Aug 26 13:14:52.919031: FIPS Product: YES Aug 26 13:14:52.919067: FIPS Kernel: NO Aug 26 13:14:52.919070: FIPS Mode: NO Aug 26 13:14:52.919071: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:14:52.919202: Initializing NSS Aug 26 13:14:52.919210: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:14:52.944824: NSS initialized Aug 26 13:14:52.944841: NSS crypto library initialized Aug 26 13:14:52.944844: FIPS HMAC integrity support [enabled] Aug 26 13:14:52.944847: FIPS mode disabled for pluto daemon Aug 26 13:14:52.980610: FIPS HMAC integrity verification self-test FAILED Aug 26 13:14:52.980725: libcap-ng support [enabled] Aug 26 13:14:52.980736: Linux audit support [enabled] Aug 26 13:14:52.980769: Linux audit activated Aug 26 13:14:52.980774: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18872 Aug 26 13:14:52.980777: core dump dir: /tmp Aug 26 13:14:52.980780: secrets file: /etc/ipsec.secrets Aug 26 13:14:52.980782: leak-detective enabled Aug 26 13:14:52.980784: NSS crypto [enabled] Aug 26 13:14:52.980786: XAUTH PAM support [enabled] Aug 26 13:14:52.980872: | libevent is using pluto's memory allocator Aug 26 13:14:52.980885: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:14:52.980913: | libevent_malloc: new ptr-libevent@0x55c1fdf63188 size 40 Aug 26 13:14:52.980919: | libevent_malloc: new ptr-libevent@0x55c1fdf38cd8 size 40 Aug 26 13:14:52.980922: | libevent_malloc: new ptr-libevent@0x55c1fdf38dd8 size 40 Aug 26 13:14:52.980925: | creating event base Aug 26 13:14:52.980928: | libevent_malloc: new ptr-libevent@0x55c1fdfbd4f8 size 56 Aug 26 13:14:52.980933: | libevent_malloc: new ptr-libevent@0x55c1fdf61ce8 size 664 Aug 26 13:14:52.980946: | libevent_malloc: new ptr-libevent@0x55c1fdfbd568 size 24 Aug 26 13:14:52.980949: | libevent_malloc: new ptr-libevent@0x55c1fdfbd5b8 size 384 Aug 26 13:14:52.980960: | libevent_malloc: new ptr-libevent@0x55c1fdfbd4b8 size 16 Aug 26 13:14:52.980963: | libevent_malloc: new ptr-libevent@0x55c1fdf38908 size 40 Aug 26 13:14:52.980966: | libevent_malloc: new ptr-libevent@0x55c1fdf38d38 size 48 Aug 26 13:14:52.980973: | libevent_realloc: new ptr-libevent@0x55c1fdf627e8 size 256 Aug 26 13:14:52.980976: | libevent_malloc: new ptr-libevent@0x55c1fdfbd768 size 16 Aug 26 13:14:52.980983: | libevent_free: release ptr-libevent@0x55c1fdfbd4f8 Aug 26 13:14:52.980987: | libevent initialized Aug 26 13:14:52.980991: | libevent_realloc: new ptr-libevent@0x55c1fdfbd4f8 size 64 Aug 26 13:14:52.980995: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:14:52.981010: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:14:52.981026: NAT-Traversal support [enabled] Aug 26 13:14:52.981029: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:14:52.981041: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:14:52.981049: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:14:52.981087: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:14:52.981091: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:14:52.981095: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:14:52.981147: Encryption algorithms: Aug 26 13:14:52.981156: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:14:52.981161: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:14:52.981165: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:14:52.981169: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:14:52.981173: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:14:52.981183: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:14:52.981187: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:14:52.981191: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:14:52.981195: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:14:52.981199: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:14:52.981202: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:14:52.981206: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:14:52.981210: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:14:52.981214: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:14:52.981218: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:14:52.981221: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:14:52.981225: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:14:52.981232: Hash algorithms: Aug 26 13:14:52.981236: MD5 IKEv1: IKE IKEv2: Aug 26 13:14:52.981239: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:14:52.981242: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:14:52.981246: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:14:52.981249: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:14:52.981263: PRF algorithms: Aug 26 13:14:52.981266: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:14:52.981270: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:14:52.981273: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:14:52.981277: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:14:52.981280: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:14:52.981284: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:14:52.981322: Integrity algorithms: Aug 26 13:14:52.981329: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:14:52.981334: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:14:52.981338: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:14:52.981342: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:14:52.981347: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:14:52.981350: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:14:52.981354: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:14:52.981358: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:14:52.981361: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:14:52.981375: DH algorithms: Aug 26 13:14:52.981379: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:14:52.981383: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:14:52.981386: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:14:52.981393: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:14:52.981397: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:14:52.981400: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:14:52.981403: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:14:52.981407: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:14:52.981411: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:14:52.981415: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:14:52.981418: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:14:52.981433: testing CAMELLIA_CBC: Aug 26 13:14:52.981437: Camellia: 16 bytes with 128-bit key Aug 26 13:14:52.981563: Camellia: 16 bytes with 128-bit key Aug 26 13:14:52.981596: Camellia: 16 bytes with 256-bit key Aug 26 13:14:52.981628: Camellia: 16 bytes with 256-bit key Aug 26 13:14:52.981657: testing AES_GCM_16: Aug 26 13:14:52.981661: empty string Aug 26 13:14:52.981693: one block Aug 26 13:14:52.981719: two blocks Aug 26 13:14:52.981761: two blocks with associated data Aug 26 13:14:52.981803: testing AES_CTR: Aug 26 13:14:52.981808: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:14:52.981834: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:14:52.981864: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:14:52.981892: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:14:52.981919: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:14:52.981948: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:14:52.981979: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:14:52.982021: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:14:52.982055: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:14:52.982087: testing AES_CBC: Aug 26 13:14:52.982091: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:14:52.982122: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:14:52.982155: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:14:52.982187: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:14:52.982225: testing AES_XCBC: Aug 26 13:14:52.982230: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:14:52.982398: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:14:52.982545: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:14:52.982675: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:14:52.982806: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:14:52.982937: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:14:52.983096: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:14:52.983420: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:14:52.983547: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:14:52.983674: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:14:52.983933: testing HMAC_MD5: Aug 26 13:14:52.983937: RFC 2104: MD5_HMAC test 1 Aug 26 13:14:52.984123: RFC 2104: MD5_HMAC test 2 Aug 26 13:14:52.984267: RFC 2104: MD5_HMAC test 3 Aug 26 13:14:52.984466: 8 CPU cores online Aug 26 13:14:52.984473: starting up 7 crypto helpers Aug 26 13:14:52.984532: started thread for crypto helper 0 Aug 26 13:14:52.984558: | starting up helper thread 0 Aug 26 13:14:52.984567: started thread for crypto helper 1 Aug 26 13:14:52.984573: | starting up helper thread 1 Aug 26 13:14:52.984575: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:14:52.984589: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:14:52.984591: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:52.984595: started thread for crypto helper 2 Aug 26 13:14:52.984610: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:52.984598: | starting up helper thread 2 Aug 26 13:14:52.984623: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:14:52.984626: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:52.984630: started thread for crypto helper 3 Aug 26 13:14:52.984632: | starting up helper thread 3 Aug 26 13:14:52.984637: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:14:52.984639: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:52.984648: started thread for crypto helper 4 Aug 26 13:14:52.984652: | starting up helper thread 4 Aug 26 13:14:52.984668: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:14:52.984671: | starting up helper thread 5 Aug 26 13:14:52.984674: | crypto helper 4 waiting (nothing to do) Aug 26 13:14:52.984669: started thread for crypto helper 5 Aug 26 13:14:52.984680: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:14:52.984694: | crypto helper 5 waiting (nothing to do) Aug 26 13:14:52.984707: started thread for crypto helper 6 Aug 26 13:14:52.984711: | checking IKEv1 state table Aug 26 13:14:52.984719: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984722: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:14:52.984725: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984727: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:14:52.984730: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:14:52.984733: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:14:52.984735: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:52.984738: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:52.984741: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:14:52.984743: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:14:52.984746: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:52.984748: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:52.984751: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:14:52.984753: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:52.984756: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:52.984758: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:52.984761: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:14:52.984763: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:52.984766: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:52.984768: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:52.984771: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:14:52.984773: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984776: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:14:52.984779: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984782: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984784: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:14:52.984787: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984789: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:52.984792: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:52.984795: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:14:52.984797: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:52.984800: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:52.984802: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:14:52.984805: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984808: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:14:52.984810: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984813: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:14:52.984816: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:14:52.984818: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:14:52.984821: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:14:52.984824: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:14:52.984829: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:14:52.984832: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:14:52.984835: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984838: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:14:52.984840: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984843: | INFO: category: informational flags: 0: Aug 26 13:14:52.984846: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984848: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:14:52.984851: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984854: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:14:52.984856: | -> XAUTH_R1 EVENT_NULL Aug 26 13:14:52.984859: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:14:52.984862: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:52.984864: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:14:52.984867: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:14:52.984870: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:14:52.984873: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:14:52.984875: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:14:52.984878: | -> UNDEFINED EVENT_NULL Aug 26 13:14:52.984881: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:14:52.984883: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:52.984886: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:14:52.984888: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:14:52.984891: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:14:52.984894: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:14:52.984900: | checking IKEv2 state table Aug 26 13:14:52.984905: | PARENT_I0: category: ignore flags: 0: Aug 26 13:14:52.984909: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:14:52.984912: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984915: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:14:52.984918: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:14:52.984921: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:14:52.984925: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:14:52.984927: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:14:52.984930: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:14:52.984933: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:14:52.984936: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:14:52.984939: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:14:52.984942: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:14:52.984944: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:14:52.984947: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:14:52.984950: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:14:52.984952: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984955: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:14:52.984958: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:14:52.984961: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:14:52.984963: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:14:52.984966: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:14:52.984969: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:14:52.984972: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:14:52.984974: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:14:52.984979: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:14:52.984982: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:14:52.984985: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:14:52.984988: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:14:52.984991: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:14:52.984994: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:14:52.984996: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:52.985000: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:14:52.985002: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:14:52.985005: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:14:52.985008: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:14:52.985011: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:14:52.985014: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:14:52.985017: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:14:52.985020: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:14:52.985023: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:52.985026: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:14:52.985029: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:14:52.985032: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:14:52.985034: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:14:52.985037: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:14:52.985040: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:14:52.985055: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:14:52.985098: | Hard-wiring algorithms Aug 26 13:14:52.985101: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:14:52.985106: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:14:52.985108: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:14:52.985111: | adding 3DES_CBC to kernel algorithm db Aug 26 13:14:52.985114: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:14:52.985116: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:14:52.985119: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:14:52.985121: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:14:52.985124: | adding AES_CTR to kernel algorithm db Aug 26 13:14:52.985126: | adding AES_CBC to kernel algorithm db Aug 26 13:14:52.985129: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:14:52.985132: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:14:52.985134: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:14:52.985137: | adding NULL to kernel algorithm db Aug 26 13:14:52.985140: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:14:52.985143: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:14:52.985145: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:14:52.985148: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:14:52.985150: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:14:52.985153: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:14:52.985156: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:14:52.985158: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:14:52.985161: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:14:52.985163: | adding NONE to kernel algorithm db Aug 26 13:14:52.985184: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:14:52.985190: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:14:52.985193: | setup kernel fd callback Aug 26 13:14:52.985199: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55c1fdfc2378 Aug 26 13:14:52.985204: | libevent_malloc: new ptr-libevent@0x55c1fdfa65e8 size 128 Aug 26 13:14:52.985208: | libevent_malloc: new ptr-libevent@0x55c1fdfc2488 size 16 Aug 26 13:14:52.985214: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55c1fdfc2e98 Aug 26 13:14:52.985217: | libevent_malloc: new ptr-libevent@0x55c1fdf631e8 size 128 Aug 26 13:14:52.985220: | libevent_malloc: new ptr-libevent@0x55c1fdfc2e58 size 16 Aug 26 13:14:52.985315: | starting up helper thread 6 Aug 26 13:14:52.985331: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:14:52.985335: | crypto helper 6 waiting (nothing to do) Aug 26 13:14:52.985457: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:14:52.985464: selinux support is enabled. Aug 26 13:14:52.985701: | unbound context created - setting debug level to 5 Aug 26 13:14:52.985725: | /etc/hosts lookups activated Aug 26 13:14:52.985736: | /etc/resolv.conf usage activated Aug 26 13:14:52.985811: | outgoing-port-avoid set 0-65535 Aug 26 13:14:52.985853: | outgoing-port-permit set 32768-60999 Aug 26 13:14:52.985856: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:14:52.985859: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:14:52.985862: | Setting up events, loop start Aug 26 13:14:52.985865: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55c1fdfc2f08 Aug 26 13:14:52.985868: | libevent_malloc: new ptr-libevent@0x55c1fdfcf098 size 128 Aug 26 13:14:52.985884: | libevent_malloc: new ptr-libevent@0x55c1fdfda2e8 size 16 Aug 26 13:14:52.985891: | libevent_realloc: new ptr-libevent@0x55c1fdf61978 size 256 Aug 26 13:14:52.985894: | libevent_malloc: new ptr-libevent@0x55c1fdfda328 size 8 Aug 26 13:14:52.985897: | libevent_realloc: new ptr-libevent@0x55c1fdf64e38 size 144 Aug 26 13:14:52.985899: | libevent_malloc: new ptr-libevent@0x55c1fdf65af8 size 152 Aug 26 13:14:52.985903: | libevent_malloc: new ptr-libevent@0x55c1fdfda368 size 16 Aug 26 13:14:52.985907: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:14:52.985910: | libevent_malloc: new ptr-libevent@0x55c1fdfda3a8 size 8 Aug 26 13:14:52.985913: | libevent_malloc: new ptr-libevent@0x55c1fdfda3e8 size 152 Aug 26 13:14:52.985916: | signal event handler PLUTO_SIGTERM installed Aug 26 13:14:52.985918: | libevent_malloc: new ptr-libevent@0x55c1fdfda4b8 size 8 Aug 26 13:14:52.985921: | libevent_malloc: new ptr-libevent@0x55c1fdfda4f8 size 152 Aug 26 13:14:52.985924: | signal event handler PLUTO_SIGHUP installed Aug 26 13:14:52.985927: | libevent_malloc: new ptr-libevent@0x55c1fdfda5c8 size 8 Aug 26 13:14:52.985930: | libevent_realloc: release ptr-libevent@0x55c1fdf64e38 Aug 26 13:14:52.985932: | libevent_realloc: new ptr-libevent@0x55c1fdfda608 size 256 Aug 26 13:14:52.985935: | libevent_malloc: new ptr-libevent@0x55c1fdfda738 size 152 Aug 26 13:14:52.985938: | signal event handler PLUTO_SIGSYS installed Aug 26 13:14:52.986239: | created addconn helper (pid:19079) using fork+execve Aug 26 13:14:52.986252: | forked child 19079 Aug 26 13:14:52.986298: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:52.986316: listening for IKE messages Aug 26 13:14:52.986350: | Inspecting interface lo Aug 26 13:14:52.986357: | found lo with address 127.0.0.1 Aug 26 13:14:52.986362: | Inspecting interface eth0 Aug 26 13:14:52.986366: | found eth0 with address 192.0.1.254 Aug 26 13:14:52.986370: | Inspecting interface eth1 Aug 26 13:14:52.986374: | found eth1 with address 192.1.2.45 Aug 26 13:14:52.986459: Kernel supports NIC esp-hw-offload Aug 26 