877: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:11.019882: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:09:11.019886: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:11.019890: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:11.019894: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:11.019898: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:11.019902: | setting IPsec SA replay-window to 32 Aug 26 13:09:11.019906: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:11.019909: | netlink: enabling tunnel mode Aug 26 13:09:11.019912: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:11.019915: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:11.020002: | netlink response for Add SA esp.d4b5084d@192.1.2.23 included non-error error Aug 26 13:09:11.020009: | set up outgoing SA, ref=0/0 Aug 26 13:09:11.020013: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:09:11.020017: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:09:11.020020: | AES_GCM_16 requires 4 salt bytes Aug 26 13:09:11.020024: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:09:11.020028: | setting IPsec SA replay-window to 32 Aug 26 13:09:11.020032: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:09:11.020035: | netlink: enabling tunnel mode Aug 26 13:09:11.020039: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:11.020042: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:11.020081: | netlink response for Add SA esp.4c107ad5@192.1.3.33 included non-error error Aug 26 13:09:11.020086: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:11.020094: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:11.020098: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:11.020127: | raw_eroute result=success Aug 26 13:09:11.020132: | set up incoming SA, ref=0/0 Aug 26 13:09:11.020135: | sr for #3: unrouted Aug 26 13:09:11.020139: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:11.020142: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:11.020146: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.020150: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:11.020154: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:11.020157: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:11.020162: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:09:11.020167: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 13:09:11.020171: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:11.020181: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:09:11.020184: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:11.020199: | raw_eroute result=success Aug 26 13:09:11.020204: | running updown command "ipsec _updown" for verb up Aug 26 13:09:11.020209: | command executing up-client Aug 26 13:09:11.020241: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.020250: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.020272: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:09:11.020275: | popen cmd is 1408 chars long Aug 26 13:09:11.020277: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:09:11.020279: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Aug 26 13:09:11.020281: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Aug 26 13:09:11.020283: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:09:11.020284: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:09:11.020286: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 13:09:11.020292: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:09:11.020297: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Aug 26 13:09:11.020299: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' : Aug 26 13:09:11.020301: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:11.020302: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:11.020304: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:11.020306: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAR: Aug 26 13:09:11.020307: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:09:11.020309: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:09:11.020311: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:09:11.020312: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:09:11.020314: | cmd(1360):0xd4b5084d SPI_OUT=0x4c107ad5 ipsec _updown 2>&1: Aug 26 13:09:11.030401: | route_and_eroute: firewall_notified: true Aug 26 13:09:11.030417: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:11.030421: | command executing prepare-client Aug 26 13:09:11.030456: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.030464: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.030489: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Aug 26 13:09:11.030494: | popen cmd is 1413 chars long Aug 26 13:09:11.030497: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:11.030500: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:11.030503: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:11.030506: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:11.030509: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:11.030512: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 13:09:11.030514: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 13:09:11.030517: | cmd( 560):ibreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing: Aug 26 13:09:11.030520: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:09:11.030523: | cmd( 720):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:09:11.030526: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Aug 26 13:09:11.030528: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Aug 26 13:09:11.030531: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLO: Aug 26 13:09:11.030534: | cmd(1040):W+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Aug 26 13:09:11.030537: | cmd(1120):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Aug 26 13:09:11.030539: | cmd(1200):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Aug 26 13:09:11.030542: | cmd(1280):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Aug 26 13:09:11.030545: | cmd(1360):I_IN=0xd4b5084d SPI_OUT=0x4c107ad5 ipsec _updown 2>&1: Aug 26 13:09:11.040780: | running updown command "ipsec _updown" for verb route Aug 26 13:09:11.040799: | command executing route-client Aug 26 13:09:11.040822: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.040826: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:11.040841: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Aug 26 13:09:11.040846: | popen cmd is 1411 chars long Aug 26 13:09:11.040849: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:09:11.040850: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33': Aug 26 13:09:11.040852: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Aug 26 13:09:11.040854: | cmd( 240):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:09:11.040856: | cmd( 320):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:09:11.040857: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Aug 26 13:09:11.040859: | cmd( 480):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:09:11.040861: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Aug 26 13:09:11.040862: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.: Aug 26 13:09:11.040864: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:09:11.040866: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:09:11.040868: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:09:11.040869: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+: Aug 26 13:09:11.040871: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 13:09:11.040873: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 13:09:11.040874: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 13:09:11.040876: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 13:09:11.040878: | cmd(1360):IN=0xd4b5084d SPI_OUT=0x4c107ad5 ipsec _updown 2>&1: Aug 26 13:09:11.055508: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x563af558bbd8,sr=0x563af558bbd8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:11.055588: | #1 spent 1.87 milliseconds in install_ipsec_sa() Aug 26 13:09:11.055596: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:09:11.055599: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.055609: | libevent_free: release ptr-libevent@0x563af55aa9b8 Aug 26 13:09:11.055614: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:11.055624: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.055627: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 13:09:11.055629: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:09:11.055633: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:11.055635: | Message ID: updating counters for #3 to 2 after switching state Aug 26 13:09:11.055639: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:09:11.055645: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:11.055647: | pstats #3 ikev2.child established Aug 26 13:09:11.055654: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Aug 26 13:09:11.055662: | NAT-T: encaps is 'auto' Aug 26 13:09:11.055666: "northnet-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xd4b5084d <0x4c107ad5 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Aug 26 13:09:11.055669: | releasing whack for #3 (sock=fd@25) Aug 26 13:09:11.055675: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:09:11.055677: | releasing whack and unpending for parent #1 Aug 26 13:09:11.055680: | unpending state #1 connection "northnet-eastnets/0x2" Aug 26 13:09:11.055684: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 13:09:11.055688: | event_schedule: new EVENT_SA_REKEY-pe@0x563af551a268 Aug 26 13:09:11.055691: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Aug 26 13:09:11.055695: | libevent_malloc: new ptr-libevent@0x563af559abe8 size 128 Aug 26 13:09:11.055703: | #3 spent 2.35 milliseconds in resume sending helper answer Aug 26 13:09:11.055707: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:11.055710: | libevent_free: release ptr-libevent@0x7fa810001f78 Aug 26 13:09:11.055722: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.055726: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.055729: | spent 0.00387 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.055731: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.055733: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.055736: | spent 0.00248 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.055737: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.055740: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.055742: | spent 0.00245 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.117284: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.117525: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.117532: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.117677: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:11.117681: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:11.117691: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:11.117710: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:11.117728: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:11.117737: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:11.117755: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.117763: | spent 0.452 milliseconds in whack Aug 26 13:09:13.348913: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:13.348935: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:09:13.348940: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:13.348948: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:13.348963: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:13.348987: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:13.348996: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:13.349017: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:13.349025: | spent 0.12 milliseconds in whack Aug 26 13:09:14.163548: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:14.163789: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:14.163799: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:14.163950: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:14.163954: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:14.163964: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:14.164396: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:14.164422: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:14.164430: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:14.164450: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:14.164459: | spent 0.91 milliseconds in whack Aug 26 13:09:14.492698: | spent 0.00326 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.492729: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.492734: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.492737: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.492740: | 49 b3 fd 63 4f 58 97 6c 36 67 de 3c 4c 11 04 98 Aug 26 13:09:14.492743: | 3f 03 8f 19 de a4 cf 37 3d 49 04 1a 43 6f 5f 41 Aug 26 13:09:14.492745: | 22 d6 90 9a 64 Aug 26 13:09:14.492751: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.492755: | **parse ISAKMP Message: Aug 26 13:09:14.492758: | initiator cookie: Aug 26 13:09:14.492761: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.492764: | responder cookie: Aug 26 13:09:14.492767: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.492770: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.492773: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.492776: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.492781: | flags: none (0x0) Aug 26 13:09:14.492784: | Message ID: 0 (0x0) Aug 26 13:09:14.492787: | length: 69 (0x45) Aug 26 13:09:14.492790: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.492794: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.492800: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.492807: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.492810: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.492816: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.492819: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:09:14.492825: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Aug 26 13:09:14.492828: | unpacking clear payload Aug 26 13:09:14.492831: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.492835: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.492838: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.492840: | flags: none (0x0) Aug 26 13:09:14.492843: | length: 41 (0x29) Aug 26 13:09:14.492847: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:09:14.492852: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:09:14.492855: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.492881: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.492885: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.492888: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.492892: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.492894: | flags: none (0x0) Aug 26 13:09:14.492897: | length: 12 (0xc) Aug 