Aug 26 13:14:50.434255: FIPS Product: YES Aug 26 13:14:50.434351: FIPS Kernel: NO Aug 26 13:14:50.434354: FIPS Mode: NO Aug 26 13:14:50.434356: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:14:50.434463: Initializing NSS Aug 26 13:14:50.434469: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:14:50.460128: NSS initialized Aug 26 13:14:50.460143: NSS crypto library initialized Aug 26 13:14:50.460145: FIPS HMAC integrity support [enabled] Aug 26 13:14:50.460146: FIPS mode disabled for pluto daemon Aug 26 13:14:50.490974: FIPS HMAC integrity verification self-test FAILED Aug 26 13:14:50.491061: libcap-ng support [enabled] Aug 26 13:14:50.491070: Linux audit support [enabled] Aug 26 13:14:50.491088: Linux audit activated Aug 26 13:14:50.491093: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16358 Aug 26 13:14:50.491095: core dump dir: /tmp Aug 26 13:14:50.491097: secrets file: /etc/ipsec.secrets Aug 26 13:14:50.491098: leak-detective enabled Aug 26 13:14:50.491100: NSS crypto [enabled] Aug 26 13:14:50.491101: XAUTH PAM support [enabled] Aug 26 13:14:50.491158: | libevent is using pluto's memory allocator Aug 26 13:14:50.491163: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:14:50.491178: | libevent_malloc: new ptr-libevent@0x559645b407f8 size 40 Aug 26 13:14:50.491181: | libevent_malloc: new ptr-libevent@0x559645b40cd8 size 40 Aug 26 13:14:50.491183: | libevent_malloc: new ptr-libevent@0x559645b40dd8 size 40 Aug 26 13:14:50.491184: | creating event base Aug 26 13:14:50.491187: | libevent_malloc: new ptr-libevent@0x559645bc54b8 size 56 Aug 26 13:14:50.491190: | libevent_malloc: new ptr-libevent@0x559645b69b98 size 664 Aug 26 13:14:50.491199: | libevent_malloc: new ptr-libevent@0x559645bc5528 size 24 Aug 26 13:14:50.491201: | libevent_malloc: new ptr-libevent@0x559645bc5578 size 384 Aug 26 13:14:50.491208: | libevent_malloc: new ptr-libevent@0x559645bc5478 size 16 Aug 26 13:14:50.491210: | libevent_malloc: new ptr-libevent@0x559645b40908 size 40 Aug 26 13:14:50.491212: | libevent_malloc: new ptr-libevent@0x559645b40d38 size 48 Aug 26 13:14:50.491216: | libevent_realloc: new ptr-libevent@0x559645b6a698 size 256 Aug 26 13:14:50.491218: | libevent_malloc: new ptr-libevent@0x559645bc5728 size 16 Aug 26 13:14:50.491222: | libevent_free: release ptr-libevent@0x559645bc54b8 Aug 26 13:14:50.491224: | libevent initialized Aug 26 13:14:50.491227: | libevent_realloc: new ptr-libevent@0x559645bc54b8 size 64 Aug 26 13:14:50.491230: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:14:50.491243: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:14:50.491245: NAT-Traversal support [enabled] Aug 26 13:14:50.491247: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:14:50.491257: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:14:50.491259: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:14:50.491286: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:14:50.491298: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:14:50.491302: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:14:50.491335: Encryption algorithms: Aug 26 13:14:50.491341: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:14:50.491344: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:14:50.491346: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:14:50.491349: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:14:50.491351: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:14:50.491358: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:14:50.491360: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:14:50.491362: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:14:50.491365: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:14:50.491367: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:14:50.491369: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:14:50.491371: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:14:50.491373: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:14:50.491376: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:14:50.491378: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:14:50.491380: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:14:50.491384: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:14:50.491391: Hash algorithms: Aug 26 13:14:50.491394: MD5 IKEv1: IKE IKEv2: Aug 26 13:14:50.491396: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:14:50.491398: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:14:50.491400: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:14:50.491402: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:14:50.491410: PRF algorithms: Aug 26 13:14:50.491412: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:14:50.491414: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:14:50.491416: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:14:50.491418: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:14:50.491420: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:14:50.491422: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:14:50.491438: Integrity algorithms: Aug 26 13:14:50.491440: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:14:50.491442: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:14:50.491445: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:14:50.491447: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:14:50.491450: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:14:50.491452: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:14:50.491454: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:14:50.491456: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:14:50.491458: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:14:50.491465: DH algorithms: Aug 26 13:14:50.491467: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:14:50.491469: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:14:50.491471: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:14:50.491475: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:14:50.491477: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:14:50.491479: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:14:50.491481: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:14:50.491482: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:14:50.491484: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:14:50.491486: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:14:50.491488: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:14:50.491490: testing CAMELLIA_CBC: Aug 26 13:14:50.491492: Camellia: 16 bytes with 128-bit key Aug 26 13:14:50.491601: Camellia: 16 bytes with 128-bit key Aug 26 13:14:50.491634: Camellia: 16 bytes with 256-bit key Aug 26 13:14:50.491665: Camellia: 16 bytes with 256-bit key Aug 26 13:14:50.491696: testing AES_GCM_16: Aug 26 13:14:50.491700: empty string Aug 26 13:14:50.491724: one block Aug 26 13:14:50.491741: two blocks Aug 26 13:14:50.491757: two blocks with associated data Aug 26 13:14:50.491773: testing AES_CTR: Aug 26 13:14:50.491775: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:14:50.491792: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:14:50.491809: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:14:50.491827: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:14:50.491844: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:14:50.491862: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:14:50.491879: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:14:50.491895: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:14:50.491912: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:14:50.491930: testing AES_CBC: Aug 26 13:14:50.491932: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:14:50.491949: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.491966: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.491983: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.492003: testing AES_XCBC: Aug 26 13:14:50.492005: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:14:50.492078: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:14:50.492159: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:14:50.492233: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:14:50.492314: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:14:50.492390: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:14:50.492503: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:14:50.492691: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:14:50.492772: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:14:50.492854: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:14:50.492996: testing HMAC_MD5: Aug 26 13:14:50.492999: RFC 2104: MD5_HMAC test 1 Aug 26 13:14:50.493105: RFC 2104: MD5_HMAC test 2 Aug 26 13:14:50.493198: RFC 2104: MD5_HMAC test 3 Aug 26 13:14:50.493324: 8 CPU cores online Aug 26 13:14:50.493329: starting up 7 crypto helpers Aug 26 13:14:50.493355: started thread for crypto helper 0 Aug 26 13:14:50.493372: started thread for crypto helper 1 Aug 26 13:14:50.493387: started thread for crypto helper 2 Aug 26 13:14:50.493402: started thread for crypto helper 3 Aug 26 13:14:50.493395: | starting up helper thread 0 Aug 26 13:14:50.493395: | starting up helper thread 1 Aug 26 13:14:50.493424: | starting up helper thread 3 Aug 26 13:14:50.493436: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:14:50.493416: | starting up helper thread 2 Aug 26 13:14:50.493447: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:14:50.493439: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:14:50.493440: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:50.493455: | starting up helper thread 4 Aug 26 13:14:50.493463: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:14:50.493442: started thread for crypto helper 4 Aug 26 13:14:50.493414: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:14:50.493467: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:50.493489: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:50.493490: started thread for crypto helper 5 Aug 26 13:14:50.493498: | crypto helper 4 waiting (nothing to do) Aug 26 13:14:50.493499: | starting up helper thread 5 Aug 26 13:14:50.493506: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:50.493512: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:14:50.493521: started thread for crypto helper 6 Aug 26 13:14:50.493523: | crypto helper 5 waiting (nothing to do) Aug 26 13:14:50.493525: | checking IKEv1 state table Aug 26 13:14:50.493529: | starting up helper thread 6 Aug 26 13:14:50.493533: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493535: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:14:50.493536: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:14:50.493540: | crypto helper 6 waiting (nothing to do) Aug 26 13:14:50.493545: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493552: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:14:50.493554: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:14:50.493556: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:14:50.493557: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.493559: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.493560: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:14:50.493562: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:14:50.493563: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.493565: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.493567: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:14:50.493568: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.493570: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.493571: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:50.493573: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:14:50.493574: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.493576: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.493577: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:50.493579: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:14:50.493580: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493582: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:14:50.493584: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493585: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493587: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:14:50.493589: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493590: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:50.493592: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:50.493593: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:14:50.493595: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:50.493596: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:50.493598: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:14:50.493599: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493601: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.493603: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493604: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:14:50.493606: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:14:50.493610: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:14:50.493611: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:14:50.493613: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:14:50.493615: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:14:50.493616: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:14:50.493618: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493619: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:14:50.493621: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493623: | INFO: category: informational flags: 0: Aug 26 13:14:50.493624: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493626: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:14:50.493627: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493629: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:14:50.493631: | -> XAUTH_R1 EVENT_NULL Aug 26 13:14:50.493632: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:14:50.493634: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.493636: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:14:50.493637: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:14:50.493639: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:14:50.493640: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:14:50.493642: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.493644: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.493645: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:14:50.493647: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.493649: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.493650: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:14:50.493652: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:14:50.493653: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:14:50.493658: | checking IKEv2 state table Aug 26 13:14:50.493662: | PARENT_I0: category: ignore flags: 0: Aug 26 13:14:50.493664: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:14:50.493666: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493668: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:14:50.493670: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:14:50.493672: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:14:50.493674: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:14:50.493676: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:14:50.493677: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:14:50.493679: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:14:50.493681: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:14:50.493683: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:14:50.493684: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:14:50.493686: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:14:50.493688: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:14:50.493689: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:14:50.493691: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493693: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:14:50.493695: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.493696: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:14:50.493698: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:14:50.493700: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.493702: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:14:50.493705: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:14:50.493707: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:14:50.493709: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:14:50.493710: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.493712: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:14:50.493714: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:14:50.493716: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:14:50.493718: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.493720: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:50.493721: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:14:50.493723: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:14:50.493725: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.493727: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:14:50.493729: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:14:50.493731: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:14:50.493732: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:14:50.493734: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:14:50.493736: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:50.493738: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:14:50.493740: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:14:50.493741: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:14:50.493743: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:14:50.493745: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:14:50.493747: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:14:50.493757: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:14:50.494044: | Hard-wiring algorithms Aug 26 13:14:50.494048: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:14:50.494053: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:14:50.494055: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:14:50.494058: | adding 3DES_CBC to kernel algorithm db Aug 26 13:14:50.494061: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:14:50.494064: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:14:50.494067: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:14:50.494069: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:14:50.494072: | adding AES_CTR to kernel algorithm db Aug 26 13:14:50.494075: | adding AES_CBC to kernel algorithm db Aug 26 13:14:50.494078: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:14:50.494081: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:14:50.494084: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:14:50.494087: | adding NULL to kernel algorithm db Aug 26 13:14:50.494090: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:14:50.494092: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:14:50.494095: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:14:50.494098: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:14:50.494100: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:14:50.494103: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:14:50.494105: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:14:50.494108: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:14:50.494111: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:14:50.494113: | adding NONE to kernel algorithm db Aug 26 13:14:50.494137: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:14:50.494144: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:14:50.494147: | setup kernel fd callback Aug 26 13:14:50.494151: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x559645bca2a8 Aug 26 13:14:50.494155: | libevent_malloc: new ptr-libevent@0x559645bae568 size 128 Aug 26 13:14:50.494157: | libevent_malloc: new ptr-libevent@0x559645bca3b8 size 16 Aug 26 13:14:50.494162: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x559645bcadc8 Aug 26 13:14:50.494165: | libevent_malloc: new ptr-libevent@0x559645b6b198 size 128 Aug 26 13:14:50.494167: | libevent_malloc: new ptr-libevent@0x559645bcad88 size 16 Aug 26 13:14:50.494318: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:14:50.494331: selinux support is enabled. Aug 26 13:14:50.494521: | unbound context created - setting debug level to 5 Aug 26 13:14:50.494541: | /etc/hosts lookups activated Aug 26 13:14:50.494553: | /etc/resolv.conf usage activated Aug 26 13:14:50.494614: | outgoing-port-avoid set 0-65535 Aug 26 13:14:50.494648: | outgoing-port-permit set 32768-60999 Aug 26 13:14:50.494651: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:14:50.494655: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:14:50.494658: | Setting up events, loop start Aug 26 13:14:50.494662: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x559645bcae38 Aug 26 13:14:50.494665: | libevent_malloc: new ptr-libevent@0x559645bd7048 size 128 Aug 26 13:14:50.494669: | libevent_malloc: new ptr-libevent@0x559645be2318 size 16 Aug 26 13:14:50.494676: | libevent_realloc: new ptr-libevent@0x559645b69828 size 256 Aug 26 13:14:50.494679: | libevent_malloc: new ptr-libevent@0x559645be2358 size 8 Aug 26 13:14:50.494683: | libevent_realloc: new ptr-libevent@0x559645b3c918 size 144 Aug 26 13:14:50.494685: | libevent_malloc: new ptr-libevent@0x559645b75388 size 152 Aug 26 13:14:50.494689: | libevent_malloc: new ptr-libevent@0x559645be2398 size 16 Aug 26 13:14:50.494694: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:14:50.494697: | libevent_malloc: new ptr-libevent@0x559645be23d8 size 8 Aug 26 13:14:50.494702: | libevent_malloc: new ptr-libevent@0x559645b6d238 size 152 Aug 26 13:14:50.494705: | signal event handler PLUTO_SIGTERM installed Aug 26 13:14:50.494708: | libevent_malloc: new ptr-libevent@0x559645be2418 size 8 Aug 26 13:14:50.494711: | libevent_malloc: new ptr-libevent@0x559645be2458 size 152 Aug 26 13:14:50.494714: | signal event handler PLUTO_SIGHUP installed Aug 26 13:14:50.494717: | libevent_malloc: new ptr-libevent@0x559645be2528 size 8 Aug 26 13:14:50.494720: | libevent_realloc: release ptr-libevent@0x559645b3c918 Aug 26 13:14:50.494723: | libevent_realloc: new ptr-libevent@0x559645be2568 size 256 Aug 26 13:14:50.494726: | libevent_malloc: new ptr-libevent@0x559645be2698 size 152 Aug 26 13:14:50.494729: | signal event handler PLUTO_SIGSYS installed Aug 26 13:14:50.495039: | created addconn helper (pid:16481) using fork+execve Aug 26 13:14:50.495059: | forked child 16481 Aug 26 13:14:50.495107: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.495118: listening for IKE messages Aug 26 13:14:50.495150: | Inspecting interface lo Aug 26 13:14:50.495155: | found lo with address 127.0.0.1 Aug 26 13:14:50.495159: | Inspecting interface eth0 Aug 26 13:14:50.495162: | found eth0 with address 192.0.2.254 Aug 26 13:14:50.495166: | Inspecting interface eth1 Aug 26 13:14:50.495169: | found eth1 with address 192.1.2.23 Aug 26 13:14:50.495254: Kernel supports NIC esp-hw-offload Aug 26 13:14:50.495265: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:14:50.495284: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.495303: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.495310: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:14:50.495343: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:14:50.495366: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.495371: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.495375: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:14:50.495399: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:14:50.495428: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.495434: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.495439: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:14:50.495488: | no interfaces to sort Aug 26 13:14:50.495493: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:50.495498: | add_fd_read_event_handler: new ethX-pe@0x559645be2a98 Aug 26 13:14:50.495500: | libevent_malloc: new ptr-libevent@0x559645bd6f98 size 128 Aug 26 13:14:50.495503: | libevent_malloc: new ptr-libevent@0x559645be2b08 size 16 Aug 26 13:14:50.495510: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:50.495513: | add_fd_read_event_handler: new ethX-pe@0x559645be2b48 Aug 26 13:14:50.495518: | libevent_malloc: new ptr-libevent@0x559645b6b098 size 128 Aug 26 13:14:50.495520: | libevent_malloc: new ptr-libevent@0x559645be2bb8 size 16 Aug 26 13:14:50.495524: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:50.495525: | add_fd_read_event_handler: new ethX-pe@0x559645be2bf8 Aug 26 13:14:50.495529: | libevent_malloc: new ptr-libevent@0x559645b6c838 size 128 Aug 26 13:14:50.495530: | libevent_malloc: new ptr-libevent@0x559645be2c68 size 16 Aug 26 13:14:50.495534: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:14:50.495535: | add_fd_read_event_handler: new ethX-pe@0x559645be2ca8 Aug 26 13:14:50.495537: | libevent_malloc: new ptr-libevent@0x559645b6c788 size 128 Aug 26 13:14:50.495539: | libevent_malloc: new ptr-libevent@0x559645be2d18 size 16 Aug 26 13:14:50.495542: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:14:50.495543: | add_fd_read_event_handler: new ethX-pe@0x559645be2d58 Aug 26 13:14:50.495547: | libevent_malloc: new ptr-libevent@0x559645b414e8 size 128 Aug 26 13:14:50.495549: | libevent_malloc: new ptr-libevent@0x559645be2dc8 size 16 Aug 26 13:14:50.495552: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:14:50.495554: | add_fd_read_event_handler: new ethX-pe@0x559645be2e08 Aug 26 13:14:50.495555: | libevent_malloc: new ptr-libevent@0x559645b411d8 size 128 Aug 26 13:14:50.495557: | libevent_malloc: new ptr-libevent@0x559645be2e78 size 16 Aug 26 13:14:50.495560: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:14:50.495564: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:50.495566: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:50.495580: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:50.495588: | id type added to secret(0x559645b3cb58) PKK_PSK: @east Aug 26 13:14:50.495591: | id type added to secret(0x559645b3cb58) PKK_PSK: @west Aug 26 13:14:50.495594: | Processing PSK at line 1: passed Aug 26 13:14:50.495596: | certs and keys locked by 'process_secret' Aug 26 13:14:50.495599: | certs and keys unlocked by 'process_secret' Aug 26 13:14:50.495606: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.495612: | spent 0.502 milliseconds in whack Aug 26 13:14:50.528448: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.528468: listening for IKE messages Aug 26 13:14:50.528494: | Inspecting interface lo Aug 26 13:14:50.528499: | found lo with address 127.0.0.1 Aug 26 13:14:50.528501: | Inspecting interface eth0 Aug 26 13:14:50.528504: | found eth0 with address 192.0.2.254 Aug 26 13:14:50.528506: | Inspecting interface eth1 Aug 26 13:14:50.528509: | found eth1 with address 192.1.2.23 Aug 26 13:14:50.528547: | no interfaces to sort Aug 26 13:14:50.528556: | libevent_free: release ptr-libevent@0x559645bd6f98 Aug 26 13:14:50.528558: | free_event_entry: release EVENT_NULL-pe@0x559645be2a98 Aug 26 13:14:50.528560: | add_fd_read_event_handler: new ethX-pe@0x559645be2a98 Aug 26 13:14:50.528562: | libevent_malloc: new ptr-libevent@0x559645bd6f98 size 128 Aug 26 13:14:50.528567: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:50.528570: | libevent_free: release ptr-libevent@0x559645b6b098 Aug 26 13:14:50.528571: | free_event_entry: release EVENT_NULL-pe@0x559645be2b48 Aug 26 13:14:50.528573: | add_fd_read_event_handler: new ethX-pe@0x559645be2b48 Aug 26 13:14:50.528575: | libevent_malloc: new ptr-libevent@0x559645b6b098 size 128 Aug 26 13:14:50.528578: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:50.528580: | libevent_free: release ptr-libevent@0x559645b6c838 Aug 26 13:14:50.528582: | free_event_entry: release EVENT_NULL-pe@0x559645be2bf8 Aug 26 13:14:50.528584: | add_fd_read_event_handler: new ethX-pe@0x559645be2bf8 Aug 26 13:14:50.528585: | libevent_malloc: new ptr-libevent@0x559645b6c838 size 128 Aug 26 13:14:50.528589: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:14:50.528591: | libevent_free: release ptr-libevent@0x559645b6c788 Aug 26 13:14:50.528593: | free_event_entry: release EVENT_NULL-pe@0x559645be2ca8 Aug 26 13:14:50.528594: | add_fd_read_event_handler: new ethX-pe@0x559645be2ca8 Aug 26 13:14:50.528596: | libevent_malloc: new ptr-libevent@0x559645b6c788 size 128 Aug 26 13:14:50.528599: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:14:50.528602: | libevent_free: release ptr-libevent@0x559645b414e8 Aug 26 13:14:50.528616: | free_event_entry: release EVENT_NULL-pe@0x559645be2d58 Aug 26 13:14:50.528618: | add_fd_read_event_handler: new ethX-pe@0x559645be2d58 Aug 26 13:14:50.528620: | libevent_malloc: new ptr-libevent@0x559645b414e8 size 128 Aug 26 13:14:50.528623: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:14:50.528625: | libevent_free: release ptr-libevent@0x559645b411d8 Aug 26 13:14:50.528627: | free_event_entry: release EVENT_NULL-pe@0x559645be2e08 Aug 26 13:14:50.528628: | add_fd_read_event_handler: new ethX-pe@0x559645be2e08 Aug 26 13:14:50.528630: | libevent_malloc: new ptr-libevent@0x559645b411d8 size 128 Aug 26 13:14:50.528633: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:14:50.528635: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:50.528636: forgetting secrets Aug 26 13:14:50.528642: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:50.528667: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:50.528673: | id type added to secret(0x559645b3cb58) PKK_PSK: @east Aug 26 13:14:50.528676: | id type added to secret(0x559645b3cb58) PKK_PSK: @west Aug 26 13:14:50.528678: | Processing PSK at line 1: passed Aug 26 13:14:50.528680: | certs and keys locked by 'process_secret' Aug 26 13:14:50.528682: | certs and keys unlocked by 'process_secret' Aug 26 13:14:50.528688: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.528705: | spent 0.266 milliseconds in whack Aug 26 13:14:50.529134: | processing signal PLUTO_SIGCHLD Aug 26 13:14:50.529146: | waitpid returned pid 16481 (exited with status 0) Aug 26 13:14:50.529149: | reaped addconn helper child (status 0) Aug 26 13:14:50.529152: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:50.529156: | spent 0.0133 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:50.578274: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.578331: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.578335: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:50.578337: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.578339: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:50.578342: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.578348: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:50.578391: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:14:50.578394: | from whack: got --esp= Aug 26 13:14:50.578418: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:14:50.578422: | counting wild cards for @west is 0 Aug 26 13:14:50.578425: | counting wild cards for @east is 0 Aug 26 13:14:50.578431: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 13:14:50.578433: | new hp@0x559645be5308 Aug 26 13:14:50.578436: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:50.578444: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:50.578451: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 13:14:50.578456: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.578462: | spent 0.163 milliseconds in whack Aug 26 13:14:53.237436: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.237463: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:14:53.237467: | f7 9c bc 94 14 ee f8 f5 00 00 00 00 00 00 00 00 Aug 26 13:14:53.237469: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:53.237471: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.237472: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:53.237474: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:53.237476: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:53.237477: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:53.237479: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:53.237480: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:53.237482: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:53.237484: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:53.237485: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:53.237487: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:53.237488: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:53.237490: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:53.237491: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:53.237493: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:53.237494: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:53.237496: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:53.237497: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:53.237499: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:53.237500: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:53.237502: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:53.237503: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:53.237505: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:53.237506: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:53.237508: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:53.237509: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:53.237511: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:53.237515: | 28 00 01 08 00 0e 00 00 92 51 bc 47 23 93 c2 74 Aug 26 13:14:53.237517: | 6e 4a 97 ab b7 ca a5 0b 6e 5e cc 0c a3 de 19 52 Aug 26 13:14:53.237518: | 35 36 20 5d 1c eb 2a 4a ad 84 92 28 f2 a9 68 a6 Aug 26 13:14:53.237520: | c2 e6 ba de 28 dd 9e b4 0c 27 b9 ef 0e 04 33 3e Aug 26 13:14:53.237522: | 1f b9 b1 64 c1 5c 94 99 eb 34 bb 96 88 20 f3 ff Aug 26 13:14:53.237523: | 0f ef 3a e7 f7 f2 ea 59 13 27 fa cc 96 86 93 43 Aug 26 13:14:53.237525: | 11 62 f0 ae c4 e9 4b 38 c7 00 ff 68 6b 20 6b 7c Aug 26 13:14:53.237527: | 79 00 8b ea 2f fc 4c 7d 87 57 60 e5 36 28 0e 5a Aug 26 13:14:53.237528: | 87 6c 44 d6 3a b9 bb c3 ed