13:14:52.986470: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:14:52.986490: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:52.986495: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:52.986499: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:14:52.986526: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:14:52.986550: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:52.986554: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:52.986558: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:14:52.986579: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:14:52.986597: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:52.986601: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:52.986605: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:14:52.986652: | no interfaces to sort Aug 26 13:14:52.986656: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:52.986665: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdac98 Aug 26 13:14:52.986670: | libevent_malloc: new ptr-libevent@0x55c1fdfcefe8 size 128 Aug 26 13:14:52.986673: | libevent_malloc: new ptr-libevent@0x55c1fdfdad08 size 16 Aug 26 13:14:52.986682: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:52.986685: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdad48 Aug 26 13:14:52.986689: | libevent_malloc: new ptr-libevent@0x55c1fdf64be8 size 128 Aug 26 13:14:52.986692: | libevent_malloc: new ptr-libevent@0x55c1fdfdadb8 size 16 Aug 26 13:14:52.986696: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:52.986699: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdadf8 Aug 26 13:14:52.986702: | libevent_malloc: new ptr-libevent@0x55c1fdf64ae8 size 128 Aug 26 13:14:52.986705: | libevent_malloc: new ptr-libevent@0x55c1fdfdae68 size 16 Aug 26 13:14:52.986709: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:14:52.986712: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdaea8 Aug 26 13:14:52.986716: | libevent_malloc: new ptr-libevent@0x55c1fdf65668 size 128 Aug 26 13:14:52.986718: | libevent_malloc: new ptr-libevent@0x55c1fdfdaf18 size 16 Aug 26 13:14:52.986723: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:14:52.986726: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdaf58 Aug 26 13:14:52.986729: | libevent_malloc: new ptr-libevent@0x55c1fdf3eba8 size 128 Aug 26 13:14:52.986732: | libevent_malloc: new ptr-libevent@0x55c1fdfdafc8 size 16 Aug 26 13:14:52.986737: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:14:52.986740: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdb008 Aug 26 13:14:52.986743: | libevent_malloc: new ptr-libevent@0x55c1fdf391d8 size 128 Aug 26 13:14:52.986746: | libevent_malloc: new ptr-libevent@0x55c1fdfdb078 size 16 Aug 26 13:14:52.986751: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:14:52.986755: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:52.986758: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:52.986775: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:52.986785: | id type added to secret(0x55c1fdf34b58) PKK_PSK: @east Aug 26 13:14:52.986789: | id type added to secret(0x55c1fdf34b58) PKK_PSK: @west Aug 26 13:14:52.986793: | Processing PSK at line 1: passed Aug 26 13:14:52.986796: | certs and keys locked by 'process_secret' Aug 26 13:14:52.986799: | certs and keys unlocked by 'process_secret' Aug 26 13:14:52.986812: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:52.986821: | spent 0.531 milliseconds in whack Aug 26 13:14:53.012051: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.012074: listening for IKE messages Aug 26 13:14:53.012104: | Inspecting interface lo Aug 26 13:14:53.012110: | found lo with address 127.0.0.1 Aug 26 13:14:53.012112: | Inspecting interface eth0 Aug 26 13:14:53.012115: | found eth0 with address 192.0.1.254 Aug 26 13:14:53.012117: | Inspecting interface eth1 Aug 26 13:14:53.012119: | found eth1 with address 192.1.2.45 Aug 26 13:14:53.012164: | no interfaces to sort Aug 26 13:14:53.012176: | libevent_free: release ptr-libevent@0x55c1fdfcefe8 Aug 26 13:14:53.012179: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdac98 Aug 26 13:14:53.012181: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdac98 Aug 26 13:14:53.012184: | libevent_malloc: new ptr-libevent@0x55c1fdfcefe8 size 128 Aug 26 13:14:53.012189: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:53.012192: | libevent_free: release ptr-libevent@0x55c1fdf64be8 Aug 26 13:14:53.012194: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdad48 Aug 26 13:14:53.012196: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdad48 Aug 26 13:14:53.012197: | libevent_malloc: new ptr-libevent@0x55c1fdf64be8 size 128 Aug 26 13:14:53.012201: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:53.012203: | libevent_free: release ptr-libevent@0x55c1fdf64ae8 Aug 26 13:14:53.012205: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdadf8 Aug 26 13:14:53.012207: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdadf8 Aug 26 13:14:53.012208: | libevent_malloc: new ptr-libevent@0x55c1fdf64ae8 size 128 Aug 26 13:14:53.012212: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:14:53.012215: | libevent_free: release ptr-libevent@0x55c1fdf65668 Aug 26 13:14:53.012216: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdaea8 Aug 26 13:14:53.012218: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdaea8 Aug 26 13:14:53.012220: | libevent_malloc: new ptr-libevent@0x55c1fdf65668 size 128 Aug 26 13:14:53.012223: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:14:53.012226: | libevent_free: release ptr-libevent@0x55c1fdf3eba8 Aug 26 13:14:53.012227: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdaf58 Aug 26 13:14:53.012229: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdaf58 Aug 26 13:14:53.012231: | libevent_malloc: new ptr-libevent@0x55c1fdf3eba8 size 128 Aug 26 13:14:53.012235: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:14:53.012237: | libevent_free: release ptr-libevent@0x55c1fdf391d8 Aug 26 13:14:53.012239: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdb008 Aug 26 13:14:53.012241: | add_fd_read_event_handler: new ethX-pe@0x55c1fdfdb008 Aug 26 13:14:53.012243: | libevent_malloc: new ptr-libevent@0x55c1fdf391d8 size 128 Aug 26 13:14:53.012246: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:14:53.012248: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:53.012250: forgetting secrets Aug 26 13:14:53.012255: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:53.012268: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:53.012275: | id type added to secret(0x55c1fdf34b58) PKK_PSK: @east Aug 26 13:14:53.012278: | id type added to secret(0x55c1fdf34b58) PKK_PSK: @west Aug 26 13:14:53.012281: | Processing PSK at line 1: passed Aug 26 13:14:53.012282: | certs and keys locked by 'process_secret' Aug 26 13:14:53.012284: | certs and keys unlocked by 'process_secret' Aug 26 13:14:53.012308: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.012316: | spent 0.259 milliseconds in whack Aug 26 13:14:53.012981: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.012992: | waitpid returned pid 19079 (exited with status 0) Aug 26 13:14:53.012996: | reaped addconn helper child (status 0) Aug 26 13:14:53.013000: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.013004: | spent 0.0139 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.067779: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.067804: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.067809: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:53.067812: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.067815: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:53.067819: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.067826: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:53.067887: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:14:53.067892: | from whack: got --esp= Aug 26 13:14:53.067930: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:14:53.067937: | counting wild cards for @west is 0 Aug 26 13:14:53.067940: | counting wild cards for @east is 0 Aug 26 13:14:53.067952: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:14:53.067956: | new hp@0x55c1fdfdd3d8 Aug 26 13:14:53.067961: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.067974: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:53.068002: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:14:53.068011: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.068018: | spent 0.246 milliseconds in whack Aug 26 13:14:53.125087: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.125112: | old debugging base+cpu-usage + none Aug 26 13:14:53.125117: | base debugging = base+cpu-usage Aug 26 13:14:53.125120: | old impairing none + suppress-retransmits Aug 26 13:14:53.125123: | base impairing = suppress-retransmits Aug 26 13:14:53.125131: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.125138: | spent 0.0596 milliseconds in whack Aug 26 13:14:53.235430: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.235448: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:14:53.235451: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.235455: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:14:53.235457: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:14:53.235460: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:14:53.235462: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:53.235482: | creating state object #1 at 0x55c1fdfdd4b8 Aug 26 13:14:53.235485: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:14:53.235491: | pstats #1 ikev2.ike started Aug 26 13:14:53.235494: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:53.235496: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:14:53.235500: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.235506: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:53.235510: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:53.235513: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:14:53.235516: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.235519: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 13:14:53.235527: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 13:14:53.235539: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.235546: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.235549: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.235552: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.235555: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.235558: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.235560: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.235564: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.235574: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.235582: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:14:53.235585: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.235588: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.235592: | libevent_malloc: new ptr-libevent@0x55c1fdfdfc98 size 128 Aug 26 13:14:53.235602: | #1 spent 0.146 milliseconds in ikev2_parent_outI1() Aug 26 13:14:53.235606: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.235608: | crypto helper 0 resuming Aug 26 13:14:53.235611: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.235620: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:14:53.235621: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.235626: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:14:53.235629: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:14:53.235633: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:14:53.235636: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.235640: | spent 0.215 milliseconds in whack Aug 26 13:14:53.236232: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000606 seconds Aug 26 13:14:53.236239: | (#1) spent 0.612 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:14:53.236241: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:14:53.236243: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.236249: | libevent_malloc: new ptr-libevent@0x7f7bf4002888 size 128 Aug 26 13:14:53.236256: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:53.236263: | processing resume sending helper answer for #1 Aug 26 13:14:53.236269: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:53.236272: | crypto helper 0 replies to request ID 1 Aug 26 13:14:53.236274: | calling continuation function 0x55c1fd73ab50 Aug 26 13:14:53.236276: | ikev2_parent_outI1_continue for #1 Aug 26 13:14:53.236305: | **emit ISAKMP Message: Aug 26 13:14:53.236309: | initiator cookie: Aug 26 13:14:53.236311: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.236313: | responder cookie: Aug 26 13:14:53.236314: | 00 00 00 00 00 00 00 00 Aug 26 13:14:53.236317: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.236318: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.236321: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.236323: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.236324: | Message ID: 0 (0x0) Aug 26 13:14:53.236326: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.236336: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.236338: | Emitting ikev2_proposals ... Aug 26 13:14:53.236340: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:53.236342: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.236344: | flags: none (0x0) Aug 26 13:14:53.236346: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.236348: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.236351: | discarding INTEG=NONE Aug 26 13:14:53.236353: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.236355: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236356: | prop #: 1 (0x1) Aug 26 13:14:53.236358: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.236360: | spi size: 0 (0x0) Aug 26 13:14:53.236361: | # transforms: 11 (0xb) Aug 26 13:14:53.236363: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.236365: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236369: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.236371: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.236373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236375: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.236377: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.236379: | length/value: 256 (0x100) Aug 26 13:14:53.236381: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.236382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236386: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236390: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.236392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236398: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236401: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236403: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.236405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236409: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236410: | discarding INTEG=NONE Aug 26 13:14:53.236412: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236415: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236417: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.236419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236421: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236423: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236425: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236428: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236430: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.236432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236435: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236437: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236439: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236440: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236442: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.236444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236448: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236449: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236453: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236454: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.236456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236460: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236463: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236466: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236468: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.236470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236472: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236473: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236475: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236480: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.236482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236486: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236487: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236492: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.236494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236498: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236500: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236501: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.236503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236505: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.236507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236511: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236512: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:53.236514: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.236516: | discarding INTEG=NONE Aug 26 13:14:53.236518: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.236520: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236521: | prop #: 2 (0x2) Aug 26 13:14:53.236523: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.236525: | spi size: 0 (0x0) Aug 26 13:14:53.236526: | # transforms: 11 (0xb) Aug 26 13:14:53.236528: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236530: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.236532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.236538: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.236541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236542: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.236544: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.236546: | length/value: 128 (0x80) Aug 26 13:14:53.236548: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.236549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236553: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236554: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.236556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236560: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236562: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236565: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236567: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.236569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236574: | discarding INTEG=NONE Aug 26 13:14:53.236576: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236581: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.236583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236586: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236588: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236593: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.236595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236600: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236604: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236605: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.236607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236614: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236619: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.236621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236624: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236626: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236629: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236631: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.236633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236637: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236638: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236642: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236643: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.236645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236647: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236649: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236651: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236654: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236656: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.236658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236661: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236663: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236665: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.236666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236668: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.236670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236674: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236676: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:53.236677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.236679: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.236681: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236683: | prop #: 3 (0x3) Aug 26 13:14:53.236684: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.236686: | spi size: 0 (0x0) Aug 26 13:14:53.236690: | # transforms: 13 (0xd) Aug 26 13:14:53.236692: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236694: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.236696: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236699: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.236701: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.236703: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236705: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.236706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.236708: | length/value: 256 (0x100) Aug 26 