26 13:09:14.492900: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.492903: | SPI size: 4 (0x4) Aug 26 13:09:14.492906: | number of SPIs: 1 (0x1) Aug 26 13:09:14.492909: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:09:14.492918: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.492921: | Now let's proceed with state specific processing Aug 26 13:09:14.492924: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.492928: | an informational request should send a response Aug 26 13:09:14.492951: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.492955: | **emit ISAKMP Message: Aug 26 13:09:14.492958: | initiator cookie: Aug 26 13:09:14.492961: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.492964: | responder cookie: Aug 26 13:09:14.492966: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.492970: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.492973: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.492976: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.492979: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.492982: | Message ID: 0 (0x0) Aug 26 13:09:14.492985: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.492989: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.492992: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.492995: | flags: none (0x0) Aug 26 13:09:14.492998: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.493002: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.493006: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.493019: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:09:14.493022: | SPI d4 b5 08 4d Aug 26 13:09:14.493026: | delete PROTO_v2_ESP SA(0xd4b5084d) Aug 26 13:09:14.493029: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:09:14.493033: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:09:14.493036: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xd4b5084d) Aug 26 13:09:14.493040: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Aug 26 13:09:14.493043: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.493048: | libevent_free: release ptr-libevent@0x563af559abe8 Aug 26 13:09:14.493051: | free_event_entry: release EVENT_SA_REKEY-pe@0x563af551a268 Aug 26 13:09:14.493055: | event_schedule: new EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:14.493059: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Aug 26 13:09:14.493063: | libevent_malloc: new ptr-libevent@0x7fa810001f78 size 128 Aug 26 13:09:14.493068: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.493071: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.493073: | flags: none (0x0) Aug 26 13:09:14.493076: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.493079: | SPI size: 4 (0x4) Aug 26 13:09:14.493082: | number of SPIs: 1 (0x1) Aug 26 13:09:14.493086: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.493089: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.493093: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:09:14.493096: | local SPIs 4c 10 7a d5 Aug 26 13:09:14.493099: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.493102: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.493105: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.493109: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.493112: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.493115: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.493137: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.493142: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.493145: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.493148: | a9 92 38 eb 98 e3 12 01 b1 22 a7 4a 31 82 1f 5c Aug 26 13:09:14.493151: | 92 ee 14 e5 32 5f 6a 85 76 17 c6 97 cd b1 92 25 Aug 26 13:09:14.493153: | 02 33 fa ca d3 Aug 26 13:09:14.493566: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:09:14.493577: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:09:14.493584: | #1 spent 0.619 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:09:14.493590: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.493595: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:09:14.493598: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:09:14.493603: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:09:14.493608: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.493612: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:09:14.493618: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.493623: | #1 spent 0.875 milliseconds in ikev2_process_packet() Aug 26 13:09:14.493627: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.493631: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.493635: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.493639: | spent 0.891 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.493648: | timer_event_cb: processing event@0x563af551a268 Aug 26 13:09:14.493651: | handling event EVENT_SA_REPLACE for child state #3 Aug 26 13:09:14.493656: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.493660: | picked newest_ipsec_sa #3 for #3 Aug 26 13:09:14.493663: | replacing stale CHILD SA Aug 26 13:09:14.493668: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:09:14.493671: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.493675: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:14.493680: | creating state object #4 at 0x563af55a2df8 Aug 26 13:09:14.493683: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:09:14.493693: | pstats #4 ikev2.child started Aug 26 13:09:14.493697: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 13:09:14.493704: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:14.493713: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.493718: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.493724: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.493728: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:09:14.493745: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.493751: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Aug 26 13:09:14.493755: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x563af5599978 Aug 26 13:09:14.493759: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Aug 26 13:09:14.493762: | libevent_malloc: new ptr-libevent@0x563af55aa9b8 size 128 Aug 26 13:09:14.493768: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:14.493773: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fa820002b78 Aug 26 13:09:14.493777: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Aug 26 13:09:14.493781: | libevent_malloc: new ptr-libevent@0x563af55b0308 size 128 Aug 26 13:09:14.493785: | libevent_free: release ptr-libevent@0x7fa810001f78 Aug 26 13:09:14.493788: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:14.493793: | #3 spent 0.145 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:09:14.493796: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.493801: | timer_event_cb: processing event@0x563af5599978 Aug 26 13:09:14.493805: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Aug 26 13:09:14.493810: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.493815: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Aug 26 13:09:14.493818: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:14.493822: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:09:14.493825: | libevent_malloc: new ptr-libevent@0x7fa810001f78 size 128 Aug 26 13:09:14.493834: | libevent_free: release ptr-libevent@0x563af55aa9b8 Aug 26 13:09:14.493838: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x563af5599978 Aug 26 13:09:14.493843: | #4 spent 0.0405 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:14.493848: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.493852: | timer_event_cb: processing event@0x7fa820002b78 Aug 26 13:09:14.493855: | handling event EVENT_SA_EXPIRE for child state #3 Aug 26 13:09:14.493860: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.493863: | picked newest_ipsec_sa #3 for #3 Aug 26 13:09:14.493866: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:09:14.493870: | pstats #3 ikev2.child re-failed exchange-timeout Aug 26 13:09:14.493873: | pstats #3 ikev2.child deleted completed Aug 26 13:09:14.493876: | #3 spent 4.49 milliseconds in total Aug 26 13:09:14.493881: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:14.493885: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 3.493s and NOT sending notification Aug 26 13:09:14.493888: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:09:14.493893: | get_sa_info esp.d4b5084d@192.1.2.23 Aug 26 13:09:14.493907: | get_sa_info esp.4c107ad5@192.1.3.33 Aug 26 13:09:14.493916: "northnet-eastnets/0x2" #3: ESP traffic information: in=0B out=168B Aug 26 13:09:14.493920: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.493969: | crypto helper 4 resuming Aug 26 13:09:14.493977: | crypto helper 4 starting work-order 5 for state #4 Aug 26 13:09:14.493982: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Aug 26 13:09:14.495015: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001031 seconds Aug 26 13:09:14.495029: | (#4) spent 1.04 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:09:14.495032: | crypto helper 4 sending results from work-order 5 for state #4 to event queue Aug 26 13:09:14.495036: | scheduling resume sending helper answer for #4 Aug 26 13:09:14.495040: | libevent_malloc: new ptr-libevent@0x7fa814002888 size 128 Aug 26 13:09:14.495046: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:14.495056: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.495060: | command executing down-client Aug 26 13:09:14.495093: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.495101: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.495121: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824951' PLUTO_ Aug 26 13:09:14.495125: | popen cmd is 1419 chars long Aug 26 13:09:14.495128: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.495131: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 13:09:14.495135: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 13:09:14.495138: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 13:09:14.495141: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.495144: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 13:09:14.495147: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.495150: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 13:09:14.495153: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0: Aug 26 13:09:14.495156: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:09:14.495159: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Aug 26 13:09:14.495162: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Aug 26 13:09:14.495165: | cmd( 960): PLUTO_ADDTIME='1566824951' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV: Aug 26 13:09:14.495168: | cmd(1040):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Aug 26 13:09:14.495171: | cmd(1120):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Aug 26 13:09:14.495177: | cmd(1200):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Aug 26 13:09:14.495180: | cmd(1280):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Aug 26 13:09:14.495183: | cmd(1360):no' SPI_IN=0xd4b5084d SPI_OUT=0x4c107ad5 ipsec _updown 2>&1: Aug 26 13:09:14.512544: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.512563: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.512567: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.512573: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.512615: | delete esp.d4b5084d@192.1.2.23 Aug 26 13:09:14.512630: | netlink response for Del SA esp.d4b5084d@192.1.2.23 included non-error error Aug 26 13:09:14.512635: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.512642: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.512661: | raw_eroute result=success Aug 26 13:09:14.512665: | delete esp.4c107ad5@192.1.3.33 Aug 26 13:09:14.512675: | netlink response for Del SA esp.4c107ad5@192.1.3.33 included non-error error Aug 26 13:09:14.512687: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.512690: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:09:14.512697: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.512741: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:14.512767: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:09:14.512770: | can't expire unused IKE SA #1; it has the child #4 Aug 26 13:09:14.512777: | libevent_free: release ptr-libevent@0x563af55b0308 Aug 26 13:09:14.512784: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fa820002b78 Aug 26 13:09:14.512787: | in statetime_stop() and could not find #3 Aug 26 13:09:14.512790: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.512814: | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.512833: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.512836: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.512839: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.512841: | 45 e2 81 af 73 d7 49 e1 8d a6 30 18 32 8d 01 9a Aug 26 13:09:14.512844: | 4b 54 c4 30 09 9f 42 72 8a 73 72 ba de e8 40 59 Aug 26 13:09:14.512846: | 46 c9 88 2a 6f Aug 26 13:09:14.512851: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.512856: | **parse ISAKMP Message: Aug 26 13:09:14.512859: | initiator cookie: Aug 26 13:09:14.512861: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.512864: | responder cookie: Aug 26 13:09:14.512866: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.512869: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.512872: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.512875: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.512878: | flags: none (0x0) Aug 26 13:09:14.512881: | Message ID: 1 (0x1) Aug 26 13:09:14.512884: | length: 69 (0x45) Aug 26 13:09:14.512887: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.512891: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.512894: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.512901: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.512904: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.512912: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.512915: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:14.512919: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Aug 26 13:09:14.512922: | unpacking clear payload Aug 26 13:09:14.512925: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.512928: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.512931: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.512933: | flags: none (0x0) Aug 26 13:09:14.512936: | length: 41 (0x29) Aug 26 13:09:14.512939: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:09:14.512943: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:14.512947: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.512967: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.512971: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.512974: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.512977: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.512979: | flags: none (0x0) Aug 26 13:09:14.512982: | length: 12 (0xc) Aug 26 13:09:14.512984: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.512987: | SPI size: 4 (0x4) Aug 26 13:09:14.512990: | number of SPIs: 1 (0x1) Aug 26 13:09:14.512992: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:09:14.512995: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.512998: | Now let's proceed with state specific processing Aug 26 13:09:14.513000: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.513004: | an informational request should send a response Aug 26 13:09:14.513027: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.513030: | **emit ISAKMP Message: Aug 26 13:09:14.513033: | initiator cookie: Aug 26 13:09:14.513036: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.513038: | responder cookie: Aug 26 13:09:14.513041: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.513043: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.513046: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.513049: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.513052: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.513055: | Message ID: 1 (0x1) Aug 26 13:09:14.513058: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.513061: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.513064: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513066: | flags: none (0x0) Aug 26 13:09:14.513070: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.513073: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.513076: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.513093: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:09:14.513096: | SPI c8 9c 97 23 Aug 26 13:09:14.513099: | delete PROTO_v2_ESP SA(0xc89c9723) Aug 26 13:09:14.513102: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:09:14.513105: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:09:14.513108: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xc89c9723) Aug 26 13:09:14.513112: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:09:14.513115: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.513119: | libevent_free: release ptr-libevent@0x563af5583808 Aug 26 13:09:14.513124: | free_event_entry: release EVENT_SA_REKEY-pe@0x563af55a3de8 Aug 26 13:09:14.513127: | event_schedule: new EVENT_SA_REPLACE-pe@0x563af55a3de8 Aug 26 13:09:14.513131: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:09:14.513134: | libevent_malloc: new ptr-libevent@0x7fa81c003878 size 128 Aug 26 13:09:14.513139: | ****emit IKEv2 Delete Payload: Aug 26 13:09:14.513142: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513145: | flags: none (0x0) Aug 26 13:09:14.513147: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:09:14.513150: | SPI size: 4 (0x4) Aug 26 13:09:14.513153: | number of SPIs: 1 (0x1) Aug 26 13:09:14.513156: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:09:14.513159: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.513162: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:09:14.513165: | local SPIs e2 70 8c 7e Aug 26 13:09:14.513167: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:09:14.513170: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.513173: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.513177: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.513179: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:09:14.513182: | emitting length of ISAKMP Message: 69 Aug 26 13:09:14.513198: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.513201: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.513203: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Aug 26 13:09:14.513206: | 21 e9 d4 57 cc 0d 9d 0e f9 f4 9e e7 b6 73 fd 75 Aug 26 13:09:14.513209: | 6a 1b 8a 98 b6 97 fc bc d1 c7 66 79 9d ac 41 63 Aug 26 13:09:14.513211: | 00 6c 76 1d 2c Aug 26 13:09:14.513247: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:14.513252: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:09:14.513258: | #1 spent 0.233 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:09:14.513264: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.513268: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:09:14.513272: | Message ID: updating counters for #1 to 1 after switching state Aug 26 13:09:14.513276: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:14.513281: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.513284: "northnet-eastnets/0x2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:09:14.513294: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.513301: | #1 spent 0.46 milliseconds in ikev2_process_packet() Aug 26 13:09:14.513306: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.513310: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.513313: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.513317: | spent 0.476 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.513326: | processing resume sending helper answer for #4 Aug 26 13:09:14.513331: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:09:14.513335: | crypto helper 4 replies to request ID 5 Aug 26 13:09:14.513338: | calling continuation function 0x563af528ab50 Aug 26 13:09:14.513342: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Aug 26 13:09:14.513345: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.513348: | libevent_free: release ptr-libevent@0x7fa810001f78 Aug 26 13:09:14.513353: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af551a268 Aug 26 13:09:14.513356: | event_schedule: new EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:14.513360: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Aug 26 13:09:14.513363: | libevent_malloc: new ptr-libevent@0x563af55b0308 size 128 Aug 26 13:09:14.513367: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.513370: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:09:14.513373: | libevent_malloc: new ptr-libevent@0x563af55aa9b8 size 128 Aug 26 13:09:14.513378: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.513382: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:09:14.513385: | suspending state #4 and saving MD Aug 26 13:09:14.513387: | #4 is busy; has a suspended MD Aug 26 13:09:14.513392: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:14.513395: | "northnet-eastnets/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:14.513399: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Aug 26 13:09:14.513404: | #4 spent 0.0682 milliseconds in resume sending helper answer Aug 26 13:09:14.513408: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:09:14.513411: | libevent_free: release ptr-libevent@0x7fa814002888 Aug 26 13:09:14.513416: | processing signal PLUTO_SIGCHLD Aug 26 13:09:14.513421: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:14.513425: | spent 0.00545 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:14.513431: | timer_event_cb: processing event@0x563af55a3de8 Aug 26 13:09:14.513434: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:09:14.513439: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.513442: | picked newest_ipsec_sa #2 for #2 Aug 26 13:09:14.513445: | replacing stale CHILD SA Aug 26 13:09:14.513449: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:09:14.513452: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.513456: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:14.513461: | creating state object #5 at 0x563af55a1098 Aug 26 13:09:14.513464: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 13:09:14.513470: | pstats #5 ikev2.child started Aug 26 13:09:14.513474: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 13:09:14.513479: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:14.513485: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.513489: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.513494: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.513500: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:14.513504: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:09:14.513508: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:14.513511: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Aug 26 13:09:14.513516: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:09:14.513523: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.513526: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:09:14.513530: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.513533: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:14.513538: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.513541: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:09:14.513546: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.513554: "northnet-eastnets/0x1": constructed local ESP/AH proposals for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:09:14.513560: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:09:14.513563: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fa814002b78 Aug 26 13:09:14.513567: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 13:09:14.513570: | libevent_malloc: new ptr-libevent@0x7fa814002888 size 128 Aug 26 13:09:14.513575: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:14.513578: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7fa820002b78 Aug 26 13:09:14.513581: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:09:14.513584: | libevent_malloc: new ptr-libevent@0x563af55aabf8 size 128 Aug 26 13:09:14.513587: | libevent_free: release ptr-libevent@0x7fa81c003878 Aug 26 13:09:14.513590: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563af55a3de8 Aug 26 13:09:14.513595: | #2 spent 0.163 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:09:14.513598: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.513601: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:09:14.513606: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Aug 26 13:09:14.513611: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:14.513616: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:14.513621: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:14.513625: | **emit ISAKMP Message: Aug 26 13:09:14.513628: | initiator cookie: Aug 26 13:09:14.513631: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.513633: | responder cookie: Aug 26 13:09:14.513636: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.513639: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.513643: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.513646: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:14.513648: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:14.513651: | Message ID: 3 (0x3) Aug 26 13:09:14.513654: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.513657: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.513660: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513662: | flags: none (0x0) Aug 26 13:09:14.513666: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.513669: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.513672: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.513687: | netlink_get_spi: allocated 0xddf67d0f for esp.0@192.1.3.33 Aug 26 13:09:14.513690: | Emitting ikev2_proposals ... Aug 26 13:09:14.513693: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:14.513695: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.513698: | flags: none (0x0) Aug 26 13:09:14.513701: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:14.513704: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.513707: | discarding INTEG=NONE Aug 26 13:09:14.513710: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.513713: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.513715: | prop #: 1 (0x1) Aug 26 13:09:14.513718: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.513721: | spi size: 4 (0x4) Aug 26 13:09:14.513723: | # transforms: 3 (0x3) Aug 26 13:09:14.513726: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.513729: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.513732: | our spi dd f6 7d 0f Aug 26 13:09:14.513735: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513740: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.513743: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.513746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513749: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.513752: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.513755: | length/value: 256 (0x100) Aug 26 13:09:14.513758: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.513760: | discarding INTEG=NONE Aug 26 13:09:14.513763: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513768: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.513771: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.513774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513780: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.513783: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513785: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.513788: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.513791: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.513795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513801: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.513804: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:14.513807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.513810: | discarding INTEG=NONE Aug 26 13:09:14.513812: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.513815: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.513817: | prop #: 2 (0x2) Aug 26 13:09:14.513820: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.513823: | spi size: 4 (0x4) Aug 26 13:09:14.513825: | # transforms: 3 (0x3) Aug 26 13:09:14.513828: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.513831: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.513834: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.513837: | our spi dd f6 7d 0f Aug 26 13:09:14.513839: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513845: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.513847: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.513850: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513853: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.513855: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.513858: | length/value: 128 (0x80) Aug 26 13:09:14.513860: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.513863: | discarding INTEG=NONE Aug 26 13:09:14.513865: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513868: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513870: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.513873: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.513876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513882: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.513885: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513887: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.513890: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.513892: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.513895: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513898: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513901: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.513903: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:14.513906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.513909: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.513912: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.513916: | prop #: 3 (0x3) Aug 26 13:09:14.513919: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.513921: | spi size: 4 (0x4) Aug 26 13:09:14.513924: | # transforms: 5 (0x5) Aug 26 13:09:14.513927: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.513930: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.513933: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.513935: | our spi dd f6 7d 0f Aug 26 13:09:14.513938: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513943: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.513946: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.513949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513952: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.513954: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.513957: | length/value: 256 (0x100) Aug 26 13:09:14.513960: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.513962: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513965: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513968: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.513970: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.513973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513979: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.513982: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.513984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513987: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.513990: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.513993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.513996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.513999: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514001: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514004: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514007: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514009: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514018: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514021: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514023: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514026: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514029: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514039: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514041: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:14.514044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514047: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.514050: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:14.514052: | prop #: 4 (0x4) Aug 26 13:09:14.514055: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:14.514057: | spi size: 4 (0x4) Aug 26 13:09:14.514060: | # transforms: 5 (0x5) Aug 26 13:09:14.514063: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.514066: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.514069: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:14.514072: | our spi dd f6 7d 0f Aug 26 13:09:14.514074: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514080: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.514082: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.514085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514088: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.514091: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.514093: | length/value: 128 (0x80) Aug 26 13:09:14.514096: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.514099: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514104: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514107: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.514110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514113: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514115: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514118: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514123: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.514126: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.514129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514135: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514138: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514143: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.514146: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.514149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514154: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514158: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.514161: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.514164: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:14.514166: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:14.514169: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.514172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.514175: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.514178: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:09:14.514181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.514184: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:09:14.514187: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:14.514190: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Aug 26 13:09:14.514193: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:09:14.514198: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.514201: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:09:14.514398: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:09:14.514408: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:14.514413: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:14.514419: | #1 spent 0.656 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:09:14.514423: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Aug 26 13:09:14.514427: | libevent_free: release ptr-libevent@0x563af55aa9b8 Aug 26 13:09:14.514433: | timer_event_cb: processing event@0x7fa814002b78 Aug 26 13:09:14.514436: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 13:09:14.514440: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.514445: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Aug 26 13:09:14.514449: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af55a3de8 Aug 26 13:09:14.514452: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:09:14.514455: | libevent_malloc: new ptr-libevent@0x563af55aa9b8 size 128 Aug 26 13:09:14.514463: | libevent_free: release ptr-libevent@0x7fa814002888 Aug 26 13:09:14.514466: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fa814002b78 Aug 26 13:09:14.514471: | #5 spent 0.0375 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:14.514476: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.514479: | timer_event_cb: processing event@0x7fa820002b78 Aug 26 13:09:14.514482: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:09:14.514486: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:09:14.514490: | picked newest_ipsec_sa #2 for #2 Aug 26 13:09:14.514493: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:09:14.514496: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:09:14.514498: | pstats #2 ikev2.child deleted completed Aug 26 13:09:14.514501: | #2 spent 6.88 milliseconds in total Aug 26 13:09:14.514508: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:14.514511: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_IPSEC_I) aged 3.619s and NOT sending notification Aug 26 13:09:14.514514: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:09:14.514519: | get_sa_info esp.c89c9723@192.1.2.23 Aug 26 13:09:14.514529: | get_sa_info esp.e2708c7e@192.1.3.33 Aug 26 13:09:14.514536: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:09:14.514540: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.514579: | crypto helper 5 resuming Aug 26 13:09:14.514584: | crypto helper 5 starting work-order 6 for state #5 Aug 26 13:09:14.514588: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Aug 26 13:09:14.515580: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.00099 seconds Aug 26 13:09:14.515591: | (#5) spent 0.999 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:09:14.515595: | crypto helper 5 sending results from work-order 6 for state #5 to event queue Aug 26 13:09:14.515598: | scheduling resume sending helper answer for #5 Aug 26 13:09:14.515602: | libevent_malloc: new ptr-libevent@0x7fa808002888 size 128 Aug 26 13:09:14.515607: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:14.515617: | running updown command "ipsec _updown" for verb down Aug 26 13:09:14.515620: | command executing down-client Aug 26 13:09:14.515650: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.515657: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:09:14.515676: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824950' PLUTO_CO Aug 26 13:09:14.515679: | popen cmd is 1417 chars long Aug 26 13:09:14.515682: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:09:14.515685: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Aug 26 13:09:14.515688: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Aug 26 13:09:14.515691: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 13:09:14.515693: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:09:14.515696: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Aug 26 13:09:14.515699: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:09:14.515702: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Aug 26 13:09:14.515704: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Aug 26 13:09:14.515710: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:09:14.515712: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:09:14.515715: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:09:14.515718: | cmd( 960):LUTO_ADDTIME='1566824950' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_: Aug 26 13:09:14.515721: | cmd(1040):ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Aug 26 13:09:14.515723: | cmd(1120):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Aug 26 13:09:14.515726: | cmd(1200):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Aug 26 13:09:14.515729: | cmd(1280):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Aug 26 13:09:14.515732: | cmd(1360):' SPI_IN=0xc89c9723 SPI_OUT=0xe2708c7e ipsec _updown 2>&1: Aug 26 13:09:14.529474: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:14.529489: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:14.529493: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.529499: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:14.529531: | delete esp.c89c9723@192.1.2.23 Aug 26 13:09:14.529544: | netlink response for Del SA esp.c89c9723@192.1.2.23 included non-error error Aug 26 13:09:14.529549: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.529556: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.529574: | raw_eroute result=success Aug 26 13:09:14.529578: | delete esp.e2708c7e@192.1.3.33 Aug 26 13:09:14.529588: | netlink response for Del SA esp.e2708c7e@192.1.3.33 included non-error error Aug 26 13:09:14.529600: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.529603: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:09:14.529609: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.529618: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:14.529633: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:09:14.529636: | can't expire unused IKE SA #1; it has the child #5 Aug 26 13:09:14.529643: | libevent_free: release ptr-libevent@0x563af55aabf8 Aug 26 13:09:14.529648: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7fa820002b78 Aug 26 13:09:14.529652: | in statetime_stop() and could not find #2 Aug 26 13:09:14.529655: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:09:14.529678: | spent 0.0022 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:14.529696: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:14.529699: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.529702: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Aug 26 13:09:14.529704: | 34 40 3b a6 cb e7 c5 88 75 0f 39 ff 09 b4 7e 83 Aug 26 13:09:14.529707: | ca 9c 1e 9f b8 48 96 43 12 eb c1 43 a1 86 c7 b5 Aug 26 13:09:14.529709: | 1c Aug 26 13:09:14.529715: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:14.529718: | **parse ISAKMP Message: Aug 26 13:09:14.529721: | initiator cookie: Aug 26 13:09:14.529724: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.529726: | responder cookie: Aug 26 13:09:14.529729: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.529732: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:14.529735: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.529737: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.529744: | flags: none (0x0) Aug 26 13:09:14.529746: | Message ID: 2 (0x2) Aug 26 13:09:14.529749: | length: 65 (0x41) Aug 26 13:09:14.529752: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:09:14.529756: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:09:14.529759: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:14.529766: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:14.529769: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:14.529774: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:14.529777: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:09:14.529781: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Aug 26 13:09:14.529784: | unpacking clear payload Aug 26 13:09:14.529787: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:14.529790: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:14.529792: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:09:14.529795: | flags: none (0x0) Aug 26 13:09:14.529798: | length: 37 (0x25) Aug 26 13:09:14.529800: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:09:14.529805: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:14.529808: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:09:14.529834: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:09:14.529838: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:09:14.529841: | **parse IKEv2 Delete Payload: Aug 26 13:09:14.529844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.529846: | flags: none (0x0) Aug 26 13:09:14.529849: | length: 8 (0x8) Aug 26 13:09:14.529852: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:09:14.529854: | SPI size: 0 (0x0) Aug 26 13:09:14.529857: | number of SPIs: 0 (0x0) Aug 26 13:09:14.529859: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:09:14.529862: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:09:14.529865: | Now let's proceed with state specific processing Aug 26 13:09:14.529867: | calling processor