Aug 26 13:14:50.676547: FIPS Product: YES Aug 26 13:14:50.676595: FIPS Kernel: NO Aug 26 13:14:50.676599: FIPS Mode: NO Aug 26 13:14:50.676601: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:14:50.676733: Initializing NSS Aug 26 13:14:50.676743: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:14:50.708472: NSS initialized Aug 26 13:14:50.708488: NSS crypto library initialized Aug 26 13:14:50.708490: FIPS HMAC integrity support [enabled] Aug 26 13:14:50.708492: FIPS mode disabled for pluto daemon Aug 26 13:14:50.754410: FIPS HMAC integrity verification self-test FAILED Aug 26 13:14:50.754501: libcap-ng support [enabled] Aug 26 13:14:50.754509: Linux audit support [enabled] Aug 26 13:14:50.754527: Linux audit activated Aug 26 13:14:50.754532: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16977 Aug 26 13:14:50.754534: core dump dir: /tmp Aug 26 13:14:50.754536: secrets file: /etc/ipsec.secrets Aug 26 13:14:50.754537: leak-detective enabled Aug 26 13:14:50.754538: NSS crypto [enabled] Aug 26 13:14:50.754540: XAUTH PAM support [enabled] Aug 26 13:14:50.754594: | libevent is using pluto's memory allocator Aug 26 13:14:50.754602: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:14:50.754613: | libevent_malloc: new ptr-libevent@0x5565781917f8 size 40 Aug 26 13:14:50.754615: | libevent_malloc: new ptr-libevent@0x556578191cd8 size 40 Aug 26 13:14:50.754617: | libevent_malloc: new ptr-libevent@0x556578191dd8 size 40 Aug 26 13:14:50.754619: | creating event base Aug 26 13:14:50.754621: | libevent_malloc: new ptr-libevent@0x5565782164b8 size 56 Aug 26 13:14:50.754624: | libevent_malloc: new ptr-libevent@0x5565781bab98 size 664 Aug 26 13:14:50.754632: | libevent_malloc: new ptr-libevent@0x556578216528 size 24 Aug 26 13:14:50.754634: | libevent_malloc: new ptr-libevent@0x556578216578 size 384 Aug 26 13:14:50.754642: | libevent_malloc: new ptr-libevent@0x556578216478 size 16 Aug 26 13:14:50.754644: | libevent_malloc: new ptr-libevent@0x556578191908 size 40 Aug 26 13:14:50.754645: | libevent_malloc: new ptr-libevent@0x556578191d38 size 48 Aug 26 13:14:50.754649: | libevent_realloc: new ptr-libevent@0x5565781bb698 size 256 Aug 26 13:14:50.754652: | libevent_malloc: new ptr-libevent@0x556578216728 size 16 Aug 26 13:14:50.754656: | libevent_free: release ptr-libevent@0x5565782164b8 Aug 26 13:14:50.754659: | libevent initialized Aug 26 13:14:50.754662: | libevent_realloc: new ptr-libevent@0x5565782164b8 size 64 Aug 26 13:14:50.754664: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:14:50.754677: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:14:50.754679: NAT-Traversal support [enabled] Aug 26 13:14:50.754680: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:14:50.754690: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:14:50.754693: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:14:50.754718: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:14:50.754721: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:14:50.754723: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:14:50.754757: Encryption algorithms: Aug 26 13:14:50.754764: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:14:50.754766: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:14:50.754769: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:14:50.754771: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:14:50.754773: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:14:50.754780: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:14:50.754783: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:14:50.754785: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:14:50.754787: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:14:50.754790: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:14:50.754792: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:14:50.754794: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:14:50.754796: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:14:50.754798: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:14:50.754801: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:14:50.754802: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:14:50.754804: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:14:50.754809: Hash algorithms: Aug 26 13:14:50.754811: MD5 IKEv1: IKE IKEv2: Aug 26 13:14:50.754813: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:14:50.754815: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:14:50.754817: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:14:50.754819: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:14:50.754827: PRF algorithms: Aug 26 13:14:50.754829: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:14:50.754831: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:14:50.754833: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:14:50.754835: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:14:50.754837: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:14:50.754839: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:14:50.754855: Integrity algorithms: Aug 26 13:14:50.754857: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:14:50.754859: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:14:50.754862: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:14:50.754864: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:14:50.754867: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:14:50.754868: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:14:50.754871: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:14:50.754872: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:14:50.754874: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:14:50.754882: DH algorithms: Aug 26 