Aug 26 13:09:11.184494: FIPS Product: YES Aug 26 13:09:11.184633: FIPS Kernel: NO Aug 26 13:09:11.184637: FIPS Mode: NO Aug 26 13:09:11.184639: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:11.184775: Initializing NSS Aug 26 13:09:11.184782: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:11.217578: NSS initialized Aug 26 13:09:11.217593: NSS crypto library initialized Aug 26 13:09:11.217595: FIPS HMAC integrity support [enabled] Aug 26 13:09:11.217596: FIPS mode disabled for pluto daemon Aug 26 13:09:11.243779: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:11.243864: libcap-ng support [enabled] Aug 26 13:09:11.243870: Linux audit support [enabled] Aug 26 13:09:11.243889: Linux audit activated Aug 26 13:09:11.243894: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:5799 Aug 26 13:09:11.243896: core dump dir: /tmp Aug 26 13:09:11.243897: secrets file: /etc/ipsec.secrets Aug 26 13:09:11.243899: leak-detective enabled Aug 26 13:09:11.243900: NSS crypto [enabled] Aug 26 13:09:11.243901: XAUTH PAM support [enabled] Aug 26 13:09:11.243957: | libevent is using pluto's memory allocator Aug 26 13:09:11.243965: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:11.243976: | libevent_malloc: new ptr-libevent@0x555d0dd8aab8 size 40 Aug 26 13:09:11.243978: | libevent_malloc: new ptr-libevent@0x555d0dd8aa38 size 40 Aug 26 13:09:11.243981: | libevent_malloc: new ptr-libevent@0x555d0dd8a9b8 size 40 Aug 26 13:09:11.243982: | creating event base Aug 26 13:09:11.243985: | libevent_malloc: new ptr-libevent@0x555d0dd7c5e8 size 56 Aug 26 13:09:11.243988: | libevent_malloc: new ptr-libevent@0x555d0dcfdd18 size 664 Aug 26 13:09:11.243997: | libevent_malloc: new ptr-libevent@0x555d0ddc50d8 size 24 Aug 26 13:09:11.243999: | libevent_malloc: new ptr-libevent@0x555d0ddc5128 size 384 Aug 26 13:09:11.244006: | libevent_malloc: new ptr-libevent@0x555d0ddc5098 size 16 Aug 26 13:09:11.244008: | libevent_malloc: new ptr-libevent@0x555d0dd8a938 size 40 Aug 26 13:09:11.244010: | libevent_malloc: new ptr-libevent@0x555d0dd8a8b8 size 48 Aug 26 13:09:11.244013: | libevent_realloc: new ptr-libevent@0x555d0dcfd9a8 size 256 Aug 26 13:09:11.244015: | libevent_malloc: new ptr-libevent@0x555d0ddc52d8 size 16 Aug 26 13:09:11.244019: | libevent_free: release ptr-libevent@0x555d0dd7c5e8 Aug 26 13:09:11.244021: | libevent initialized Aug 26 13:09:11.244024: | libevent_realloc: new ptr-libevent@0x555d0dd7c5e8 size 64 Aug 26 13:09:11.244028: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:11.244039: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:11.244040: NAT-Traversal support [enabled] Aug 26 13:09:11.244042: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:11.244047: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:11.244049: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:11.244074: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:11.244077: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:11.244079: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:11.244112: Encryption algorithms: Aug 26 13:09:11.244116: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:11.244119: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:11.244121: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:11.244123: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:11.244125: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:11.244132: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:11.244135: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:11.244137: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:11.244154: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:11.244156: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:11.244159: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:11.244161: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:11.244163: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:11.244166: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:11.244168: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:11.244170: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:11.244172: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:11.244177: Hash algorithms: Aug 26 13:09:11.244179: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:11.244180: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:11.244183: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:11.244185: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:11.244186: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:11.244197: PRF algorithms: Aug 26 13:09:11.244199: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:11.244201: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:11.244203: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:11.244206: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:11.244208: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:11.244210: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:11.244226: Integrity algorithms: Aug 26 13:09:11.244228: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:11.244230: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:11.244233: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:11.244235: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:11.244238: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:11.244240: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:11.244242: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:11.244244: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:11.244246: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:11.244254: DH algorithms: Aug 26 13:09:11.244256: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:11.244258: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:11.244260: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:11.244263: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:11.244265: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:11.244267: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:11.244269: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:11.244271: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:11.244273: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:11.244275: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:11.244277: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:11.244279: testing CAMELLIA_CBC: Aug 26 13:09:11.244281: Camellia: 16 bytes with 128-bit key Aug 26 13:09:11.244439: Camellia: 16 bytes with 128-bit key Aug 26 13:09:11.244463: Camellia: 16 bytes with 256-bit key Aug 26 13:09:11.244482: Camellia: 16 bytes with 256-bit key Aug 26 13:09:11.244498: testing AES_GCM_16: Aug 26 13:09:11.244501: empty string Aug 26 13:09:11.244519: one block Aug 26 13:09:11.244535: two blocks Aug 26 13:09:11.244551: two blocks with associated data Aug 26 13:09:11.244569: testing AES_CTR: Aug 26 13:09:11.244571: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:11.244587: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:11.244604: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:11.244623: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:11.244639: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:11.244656: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:11.244673: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:11.244689: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:11.244705: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:11.244722: testing AES_CBC: Aug 26 13:09:11.244724: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:11.244741: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:11.244759: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:11.244776: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:11.244796: testing AES_XCBC: Aug 26 13:09:11.244799: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:11.244870: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:11.244948: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:11.245030: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:11.245129: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:11.245204: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:11.245301: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:11.245519: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:11.245657: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:11.245807: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:11.246054: testing HMAC_MD5: Aug 26 13:09:11.246061: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:11.246241: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:11.246399: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:11.246559: 8 CPU cores online Aug 26 13:09:11.246563: starting up 7 crypto helpers Aug 26 13:09:11.246588: started thread for crypto helper 0 Aug 26 13:09:11.246606: started thread for crypto helper 1 Aug 26 13:09:11.246636: | starting up helper thread 0 Aug 26 13:09:11.246650: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:11.246643: | starting up helper thread 1 Aug 26 13:09:11.246650: | starting up helper thread 2 Aug 26 13:09:11.246654: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:11.246661: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:11.246645: started thread for crypto helper 2 Aug 26 13:09:11.246709: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:11.246682: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:11.246766: started thread for crypto helper 3 Aug 26 13:09:11.246767: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:11.246773: | starting up helper thread 3 Aug 26 13:09:11.246782: started thread for crypto helper 4 Aug 26 13:09:11.246785: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:11.246786: | starting up helper thread 4 Aug 26 13:09:11.246797: started thread for crypto helper 5 Aug 26 13:09:11.246789: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:11.246800: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:11.246803: | starting up helper thread 5 Aug 26 13:09:11.246816: started thread for crypto helper 6 Aug 26 13:09:11.246820: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:11.246820: | checking IKEv1 state table Aug 26 13:09:11.246812: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:11.246847: | starting up helper thread 6 Aug 26 13:09:11.246880: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:11.246887: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:11.246881: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:11.246880: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:11.246892: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:11.246921: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:11.246925: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:11.246927: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:11.246930: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:11.246932: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:11.246935: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:11.246937: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:11.246940: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:11.246942: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:11.246945: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:11.246947: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:11.246950: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:11.246952: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:11.246955: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:11.246912: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:11.246957: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:11.246969: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:11.246972: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:11.246975: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:11.246978: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.246980: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:11.246982: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.246985: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:11.246988: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:11.246991: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:11.246993: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:11.246996: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:11.246999: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:11.247001: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:11.247003: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:11.247006: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:11.247008: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247011: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:11.247014: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247016: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:11.247019: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:11.247026: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:11.247029: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:11.247031: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:11.247034: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:11.247037: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:11.247040: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247043: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:11.247045: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247048: | INFO: category: informational flags: 0: Aug 26 13:09:11.247050: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247053: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:11.247056: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247059: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:11.247061: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:11.247064: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:11.247067: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:11.247070: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:11.247072: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:11.247075: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:11.247078: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:11.247081: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:11.247083: | -> UNDEFINED EVENT_NULL Aug 26 13:09:11.247086: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:11.247089: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:11.247092: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:11.247094: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:11.247097: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:11.247099: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:11.247105: | checking IKEv2 state table Aug 26 13:09:11.247112: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:11.247115: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:11.247118: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:11.247121: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:11.247124: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:11.247127: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:11.247129: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:11.247132: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:11.247135: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:11.247138: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:11.247140: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:11.247143: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:11.247145: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:11.247148: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:11.247151: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:11.247153: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:11.247156: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:11.247159: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:11.247162: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:11.247165: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:11.247167: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:11.247170: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:11.247173: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:11.247178: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:11.247181: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:11.247183: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:11.247186: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:11.247189: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:11.247192: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:11.247194: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:11.247197: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:11.247200: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:11.247203: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:11.247206: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:11.247209: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:11.247212: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:11.247216: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:11.247219: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:11.247222: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:11.247225: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:11.247227: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:11.247230: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:11.247233: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:11.247236: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:11.247239: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:11.247242: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:11.247245: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:11.247259: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:11.247335: | Hard-wiring algorithms Aug 26 13:09:11.247356: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:11.247361: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:11.247364: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:11.247367: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:11.247369: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:11.247372: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:11.247375: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:11.247378: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:11.247380: | adding AES_CTR to kernel algorithm db Aug 26 13:09:11.247383: | adding AES_CBC to kernel algorithm db Aug 26 