d5 a8 86 ba b6 6e 23 Aug 26 13:14:53.237530: | af 62 2e 6b cb a4 38 41 ea fb 8a 4c 80 17 43 89 Aug 26 13:14:53.237531: | 75 d6 20 36 38 56 1e ae 7c cb b0 dc 45 d7 1f ce Aug 26 13:14:53.237533: | 40 4f 65 af 39 a8 e7 0f dd ae 1f b0 c0 8a 5e 32 Aug 26 13:14:53.237535: | 13 ac 5b a2 27 1f 34 6e 8c e9 41 5d 11 60 f8 5c Aug 26 13:14:53.237536: | d9 92 f0 2a ea 9b e2 14 e1 74 c2 52 8e e6 0b 4c Aug 26 13:14:53.237538: | dd 89 94 ed bc 66 71 b5 ab 63 e0 ac fe db 93 a3 Aug 26 13:14:53.237539: | e3 88 c5 53 08 b9 75 0b 01 44 c2 1d 36 e2 73 ee Aug 26 13:14:53.237541: | f6 25 c7 e2 ee 30 4d 55 29 00 00 24 76 46 0a 3c Aug 26 13:14:53.237542: | 0d ef b6 38 1d 26 57 a9 4c ed 62 52 03 b8 d1 83 Aug 26 13:14:53.237544: | ad bc b7 82 e4 e1 06 84 71 91 f2 cc 29 00 00 08 Aug 26 13:14:53.237545: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e7 8a 57 08 Aug 26 13:14:53.237547: | 2f b2 88 0c 34 cd 6d e6 19 8d d3 b8 36 ee 86 f6 Aug 26 13:14:53.237549: | 00 00 00 1c 00 00 40 05 ae c1 bd 59 22 1d 20 91 Aug 26 13:14:53.237550: | 31 c4 67 ea a9 91 ae 9f a3 42 eb 81 Aug 26 13:14:53.237555: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:14:53.237558: | **parse ISAKMP Message: Aug 26 13:14:53.237560: | initiator cookie: Aug 26 13:14:53.237561: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.237563: | responder cookie: Aug 26 13:14:53.237564: | 00 00 00 00 00 00 00 00 Aug 26 13:14:53.237566: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.237568: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.237570: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.237572: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.237574: | Message ID: 0 (0x0) Aug 26 13:14:53.237575: | length: 828 (0x33c) Aug 26 13:14:53.237577: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:14:53.237580: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:14:53.237585: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:14:53.237587: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.237590: | ***parse IKEv2 Security Association Payload: Aug 26 13:14:53.237591: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:14:53.237593: | flags: none (0x0) Aug 26 13:14:53.237594: | length: 436 (0x1b4) Aug 26 13:14:53.237596: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:14:53.237598: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:14:53.237600: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:14:53.237602: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:14:53.237603: | flags: none (0x0) Aug 26 13:14:53.237605: | length: 264 (0x108) Aug 26 13:14:53.237606: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.237608: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:14:53.237609: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.237611: | ***parse IKEv2 Nonce Payload: Aug 26 13:14:53.237613: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.237614: | flags: none (0x0) Aug 26 13:14:53.237616: | length: 36 (0x24) Aug 26 13:14:53.237618: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:14:53.237619: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.237623: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.237624: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.237626: | flags: none (0x0) Aug 26 13:14:53.237628: | length: 8 (0x8) Aug 26 13:14:53.237629: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237631: | SPI size: 0 (0x0) Aug 26 13:14:53.237633: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.237634: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:14:53.237636: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.237638: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.237639: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.237641: | flags: none (0x0) Aug 26 13:14:53.237642: | length: 28 (0x1c) Aug 26 13:14:53.237644: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237646: | SPI size: 0 (0x0) Aug 26 13:14:53.237647: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.237649: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.237650: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.237652: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.237654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.237655: | flags: none (0x0) Aug 26 13:14:53.237657: | length: 28 (0x1c) Aug 26 13:14:53.237658: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237660: | SPI size: 0 (0x0) Aug 26 13:14:53.237662: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.237663: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.237665: | DDOS disabled and no cookie sent, continuing Aug 26 13:14:53.237669: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.237672: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.237674: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:14:53.237677: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.237679: | find_next_host_connection returns empty Aug 26 13:14:53.237681: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.237683: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:14:53.237685: | find_next_host_connection returns empty Aug 26 13:14:53.237687: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:14:53.237690: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.237693: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.237695: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:14:53.237697: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.237698: | find_next_host_connection returns empty Aug 26 13:14:53.237701: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.237703: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:14:53.237704: | find_next_host_connection returns empty Aug 26 13:14:53.237707: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 13:14:53.237709: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.237712: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.237714: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:14:53.237716: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.237719: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:53.237721: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:14:53.237722: | find_next_host_connection returns empty Aug 26 13:14:53.237724: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Aug 26 13:14:53.237745: | creating state object #1 at 0x559645be6fd8 Aug 26 13:14:53.237747: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:14:53.237753: | pstats #1 ikev2.ike started Aug 26 13:14:53.237756: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:53.237758: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:14:53.237761: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.237768: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.237770: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:53.237773: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:53.237775: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:14:53.237778: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:14:53.237780: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:14:53.237782: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:14:53.237784: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:14:53.237786: | Now let's proceed with state specific processing Aug 26 13:14:53.237788: | calling processor Respond to IKE_SA_INIT Aug 26 13:14:53.237792: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:14:53.237794: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Aug 26 13:14:53.237800: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.237805: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.237807: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.237811: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.237813: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.237817: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.237819: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.237822: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.237828: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.237834: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:14:53.237838: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.237840: | local proposal 1 type PRF has 2 transforms Aug 26 13:14:53.237841: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.237843: | local proposal 1 type DH has 8 transforms Aug 26 13:14:53.237845: | local proposal 1 type ESN has 0 transforms Aug 26 13:14:53.237847: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.237849: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.237850: | local proposal 2 type PRF has 2 transforms Aug 26 13:14:53.237852: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.237854: | local proposal 2 type DH has 8 transforms Aug 26 13:14:53.237855: | local proposal 2 type ESN has 0 transforms Aug 26 13:14:53.237857: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.237859: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.237860: | local proposal 3 type PRF has 2 transforms Aug 26 13:14:53.237862: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.237864: | local proposal 3 type DH has 8 transforms Aug 26 13:14:53.237865: | local proposal 3 type ESN has 0 transforms Aug 26 13:14:53.237867: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.237869: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.237871: | local proposal 4 type PRF has 2 transforms Aug 26 13:14:53.237872: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.237874: | local proposal 4 type DH has 8 transforms Aug 26 13:14:53.237875: | local proposal 4 type ESN has 0 transforms Aug 26 13:14:53.237877: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.237879: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.237881: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.237883: | length: 100 (0x64) Aug 26 13:14:53.237885: | prop #: 1 (0x1) Aug 26 13:14:53.237886: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.237888: | spi size: 0 (0x0) Aug 26 13:14:53.237890: | # transforms: 11 (0xb) Aug 26 13:14:53.237892: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:14:53.237894: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237897: | length: 12 (0xc) Aug 26 13:14:53.237899: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.237901: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.237902: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.237904: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.237906: | length/value: 256 (0x100) Aug 26 13:14:53.237909: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.237911: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237914: | length: 8 (0x8) Aug 26 13:14:53.237915: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.237917: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.237919: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:14:53.237921: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:14:53.237925: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:14:53.237927: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:14:53.237928: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237932: | length: 8 (0x8) Aug 26 13:14:53.237933: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.237935: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.237937: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237940: | length: 8 (0x8) Aug 26 13:14:53.237941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237943: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.237945: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:14:53.237947: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:14:53.237949: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:14:53.237951: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:14:53.237953: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237956: | length: 8 (0x8) Aug 26 13:14:53.237957: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237959: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.237961: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237964: | length: 8 (0x8) Aug 26 13:14:53.237966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237967: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.237969: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237972: | length: 8 (0x8) Aug 26 13:14:53.237974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237975: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.237977: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237980: | length: 8 (0x8) Aug 26 13:14:53.237982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237983: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.237985: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237988: | length: 8 (0x8) Aug 26 13:14:53.237990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237991: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.237993: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237995: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237996: | length: 8 (0x8) Aug 26 13:14:53.237998: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238000: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.238001: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238003: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.238004: | length: 8 (0x8) Aug 26 13:14:53.238006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238008: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.238010: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:14:53.238013: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:14:53.238016: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.238018: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.238020: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.238021: | length: 100 (0x64) Aug 26 13:14:53.238023: | prop #: 2 (0x2) Aug 26 13:14:53.238024: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.238026: | spi size: 0 (0x0) Aug 26 13:14:53.238027: | # transforms: 11 (0xb) Aug 26 13:14:53.238030: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.238031: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238034: | length: 12 (0xc) Aug 26 13:14:53.238036: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.238038: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.238039: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.238041: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.238043: | length/value: 128 (0x80) Aug 26 13:14:53.238045: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238048: | length: 8 (0x8) Aug 26 13:14:53.238049: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238051: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.238053: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238056: | length: 8 (0x8) Aug 26 13:14:53.238057: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238059: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.238061: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238064: | length: 8 (0x8) Aug 26 13:14:53.238065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238067: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.238069: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238072: | length: 8 (0x8) Aug 26 13:14:53.238073: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238075: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.238077: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238080: | length: 8 (0x8) Aug 26 13:14:53.238082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238083: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.238085: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238087: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238088: | length: 8 (0x8) Aug 26 13:14:53.238090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238091: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.238093: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238096: | length: 8 (0x8) Aug 26 13:14:53.238098: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238099: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.238101: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238103: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238104: | length: 8 (0x8) Aug 26 13:14:53.238106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238107: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.238109: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238112: | length: 8 (0x8) Aug 26 13:14:53.238114: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238118: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.238119: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238121: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.238123: | length: 8 (0x8) Aug 26 13:14:53.238124: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238126: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.238128: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:14:53.238130: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:14:53.238132: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.238134: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.238135: | length: 116 (0x74) Aug 26 13:14:53.238137: | prop #: 3 (0x3) Aug 26 