I3: INFORMATIONAL Request Aug 26 13:09:14.529871: | an informational request should send a response Aug 26 13:09:14.529894: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:09:14.529897: | **emit ISAKMP Message: Aug 26 13:09:14.529900: | initiator cookie: Aug 26 13:09:14.529903: | b3 c9 36 04 cf b9 66 c7 Aug 26 13:09:14.529905: | responder cookie: Aug 26 13:09:14.529907: | 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.529910: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.529913: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.529916: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:09:14.529919: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:09:14.529921: | Message ID: 2 (0x2) Aug 26 13:09:14.529924: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.529928: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:14.529930: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.529933: | flags: none (0x0) Aug 26 13:09:14.529936: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:14.529939: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:09:14.529943: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:14.529962: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:14.529967: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:14.529971: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:14.529973: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:09:14.529976: | emitting length of ISAKMP Message: 57 Aug 26 13:09:14.529995: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:14.529999: | b3 c9 36 04 cf b9 66 c7 55 5e 51 e1 c0 80 6d 7f Aug 26 13:09:14.530001: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Aug 26 13:09:14.530004: | 9d 7a 50 0c ee 10 4e c4 46 e9 99 1e 83 7e 57 ab Aug 26 13:09:14.530006: | b4 93 a6 64 54 ef 11 9f e7 Aug 26 13:09:14.530051: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:09:14.530057: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Aug 26 13:09:14.530061: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.530064: | pstats #5 ikev2.child deleted other Aug 26 13:09:14.530068: | #5 spent 0.0375 milliseconds in total Aug 26 13:09:14.530073: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.530078: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.530082: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnets/0x1" aged 0.016s and NOT sending notification Aug 26 13:09:14.530085: | child state #5: CHILDSA_DEL(informational) => delete Aug 26 13:09:14.530088: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.530093: | libevent_free: release ptr-libevent@0x563af55aa9b8 Aug 26 13:09:14.530096: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af55a3de8 Aug 26 13:09:14.530100: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:14.530107: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.530120: | raw_eroute result=success Aug 26 13:09:14.530124: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:09:14.530127: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Aug 26 13:09:14.530135: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.530139: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.530143: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.530149: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:09:14.530152: | pstats #4 ikev2.child deleted other Aug 26 13:09:14.530155: | #4 spent 1.15 milliseconds in total Aug 26 13:09:14.530159: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.530164: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.530167: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.036s and NOT sending notification Aug 26 13:09:14.530170: | child state #4: CHILDSA_DEL(informational) => delete Aug 26 13:09:14.530173: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:14.530177: | libevent_free: release ptr-libevent@0x563af55b0308 Aug 26 13:09:14.530179: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563af551a268 Aug 26 13:09:14.530185: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:14.530191: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:14.530201: | raw_eroute result=success Aug 26 13:09:14.530206: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.530209: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 13:09:14.530212: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:14.530242: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.530247: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.530252: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:09:14.530254: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:09:14.530257: | pstats #1 ikev2.ike deleted completed Aug 26 13:09:14.530262: | #1 spent 27.6 milliseconds in total Aug 26 13:09:14.530266: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Aug 26 13:09:14.530269: "northnet-eastnets/0x2" #1: deleting state (STATE_IKESA_DEL) aged 3.642s and NOT sending notification Aug 26 13:09:14.530272: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:09:14.530324: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:09:14.530332: | libevent_free: release ptr-libevent@0x563af55b3228 Aug 26 13:09:14.530337: | free_event_entry: release EVENT_SA_REKEY-pe@0x563af558ade8 Aug 26 13:09:14.530341: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:14.530344: | picked newest_isakmp_sa #0 for #1 Aug 26 13:09:14.530346: "northnet-eastnets/0x2" #1: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:09:14.530350: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Aug 26 13:09:14.530354: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:09:14.530357: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:14.530360: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:09:14.530363: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:09:14.530373: | unreference key: 0x563af558e238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 13:09:14.530394: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Aug 26 13:09:14.530405: | unreference key: 0x563af558e238 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.530412: | unreference key: 0x563af55999e8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.530415: | unreference key: 0x563af55a1f08 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:14.530421: | unreference key: 0x563af55acdb8 east@testing.libreswan.org cnt 1-- Aug 26 13:09:14.530426: | unreference key: 0x563af55a20a8 192.1.2.23 cnt 1-- Aug 26 13:09:14.530452: | in statetime_stop() and could not find #1 Aug 26 13:09:14.530456: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.530460: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:09:14.530462: | STF_OK but no state object remains Aug 26 13:09:14.530465: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:14.530467: | in statetime_stop() and could not find #1 Aug 26 13:09:14.530471: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:14.530473: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:14.530476: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:14.530483: | spent 0.767 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:14.530491: | processing resume sending helper answer for #5 Aug 26 13:09:14.530495: | crypto helper 5 replies to request ID 6 Aug 26 13:09:14.530498: | calling continuation function 0x563af528ab50 Aug 26 13:09:14.530501: | work-order 6 state #5 crypto result suppressed Aug 26 13:09:14.530524: | (#5) spent 0.0276 milliseconds in resume sending helper answer Aug 26 13:09:14.530528: | libevent_free: release ptr-libevent@0x7fa808002888 Aug 26 13:09:14.530532: | processing signal PLUTO_SIGCHLD Aug 26 13:09:14.530537: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:14.530541: | spent 0.00564 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:14.530547: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:09:14.530550: Initiating connection northnet-eastnets/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 13:09:14.530553: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:14.530558: | start processing: connection "northnet-eastnets/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:14.530561: | connection 'northnet-eastnets/0x2' +POLICY_UP Aug 26 13:09:14.530564: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:14.530568: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:14.530574: | creating state object #6 at 0x563af55913f8 Aug 26 13:09:14.530577: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 13:09:14.530582: | pstats #6 ikev2.ike started Aug 26 13:09:14.530586: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:14.530589: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:14.530595: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:14.530601: | suspend processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:14.530606: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:14.530610: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:14.530614: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnets/0x2" IKE SA #6 "northnet-eastnets/0x2" Aug 26 13:09:14.530618: "northnet-eastnets/0x2" #6: initiating v2 parent SA Aug 26 13:09:14.530636: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:14.530641: | adding ikev2_outI1 KE work-order 7 for state #6 Aug 26 13:09:14.530645: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563af55a3de8 Aug 26 13:09:14.530648: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:09:14.530652: | libevent_malloc: new ptr-libevent@0x563af55aabf8 size 128 Aug 26 13:09:14.530663: | #6 spent 0.105 milliseconds in ikev2_parent_outI1() Aug 26 13:09:14.530668: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:14.530671: | RESET processing: connection "northnet-eastnets/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:14.530674: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:14.530681: | spent 0.13 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:09:14.532322: | crypto helper 6 resuming Aug 26 13:09:14.532343: | crypto helper 6 starting work-order 7 for state #6 Aug 26 13:09:14.532349: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Aug 26 13:09:14.537489: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.005138 seconds Aug 26 13:09:14.537505: | (#6) spent 1 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Aug 26 13:09:14.537509: | crypto helper 6 sending results from work-order 7 for state #6 to event queue Aug 26 13:09:14.537513: | scheduling resume sending helper answer for #6 Aug 26 13:09:14.537516: | libevent_malloc: new ptr-libevent@0x7fa80c002888 size 128 Aug 26 13:09:14.537526: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:14.537536: | processing resume sending helper answer for #6 Aug 26 13:09:14.537549: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:14.537555: | crypto helper 6 replies to request ID 7 Aug 26 13:09:14.537558: | calling continuation function 0x563af528ab50 Aug 26 13:09:14.537560: | ikev2_parent_outI1_continue for #6 Aug 26 13:09:14.537566: | **emit ISAKMP Message: Aug 26 13:09:14.537569: | initiator cookie: Aug 26 13:09:14.537571: | ff 39 f3 7d 36 40 f6 55 Aug 26 13:09:14.537574: | responder cookie: Aug 26 13:09:14.537576: | 00 00 00 00 00 00 00 00 Aug 26 13:09:14.537579: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:14.537582: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:14.537585: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:14.537588: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:14.537591: | Message ID: 0 (0x0) Aug 26 13:09:14.537594: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:14.537611: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:14.537615: | Emitting ikev2_proposals ... Aug 26 13:09:14.537618: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:14.537621: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.537623: | flags: none (0x0) Aug 26 13:09:14.537627: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:14.537630: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.537633: | discarding INTEG=NONE Aug 26 13:09:14.537636: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.537639: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.537641: | prop #: 1 (0x1) Aug 26 13:09:14.537644: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.537647: | spi size: 0 (0x0) Aug 26 13:09:14.537649: | # transforms: 11 (0xb) Aug 26 13:09:14.537652: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.537656: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537664: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.537666: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.537669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537672: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.537676: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.537678: | length/value: 256 (0x100) Aug 26 13:09:14.537681: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.537684: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537690: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.537693: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.537696: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537702: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537705: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537710: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.537713: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.537716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537719: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537725: | discarding INTEG=NONE Aug 26 13:09:14.537727: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537733: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537736: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.537740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537745: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537748: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537754: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537757: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.537760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537766: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537768: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537774: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537777: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.537780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537788: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537792: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537794: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537801: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.537804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537812: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537818: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537821: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.537824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537828: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537831: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537833: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537841: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.537845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537848: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537851: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537854: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537859: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537862: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.537865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537868: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537871: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537874: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537877: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.537879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.537882: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.537885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537894: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:14.537897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.537899: | discarding INTEG=NONE Aug 26 13:09:14.537902: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.537905: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.537909: | prop #: 2 (0x2) Aug 26 13:09:14.537911: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.537913: | spi size: 0 (0x0) Aug 26 13:09:14.537916: | # transforms: 11 (0xb) Aug 26 13:09:14.537918: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.537921: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.537924: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537934: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.537939: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:14.537945: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537949: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.537952: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.537955: | length/value: 128 (0x80) Aug 26 13:09:14.537958: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.537961: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537966: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.537969: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.537972: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537978: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.537981: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.537984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537987: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.537989: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.537993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.537996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.537999: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538002: | discarding INTEG=NONE Aug 26 13:09:14.538004: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538010: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538013: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.538016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538023: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538026: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538032: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538034: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.538038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538044: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538048: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538054: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538057: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.538060: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538066: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538069: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538077: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.538080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538086: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538089: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538094: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538096: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.538100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538109: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538114: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538117: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.538120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538126: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538129: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538136: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.538140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538146: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538149: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538151: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.538154: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538157: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.538160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538167: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538169: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:14.538172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.538176: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.538179: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.538181: | prop #: 3 (0x3) Aug 26 13:09:14.538184: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.538187: | spi size: 0 (0x0) Aug 26 13:09:14.538190: | # transforms: 13 (0xd) Aug 26 13:09:14.538193: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.538196: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.538199: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538205: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.538207: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.538211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538214: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.538216: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.538219: | length/value: 256 (0x100) Aug 26 13:09:14.538222: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.538224: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538231: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.538234: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.538237: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538240: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538243: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538246: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538251: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.538253: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.538257: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538260: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538262: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538265: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538270: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.538273: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.538276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538279: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538282: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538285: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538315: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.538318: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.538321: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538324: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538327: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538330: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538337: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.538341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538348: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538351: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538353: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538359: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.538362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538368: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538370: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538373: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538376: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538378: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.538381: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538387: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538389: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538394: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538397: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.538400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538406: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538408: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538416: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.538419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538426: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538429: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538434: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538437: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.538440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538445: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538448: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538453: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538455: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.538458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538461: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538464: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538467: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538469: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.538472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538475: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.538478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538484: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538486: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:14.538489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.538492: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:14.538495: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:14.538498: | prop #: 4 (0x4) Aug 26 13:09:14.538500: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:14.538503: | spi size: 0 (0x0) Aug 26 13:09:14.538505: | # transforms: 13 (0xd) Aug 26 13:09:14.538509: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:14.538512: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:14.538515: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538520: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:14.538522: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:14.538525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538528: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:14.538531: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:14.538533: | length/value: 128 (0x80) Aug 26 13:09:14.538536: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:14.538539: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538544: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.538548: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:14.538551: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538554: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538557: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538560: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538565: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:14.538567: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:14.538571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538576: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538579: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538584: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.538587: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:14.538590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538595: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538598: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538600: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538603: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:14.538605: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:14.538609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538614: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538617: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538625: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.538628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538633: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538641: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538644: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:14.538647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538664: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:14.538667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538673: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538675: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538681: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538683: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:14.538686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538692: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538695: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538700: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538703: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:14.538706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538711: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538714: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538719: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538722: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:14.538725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538728: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538730: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538733: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538735: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538738: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538741: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:14.538744: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538747: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538749: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538752: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:14.538755: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:14.538757: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:14.538760: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:14.538763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:14.538766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:14.538770: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:14.538772: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:14.538775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:14.538778: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:09:14.538781: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:14.538784: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:14.538786: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.538789: | flags: none (0x0) Aug 26 13:09:14.538792: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:14.538795: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:14.538798: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.538802: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:14.538805: | ikev2 g^x 70 cf f6 79 dc 0f 9b f9 8d f2 36 49 34 dd 3b cd Aug 26 13:09:14.538807: | ikev2 g^x 31 a8 d1 d2 cd d1 c2 93 02 ad db 5b 3e dd 31 19 Aug 26 13:09:14.538810: | ikev2 g^x b5 cd 93 c5 71 fb 55 ad 47 53 fc b3 21 08 40 fb Aug 26 13:09:14.538812: | ikev2 g^x 46 01 49 e4 f3 73 d5 01 fa 3d 0a 0d 18 88 8a 8c Aug 26 13:09:14.538815: | ikev2 g^x 88 6d 70 3a a3 2d 05 0d 20 87 e6 ef 3b e4 00 ff Aug 26 13:09:14.538817: | ikev2 g^x 3b bb 9b d7 e8 b3 68 b6 27 3c b5 10 0a 08 03 09 Aug 26 13:09:14.538820: | ikev2 g^x c3 9f 9e 5f 50 69 7f c0 b4 76 fb 93 54 08 4c eb Aug 26 13:09:14.538822: | ikev2 g^x 38 40 96 64 8f 33 a3 e6 c8 a3 4e b5 6d 78 3e 5d Aug 26 13:09:14.538825: | ikev2 g^x 1a d4 05 b5 a4 ff 23 b1 73 3a e1 0c 0b dd cf 32 Aug 26 13:09:14.538827: | ikev2 g^x 6a bf 93 ae a8 f0 e5 45 75 3d 76 4c ba b1 fb e7 Aug 26 13:09:14.538830: | ikev2 g^x cd cf c5 c6 13 9a 7b ee c1 e1 32 44 e5 31 d1 89 Aug 26 13:09:14.538833: | ikev2 g^x c8 e9 c9 23 1b a9 81 dc e6 10 c2 2b 0e c2 a2 8e Aug 26 13:09:14.538835: | ikev2 g^x 89 41 05 44 87 39 ff db d5 ee 94 50 4c 2d 93 5c Aug 26 13:09:14.538838: | ikev2 g^x 88 7f fc a9 d6 76 f9 81 84 56 70 92 89 3a 4f 56 Aug 26 13:09:14.538840: | ikev2 g^x 4e ae c2 ab 4e 2b 91 12 ab da 97 d7 ac 00 b4 92 Aug 26 13:09:14.538843: | ikev2 g^x 4c 2f f3 22 3b 00 ef 3c 4a 56 f7 72 d4 00 bb 0c Aug 26 13:09:14.538845: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:14.538848: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:14.538851: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:14.538854: | flags: none (0x0) Aug 26 13:09:14.538857: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:14.538860: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:14.538863: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.538867: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:14.538869: | IKEv2 nonce dd c7 c7 69 91 86 62 dc c1 65 bb 5c 67 7e 88 b4 Aug 26 13:09:14.538872: | IKEv2 nonce 15 c8 0e 0f 63 1d ef dd c0 14 d0 85 1a 68 09 eb Aug 26 13:09:14.538875: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:14.538878: | Adding a v2N Payload Aug 26 13:09:14.538880: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.538883: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.538886: | flags: none (0x0) Aug 26 13:09:14.538888: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.538891: | SPI size: 0 (0x0) Aug 26 13:09:14.538894: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:14.538899: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.538902: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.538905: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:14.538908: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:14.538911: | natd_hash: rcookie is zero Aug 26 13:09:14.538927: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:14.538931: | natd_hash: icookie= ff 39 f3 7d 36 40 f6 55 Aug 26 13:09:14.538934: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:14.538936: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:14.538939: | natd_hash: port=500 Aug 26 13:09:14.538941: | natd_hash: hash= 72 3a 93 9d f6 50 c3 ed d1 78 dc 51 6a c8 23 5d Aug 26 13:09:14.538944: | natd_hash: hash= 25 0d b6 56 Aug 26 13:09:14.538946: | Adding a v2N Payload Aug 26 13:09:14.538949: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.538952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.538954: | flags: none (0x0) Aug 26 13:09:14.538957: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.538960: | SPI size: 0 (0x0) Aug 26 13:09:14.538962: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:14.538966: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.538969: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.538972: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:14.538975: | Notify data 72 3a 93 9d f6 50 c3 ed d1 78 dc 51 6a c8 23 5d Aug 26 13:09:14.538977: | Notify data 25 0d b6 56 Aug 26 13:09:14.538980: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:14.538982: | natd_hash: rcookie is zero Aug 26 13:09:14.538989: | natd_hash: hasher=0x563af535f800(20) Aug 26 13:09:14.538992: | natd_hash: icookie= ff 39 f3 7d 36 40 f6 55 Aug 26 13:09:14.538994: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:14.538997: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:14.538999: | natd_hash: port=500 Aug 26 13:09:14.539002: | natd_hash: hash= 4c 2e ac e1 17 6f e8 eb a5 c4 c7 d6 e9 04 ae 76 Aug 26 13:09:14.539004: | natd_hash: hash= 06 3f 2d 54 Aug 26 13:09:14.539007: | Adding a v2N Payload Aug 26 13:09:14.539009: | ***emit IKEv2 Notify Payload: Aug 26 13:09:14.539012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:14.539015: | flags: none (0x0) Aug 26 13:09:14.539017: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:14.539020: | SPI size: 0 (0x0) Aug 26 13:09:14.539023: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:14.539026: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:14.539029: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:14.539032: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:14.539035: | Notify data 4c 2e ac e1 17 6f e8 eb a5 c4 c7 d6 e9 04 ae 76 Aug 26 13:09:14.539038: | Notify data 06 3f 2d 54 Aug 26 13:09:14.539040: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:14.539043: | emitting length of ISAKMP Message: 828 Aug 26 13:09:14.539050: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:14.539057: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:14.539061: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:14.539064: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:14.539070: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:14.539073: | Message ID: updating counters for #6 to 4294967295 after switching state Aug 26 13:09:14.539076: | Message ID: IKE #6 skipping update_recv as MD is fake Aug 26 13:09:14.539081: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:14.539084: "northnet-eastnets/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:14.539090: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:14.539096: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 13:09:14.539099: | ff 39 f3 7d 36 40 f6 55 00 00 00 00 00 00 00 00 Aug 26 13:09:14.539101: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:14.539104: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:14.539106: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:14.539109: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:14.539111: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:14.539114: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:14.539116: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:14.539119: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:14.539121: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:14.539124: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:14.539126: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:14.539129: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:14.539131: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:14.539134: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:14.539136: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:14.539139: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:14.539141: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:14.539144: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:14.539146: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:14.539149: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:14.539152: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:14.539154: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:14.539157: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:14.539159: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:14.539162: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:14.539164: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:14.539167: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:14.539169: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:14.539172: | 28 00 01 08 00 0e 00 00 70 cf f6 79 dc 0f 9b f9 Aug 26 13:09:14.539175: | 8d f2 36 49 34 dd 3b cd 31 a8 d1 d2 cd d1 c2 93 Aug 26 13:09:14.539177: | 02 ad db 5b 3e dd 31 19 b5 cd 93 c5 71 fb 55 ad Aug 26 13:09:14.539180: | 47 53 fc b3 21 08 40 fb 46 01 49 e4 f3 73 d5 01 Aug 26 13:09:14.539182: | fa 3d 0a 0d 18 88 8a 8c 88 6d 70 3a a3 2d 05 0d Aug 26 13:09:14.539185: | 20 87 e6 ef 3b e4 00 ff 3b bb 9b d7 e8 b3 68 b6 Aug 26 13:09:14.539187: | 27 3c b5 10 0a 08 03 09 c3 9f 9e 5f 50 69 7f c0 Aug 26 13:09:14.539189: | b4 76 fb 93 54 08 4c eb 38 40 96 64 8f 33 a3 e6 Aug 26 13:09:14.539192: | c8 a3 4e b5 6d 78 3e 5d 1a d4 05 b5 a4 ff 23 b1 Aug 26 13:09:14.539195: | 73 3a e1 0c 0b dd cf 32 6a bf 93 ae a8 f0 e5 45 Aug 26 13:09:14.539197: | 75 3d 76 4c ba b1 fb e7 cd cf c5 c6 13 9a 7b ee Aug 26 13:09:14.539199: | c1 e1 32 44 e5 31 d1 89 c8 e9 c9 23 1b a9 81 dc Aug 26 13:09:14.539202: | e6 10 c2 2b 0e c2 a2 8e 89 41 05 44 87 39 ff db Aug 26 13:09:14.539204: | d5 ee 94 50 4c 2d 93 5c 88 7f fc a9 d6 76 f9 81 Aug 26 13:09:14.539211: | 84 56 70 92 89 3a 4f 56 4e ae c2 ab 4e 2b 91 12 Aug 26 13:09:14.539214: | ab da 97 d7 ac 00 b4 92 4c 2f f3 22 3b 00 ef 3c Aug 26 13:09:14.539216: | 4a 56 f7 72 d4 00 bb 0c 29 00 00 24 dd c7 c7 69 Aug 26 13:09:14.539219: | 91 86 62 dc c1 65 bb 5c 67 7e 88 b4 15 c8 0e 0f Aug 26 13:09:14.539221: | 63 1d ef dd c0 14 d0 85 1a 68 09 eb 29 00 00 08 Aug 26 13:09:14.539224: | 00 00 40 2e 29 00 00 1c 00 00 40 04 72 3a 93 9d Aug 26 13:09:14.539226: | f6 50 c3 ed d1 78 dc 51 6a c8 23 5d 25 0d b6 56 Aug 26 13:09:14.539229: | 00 00 00 1c 00 00 40 05 4c 2e ac e1 17 6f e8 eb Aug 26 13:09:14.539231: | a5 c4 c7 d6 e9 04 ae 76 06 3f 2d 54 Aug 26 13:09:14.539269: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:14.539275: | libevent_free: release ptr-libevent@0x563af55aabf8 Aug 26 13:09:14.539278: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563af55a3de8 Aug 26 13:09:14.539281: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:14.539284: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:09:14.539292: | event_schedule: new EVENT_RETRANSMIT-pe@0x563af55a3de8 Aug 26 13:09:14.539298: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Aug 26 13:09:14.539302: | libevent_malloc: new ptr-libevent@0x563af5583808 size 128 Aug 26 13:09:14.539307: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10240.281754 Aug 26 13:09:14.539311: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:14.539317: | #6 spent 1.72 milliseconds in resume sending helper answer Aug 26 13:09:14.539322: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:14.539326: | libevent_free: release ptr-libevent@0x7fa80c002888 Aug 26 13:09:15.077146: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:15.077166: shutting down Aug 26 13:09:15.077174: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:09:15.077176: destroying root certificate cache Aug 26 13:09:15.077201: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:15.077204: forgetting secrets Aug 26 13:09:15.077212: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:15.077222: | unreference key: 0x563af558e028 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077227: | unreference key: 0x563af558dad8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077231: | unreference key: 0x563af558d8b8 @east.testing.libreswan.org cnt 1-- Aug 26 13:09:15.077235: | unreference key: 0x563af558c108 east@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077240: | unreference key: 0x563af558ce58 192.1.2.23 cnt 1-- Aug 26 13:09:15.077246: | unreference key: 0x563af5587588 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077249: | unreference key: 0x563af5587368 user-north@testing.libreswan.org cnt 1-- Aug 26 13:09:15.077252: | unreference key: 0x563af5583ec8 @north.testing.libreswan.org cnt 1-- Aug 26 13:09:15.077256: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:09:15.077258: | removing pending policy for no connection {0x563af546e898} Aug 26 13:09:15.077261: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:15.077262: | pass 0 Aug 26 13:09:15.077264: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.077266: | state #6 Aug 26 13:09:15.077268: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:15.077274: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:09:15.077276: | pstats #6 ikev2.ike deleted other Aug 26 13:09:15.077280: | #6 spent 2.83 milliseconds in total Aug 26 13:09:15.077283: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:15.077286: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.546s and NOT sending notification Aug 26 13:09:15.077297: | parent state #6: PARENT_I1(half-open IKE SA) => delete Aug 26 13:09:15.077301: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:15.077303: | #6 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:15.077307: | libevent_free: release ptr-libevent@0x563af5583808 Aug 26 13:09:15.077309: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563af55a3de8 Aug 26 13:09:15.077313: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:09:15.077316: | picked newest_isakmp_sa #0 for #6 Aug 26 13:09:15.077331: "northnet-eastnets/0x2" #6: deleting IKE SA for connection 'northnet-eastnets/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:09:15.077334: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Aug 26 13:09:15.077337: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:09:15.077341: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:09:15.077343: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:09:15.077344: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:09:15.077346: | State DB: deleting IKEv2 state #6 in PARENT_I1 Aug 26 13:09:15.077349: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:09:15.077361: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:15.077365: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:09:15.077366: | pass 1 Aug 26 13:09:15.077368: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.077371: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:15.077373: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:15.077376: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:15.077425: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:15.077439: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:15.077446: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.077449: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:15.077452: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.077456: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:15.077461: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 