13:09:11.247386: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:11.247389: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:11.247392: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:11.247394: | adding NULL to kernel algorithm db Aug 26 13:09:11.247397: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:11.247400: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:11.247403: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:11.247405: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:11.247408: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:11.247411: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:11.247413: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:11.247416: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:11.247419: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:11.247422: | adding NONE to kernel algorithm db Aug 26 13:09:11.247444: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:11.247451: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:11.247453: | setup kernel fd callback Aug 26 13:09:11.247457: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555d0dd847d8 Aug 26 13:09:11.247461: | libevent_malloc: new ptr-libevent@0x555d0ddc3738 size 128 Aug 26 13:09:11.247464: | libevent_malloc: new ptr-libevent@0x555d0ddca8d8 size 16 Aug 26 13:09:11.247470: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555d0ddca868 Aug 26 13:09:11.247473: | libevent_malloc: new ptr-libevent@0x555d0ddc37e8 size 128 Aug 26 13:09:11.247476: | libevent_malloc: new ptr-libevent@0x555d0ddca538 size 16 Aug 26 13:09:11.247634: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:11.247642: selinux support is enabled. Aug 26 13:09:11.247811: | unbound context created - setting debug level to 5 Aug 26 13:09:11.247831: | /etc/hosts lookups activated Aug 26 13:09:11.247840: | /etc/resolv.conf usage activated Aug 26 13:09:11.247875: | outgoing-port-avoid set 0-65535 Aug 26 13:09:11.247892: | outgoing-port-permit set 32768-60999 Aug 26 13:09:11.247894: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:11.247896: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:11.247898: | Setting up events, loop start Aug 26 13:09:11.247900: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555d0ddcad08 Aug 26 13:09:11.247902: | libevent_malloc: new ptr-libevent@0x555d0ddd6b68 size 128 Aug 26 13:09:11.247904: | libevent_malloc: new ptr-libevent@0x555d0dde1dd8 size 16 Aug 26 13:09:11.247908: | libevent_realloc: new ptr-libevent@0x555d0dde1e18 size 256 Aug 26 13:09:11.247910: | libevent_malloc: new ptr-libevent@0x555d0dde1f48 size 8 Aug 26 13:09:11.247912: | libevent_realloc: new ptr-libevent@0x555d0dde1f88 size 144 Aug 26 13:09:11.247914: | libevent_malloc: new ptr-libevent@0x555d0dd88da8 size 152 Aug 26 13:09:11.247916: | libevent_malloc: new ptr-libevent@0x555d0dde2048 size 16 Aug 26 13:09:11.247919: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:11.247921: | libevent_malloc: new ptr-libevent@0x555d0dde2088 size 8 Aug 26 13:09:11.247924: | libevent_malloc: new ptr-libevent@0x555d0dcfe1c8 size 152 Aug 26 13:09:11.247926: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:11.247927: | libevent_malloc: new ptr-libevent@0x555d0dde20c8 size 8 Aug 26 13:09:11.247929: | libevent_malloc: new ptr-libevent@0x555d0dd01bd8 size 152 Aug 26 13:09:11.247931: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:11.247933: | libevent_malloc: new ptr-libevent@0x555d0dde2108 size 8 Aug 26 13:09:11.247934: | libevent_realloc: release ptr-libevent@0x555d0dde1f88 Aug 26 13:09:11.247936: | libevent_realloc: new ptr-libevent@0x555d0dde2148 size 256 Aug 26 13:09:11.247938: | libevent_malloc: new ptr-libevent@0x555d0dde2278 size 152 Aug 26 13:09:11.247940: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:11.248200: | created addconn helper (pid:5898) using fork+execve Aug 26 13:09:11.248218: | forked child 5898 Aug 26 13:09:11.248260: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.248275: listening for IKE messages Aug 26 13:09:11.248359: | Inspecting interface lo Aug 26 13:09:11.248370: | found lo with address 127.0.0.1 Aug 26 13:09:11.248376: | Inspecting interface eth0 Aug 26 13:09:11.248381: | found eth0 with address 192.0.3.254 Aug 26 13:09:11.248385: | Inspecting interface eth1 Aug 26 13:09:11.248389: | found eth1 with address 192.1.3.33 Aug 26 13:09:11.248484: Kernel supports NIC esp-hw-offload Aug 26 13:09:11.248497: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:09:11.248518: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:11.248523: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:11.248527: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:09:11.248555: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:09:11.248575: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:11.248580: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:11.248584: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:09:11.248608: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:11.248629: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:11.248633: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:11.248637: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:11.248690: | no interfaces to sort Aug 26 13:09:11.248695: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:11.248704: | add_fd_read_event_handler: new ethX-pe@0x555d0dde27d8 Aug 26 13:09:11.248708: | libevent_malloc: new ptr-libevent@0x555d0ddd6ab8 size 128 Aug 26 13:09:11.248711: | libevent_malloc: new ptr-libevent@0x555d0dde2848 size 16 Aug 26 13:09:11.248718: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:11.248721: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2888 Aug 26 13:09:11.248726: | libevent_malloc: new ptr-libevent@0x555d0dd7d298 size 128 Aug 26 13:09:11.248729: | libevent_malloc: new ptr-libevent@0x555d0dde28f8 size 16 Aug 26 13:09:11.248734: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:11.248737: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2938 Aug 26 13:09:11.248741: | libevent_malloc: new ptr-libevent@0x555d0dd7d348 size 128 Aug 26 13:09:11.248743: | libevent_malloc: new ptr-libevent@0x555d0dde29a8 size 16 Aug 26 13:09:11.248748: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:11.248751: | add_fd_read_event_handler: new ethX-pe@0x555d0dde29e8 Aug 26 13:09:11.248755: | libevent_malloc: new ptr-libevent@0x555d0dd7c308 size 128 Aug 26 13:09:11.248759: | libevent_malloc: new ptr-libevent@0x555d0dde2a58 size 16 Aug 26 13:09:11.248764: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:11.248768: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2a98 Aug 26 13:09:11.248772: | libevent_malloc: new ptr-libevent@0x555d0dd84618 size 128 Aug 26 13:09:11.248775: | libevent_malloc: new ptr-libevent@0x555d0dde2b08 size 16 Aug 26 13:09:11.248780: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:11.248784: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2b48 Aug 26 13:09:11.248788: | libevent_malloc: new ptr-libevent@0x555d0dd85138 size 128 Aug 26 13:09:11.248790: | libevent_malloc: new ptr-libevent@0x555d0dde2bb8 size 16 Aug 26 13:09:11.248795: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:11.248800: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:11.248802: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:11.248824: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:11.248842: | saving Modulus Aug 26 13:09:11.248846: | saving PublicExponent Aug 26 13:09:11.248850: | ignoring PrivateExponent Aug 26 13:09:11.248854: | ignoring Prime1 Aug 26 13:09:11.248857: | ignoring Prime2 Aug 26 13:09:11.248860: | ignoring Exponent1 Aug 26 13:09:11.248864: | ignoring Exponent2 Aug 26 13:09:11.248867: | ignoring Coefficient Aug 26 13:09:11.248871: | ignoring CKAIDNSS Aug 26 13:09:11.248899: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:11.248903: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:11.248907: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:11.248914: | certs and keys locked by 'process_secret' Aug 26 13:09:11.248918: | certs and keys unlocked by 'process_secret' Aug 26 13:09:11.248930: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.248940: | spent 0.66 milliseconds in whack Aug 26 13:09:11.277182: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.277214: listening for IKE messages Aug 26 13:09:11.277260: | Inspecting interface lo Aug 26 13:09:11.277269: | found lo with address 127.0.0.1 Aug 26 13:09:11.277273: | Inspecting interface eth0 Aug 26 13:09:11.277278: | found eth0 with address 192.0.3.254 Aug 26 13:09:11.277281: | Inspecting interface eth1 Aug 26 13:09:11.277285: | found eth1 with address 192.1.3.33 Aug 26 13:09:11.277355: | no interfaces to sort Aug 26 13:09:11.277368: | libevent_free: release ptr-libevent@0x555d0ddd6ab8 Aug 26 13:09:11.277372: | free_event_entry: release EVENT_NULL-pe@0x555d0dde27d8 Aug 26 13:09:11.277375: | add_fd_read_event_handler: new ethX-pe@0x555d0dde27d8 Aug 26 13:09:11.277379: | libevent_malloc: new ptr-libevent@0x555d0ddd6ab8 size 128 Aug 26 13:09:11.277387: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:09:11.277391: | libevent_free: release ptr-libevent@0x555d0dd7d298 Aug 26 13:09:11.277394: | free_event_entry: release EVENT_NULL-pe@0x555d0dde2888 Aug 26 13:09:11.277397: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2888 Aug 26 13:09:11.277399: | libevent_malloc: new ptr-libevent@0x555d0dd7d298 size 128 Aug 26 13:09:11.277405: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:09:11.277408: | libevent_free: release ptr-libevent@0x555d0dd7d348 Aug 26 13:09:11.277411: | free_event_entry: release EVENT_NULL-pe@0x555d0dde2938 Aug 26 13:09:11.277414: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2938 Aug 26 13:09:11.277417: | libevent_malloc: new ptr-libevent@0x555d0dd7d348 size 128 Aug 26 13:09:11.277422: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:09:11.277426: | libevent_free: release ptr-libevent@0x555d0dd7c308 Aug 26 13:09:11.277429: | free_event_entry: release EVENT_NULL-pe@0x555d0dde29e8 Aug 26 13:09:11.277432: | add_fd_read_event_handler: new ethX-pe@0x555d0dde29e8 Aug 26 13:09:11.277434: | libevent_malloc: new ptr-libevent@0x555d0dd7c308 size 128 Aug 26 13:09:11.277439: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:09:11.277443: | libevent_free: release ptr-libevent@0x555d0dd84618 Aug 26 13:09:11.277446: | free_event_entry: release EVENT_NULL-pe@0x555d0dde2a98 Aug 26 13:09:11.277449: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2a98 Aug 26 13:09:11.277451: | libevent_malloc: new ptr-libevent@0x555d0dd84618 size 128 Aug 26 13:09:11.277456: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:09:11.277460: | libevent_free: release ptr-libevent@0x555d0dd85138 Aug 26 13:09:11.277463: | free_event_entry: release EVENT_NULL-pe@0x555d0dde2b48 Aug 26 13:09:11.277466: | add_fd_read_event_handler: new ethX-pe@0x555d0dde2b48 Aug 26 13:09:11.277469: | libevent_malloc: new ptr-libevent@0x555d0dd85138 size 128 Aug 26 13:09:11.277474: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:09:11.277477: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:11.277480: forgetting secrets Aug 26 13:09:11.277490: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:11.277505: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:11.277522: | saving Modulus Aug 26 13:09:11.277526: | saving PublicExponent Aug 26 13:09:11.277530: | ignoring PrivateExponent Aug 26 13:09:11.277533: | ignoring Prime1 Aug 26 13:09:11.277536: | ignoring Prime2 Aug 26 13:09:11.277539: | ignoring Exponent1 Aug 26 13:09:11.277542: | ignoring Exponent2 Aug 26 13:09:11.277545: | ignoring Coefficient Aug 26 13:09:11.277548: | ignoring CKAIDNSS Aug 26 13:09:11.277573: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:11.277576: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:11.277580: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:09:11.277587: | certs and keys locked by 'process_secret' Aug 26 13:09:11.277590: | certs and keys unlocked by 'process_secret' Aug 26 13:09:11.277601: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.277608: | spent 0.426 milliseconds in whack Aug 26 13:09:11.278168: | processing signal PLUTO_SIGCHLD Aug 26 13:09:11.278180: | waitpid returned pid 5898 (exited with status 0) Aug 26 13:09:11.278186: | reaped addconn helper child (status 0) Aug 26 13:09:11.278190: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:11.278194: | spent 0.0163 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:11.326895: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.326924: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:11.326928: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:11.326931: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:11.326934: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:11.326938: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:11.326946: | Added new connection northnet-eastnet-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:11.326949: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:11.327009: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:09:11.327015: | from whack: got --esp= Aug 26 13:09:11.327057: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:09:11.327064: | counting wild cards for @north is 0 Aug 26 13:09:11.327067: | counting wild cards for @east is 0 Aug 26 13:09:11.327078: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:09:11.327082: | new hp@0x555d0dde5308 Aug 26 13:09:11.327087: added connection description "northnet-eastnet-ipv4" Aug 26 13:09:11.327100: | ike_life: 50s; ipsec_life: 180s; rekey_margin: 5s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:11.327113: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:09:11.327122: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.327130: | spent 0.245 milliseconds in whack Aug 26 13:09:11.327168: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.327184: add keyid @north Aug 26 13:09:11.327190: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:09:11.327193: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:09:11.327196: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:09:11.327199: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:09:11.327201: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:09:11.327204: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:09:11.327207: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:09:11.327210: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:09:11.327212: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:09:11.327215: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:09:11.327217: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:09:11.327220: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:09:11.327223: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:09:11.327226: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:09:11.327229: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:09:11.327231: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:09:11.327240: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:09:11.327243: | add pubkey c7 5e a5 99 Aug 26 13:09:11.327268: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:11.327272: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:11.327285: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.327297: | spent 0.132 milliseconds in whack Aug 26 13:09:11.327335: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.327345: add keyid @east Aug 26 13:09:11.327349: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:09:11.327352: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:09:11.327354: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:09:11.327357: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:09:11.327359: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:09:11.327361: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:09:11.327364: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:09:11.327367: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:09:11.327369: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:09:11.327372: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:09:11.327374: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:09:11.327376: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:09:11.327378: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:09:11.327380: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:09:11.327382: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:09:11.327383: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:09:11.327385: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:09:11.327386: | add pubkey 51 51 48 ef Aug 26 13:09:11.327394: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:11.327396: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:11.327403: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.327407: | spent 0.077 milliseconds in whack Aug 26 13:09:11.387591: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.387816: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.387823: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:11.387894: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:11.387906: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.387913: | spent 0.331 milliseconds in whack Aug 26 13:09:11.507951: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:11.507976: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:09:11.507981: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:11.507987: | start processing: connection "northnet-eastnet-ipv4" (in initiate_a_connection() at initiate.c:186) Aug 26 13:09:11.507991: | connection 'northnet-eastnet-ipv4' +POLICY_UP Aug 26 13:09:11.507995: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:09:11.507998: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:11.508016: | creating state object #1 at 0x555d0dde5938 Aug 26 13:09:11.508020: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:11.508029: | pstats #1 ikev2.ike started Aug 26 13:09:11.508033: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:11.508036: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:11.508042: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:11.508055: | suspend processing: connection "northnet-eastnet-ipv4" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:11.508061: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:11.508064: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:11.508068: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet-ipv4" IKE SA #1 "northnet-eastnet-ipv4" Aug 26 13:09:11.508072: "northnet-eastnet-ipv4" #1: initiating v2 parent SA Aug 26 13:09:11.508081: | constructing local IKE proposals for northnet-eastnet-ipv4 (IKE SA initiator selecting KE) Aug 26 13:09:11.508091: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:11.508099: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.508103: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:11.508108: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.508112: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:11.508118: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.508122: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:09:11.508128: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.508139: "northnet-eastnet-ipv4": constructed local IKE proposals for northnet-eastnet-ipv4 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.508149: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:09:11.508153: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555d0dde53e8 Aug 26 13:09:11.508157: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:11.508161: | libevent_malloc: new ptr-libevent@0x555d0dde5768 size 128 Aug 26 13:09:11.508178: | #1 spent 0.188 milliseconds in ikev2_parent_outI1() Aug 26 13:09:11.508182: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:11.508182: | crypto helper 0 resuming Aug 26 13:09:11.508199: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:11.508205: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:09:11.509268: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001062 seconds Aug 26 13:09:11.509286: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:09:11.509300: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:11.509309: | scheduling resume sending helper answer for #1 Aug 26 13:09:11.509314: | libevent_malloc: new ptr-libevent@0x7ff0a4002888 size 128 Aug 26 13:09:11.509320: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:11.508187: | RESET processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:11.509331: | RESET processing: connection "northnet-eastnet-ipv4" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:11.509336: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:09:11.509340: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:09:11.509345: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:11.509350: | spent 0.275 milliseconds in whack Aug 26 13:09:11.509361: | processing resume sending helper answer for #1 Aug 26 13:09:11.509370: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:11.509374: | crypto helper 0 replies to request ID 1 Aug 26 13:09:11.509377: | calling continuation function 0x555d0be9fb50 Aug 26 13:09:11.509381: | ikev2_parent_outI1_continue for #1 Aug 26 13:09:11.509412: | **emit ISAKMP Message: Aug 26 13:09:11.509417: | initiator cookie: Aug 26 13:09:11.509420: | 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.509423: | responder cookie: Aug 26 13:09:11.509426: | 00 00 00 00 00 00 00 00 Aug 26 13:09:11.509430: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:11.509434: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.509438: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:11.509442: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:11.509445: | Message ID: 0 (0x0) Aug 26 13:09:11.509449: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:11.509466: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.509470: | Emitting ikev2_proposals ... Aug 26 13:09:11.509473: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:11.509475: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.509477: | flags: none (0x0) Aug 26 13:09:11.509480: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:11.509483: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.509485: | discarding INTEG=NONE Aug 26 13:09:11.509488: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.509491: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.509493: | prop #: 1 (0x1) Aug 26 13:09:11.509496: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:11.509498: | spi size: 0 (0x0) Aug 26 13:09:11.509500: | # transforms: 11 (0xb) Aug 26 13:09:11.509503: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.509506: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509514: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.509521: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.509525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509528: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.509531: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.509534: | length/value: 256 (0x100) Aug 26 13:09:11.509537: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.509539: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509544: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.509546: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:11.509549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509555: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509557: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509562: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.509565: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:11.509568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509574: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509576: | discarding INTEG=NONE Aug 26 13:09:11.509579: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509584: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509586: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.509590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509596: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509598: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509601: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509606: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:11.509609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509612: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509615: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509618: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509623: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509625: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:11.509628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509634: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509639: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509647: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:11.509651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509654: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509656: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509664: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509666: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:11.509670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509678: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509683: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509685: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:11.509688: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509694: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509697: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509699: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509702: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509705: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:11.509708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509714: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509717: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509719: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.509722: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509725: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:11.509728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509734: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509737: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:11.509740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.509742: | discarding INTEG=NONE Aug 26 13:09:11.509745: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.509748: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.509750: | prop #: 2 (0x2) Aug 26 13:09:11.509753: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:11.509758: | spi size: 0 (0x0) Aug 26 13:09:11.509761: | # transforms: 11 (0xb) Aug 26 13:09:11.509765: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.509768: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.509771: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509777: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.509779: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.509783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509785: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.509788: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.509791: | length/value: 128 (0x80) Aug 26 13:09:11.509794: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.509797: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509802: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.509805: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:11.509809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509815: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509818: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509823: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.509826: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:11.509829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509835: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509838: | discarding INTEG=NONE Aug 26 13:09:11.509841: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509849: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.509853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509860: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509862: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509868: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509871: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:11.509874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509878: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509881: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509888: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509897: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:11.509900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509903: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509906: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509909: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509915: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509917: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:11.509920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509923: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509927: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509929: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509934: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509937: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:11.509940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509947: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509949: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509958: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:11.509961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509964: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509967: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509969: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509977: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:11.509981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.509984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.509987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.509989: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.509992: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.509995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.509997: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:11.510001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510009: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510012: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:09:11.510015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.510019: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.510021: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.510024: | prop #: 3 (0x3) Aug 26 13:09:11.510027: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:11.510029: | spi size: 0 (0x0) Aug 26 13:09:11.510032: | # transforms: 13 (0xd) Aug 26 13:09:11.510035: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.510038: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.510041: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510047: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.510050: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.510053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510056: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.510059: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.510061: | length/value: 256 (0x100) Aug 26 13:09:11.510064: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.510067: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510071: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.510074: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:11.510077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510083: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510086: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510091: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.510094: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:11.510097: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510103: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510105: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510110: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.510113: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.510116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510122: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510125: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510132: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.510134: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.510137: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510140: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510143: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510146: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510153: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.510156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510162: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510165: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510172: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:11.510175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510181: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510183: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510191: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:11.510194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510199: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510202: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510207: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510210: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:11.510213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510216: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510218: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510221: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:11.510232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510237: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510243: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510251: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:11.510254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510257: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510260: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510263: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510271: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:11.510274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510279: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510282: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510285: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.510292: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510298: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:11.510302: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510305: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510308: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510310: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:11.510313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.510317: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.510319: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.510321: | prop #: 4 (0x4) Aug 26 13:09:11.510324: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:11.510326: | spi size: 0 (0x0) Aug 26 13:09:11.510329: | # transforms: 13 (0xd) Aug 26 13:09:11.510332: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:09:11.510335: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:11.510338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510343: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.510345: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:11.510348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510351: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.510354: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.510357: | length/value: 128 (0x80) Aug 26 