13:14:53.236710: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.236711: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236715: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236717: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.236719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236722: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236724: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236727: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236729: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.236731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236735: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236736: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236740: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.236741: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.236744: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236747: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236749: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236752: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.236754: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.236756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236760: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236761: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236767: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.236769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236773: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236775: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236780: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.236782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236785: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236787: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236790: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236792: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.236794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236797: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236799: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236802: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236804: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.236806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236813: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236816: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.236818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236824: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236829: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.236831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236834: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236837: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236842: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.236844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236848: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236849: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236851: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.236853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236854: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.236856: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236860: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236862: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:53.236864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.236865: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.236867: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.236869: | prop #: 4 (0x4) Aug 26 13:14:53.236870: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.236872: | spi size: 0 (0x0) Aug 26 13:14:53.236874: | # transforms: 13 (0xd) Aug 26 13:14:53.236876: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.236878: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.236879: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.236884: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.236886: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236888: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.236890: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.236891: | length/value: 128 (0x80) Aug 26 13:14:53.236893: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.236895: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236897: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236898: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236900: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.236902: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236906: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236907: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236911: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.236912: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.236915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236917: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236919: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236921: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236922: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236924: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.236926: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.236928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236931: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236933: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236936: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.236938: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.236940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236944: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236945: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236947: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236949: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236950: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.236952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236956: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236958: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236961: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236963: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.236965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236968: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236970: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236975: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.236977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236981: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236982: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236988: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.236989: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.236991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.236993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.236995: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.236997: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.236998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237002: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.237004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.237007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.237009: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237012: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237014: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.237016: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237018: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.237020: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.237021: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237025: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.237028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237030: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.237032: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.237034: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.237035: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.237037: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.237039: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.237041: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.237043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.237044: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.237046: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:53.237048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.237050: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:14:53.237052: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.237053: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:53.237055: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.237058: | flags: none (0x0) Aug 26 13:14:53.237060: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.237062: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:53.237064: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.237066: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:53.237068: | ikev2 g^x 92 51 bc 47 23 93 c2 74 6e 4a 97 ab b7 ca a5 0b Aug 26 13:14:53.237070: | ikev2 g^x 6e 5e cc 0c a3 de 19 52 35 36 20 5d 1c eb 2a 4a Aug 26 13:14:53.237072: | ikev2 g^x ad 84 92 28 f2 a9 68 a6 c2 e6 ba de 28 dd 9e b4 Aug 26 13:14:53.237073: | ikev2 g^x 0c 27 b9 ef 0e 04 33 3e 1f b9 b1 64 c1 5c 94 99 Aug 26 13:14:53.237075: | ikev2 g^x eb 34 bb 96 88 20 f3 ff 0f ef 3a e7 f7 f2 ea 59 Aug 26 13:14:53.237077: | ikev2 g^x 13 27 fa cc 96 86 93 43 11 62 f0 ae c4 e9 4b 38 Aug 26 13:14:53.237078: | ikev2 g^x c7 00 ff 68 6b 20 6b 7c 79 00 8b ea 2f fc 4c 7d Aug 26 13:14:53.237080: | ikev2 g^x 87 57 60 e5 36 28 0e 5a 87 6c 44 d6 3a b9 bb c3 Aug 26 13:14:53.237081: | ikev2 g^x ed d5 a8 86 ba b6 6e 23 af 62 2e 6b cb a4 38 41 Aug 26 13:14:53.237083: | ikev2 g^x ea fb 8a 4c 80 17 43 89 75 d6 20 36 38 56 1e ae Aug 26 13:14:53.237085: | ikev2 g^x 7c cb b0 dc 45 d7 1f ce 40 4f 65 af 39 a8 e7 0f Aug 26 13:14:53.237086: | ikev2 g^x dd ae 1f b0 c0 8a 5e 32 13 ac 5b a2 27 1f 34 6e Aug 26 13:14:53.237088: | ikev2 g^x 8c e9 41 5d 11 60 f8 5c d9 92 f0 2a ea 9b e2 14 Aug 26 13:14:53.237089: | ikev2 g^x e1 74 c2 52 8e e6 0b 4c dd 89 94 ed bc 66 71 b5 Aug 26 13:14:53.237091: | ikev2 g^x ab 63 e0 ac fe db 93 a3 e3 88 c5 53 08 b9 75 0b Aug 26 13:14:53.237093: | ikev2 g^x 01 44 c2 1d 36 e2 73 ee f6 25 c7 e2 ee 30 4d 55 Aug 26 13:14:53.237094: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:53.237096: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:53.237098: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.237100: | flags: none (0x0) Aug 26 13:14:53.237102: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:53.237104: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.237106: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.237108: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:53.237110: | IKEv2 nonce 76 46 0a 3c 0d ef b6 38 1d 26 57 a9 4c ed 62 52 Aug 26 13:14:53.237111: | IKEv2 nonce 03 b8 d1 83 ad bc b7 82 e4 e1 06 84 71 91 f2 cc Aug 26 13:14:53.237113: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:53.237115: | Adding a v2N Payload Aug 26 13:14:53.237116: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.237118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.237120: | flags: none (0x0) Aug 26 13:14:53.237122: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237124: | SPI size: 0 (0x0) Aug 26 13:14:53.237125: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.237128: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.237129: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.237131: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:53.237133: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:53.237135: | natd_hash: rcookie is zero Aug 26 13:14:53.237146: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:53.237149: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.237150: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.237152: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.237155: | natd_hash: port=500 Aug 26 13:14:53.237156: | natd_hash: hash= e7 8a 57 08 2f b2 88 0c 34 cd 6d e6 19 8d d3 b8 Aug 26 13:14:53.237158: | natd_hash: hash= 36 ee 86 f6 Aug 26 13:14:53.237160: | Adding a v2N Payload Aug 26 13:14:53.237161: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.237163: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.237165: | flags: none (0x0) Aug 26 13:14:53.237166: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237168: | SPI size: 0 (0x0) Aug 26 13:14:53.237170: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.237172: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.237174: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.237176: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.237178: | Notify data e7 8a 57 08 2f b2 88 0c 34 cd 6d e6 19 8d d3 b8 Aug 26 13:14:53.237179: | Notify data 36 ee 86 f6 Aug 26 13:14:53.237181: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.237183: | natd_hash: rcookie is zero Aug 26 13:14:53.237186: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:53.237188: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.237190: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.237191: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.237193: | natd_hash: port=500 Aug 26 13:14:53.237195: | natd_hash: hash= ae c1 bd 59 22 1d 20 91 31 c4 67 ea a9 91 ae 9f Aug 26 13:14:53.237196: | natd_hash: hash= a3 42 eb 81 Aug 26 13:14:53.237198: | Adding a v2N Payload Aug 26 13:14:53.237199: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.237201: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.237203: | flags: none (0x0) Aug 26 13:14:53.237204: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.237206: | SPI size: 0 (0x0) Aug 26 13:14:53.237208: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.237210: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.237212: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.237213: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.237215: | Notify data ae c1 bd 59 22 1d 20 91 31 c4 67 ea a9 91 ae 9f Aug 26 13:14:53.237217: | Notify data a3 42 eb 81 Aug 26 13:14:53.237218: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.237220: | emitting length of ISAKMP Message: 828 Aug 26 13:14:53.237225: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:14:53.237231: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.237234: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:14:53.237237: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:14:53.237239: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:14:53.237241: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:14:53.237243: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:14:53.237247: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:53.237249: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:53.237257: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:53.237265: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:53.237269: | f7 9c bc 94 14 ee f8 f5 00 00 00 00 00 00 00 00 Aug 26 13:14:53.237270: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:53.237272: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.237274: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:53.237275: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:53.237277: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:53.237278: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:53.237280: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:53.237281: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:53.237283: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:53.237285: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:53.237286: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:53.237292: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:53.237295: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:53.237297: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:53.237298: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:53.237300: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:53.237301: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:53.237303: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:53.237305: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:53.237306: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:53.237308: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:53.237309: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:53.237311: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:53.237313: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:53.237314: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:53.237316: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:53.237317: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:53.237319: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:53.237320: | 28 00 01 08 00 0e 00 00 92 51 bc 47 23 93 c2 74 Aug 26 13:14:53.237322: | 6e 4a 97 ab b7 ca a5 0b 6e 5e cc 0c a3 de 19 52 Aug 26 13:14:53.237324: | 35 36 20 5d 1c eb 2a 4a ad 84 92 28 f2 a9 68 a6 Aug 26 13:14:53.237325: | c2 e6 ba de 28 dd 9e b4 0c 27 b9 ef 0e 04 33 3e Aug 26 13:14:53.237327: | 1f b9 b1 64 c1 5c 94 99 eb 34 bb 96 88 20 f3 ff Aug 26 13:14:53.237328: | 0f ef 3a e7 f7 f2 ea 59 13 27 fa cc 96 86 93 43 Aug 26 13:14:53.237330: | 11 62 f0 ae c4 e9 4b 38 c7 00 ff 68 6b 20 6b 7c Aug 26 13:14:53.237332: | 79 00 8b ea 2f fc 4c 7d 87 57 60 e5 36 28 0e 5a Aug 26 13:14:53.237333: | 87 6c 44 d6 3a b9 bb c3 ed d5 a8 86 ba b6 6e 23 Aug 26 13:14:53.237335: | af 62 2e 6b cb a4 38 41 ea fb 8a 4c 80 17 43 89 Aug 26 13:14:53.237336: | 75 d6 20 36 38 56 1e ae 7c cb b0 dc 45 d7 1f ce Aug 26 13:14:53.237338: | 40 4f 65 af 39 a8 e7 0f dd ae 1f b0 c0 8a 5e 32 Aug 26 13:14:53.237339: | 13 ac 5b a2 27 1f 34 6e 8c e9 41 5d 11 60 f8 5c Aug 26 13:14:53.237341: | d9 92 f0 2a ea 9b e2 14 e1 74 c2 52 8e e6 0b 4c Aug 26 13:14:53.237343: | dd 89 94 ed bc 66 71 b5 ab 63 e0 ac fe db 93 a3 Aug 26 13:14:53.237344: | e3 88 c5 53 08 b9 75 0b 01 44 c2 1d 36 e2 73 ee Aug 26 13:14:53.237346: | f6 25 c7 e2 ee 30 4d 55 29 00 00 24 76 46 0a 3c Aug 26 13:14:53.237347: | 0d ef b6 38 1d 26 57 a9 4c ed 62 52 03 b8 d1 83 Aug 26 13:14:53.237349: | ad bc b7 82 e4 e1 06 84 71 91 f2 cc 29 00 00 08 Aug 26 13:14:53.237351: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e7 8a 57 08 Aug 26 13:14:53.237352: | 2f b2 88 0c 34 cd 6d e6 19 8d d3 b8 36 ee 86 f6 Aug 26 13:14:53.237354: | 00 00 00 1c 00 00 40 05 ae c1 bd 59 22 1d 20 91 Aug 26 13:14:53.237355: | 31 c4 67 ea a9 91 ae 9f a3 42 eb 81 Aug 26 13:14:53.237393: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.237397: | libevent_free: release ptr-libevent@0x55c1fdfdfc98 Aug 26 13:14:53.237400: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.237402: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:53.237404: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:53.237409: | event_schedule: new EVENT_RETRANSMIT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.237412: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:14:53.237414: | libevent_malloc: new ptr-libevent@0x55c1fdfdfc98 size 128 Aug 26 13:14:53.237417: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10578.979876 Aug 26 13:14:53.237420: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:14:53.237424: | #1 spent 1.13 milliseconds in resume sending helper answer Aug 26 13:14:53.237427: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:53.237429: | libevent_free: release ptr-libevent@0x7f7bf4002888 Aug 26 13:14:53.239596: | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.239615: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:53.239618: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239620: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:14:53.239622: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.239624: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:14:53.239625: | 04 00 00 0e 28 00 01 08 00 0e 00 00 62 9e 7c 0d Aug 26 13:14:53.239627: | 1b 0d dd 0c 99 a2 a4 0e 8f 9f b2 bf 5f 4b 24 05 Aug 26 13:14:53.239629: | 47 64 84 fc 62 c2 2b 01 62 e4 02 28 67 06 1f 76 Aug 26 13:14:53.239630: | 0c 82 fa 01 2d 2c 07 54 cd 09 8e 00 18 7e 28 4c Aug 26 13:14:53.239632: | af a1 aa 2e ef a9 d6 50 29 ce b4 57 a8 98 8e e1 Aug 26 13:14:53.239633: | 29 f2 5f 81 fa 86 ce c7 23 8a 4d 05 53 c4 e0 d7 Aug 26 13:14:53.239635: | a1 d1 b8 e7 75 f1 43 d4 44 60 bd d2 5e 0a ce cb Aug 26 13:14:53.239637: | f2 df 48 d1 c0 1d c0 32 4e 25 94 fd c7 68 4f ca Aug 26 13:14:53.239638: | b5 e3 85 08 95 3f db c7 47 c0 b6 07 4f cf 3d b6 Aug 26 13:14:53.239640: | 07 e3 32 ac bf 5a a2 5c 77 fc e9 c2 09 1c c6 15 Aug 26 13:14:53.239642: | 06 79 25 e7 b3 c8 69 8c c2 88 b8 16 57 78 bb bb Aug 26 13:14:53.239643: | 8c c3 0b a6 c0 32 09 85 3b a7 1f bf 96 a0 16 ee Aug 26 13:14:53.239645: | 0c 08 54 25 ad dd b1 73 8f fa 4c e5 35 33 8d f9 Aug 26 13:14:53.239647: | 01 09 6c 9d d5 fe 9c 4e 76 9d 1b 03 6c 24 1d 3d Aug 26 13:14:53.239648: | 51 b4 bd 0c 8e 02 b6 51 2b e6 f7 74 eb 51 15 aa Aug 26 13:14:53.239650: | 9b b2 b0 5a 8b 21 1a f2 96 5e 96 f3 45 cd 61 63 Aug 26 13:14:53.239651: | d2 22 fa c3 af 3e 87 e3 1a 90 c2 ea 29 00 00 24 Aug 26 13:14:53.239653: | 2a fd fd c5 a0 b9 f2 ae 44 dc ee dd 09 3e 10 82 Aug 26 13:14:53.239655: | 16 08 57 61 c4 68 94 25 a9 4a 72 27 d6 2e 73 55 Aug 26 13:14:53.239656: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:14:53.239658: | 3f 68 4b 62 5d 9c 2e 7b 6d 2b 5c 62 2a 57 78 0f Aug 26 13:14:53.239660: | b0 dc e3 a3 00 00 00 1c 00 00 40 05 11 ec 0f f5 Aug 26 13:14:53.239661: | e4 b3 b9 a6 67 75 48 b4 bb 9d 85 bb c3 44 79 a4 Aug 26 13:14:53.239664: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:53.239667: | **parse ISAKMP Message: Aug 26 13:14:53.239669: | initiator cookie: Aug 26 13:14:53.239670: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239672: | responder cookie: Aug 26 13:14:53.239674: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239676: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.239680: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.239681: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.239683: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.239685: | Message ID: 0 (0x0) Aug 26 13:14:53.239687: | length: 432 (0x1b0) Aug 26 13:14:53.239689: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:14:53.239691: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:14:53.239694: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:14:53.239698: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.239701: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.239703: | #1 is idle Aug 26 13:14:53.239705: | #1 idle Aug 26 13:14:53.239706: | unpacking clear payload Aug 26 13:14:53.239708: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.239710: | ***parse IKEv2 Security Association Payload: Aug 26 13:14:53.239712: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:14:53.239714: | flags: none (0x0) Aug 26 13:14:53.239715: | length: 40 (0x28) Aug 26 13:14:53.239717: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:14:53.239719: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:14:53.239721: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:14:53.239723: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:14:53.239724: | flags: none (0x0) Aug 26 13:14:53.239726: | length: 264 (0x108) Aug 26 13:14:53.239728: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.239729: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:14:53.239731: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.239733: | ***parse IKEv2 Nonce Payload: Aug 26 13:14:53.239734: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.239736: | flags: none (0x0) Aug 26 13:14:53.239738: | length: 36 (0x24) Aug 26 13:14:53.239739: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:14:53.239741: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.239743: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.239745: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.239746: | flags: none (0x0) Aug 26 13:14:53.239748: | length: 8 (0x8) Aug 26 13:14:53.239750: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239751: | SPI size: 0 (0x0) Aug 26 13:14:53.239753: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.239755: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:14:53.239756: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.239758: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.239760: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.239761: | flags: none (0x0) Aug 26 13:14:53.239763: | length: 28 (0x1c) Aug 26 13:14:53.239765: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239766: | SPI size: 0 (0x0) Aug 26 13:14:53.239768: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.239770: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.239771: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.239773: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.239775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.239776: | flags: none (0x0) Aug 26 13:14:53.239778: | length: 28 (0x1c) Aug 26 13:14:53.239780: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.239781: | SPI size: 0 (0x0) Aug 26 