13:09:15.077464: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:15.077467: | command executing unroute-client Aug 26 13:09:15.077508: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' Aug 26 13:09:15.077515: | popen cmd is 1282 chars long Aug 26 13:09:15.077519: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:15.077523: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:15.077526: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:15.077530: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:15.077533: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:15.077537: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 13:09:15.077540: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 13:09:15.077542: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 13:09:15.077544: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:09:15.077545: | cmd( 720):22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Aug 26 13:09:15.077547: | cmd( 800):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI: Aug 26 13:09:15.077549: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 13:09:15.077551: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 13:09:15.077552: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 13:09:15.077554: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 13:09:15.077556: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Aug 26 13:09:15.077557: | cmd(1280):&1: Aug 26 13:09:15.089082: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089113: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089116: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089120: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089129: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089143: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089158: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089171: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089184: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089196: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089209: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089225: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089238: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089251: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089264: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089276: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089319: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089325: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089329: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089473: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089485: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089500: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089513: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089526: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089539: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089556: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089572: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089585: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089598: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089610: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089623: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089637: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089650: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089662: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089674: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089688: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089702: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089714: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089727: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089739: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089751: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089766: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.089779: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.095463: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Aug 26 13:09:15.095484: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:09:15.095504: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:09:15.095507: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:09:15.095509: | pass 0 Aug 26 13:09:15.095511: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.095512: | pass 1 Aug 26 13:09:15.095514: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:09:15.095517: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:09:15.095519: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:15.095522: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:15.095557: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:15.095573: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:15.095577: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:15.095581: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:15.095586: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:09:15.095589: | running updown command "ipsec _updown" for verb unroute Aug 26 13:09:15.095593: | command executing unroute-client Aug 26 13:09:15.095639: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL Aug 26 13:09:15.095648: | popen cmd is 1280 chars long Aug 26 13:09:15.095652: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:09:15.095655: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.3: Aug 26 13:09:15.095659: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:09:15.095662: | cmd( 240):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIEN: Aug 26 13:09:15.095665: | cmd( 320):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:09:15.095667: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Aug 26 13:09:15.095669: | cmd( 480):PE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=: Aug 26 13:09:15.095671: | cmd( 560):Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testin: Aug 26 13:09:15.095672: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:09:15.095674: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:09:15.095676: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 13:09:15.095677: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:09:15.095679: | cmd( 960):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:09:15.095681: | cmd(1040):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:09:15.095683: | cmd(1120):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:09:15.095684: | cmd(1200):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:15.106547: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106578: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106585: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106588: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106601: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106614: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106625: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106638: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106650: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106662: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106674: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106688: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106701: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106713: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106725: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106740: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106750: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106762: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106954: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106966: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106980: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.106992: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107009: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107021: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107033: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107046: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107060: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107072: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107084: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107096: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107109: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107121: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107133: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107145: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107156: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107169: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107182: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107194: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107208: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107219: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107233: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.107247: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:09:15.114549: | free hp@0x563af558b9a8 Aug 26 13:09:15.114562: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 13:09:15.114566: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 13:09:15.114596: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:09:15.114598: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:09:15.114608: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:09:15.114610: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:09:15.114612: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:09:15.114614: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:09:15.114616: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:09:15.114618: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:09:15.114621: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:09:15.114634: | libevent_free: release ptr-libevent@0x563af5574738 Aug 26 13:09:15.114638: | free_event_entry: release EVENT_NULL-pe@0x563af5580408 Aug 26 13:09:15.114659: | libevent_free: release ptr-libevent@0x563af551af18 Aug 26 13:09:15.114663: | free_event_entry: release EVENT_NULL-pe@0x563af55804b8 Aug 26 13:09:15.114684: | libevent_free: release ptr-libevent@0x563af551afc8 Aug 26 13:09:15.114689: | free_event_entry: release EVENT_NULL-pe@0x563af5580568 Aug 26 13:09:15.114697: | libevent_free: release ptr-libevent@0x563af5519f88 Aug 26 13:09:15.114700: | free_event_entry: release EVENT_NULL-pe@0x563af5580618 Aug 26 13:09:15.114706: | libevent_free: release ptr-libevent@0x563af5522298 Aug 26 13:09:15.114722: | free_event_entry: release EVENT_NULL-pe@0x563af55806c8 Aug 26 13:09:15.114728: | libevent_free: release ptr-libevent@0x563af5522db8 Aug 26 13:09:15.114731: | free_event_entry: release EVENT_NULL-pe@0x563af5580778 Aug 26 13:09:15.114738: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:15.115154: | libevent_free: release ptr-libevent@0x563af55747e8 Aug 26 13:09:15.115162: | free_event_entry: release EVENT_NULL-pe@0x563af5568988 Aug 26 13:09:15.115168: | libevent_free: release ptr-libevent@0x563af5561468 Aug 26 13:09:15.115171: | free_event_entry: release EVENT_NULL-pe@0x563af55684e8 Aug 26 13:09:15.115175: | libevent_free: release ptr-libevent@0x563af55613b8 Aug 26 13:09:15.115178: | free_event_entry: release EVENT_NULL-pe@0x563af5522458 Aug 26 13:09:15.115182: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:09:15.115185: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:09:15.115188: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:09:15.115190: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:09:15.115193: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:09:15.115196: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:09:15.115198: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:09:15.115201: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:09:15.115203: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:09:15.115208: | libevent_free: release ptr-libevent@0x563af5526a28 Aug 26 13:09:15.115212: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:09:15.115216: | libevent_free: release ptr-libevent@0x563af549d308 Aug 26 13:09:15.115220: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:09:15.115223: | libevent_free: release ptr-libevent@0x563af54a7508 Aug 26 13:09:15.115226: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:09:15.115229: | libevent_free: release ptr-libevent@0x563af549f3b8 Aug 26 13:09:15.115232: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:09:15.115234: | releasing event base Aug 26 13:09:15.115245: | libevent_free: release ptr-libevent@0x563af557fe48 Aug 26 13:09:15.115248: | libevent_free: release ptr-libevent@0x563af5562da8 Aug 26 13:09:15.115253: | libevent_free: release ptr-libevent@0x563af5562d58 Aug 26 13:09:15.115255: | libevent_free: release ptr-libevent@0x563af5582ee8 Aug 26 13:09:15.115258: | libevent_free: release ptr-libevent@0x563af5562d18 Aug 26 13:09:15.115261: | libevent_free: release ptr-libevent@0x563af557fad8 Aug 26 13:09:15.115264: | libevent_free: release ptr-libevent@0x563af557fd48 Aug 26 13:09:15.115266: | libevent_free: release ptr-libevent@0x563af5562f58 Aug 26 13:09:15.115269: | libevent_free: release ptr-libevent@0x563af5568558 Aug 26 13:09:15.115272: | libevent_free: release ptr-libevent@0x563af55681b8 Aug 26 13:09:15.115274: | libevent_free: release ptr-libevent@0x563af55807e8 Aug 26 13:09:15.115277: | libevent_free: release ptr-libevent@0x563af5580738 Aug 26 13:09:15.115280: | libevent_free: release ptr-libevent@0x563af5580688 Aug 26 13:09:15.115282: | libevent_free: release ptr-libevent@0x563af55805d8 Aug 26 13:09:15.115285: | libevent_free: release ptr-libevent@0x563af5580528 Aug 26 13:09:15.115292: | libevent_free: release ptr-libevent@0x563af5580478 Aug 26 13:09:15.115297: | libevent_free: release ptr-libevent@0x563af549ba38 Aug 26 13:09:15.115302: | libevent_free: release ptr-libevent@0x563af557fdc8 Aug 26 13:09:15.115305: | libevent_free: release ptr-libevent@0x563af557fd88 Aug 26 13:09:15.115307: | libevent_free: release ptr-libevent@0x563af557fc48 Aug 26 13:09:15.115309: | libevent_free: release ptr-libevent@0x563af557fe08 Aug 26 13:09:15.115312: | libevent_free: release ptr-libevent@0x563af557fb18 Aug 26 13:09:15.115314: | libevent_free: release ptr-libevent@0x563af55285b8 Aug 26 13:09:15.115317: | libevent_free: release ptr-libevent@0x563af5528538 Aug 26 13:09:15.115320: | libevent_free: release ptr-libevent@0x563af549bda8 Aug 26 13:09:15.115323: | releasing global libevent data Aug 26 13:09:15.115326: | libevent_free: release ptr-libevent@0x563af5528738 Aug 26 13:09:15.115328: | libevent_free: release ptr-libevent@0x563af55286b8 Aug 26 13:09:15.115344: | libevent_free: release ptr-libevent@0x563af5528638 Aug 26 13:09:15.115386: leak detective found no leaks