13:09:11.510359: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:11.510362: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.510370: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:11.510375: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510381: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510383: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510388: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.510391: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:11.510394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510406: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.510409: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:11.510412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510419: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510421: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510427: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:11.510429: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:11.510433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510439: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510442: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510447: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510450: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.510453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510459: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510461: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510466: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510468: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:11.510471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510473: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510476: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510478: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510488: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:09:11.510491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510496: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510498: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510506: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:09:11.510509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510514: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510522: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510524: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:09:11.510527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510535: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510542: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:09:11.510545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510554: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510563: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:09:11.510566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510573: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510577: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:11.510580: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.510583: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.510586: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:09:11.510590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.510593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:11.510598: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:11.510601: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:09:11.510605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:11.510608: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:09:11.510612: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:11.510615: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:11.510618: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.510620: | flags: none (0x0) Aug 26 13:09:11.510623: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.510627: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:11.510630: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.510633: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:11.510636: | ikev2 g^x 13 db b6 db ea 73 cd 6b 16 7f fb 2d 13 13 7f 56 Aug 26 13:09:11.510638: | ikev2 g^x a4 b1 d3 54 43 89 6c 04 77 36 00 1f c4 9f 8a 27 Aug 26 13:09:11.510640: | ikev2 g^x e5 7d 47 dd ec 83 34 f5 fd 9c 89 8a c1 df ec e5 Aug 26 13:09:11.510643: | ikev2 g^x 95 6a b1 09 39 e0 10 67 28 fa 1c ad 4a 52 11 e1 Aug 26 13:09:11.510645: | ikev2 g^x 2c 10 a4 3f 8c b5 c9 6a 02 c8 4d e7 67 d6 af 87 Aug 26 13:09:11.510648: | ikev2 g^x 87 bb b6 b4 16 ac 31 c0 62 73 33 77 1d 42 2d 5f Aug 26 13:09:11.510650: | ikev2 g^x 2f a8 e2 30 67 0c 71 56 2f 2b a8 84 44 22 e5 80 Aug 26 13:09:11.510652: | ikev2 g^x 06 b7 51 39 6d e7 5c ab 80 6d d7 6f 90 a7 13 73 Aug 26 13:09:11.510655: | ikev2 g^x f1 89 28 e9 e1 c1 0f 94 7d 21 65 7d f9 3c 26 fa Aug 26 13:09:11.510657: | ikev2 g^x ce 10 05 e6 ff 35 ba 89 c1 24 13 2d d0 80 40 fe Aug 26 13:09:11.510660: | ikev2 g^x b4 5f c0 26 c3 cd 04 c7 b4 e1 c8 75 73 f9 14 55 Aug 26 13:09:11.510663: | ikev2 g^x d3 e4 79 13 db 6b 0c b8 18 59 8d b1 4a 72 27 49 Aug 26 13:09:11.510665: | ikev2 g^x 7f 23 91 27 c5 f4 77 3d 10 ba fd 9d 4c dd e5 0c Aug 26 13:09:11.510667: | ikev2 g^x 14 02 ad 69 fb af df 80 8d c6 1e 22 ff 22 5e aa Aug 26 13:09:11.510670: | ikev2 g^x 38 f2 56 36 5c 84 fa 1e b5 56 c4 c5 30 aa d0 39 Aug 26 13:09:11.510672: | ikev2 g^x 89 f3 71 d2 28 41 b3 97 fa 11 33 34 c8 d4 5a 7a Aug 26 13:09:11.510675: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:11.510678: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:11.510681: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:11.510683: | flags: none (0x0) Aug 26 13:09:11.510686: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:11.510690: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.510692: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.510696: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:11.510698: | IKEv2 nonce e7 52 4f 77 4b 44 2f c6 93 eb e2 e3 09 3c ab 0c Aug 26 13:09:11.510701: | IKEv2 nonce d8 9f 84 f1 97 3f d9 6b a7 7a 38 87 40 59 cb f6 Aug 26 13:09:11.510704: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:11.510706: | Adding a v2N Payload Aug 26 13:09:11.510709: | ***emit IKEv2 Notify Payload: Aug 26 13:09:11.510712: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.510714: | flags: none (0x0) Aug 26 13:09:11.510717: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.510720: | SPI size: 0 (0x0) Aug 26 13:09:11.510723: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:11.510726: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:11.510731: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.510734: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:11.510737: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:11.510740: | natd_hash: rcookie is zero Aug 26 13:09:11.510759: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:09:11.510763: | natd_hash: icookie= 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.510766: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:11.510768: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:11.510770: | natd_hash: port=500 Aug 26 13:09:11.510772: | natd_hash: hash= 87 d6 70 e5 f6 ae 03 31 4a be 6b 77 04 5a 92 03 Aug 26 13:09:11.510773: | natd_hash: hash= 88 17 52 50 Aug 26 13:09:11.510775: | Adding a v2N Payload Aug 26 13:09:11.510777: | ***emit IKEv2 Notify Payload: Aug 26 13:09:11.510778: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.510780: | flags: none (0x0) Aug 26 13:09:11.510782: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.510783: | SPI size: 0 (0x0) Aug 26 13:09:11.510785: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:11.510787: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:11.510789: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.510791: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:11.510792: | Notify data 87 d6 70 e5 f6 ae 03 31 4a be 6b 77 04 5a 92 03 Aug 26 13:09:11.510794: | Notify data 88 17 52 50 Aug 26 13:09:11.510796: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:11.510797: | natd_hash: rcookie is zero Aug 26 13:09:11.510802: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:09:11.510804: | natd_hash: icookie= 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.510805: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:11.510807: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:11.510808: | natd_hash: port=500 Aug 26 13:09:11.510810: | natd_hash: hash= 52 39 b1 9b ec 85 eb e8 9c a2 03 a5 68 97 e2 40 Aug 26 13:09:11.510811: | natd_hash: hash= fa 3f b1 12 Aug 26 13:09:11.510813: | Adding a v2N Payload Aug 26 13:09:11.510814: | ***emit IKEv2 Notify Payload: Aug 26 13:09:11.510816: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.510818: | flags: none (0x0) Aug 26 13:09:11.510819: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.510821: | SPI size: 0 (0x0) Aug 26 13:09:11.510822: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:11.510824: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:11.510826: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.510828: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:11.510829: | Notify data 52 39 b1 9b ec 85 eb e8 9c a2 03 a5 68 97 e2 40 Aug 26 13:09:11.510831: | Notify data fa 3f b1 12 Aug 26 13:09:11.510832: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:11.510834: | emitting length of ISAKMP Message: 828 Aug 26 13:09:11.510840: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:11.510850: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.510853: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:11.510855: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:11.510857: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:11.510860: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:09:11.510862: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:11.510866: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:11.510868: "northnet-eastnet-ipv4" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:11.510877: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:09:11.510886: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:09:11.510888: | 15 85 64 94 8f f5 2d 2f 00 00 00 00 00 00 00 00 Aug 26 13:09:11.510891: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:09:11.510893: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:09:11.510895: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:09:11.510898: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:09:11.510900: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:09:11.510903: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:09:11.510904: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:09:11.510906: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:09:11.510907: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:09:11.510909: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:09:11.510910: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:09:11.510912: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:09:11.510913: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:09:11.510915: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:09:11.510916: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:09:11.510918: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:11.510919: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:09:11.510921: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:09:11.510922: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:09:11.510924: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:09:11.510925: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:09:11.510927: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:09:11.510928: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:09:11.510930: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:09:11.510931: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:09:11.510933: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:09:11.510934: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:09:11.510936: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:09:11.510937: | 28 00 01 08 00 0e 00 00 13 db b6 db ea 73 cd 6b Aug 26 13:09:11.510939: | 16 7f fb 2d 13 13 7f 56 a4 b1 d3 54 43 89 6c 04 Aug 26 13:09:11.510940: | 77 36 00 1f c4 9f 8a 27 e5 7d 47 dd ec 83 34 f5 Aug 26 13:09:11.510942: | fd 9c 89 8a c1 df ec e5 95 6a b1 09 39 e0 10 67 Aug 26 13:09:11.510943: | 28 fa 1c ad 4a 52 11 e1 2c 10 a4 3f 8c b5 c9 6a Aug 26 13:09:11.510945: | 02 c8 4d e7 67 d6 af 87 87 bb b6 b4 16 ac 31 c0 Aug 26 13:09:11.510946: | 62 73 33 77 1d 42 2d 5f 2f a8 e2 30 67 0c 71 56 Aug 26 13:09:11.510948: | 2f 2b a8 84 44 22 e5 80 06 b7 51 39 6d e7 5c ab Aug 26 13:09:11.510949: | 80 6d d7 6f 90 a7 13 73 f1 89 28 e9 e1 c1 0f 94 Aug 26 13:09:11.510951: | 7d 21 65 7d f9 3c 26 fa ce 10 05 e6 ff 35 ba 89 Aug 26 13:09:11.510952: | c1 24 13 2d d0 80 40 fe b4 5f c0 26 c3 cd 04 c7 Aug 26 13:09:11.510954: | b4 e1 c8 75 73 f9 14 55 d3 e4 79 13 db 6b 0c b8 Aug 26 13:09:11.510955: | 18 59 8d b1 4a 72 27 49 7f 23 91 27 c5 f4 77 3d Aug 26 13:09:11.510957: | 10 ba fd 9d 4c dd e5 0c 14 02 ad 69 fb af df 80 Aug 26 13:09:11.510958: | 8d c6 1e 22 ff 22 5e aa 38 f2 56 36 5c 84 fa 1e Aug 26 13:09:11.510961: | b5 56 c4 c5 30 aa d0 39 89 f3 71 d2 28 41 b3 97 Aug 26 13:09:11.510962: | fa 11 33 34 c8 d4 5a 7a 29 00 00 24 e7 52 4f 77 Aug 26 13:09:11.510964: | 4b 44 2f c6 93 eb e2 e3 09 3c ab 0c d8 9f 84 f1 Aug 26 13:09:11.510965: | 97 3f d9 6b a7 7a 38 87 40 59 cb f6 29 00 00 08 Aug 26 13:09:11.510967: | 00 00 40 2e 29 00 00 1c 00 00 40 04 87 d6 70 e5 Aug 26 13:09:11.510968: | f6 ae 03 31 4a be 6b 77 04 5a 92 03 88 17 52 50 Aug 26 13:09:11.510970: | 00 00 00 1c 00 00 40 05 52 39 b1 9b ec 85 eb e8 Aug 26 13:09:11.510971: | 9c a2 03 a5 68 97 e2 40 fa 3f b1 12 Aug 26 13:09:11.511053: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.511058: | libevent_free: release ptr-libevent@0x555d0dde5768 Aug 26 13:09:11.511061: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555d0dde53e8 Aug 26 13:09:11.511063: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:09:11.511066: | event_schedule: new EVENT_RETRANSMIT-pe@0x555d0dde53e8 Aug 26 13:09:11.511068: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:09:11.511071: | libevent_malloc: new ptr-libevent@0x555d0dde8128 size 128 Aug 26 13:09:11.511074: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10237.253532 Aug 26 13:09:11.511077: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:11.511082: | #1 spent 1.65 milliseconds in resume sending helper answer Aug 26 13:09:11.511085: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:09:11.511087: | libevent_free: release ptr-libevent@0x7ff0a4002888 Aug 26 13:09:11.514086: | spent 0.00237 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:11.514108: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:09:11.514112: | 15 85 64 94 8f f5 2d 2f 1c 7b f0 c4 c6 59 09 e5 Aug 26 13:09:11.514114: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:09:11.514117: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:09:11.514119: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:09:11.514121: | 04 00 00 0e 28 00 01 08 00 0e 00 00 f6 a4 b9 ce Aug 26 13:09:11.514123: | ae 22 b9 6b 8a 97 f7 ab 28 c0 62 13 71 0e eb 8d Aug 26 13:09:11.514126: | db 39 12 5a b7 81 5c 11 3e d7 18 bd 88 7b 68 a9 Aug 26 13:09:11.514128: | 25 b7 2f df 19 1c 15 b8 75 77 fd ad e4 bf 2e 31 Aug 26 13:09:11.514130: | b7 48 41 b6 c0 02 d5 5e 08 fb 52 d6 07 30 f7 1b Aug 26 13:09:11.514131: | d8 0f 8b 88 5a f7 af fd e1 ad 00 1e 02 8d 43 97 Aug 26 13:09:11.514133: | 9d 3b 32 72 92 cd b8 65 f8 79 c3 92 b0 18 be d7 Aug 26 13:09:11.514134: | 50 b5 a0 ed ed 40 c6 b8 39 71 5e 68 85 f0 af 80 Aug 26 13:09:11.514136: | 8c ac fc 9f cb 2e 1a a9 cc 4f 9d 68 76 40 6b ee Aug 26 13:09:11.514137: | 40 74 b4 17 95 51 c0 57 24 3f 22 d8 e8 45 e9 46 Aug 26 13:09:11.514139: | 02 72 db 05 29 3e a1 e1 a8 d5 00 55 2e f0 b2 36 Aug 26 13:09:11.514140: | 77 06 51 7b ea e6 b8 34 4a a6 0d f5 3b 49 01 5e Aug 26 13:09:11.514142: | f6 25 62 9c 04 38 25 ac 04 1b a4 f9 cd 7d 2e 06 Aug 26 13:09:11.514143: | f5 12 3e d1 6f 8e 4c 9b ac 16 74 a6 e4 28 6f a0 Aug 26 13:09:11.514145: | 87 43 43 7f ab ef 8c f6 55 9f c2 4c 68 4d ff 4d Aug 26 13:09:11.514146: | 3c ec 0a 99 87 c5 ec d4 a4 09 22 38 30 7a a0 17 Aug 26 13:09:11.514148: | 8e c8 c1 d5 3f c0 7c 2e 7e 45 58 42 29 00 00 24 Aug 26 13:09:11.514149: | 65 2e f3 04 ce 26 01 5a 7d fd 01 f7 f8 95 16 a9 Aug 26 13:09:11.514151: | a4 53 76 12 86 99 c0 7f ce 91 ab 8e cb 97 96 83 Aug 26 13:09:11.514152: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:09:11.514154: | 2c 79 98 25 a3 95 2c a7 07 80 41 cc f3 5b 61 15 Aug 26 13:09:11.514155: | 54 19 1a 29 00 00 00 1c 00 00 40 05 13 75 59 8a Aug 26 13:09:11.514159: | 08 e4 b9 3b 8a 86 24 63 67 bd 12 f2 25 d0 bb 97 Aug 26 13:09:11.514162: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:09:11.514165: | **parse ISAKMP Message: Aug 26 13:09:11.514167: | initiator cookie: Aug 26 13:09:11.514169: | 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.514170: | responder cookie: Aug 26 13:09:11.514172: | 1c 7b f0 c4 c6 59 09 e5 Aug 26 13:09:11.514174: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:11.514176: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.514177: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:11.514179: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:11.514181: | Message ID: 0 (0x0) Aug 26 13:09:11.514183: | length: 432 (0x1b0) Aug 26 13:09:11.514185: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:11.514187: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:09:11.514190: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:11.514194: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:11.514197: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:11.514199: | #1 is idle Aug 26 13:09:11.514200: | #1 idle Aug 26 13:09:11.514202: | unpacking clear payload Aug 26 13:09:11.514204: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:11.514206: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:11.514208: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:11.514209: | flags: none (0x0) Aug 26 13:09:11.514211: | length: 40 (0x28) Aug 26 13:09:11.514213: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:09:11.514214: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:11.514216: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:11.514218: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:11.514219: | flags: none (0x0) Aug 26 13:09:11.514221: | length: 264 (0x108) Aug 26 13:09:11.514222: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.514224: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:11.514226: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:11.514227: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:11.514229: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:11.514230: | flags: none (0x0) Aug 26 13:09:11.514232: | length: 36 (0x24) Aug 26 13:09:11.514234: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:11.514235: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:11.514237: | ***parse IKEv2 Notify Payload: Aug 26 13:09:11.514239: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:11.514240: | flags: none (0x0) Aug 26 13:09:11.514242: | length: 8 (0x8) Aug 26 13:09:11.514243: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.514245: | SPI size: 0 (0x0) Aug 26 13:09:11.514247: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:11.514249: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:11.514250: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:11.514252: | ***parse IKEv2 Notify Payload: Aug 26 13:09:11.514253: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:11.514255: | flags: none (0x0) Aug 26 13:09:11.514256: | length: 28 (0x1c) Aug 26 13:09:11.514258: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.514259: | SPI size: 0 (0x0) Aug 26 13:09:11.514261: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:11.514263: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:11.514264: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:11.514266: | ***parse IKEv2 Notify Payload: Aug 26 13:09:11.514267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.514270: | flags: none (0x0) Aug 26 13:09:11.514272: | length: 28 (0x1c) Aug 26 13:09:11.514273: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:11.514275: | SPI size: 0 (0x0) Aug 26 13:09:11.514276: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:11.514278: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:11.514280: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:09:11.514285: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:11.514287: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:11.514303: | Now let's proceed with state specific processing Aug 26 13:09:11.514307: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:11.514311: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:09:11.514328: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:09:11.514333: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:09:11.514337: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:11.514340: | local proposal 1 type PRF has 2 transforms Aug 26 13:09:11.514343: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:11.514346: | local proposal 1 type DH has 8 transforms Aug 26 13:09:11.514349: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:11.514352: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:11.514356: | local proposal 2 type ENCR has 1 transforms Aug 26 13:09:11.514358: | local proposal 2 type PRF has 2 transforms Aug 26 13:09:11.514361: | local proposal 2 type INTEG has 1 transforms Aug 26 13:09:11.514364: | local proposal 2 type DH has 8 transforms Aug 26 13:09:11.514367: | local proposal 2 type ESN has 0 transforms Aug 26 13:09:11.514371: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:09:11.514373: | local proposal 3 type ENCR has 1 transforms Aug 26 13:09:11.514376: | local proposal 3 type PRF has 2 transforms Aug 26 13:09:11.514378: | local proposal 3 type INTEG has 2 transforms Aug 26 13:09:11.514381: | local proposal 3 type DH has 8 transforms Aug 26 13:09:11.514383: | local proposal 3 type ESN has 0 transforms Aug 26 13:09:11.514387: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:11.514389: | local proposal 4 type ENCR has 1 transforms Aug 26 13:09:11.514392: | local proposal 4 type PRF has 2 transforms Aug 26 13:09:11.514395: | local proposal 4 type INTEG has 2 transforms Aug 26 13:09:11.514398: | local proposal 4 type DH has 8 transforms Aug 26 13:09:11.514400: | local proposal 4 type ESN has 0 transforms Aug 26 13:09:11.514404: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:11.514406: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:11.514409: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:11.514412: | length: 36 (0x24) Aug 26 13:09:11.514414: | prop #: 1 (0x1) Aug 26 13:09:11.514417: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:11.514420: | spi size: 0 (0x0) Aug 26 13:09:11.514422: | # transforms: 3 (0x3) Aug 26 13:09:11.514426: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:09:11.514431: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.514434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.514437: | length: 12 (0xc) Aug 26 13:09:11.514439: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:11.514442: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:09:11.514445: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:11.514448: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:11.514450: | length/value: 256 (0x100) Aug 26 13:09:11.514455: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:11.514458: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.514460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:11.514463: | length: 8 (0x8) Aug 26 13:09:11.514466: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:11.514468: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:09:11.514472: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:11.514474: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:11.514477: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:11.514479: | length: 8 (0x8) Aug 26 13:09:11.514482: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:11.514485: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:11.514488: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:11.514492: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:09:11.514497: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:09:11.514500: | remote proposal 1 matches local proposal 1 Aug 26 13:09:11.514504: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:09:11.514507: | converting proposal to internal trans attrs Aug 26 13:09:11.514525: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:09:11.514529: | natd_hash: icookie= 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.514531: | natd_hash: rcookie= 1c 7b f0 c4 c6 59 09 e5 Aug 26 13:09:11.514534: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:11.514536: | natd_hash: port=500 Aug 26 13:09:11.514539: | natd_hash: hash= 13 75 59 8a 08 e4 b9 3b 8a 86 24 63 67 bd 12 f2 Aug 26 13:09:11.514541: | natd_hash: hash= 25 d0 bb 97 Aug 26 13:09:11.514548: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:09:11.514551: | natd_hash: icookie= 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.514553: | natd_hash: rcookie= 1c 7b f0 c4 c6 59 09 e5 Aug 26 13:09:11.514555: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:11.514558: | natd_hash: port=500 Aug 26 13:09:11.514560: | natd_hash: hash= 2c 79 98 25 a3 95 2c a7 07 80 41 cc f3 5b 61 15 Aug 26 13:09:11.514562: | natd_hash: hash= 54 19 1a 29 Aug 26 13:09:11.514565: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:11.514567: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:11.514569: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:11.514573: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:09:11.514584: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:09:11.514588: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:09:11.514592: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:11.514595: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:11.514600: | libevent_free: release ptr-libevent@0x555d0dde8128 Aug 26 13:09:11.514604: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555d0dde53e8 Aug 26 13:09:11.514607: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555d0dde53e8 Aug 26 13:09:11.514611: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:11.514615: | libevent_malloc: new ptr-libevent@0x7ff0a4002888 size 128 Aug 26 13:09:11.514627: | #1 spent 0.315 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:09:11.514636: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.514640: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:09:11.514644: | suspending state #1 and saving MD Aug 26 13:09:11.514647: | #1 is busy; has a suspended MD Aug 26 13:09:11.514652: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:11.514657: | "northnet-eastnet-ipv4" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:11.514662: | stop processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:11.514668: | #1 spent 0.559 milliseconds in ikev2_process_packet() Aug 26 13:09:11.514672: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:09:11.514676: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:11.514679: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:11.514684: | spent 0.576 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:11.514697: | crypto helper 1 resuming Aug 26 13:09:11.514703: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:09:11.514707: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:09:11.515596: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:09:11.516057: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001349 seconds Aug 26 13:09:11.516068: | (#1) spent 1.36 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:09:11.516073: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:09:11.516076: | scheduling resume sending helper answer for #1 Aug 26 13:09:11.516080: | libevent_malloc: new ptr-libevent@0x7ff09c000f48 size 128 Aug 26 13:09:11.516090: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:11.516100: | processing resume sending helper answer for #1 Aug 26 13:09:11.516112: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:09:11.516118: | crypto helper 1 replies to request ID 2 Aug 26 13:09:11.516121: | calling continuation function 0x555d0be9fb50 Aug 26 13:09:11.516124: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:09:11.516132: | creating state object #2 at 0x555d0ddea998 Aug 26 13:09:11.516135: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:11.516139: | pstats #2 ikev2.child started Aug 26 13:09:11.516143: | duplicating state object #1 "northnet-eastnet-ipv4" as #2 for IPSEC SA Aug 26 13:09:11.516148: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:11.516155: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:11.516160: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:11.516166: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:11.516169: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:11.516173: | libevent_free: release ptr-libevent@0x7ff0a4002888 Aug 26 13:09:11.516176: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555d0dde53e8 Aug 26 13:09:11.516179: | event_schedule: new EVENT_SA_REPLACE-pe@0x555d0dde53e8 Aug 26 13:09:11.516185: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:09:11.516189: | libevent_malloc: new ptr-libevent@0x7ff0a4002888 size 128 Aug 26 13:09:11.516193: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:09:11.516198: | **emit ISAKMP Message: Aug 26 13:09:11.516201: | initiator cookie: Aug 26 13:09:11.516204: | 15 85 64 94 8f f5 2d 2f Aug 26 13:09:11.516206: | responder cookie: Aug 26 13:09:11.516209: | 1c 7b f0 c4 c6 59 09 e5 Aug 26 13:09:11.516212: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:11.516215: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:11.516217: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:11.516220: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:11.516223: | Message ID: 1 (0x1) Aug 26 13:09:11.516226: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:11.516229: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:11.516232: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.516235: | flags: none (0x0) Aug 26 13:09:11.516238: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:11.516241: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.516245: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:11.516255: | IKEv2 CERT: send a certificate? Aug 26 13:09:11.516257: | IKEv2 CERT: no certificate to send Aug 26 13:09:11.516260: | IDr payload will be sent Aug 26 13:09:11.516275: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:09:11.516279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.516281: | flags: none (0x0) Aug 26 13:09:11.516284: | ID type: ID_FQDN (0x2) Aug 26 13:09:11.516292: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:09:11.516299: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.516302: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:09:11.516305: | my identity 6e 6f 72 74 68 Aug 26 13:09:11.516308: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Aug 26 13:09:11.516317: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:11.516321: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:11.516323: | flags: none (0x0) Aug 26 13:09:11.516326: | ID type: ID_FQDN (0x2) Aug 26 13:09:11.516329: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:09:11.516332: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:11.516335: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.516338: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:09:11.516341: | IDr 65 61 73 74 Aug 26 13:09:11.516343: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:09:11.516346: | not sending INITIAL_CONTACT Aug 26 13:09:11.516349: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:11.516352: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:11.516355: | flags: none (0x0) Aug 26 13:09:11.516358: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:11.516361: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:11.516364: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:11.516371: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 13:09:11.516374: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 13:09:11.516378: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 13:09:11.516382: | 1: compared key (none) to @north / @east -> 002 Aug 26 13:09:11.516385: | 2: compared key (none) to @north / @east -> 002 Aug 26 13:09:11.516387: | line 1: match=002 Aug 26 13:09:11.516390: | match 002 beats previous best_match 000 match=0x555d0dcd0b58 (line=1) Aug 26 13:09:11.516393: | concluding with best_match=002 best=0x555d0dcd0b58 (lineno=1) Aug 26 13:09:11.521878: "northnet-eastnet-ipv4" #1: Can't find the certificate or private key from the NSS CKA_ID Aug 26 13:09:11.521924: | #1 spent 5.45 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:11.521931: "northnet-eastnet-ipv4" #1: Failed to find our RSA key Aug 26 13:09:11.521955: | suspend processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.521962: | start processing: state #2 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:11.521967: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_FATAL Aug 26 13:09:11.522119: | release_pending_whacks: state #2 has no whack fd Aug 26 13:09:11.522128: | release_pending_whacks: IKE SA #1 fd@24 has pending CHILD SA with socket fd@25 Aug 26 13:09:11.522132: | pstats #2 ikev2.child deleted other Aug 26 13:09:11.522137: | [RE]START processing: state #2 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:09:11.522141: "northnet-eastnet-ipv4" #2: deleting state (STATE_UNDEFINED) aged 0.006s and NOT sending notification Aug 26 13:09:11.522145: | child state #2: UNDEFINED(ignore) => delete Aug 26 13:09:11.522149: | child state #2: UNDEFINED(ignore) => CHILDSA_DEL(informational) Aug 26 13:09:11.522154: | priority calculation of connection "northnet-eastnet-ipv4" is 0xfe7e7 Aug 26 13:09:11.522162: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:09:11.522177: | raw_eroute result=success Aug 26 13:09:11.522182: | in connection_discard for connection northnet-eastnet-ipv4 Aug 26 13:09:11.522186: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:09:11.522190: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:09:11.522195: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:09:11.522202: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:11.522208: | #1 spent 6.01 milliseconds in resume sending helper answer Aug 26 13:09:11.522212: | processing: STOP state #0 (in resume_handler() at server.c:833) Aug 26 13:09:11.522216: | libevent_free: release ptr-libevent@0x7ff09c000f48 Aug 26 13:09:31.274342: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:09:31.274367: | expiring aged bare shunts from shunt table Aug 26 13:09:31.274375: | spent 0.00626 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:09:51.267382: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:09:51.267398: | expiring aged bare shunts from shunt table Aug 26 13:09:51.267403: | spent 0.00418 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:10:11.263357: | processing global timer EVENT_PENDING_DDNS Aug 26 13:10:11.263427: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:10:11.263447: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:11.263467: | elapsed time in connection_check_ddns for hostname lookup 0.000036 Aug 26 13:10:11.263495: | spent 0.0627 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:10:11.263512: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:10:11.263529: | expiring aged bare shunts from shunt table Aug 26 13:10:11.263564: | spent 0.0325 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:10:11.516854: | timer_event_cb: processing event@0x555d0dde53e8 Aug 26 13:10:11.516872: | handling event EVENT_SA_REPLACE for parent state #1 Aug 26 13:10:11.516880: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:10:11.516885: | picked newest_isakmp_sa #0 for #1 Aug 26 13:10:11.516888: | replacing stale IKE SA Aug 26 13:10:11.516894: | dup_any(fd@24) -> fd@16 (in ipsecdoi_replace() at ipsec_doi.c:310) Aug 26 13:10:11.516912: | creating state object #3 at 0x555d0de044c8 Aug 26 13:10:11.516915: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:10:11.516926: | pstats #3 ikev2.ike started Aug 26 13:10:11.516930: | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:11.516933: | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:10:11.516939: | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:11.516947: | suspend processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:11.516952: | start processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:10:11.516955: "northnet-eastnet-ipv4" #3: initiating v2 parent SA to replace #1 Aug 26 13:10:11.516985: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:11.516992: | adding ikev2_outI1 KE work-order 3 for state #3 Aug 26 13:10:11.516996: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555d0ddebab8 Aug 26 13:10:11.517000: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:10:11.517004: | libevent_malloc: new ptr-libevent@0x555d0de0d3d8 size 128 Aug 26 13:10:11.517017: | #3 spent 0.121 milliseconds in ikev2_parent_outI1() Aug 26 13:10:11.517022: | RESET processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:10:11.517027: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7ff0a4002b78 Aug 26 13:10:11.517032: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #1 Aug 26 13:10:11.517028: | crypto helper 2 resuming Aug 26 13:10:11.517051: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:10:11.517060: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 3 Aug 26 13:10:11.517037: | libevent_malloc: new ptr-libevent@0x555d0dde5508 size 128 Aug 26 13:10:11.517088: | libevent_free: release