13:14:53.238138: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.238140: | spi size: 0 (0x0) Aug 26 13:14:53.238141: | # transforms: 13 (0xd) Aug 26 13:14:53.238143: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.238145: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238148: | length: 12 (0xc) Aug 26 13:14:53.238150: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.238151: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.238153: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.238155: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.238156: | length/value: 256 (0x100) Aug 26 13:14:53.238158: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238161: | length: 8 (0x8) Aug 26 13:14:53.238163: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238165: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.238166: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238169: | length: 8 (0x8) Aug 26 13:14:53.238171: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238173: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.238174: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238177: | length: 8 (0x8) Aug 26 13:14:53.238179: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.238181: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.238182: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238186: | length: 8 (0x8) Aug 26 13:14:53.238187: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.238189: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.238191: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238194: | length: 8 (0x8) Aug 26 13:14:53.238195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238197: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.238199: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238202: | length: 8 (0x8) Aug 26 13:14:53.238203: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238205: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.238207: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238210: | length: 8 (0x8) Aug 26 13:14:53.238211: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238213: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.238216: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238219: | length: 8 (0x8) Aug 26 13:14:53.238220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238222: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.238224: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238227: | length: 8 (0x8) Aug 26 13:14:53.238228: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238230: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.238232: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238235: | length: 8 (0x8) Aug 26 13:14:53.238236: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238238: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.238240: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238243: | length: 8 (0x8) Aug 26 13:14:53.238245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238246: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.238248: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238249: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.238251: | length: 8 (0x8) Aug 26 13:14:53.238253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238254: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.238257: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:14:53.238259: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:14:53.238260: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.238262: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.238263: | length: 116 (0x74) Aug 26 13:14:53.238265: | prop #: 4 (0x4) Aug 26 13:14:53.238267: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.238268: | spi size: 0 (0x0) Aug 26 13:14:53.238270: | # transforms: 13 (0xd) Aug 26 13:14:53.238272: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.238273: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238276: | length: 12 (0xc) Aug 26 13:14:53.238278: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.238280: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.238281: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.238283: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.238285: | length/value: 128 (0x80) Aug 26 13:14:53.238286: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238295: | length: 8 (0x8) Aug 26 13:14:53.238297: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238300: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.238301: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238305: | length: 8 (0x8) Aug 26 13:14:53.238306: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.238308: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.238310: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238311: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238313: | length: 8 (0x8) Aug 26 13:14:53.238314: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.238316: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.238318: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238322: | length: 8 (0x8) Aug 26 13:14:53.238323: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.238325: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.238329: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238330: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238332: | length: 8 (0x8) Aug 26 13:14:53.238333: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238335: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.238337: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238340: | length: 8 (0x8) Aug 26 13:14:53.238341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238343: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.238345: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238348: | length: 8 (0x8) Aug 26 13:14:53.238350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238351: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.238353: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238356: | length: 8 (0x8) Aug 26 13:14:53.238358: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238359: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.238361: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238364: | length: 8 (0x8) Aug 26 13:14:53.238366: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238367: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.238369: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238372: | length: 8 (0x8) Aug 26 13:14:53.238374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238375: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.238377: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.238380: | length: 8 (0x8) Aug 26 13:14:53.238382: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238383: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.238385: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.238387: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.238388: | length: 8 (0x8) Aug 26 13:14:53.238390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.238391: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.238394: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:14:53.238396: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:14:53.238399: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:14:53.238403: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:14:53.238405: | converting proposal to internal trans attrs Aug 26 13:14:53.238407: | natd_hash: rcookie is zero Aug 26 13:14:53.238416: | natd_hash: hasher=0x55964516d800(20) Aug 26 13:14:53.238418: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.238419: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.238421: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.238422: | natd_hash: port=500 Aug 26 13:14:53.238424: | natd_hash: hash= ae c1 bd 59 22 1d 20 91 31 c4 67 ea a9 91 ae 9f Aug 26 13:14:53.238426: | natd_hash: hash= a3 42 eb 81 Aug 26 13:14:53.238427: | natd_hash: rcookie is zero Aug 26 13:14:53.238430: | natd_hash: hasher=0x55964516d800(20) Aug 26 13:14:53.238432: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.238434: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.238435: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.238436: | natd_hash: port=500 Aug 26 13:14:53.238438: | natd_hash: hash= e7 8a 57 08 2f b2 88 0c 34 cd 6d e6 19 8d d3 b8 Aug 26 13:14:53.238440: | natd_hash: hash= 36 ee 86 f6 Aug 26 13:14:53.238441: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:14:53.238443: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:14:53.238444: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:14:53.238446: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Aug 26 13:14:53.238449: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:14:53.238451: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559645be6bb8 Aug 26 13:14:53.238453: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.238455: | libevent_malloc: new ptr-libevent@0x559645be9338 size 128 Aug 26 13:14:53.238464: | #1 spent 0.67 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:14:53.238469: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.238471: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:14:53.238473: | suspending state #1 and saving MD Aug 26 13:14:53.238474: | #1 is busy; has a suspended MD Aug 26 13:14:53.238477: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.238480: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.238483: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.238486: | #1 spent 1.04 milliseconds in ikev2_process_packet() Aug 26 13:14:53.238488: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:14:53.238490: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.238492: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.238495: | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.238498: | crypto helper 1 resuming Aug 26 13:14:53.238508: | crypto helper 1 starting work-order 1 for state #1 Aug 26 13:14:53.238512: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:14:53.239093: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000581 seconds Aug 26 13:14:53.239099: | (#1) spent 0.586 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:14:53.239102: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Aug 26 13:14:53.239104: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.239106: | libevent_malloc: new ptr-libevent@0x7f8f80002888 size 128 Aug 26 13:14:53.239112: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:53.239153: | processing resume sending helper answer for #1 Aug 26 13:14:53.239163: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:14:53.239167: | crypto helper 1 replies to request ID 1 Aug 26 13:14:53.239168: | calling continuation function 0x559645098b50 Aug 26 13:14:53.239170: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:14:53.239198: | **emit ISAKMP Message: Aug 26 13:14:53.239200: | initiator cookie: Aug 26 13:14:53.239202: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239203: | responder cookie: Aug 26 13:14:53.239205: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239207: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.239209: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.239211: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.239212: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.239214: | Message ID: 0 (0x0) Aug 26 13:14:53.239216: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.239218: | Emitting ikev2_proposal ... Aug 26 13:14:53.239220: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:53.239222: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239223: | flags: none (0x0) Aug 26 13:14:53.239226: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.239228: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239230: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.239231: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.239233: | prop #: 1 (0x1) Aug 26 13:14:53.239235: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.239236: | spi size: 0 (0x0) Aug 26 13:14:53.239238: | # transforms: 3 (0x3) Aug 26 13:14:53.239240: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.239242: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239245: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.239247: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.239249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.239251: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.239253: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.239255: | length/value: 256 (0x100) Aug 26 13:14:53.239257: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.239258: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239262: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.239263: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.239266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239267: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.239269: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.239271: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239273: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.239274: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.239276: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.239278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.239283: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.239285: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:14:53.239287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.239296: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:14:53.239299: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.239302: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:53.239304: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239305: | flags: none (0x0) Aug 26 13:14:53.239307: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.239309: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:53.239311: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239314: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:53.239315: | ikev2 g^x 62 9e 7c 0d 1b 0d dd 0c 99 a2 a4 0e 8f 9f b2 bf Aug 26 13:14:53.239317: | ikev2 g^x 5f 4b 24 05 47 64 84 fc 62 c2 2b 01 62 e4 02 28 Aug 26 13:14:53.239318: | ikev2 g^x 67 06 1f 76 0c 82 fa 01 2d 2c 07 54 cd 09 8e 00 Aug 26 13:14:53.239320: | ikev2 g^x 18 7e 28 4c af a1 aa 2e ef a9 d6 50 29 ce b4 57 Aug 26 13:14:53.239322: | ikev2 g^x a8 98 8e e1 29 f2 5f 81 fa 86 ce c7 23 8a 4d 05 Aug 26 13:14:53.239323: | ikev2 g^x 53 c4 e0 d7 a1 d1 b8 e7 75 f1 43 d4 44 60 bd d2 Aug 26 13:14:53.239325: | ikev2 g^x 5e 0a ce cb f2 df 48 d1 c0 1d c0 32 4e 25 94 fd Aug 26 13:14:53.239326: | ikev2 g^x c7 68 4f ca b5 e3 85 08 95 3f db c7 47 c0 b6 07 Aug 26 13:14:53.239328: | ikev2 g^x 4f cf 3d b6 07 e3 32 ac bf 5a a2 5c 77 fc e9 c2 Aug 26 13:14:53.239329: | ikev2 g^x 09 1c c6 15 06 79 25 e7 b3 c8 69 8c c2 88 b8 16 Aug 26 13:14:53.239331: | ikev2 g^x 57 78 bb bb 8c c3 0b a6 c0 32 09 85 3b a7 1f bf Aug 26 13:14:53.239332: | ikev2 g^x 96 a0 16 ee 0c 08 54 25 ad dd b1 73 8f fa 4c e5 Aug 26 13:14:53.239334: | ikev2 g^x 35 33 8d f9 01 09 6c 9d d5 fe 9c 4e 76 9d 1b 03 Aug 26 13:14:53.239335: | ikev2 g^x 6c 24 1d 3d 51 b4 bd 0c 8e 02 b6 51 2b e6 f7 74 Aug 26 13:14:53.239337: | ikev2 g^x eb 51 15 aa 9b b2 b0 5a 8b 21 1a f2 96 5e 96 f3 Aug 26 13:14:53.239338: | ikev2 g^x 45 cd 61 63 d2 22 fa c3 af 3e 87 e3 1a 90 c2 ea Aug 26 13:14:53.239340: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:53.239342: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:53.239343: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.239345: | flags: none (0x0) Aug 26 13:14:53.239347: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:53.239349: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.239351: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239353: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:53.239354: | IKEv2 nonce 2a fd fd c5 a0 b9 f2 ae 44 dc ee dd 09 3e 10 82 Aug 26 13:14:53.239356: | IKEv2 nonce 16 08 57 61 c4 68 94 25 a9 4a 72 27 d6 2e 73 55 Aug 26 13:14:53.239357: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:53.239359: | Adding a v2N Payload Aug 26 13:14:53.239361: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.239362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239364: | flags: none (0x0) Aug 26 13:14:53.239366: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239369: | SPI size: 0 (0x0) Aug 26 13:14:53.239371: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.239373: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.239375: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239377: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:53.239378: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:53.239386: | natd_hash: hasher=0x55964516d800(20) Aug 26 13:14:53.239388: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239389: | natd_hash: rcookie= 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239391: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.239392: | natd_hash: port=500 Aug 26 13:14:53.239394: | natd_hash: hash= 3f 68 4b 62 5d 9c 2e 7b 6d 2b 5c 62 2a 57 78 0f Aug 26 13:14:53.239396: | natd_hash: hash= b0 dc e3 a3 Aug 26 13:14:53.239397: | Adding a v2N Payload Aug 26 13:14:53.239399: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.239401: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239402: | flags: none (0x0) Aug 26 13:14:53.239404: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239405: | SPI size: 0 (0x0) Aug 26 13:14:53.239407: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.239409: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.239411: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239413: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.239415: | Notify data 3f 68 4b 62 5d 9c 2e 7b 6d 2b 5c 62 2a 57 78 0f Aug 26 13:14:53.239416: | Notify data b0 dc e3 a3 Aug 26 13:14:53.239418: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.239422: | natd_hash: hasher=0x55964516d800(20) Aug 26 13:14:53.239423: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239425: | natd_hash: rcookie= 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239426: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.239428: | natd_hash: port=500 Aug 26 13:14:53.239429: | natd_hash: hash= 11 ec 0f f5 e4 b3 b9 a6 67 75 48 b4 bb 9d 85 bb Aug 26 13:14:53.239431: | natd_hash: hash= c3 44 79 a4 Aug 26 13:14:53.239432: | Adding a v2N Payload Aug 26 13:14:53.239434: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.239436: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239437: | flags: none (0x0) Aug 26 13:14:53.239439: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239440: | SPI size: 0 (0x0) Aug 26 13:14:53.239442: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.239444: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.239446: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.239447: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.239449: | Notify data 11 ec 0f f5 e4 b3 b9 a6 67 75 48 b4 bb 9d 85 bb Aug 26 13:14:53.239451: | Notify data c3 44 79 a4 Aug 26 13:14:53.239452: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.239454: | emitting length of ISAKMP Message: 432 Aug 26 13:14:53.239458: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.239461: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:14:53.239462: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:14:53.239465: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:14:53.239467: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:14:53.239471: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:14:53.239474: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.239477: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:14:53.239480: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:14:53.239483: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:53.239485: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239489: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:14:53.239490: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.239492: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:14:53.239493: | 04 00 00 0e 28 00 01 08 00 0e 00 00 62 9e 7c 0d Aug 26 13:14:53.239495: | 1b 0d dd 0c 99 a2 a4 0e 8f 9f b2 bf 5f 4b 24 05 Aug 26 13:14:53.239496: | 47 64 84 fc 62 c2 2b 01 62 e4 02 28 67 06 1f 76 Aug 26 13:14:53.239498: | 0c 82 fa 01 2d 2c 07 54 cd 09 8e 00 18 7e 28 4c Aug 26 13:14:53.239499: | af a1 aa 2e ef a9 d6 50 29 ce b4 57 a8 98 8e e1 Aug 26 13:14:53.239501: | 29 f2 5f 81 fa 86 ce c7 23 8a 4d 05 53 c4 e0 d7 Aug 26 13:14:53.239502: | a1 d1 b8 e7 75 f1 43 d4 44 60 bd d2 5e 0a ce cb Aug 26 13:14:53.239504: | f2 df 48 d1 c0 1d c0 32 4e 25 94 fd c7 68 4f ca Aug 26 13:14:53.239505: | b5 e3 85 08 95 3f db c7 47 c0 b6 07 4f cf 3d b6 Aug 26 13:14:53.239507: | 07 e3 32 ac bf 5a a2 5c 77 fc e9 c2 09 1c c6 15 Aug 26 13:14:53.239508: | 06 79 25 e7 b3 c8 69 8c c2 88 b8 16 57 78 bb bb Aug 26 13:14:53.239510: | 8c c3 0b a6 c0 32 09 85 3b a7 1f bf 96 a0 16 ee Aug 26 13:14:53.239511: | 0c 08 54 25 ad dd b1 73 8f fa 4c e5 35 33 8d f9 Aug 26 13:14:53.239513: | 01 09 6c 9d d5 fe 9c 4e 76 9d 1b 03 6c 24 1d 3d Aug 26 13:14:53.239514: | 51 b4 bd 0c 8e 02 b6 51 2b e6 f7 74 eb 51 15 aa Aug 26 13:14:53.239516: | 9b b2 b0 5a 8b 21 1a f2 96 5e 96 f3 45 cd 61 63 Aug 26 13:14:53.239517: | d2 22 fa c3 af 3e 87 e3 1a 90 c2 ea 29 00 00 24 Aug 26 13:14:53.239519: | 2a fd fd c5 a0 b9 f2 ae 44 dc ee dd 09 3e 10 82 Aug 26 13:14:53.239520: | 16 08 57 61 c4 68 94 25 a9 4a 72 27 d6 2e 73 55 Aug 26 13:14:53.239522: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:14:53.239523: | 3f 68 4b 62 5d 9c 2e 7b 6d 2b 5c 62 2a 57 78 0f Aug 26 13:14:53.239525: | b0 dc e3 a3 00 00 00 1c 00 00 40 05 11 ec 0f f5 Aug 26 13:14:53.239526: | e4 b3 b9 a6 67 75 48 b4 bb 9d 85 bb c3 44 79 a4 Aug 26 13:14:53.239550: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.239554: | libevent_free: release ptr-libevent@0x559645be9338 Aug 26 13:14:53.239556: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559645be6bb8 Aug 26 13:14:53.239558: | event_schedule: new EVENT_SO_DISCARD-pe@0x559645be6bb8 Aug 26 13:14:53.239560: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:14:53.239562: | libevent_malloc: new ptr-libevent@0x559645bea488 size 128 Aug 26 13:14:53.239565: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.239569: | #1 spent 0.387 milliseconds in resume sending helper answer Aug 26 13:14:53.239572: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:14:53.239574: | libevent_free: release ptr-libevent@0x7f8f80002888 Aug 26 13:14:53.242265: | spent 0.00219 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.242284: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:14:53.242287: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.242298: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:14:53.242301: | ef ec 20 49 d6 b0 e8 9e 46 b1 8b f0 1b ae 4d e6 Aug 26 13:14:53.242304: | fd 78 f9 72 bd 33 99 1f 67 11 3f 55 78 d0 8a ea Aug 26 13:14:53.242306: | 9d 82 e7 ff 2e 6a ef 00 ad 52 67 08 b3 e2 3c 0b Aug 26 13:14:53.242309: | e0 52 99 82 19 a1 70 6b 64 94 59 fa 8a 1a a8 17 Aug 26 13:14:53.242311: | ce 2b 70 51 ab 88 f6 91 6e 02 cd 2a 06 0c f2 33 Aug 26 13:14:53.242313: | 94 12 a2 cd 04 65 e1 52 22 e0 6b 2d aa 8c 64 75 Aug 26 13:14:53.242316: | 76 fb 7e aa 8d fa 58 dd 7e e4 ae 1e 67 74 4d 17 Aug 26 13:14:53.242318: | 93 7d 4c 4e 1d ce 78 29 9d f3 f3 15 e7 49 4b e6 Aug 26 13:14:53.242321: | 61 8f 33 cf d0 7b 6b b1 85 75 cc ad 46 01 f5 8b Aug 26 13:14:53.242323: | d1 1b 4d 86 ae b9 7e 9f 8c 04 02 da 57 18 1e 1b Aug 26 13:14:53.242324: | 90 fc a5 45 9b 0e 1a db 07 d8 4e c1 46 8f b8 76 Aug 26 13:14:53.242326: | aa 6d d5 55 71 11 c7 5e 85 91 5f 9a 92 5f 8b 93 Aug 26 13:14:53.242327: | 5d fc ab 5e 73 72 67 ca a9 bd 9a d2 10 8f 82 9a Aug 26 13:14:53.242329: | 9a 04 f6 38 86 a2 ac d9 5b 60 00 e0 73 eb e2 ab Aug 26 13:14:53.242330: | fa 98 84 d8 2e 2f 8b bc ab ea b0 3f 1a e9 55 e0 Aug 26 13:14:53.242332: | 66 59 c9 72 09 bc 0b 7f 21 f8 9f 71 46 f5 5d 03 Aug 26 13:14:53.242333: | ec 93 a3 e9 2e a0 86 2f dc 57 64 29 42 ed a6 ef Aug 26 13:14:53.242335: | ef 90 8a 5a fd 82 d1 b5 18 ce b5 d7 d0 c0 32 49 Aug 26 13:14:53.242336: | 2d a1 77 a5 a3 58 e3 8a a2 04 80 7d 0f 21 fd 8c Aug 26 13:14:53.242338: | 24 f3 3f 1e 5f 4f 74 1b 4f 30 90 0c a2 7a e3 bb Aug 26 13:14:53.242339: | 5a e3 52 90 48 9f c9 6a 20 69 5e e5 67 Aug 26 13:14:53.242343: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:14:53.242345: | **parse ISAKMP Message: Aug 26 13:14:53.242347: | initiator cookie: Aug 26 13:14:53.242348: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.242350: | responder cookie: Aug 26 13:14:53.242352: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.242353: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:53.242355: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.242357: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.242359: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.242361: | Message ID: 1 (0x1) Aug 26 13:14:53.242362: | length: 365 (0x16d) Aug 26 13:14:53.242364: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:14:53.242366: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:14:53.242369: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:14:53.242373: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.242375: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:53.242378: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:53.242380: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:14:53.242383: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:14:53.242385: | unpacking clear payload Aug 26 13:14:53.242386: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:53.242388: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:53.242390: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:14:53.242392: | flags: none (0x0) Aug 26 13:14:53.242393: | length: 337 (0x151) Aug 26 13:14:53.242395: | processing payload: ISAKMP_NEXT_v2SK (len=333) Aug 26 13:14:53.242398: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:53.242400: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:14:53.242403: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:14:53.242405: | Now let's proceed with state specific processing Aug 26 13:14:53.242407: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:14:53.242409: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:14:53.242412: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:14:53.242414: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:14:53.242416: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:14:53.242418: | libevent_free: release ptr-libevent@0x559645bea488 Aug 26 13:14:53.242420: | free_event_entry: release EVENT_SO_DISCARD-pe@0x559645be6bb8 Aug 26 13:14:53.242422: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559645be6bb8 Aug 26 13:14:53.242424: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.242426: | libevent_malloc: new ptr-libevent@0x7f8f80002888 size 128 Aug 26 13:14:53.242434: | #1 spent 0.0238 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:14:53.242437: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.242440: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:14:53.242440: | crypto helper 2 resuming Aug 26 13:14:53.242442: | suspending state #1 and saving MD Aug 26 13:14:53.242455: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:14:53.242456: | #1 is busy; has a suspended MD Aug 26 13:14:53.242461: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:14:53.242463: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.242467: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.242470: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.242473: | #1 spent 0.187 milliseconds in ikev2_process_packet() Aug 26 13:14:53.242476: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:14:53.242478: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.242479: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.242482: | spent 0.196 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.243361: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:14:53.243784: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001323 seconds Aug 26 13:14:53.243793: | (#1) spent 1.32 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:14:53.243796: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:14:53.243798: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.243800: | libevent_malloc: new ptr-libevent@0x7f8f78000f48 size 128 Aug 26 13:14:53.243806: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:53.243817: | processing resume sending helper answer for #1 Aug 26 13:14:53.243829: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:14:53.243835: | crypto helper 2 replies to request ID 2 Aug 26 13:14:53.243838: | calling continuation function 0x559645098b50 Aug 26 13:14:53.243841: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:14:53.243845: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:14:53.243861: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:14:53.243868: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:14:53.243873: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:14:53.243876: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:14:53.243879: | flags: none (0x0) Aug 26 13:14:53.243881: | length: 12 (0xc) Aug 26 13:14:53.243884: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.243887: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 13:14:53.243890: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.243892: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.243895: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.243898: | flags: none (0x0) Aug 26 13:14:53.243900: | length: 12 (0xc) Aug 26 13:14:53.243902: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.243905: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:14:53.243907: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.243910: | **parse IKEv2 Authentication Payload: Aug 26 13:14:53.243912: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.243915: | flags: none (0x0) Aug 26 13:14:53.243917: | length: 72 (0x48) Aug 26 13:14:53.243919: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.243922: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:14:53.243924: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.243927: | **parse IKEv2 Security Association Payload: Aug 26 13:14:53.243929: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:14:53.243932: | flags: none (0x0) Aug 26 13:14:53.243934: | length: 164 (0xa4) Aug 26 13:14:53.243936: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:14:53.243939: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.243942: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.243944: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:14:53.243947: | flags: none (0x0) Aug 26 13:14:53.243949: | length: 24 (0x18) Aug 26 13:14:53.243952: | number of TS: 1 (0x1) Aug 26 13:14:53.243954: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:14:53.243957: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.243959: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.243962: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.243964: | flags: none (0x0) Aug 26 13:14:53.243967: | length: 24 (0x18) Aug 26 13:14:53.243970: | number of TS: 1 (0x1) Aug 26 13:14:53.243972: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:14:53.243975: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:14:53.243978: | Now let's proceed with state specific processing Aug 26 13:14:53.243981: | calling processor Responder: process IKE_AUTH request Aug 26 13:14:53.243986: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:14:53.243994: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:14:53.243997: | received IDr payload - extracting our alleged ID Aug 26 13:14:53.244000: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.244003: | match_id a=@west Aug 26 13:14:53.244004: | b=@west Aug 26 13:14:53.244006: | results matched Aug 26 13:14:53.244009: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:14:53.244011: | Warning: not switching back to template of current instance Aug 26 13:14:53.244013: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 13:14:53.244014: | This connection's local id is @east (ID_FQDN) Aug 26 13:14:53.244016: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Aug 26 13:14:53.244019: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244022: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244024: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.244027: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.244029: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.244030: | line 1: match=014 Aug 26 13:14:53.244033: | match 014 beats previous best_match 000 match=0x559645b3cb58 (line=1) Aug 26 13:14:53.244034: | concluding with best_match=014 best=0x559645b3cb58 (lineno=1) Aug 26 13:14:53.244036: | returning because exact peer id match Aug 26 13:14:53.244038: | offered CA: '%none' Aug 26 13:14:53.244040: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Aug 26 13:14:53.244054: | verifying AUTH payload Aug 26 13:14:53.244057: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 13:14:53.244059: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244061: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244063: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.244065: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.244067: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.244068: | line 1: match=014 Aug 26 13:14:53.244070: | match 014 beats previous best_match 000 match=0x559645b3cb58 (line=1) Aug 26 13:14:53.244072: | concluding with best_match=014 best=0x559645b3cb58 (lineno=1) Aug 26 13:14:53.244111: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Aug 26 13:14:53.244115: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:14:53.244119: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:14:53.244120: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.244123: | libevent_free: release ptr-libevent@0x7f8f80002888 Aug 26 13:14:53.244125: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559645be6bb8 Aug 26 13:14:53.244127: | event_schedule: new EVENT_SA_REKEY-pe@0x559645be6bb8 Aug 26 13:14:53.244129: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:14:53.244131: | libevent_malloc: new