13:14:50.754884: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:14:50.754886: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:14:50.754888: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:14:50.754891: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:14:50.754893: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:14:50.754895: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:14:50.754896: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:14:50.754898: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:14:50.754900: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:14:50.754902: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:14:50.754904: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:14:50.754906: testing CAMELLIA_CBC: Aug 26 13:14:50.754908: Camellia: 16 bytes with 128-bit key Aug 26 13:14:50.754991: Camellia: 16 bytes with 128-bit key Aug 26 13:14:50.755009: Camellia: 16 bytes with 256-bit key Aug 26 13:14:50.755027: Camellia: 16 bytes with 256-bit key Aug 26 13:14:50.755044: testing AES_GCM_16: Aug 26 13:14:50.755046: empty string Aug 26 13:14:50.755067: one block Aug 26 13:14:50.755093: two blocks Aug 26 13:14:50.755121: two blocks with associated data Aug 26 13:14:50.755150: testing AES_CTR: Aug 26 13:14:50.755154: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:14:50.755181: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:14:50.755210: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:14:50.755235: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:14:50.755252: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:14:50.755268: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:14:50.755284: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:14:50.755329: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:14:50.755362: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:14:50.755381: testing AES_CBC: Aug 26 13:14:50.755383: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:14:50.755399: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.755416: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.755433: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:14:50.755453: testing AES_XCBC: Aug 26 13:14:50.755455: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:14:50.755526: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:14:50.755605: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:14:50.755677: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:14:50.755750: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:14:50.755823: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:14:50.755927: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:14:50.756225: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:14:50.756390: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:14:50.756538: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:14:50.756764: testing HMAC_MD5: Aug 26 13:14:50.756768: RFC 2104: MD5_HMAC test 1 Aug 26 13:14:50.756901: RFC 2104: MD5_HMAC test 2 Aug 26 13:14:50.756992: RFC 2104: MD5_HMAC test 3 Aug 26 13:14:50.757128: 8 CPU cores online Aug 26 13:14:50.757131: starting up 7 crypto helpers Aug 26 13:14:50.757156: started thread for crypto helper 0 Aug 26 13:14:50.757161: | starting up helper thread 0 Aug 26 13:14:50.757172: started thread for crypto helper 1 Aug 26 13:14:50.757172: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:14:50.757177: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:50.757187: started thread for crypto helper 2 Aug 26 13:14:50.757189: | starting up helper thread 2 Aug 26 13:14:50.757197: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:14:50.757198: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:50.757198: | starting up helper thread 1 Aug 26 13:14:50.757207: started thread for crypto helper 3 Aug 26 13:14:50.757211: | starting up helper thread 3 Aug 26 13:14:50.757215: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:14:50.757246: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:50.757233: started thread for crypto helper 4 Aug 26 13:14:50.757240: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:14:50.757257: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:50.757268: started thread for crypto helper 5 Aug 26 13:14:50.757270: | starting up helper thread 5 Aug 26 13:14:50.757276: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:14:50.757279: | crypto helper 5 waiting (nothing to do) Aug 26 13:14:50.757286: started thread for crypto helper 6 Aug 26 13:14:50.757292: | checking IKEv1 state table Aug 26 13:14:50.757302: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757304: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:14:50.757306: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757308: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:14:50.757309: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:14:50.757311: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:14:50.757313: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.757314: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.757316: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:14:50.757317: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:14:50.757319: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.757320: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:50.757322: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:14:50.757324: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.757325: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.757326: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:50.757328: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:14:50.757330: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.757331: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.757333: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:50.757334: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:14:50.757336: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