ptr-libevent@0x7ff0a4002888 Aug 26 13:10:11.517093: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555d0dde53e8 Aug 26 13:10:11.517099: | #1 spent 0.241 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:10:11.517102: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:10:11.517109: | timer_event_cb: processing event@0x7ff0a4002b78 Aug 26 13:10:11.517112: | handling event EVENT_SA_EXPIRE for parent state #1 Aug 26 13:10:11.517117: | start processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:10:11.517121: | picked newest_isakmp_sa #0 for #1 Aug 26 13:10:11.517123: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:10:11.517130: | pstats #1 ikev2.ike failed exchange-timeout Aug 26 13:10:11.517133: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:10:11.517136: | pstats #1 ikev2.ike deleted exchange-timeout Aug 26 13:10:11.517140: | #1 spent 11.1 milliseconds in total Aug 26 13:10:11.517145: | [RE]START processing: state #1 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:11.517149: "northnet-eastnet-ipv4" #1: deleting state (STATE_PARENT_I2) aged 60.009s and NOT sending notification Aug 26 13:10:11.517158: | parent state #1: PARENT_I2(open IKE SA) => delete Aug 26 13:10:11.517161: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:11.517164: | picked newest_isakmp_sa #0 for #1 Aug 26 13:10:11.517167: "northnet-eastnet-ipv4" #1: deleting IKE SA for connection 'northnet-eastnet-ipv4' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:10:11.517171: | add revival: connection 'northnet-eastnet-ipv4' added to the list and scheduled for 0 seconds Aug 26 13:10:11.517174: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:10:11.517177: | in connection_discard for connection northnet-eastnet-ipv4 Aug 26 13:10:11.517180: | State DB: deleting IKEv2 state #1 in PARENT_I2 Aug 26 13:10:11.517184: | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) Aug 26 13:10:11.517188: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:10:11.518462: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.001402 seconds Aug 26 13:10:11.518479: | (#3) spent 1.4 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) Aug 26 13:10:11.518483: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:10:11.518486: | scheduling resume sending helper answer for #3 Aug 26 13:10:11.518490: | libevent_malloc: new ptr-libevent@0x7ff0a0002888 size 128 Aug 26 13:10:11.518490: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:11.518494: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:11.518521: | libevent_free: release ptr-libevent@0x555d0dde5508 Aug 26 13:10:11.518526: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7ff0a4002b78 Aug 26 13:10:11.518530: | in statetime_stop() and could not find #1 Aug 26 13:10:11.518533: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:10:11.518539: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:10:11.518543: Initiating connection northnet-eastnet-ipv4 which received a Delete/Notify but must remain up per local policy Aug 26 13:10:11.518547: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:11.518552: | start processing: connection "northnet-eastnet-ipv4" (in initiate_a_connection() at initiate.c:186) Aug 26 13:10:11.518555: | connection 'northnet-eastnet-ipv4' +POLICY_UP Aug 26 13:10:11.518559: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:10:11.518562: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:10:11.518567: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "northnet-eastnet-ipv4" Aug 26 13:10:11.518571: | stop processing: connection "northnet-eastnet-ipv4" (in initiate_a_connection() at initiate.c:349) Aug 26 13:10:11.518577: | spent 0.0318 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:10:11.518580: | processing resume sending helper answer for #3 Aug 26 13:10:11.518585: | start processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:11.518589: | crypto helper 2 replies to request ID 3 Aug 26 13:10:11.518592: | calling continuation function 0x555d0be9fb50 Aug 26 13:10:11.518595: | ikev2_parent_outI1_continue for #3 Aug 26 13:10:11.518602: | **emit ISAKMP Message: Aug 26 13:10:11.518605: | initiator cookie: Aug 26 13:10:11.518608: | 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.518610: | responder cookie: Aug 26 13:10:11.518613: | 00 00 00 00 00 00 00 00 Aug 26 13:10:11.518620: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:11.518623: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.518626: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:11.518629: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:11.518632: | Message ID: 0 (0x0) Aug 26 13:10:11.518636: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:11.518652: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:11.518655: | Emitting ikev2_proposals ... Aug 26 13:10:11.518658: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:11.518661: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.518664: | flags: none (0x0) Aug 26 13:10:11.518668: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:11.518671: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.518674: | discarding INTEG=NONE Aug 26 13:10:11.518677: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.518680: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.518682: | prop #: 1 (0x1) Aug 26 13:10:11.518685: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:11.518688: | spi size: 0 (0x0) Aug 26 13:10:11.518690: | # transforms: 11 (0xb) Aug 26 13:10:11.518694: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.518697: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518702: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.518705: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.518708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518711: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.518714: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.518717: | length/value: 256 (0x100) Aug 26 13:10:11.518720: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.518723: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518728: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.518731: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:11.518734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518740: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518743: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518745: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518748: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.518751: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:11.518755: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518761: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518764: | discarding INTEG=NONE Aug 26 13:10:11.518766: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518774: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.518777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518783: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518785: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518790: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518793: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:11.518796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518802: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518804: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518812: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:11.518815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518821: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518823: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518826: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518828: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518831: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:11.518834: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518840: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518842: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518850: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:11.518853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518858: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518861: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518870: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:11.518873: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518879: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518889: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:11.518892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518898: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518900: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518903: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.518905: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.518908: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:11.518911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518917: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518920: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:11.518923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.518925: | discarding INTEG=NONE Aug 26 13:10:11.518928: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.518930: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.518933: | prop #: 2 (0x2) Aug 26 13:10:11.518936: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:11.518938: | spi size: 0 (0x0) Aug 26 13:10:11.518941: | # transforms: 11 (0xb) Aug 26 13:10:11.518944: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.518947: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.518950: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518955: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.518958: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.518961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518963: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.518966: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.518968: | length/value: 128 (0x80) Aug 26 13:10:11.518971: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.518974: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518976: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518979: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.518982: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:11.518985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.518990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.518993: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.518995: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.518998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519000: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.519003: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:11.519006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519009: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519012: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519014: | discarding INTEG=NONE Aug 26 13:10:11.519017: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519019: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519022: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519024: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.519027: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519030: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519033: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519036: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519041: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519043: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:11.519046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519049: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519052: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519055: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519057: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519062: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:11.519065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519071: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519074: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519076: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519079: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519081: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:11.519084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519087: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519090: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519093: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519102: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:11.519105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519110: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519113: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519118: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519121: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:11.519124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519129: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519132: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519137: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519140: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:11.519143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519146: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519148: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519151: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519153: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.519156: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519159: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:11.519162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519170: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:10:11.519173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.519176: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.519179: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.519181: | prop #: 3 (0x3) Aug 26 13:10:11.519184: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:11.519186: | spi size: 0 (0x0) Aug 26 13:10:11.519189: | # transforms: 13 (0xd) Aug 26 13:10:11.519192: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.519195: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.519198: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519203: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.519206: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:11.519208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519212: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.519215: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.519218: | length/value: 256 (0x100) Aug 26 13:10:11.519220: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.519223: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519228: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.519232: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:11.519236: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519241: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519246: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519250: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519259: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.519264: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:11.519268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519277: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519282: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519306: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.519312: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:11.519317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519328: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519332: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519336: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519341: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.519345: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:11.519350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519359: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519371: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519375: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.519379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519388: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519392: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519407: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:11.519413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519421: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519426: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519430: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519434: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519438: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:11.519443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519451: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519456: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519464: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519469: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:11.519473: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519482: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519486: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519499: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:11.519504: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519513: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519517: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519526: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519530: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:11.519536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519545: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519550: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519558: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519562: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:11.519567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519577: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519581: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519588: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.519592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519597: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:11.519602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519615: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:11.519621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.519626: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.519631: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:11.519635: | prop #: 4 (0x4) Aug 26 13:10:11.519640: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:11.519643: | spi size: 0 (0x0) Aug 26 13:10:11.519648: | # transforms: 13 (0xd) Aug 26 13:10:11.519653: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:10:11.519658: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:11.519663: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519672: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.519676: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:11.519681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519686: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.519690: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.519695: | length/value: 128 (0x80) Aug 26 13:10:11.519700: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:11.519704: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519713: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.519718: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:11.519722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519731: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519735: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519744: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.519748: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:11.519754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519763: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519767: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519776: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.519780: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:11.519785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519797: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519802: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519810: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:11.519814: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:11.519818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519823: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519827: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519832: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519844: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.519849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519857: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519862: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519870: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519875: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:11.519879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519888: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519892: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519904: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:10:11.519909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519919: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519923: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519932: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519936: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:10:11.519941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519950: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519954: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.519970: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:10:11.519975: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.519984: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.519988: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.519993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.519997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.520001: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:10:11.520007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.520012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.520016: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.520020: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.520025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.520029: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.520034: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:10:11.520039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.520044: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.520049: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.520054: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:11.520059: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.520063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.520067: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:10:11.520073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.520078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:11.520083: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:11.520087: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:10:11.520092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:11.520097: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:10:11.520102: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:11.520107: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:11.520112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.520117: | flags: none (0x0) Aug 26 13:10:11.520122: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.520128: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:11.520133: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.520139: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:11.520144: | ikev2 g^x 7f e5 3f 05 fa ab e7 21 ac 84 da 3d ee 06 0c 11 Aug 26 13:10:11.520149: | ikev2 g^x 53 0a 11 e6 4d 80 2c 45 9c a3 d3 be c7 c5 32 f4 Aug 26 13:10:11.520153: | ikev2 g^x 56 af 76 3c 15 fe 7e 96 08 06 c0 7c 22 50 ce 34 Aug 26 13:10:11.520160: | ikev2 g^x ea fe 99 6e 83 04 f7 69 79 52 1b ed c7 32 5c 97 Aug 26 13:10:11.520164: | ikev2 g^x a8 8f ae b4 89 09 2a 6b 35 3f 43 ec 99 ec c4 66 Aug 26 13:10:11.520169: | ikev2 g^x e8 25 63 79 69 23 2f b1 11 8f c7 f3 18 ff 48 56 Aug 26 13:10:11.520173: | ikev2 g^x b0 2d 07 a2 56 cd ab db 99 ac 31 8a 2d 04 56 2b Aug 26 13:10:11.520177: | ikev2 g^x 79 27 2a 93 5b d9 99 f0 7f 09 80 cc d0 d2 64 4a Aug 26 13:10:11.520181: | ikev2 g^x 05 9a 6c 47 da 9f 30 b1 85 ff c9 3a 7a 0c c2 92 Aug 26 13:10:11.520185: | ikev2 g^x 22 9c 8a 80 d9 cc 28 02 8c be 00 1f 14 96 3b 72 Aug 26 13:10:11.520190: | ikev2 g^x 7b 9a 95 4a 11 05 79 66 0d c7 f3 4f 38 66 78 29 Aug 26 13:10:11.520195: | ikev2 g^x 9d b4 66 45 1a e5 91 12 c3 28 0a 15 bb 37 93 1b Aug 26 13:10:11.520199: | ikev2 g^x b9 81 0c 21 e6 db 23 29 16 7a a7 e6 0b 81 8a c2 Aug 26 13:10:11.520203: | ikev2 g^x 48 00 06 fb 8c 7b 37 9e d3 3f ad 48 e4 dc 8b 92 Aug 26 13:10:11.520207: | ikev2 g^x 94 21 13 f7 a1 04 75 3f 00 5f e7 4a b5 ba 60 d5 Aug 26 13:10:11.520211: | ikev2 g^x 76 84 33 2d bb a9 9c 52 5f 48 ef 94 93 18 e4 de Aug 26 13:10:11.520215: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:11.520220: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:11.520225: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:11.520230: | flags: none (0x0) Aug 26 13:10:11.520235: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:11.520241: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:11.520247: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.520252: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:11.520257: | IKEv2 nonce 55 cd ac 1c ec 15 0c 13 ae 41 5d b7 fa de 8c 10 Aug 26 13:10:11.520261: | IKEv2 nonce 4e 4c 64 c4 a0 80 fc 40 a1 85 25 d6 12 de fa 48 Aug 26 13:10:11.520266: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:11.520270: | Adding a v2N Payload Aug 26 13:10:11.520274: | ***emit IKEv2 Notify Payload: Aug 26 13:10:11.520279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.520283: | flags: none (0x0) Aug 26 13:10:11.520287: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.520303: | SPI size: 0 (0x0) Aug 26 13:10:11.520308: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:11.520313: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:11.520319: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.520323: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:11.520329: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:11.520337: | natd_hash: rcookie is zero Aug 26 13:10:11.520355: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:10:11.520360: | natd_hash: icookie= 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.520364: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:11.520368: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:11.520372: | natd_hash: port=500 Aug 26 13:10:11.520377: | natd_hash: hash= c9 97 a4 cd a7 d3 00 26 d3 91 24 43 33 87 c4 91 Aug 26 13:10:11.520381: | natd_hash: hash= e2 d2 88 3b Aug 26 13:10:11.520385: | Adding a v2N Payload Aug 26 13:10:11.520389: | ***emit IKEv2 Notify Payload: Aug 26 13:10:11.520394: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.520398: | flags: none (0x0) Aug 26 13:10:11.520402: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.520406: | SPI size: 0 (0x0) Aug 26 13:10:11.520411: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:11.520416: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:11.520424: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.520429: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:11.520434: | Notify data c9 97 a4 cd a7 d3 00 26 d3 91 24 43 33 87 c4 91 Aug 26 13:10:11.520436: | Notify data e2 d2 88 3b Aug 26 13:10:11.520439: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:11.520441: | natd_hash: rcookie is zero Aug 26 13:10:11.520450: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:10:11.520453: | natd_hash: icookie= 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.520456: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:11.520458: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:11.520460: | natd_hash: port=500 Aug 26 13:10:11.520463: | natd_hash: hash= 93 a5 ed 9b 6c bf 84 d7 0b 5c 70 7f a6 1b 62 a0 Aug 26 13:10:11.520466: | natd_hash: hash= e6 fe e6 b6 Aug 26 13:10:11.520468: | Adding a v2N Payload Aug 26 13:10:11.520471: | ***emit IKEv2 Notify Payload: Aug 26 13:10:11.520473: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.520476: | flags: none (0x0) Aug 26 13:10:11.520478: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.520481: | SPI size: 0 (0x0) Aug 26 13:10:11.520484: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:11.520487: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:11.520490: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.520493: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:11.520495: | Notify data 93 a5 ed 9b 6c bf 84 d7 0b 5c 70 7f a6 1b 62 a0 Aug 26 13:10:11.520498: | Notify data e6 fe e6 b6 Aug 26 13:10:11.520500: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:11.520503: | emitting length of ISAKMP Message: 828 Aug 26 13:10:11.520510: | stop processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:10:11.520517: | start processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.520521: | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:10:11.520524: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:10:11.520528: | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:10:11.520531: | Message ID: updating counters for #3 to 4294967295 after switching state Aug 26 13:10:11.520534: | Message ID: IKE #3 skipping update_recv as MD is fake Aug 26 13:10:11.520539: | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:11.520543: "northnet-eastnet-ipv4" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:11.520556: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:10:11.520563: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Aug 26 13:10:11.520566: | 50 bc 4c 7d d5 32 bf f3 00 00 00 00 00 00 00 00 Aug 26 13:10:11.520569: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:10:11.520571: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:10:11.520573: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:10:11.520576: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:10:11.520578: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:10:11.520581: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:10:11.520583: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:10:11.520585: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:10:11.520588: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:10:11.520590: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:10:11.520595: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:10:11.520597: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:10:11.520600: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:10:11.520602: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:10:11.520605: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:10:11.520607: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:11.520610: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:10:11.520612: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:10:11.520614: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:10:11.520617: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:10:11.520619: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:10:11.520622: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:10:11.520624: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:10:11.520626: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:10:11.520629: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:10:11.520631: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:10:11.520635: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:10:11.520639: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:10:11.520643: | 28 00 01 08 00 0e 00 00 7f e5 3f 05 fa ab e7 21 Aug 26 13:10:11.520646: | ac 84 da 3d ee 06 0c 11 53 0a 11 e6 4d 80 2c 45 Aug 26 13:10:11.520649: | 9c a3 d3 be c7 c5 32 f4 56 af 76 3c 15 fe 7e 96 Aug 26 13:10:11.520653: | 08 06 c0 7c 22 50 ce 34 ea fe 99 6e 83 04 f7 69 Aug 26 13:10:11.520656: | 79 52 1b ed c7 32 5c 97 a8 8f ae b4 89 09 2a 6b Aug 26 13:10:11.520660: | 35 3f 43 ec 99 ec c4 66 e8 25 63 79 69 23 2f b1 Aug 26 13:10:11.520664: | 11 8f c7 f3 18 ff 48 56 b0 2d 07 a2 56 cd ab db Aug 26 13:10:11.520668: | 99 ac 31 8a 2d 04 56 2b 79 27 2a 93 5b d9 99 f0 Aug 26 13:10:11.520671: | 7f 09 80 cc d0 d2 64 4a 05 9a 6c 47 da 9f 30 b1 Aug 26 13:10:11.520675: | 85 ff c9 3a 7a 0c c2 92 22 9c 8a 80 d9 cc 28 02 Aug 26 13:10:11.520678: | 8c be 00 1f 14 96 3b 72 7b 9a 95 4a 11 05 79 66 Aug 26 13:10:11.520682: | 0d c7 f3 4f 38 66 78 29 9d b4 66 45 1a e5 91 12 Aug 26 13:10:11.520686: | c3 28 0a 15 bb 37 93 1b b9 81 0c 21 e6 db 23 29 Aug 26 13:10:11.520690: | 16 7a a7 e6 0b 81 8a c2 48 00 06 fb 8c 7b 37 9e Aug 26 13:10:11.520693: | d3 3f ad 48 e4 dc 8b 92 94 21 13 f7 a1 04 75 3f Aug 26 13:10:11.520697: | 00 5f e7 4a b5 ba 60 d5 76 84 33 2d bb a9 9c 52 Aug 26 13:10:11.520701: | 5f 48 ef 94 93 18 e4 de 29 00 00 24 55 cd ac 1c Aug 26 13:10:11.520705: | ec 15 0c 13 ae 41 5d b7 fa de 8c 10 4e 4c 64 c4 Aug 26 13:10:11.520708: | a0 80 fc 40 a1 85 25 d6 12 de fa 48 29 00 00 08 Aug 26 13:10:11.520712: | 00 00 40 2e 29 00 00 1c 00 00 40 04 c9 97 a4 cd Aug 26 13:10:11.520716: | a7 d3 00 26 d3 91 24 43 33 87 c4 91 e2 d2 88 3b Aug 26 13:10:11.520719: | 00 00 00 1c 00 00 40 05 93 a5 ed 9b 6c bf 84 d7 Aug 26 13:10:11.520723: | 0b 5c 70 7f a6 1b 62 a0 e6 fe e6 b6 Aug 26 13:10:11.520792: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:11.520802: | libevent_free: release ptr-libevent@0x555d0de0d3d8 Aug 26 13:10:11.520809: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555d0ddebab8 Aug 26 13:10:11.520814: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:10:11.520818: | event_schedule: new EVENT_RETRANSMIT-pe@0x555d0ddebab8 Aug 26 13:10:11.520823: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:10:11.520826: | libevent_malloc: new ptr-libevent@0x7ff0a4003878 size 128 Aug 26 13:10:11.520832: | #3 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10297.263284 Aug 26 13:10:11.520836: | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD Aug 26 13:10:11.520846: | #3 spent 2.2 milliseconds in resume sending helper answer Aug 26 13:10:11.520852: | stop processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:10:11.520855: | libevent_free: release ptr-libevent@0x7ff0a0002888 Aug 26 13:10:11.523985: | spent 0.00325 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:11.524015: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:11.524021: | 50 bc 4c 7d d5 32 bf f3 c5 28 39 f9 3f 2a 25 a1 Aug 26 13:10:11.524026: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:10:11.524030: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:10:11.524035: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:10:11.524039: | 04 00 00 0e 28 00 01 08 00 0e 00 00 52 c2 de d5 Aug 26 13:10:11.524043: | 52 d0 a4 55 8c d8 0d b0 60 22 85 06 1c 08 ea 1c Aug 26 13:10:11.524047: | 92 15 60 45 a3 ce 0d ed a1 81 ac 95 fd 4e 7e 35 Aug 26 13:10:11.524051: | 35 bf 0e 71 f7 57 bc 62 c3 d6 90 02 2a 7c 88 4a Aug 26 13:10:11.524055: | e6 6a c6 f6 f8 5e dc 25 89 5a 9c dd ea 11 22 03 Aug 26 13:10:11.524059: | 60 91 02 e2 f1 1c 51 ba 81 6c c8 6d 28 5d 83 73 Aug 26 13:10:11.524063: | 0d 05 ee fb f7 3a 38 f8 c8 02 0b ee 1a eb 38 56 Aug 26 13:10:11.524068: | 6e 7b c6 d3 c4 c7 ba c2 56 5a 4b a0 ac 2f 06 85 Aug 26 13:10:11.524072: | 40 de 55 c4 75 64 78 4d 16 a6 1e b6 c6 bd 8e b8 Aug 26 13:10:11.524077: | 6a 2a d9 c9 52 6e 7f 37 31 9c d8 95 d9 a9 55 4f Aug 26 13:10:11.524081: | b6 cb 1d 50 47 ea c4 52 48 a4 f1 22 dd 1d ed 94 Aug 26 13:10:11.524085: | 61 7a 75 38 38 7e a6 a6 b5 27 2c 14 e3 5a 1b ad Aug 26 13:10:11.524089: | 5a 5e 1d 49 5e 65 c5 e0 2c 75 cb 2e ca 80 51 75 Aug 26 13:10:11.524093: | ed bf 8f d5 39 fd 0e 0a 75 be 79 5f b9 28 33 ef Aug 26 13:10:11.524098: | 68 b8 a8 52 ed 9d 8b ee 9f d0 30 14 ad 61 52 1a Aug 26 13:10:11.524102: | be cd 52 7c 0d a9 83 15 9f 7e 0a 4f 26 18 00 05 Aug 26 13:10:11.524106: | 95 8d 3b 1f 57 7c 44 36 10 30 db 1b 29 00 00 24 Aug 26 13:10:11.524110: | 94 17 87 23 9e 38 a2 7c 60 10 fb 6c 38 6b 46 63 Aug 26 13:10:11.524115: | 68 68 85 f7 28 ca d2 e2 88 75 ae af 5a 7f 0c 65 Aug 26 13:10:11.524118: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:10:11.524122: | 96 0d 0a 50 c2 34 8a 04 8d 05 33 57 c4 3e 7e 89 Aug 26 13:10:11.524127: | da a7 16 b8 00 00 00 1c 00 00 40 05 ff 7d 84 46 Aug 26 13:10:11.524131: | b2 af ef b9 03 4c 74 15 cd 7c df 6e 87 13 71 79 Aug 26 13:10:11.524139: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:11.524145: | **parse ISAKMP Message: Aug 26 13:10:11.524150: | initiator cookie: Aug 26 13:10:11.524154: | 