13:14:53.239783: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.239785: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.239787: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:14:53.239789: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:53.239792: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:14:53.239794: | Now let's proceed with state specific processing Aug 26 13:14:53.239796: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:14:53.239799: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:14:53.239808: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.239811: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:14:53.239813: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.239815: | local proposal 1 type PRF has 2 transforms Aug 26 13:14:53.239817: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.239818: | local proposal 1 type DH has 8 transforms Aug 26 13:14:53.239820: | local proposal 1 type ESN has 0 transforms Aug 26 13:14:53.239822: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.239824: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.239826: | local proposal 2 type PRF has 2 transforms Aug 26 13:14:53.239828: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.239829: | local proposal 2 type DH has 8 transforms Aug 26 13:14:53.239831: | local proposal 2 type ESN has 0 transforms Aug 26 13:14:53.239833: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.239835: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.239836: | local proposal 3 type PRF has 2 transforms Aug 26 13:14:53.239838: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.239840: | local proposal 3 type DH has 8 transforms Aug 26 13:14:53.239841: | local proposal 3 type ESN has 0 transforms Aug 26 13:14:53.239843: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.239845: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.239847: | local proposal 4 type PRF has 2 transforms Aug 26 13:14:53.239848: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.239850: | local proposal 4 type DH has 8 transforms Aug 26 13:14:53.239852: | local proposal 4 type ESN has 0 transforms Aug 26 13:14:53.239853: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.239856: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.239857: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.239859: | length: 36 (0x24) Aug 26 13:14:53.239861: | prop #: 1 (0x1) Aug 26 13:14:53.239862: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.239864: | spi size: 0 (0x0) Aug 26 13:14:53.239865: | # transforms: 3 (0x3) Aug 26 13:14:53.239868: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:14:53.239870: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239873: | length: 12 (0xc) Aug 26 13:14:53.239875: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.239877: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.239878: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.239880: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.239882: | length/value: 256 (0x100) Aug 26 13:14:53.239886: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.239888: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.239891: | length: 8 (0x8) Aug 26 13:14:53.239893: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.239894: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.239897: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:14:53.239899: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.239900: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.239902: | length: 8 (0x8) Aug 26 13:14:53.239904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.239905: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.239907: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:14:53.239910: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:14:53.239913: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:14:53.239915: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.239917: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:14:53.239918: | converting proposal to internal trans attrs Aug 26 13:14:53.239930: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:53.239932: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239933: | natd_hash: rcookie= 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239935: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.239937: | natd_hash: port=500 Aug 26 13:14:53.239939: | natd_hash: hash= 11 ec 0f f5 e4 b3 b9 a6 67 75 48 b4 bb 9d 85 bb Aug 26 13:14:53.239940: | natd_hash: hash= c3 44 79 a4 Aug 26 13:14:53.239944: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:53.239946: | natd_hash: icookie= f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.239948: | natd_hash: rcookie= 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.239949: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.239951: | natd_hash: port=500 Aug 26 13:14:53.239952: | natd_hash: hash= 3f 68 4b 62 5d 9c 2e 7b 6d 2b 5c 62 2a 57 78 0f Aug 26 13:14:53.239954: | natd_hash: hash= b0 dc e3 a3 Aug 26 13:14:53.239956: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:14:53.239958: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:14:53.239959: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:14:53.239962: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:14:53.239965: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:14:53.239968: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:14:53.239970: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:53.239972: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:14:53.239974: | libevent_free: release ptr-libevent@0x55c1fdfdfc98 Aug 26 13:14:53.239976: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.239978: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.239981: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.239983: | libevent_malloc: new ptr-libevent@0x55c1fdfdf9c8 size 128 Aug 26 13:14:53.239990: | #1 spent 0.191 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:14:53.239994: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.239997: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:14:53.239998: | crypto helper 1 resuming Aug 26 13:14:53.239999: | suspending state #1 and saving MD Aug 26 13:14:53.240019: | #1 is busy; has a suspended MD Aug 26 13:14:53.240013: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:14:53.240024: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.240031: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:14:53.240033: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.240040: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.240044: | #1 spent 0.431 milliseconds in ikev2_process_packet() Aug 26 13:14:53.240047: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:53.240049: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.240051: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.240053: | spent 0.44 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.240971: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:14:53.241426: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001394 seconds Aug 26 13:14:53.241438: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:14:53.241442: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:14:53.241445: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.241449: | libevent_malloc: new ptr-libevent@0x7f7bec000f48 size 128 Aug 26 13:14:53.241457: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:53.241492: | processing resume sending helper answer for #1 Aug 26 13:14:53.241502: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:53.241505: | crypto helper 1 replies to request ID 2 Aug 26 13:14:53.241507: | calling continuation function 0x55c1fd73ab50 Aug 26 13:14:53.241509: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:14:53.241518: | creating state object #2 at 0x55c1fdfe28a8 Aug 26 13:14:53.241520: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:14:53.241523: | pstats #2 ikev2.child started Aug 26 13:14:53.241525: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:14:53.241528: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:53.241533: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.241536: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:14:53.241539: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:53.241541: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.241543: | libevent_free: release ptr-libevent@0x55c1fdfdf9c8 Aug 26 13:14:53.241545: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c1fdfdfc28 Aug 26 13:14:53.241547: | event_schedule: new EVENT_SA_REPLACE-pe@0x55c1fdfdfc28 Aug 26 13:14:53.241550: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:14:53.241552: | libevent_malloc: new ptr-libevent@0x55c1fdfdf9c8 size 128 Aug 26 13:14:53.241555: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:14:53.241559: | **emit ISAKMP Message: Aug 26 13:14:53.241561: | initiator cookie: Aug 26 13:14:53.241563: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.241565: | responder cookie: Aug 26 13:14:53.241568: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.241570: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.241572: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.241574: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.241576: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.241577: | Message ID: 1 (0x1) Aug 26 13:14:53.241579: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.241582: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:53.241584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.241585: | flags: none (0x0) Aug 26 13:14:53.241587: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:53.241589: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.241592: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:53.241597: | IKEv2 CERT: send a certificate? Aug 26 13:14:53.241600: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:14:53.241601: | IDr payload will be sent Aug 26 13:14:53.241612: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:14:53.241615: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.241616: | flags: none (0x0) Aug 26 13:14:53.241618: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.241620: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:14:53.241622: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.241625: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:14:53.241626: | my identity 77 65 73 74 Aug 26 13:14:53.241628: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:14:53.241634: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.241636: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.241638: | flags: none (0x0) Aug 26 13:14:53.241640: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.241642: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:14:53.241644: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.241646: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.241648: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:14:53.241650: | IDr 65 61 73 74 Aug 26 13:14:53.241651: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:14:53.241653: | not sending INITIAL_CONTACT Aug 26 13:14:53.241655: | ****emit IKEv2 Authentication Payload: Aug 26 13:14:53.241657: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.241659: | flags: none (0x0) Aug 26 13:14:53.241661: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.241663: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.241665: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.241667: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:14:53.241670: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.241672: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.241675: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:14:53.241677: | 1: compared key @west to @west / @east -> 010 Aug 26 13:14:53.241681: | 2: compared key @east to @west / @east -> 014 Aug 26 13:14:53.241683: | line 1: match=014 Aug 26 13:14:53.241685: | match 014 beats previous best_match 000 match=0x55c1fdf34b58 (line=1) Aug 26 13:14:53.241687: | concluding with best_match=014 best=0x55c1fdf34b58 (lineno=1) Aug 26 13:14:53.241724: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:14:53.241727: | PSK auth 38 30 6a db da e4 95 14 1d 9b df 27 29 89 b6 48 Aug 26 13:14:53.241729: | PSK auth 11 82 a3 f2 82 0e f9 08 63 c8 e9 f3 53 32 9f 06 Aug 26 13:14:53.241731: | PSK auth 9d 64 93 72 a9 42 4f 59 c1 d4 ea 81 54 f5 eb 91 Aug 26 13:14:53.241732: | PSK auth c5 ba 24 cc db 9e 2b 33 45 b2 19 3e 2d 17 69 ef Aug 26 13:14:53.241734: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:14:53.241736: | getting first pending from state #1 Aug 26 13:14:53.241753: | netlink_get_spi: allocated 0x9691b1cd for esp.0@192.1.2.45 Aug 26 13:14:53.241756: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:14:53.241761: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:53.241764: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.241766: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:53.241769: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.241771: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.241774: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.241776: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.241778: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.241783: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.241790: | Emitting ikev2_proposals ... Aug 26 13:14:53.241792: | ****emit IKEv2 Security Association Payload: Aug 26 13:14:53.241794: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.241796: | flags: none (0x0) Aug 26 13:14:53.241798: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.241800: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.241802: | discarding INTEG=NONE Aug 26 13:14:53.241803: | discarding DH=NONE Aug 26 13:14:53.241805: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.241807: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.241809: | prop #: 1 (0x1) Aug 26 13:14:53.241811: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.241812: | spi size: 4 (0x4) Aug 26 13:14:53.241814: | # transforms: 2 (0x2) Aug 26 13:14:53.241816: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.241818: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.241820: | our spi 96 91 b1 cd Aug 26 13:14:53.241822: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241825: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.241827: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.241829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241833: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.241835: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.241837: | length/value: 256 (0x100) Aug 26 13:14:53.241839: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.241841: | discarding INTEG=NONE Aug 26 13:14:53.241842: | discarding DH=NONE Aug 26 13:14:53.241844: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241845: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.241847: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.241849: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.241851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241853: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241855: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.241857: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.241859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.241860: | discarding INTEG=NONE Aug 26 13:14:53.241862: | discarding DH=NONE Aug 26 13:14:53.241863: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.241865: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.241867: | prop #: 2 (0x2) Aug 26 13:14:53.241868: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.241870: | spi size: 4 (0x4) Aug 26 13:14:53.241872: | # transforms: 2 (0x2) Aug 26 13:14:53.241874: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.241876: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.241878: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.241879: | our spi 96 91 b1 cd Aug 26 13:14:53.241881: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241885: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.241886: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.241888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241890: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.241892: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.241893: | length/value: 128 (0x80) Aug 26 13:14:53.241895: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.241897: | discarding INTEG=NONE Aug 26 13:14:53.241898: | discarding DH=NONE Aug 26 13:14:53.241900: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241901: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.241903: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.241905: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.241907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241909: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241911: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.241912: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.241914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.241917: | discarding DH=NONE Aug 26 13:14:53.241918: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.241920: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.241922: | prop #: 3 (0x3) Aug 26 13:14:53.241923: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.241925: | spi size: 4 (0x4) Aug 26 13:14:53.241927: | # transforms: 4 (0x4) Aug 26 13:14:53.241929: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.241931: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.241933: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.241934: | our spi 96 91 b1 cd Aug 26 13:14:53.241936: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241939: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.241941: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.241943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241945: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.241946: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.241948: | length/value: 256 (0x100) Aug 26 13:14:53.241950: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.241952: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241955: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.241957: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.241959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241962: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.241964: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241967: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.241969: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.241971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241975: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.241976: | discarding DH=NONE Aug 26 13:14:53.241978: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.241980: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.241981: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.241983: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.241985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.241987: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.241989: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.241990: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:14:53.241992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.241994: | discarding DH=NONE Aug 26 13:14:53.241997: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.241999: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.242000: | prop #: 4 (0x4) Aug 26 13:14:53.242002: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.242003: | spi size: 4 (0x4) Aug 26 13:14:53.242005: | # transforms: 4 (0x4) Aug 26 13:14:53.242007: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.242009: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.242011: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.242013: | our spi 96 91 b1 cd Aug 26 13:14:53.242014: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.242016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242018: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.242019: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.242021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.242023: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.242025: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.242026: | length/value: 128 (0x80) Aug 26 13:14:53.242028: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.242030: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.242031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242033: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.242035: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.242037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.242040: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.242042: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.242044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242045: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.242047: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.242049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.242053: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.242054: | discarding DH=NONE Aug 26 13:14:53.242056: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.242057: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.242059: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.242061: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.242063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.242065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.242066: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.242068: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:14:53.242070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.242072: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:14:53.242074: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.242077: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.242079: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.242081: | flags: none (0x0) Aug 26 13:14:53.242082: | number of TS: 1 (0x1) Aug 26 13:14:53.242085: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.242087: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.242088: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.242090: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.242092: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.242094: | start port: 0 (0x0) Aug 26 13:14:53.242095: | end port: 65535 (0xffff) Aug 26 13:14:53.242098: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.242099: | ipv4 start c0 00 01 00 Aug 26 13:14:53.242101: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.242103: | ipv4 end c0 00 01 ff Aug 26 13:14:53.242104: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.242106: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:14:53.242108: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.242110: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.242111: | flags: none (0x0) Aug 26 13:14:53.242113: | number of TS: 1 (0x1) Aug 26 13:14:53.242115: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.242117: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.242119: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.242120: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.242122: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.242124: | start port: 0 (0x0) Aug 26 13:14:53.242125: | end port: 65535 (0xffff) Aug 26 13:14:53.242127: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.242129: | ipv4 start c0 00 02 00 Aug 26 13:14:53.242131: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.242132: | ipv4 end c0 00 02 ff Aug 26 13:14:53.242134: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.242136: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:14:53.242137: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:14:53.242139: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.242142: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:53.242144: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:53.242146: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:53.242148: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:14:53.242149: | emitting length of ISAKMP Message: 365 Aug 26 13:14:53.242161: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.242165: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.242168: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:14:53.242170: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:14:53.242172: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:14:53.242174: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:14:53.242179: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:14:53.242182: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:14:53.242185: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:14:53.242191: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:53.242195: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:53.242197: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.242198: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:14:53.242200: | ef ec 20 49 d6 b0 e8 9e 46 b1 8b f0 1b ae 4d e6 Aug 26 13:14:53.242202: | fd 78 f9 72 bd 33 99 1f 67 11 3f 55 78 d0 8a ea Aug 26 13:14:53.242203: | 9d 82 e7 ff 2e 6a ef 00 ad 52 67 08 b3 e2 3c 0b Aug 26 13:14:53.242205: | e0 52 99 82 19 a1 70 6b 64 94 59 fa 8a 1a a8 17 Aug 26 13:14:53.242206: | ce 2b 70 51 ab 88 f6 91 6e 02 cd 2a 06 0c f2 33 Aug 26 13:14:53.242208: | 94 12 a2 cd 04 65 e1 52 22 e0 6b 2d aa 8c 64 75 Aug 26 13:14:53.242210: | 76 fb 7e aa 8d fa 58 dd 7e e4 ae 1e 67 74 4d 17 Aug 26 13:14:53.242211: | 93 7d 4c 4e 1d ce 78 29 9d f3 f3 15 e7 49 4b e6 Aug 26 13:14:53.242213: | 61 8f 33 cf d0 7b 6b b1 85 75 cc ad 46 01 f5 8b Aug 26 13:14:53.242214: | d1 1b 4d 86 ae b9 7e 9f 8c 04 02 da 57 18 1e 1b Aug 26 13:14:53.242216: | 90 fc a5 45 9b 0e 1a db 07 d8 4e c1 46 8f b8 76 Aug 26 13:14:53.242218: | aa 6d d5 55 71 11 c7 5e 85 91 5f 9a 92 5f 8b 93 Aug 26 13:14:53.242219: | 5d fc ab 5e 73 72 67 ca a9 bd 9a d2 10 8f 82 9a Aug 26 13:14:53.242221: | 9a 04 f6 38 86 a2 ac d9 5b 60 00 e0 73 eb e2 ab Aug 26 13:14:53.242223: | fa 98 84 d8 2e 2f 8b bc ab ea b0 3f 1a e9 55 e0 Aug 26 13:14:53.242224: | 66 59 c9 72 09 bc 0b 7f 21 f8 9f 71 46 f5 5d 03 Aug 26 13:14:53.242226: | ec 93 a3 e9 2e a0 86 2f dc 57 64 29 42 ed a6 ef Aug 26 13:14:53.242227: | ef 90 8a 5a fd 82 d1 b5 18 ce b5 d7 d0 c0 32 49 Aug 26 13:14:53.242229: | 2d a1 77 a5 a3 58 e3 8a a2 04 80 7d 0f 21 fd 8c Aug 26 13:14:53.242231: | 24 f3 3f 1e 5f 4f 74 1b 4f 30 90 0c a2 7a e3 bb Aug 26 13:14:53.242232: | 5a e3 52 90 48 9f c9 6a 20 69 5e e5 67 Aug 26 13:14:53.242253: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:53.242258: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:53.242266: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7bf4002b78 Aug 26 13:14:53.242270: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:14:53.242273: | libevent_malloc: new ptr-libevent@0x55c1fdfe3578 size 128 Aug 26 13:14:53.242278: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10578.984732 Aug 26 13:14:53.242282: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.242300: | #1 spent 0.771 milliseconds in resume sending helper answer Aug 26 13:14:53.242308: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:53.242312: | libevent_free: release ptr-libevent@0x7f7bec000f48 Aug 26 13:14:53.269829: | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.269852: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:53.269856: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.269858: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:14:53.269861: | c4 f2 02 66 86 68 3b b2 49 ee 94 1d 57 93 b8 fa Aug 26 13:14:53.269866: | 48 66 cd 72 18 50 b4 77 52 f4 bb 86 19 a8 c5 36 Aug 26 13:14:53.269868: | dc 29 5d c1 e8 c1 19 51 04 53 e8 f0 62 e0 73 97 Aug 26 13:14:53.269870: | d4 22 cb 65 48 a9 f0 be 77 b3 d2 81 be f4 f5 8a Aug 26 13:14:53.269873: | dd cf df 60 29 60 1d 1b 76 75 98 5b db 8f e1 f2 Aug 26 13:14:53.269875: | 25 2f 1c 10 01 f2 a0 af 46 bd 9b 83 6d a4 81 06 Aug 26 13:14:53.269878: | 30 05 40 69 60 12 11 3c 56 d8 7b 99 34 ed d8 30 Aug 26 13:14:53.269880: | c6 c0 c5 d6 d3 a5 36 d0 25 b6 20 9d 49 10 eb a1 Aug 26 13:14:53.269883: | df ff 3c 29 0a 66 53 d7 e0 b5 06 01 34 05 c0 f2 Aug 26 13:14:53.269885: | 5d 7f 81 ba 65 4b 0e d9 99 9c d2 84 bb 7b 51 26 Aug 26 13:14:53.269888: | 5a 96 79 fc b6 4a 54 62 31 8a 05 32 28 76 7b 3f Aug 26 13:14:53.269891: | d2 a1 7f 8a 38 37 9a c8 6d 45 2c 78 1e 41 6b 99 Aug 26 13:14:53.269893: | 33 Aug 26 13:14:53.269899: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:53.269903: | **parse ISAKMP Message: Aug 26 13:14:53.269906: | initiator cookie: Aug 26 13:14:53.269909: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:53.269911: | responder cookie: Aug 26 13:14:53.269914: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:53.269917: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:53.269919: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.269921: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.269923: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.269925: | Message ID: 1 (0x1) Aug 26 13:14:53.269926: | length: 225 (0xe1) Aug 26 13:14:53.269928: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:14:53.269931: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:14:53.269934: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:14:53.269939: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.269941: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:14:53.269944: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.269947: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.269949: | #2 is idle Aug 26 13:14:53.269950: | #2 idle Aug 26 13:14:53.269952: | unpacking clear payload Aug 26 13:14:53.269953: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:53.269955: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:53.269957: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:14:53.269959: | flags: none (0x0) Aug 26 13:14:53.269961: | length: 197 (0xc5) Aug 26 13:14:53.269962: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:14:53.269964: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:14:53.269976: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:14:53.269979: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.269981: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.269983: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.269984: | flags: none (0x0) Aug 26 13:14:53.269986: | length: 12 (0xc) Aug 26 13:14:53.269988: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.269989: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:14:53.269991: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.269993: | **parse IKEv2 Authentication Payload: Aug 26 13:14:53.269995: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.269996: | flags: none (0x0) Aug 26 13:14:53.269998: | length: 72 (0x48) Aug 26 13:14:53.269999: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.270001: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:14:53.270003: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.270006: | **parse IKEv2 Security Association Payload: Aug 26 13:14:53.270008: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:14:53.270010: | flags: none (0x0) Aug 26 13:14:53.270011: | length: 36 (0x24) Aug 26 13:14:53.270013: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:14:53.270014: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.270016: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.270018: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:14:53.270019: | flags: none (0x0) Aug 26 13:14:53.270021: | length: 24 (0x18) Aug 26 13:14:53.270023: | number of TS: 1 (0x1) Aug 26 13:14:53.270024: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:14:53.270026: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.270028: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.270029: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.270031: | flags: none (0x0) Aug 26 13:14:53.270032: | length: 24 (0x18) Aug 26 13:14:53.270034: | number of TS: 1 (0x1) Aug 26 13:14:53.270036: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:14:53.270037: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:14:53.270039: | Now let's proceed with state specific processing Aug 26 13:14:53.270041: | calling processor Initiator: process IKE_AUTH response Aug 26 13:14:53.270045: | offered CA: '%none' Aug 26 13:14:53.270047: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:14:53.270076: | verifying AUTH payload Aug 26 13:14:53.270079: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:14:53.270082: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.270084: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.270086: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:14:53.270089: | 1: compared key @west to @west / @east -> 010 Aug 26 13:14:53.270091: | 2: compared key @east to @west / @east -> 014 Aug 26 13:14:53.270093: | line 1: match=014 Aug 26 13:14:53.270095: | match 014 beats previous best_match 000 match=0x55c1fdf34b58 (line=1) Aug 26 13:14:53.270097: | concluding with best_match=014 best=0x55c1fdf34b58 (lineno=1) Aug 26 13:14:53.270141: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 13:14:53.270149: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:14:53.270153: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:14:53.270155: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:14:53.270159: | libevent_free: release ptr-libevent@0x55c1fdfdf9c8 Aug 26 13:14:53.270162: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c1fdfdfc28 Aug 26 13:14:53.270164: | event_schedule: new EVENT_SA_REKEY-pe@0x55c1fdfdfc28 Aug 26 13:14:53.270167: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:14:53.270169: | libevent_malloc: new ptr-libevent@0x7f7bec000f48 size 128 Aug 26 13:14:53.270231: | pstats #1 ikev2.ike established Aug 26 13:14:53.270238: | TSi: parsing 1 traffic selectors Aug 26 13:14:53.270243: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.270246: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.270249: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.270252: | length: 16 (0x10) Aug 26 13:14:53.270255: | start port: 0 (0x0) Aug 26 13:14:53.270258: | end port: 65535 (0xffff) Aug 26 13:14:53.270262: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.270265: | TS low c0 00 01 00 Aug 26 13:14:53.270268: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.270271: | TS high c0 00 01 ff Aug 26 13:14:53.270274: | TSi: parsed 1 traffic selectors Aug 26 13:14:53.270278: | TSr: parsing 1 traffic selectors Aug 26 13:14:53.270281: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.270286: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.270296: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.270299: | length: 16 (0x10) Aug 26 13:14:53.270302: | start port: 0 (0x0) Aug 26 13:14:53.270305: | end port: 65535 (0xffff) Aug 26 13:14:53.270308: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.270311: | TS low c0 00 02 00 Aug 26 13:14:53.270314: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.270317: | TS high c0 00 02 ff Aug 26 13:14:53.270320: | TSr: parsed 1 traffic selectors Aug 26 13:14:53.270327: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.270333: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.270338: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.270341: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.270343: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.270345: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.270347: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.270350: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.270353: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.270355: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.270357: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.270359: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.270361: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.270362: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.270364: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:14:53.270366: | printing contents struct traffic_selector Aug 26 13:14:53.270367: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:14:53.270369: | ipprotoid: 0 Aug 26 13:14:53.270371: | port range: 0-65535 Aug 26 13:14:53.270373: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:14:53.270375: | printing contents struct traffic_selector Aug 26 13:14:53.270376: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:14:53.270378: | ipprotoid: 0 Aug 26 13:14:53.270379: | port range: 0-65535 Aug 26 13:14:53.270382: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:14:53.270390: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.270392: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:14:53.270395: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.270397: | local proposal 1 type PRF has 0 transforms Aug 26 13:14:53.270399: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.270400: | local proposal 1 type DH has 1 transforms Aug 26 13:14:53.270402: | local proposal 1 type ESN has 1 transforms Aug 26 13:14:53.270404: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.270406: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.270408: | local proposal 2 type PRF has 0 transforms Aug 26 13:14:53.270409: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.270411: | local proposal 2 type DH has 1 transforms Aug 26 13:14:53.270413: | local proposal 2 type ESN has 1 transforms Aug 26 13:14:53.270415: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.270416: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.270418: | local proposal 3 type PRF has 0 transforms Aug 26 13:14:53.270421: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.270423: | local proposal 3 type DH has 1 transforms Aug 26 13:14:53.270425: | local proposal 3 type ESN has 1 transforms Aug 26 13:14:53.270427: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.270428: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.270430: | local proposal 4 type PRF has 0 transforms Aug 26 13:14:53.270432: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.270433: | local proposal 4 type DH has 1 transforms Aug 26 13:14:53.270435: | local proposal 4 type ESN has 1 transforms Aug 26 13:14:53.270437: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.270439: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.270441: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.270442: | length: 32 (0x20) Aug 26 13:14:53.270444: | prop #: 1 (0x1) Aug 26 13:14:53.270446: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.270447: | spi size: 4 (0x4) Aug 26 13:14:53.270449: | # transforms: 2 (0x2) Aug 26 13:14:53.270451: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.270453: | remote SPI 9e fd 5e 08 Aug 26 13:14:53.270455: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:14:53.270457: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.270459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.270461: | length: 12 (0xc) Aug 26 13:14:53.270462: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.270464: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.270466: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.270468: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.270469: | length/value: 256 (0x100) Aug 26 13:14:53.270472: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.270474: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.270476: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.270477: | length: 8 (0x8) Aug 26 13:14:53.270479: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.270481: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.270483: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:14:53.270485: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:14:53.270488: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:14:53.270490: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.270492: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:14:53.270496: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=9efd5e08;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:14:53.270497: | converting proposal to internal trans attrs Aug 26 13:14:53.270501: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:14:53.270603: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:14:53.270607: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:14:53.270609: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.270611: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.270613: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.270616: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.270618: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.270621: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.270623: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.270628: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.270632: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.270634: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.270636: | netlink: enabling tunnel mode Aug 26 13:14:53.270638: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.270640: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.270696: | netlink response for Add SA esp.9efd5e08@192.1.2.23 included non-error error Aug 26 13:14:53.270699: | set up outgoing SA, ref=0/0 Aug 26 13:14:53.270701: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.270703: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.270705: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.270707: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.270709: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.270711: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.270713: | netlink: enabling tunnel mode Aug 26 13:14:53.270715: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.270717: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.270747: | netlink response for Add SA esp.9691b1cd@192.1.2.45 included non-error error Aug 26 13:14:53.270754: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.270762: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:53.270767: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.270789: | raw_eroute result=success Aug 26 13:14:53.270793: | set up incoming SA, ref=0/0 Aug 26 13:14:53.270796: | sr for #2: unrouted Aug 26 13:14:53.270800: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:14:53.270804: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.270808: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.270811: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.270816: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.270821: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:14:53.270826: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.270834: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:14:53.270838: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.270852: | raw_eroute result=success Aug 26 13:14:53.270856: | running updown command "ipsec _updown" for verb up Aug 26 13:14:53.270860: | command executing up-client Aug 26 13:14:53.270894: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:14:53.270902: | popen cmd is 1049 chars long Aug 26 13:14:53.270906: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:14:53.270910: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 13:14:53.270914: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 13:14:53.270918: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 13:14:53.270922: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 13:14:53.270926: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:14:53.270929: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:14:53.270933: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 13:14:53.270937: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:14:53.270941: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:14:53.270945: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:14:53.270948: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:14:53.270952: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9efd5e08 SPI_OUT=0x9691b1cd ipsec _up: Aug 26 13:14:53.270955: | cmd(1040):down 2>&1: Aug 26 13:14:53.281101: | route_and_eroute: firewall_notified: true Aug 26 13:14:53.281114: | running updown command "ipsec _updown" for verb prepare Aug 26 13:14:53.281117: | command executing prepare-client Aug 26 13:14:53.281139: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 13:14:53.281142: | popen cmd is 1054 chars long Aug 26 13:14:53.281144: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:53.281146: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:14:53.281148: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:53.281149: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:53.281151: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 13:14:53.281153: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:14:53.281154: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:14:53.281156: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:14:53.281158: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:14:53.281160: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:14:53.281164: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:14:53.281166: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:14:53.281168: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9efd5e08 SPI_OUT=0x9691b1cd ipse: Aug 26 13:14:53.281169: | cmd(1040):c _updown 2>&1: Aug 26 13:14:53.289450: | running updown command "ipsec _updown" for verb route Aug 26 13:14:53.289464: | command executing route-client Aug 26 13:14:53.289484: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Aug 26 13:14:53.289487: | popen cmd is 1052 chars long Aug 26 13:14:53.289489: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:14:53.289491: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 13:14:53.289493: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 13:14:53.289495: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 13:14:53.289497: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Aug 26 13:14:53.289499: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:14:53.289501: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:14:53.289502: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:14:53.289504: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 13:14:53.289506: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:14:53.289508: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:14:53.289509: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:14:53.289511: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9efd5e08 SPI_OUT=0x9691b1cd ipsec : Aug 26 13:14:53.289513: | cmd(1040):_updown 2>&1: Aug 26 13:14:53.299558: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55c1fdfdb858,sr=0x55c1fdfdb858} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:14:53.299633: | #1 spent 1.53 milliseconds in install_ipsec_sa() Aug 26 