757338: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:14:50.757339: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757341: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757342: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:14:50.757344: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757346: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:50.757347: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:50.757349: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:14:50.757350: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:50.757352: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:50.757353: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:14:50.757355: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757357: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.757358: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757360: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:14:50.757361: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:14:50.757363: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:14:50.757365: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:14:50.757366: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:14:50.757368: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:14:50.757370: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:14:50.757371: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757375: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:14:50.757377: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757237: | starting up helper thread 4 Aug 26 13:14:50.757383: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:14:50.757377: | starting up helper thread 6 Aug 26 13:14:50.757379: | INFO: category: informational flags: 0: Aug 26 13:14:50.757393: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:14:50.757386: | crypto helper 4 waiting (nothing to do) Aug 26 13:14:50.757395: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757411: | crypto helper 6 waiting (nothing to do) Aug 26 13:14:50.757411: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:14:50.757422: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757426: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:14:50.757428: | -> XAUTH_R1 EVENT_NULL Aug 26 13:14:50.757431: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:14:50.757434: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:50.757437: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:14:50.757440: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:14:50.757444: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:14:50.757446: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:14:50.757449: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.757452: | -> UNDEFINED EVENT_NULL Aug 26 13:14:50.757455: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:14:50.757458: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:50.757460: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.757463: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:14:50.757466: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:14:50.757469: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:14:50.757476: | checking IKEv2 state table Aug 26 13:14:50.757483: | PARENT_I0: category: ignore flags: 0: Aug 26 13:14:50.757486: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:14:50.757489: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757492: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:14:50.757495: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:14:50.757498: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:14:50.757501: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:14:50.757504: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:14:50.757507: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:14:50.757510: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:14:50.757513: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:14:50.757516: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:14:50.757518: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:14:50.757521: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:14:50.757524: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:14:50.757526: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:14:50.757529: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757532: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:14:50.757535: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:14:50.757538: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:14:50.757541: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:14:50.757544: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:14:50.757547: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:14:50.757553: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:14:50.757556: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:14:50.757559: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:14:50.757562: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.757565: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:14:50.757568: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:14:50.757571: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:14:50.757573: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.757576: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:50.757579: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:14:50.757582: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:14:50.757585: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:14:50.757588: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:14:50.757592: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:14:50.757595: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:14:50.757597: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:14:50.757600: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:14:50.757603: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:50.757606: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:14:50.757610: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:14:50.757613: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:14:50.757616: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:14:50.757618: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:14:50.757621: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:14:50.757633: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:14:50.757680: | Hard-wiring algorithms Aug 26 13:14:50.757685: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:14:50.757690: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:14:50.757693: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:14:50.757696: | adding 3DES_CBC to kernel algorithm db Aug 26 13:14:50.757699: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:14:50.757701: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:14:50.757704: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:14:50.757707: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:14:50.757709: | adding AES_CTR to kernel algorithm db Aug 26 13:14:50.757712: | adding AES_CBC to kernel algorithm db Aug 26 13:14:50.757715: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:14:50.757718: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:14:50.757721: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:14:50.757724: | adding NULL to kernel algorithm db Aug 26 13:14:50.757727: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:14:50.757730: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:14:50.757732: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:14:50.757735: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:14:50.757738: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:14:50.757741: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:14:50.757744: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:14:50.757746: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:14:50.757749: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:14:50.757752: | adding NONE to kernel algorithm db Aug 26 13:14:50.757774: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:14:50.757782: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:14:50.757785: | setup kernel fd callback Aug 26 13:14:50.757789: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55657821b2a8 Aug 26 13:14:50.757794: | libevent_malloc: new ptr-libevent@0x5565781ff568 size 128 Aug 26 13:14:50.757798: | libevent_malloc: new ptr-libevent@0x55657821b3b8 size 16 Aug 26 13:14:50.757805: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55657821bdc8 Aug 26 13:14:50.757810: | libevent_malloc: new ptr-libevent@0x5565781bc198 size 128 Aug 26 13:14:50.757813: | libevent_malloc: new ptr-libevent@0x55657821bd88 size 16 Aug 26 13:14:50.757999: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:14:50.758007: selinux support is enabled. Aug 26 13:14:50.758236: | unbound context created - setting debug level to 5 Aug 26 13:14:50.758255: | /etc/hosts lookups activated Aug 26 13:14:50.758266: | /etc/resolv.conf usage activated Aug 26 13:14:50.758346: | outgoing-port-avoid set 0-65535 Aug 26 13:14:50.758367: | outgoing-port-permit set 32768-60999 Aug 26 13:14:50.758370: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:14:50.758372: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:14:50.758374: | Setting up events, loop start Aug 26 13:14:50.758376: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55657821be38 Aug 26 13:14:50.758379: | libevent_malloc: new ptr-libevent@0x556578228048 size 128 Aug 26 13:14:50.758381: | libevent_malloc: new ptr-libevent@0x556578233318 size 16 Aug 26 13:14:50.758386: | libevent_realloc: new ptr-libevent@0x5565781ba828 size 256 Aug 26 13:14:50.758388: | libevent_malloc: new ptr-libevent@0x556578233358 size 8 Aug 26 13:14:50.758390: | libevent_realloc: new ptr-libevent@0x55657818d918 size 144 Aug 26 13:14:50.758392: | libevent_malloc: new ptr-libevent@0x5565781c6388 size 152 Aug 26 13:14:50.758395: | libevent_malloc: new ptr-libevent@0x556578233398 size 16 Aug 26 13:14:50.758397: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:14:50.758399: | libevent_malloc: new ptr-libevent@0x5565782333d8 size 8 Aug 26 13:14:50.758402: | libevent_malloc: new ptr-libevent@0x5565781be238 size 152 Aug 26 13:14:50.758404: | signal event handler PLUTO_SIGTERM installed Aug 26 13:14:50.758406: | libevent_malloc: new ptr-libevent@0x556578233418 size 8 Aug 26 13:14:50.758408: | libevent_malloc: new ptr-libevent@0x556578233458 size 152 Aug 26 13:14:50.758410: | signal event handler PLUTO_SIGHUP installed Aug 26 13:14:50.758412: | libevent_malloc: new ptr-libevent@0x556578233528 size 8 Aug 26 13:14:50.758413: | libevent_realloc: release ptr-libevent@0x55657818d918 Aug 26 13:14:50.758415: | libevent_realloc: new ptr-libevent@0x556578233568 size 256 Aug 26 13:14:50.758417: | libevent_malloc: new ptr-libevent@0x556578233698 size 152 Aug 26 13:14:50.758419: | signal event handler PLUTO_SIGSYS installed Aug 26 13:14:50.758903: | created addconn helper (pid:17045) using fork+execve Aug 26 13:14:50.758929: | forked child 17045 Aug 26 13:14:50.758965: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.758977: listening for IKE messages Aug 26 13:14:50.759024: | Inspecting interface lo Aug 26 13:14:50.759030: | found lo with address 127.0.0.1 Aug 26 13:14:50.759034: | Inspecting interface eth0 Aug 26 13:14:50.759037: | found eth0 with address 192.0.2.254 Aug 26 13:14:50.759040: | Inspecting interface eth1 Aug 26 13:14:50.759042: | found eth1 with address 192.1.2.23 Aug 26 13:14:50.759130: Kernel supports NIC esp-hw-offload Aug 26 