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.524158: | responder cookie: Aug 26 13:10:11.524162: | c5 28 39 f9 3f 2a 25 a1 Aug 26 13:10:11.524167: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:11.524172: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.524177: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:11.524182: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:11.524187: | Message ID: 0 (0x0) Aug 26 13:10:11.524191: | length: 432 (0x1b0) Aug 26 13:10:11.524196: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:10:11.524202: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:10:11.524208: | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:10:11.524220: | start processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:11.524228: | [RE]START processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:11.524233: | #3 is idle Aug 26 13:10:11.524243: | #3 idle Aug 26 13:10:11.524248: | unpacking clear payload Aug 26 13:10:11.524252: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:11.524257: | ***parse IKEv2 Security Association Payload: Aug 26 13:10:11.524262: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:11.524266: | flags: none (0x0) Aug 26 13:10:11.524271: | length: 40 (0x28) Aug 26 13:10:11.524275: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:10:11.524279: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:11.524284: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:10:11.524294: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:11.524299: | flags: none (0x0) Aug 26 13:10:11.524303: | length: 264 (0x108) Aug 26 13:10:11.524306: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.524310: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:10:11.524314: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:11.524318: | ***parse IKEv2 Nonce Payload: Aug 26 13:10:11.524326: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:11.524330: | flags: none (0x0) Aug 26 13:10:11.524334: | length: 36 (0x24) Aug 26 13:10:11.524338: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:11.524342: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:11.524347: | ***parse IKEv2 Notify Payload: Aug 26 13:10:11.524351: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:11.524357: | flags: none (0x0) Aug 26 13:10:11.524361: | length: 8 (0x8) Aug 26 13:10:11.524365: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.524369: | SPI size: 0 (0x0) Aug 26 13:10:11.524374: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:11.524378: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:10:11.524382: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:11.524387: | ***parse IKEv2 Notify Payload: Aug 26 13:10:11.524391: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:11.524395: | flags: none (0x0) Aug 26 13:10:11.524400: | length: 28 (0x1c) Aug 26 13:10:11.524403: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.524407: | SPI size: 0 (0x0) Aug 26 13:10:11.524411: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:11.524415: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:11.524419: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:11.524423: | ***parse IKEv2 Notify Payload: Aug 26 13:10:11.524428: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.524432: | flags: none (0x0) Aug 26 13:10:11.524436: | length: 28 (0x1c) Aug 26 13:10:11.524440: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:11.524444: | SPI size: 0 (0x0) Aug 26 13:10:11.524448: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:11.524453: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:11.524458: | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] Aug 26 13:10:11.524464: | #3 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:10:11.524469: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:11.524473: | Now let's proceed with state specific processing Aug 26 13:10:11.524478: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:10:11.524484: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:10:11.524513: | using existing local IKE proposals for connection northnet-eastnet-ipv4 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:10:11.524523: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:10:11.524530: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:11.524534: | local proposal 1 type PRF has 2 transforms Aug 26 13:10:11.524539: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:11.524543: | local proposal 1 type DH has 8 transforms Aug 26 13:10:11.524548: | local proposal 1 type ESN has 0 transforms Aug 26 13:10:11.524554: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:11.524559: | local proposal 2 type ENCR has 1 transforms Aug 26 13:10:11.524564: | local proposal 2 type PRF has 2 transforms Aug 26 13:10:11.524568: | local proposal 2 type INTEG has 1 transforms Aug 26 13:10:11.524573: | local proposal 2 type DH has 8 transforms Aug 26 13:10:11.524578: | local proposal 2 type ESN has 0 transforms Aug 26 13:10:11.524583: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:10:11.524587: | local proposal 3 type ENCR has 1 transforms Aug 26 13:10:11.524591: | local proposal 3 type PRF has 2 transforms Aug 26 13:10:11.524596: | local proposal 3 type INTEG has 2 transforms Aug 26 13:10:11.524600: | local proposal 3 type DH has 8 transforms Aug 26 13:10:11.524605: | local proposal 3 type ESN has 0 transforms Aug 26 13:10:11.524610: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:11.524616: | local proposal 4 type ENCR has 1 transforms Aug 26 13:10:11.524620: | local proposal 4 type PRF has 2 transforms Aug 26 13:10:11.524625: | local proposal 4 type INTEG has 2 transforms Aug 26 13:10:11.524629: | local proposal 4 type DH has 8 transforms Aug 26 13:10:11.524633: | local proposal 4 type ESN has 0 transforms Aug 26 13:10:11.524639: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:11.524644: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:11.524649: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:11.524654: | length: 36 (0x24) Aug 26 13:10:11.524658: | prop #: 1 (0x1) Aug 26 13:10:11.524663: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:11.524667: | spi size: 0 (0x0) Aug 26 13:10:11.524672: | # transforms: 3 (0x3) Aug 26 13:10:11.524678: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:10:11.524684: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:11.524689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.524693: | length: 12 (0xc) Aug 26 13:10:11.524697: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:11.524702: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:10:11.524707: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:11.524713: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:11.524717: | length/value: 256 (0x100) Aug 26 13:10:11.524725: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:11.524731: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:11.524736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:11.524740: | length: 8 (0x8) Aug 26 13:10:11.524744: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:11.524749: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:10:11.524755: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:10:11.524761: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:11.524766: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:11.524770: | length: 8 (0x8) Aug 26 13:10:11.524775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:11.524779: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:11.524785: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:11.524795: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:10:11.524803: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:10:11.524809: | remote proposal 1 matches local proposal 1 Aug 26 13:10:11.524814: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:10:11.524819: | converting proposal to internal trans attrs Aug 26 13:10:11.524844: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:10:11.524851: | natd_hash: icookie= 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.524856: | natd_hash: rcookie= c5 28 39 f9 3f 2a 25 a1 Aug 26 13:10:11.524860: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:11.524864: | natd_hash: port=500 Aug 26 13:10:11.524869: | natd_hash: hash= ff 7d 84 46 b2 af ef b9 03 4c 74 15 cd 7c df 6e Aug 26 13:10:11.524873: | natd_hash: hash= 87 13 71 79 Aug 26 13:10:11.524886: | natd_hash: hasher=0x555d0bf74800(20) Aug 26 13:10:11.524892: | natd_hash: icookie= 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.524897: | natd_hash: rcookie= c5 28 39 f9 3f 2a 25 a1 Aug 26 13:10:11.524901: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:11.524904: | natd_hash: port=500 Aug 26 13:10:11.524908: | natd_hash: hash= 96 0d 0a 50 c2 34 8a 04 8d 05 33 57 c4 3e 7e 89 Aug 26 13:10:11.524912: | natd_hash: hash= da a7 16 b8 Aug 26 13:10:11.524917: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:10:11.524921: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:10:11.524926: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:10:11.524933: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:10:11.524940: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:10:11.524947: | adding ikev2_inR1outI2 KE work-order 4 for state #3 Aug 26 13:10:11.524953: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:10:11.524958: | #3 STATE_PARENT_I1: retransmits: cleared Aug 26 13:10:11.524964: | libevent_free: release ptr-libevent@0x7ff0a4003878 Aug 26 13:10:11.524971: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555d0ddebab8 Aug 26 13:10:11.524976: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555d0ddebab8 Aug 26 13:10:11.524983: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:10:11.524989: | libevent_malloc: new ptr-libevent@0x7ff0a0002888 size 128 Aug 26 13:10:11.525008: | #3 spent 0.52 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:10:11.525015: | crypto helper 3 resuming Aug 26 13:10:11.525019: | [RE]START processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.525043: | crypto helper 3 starting work-order 4 for state #3 Aug 26 13:10:11.525065: | #3 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:10:11.525079: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 4 Aug 26 13:10:11.525083: | suspending state #3 and saving MD Aug 26 13:10:11.525090: | #3 is busy; has a suspended MD Aug 26 13:10:11.525098: | [RE]START processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:11.525104: | "northnet-eastnet-ipv4" #3 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:11.525112: | stop processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:11.525120: | #3 spent 1.1 milliseconds in ikev2_process_packet() Aug 26 13:10:11.525128: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:11.525133: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:11.525138: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:11.525148: | spent 1.13 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:11.526587: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:10:11.527001: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 4 time elapsed 0.001922 seconds Aug 26 13:10:11.527013: | (#3) spent 1.91 milliseconds in crypto helper computing work-order 4: ikev2_inR1outI2 KE (pcr) Aug 26 13:10:11.527017: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 13:10:11.527020: | scheduling resume sending helper answer for #3 Aug 26 13:10:11.527024: | libevent_malloc: new ptr-libevent@0x7ff094000f48 size 128 Aug 26 13:10:11.527036: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:11.527055: | processing resume sending helper answer for #3 Aug 26 13:10:11.527076: | start processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:10:11.527086: | crypto helper 3 replies to request ID 4 Aug 26 13:10:11.527091: | calling continuation function 0x555d0be9fb50 Aug 26 13:10:11.527097: | ikev2_parent_inR1outI2_continue for #3: calculating g^{xy}, sending I2 Aug 26 13:10:11.527106: | creating state object #4 at 0x555d0ddea998 Aug 26 13:10:11.527111: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:10:11.527118: | pstats #4 ikev2.child started Aug 26 13:10:11.527124: | duplicating state object #3 "northnet-eastnet-ipv4" as #4 for IPSEC SA Aug 26 13:10:11.527133: | #4 setting local endpoint to 192.1.3.33:500 from #3.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:11.527145: | Message ID: init_child #3.#4; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:11.527153: | Message ID: switch-from #3 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:10:11.527162: | Message ID: switch-to #3.#4 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:11.527168: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:11.527174: | libevent_free: release ptr-libevent@0x7ff0a0002888 Aug 26 13:10:11.527179: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555d0ddebab8 Aug 26 13:10:11.527185: | event_schedule: new EVENT_SA_REPLACE-pe@0x555d0ddebab8 Aug 26 13:10:11.527191: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #3 Aug 26 13:10:11.527197: | libevent_malloc: new ptr-libevent@0x7ff0a0002888 size 128 Aug 26 13:10:11.527204: | parent state #3: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:10:11.527213: | **emit ISAKMP Message: Aug 26 13:10:11.527218: | initiator cookie: Aug 26 13:10:11.527222: | 50 bc 4c 7d d5 32 bf f3 Aug 26 13:10:11.527226: | responder cookie: Aug 26 13:10:11.527230: | c5 28 39 f9 3f 2a 25 a1 Aug 26 13:10:11.527235: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:11.527240: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:11.527246: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:11.527251: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:11.527256: | Message ID: 1 (0x1) Aug 26 13:10:11.527261: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:11.527266: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:11.527271: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.527275: | flags: none (0x0) Aug 26 13:10:11.527281: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:11.527287: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.527314: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:11.527335: | IKEv2 CERT: send a certificate? Aug 26 13:10:11.527340: | IKEv2 CERT: no certificate to send Aug 26 13:10:11.527345: | IDr payload will be sent Aug 26 13:10:11.527372: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:10:11.527378: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.527383: | flags: none (0x0) Aug 26 13:10:11.527387: | ID type: ID_FQDN (0x2) Aug 26 13:10:11.527393: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:10:11.527398: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.527404: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:10:11.527408: | my identity 6e 6f 72 74 68 Aug 26 13:10:11.527412: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Aug 26 13:10:11.527426: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:10:11.527431: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:11.527434: | flags: none (0x0) Aug 26 13:10:11.527438: | ID type: ID_FQDN (0x2) Aug 26 13:10:11.527442: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:10:11.527447: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:10:11.527451: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.527456: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:10:11.527460: | IDr 65 61 73 74 Aug 26 13:10:11.527464: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:10:11.527468: | not sending INITIAL_CONTACT Aug 26 13:10:11.527472: | ****emit IKEv2 Authentication Payload: Aug 26 13:10:11.527477: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:11.527480: | flags: none (0x0) Aug 26 13:10:11.527485: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:11.527490: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:10:11.527495: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:10:11.527503: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:11.527508: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:11.527513: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 13:10:11.527520: | 1: compared key (none) to @north / @east -> 002 Aug 26 13:10:11.527525: | 2: compared key (none) to @north / @east -> 002 Aug 26 13:10:11.527529: | line 1: match=002 Aug 26 13:10:11.527534: | match 002 beats previous best_match 000 match=0x555d0dcd0b58 (line=1) Aug 26 13:10:11.527539: | concluding with best_match=002 best=0x555d0dcd0b58 (lineno=1) Aug 26 13:10:11.534334: "northnet-eastnet-ipv4" #3: Can't find the certificate or private key from the NSS CKA_ID Aug 26 13:10:11.534377: | #3 spent 6.67 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:10:11.534386: "northnet-eastnet-ipv4" #3: Failed to find our RSA key Aug 26 13:10:11.534402: | suspend processing: state #3 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.534411: | start processing: state #4 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:11.534420: | #4 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_FATAL Aug 26 13:10:11.534960: | release_pending_whacks: state #4 has no whack fd Aug 26 13:10:11.534984: | release_pending_whacks: IKE SA #3 fd@16 has pending CHILD SA with socket fd@25 Aug 26 13:10:11.534991: | pstats #4 ikev2.child deleted other Aug 26 13:10:11.535002: | [RE]START processing: state #4 connection "northnet-eastnet-ipv4" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:10:11.535011: "northnet-eastnet-ipv4" #4: deleting state (STATE_UNDEFINED) aged 0.007s and NOT sending notification Aug 26 13:10:11.535017: | child state #4: UNDEFINED(ignore) => delete Aug 26 13:10:11.535024: | child state #4: UNDEFINED(ignore) => CHILDSA_DEL(informational) Aug 26 13:10:11.535033: | priority calculation of connection "northnet-eastnet-ipv4" is 0xfe7e7 Aug 26 13:10:11.535049: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:10:11.535073: | raw_eroute result=success Aug 26 13:10:11.535079: | in connection_discard for connection northnet-eastnet-ipv4 Aug 26 13:10:11.535083: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Aug 26 13:10:11.535087: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:10:11.535093: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:10:11.535109: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:10:11.535122: | #3 spent 7.87 milliseconds in resume sending helper answer Aug 26 13:10:11.535128: | processing: STOP state #0 (in resume_handler() at server.c:833) Aug 26 13:10:11.535137: | libevent_free: release ptr-libevent@0x7ff094000f48