13:14:53.299639: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:14:53.299642: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:53.299645: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:14:53.299654: | libevent_free: release ptr-libevent@0x55c1fdfe3578 Aug 26 13:14:53.299660: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7bf4002b78 Aug 26 13:14:53.299665: | #2 spent 2.11 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:14:53.299675: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.299678: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:14:53.299680: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:14:53.299684: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:14:53.299686: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:14:53.299690: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:14:53.299694: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.299696: | pstats #2 ikev2.child established Aug 26 13:14:53.299702: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:14:53.299712: | NAT-T: encaps is 'auto' Aug 26 13:14:53.299716: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x9efd5e08 <0x9691b1cd xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:14:53.299719: | releasing whack for #2 (sock=fd@25) Aug 26 13:14:53.299722: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:14:53.299724: | releasing whack and unpending for parent #1 Aug 26 13:14:53.299727: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.299732: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.299735: | removing pending policy for no connection {0x55c1fdf3d898} Aug 26 13:14:53.299742: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:14:53.299747: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:14:53.299749: | event_schedule: new EVENT_SA_REKEY-pe@0x7f7bf4002b78 Aug 26 13:14:53.299752: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:14:53.299755: | libevent_malloc: new ptr-libevent@0x55c1fdfe1cd8 size 128 Aug 26 13:14:53.299760: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.299764: | #1 spent 2.42 milliseconds in ikev2_process_packet() Aug 26 13:14:53.299768: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:53.299772: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.299774: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.299777: | spent 2.43 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.299788: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.299792: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.299795: | spent 0.00363 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.299797: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.299800: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.299804: | spent 0.00365 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.299807: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.299810: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.299814: | spent 0.00371 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:56.533569: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:56.533655: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:14:56.533681: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:56.533710: | get_sa_info esp.9691b1cd@192.1.2.45 Aug 26 13:14:56.533759: | get_sa_info esp.9efd5e08@192.1.2.23 Aug 26 13:14:56.533824: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:56.533856: | spent 0.318 milliseconds in whack Aug 26 13:14:57.405326: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:57.405580: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:57.405585: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:57.405630: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:14:57.405632: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:57.405642: | get_sa_info esp.9691b1cd@192.1.2.45 Aug 26 13:14:57.405655: | get_sa_info esp.9efd5e08@192.1.2.23 Aug 26 13:14:57.405671: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:57.405675: | spent 0.374 milliseconds in whack Aug 26 13:14:57.696547: | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:57.696583: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:57.696591: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696595: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.696597: | e6 2d 80 49 60 3b 66 cf 7c f1 c6 19 c7 a0 77 59 Aug 26 13:14:57.696600: | fe 9c 36 66 4f d5 79 14 4c ad dc 14 29 cb 41 da Aug 26 13:14:57.696603: | 08 08 52 8e b7 Aug 26 13:14:57.696608: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:57.696612: | **parse ISAKMP Message: Aug 26 13:14:57.696616: | initiator cookie: Aug 26 13:14:57.696619: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.696622: | responder cookie: Aug 26 13:14:57.696624: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696628: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:57.696631: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.696635: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.696640: | flags: none (0x0) Aug 26 13:14:57.696644: | Message ID: 0 (0x0) Aug 26 13:14:57.696647: | length: 69 (0x45) Aug 26 13:14:57.696651: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:14:57.696655: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:14:57.696658: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:14:57.696663: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:57.696666: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:57.696669: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:57.696671: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:14:57.696674: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:14:57.696676: | unpacking clear payload Aug 26 13:14:57.696677: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:57.696679: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:57.696681: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:14:57.696683: | flags: none (0x0) Aug 26 13:14:57.696685: | length: 41 (0x29) Aug 26 13:14:57.696687: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:14:57.696690: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:14:57.696692: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:14:57.696710: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:14:57.696712: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:14:57.696714: | **parse IKEv2 Delete Payload: Aug 26 13:14:57.696716: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.696718: | flags: none (0x0) Aug 26 13:14:57.696719: | length: 12 (0xc) Aug 26 13:14:57.696721: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.696723: | SPI size: 4 (0x4) Aug 26 13:14:57.696739: | number of SPIs: 1 (0x1) Aug 26 13:14:57.696741: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:14:57.696743: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:14:57.696745: | Now let's proceed with state specific processing Aug 26 13:14:57.696747: | calling processor I3: INFORMATIONAL Request Aug 26 13:14:57.696749: | an informational request should send a response Aug 26 13:14:57.696768: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:14:57.696770: | **emit ISAKMP Message: Aug 26 13:14:57.696772: | initiator cookie: Aug 26 13:14:57.696773: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.696775: | responder cookie: Aug 26 13:14:57.696776: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696778: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.696780: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.696782: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.696784: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:14:57.696785: | Message ID: 0 (0x0) Aug 26 13:14:57.696787: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.696789: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.696791: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.696793: | flags: none (0x0) Aug 26 13:14:57.696795: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.696797: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.696799: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.696808: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:14:57.696810: | SPI 9e fd 5e 08 Aug 26 13:14:57.696812: | delete PROTO_v2_ESP SA(0x9efd5e08) Aug 26 13:14:57.696814: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:14:57.696816: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:14:57.696818: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x9efd5e08) Aug 26 13:14:57.696820: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:14:57.696822: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.696825: | libevent_free: release ptr-libevent@0x55c1fdfe1cd8 Aug 26 13:14:57.696827: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f7bf4002b78 Aug 26 13:14:57.696829: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f7bf4002b78 Aug 26 13:14:57.696832: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:14:57.696834: | libevent_malloc: new ptr-libevent@0x55c1fdfe3578 size 128 Aug 26 13:14:57.696836: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.696838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.696839: | flags: none (0x0) Aug 26 13:14:57.696841: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.696843: | SPI size: 4 (0x4) Aug 26 13:14:57.696844: | number of SPIs: 1 (0x1) Aug 26 13:14:57.696846: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.696848: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.696850: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:14:57.696852: | local SPIs 96 91 b1 cd Aug 26 13:14:57.696854: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:14:57.696856: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.696858: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.696860: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.696863: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:14:57.696865: | emitting length of ISAKMP Message: 69 Aug 26 13:14:57.696877: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:57.696879: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.696881: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.696883: | 6b 42 0e d9 be bd fb 8a 09 9d 78 72 f0 56 9e 17 Aug 26 13:14:57.696884: | 94 ed 11 81 71 84 d2 41 56 18 55 7d e3 b7 1e 61 Aug 26 13:14:57.696886: | 05 b0 05 79 fe Aug 26 13:14:57.696905: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:14:57.696909: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:14:57.696913: | #1 spent 0.156 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:14:57.696917: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.696919: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:14:57.696922: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:14:57.696924: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:14:57.696927: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:57.696929: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:14:57.696932: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:57.696935: | #1 spent 0.355 milliseconds in ikev2_process_packet() Aug 26 13:14:57.696938: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:57.696940: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:57.696942: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:57.696945: | spent 0.365 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:57.696950: | timer_event_cb: processing event@0x7f7bf4002b78 Aug 26 13:14:57.696952: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:14:57.696955: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.696957: | picked newest_ipsec_sa #2 for #2 Aug 26 13:14:57.696960: | replacing stale CHILD SA Aug 26 13:14:57.696962: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:14:57.696964: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:57.696966: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:14:57.696970: | creating state object #3 at 0x55c1fdfe7d88 Aug 26 13:14:57.696971: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:14:57.696978: | pstats #3 ikev2.child started Aug 26 13:14:57.696981: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 13:14:57.696985: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:57.696991: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:57.696994: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:14:57.696999: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:14:57.697001: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:14:57.697004: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:14:57.697006: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 13:14:57.697011: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:57.697016: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.697018: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:57.697020: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.697022: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:57.697025: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.697027: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:57.697030: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.697034: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.697038: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:14:57.697040: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55c1fdfdfd98 Aug 26 13:14:57.697043: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:14:57.697045: | libevent_malloc: new ptr-libevent@0x55c1fdfe1cd8 size 128 Aug 26 13:14:57.697048: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:14:57.697050: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55c1fdfe26d8 Aug 26 13:14:57.697052: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:14:57.697054: | libevent_malloc: new ptr-libevent@0x55c1fdfdf918 size 128 Aug 26 13:14:57.697056: | libevent_free: release ptr-libevent@0x55c1fdfe3578 Aug 26 13:14:57.697058: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f7bf4002b78 Aug 26 13:14:57.697061: | #2 spent 0.111 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:14:57.697063: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.697066: | timer_event_cb: processing event@0x55c1fdfdfd98 Aug 26 13:14:57.697068: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:14:57.697071: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.697075: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:14:57.697077: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7bf4002b78 Aug 26 13:14:57.697080: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:14:57.697082: | libevent_malloc: new ptr-libevent@0x55c1fdfe3578 size 128 Aug 26 13:14:57.697088: | libevent_free: release ptr-libevent@0x55c1fdfe1cd8 Aug 26 13:14:57.697090: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55c1fdfdfd98 Aug 26 13:14:57.697106: | #3 spent 0.0389 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:14:57.697109: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.697115: | timer_event_cb: processing event@0x55c1fdfe26d8 Aug 26 13:14:57.697120: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:14:57.697112: | crypto helper 2 resuming Aug 26 13:14:57.697124: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.697133: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:14:57.697134: | picked newest_ipsec_sa #2 for #2 Aug 26 13:14:57.697138: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:14:57.697140: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:14:57.697143: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:14:57.697145: | pstats #2 ikev2.child deleted completed Aug 26 13:14:57.697147: | #2 spent 2.23 milliseconds in total Aug 26 13:14:57.697150: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.697152: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 4.455s and NOT sending notification Aug 26 13:14:57.697155: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:14:57.697157: | get_sa_info esp.9efd5e08@192.1.2.23 Aug 26 13:14:57.697167: | get_sa_info esp.9691b1cd@192.1.2.45 Aug 26 13:14:57.697173: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 13:14:57.697176: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:14:57.697218: | running updown command "ipsec _updown" for verb down Aug 26 13:14:57.697223: | command executing down-client Aug 26 13:14:57.697257: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:14:57.697261: | popen cmd is 1060 chars long Aug 26 13:14:57.697264: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:14:57.697266: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 13:14:57.697268: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 13:14:57.697270: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 13:14:57.697272: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Aug 26 13:14:57.697273: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:14:57.697275: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:14:57.697277: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CO: Aug 26 13:14:57.697278: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 13:14:57.697280: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 13:14:57.697282: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 13:14:57.697285: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 13:14:57.697287: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9efd5e08 SPI_OUT=0x9691b1c: Aug 26 13:14:57.697297: | cmd(1040):d ipsec _updown 2>&1: Aug 26 13:14:57.697882: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000741 seconds Aug 26 13:14:57.697896: | (#3) spent 0.75 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:14:57.697901: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Aug 26 13:14:57.697904: | scheduling resume sending helper answer for #3 Aug 26 13:14:57.697908: | libevent_malloc: new ptr-libevent@0x7f7bf0002888 size 128 Aug 26 13:14:57.697921: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:57.704611: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:14:57.704621: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.704626: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.704631: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:57.704653: | delete esp.9efd5e08@192.1.2.23 Aug 26 13:14:57.704666: | netlink response for Del SA esp.9efd5e08@192.1.2.23 included non-error error Aug 26 13:14:57.704669: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.704676: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:57.704709: | raw_eroute result=success Aug 26 13:14:57.704714: | delete esp.9691b1cd@192.1.2.45 Aug 26 13:14:57.704724: | netlink response for Del SA esp.9691b1cd@192.1.2.45 included non-error error Aug 26 13:14:57.704735: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.704738: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:14:57.704742: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:14:57.704748: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.704765: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:14:57.704768: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:14:57.704773: | libevent_free: release ptr-libevent@0x55c1fdfdf918 Aug 26 13:14:57.704776: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55c1fdfe26d8 Aug 26 13:14:57.704779: | in statetime_stop() and could not find #2 Aug 26 13:14:57.704782: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.704798: | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:57.704826: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:57.704829: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.704831: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:14:57.704834: | c4 2e ae b5 43 ae 07 cc 75 89 b5 f2 e3 f1 86 06 Aug 26 13:14:57.704836: | 1b 18 10 d9 65 ec 9e 31 b9 37 5f 51 3e 9b 79 fc Aug 26 13:14:57.704838: | 08 Aug 26 13:14:57.704843: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:57.704846: | **parse ISAKMP Message: Aug 26 13:14:57.704849: | initiator cookie: Aug 26 13:14:57.704851: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.704854: | responder cookie: Aug 26 13:14:57.704856: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.704859: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:57.704861: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.704864: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.704867: | flags: none (0x0) Aug 26 13:14:57.704870: | Message ID: 1 (0x1) Aug 26 13:14:57.704875: | length: 65 (0x41) Aug 26 13:14:57.704878: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:14:57.704882: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:14:57.704887: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:14:57.704893: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:57.704897: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:57.704901: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:57.704905: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:14:57.704909: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:14:57.704912: | unpacking clear payload Aug 26 13:14:57.704915: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:57.704918: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:57.704921: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:14:57.704924: | flags: none (0x0) Aug 26 13:14:57.704927: | length: 37 (0x25) Aug 26 13:14:57.704929: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:14:57.704934: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:57.704937: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:14:57.704957: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:14:57.704961: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:14:57.704965: | **parse IKEv2 Delete Payload: Aug 26 13:14:57.704967: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.704970: | flags: none (0x0) Aug 26 13:14:57.704972: | length: 8 (0x8) Aug 26 13:14:57.704975: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:14:57.704978: | SPI size: 0 (0x0) Aug 26 13:14:57.704980: | number of SPIs: 0 (0x0) Aug 26 13:14:57.704983: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:14:57.704986: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:14:57.704989: | Now let's proceed with state specific processing Aug 26 13:14:57.704991: | calling processor I3: INFORMATIONAL Request Aug 26 13:14:57.704995: | an informational request should send a response Aug 26 13:14:57.705016: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:14:57.705019: | **emit ISAKMP Message: Aug 26 13:14:57.705021: | initiator cookie: Aug 26 13:14:57.705022: | f7 9c bc 94 14 ee f8 f5 Aug 26 13:14:57.705024: | responder cookie: Aug 26 13:14:57.705025: | 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.705027: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.705029: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.705031: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.705033: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:14:57.705034: | Message ID: 1 (0x1) Aug 26 13:14:57.705036: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.705038: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.705040: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.705042: | flags: none (0x0) Aug 26 13:14:57.705044: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.705046: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.705048: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.705055: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.705058: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.705061: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.705063: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:14:57.705065: | emitting length of ISAKMP Message: 57 Aug 26 13:14:57.705075: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:57.705078: | f7 9c bc 94 14 ee f8 f5 70 ba 94 3e 3e d6 ac 7b Aug 26 