ptr-libevent@0x559645bea488 size 128 Aug 26 13:14:53.244216: | pstats #1 ikev2.ike established Aug 26 13:14:53.244226: | **emit ISAKMP Message: Aug 26 13:14:53.244229: | initiator cookie: Aug 26 13:14:53.244232: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.244235: | responder cookie: Aug 26 13:14:53.244238: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.244241: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.244244: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.244247: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.244251: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.244254: | Message ID: 1 (0x1) Aug 26 13:14:53.244258: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.244261: | IKEv2 CERT: send a certificate? Aug 26 13:14:53.244265: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:14:53.244269: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:53.244272: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.244275: | flags: none (0x0) Aug 26 13:14:53.244280: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:53.244284: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.244292: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:53.244303: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.244317: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.244321: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.244323: | flags: none (0x0) Aug 26 13:14:53.244328: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.244333: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.244338: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.244342: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:14:53.244345: | my identity 65 61 73 74 Aug 26 13:14:53.244349: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:14:53.244357: | assembled IDr payload Aug 26 13:14:53.244360: | CHILD SA proposals received Aug 26 13:14:53.244363: | going to assemble AUTH payload Aug 26 13:14:53.244365: | ****emit IKEv2 Authentication Payload: Aug 26 13:14:53.244367: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.244369: | flags: none (0x0) Aug 26 13:14:53.244370: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.244372: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:14:53.244374: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.244376: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.244379: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 13:14:53.244381: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244383: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.244385: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.244388: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.244389: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.244391: | line 1: match=014 Aug 26 13:14:53.244393: | match 014 beats previous best_match 000 match=0x559645b3cb58 (line=1) Aug 26 13:14:53.244395: | concluding with best_match=014 best=0x559645b3cb58 (lineno=1) Aug 26 13:14:53.244451: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:14:53.244457: | PSK auth a3 00 76 6e 5f f5 ef e7 e9 d1 92 fa 2b 1a 1a a1 Aug 26 13:14:53.244460: | PSK auth 99 5c 7b be 14 88 50 45 e2 dd b9 bf 48 cc 6b 31 Aug 26 13:14:53.244462: | PSK auth 36 03 9c 29 68 4d 4f 57 6f 4d a9 5d 93 37 b9 c9 Aug 26 13:14:53.244464: | PSK auth 54 cf dc b6 eb 17 df b0 26 90 b4 91 19 7d e9 64 Aug 26 13:14:53.244467: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:14:53.244471: | creating state object #2 at 0x559645beafe8 Aug 26 13:14:53.244474: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:14:53.244478: | pstats #2 ikev2.child started Aug 26 13:14:53.244480: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:14:53.244485: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:53.244491: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.244496: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:14:53.244500: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:53.244503: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:14:53.244506: | TSi: parsing 1 traffic selectors Aug 26 13:14:53.244509: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.244511: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.244514: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.244518: | length: 16 (0x10) Aug 26 13:14:53.244521: | start port: 0 (0x0) Aug 26 13:14:53.244523: | end port: 65535 (0xffff) Aug 26 13:14:53.244526: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.244529: | TS low c0 00 01 00 Aug 26 13:14:53.244531: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.244534: | TS high c0 00 01 ff Aug 26 13:14:53.244536: | TSi: parsed 1 traffic selectors Aug 26 13:14:53.244538: | TSr: parsing 1 traffic selectors Aug 26 13:14:53.244541: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.244543: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.244546: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.244548: | length: 16 (0x10) Aug 26 13:14:53.244550: | start port: 0 (0x0) Aug 26 13:14:53.244553: | end port: 65535 (0xffff) Aug 26 13:14:53.244555: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.244557: | TS low c0 00 02 00 Aug 26 13:14:53.244560: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.244562: | TS high c0 00 02 ff Aug 26 13:14:53.244564: | TSr: parsed 1 traffic selectors Aug 26 13:14:53.244566: | looking for best SPD in current connection Aug 26 13:14:53.244570: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.244574: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.244578: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.244580: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.244582: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.244584: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.244586: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.244588: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.244591: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.244593: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.244595: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.244597: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.244598: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.244600: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.244602: | found better spd route for TSi[0],TSr[0] Aug 26 13:14:53.244603: | looking for better host pair Aug 26 13:14:53.244606: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.244609: | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found Aug 26 13:14:53.244611: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Aug 26 13:14:53.244613: | match_id a=@west Aug 26 13:14:53.244615: | b=@west Aug 26 13:14:53.244616: | results matched Aug 26 13:14:53.244619: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.244622: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.244625: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.244627: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.244629: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.244630: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.244632: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.244635: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.244638: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.244640: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.244641: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.244645: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.244646: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.244648: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.244650: | did not find a better connection using host pair Aug 26 13:14:53.244651: | printing contents struct traffic_selector Aug 26 13:14:53.244653: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:14:53.244654: | ipprotoid: 0 Aug 26 13:14:53.244656: | port range: 0-65535 Aug 26 13:14:53.244658: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:14:53.244660: | printing contents struct traffic_selector Aug 26 13:14:53.244661: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:14:53.244663: | ipprotoid: 0 Aug 26 13:14:53.244664: | port range: 0-65535 Aug 26 13:14:53.244666: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:14:53.244669: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:14:53.244674: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:53.244678: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.244680: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:53.244682: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.244685: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.244688: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.244690: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.244692: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.244697: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.244699: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:14:53.244701: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.244703: | local proposal 1 type PRF has 0 transforms Aug 26 13:14:53.244705: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.244707: | local proposal 1 type DH has 1 transforms Aug 26 13:14:53.244708: | local proposal 1 type ESN has 1 transforms Aug 26 13:14:53.244711: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.244714: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.244717: | local proposal 2 type PRF has 0 transforms Aug 26 13:14:53.244719: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.244721: | local proposal 2 type DH has 1 transforms Aug 26 13:14:53.244723: | local proposal 2 type ESN has 1 transforms Aug 26 13:14:53.244726: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.244729: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.244731: | local proposal 3 type PRF has 0 transforms Aug 26 13:14:53.244733: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.244736: | local proposal 3 type DH has 1 transforms Aug 26 13:14:53.244738: | local proposal 3 type ESN has 1 transforms Aug 26 13:14:53.244741: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.244744: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.244746: | local proposal 4 type PRF has 0 transforms Aug 26 13:14:53.244749: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.244751: | local proposal 4 type DH has 1 transforms Aug 26 13:14:53.244755: | local proposal 4 type ESN has 1 transforms Aug 26 13:14:53.244759: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.244762: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.244765: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.244767: | length: 32 (0x20) Aug 26 13:14:53.244770: | prop #: 1 (0x1) Aug 26 13:14:53.244773: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.244775: | spi size: 4 (0x4) Aug 26 13:14:53.244777: | # transforms: 2 (0x2) Aug 26 13:14:53.244781: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.244783: | remote SPI 96 91 b1 cd Aug 26 13:14:53.244787: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:14:53.244790: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244793: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244796: | length: 12 (0xc) Aug 26 13:14:53.244799: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.244801: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.244804: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.244807: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.244810: | length/value: 256 (0x100) Aug 26 13:14:53.244815: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.244818: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244821: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.244823: | length: 8 (0x8) Aug 26 13:14:53.244826: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.244828: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.244830: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:14:53.244832: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:14:53.244834: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:14:53.244836: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:14:53.244839: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:14:53.244841: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:14:53.244843: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.244845: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.244847: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.244848: | length: 32 (0x20) Aug 26 13:14:53.244850: | prop #: 2 (0x2) Aug 26 13:14:53.244852: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.244853: | spi size: 4 (0x4) Aug 26 13:14:53.244855: | # transforms: 2 (0x2) Aug 26 13:14:53.244857: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.244858: | remote SPI 96 91 b1 cd Aug 26 13:14:53.244860: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.244862: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244864: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244865: | length: 12 (0xc) Aug 26 13:14:53.244867: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.244869: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.244870: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.244872: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.244874: | length/value: 128 (0x80) Aug 26 13:14:53.244876: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244877: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.244879: | length: 8 (0x8) Aug 26 13:14:53.244880: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.244884: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.244887: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:14:53.244889: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:14:53.244891: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.244892: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.244894: | length: 48 (0x30) Aug 26 13:14:53.244895: | prop #: 3 (0x3) Aug 26 13:14:53.244897: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.244898: | spi size: 4 (0x4) Aug 26 13:14:53.244900: | # transforms: 4 (0x4) Aug 26 13:14:53.244902: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.244903: | remote SPI 96 91 b1 cd Aug 26 13:14:53.244905: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.244907: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244910: | length: 12 (0xc) Aug 26 13:14:53.244912: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.244913: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.244915: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.244917: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.244918: | length/value: 256 (0x100) Aug 26 13:14:53.244920: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244923: | length: 8 (0x8) Aug 26 13:14:53.244925: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.244927: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.244928: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244931: | length: 8 (0x8) Aug 26 13:14:53.244933: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.244935: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.244936: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244938: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.244940: | length: 8 (0x8) Aug 26 13:14:53.244941: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.244943: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.244945: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:14:53.244947: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:14:53.244949: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.244950: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.244952: | length: 48 (0x30) Aug 26 13:14:53.244954: | prop #: 4 (0x4) Aug 26 13:14:53.244955: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.244957: | spi size: 4 (0x4) Aug 26 13:14:53.244958: | # transforms: 4 (0x4) Aug 26 13:14:53.244960: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.244962: | remote SPI 96 91 b1 cd Aug 26 13:14:53.244963: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.244965: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244967: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244968: | length: 12 (0xc) Aug 26 13:14:53.244970: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.244972: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.244974: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.244976: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.244979: | length/value: 128 (0x80) Aug 26 13:14:53.244982: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.244988: | length: 8 (0x8) Aug 26 13:14:53.244991: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.244994: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.244997: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.244999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.245002: | length: 8 (0x8) Aug 26 13:14:53.245004: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.245007: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.245009: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.245011: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.245012: | length: 8 (0x8) Aug 26 