13:14:57.705079: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:14:57.705081: | 0f c4 f8 83 b7 b7 32 1a 37 b7 cf d6 d3 b2 1e f6 Aug 26 13:14:57.705082: | 72 bc c6 13 82 99 45 51 7c Aug 26 13:14:57.705101: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:14:57.705105: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:14:57.705108: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:14:57.705110: | pstats #3 ikev2.child deleted other Aug 26 13:14:57.705113: | #3 spent 0.0389 milliseconds in total Aug 26 13:14:57.705116: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.705119: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.705121: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification Aug 26 13:14:57.705123: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:14:57.705126: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:57.705128: | libevent_free: release ptr-libevent@0x55c1fdfe3578 Aug 26 13:14:57.705132: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7bf4002b78 Aug 26 13:14:57.705134: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.705138: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:57.705148: | raw_eroute result=success Aug 26 13:14:57.705152: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.705154: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:14:57.705159: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:14:57.705162: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.705164: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.705167: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:14:57.705170: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:14:57.705171: | pstats #1 ikev2.ike deleted completed Aug 26 13:14:57.705175: | #1 spent 7.26 milliseconds in total Aug 26 13:14:57.705177: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.705179: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 4.469s and NOT sending notification Aug 26 13:14:57.705181: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:14:57.705228: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.705233: | libevent_free: release ptr-libevent@0x7f7bec000f48 Aug 26 13:14:57.705237: | free_event_entry: release EVENT_SA_REKEY-pe@0x55c1fdfdfc28 Aug 26 13:14:57.705239: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:57.705246: | picked newest_isakmp_sa #0 for #1 Aug 26 13:14:57.705253: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:14:57.705258: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:14:57.705262: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:14:57.705267: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.705271: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:14:57.705275: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:14:57.705309: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.705344: | in statetime_stop() and could not find #1 Aug 26 13:14:57.705347: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.705350: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:14:57.705352: | STF_OK but no state object remains Aug 26 13:14:57.705354: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:57.705355: | in statetime_stop() and could not find #1 Aug 26 13:14:57.705358: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:57.705360: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:57.705362: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:57.705366: | spent 0.54 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:57.705371: | processing resume sending helper answer for #3 Aug 26 13:14:57.705374: | crypto helper 2 replies to request ID 3 Aug 26 13:14:57.705376: | calling continuation function 0x55c1fd73ab50 Aug 26 13:14:57.705377: | work-order 3 state #3 crypto result suppressed Aug 26 13:14:57.705386: | (#3) spent 0.0112 milliseconds in resume sending helper answer Aug 26 13:14:57.705388: | libevent_free: release ptr-libevent@0x7f7bf0002888 Aug 26 13:14:57.705390: | processing signal PLUTO_SIGCHLD Aug 26 13:14:57.705394: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:57.705397: | spent 0.00378 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:57.705400: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:14:57.705403: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 13:14:57.705405: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:57.705408: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:14:57.705410: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:14:57.705412: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:14:57.705414: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:57.705418: | creating state object #4 at 0x55c1fdfe28a8 Aug 26 13:14:57.705420: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:14:57.705425: | pstats #4 ikev2.ike started Aug 26 13:14:57.705427: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:57.705429: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:14:57.705432: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:57.705436: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:57.705439: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:57.705441: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:14:57.705444: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:57.705449: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 13:14:57.705459: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:57.705462: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:14:57.705465: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f7bec001f18 Aug 26 13:14:57.705467: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:14:57.705469: | libevent_malloc: new ptr-libevent@0x55c1fdfdf918 size 128 Aug 26 13:14:57.705477: | #4 spent 0.0687 milliseconds in ikev2_parent_outI1() Aug 26 13:14:57.705495: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:57.705497: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:57.705499: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:14:57.705502: | spent 0.0995 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:14:57.705506: | crypto helper 3 resuming Aug 26 13:14:57.705515: | crypto helper 3 starting work-order 4 for state #4 Aug 26 13:14:57.705519: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:14:57.706067: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000548 seconds Aug 26 13:14:57.706073: | (#4) spent 0.554 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:14:57.706076: | crypto helper 3 sending results from work-order 4 for state #4 to event queue Aug 26 13:14:57.706078: | scheduling resume sending helper answer for #4 Aug 26 13:14:57.706080: | libevent_malloc: new ptr-libevent@0x7f7be4002888 size 128 Aug 26 13:14:57.706086: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:57.706114: | processing resume sending helper answer for #4 Aug 26 13:14:57.706123: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:57.706139: | crypto helper 3 replies to request ID 4 Aug 26 13:14:57.706141: | calling continuation function 0x55c1fd73ab50 Aug 26 13:14:57.706143: | ikev2_parent_outI1_continue for #4 Aug 26 13:14:57.706146: | **emit ISAKMP Message: Aug 26 13:14:57.706148: | initiator cookie: Aug 26 13:14:57.706150: | 5f 07 92 1e 2a e0 69 d2 Aug 26 13:14:57.706151: | responder cookie: Aug 26 13:14:57.706153: | 00 00 00 00 00 00 00 00 Aug 26 13:14:57.706155: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.706157: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.706159: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:57.706161: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:57.706162: | Message ID: 0 (0x0) Aug 26 13:14:57.706164: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.706174: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:57.706181: | Emitting ikev2_proposals ... Aug 26 13:14:57.706186: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:57.706190: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.706193: | flags: none (0x0) Aug 26 13:14:57.706196: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:57.706200: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.706203: | discarding INTEG=NONE Aug 26 13:14:57.706206: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.706210: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706213: | prop #: 1 (0x1) Aug 26 13:14:57.706216: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.706219: | spi size: 0 (0x0) Aug 26 13:14:57.706221: | # transforms: 11 (0xb) Aug 26 13:14:57.706224: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.706227: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706233: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.706236: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.706239: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706242: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.706244: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.706247: | length/value: 256 (0x100) Aug 26 13:14:57.706250: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.706265: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706269: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706271: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.706273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706277: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706278: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706282: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706284: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.706286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706296: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706298: | discarding INTEG=NONE Aug 26 13:14:57.706299: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706305: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.706307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706312: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706332: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.706334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706338: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706339: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706341: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706342: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706344: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.706346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706348: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706350: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706351: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706353: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706355: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706356: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.706358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706362: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706363: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706367: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706368: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.706370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706374: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706375: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706379: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706380: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.706382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706386: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706391: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706393: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.706396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706398: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706401: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706403: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.706404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706406: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.706408: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706412: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706413: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:57.706415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.706417: | discarding INTEG=NONE Aug 26 13:14:57.706419: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.706420: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706422: | prop #: 2 (0x2) Aug 26 13:14:57.706424: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.706425: | spi size: 0 (0x0) Aug 26 13:14:57.706427: | # transforms: 11 (0xb) Aug 26 13:14:57.706429: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706431: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.706433: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706436: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.706438: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.706439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706441: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.706443: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.706445: | length/value: 128 (0x80) Aug 26 13:14:57.706446: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.706448: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706451: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706453: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.706455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706459: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706464: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706465: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.706467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706472: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706474: | discarding INTEG=NONE Aug 26 13:14:57.706475: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706479: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706480: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.706482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706486: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706487: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706492: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.706494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706498: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706500: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706505: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.706506: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706510: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706512: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706513: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706515: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706517: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.706519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706520: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706522: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706524: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706527: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706529: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.706531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706534: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706536: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706542: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.706544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706547: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706552: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706554: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.706556: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706559: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706561: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706563: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.706564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706566: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.706568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706572: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706573: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:57.706575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.706577: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.706579: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706580: | prop #: 3 (0x3) Aug 26 13:14:57.706582: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.706583: | spi size: 0 (0x0) Aug 26 13:14:57.706585: | # transforms: 13 (0xd) Aug 26 13:14:57.706587: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706589: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.706591: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706594: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.706595: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.706597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706599: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.706601: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.706602: | length/value: 256 (0x100) Aug 26 13:14:57.706604: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.706606: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706609: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706611: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.706613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706617: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706619: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706622: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706624: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.706626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706629: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706631: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706634: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.706636: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.706638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706640: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706641: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706643: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706646: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.706648: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.706650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706653: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706655: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706660: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.706662: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706665: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706667: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706672: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.706674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706677: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706679: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706682: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706684: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.706686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706690: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706692: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706697: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.706699: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706702: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706704: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706707: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706709: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.706711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706713: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706714: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706716: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706719: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706721: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.706723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706726: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706728: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706731: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706733: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.706735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706738: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706740: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706742: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.706743: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706745: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.706747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706751: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706752: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:57.706754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.706758: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.706760: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:57.706761: | prop #: 4 (0x4) Aug 26 13:14:57.706763: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.706764: | spi size: 0 (0x0) Aug 26 13:14:57.706766: | # transforms: 13 (0xd) Aug 26 13:14:57.706768: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.706770: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.706772: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706775: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.706777: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.706778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706780: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.706782: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.706783: | length/value: 128 (0x80) Aug 26 13:14:57.706785: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.706787: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706790: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706792: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.706794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706795: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706797: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706799: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706802: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.706804: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.706806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706809: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706814: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.706816: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.706818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706819: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706821: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706823: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706824: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706826: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.706828: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.706830: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706834: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706836: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706841: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.706843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706846: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706848: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706851: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706853: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.706855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706858: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706860: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706863: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706865: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.706867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706870: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706872: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706877: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.706879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706882: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706884: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706887: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706889: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.706891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706894: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706896: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706899: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706901: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.706904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706907: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706909: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706912: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706914: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.706916: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706918: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706919: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706921: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.706923: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.706924: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.706926: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.706928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.706930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.706932: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.706933: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:57.706935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.706937: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:14:57.706939: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:57.706940: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:57.706942: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.706944: | flags: none (0x0) Aug 26 13:14:57.706946: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.706948: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:57.706950: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.706952: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:57.706954: | ikev2 g^x 8d ba 5c d3 68 3c 9f 37 5e 06 94 15 8f 62 50 a0 Aug 26 13:14:57.706956: | ikev2 g^x 69 36 df 36 2a 3e 95 e3 74 12 ed ba 40 c8 f3 ad Aug 26 13:14:57.706957: | ikev2 g^x 6b b8 d8 56 f6 31 9f f4 ab 88 ed a7 27 57 2d b5 Aug 26 13:14:57.706959: | ikev2 g^x a3 84 d4 cc 8e 32 4e 29 fa ca cc 8e 08 ba c9 48 Aug 26 13:14:57.706960: | ikev2 g^x 48 f9 3c 03 6d 1a d3 6d cb 8c f6 a5 32 c4 d8 df Aug 26 13:14:57.706962: | ikev2 g^x 51 51 30 ff 48 31 b8 a9 18 10 fd e7 92 27 0a 25 Aug 26 13:14:57.706964: | ikev2 g^x e4 3c 56 9a e2 37 39 76 22 73 de 48 1d df 83 1d Aug 26 13:14:57.706965: | ikev2 g^x 2c ba 74 71 01 9f ce 96 05 40 fd 8d f5 ad 74 cf Aug 26 13:14:57.706967: | ikev2 g^x d8 e0 6a 91 a4 fe 72 9e 17 98 88 b1 33 54 45 8c Aug 26 13:14:57.706968: | ikev2 g^x 00 35 b0 77 a8 e0 34 f4 c4 19 3c 76 5a 01 76 2a Aug 26 13:14:57.706970: | ikev2 g^x 81 9c 7e 2e f1 94 17 0e 42 25 e7 f4 12 9b 74 5b Aug 26 13:14:57.706971: | ikev2 g^x 1e aa 83 7d f9 a6 ee 08 ab 7e 53 bb 72 65 a2 ab Aug 26 13:14:57.706973: | ikev2 g^x 76 b0 19 89 14 3e 9d f3 48 8f 93 60 69 e4 69 2f Aug 26 13:14:57.706976: | ikev2 g^x 28 51 b2 7c 65 e2 33 61 3e 98 f3 72 77 6b 18 6a Aug 26 13:14:57.706978: | ikev2 g^x 97 80 f4 f4 d2 b6 21 30 12 16 66 ce 27 38 e0 58 Aug 26 13:14:57.706980: | ikev2 g^x 8c 91 ef dc 5d 71 01 2c 70 1d 61 ea 9a 8f c3 a4 Aug 26 13:14:57.706981: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:57.706983: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:57.706985: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:57.706986: | flags: none (0x0) Aug 26 13:14:57.706988: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:57.706991: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:57.706992: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.706994: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:57.706996: | IKEv2 nonce c8 82 21 4e ed 05 6e ea 5f 6d f1 3f 03 d7 c1 c9 Aug 26 13:14:57.706998: | IKEv2 nonce c7 77 00 38 39 8e a2 d1 75 57 5b 09 23 20 55 32 Aug 26 13:14:57.706999: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:57.707001: | Adding a v2N Payload Aug 26 13:14:57.707003: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.707005: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.707006: | flags: none (0x0) Aug 26 13:14:57.707008: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.707010: | SPI size: 0 (0x0) Aug 26 13:14:57.707012: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:57.707014: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.707016: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.707017: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:57.707020: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:57.707021: | natd_hash: rcookie is zero Aug 26 13:14:57.707030: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:57.707032: | natd_hash: icookie= 5f 07 92 1e 2a e0 69 d2 Aug 26 13:14:57.707034: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:57.707036: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:57.707037: | natd_hash: port=500 Aug 26 13:14:57.707039: | natd_hash: hash= ed df 2b 20 f8 5d 7b ac c3 43 b2 19 36 c4 13 69 Aug 26 13:14:57.707041: | natd_hash: hash= 36 ff 2c 7a Aug 26 13:14:57.707042: | Adding a v2N Payload Aug 26 13:14:57.707044: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.707045: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.707047: | flags: none (0x0) Aug 26 13:14:57.707049: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.707050: | SPI size: 0 (0x0) Aug 26 13:14:57.707052: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:57.707054: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.707056: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.707058: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:57.707060: | Notify data ed df 2b 20 f8 5d 7b ac c3 43 b2 19 36 c4 13 69 Aug 26 13:14:57.707061: | Notify data 36 ff 2c 7a Aug 26 13:14:57.707063: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:57.707064: | natd_hash: rcookie is zero Aug 26 13:14:57.707068: | natd_hash: hasher=0x55c1fd80f800(20) Aug 26 13:14:57.707070: | natd_hash: icookie= 5f 07 92 1e 2a e0 69 d2 Aug 26 13:14:57.707071: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:57.707073: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:57.707075: | natd_hash: port=500 Aug 26 13:14:57.707076: | natd_hash: hash= 44 b3 76 cd 5c d2 1a 39 c4 8c cd 80 06 3d 87 9d Aug 26 13:14:57.707079: | natd_hash: hash= 0c a9 dc 48 Aug 26 13:14:57.707081: | Adding a v2N Payload Aug 26 13:14:57.707083: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.707084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.707086: | flags: none (0x0) Aug 26 13:14:57.707087: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.707089: | SPI size: 0 (0x0) Aug 26 13:14:57.707091: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:57.707093: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.707094: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.707096: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:57.707098: | Notify data 44 b3 76 cd 5c d2 1a 39 c4 8c cd 80 06 3d 87 9d Aug 26 13:14:57.707099: | Notify data 0c a9 dc 48 Aug 26 13:14:57.707101: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:57.707103: | emitting length of ISAKMP Message: 828 Aug 26 13:14:57.707107: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:14:57.707111: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.707114: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:14:57.707116: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:14:57.707118: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:14:57.707120: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:14:57.707122: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:14:57.707125: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:57.707127: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:57.707131: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:57.707134: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 13:14:57.707136: | 5f 07 92 1e 2a e0 69 d2 00 00 00 00 00 00 00 00 Aug 26 13:14:57.707138: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:57.707139: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:57.707141: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:57.707142: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:57.707144: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:57.707146: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:57.707147: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:57.707149: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:57.707150: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:57.707152: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:57.707153: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:57.707155: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:57.707156: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:57.707158: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:57.707159: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:57.707161: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:57.707163: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:57.707164: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:57.707166: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:57.707167: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:57.707170: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:57.707172: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:57.707173: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:57.707175: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:57.707176: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:57.707178: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:57.707179: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:57.707181: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:57.707182: | 28 00 01 08 00 0e 00 00 8d ba 5c d3 68 3c 9f 37 Aug 26 13:14:57.707184: | 5e 06 94 15 8f 62 50 a0 69 36 df 36 2a 3e 95 e3 Aug 26 13:14:57.707185: | 74 12 ed ba 40 c8 f3 ad 6b b8 d8 56 f6 31 9f f4 Aug 26 13:14:57.707187: | ab 88 ed a7 27 57 2d b5 a3 84 d4 cc 8e 32 4e 29 Aug 26 13:14:57.707189: | fa ca cc 8e 08 ba c9 48 48 f9 3c 03 6d 1a d3 6d Aug 26 13:14:57.707190: | cb 8c f6 a5 32 c4 d8 df 51 51 30 ff 48 31 b8 a9 Aug 26 13:14:57.707192: | 18 10 fd e7 92 27 0a 25 e4 3c 56 9a e2 37 39 76 Aug 26 13:14:57.707193: | 22 73 de 48 1d df 83 1d 2c ba 74 71 01 9f ce 96 Aug 26 13:14:57.707195: | 05 40 fd 8d f5 ad 74 cf d8 e0 6a 91 a4 fe 72 9e Aug 26 13:14:57.707196: | 17 98 88 b1 33 54 45 8c 00 35 b0 77 a8 e0 34 f4 Aug 26 13:14:57.707198: | c4 19 3c 76 5a 01 76 2a 81 9c 7e 2e f1 94 17 0e Aug 26 13:14:57.707199: | 42 25 e7 f4 12 9b 74 5b 1e aa 83 7d f9 a6 ee 08 Aug 26 13:14:57.707201: | ab 7e 53 bb 72 65 a2 ab 76 b0 19 89 14 3e 9d f3 Aug 26 13:14:57.707202: | 48 8f 93 60 69 e4 69 2f 28 51 b2 7c 65 e2 33 61 Aug 26 13:14:57.707204: | 3e 98 f3 72 77 6b 18 6a 97 80 f4 f4 d2 b6 21 30 Aug 26 13:14:57.707206: | 12 16 66 ce 27 38 e0 58 8c 91 ef dc 5d 71 01 2c Aug 26 13:14:57.707207: | 70 1d 61 ea 9a 8f c3 a4 29 00 00 24 c8 82 21 4e Aug 26 13:14:57.707209: | ed 05 6e ea 5f 6d f1 3f 03 d7 c1 c9 c7 77 00 38 Aug 26 13:14:57.707210: | 39 8e a2 d1 75 57 5b 09 23 20 55 32 29 00 00 08 Aug 26 13:14:57.707212: | 00 00 40 2e 29 00 00 1c 00 00 40 04 ed df 2b 20 Aug 26 13:14:57.707213: | f8 5d 7b ac c3 43 b2 19 36 c4 13 69 36 ff 2c 7a Aug 26 13:14:57.707215: | 00 00 00 1c 00 00 40 05 44 b3 76 cd 5c d2 1a 39 Aug 26 13:14:57.707216: | c4 8c cd 80 06 3d 87 9d 0c a9 dc 48 Aug 26 13:14:57.707234: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:57.707238: | libevent_free: release ptr-libevent@0x55c1fdfdf918 Aug 26 13:14:57.707240: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f7bec001f18 Aug 26 13:14:57.707242: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:57.707244: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:57.707246: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f7bec001f18 Aug 26 13:14:57.707249: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 13:14:57.707251: | libevent_malloc: new ptr-libevent@0x55c1fdfe3578 size 128 Aug 26 13:14:57.707254: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10583.449713 Aug 26 13:14:57.707257: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:14:57.707261: | #4 spent 1.11 milliseconds in resume sending helper answer Aug 26 13:14:57.707264: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:57.707266: | libevent_free: release ptr-libevent@0x7f7be4002888 Aug 26 13:14:58.428219: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:58.428241: shutting down Aug 26 13:14:58.428250: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:14:58.428254: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:58.428259: forgetting secrets Aug 26 13:14:58.428263: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:58.428268: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:14:58.428271: | removing pending policy for no connection {0x55c1fdf3d898} Aug 26 13:14:58.428275: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:14:58.428278: | pass 0 Aug 26 13:14:58.428280: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:58.428283: | state #4 Aug 26 13:14:58.428287: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:58.428302: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:58.428306: | pstats #4 ikev2.ike deleted other Aug 26 13:14:58.428310: | #4 spent 1.73 milliseconds in total Aug 26 13:14:58.428315: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:58.428319: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.722s and NOT sending notification Aug 26 13:14:58.428322: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:14:58.428326: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:58.428329: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:14:58.428333: | libevent_free: release ptr-libevent@0x55c1fdfe3578 Aug 26 13:14:58.428336: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f7bec001f18 Aug 26 13:14:58.428340: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:58.428343: | picked newest_isakmp_sa #0 for #4 Aug 26 13:14:58.428347: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:14:58.428350: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 13:14:58.428354: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:14:58.428359: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:14:58.428363: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:14:58.428365: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:58.428368: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:14:58.428372: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:14:58.428391: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:58.428396: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:58.428399: | pass 1 Aug 26 13:14:58.428402: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:58.428406: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:14:58.428409: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:58.428413: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:58.428801: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:58.428813: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:58.428817: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:58.428820: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:58.428823: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:14:58.428826: | running updown command "ipsec _updown" for verb unroute Aug 26 13:14:58.428829: | command executing unroute-client Aug 26 13:14:58.428859: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 13:14:58.428863: | popen cmd is 1041 chars long Aug 26 13:14:58.428866: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:58.428869: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:14:58.428872: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:58.428875: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:58.428878: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Aug 26 13:14:58.428880: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:14:58.428883: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:14:58.428886: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 13:14:58.428889: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 13:14:58.428892: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:14:58.428894: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:14:58.428897: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:14:58.428900: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 13:14:58.428902: | cmd(1040):1: Aug 26 13:14:58.437037: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437059: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437062: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437066: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437069: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437079: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437089: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437309: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437317: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437327: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.437337: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.441450: | free hp@0x55c1fdfdd3d8 Aug 26 13:14:58.441464: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 13:14:58.441470: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:14:58.441485: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:14:58.441487: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:14:58.441497: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:14:58.441502: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:14:58.441505: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:14:58.441507: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:14:58.441509: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:14:58.441511: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:14:58.441514: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:14:58.441524: | libevent_free: release ptr-libevent@0x55c1fdfcefe8 Aug 26 13:14:58.441527: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdac98 Aug 26 13:14:58.441536: | libevent_free: release ptr-libevent@0x55c1fdf64be8 Aug 26 13:14:58.441538: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdad48 Aug 26 13:14:58.441543: | libevent_free: release ptr-libevent@0x55c1fdf64ae8 Aug 26 13:14:58.441545: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdadf8 Aug 26 13:14:58.441551: | libevent_free: release ptr-libevent@0x55c1fdf65668 Aug 26 13:14:58.441553: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdaea8 Aug 26 13:14:58.441558: | libevent_free: release ptr-libevent@0x55c1fdf3eba8 Aug 26 13:14:58.441560: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdaf58 Aug 26 13:14:58.441565: | libevent_free: release ptr-libevent@0x55c1fdf391d8 Aug 26 13:14:58.441567: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfdb008 Aug 26 13:14:58.441571: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:58.441919: | libevent_free: release ptr-libevent@0x55c1fdfcf098 Aug 26 13:14:58.441925: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfc2f08 Aug 26 13:14:58.441929: | libevent_free: release ptr-libevent@0x55c1fdf631e8 Aug 26 13:14:58.441931: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfc2e98 Aug 26 13:14:58.441934: | libevent_free: release ptr-libevent@0x55c1fdfa65e8 Aug 26 13:14:58.441936: | free_event_entry: release EVENT_NULL-pe@0x55c1fdfc2378 Aug 26 13:14:58.441939: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:14:58.441940: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:14:58.441942: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:14:58.441944: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:14:58.441946: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:14:58.441947: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:14:58.441949: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:14:58.441951: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:14:58.441953: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:14:58.441956: | libevent_free: release ptr-libevent@0x55c1fdf65af8 Aug 26 13:14:58.441958: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:14:58.441961: | libevent_free: release ptr-libevent@0x55c1fdfda3e8 Aug 26 13:14:58.441962: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:14:58.441965: | libevent_free: release ptr-libevent@0x55c1fdfda4f8 Aug 26 13:14:58.441966: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:14:58.441968: | libevent_free: release ptr-libevent@0x55c1fdfda738 Aug 26 13:14:58.441970: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:14:58.441972: | releasing event base Aug 26 13:14:58.441981: | libevent_free: release ptr-libevent@0x55c1fdfda608 Aug 26 13:14:58.441985: | libevent_free: release ptr-libevent@0x55c1fdfbd5b8 Aug 26 13:14:58.441988: | libevent_free: release ptr-libevent@0x55c1fdfbd568 Aug 26 13:14:58.441991: | libevent_free: release ptr-libevent@0x55c1fdfbd4f8 Aug 26 13:14:58.441994: | libevent_free: release ptr-libevent@0x55c1fdfbd4b8 Aug 26 13:14:58.441997: | libevent_free: release ptr-libevent@0x55c1fdfda2e8 Aug 26 13:14:58.441999: | libevent_free: release ptr-libevent@0x55c1fdfda368 Aug 26 13:14:58.442002: | libevent_free: release ptr-libevent@0x55c1fdfbd768 Aug 26 13:14:58.442004: | libevent_free: release ptr-libevent@0x55c1fdfc2488 Aug 26 13:14:58.442006: | libevent_free: release ptr-libevent@0x55c1fdfc2e58 Aug 26 13:14:58.442008: | libevent_free: release ptr-libevent@0x55c1fdfdb078 Aug 26 13:14:58.442013: | libevent_free: release ptr-libevent@0x55c1fdfdafc8 Aug 26 13:14:58.442016: | libevent_free: release ptr-libevent@0x55c1fdfdaf18 Aug 26 13:14:58.442018: | libevent_free: release ptr-libevent@0x55c1fdfdae68 Aug 26 13:14:58.442021: | libevent_free: release ptr-libevent@0x55c1fdfdadb8 Aug 26 13:14:58.442024: | libevent_free: release ptr-libevent@0x55c1fdfdad08 Aug 26 13:14:58.442027: | libevent_free: release ptr-libevent@0x55c1fdf627e8 Aug 26 13:14:58.442030: | libevent_free: release ptr-libevent@0x55c1fdfda4b8 Aug 26 13:14:58.442033: | libevent_free: release ptr-libevent@0x55c1fdfda3a8 Aug 26 13:14:58.442036: | libevent_free: release ptr-libevent@0x55c1fdfda328 Aug 26 13:14:58.442038: | libevent_free: release ptr-libevent@0x55c1fdfda5c8 Aug 26 13:14:58.442040: | libevent_free: release ptr-libevent@0x55c1fdf61978 Aug 26 13:14:58.442042: | libevent_free: release ptr-libevent@0x55c1fdf38908 Aug 26 13:14:58.442043: | libevent_free: release ptr-libevent@0x55c1fdf38d38 Aug 26 13:14:58.442045: | libevent_free: release ptr-libevent@0x55c1fdf61ce8 Aug 26 13:14:58.442047: | releasing global libevent data Aug 26 13:14:58.442049: | libevent_free: release ptr-libevent@0x55c1fdf63188 Aug 26 13:14:58.442051: | libevent_free: release ptr-libevent@0x55c1fdf38cd8 Aug 26 13:14:58.442053: | libevent_free: release ptr-libevent@0x55c1fdf38dd8 Aug 26 13:14:58.442090: leak detective found no leaks