13:14:53.245014: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.245015: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.245018: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:14:53.245020: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:14:53.245023: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=9691b1cd;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:14:53.245027: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=9691b1cd;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:14:53.245028: | converting proposal to internal trans attrs Aug 26 13:14:53.245044: | netlink_get_spi: allocated 0x9efd5e08 for esp.0@192.1.2.23 Aug 26 13:14:53.245046: | Emitting ikev2_proposal ... Aug 26 13:14:53.245048: | ****emit IKEv2 Security Association Payload: Aug 26 13:14:53.245049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.245051: | flags: none (0x0) Aug 26 13:14:53.245053: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.245055: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.245057: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.245059: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.245061: | prop #: 1 (0x1) Aug 26 13:14:53.245062: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.245064: | spi size: 4 (0x4) Aug 26 13:14:53.245066: | # transforms: 2 (0x2) Aug 26 13:14:53.245067: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.245070: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.245071: | our spi 9e fd 5e 08 Aug 26 13:14:53.245073: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.245075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.245076: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.245078: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.245080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.245082: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.245084: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.245085: | length/value: 256 (0x100) Aug 26 13:14:53.245087: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.245089: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.245090: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.245092: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.245094: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.245096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.245099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.245101: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.245103: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.245105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.245106: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:14:53.245108: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.245110: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.245112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.245114: | flags: none (0x0) Aug 26 13:14:53.245115: | number of TS: 1 (0x1) Aug 26 13:14:53.245117: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.245119: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.245121: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.245123: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.245125: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.245126: | start port: 0 (0x0) Aug 26 13:14:53.245128: | end port: 65535 (0xffff) Aug 26 13:14:53.245130: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.245131: | ipv4 start c0 00 01 00 Aug 26 13:14:53.245133: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.245135: | ipv4 end c0 00 01 ff Aug 26 13:14:53.245136: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.245138: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:14:53.245140: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.245141: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.245143: | flags: none (0x0) Aug 26 13:14:53.245145: | number of TS: 1 (0x1) Aug 26 13:14:53.245147: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.245149: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.245152: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.245154: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.245156: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.245159: | start port: 0 (0x0) Aug 26 13:14:53.245161: | end port: 65535 (0xffff) Aug 26 13:14:53.245164: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.245166: | ipv4 start c0 00 02 00 Aug 26 13:14:53.245169: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.245171: | ipv4 end c0 00 02 ff Aug 26 13:14:53.245174: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.245176: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:14:53.245179: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.245182: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:14:53.245312: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:14:53.245321: | #1 spent 1.32 milliseconds Aug 26 13:14:53.245323: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:14:53.245325: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:14:53.245327: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.245329: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.245334: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.245337: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.245339: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.245342: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.245343: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.245345: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.245348: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.245350: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.245353: | netlink: enabling tunnel mode Aug 26 13:14:53.245355: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.245357: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.245422: | netlink response for Add SA esp.9691b1cd@192.1.2.45 included non-error error Aug 26 13:14:53.245428: | set up outgoing SA, ref=0/0 Aug 26 13:14:53.245431: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.245435: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.245438: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.245440: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.245445: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.245448: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.245450: | netlink: enabling tunnel mode Aug 26 13:14:53.245453: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.245456: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.245488: | netlink response for Add SA esp.9efd5e08@192.1.2.23 included non-error error Aug 26 13:14:53.245494: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.245501: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:14:53.245505: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.245528: | raw_eroute result=success Aug 26 13:14:53.245532: | set up incoming SA, ref=0/0 Aug 26 13:14:53.245535: | sr for #2: unrouted Aug 26 13:14:53.245539: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:14:53.245541: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.245545: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.245548: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.245552: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.245556: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:14:53.245559: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.245567: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Aug 26 13:14:53.245570: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.245583: | raw_eroute result=success Aug 26 13:14:53.245587: | running updown command "ipsec _updown" for verb up Aug 26 13:14:53.245591: | command executing up-client Aug 26 13:14:53.245615: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Aug 26 13:14:53.245621: | popen cmd is 1046 chars long Aug 26 13:14:53.245624: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:14:53.245627: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Aug 26 13:14:53.245629: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 13:14:53.245631: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 13:14:53.245634: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Aug 26 13:14:53.245637: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Aug 26 13:14:53.245639: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:14:53.245641: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 13:14:53.245644: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 13:14:53.245646: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 13:14:53.245649: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 13:14:53.245651: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 13:14:53.245654: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9691b1cd SPI_OUT=0x9efd5e08 ipsec _updow: Aug 26 13:14:53.245657: | cmd(1040):n 2>&1: Aug 26 13:14:53.252691: | route_and_eroute: firewall_notified: true Aug 26 13:14:53.252703: | running updown command "ipsec _updown" for verb prepare Aug 26 13:14:53.252705: | command executing prepare-client Aug 26 13:14:53.252725: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 13:14:53.252727: | popen cmd is 1051 chars long Aug 26 13:14:53.252729: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:53.252731: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 13:14:53.252733: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:53.252735: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:53.252736: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Aug 26 13:14:53.252738: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:14:53.252742: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:14:53.252744: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:14:53.252746: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:14:53.252747: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:14:53.252749: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:14:53.252751: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:14:53.252752: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9691b1cd SPI_OUT=0x9efd5e08 ipsec _: Aug 26 13:14:53.252754: | cmd(1040):updown 2>&1: Aug 26 13:14:53.259497: | running updown command "ipsec _updown" for verb route Aug 26 13:14:53.259510: | command executing route-client Aug 26 13:14:53.259531: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 13:14:53.259533: | popen cmd is 1049 chars long Aug 26 13:14:53.259536: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:14:53.259537: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Aug 26 13:14:53.259539: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 13:14:53.259541: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 13:14:53.259543: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Aug 26 13:14:53.259544: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:14:53.259546: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:14:53.259548: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:14:53.259549: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:14:53.259551: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:14:53.259553: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:14:53.259554: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:14:53.259556: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9691b1cd SPI_OUT=0x9efd5e08 ipsec _up: Aug 26 13:14:53.259558: | cmd(1040):down 2>&1: Aug 26 13:14:53.269564: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x559645be3888,sr=0x559645be3888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:14:53.269646: | #1 spent 1.47 milliseconds in install_ipsec_sa() Aug 26 13:14:53.269654: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:14:53.269659: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:53.269662: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:53.269665: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:53.269667: | emitting length of IKEv2 Encryption Payload: 197 Aug 26 13:14:53.269669: | emitting length of ISAKMP Message: 225 Aug 26 13:14:53.269698: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:14:53.269702: | #1 spent 2.85 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:14:53.269708: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.269712: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.269715: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:14:53.269717: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:14:53.269720: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:14:53.269723: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:14:53.269727: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:14:53.269730: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.269732: | pstats #2 ikev2.child established Aug 26 13:14:53.269738: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 13:14:53.269741: | NAT-T: encaps is 'auto' Aug 26 13:14:53.269744: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x9691b1cd <0x9efd5e08 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:14:53.269747: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:14:53.269752: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:53.269755: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.269756: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:14:53.269758: | c4 f2 02 66 86 68 3b b2 49 ee 94 1d 57 93 b8 fa Aug 26 13:14:53.269759: | 48 66 cd 72 18 50 b4 77 52 f4 bb 86 19 a8 c5 36 Aug 26 13:14:53.269761: | dc 29 5d c1 e8 c1 19 51 04 53 e8 f0 62 e0 73 97 Aug 26 13:14:53.269762: | d4 22 cb 65 48 a9 f0 be 77 b3 d2 81 be f4 f5 8a Aug 26 13:14:53.269764: | dd cf df 60 29 60 1d 1b 76 75 98 5b db 8f e1 f2 Aug 26 13:14:53.269765: | 25 2f 1c 10 01 f2 a0 af 46 bd 9b 83 6d a4 81 06 Aug 26 13:14:53.269767: | 30 05 40 69 60 12 11 3c 56 d8 7b 99 34 ed d8 30 Aug 26 13:14:53.269768: | c6 c0 c5 d6 d3 a5 36 d0 25 b6 20 9d 49 10 eb a1 Aug 26 13:14:53.269770: | df ff 3c 29 0a 66 53 d7 e0 b5 06 01 34 05 c0 f2 Aug 26 13:14:53.269771: | 5d 7f 81 ba 65 4b 0e d9 99 9c d2 84 bb 7b 51 26 Aug 26 13:14:53.269773: | 5a 96 79 fc b6 4a 54 62 31 8a 05 32 28 76 7b 3f Aug 26 13:14:53.269774: | d2 a1 7f 8a 38 37 9a c8 6d 45 2c 78 1e 41 6b 99 Aug 26 13:14:53.269775: | 33 Aug 26 13:14:53.269809: | releasing whack for #2 (sock=fd@-1) Aug 26 13:14:53.269813: | releasing whack and unpending for parent #1 Aug 26 13:14:53.269816: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.269820: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:14:53.269824: | event_schedule: new EVENT_SA_REKEY-pe@0x7f8f80002b78 Aug 26 13:14:53.269829: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:14:53.269833: | libevent_malloc: new ptr-libevent@0x559645beaf38 size 128 Aug 26 13:14:53.269846: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.269853: | #1 spent 3.14 milliseconds in resume sending helper answer Aug 26 13:14:53.269858: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:14:53.269863: | libevent_free: release ptr-libevent@0x7f8f78000f48 Aug 26 13:14:53.269878: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.269884: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.269888: | spent 0.00566 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.269891: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.269895: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.269898: | spent 0.00364 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.269901: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.269905: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.269908: | spent 0.0037 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:56.895543: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:56.895803: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:56.895809: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:56.895881: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:14:56.895900: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:56.895913: | get_sa_info esp.9efd5e08@192.1.2.23 Aug 26 13:14:56.895932: | get_sa_info esp.9691b1cd@192.1.2.45 Aug 26 13:14:56.895954: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:56.895960: | spent 0.425 milliseconds in whack Aug 26 13:14:57.696236: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:57.696257: shutting down Aug 26 13:14:57.696264: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:14:57.696270: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:57.696271: forgetting secrets Aug 26 13:14:57.696276: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:57.696279: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:14:57.696282: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:14:57.696283: | pass 0 Aug 26 13:14:57.696285: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:57.696287: | state #2 Aug 26 13:14:57.696318: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.696322: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.696324: | pstats #2 ikev2.child deleted completed Aug 26 13:14:57.696328: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:14:57.696331: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_R) aged 4.451s and sending notification Aug 26 13:14:57.696333: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:14:57.696337: | get_sa_info esp.9691b1cd@192.1.2.45 Aug 26 13:14:57.696363: | get_sa_info esp.9efd5e08@192.1.2.23 Aug 26 13:14:57.696369: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 13:14:57.696371: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:14:57.696374: | Opening output PBS informational exchange delete request Aug 26 13:14:57.696376: | **emit ISAKMP Message: Aug 26 13:14:57.696378: | initiator cookie: Aug 26 13:14:57.696382: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.696383: | responder cookie: Aug 26 13:14:57.696385: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696387: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.696389: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.696391: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.696392: | flags: none (0x0) Aug 26 13:14:57.696394: | Message ID: 0 (0x0) Aug 26 13:14:57.696396: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.696398: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.696400: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.696402: | flags: none (0x0) Aug 26 13:14:57.696404: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.696406: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.696408: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.696421: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.696423: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.696424: | flags: none (0x0) Aug 26 13:14:57.696426: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.696428: | SPI size: 4 (0x4) Aug 26 13:14:57.696429: | number of SPIs: 1 (0x1) Aug 26 13:14:57.696431: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.696433: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.696435: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:14:57.696437: | local spis 9e fd 5e 08 Aug 26 13:14:57.696439: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:14:57.696440: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.696442: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.696444: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.696446: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:14:57.696448: | emitting length of ISAKMP Message: 69 Aug 26 13:14:57.696468: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Aug 26 13:14:57.696470: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696472: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.696473: | e6 2d 80 49 60 3b 66 cf 7c f1 c6 19 c7 a0 77 59 Aug 26 13:14:57.696475: | fe 9c 36 66 4f d5 79 14 4c ad dc 14 29 cb 41 da Aug 26 13:14:57.696476: | 08 08 52 8e b7 Aug 26 13:14:57.696502: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:14:57.696505: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:14:57.696508: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:57.696511: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.696513: | libevent_free: release ptr-libevent@0x559645beaf38 Aug 26 13:14:57.696515: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f8f80002b78 Aug 26 13:14:57.696569: | running updown command "ipsec _updown" for verb down Aug 26 13:14:57.696573: | command executing down-client Aug 26 13:14:57.696591: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 13:14:57.696595: | popen cmd is 1057 chars long Aug 26 13:14:57.696597: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:14:57.696599: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.: Aug 26 13:14:57.696601: | cmd( 160):1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 13:14:57.696603: | cmd( 240):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 13:14:57.696604: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO: Aug 26 13:14:57.696606: | cmd( 400):_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1: Aug 26 13:14:57.696608: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:14:57.696609: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CO: Aug 26 13:14:57.696611: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Aug 26 13:14:57.696613: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 13:14:57.696614: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 13:14:57.696616: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 13:14:57.696618: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9691b1cd SPI_OUT=0x9efd5e08 i: Aug 26 13:14:57.696619: | cmd(1040):psec _updown 2>&1: Aug 26 13:14:57.703857: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:14:57.703872: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.703875: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.703879: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:57.703925: | delete esp.9691b1cd@192.1.2.45 Aug 26 13:14:57.703946: | netlink response for Del SA esp.9691b1cd@192.1.2.45 included non-error error Aug 26 13:14:57.703953: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.703961: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:14:57.703985: | raw_eroute result=success Aug 26 13:14:57.703990: | delete esp.9efd5e08@192.1.2.23 Aug 26 13:14:57.704007: | netlink response for Del SA esp.9efd5e08@192.1.2.23 included non-error error Aug 26 13:14:57.704022: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:14:57.704028: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:14:57.704032: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.704036: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:14:57.704044: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:14:57.704055: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:14:57.704069: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:57.704074: | state #1 Aug 26 13:14:57.704076: | pass 1 Aug 26 13:14:57.704078: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:57.704079: | state #1 Aug 26 13:14:57.704083: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.704085: | pstats #1 ikev2.ike deleted completed Aug 26 13:14:57.704090: | #1 spent 6.65 milliseconds in total Aug 26 13:14:57.704092: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:14:57.704095: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_PARENT_R2) aged 4.466s and sending notification Aug 26 13:14:57.704097: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:14:57.704134: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:14:57.704140: | Opening output PBS informational exchange delete request Aug 26 13:14:57.704144: | **emit ISAKMP Message: Aug 26 13:14:57.704147: | initiator cookie: Aug 26 13:14:57.704150: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.704153: | responder cookie: Aug 26 13:14:57.704156: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.704159: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.704163: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.704167: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.704171: | flags: none (0x0) Aug 26 13:14:57.704174: | Message ID: 1 (0x1) Aug 26 13:14:57.704176: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.704179: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.704181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.704182: | flags: none (0x0) Aug 26 13:14:57.704184: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.704186: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.704189: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.704201: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.704203: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.704205: | flags: none (0x0) Aug 26 13:14:57.704207: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:14:57.704208: | SPI size: 0 (0x0) Aug 26 13:14:57.704210: | number of SPIs: 0 (0x0) Aug 26 13:14:57.704212: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.704214: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.704216: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:14:57.704218: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.704220: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.704222: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.704224: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:14:57.704226: | emitting length of ISAKMP Message: 65 Aug 26 13:14:57.704247: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:57.704250: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.704251: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:14:57.704253: | c4 2e ae b5 43 ae 07 cc 75 89 b5 f2 e3 f1 86 06 Aug 26 13:14:57.704254: | 1b 18 10 d9 65 ec 9e 31 b9 37 5f 51 3e 9b 79 fc Aug 26 13:14:57.704256: | 08 Aug 26 13:14:57.704287: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:14:57.704309: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:14:57.704313: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Aug 26 13:14:57.704316: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Aug 26 13:14:57.704318: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.704339: | libevent_free: release ptr-libevent@0x559645bea488 Aug 26 13:14:57.704341: | free_event_entry: release EVENT_SA_REKEY-pe@0x559645be6bb8 Aug 26 13:14:57.704345: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:57.704347: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.704349: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:14:57.704351: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:14:57.704379: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:14:57.704401: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:57.704404: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:14:57.704406: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.704408: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.704435: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.704443: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:57.704445: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:57.704448: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:57.704452: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:14:57.704455: | running updown command "ipsec _updown" for verb unroute Aug 26 13:14:57.704459: | command executing unroute-client Aug 26 13:14:57.704498: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Aug 26 13:14:57.704501: | popen cmd is 1038 chars long Aug 26 13:14:57.704503: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:57.704504: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 13:14:57.704506: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:57.704508: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:57.704509: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' P: Aug 26 13:14:57.704511: | cmd( 400):LUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:14:57.704514: | cmd( 480):.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:14:57.704516: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 13:14:57.704517: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 13:14:57.704519: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:14:57.704521: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:14:57.704522: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:14:57.704524: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:14:57.712651: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712666: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712668: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712896: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712902: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712904: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.712905: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.717274: | free hp@0x559645be5308 Aug 26 13:14:57.717291: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list Aug 26 13:14:57.717312: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:14:57.717340: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:14:57.717342: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:14:57.717352: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:14:57.717355: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:14:57.717357: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:14:57.717358: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:14:57.717360: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:14:57.717362: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:14:57.717365: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:14:57.717374: | libevent_free: release ptr-libevent@0x559645bd6f98 Aug 26 13:14:57.717377: | free_event_entry: release EVENT_NULL-pe@0x559645be2a98 Aug 26 13:14:57.717385: | libevent_free: release ptr-libevent@0x559645b6b098 Aug 26 13:14:57.717387: | free_event_entry: release EVENT_NULL-pe@0x559645be2b48 Aug 26 13:14:57.717392: | libevent_free: release ptr-libevent@0x559645b6c838 Aug 26 13:14:57.717394: | free_event_entry: release EVENT_NULL-pe@0x559645be2bf8 Aug 26 13:14:57.717399: | libevent_free: release ptr-libevent@0x559645b6c788 Aug 26 13:14:57.717401: | free_event_entry: release EVENT_NULL-pe@0x559645be2ca8 Aug 26 13:14:57.717405: | libevent_free: release ptr-libevent@0x559645b414e8 Aug 26 13:14:57.717407: | free_event_entry: release EVENT_NULL-pe@0x559645be2d58 Aug 26 13:14:57.717411: | libevent_free: release ptr-libevent@0x559645b411d8 Aug 26 13:14:57.717412: | free_event_entry: release EVENT_NULL-pe@0x559645be2e08 Aug 26 13:14:57.717416: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:57.717752: | libevent_free: release ptr-libevent@0x559645bd7048 Aug 26 13:14:57.717757: | free_event_entry: release EVENT_NULL-pe@0x559645bcae38 Aug 26 13:14:57.717761: | libevent_free: release ptr-libevent@0x559645b6b198 Aug 26 13:14:57.717763: | free_event_entry: release EVENT_NULL-pe@0x559645bcadc8 Aug 26 13:14:57.717766: | libevent_free: release ptr-libevent@0x559645bae568 Aug 26 13:14:57.717767: | free_event_entry: release EVENT_NULL-pe@0x559645bca2a8 Aug 26 13:14:57.717770: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:14:57.717771: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:14:57.717773: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:14:57.717774: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:14:57.717779: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:14:57.717780: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:14:57.717782: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:14:57.717783: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:14:57.717785: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:14:57.717789: | libevent_free: release ptr-libevent@0x559645b75388 Aug 26 13:14:57.717790: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:14:57.717793: | libevent_free: release ptr-libevent@0x559645b6d238 Aug 26 13:14:57.717794: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:14:57.717797: | libevent_free: release ptr-libevent@0x559645be2458 Aug 26 13:14:57.717798: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:14:57.717800: | libevent_free: release ptr-libevent@0x559645be2698 Aug 26 13:14:57.717802: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:14:57.717803: | releasing event base Aug 26 13:14:57.717813: | libevent_free: release ptr-libevent@0x559645be2568 Aug 26 13:14:57.717814: | libevent_free: release ptr-libevent@0x559645bc5578 Aug 26 13:14:57.717817: | libevent_free: release ptr-libevent@0x559645bc5528 Aug 26 13:14:57.717819: | libevent_free: release ptr-libevent@0x559645bc54b8 Aug 26 13:14:57.717820: | libevent_free: release ptr-libevent@0x559645bc5478 Aug 26 13:14:57.717822: | libevent_free: release ptr-libevent@0x559645be2318 Aug 26 13:14:57.717824: | libevent_free: release ptr-libevent@0x559645be2398 Aug 26 13:14:57.717826: | libevent_free: release ptr-libevent@0x559645bc5728 Aug 26 13:14:57.717827: | libevent_free: release ptr-libevent@0x559645bca3b8 Aug 26 13:14:57.717829: | libevent_free: release ptr-libevent@0x559645bcad88 Aug 26 13:14:57.717830: | libevent_free: release ptr-libevent@0x559645be2e78 Aug 26 13:14:57.717832: | libevent_free: release ptr-libevent@0x559645be2dc8 Aug 26 13:14:57.717833: | libevent_free: release ptr-libevent@0x559645be2d18 Aug 26 13:14:57.717835: | libevent_free: release ptr-libevent@0x559645be2c68 Aug 26 13:14:57.717837: | libevent_free: release ptr-libevent@0x559645be2bb8 Aug 26 13:14:57.717838: | libevent_free: release ptr-libevent@0x559645be2b08 Aug 26 13:14:57.717840: | libevent_free: release ptr-libevent@0x559645b6a698 Aug 26 13:14:57.717841: | libevent_free: release ptr-libevent@0x559645be2418 Aug 26 13:14:57.717843: | libevent_free: release ptr-libevent@0x559645be23d8 Aug 26 13:14:57.717844: | libevent_free: release ptr-libevent@0x559645be2358 Aug 26 13:14:57.717846: | libevent_free: release ptr-libevent@0x559645be2528 Aug 26 13:14:57.717848: | libevent_free: release ptr-libevent@0x559645b69828 Aug 26 13:14:57.717849: | libevent_free: release ptr-libevent@0x559645b40908 Aug 26 13:14:57.717851: | libevent_free: release ptr-libevent@0x559645b40d38 Aug 26 13:14:57.717853: | libevent_free: release ptr-libevent@0x559645b69b98 Aug 26 13:14:57.717854: | releasing global libevent data Aug 26 13:14:57.717856: | libevent_free: release ptr-libevent@0x559645b407f8 Aug 26 13:14:57.717858: | libevent_free: release ptr-libevent@0x559645b40cd8 Aug 26 13:14:57.717860: | libevent_free: release ptr-libevent@0x559645b40dd8 Aug 26 13:14:57.717886: leak detective found no leaks