13:14:50.759140: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:14:50.759158: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.759162: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.759165: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:14:50.759190: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:14:50.759209: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.759212: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.759215: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:14:50.759237: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:14:50.759255: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:50.759258: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:50.759260: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:14:50.759308: | no interfaces to sort Aug 26 13:14:50.759314: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:50.759320: | add_fd_read_event_handler: new ethX-pe@0x556578233a98 Aug 26 13:14:50.759322: | libevent_malloc: new ptr-libevent@0x556578227f98 size 128 Aug 26 13:14:50.759324: | libevent_malloc: new ptr-libevent@0x556578233b08 size 16 Aug 26 13:14:50.759330: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:50.759332: | add_fd_read_event_handler: new ethX-pe@0x556578233b48 Aug 26 13:14:50.759334: | libevent_malloc: new ptr-libevent@0x5565781bc098 size 128 Aug 26 13:14:50.759336: | libevent_malloc: new ptr-libevent@0x556578233bb8 size 16 Aug 26 13:14:50.759339: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:50.759341: | add_fd_read_event_handler: new ethX-pe@0x556578233bf8 Aug 26 13:14:50.759343: | libevent_malloc: new ptr-libevent@0x5565781bd838 size 128 Aug 26 13:14:50.759345: | libevent_malloc: new ptr-libevent@0x556578233c68 size 16 Aug 26 13:14:50.759348: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:14:50.759350: | add_fd_read_event_handler: new ethX-pe@0x556578233ca8 Aug 26 13:14:50.759352: | libevent_malloc: new ptr-libevent@0x5565781bd788 size 128 Aug 26 13:14:50.759353: | libevent_malloc: new ptr-libevent@0x556578233d18 size 16 Aug 26 13:14:50.759356: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:14:50.759358: | add_fd_read_event_handler: new ethX-pe@0x556578233d58 Aug 26 13:14:50.759361: | libevent_malloc: new ptr-libevent@0x5565781924e8 size 128 Aug 26 13:14:50.759363: | libevent_malloc: new ptr-libevent@0x556578233dc8 size 16 Aug 26 13:14:50.759366: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:14:50.759367: | add_fd_read_event_handler: new ethX-pe@0x556578233e08 Aug 26 13:14:50.759369: | libevent_malloc: new ptr-libevent@0x5565781921d8 size 128 Aug 26 13:14:50.759371: | libevent_malloc: new ptr-libevent@0x556578233e78 size 16 Aug 26 13:14:50.759374: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:14:50.759377: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:50.759379: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:50.759394: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:50.759402: | id type added to secret(0x55657818db58) PKK_PSK: @east Aug 26 13:14:50.759406: | id type added to secret(0x55657818db58) PKK_PSK: @west Aug 26 13:14:50.759409: | Processing PSK at line 1: passed Aug 26 13:14:50.759411: | certs and keys locked by 'process_secret' Aug 26 13:14:50.759414: | certs and keys unlocked by 'process_secret' Aug 26 13:14:50.759422: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.759429: | spent 0.467 milliseconds in whack Aug 26 13:14:50.778180: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.778204: listening for IKE messages Aug 26 13:14:50.778234: | Inspecting interface lo Aug 26 13:14:50.778239: | found lo with address 127.0.0.1 Aug 26 13:14:50.778241: | Inspecting interface eth0 Aug 26 13:14:50.778244: | found eth0 with address 192.0.2.254 Aug 26 13:14:50.778246: | Inspecting interface eth1 Aug 26 13:14:50.778248: | found eth1 with address 192.1.2.23 Aug 26 13:14:50.778300: | no interfaces to sort Aug 26 13:14:50.778312: | libevent_free: release ptr-libevent@0x556578227f98 Aug 26 13:14:50.778315: | free_event_entry: release EVENT_NULL-pe@0x556578233a98 Aug 26 13:14:50.778317: | add_fd_read_event_handler: new ethX-pe@0x556578233a98 Aug 26 13:14:50.778320: | libevent_malloc: new ptr-libevent@0x556578227f98 size 128 Aug 26 13:14:50.778325: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:50.778327: | libevent_free: release ptr-libevent@0x5565781bc098 Aug 26 13:14:50.778329: | free_event_entry: release EVENT_NULL-pe@0x556578233b48 Aug 26 13:14:50.778331: | add_fd_read_event_handler: new ethX-pe@0x556578233b48 Aug 26 13:14:50.778333: | libevent_malloc: new ptr-libevent@0x5565781bc098 size 128 Aug 26 13:14:50.778336: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:50.778338: | libevent_free: release ptr-libevent@0x5565781bd838 Aug 26 13:14:50.778340: | free_event_entry: release EVENT_NULL-pe@0x556578233bf8 Aug 26 13:14:50.778342: | add_fd_read_event_handler: new ethX-pe@0x556578233bf8 Aug 26 13:14:50.778343: | libevent_malloc: new ptr-libevent@0x5565781bd838 size 128 Aug 26 13:14:50.778347: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:14:50.778349: | libevent_free: release ptr-libevent@0x5565781bd788 Aug 26 13:14:50.778351: | free_event_entry: release EVENT_NULL-pe@0x556578233ca8 Aug 26 13:14:50.778353: | add_fd_read_event_handler: new ethX-pe@0x556578233ca8 Aug 26 13:14:50.778354: | libevent_malloc: new ptr-libevent@0x5565781bd788 size 128 Aug 26 13:14:50.778357: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:14:50.778360: | libevent_free: release ptr-libevent@0x5565781924e8 Aug 26 13:14:50.778361: | free_event_entry: release EVENT_NULL-pe@0x556578233d58 Aug 26 13:14:50.778363: | add_fd_read_event_handler: new ethX-pe@0x556578233d58 Aug 26 13:14:50.778365: | libevent_malloc: new ptr-libevent@0x5565781924e8 size 128 Aug 26 13:14:50.778368: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:14:50.778370: | libevent_free: release ptr-libevent@0x5565781921d8 Aug 26 13:14:50.778372: | free_event_entry: release EVENT_NULL-pe@0x556578233e08 Aug 26 13:14:50.778374: | add_fd_read_event_handler: new ethX-pe@0x556578233e08 Aug 26 13:14:50.778375: | libevent_malloc: new ptr-libevent@0x5565781921d8 size 128 Aug 26 13:14:50.778378: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:14:50.778381: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:50.778382: forgetting secrets Aug 26 13:14:50.778388: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:50.778399: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:50.778405: | id type added to secret(0x55657818db58) PKK_PSK: @east Aug 26 13:14:50.778407: | id type added to secret(0x55657818db58) PKK_PSK: @west Aug 26 13:14:50.778410: | Processing PSK at line 1: passed Aug 26 13:14:50.778412: | certs and keys locked by 'process_secret' Aug 26 13:14:50.778413: | certs and keys unlocked by 'process_secret' Aug 26 13:14:50.778420: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.778439: | spent 0.264 milliseconds in whack Aug 26 13:14:50.778970: | processing signal PLUTO_SIGCHLD Aug 26 13:14:50.778982: | waitpid returned pid 17045 (exited with status 0) Aug 26 13:14:50.778985: | reaped addconn helper child (status 0) Aug 26 13:14:50.778989: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:50.778992: | spent 0.0138 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:50.837576: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:50.837599: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.837603: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:50.837604: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.837606: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:50.837609: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:50.837614: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:50.837656: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:14:50.837659: | from whack: got --esp= Aug 26 13:14:50.837684: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:14:50.837687: | counting wild cards for @west is 0 Aug 26 13:14:50.837690: | counting wild cards for @east is 0 Aug 26 13:14:50.837696: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Aug 26 13:14:50.837698: | new hp@0x5565782362c8 Aug 26 13:14:50.837701: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:50.837709: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:50.837719: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Aug 26 13:14:50.837727: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:50.837734: | spent 0.165 milliseconds in whack Aug 26 13:14:53.403595: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.403621: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:14:53.403624: | 44 fe 8f 5e 66 f2 6b 1a 00 00 00 00 00 00 00 00 Aug 26 13:14:53.403626: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:53.403627: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.403642: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:53.403643: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:53.403645: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:53.403646: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:53.403648: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:53.403649: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:53.403650: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:53.403652: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:53.403653: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:53.403655: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:53.403656: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:53.403658: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:53.403659: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:53.403661: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:53.403662: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:53.403664: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:53.403665: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:53.403666: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:53.403668: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:53.403669: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:53.403671: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:53.403672: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:53.403674: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:53.403675: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:53.403677: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:53.403678: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:53.403682: | 28 00 01 08 00 0e 00 00 cc 77 f8 ce 06 f9 42 8c Aug 26 13:14:53.403684: | b6 ec fa b6 26 f1 6a 0a 95 c0 5d 82 17 41 ff 42 Aug 26 13:14:53.403685: | 7c f8 7c 87 81 f3 d4 c4 4b 1c 85 88 18 13 79 d3 Aug 26 13:14:53.403686: | ac 9f f5 c0 08 71 7b 15 0c 5e 29 5b db a9 dc ab Aug 26 13:14:53.403688: | dc bf 97 cf 0b e1 5e a0 78 20 95 a8 f8 ef c7 89 Aug 26 13:14:53.403689: | 04 57 77 f4 a1 52 fe aa 08 ea 6e eb 3a b3 17 8e Aug 26 13:14:53.403691: | 1c c9 8b 9b 28 f7 5d ea da fe a5 eb 60 7a 77 8b Aug 26 13:14:53.403692: | 7e 64 20 93 ae 8c 3c c3 db 4a 2e 02 2c 21 96 6d Aug 26 13:14:53.403694: | 76 36 6e aa 91 f3 34 9d 7c af d5 e9 b6 45 22 94 Aug 26 13:14:53.403695: | da 38 96 54 e2 8c 0b 4d 7f 96 40 1e 6e ba ca 8b Aug 26 13:14:53.403697: | 35 b8 30 b9 06 8a f5 c8 24 a7 ad 4b 28 19 9b e9 Aug 26 13:14:53.403698: | 77 f4 d1 2f 25 fa 7e 80 dc 4c 00 6c d0 b4 ae 3d Aug 26 13:14:53.403700: | eb cc d7 11 ac 62 b6 d9 50 f2 de 6c 28 b9 a7 dd Aug 26 13:14:53.403701: | b9 ab ed bb 86 df df 1f 30 95 e1 a5 65 bc 0b 90 Aug 26 13:14:53.403703: | 8a cb b7 c2 d7 a0 ca d0 03 93 ab 1c 50 f9 e9 8c Aug 26 13:14:53.403704: | d2 57 c3 a2 c2 15 03 9e bc c8 6d b3 2c 6f 00 49 Aug 26 13:14:53.403705: | 7e 16 a9 8d 6b 13 79 6e 29 00 00 24 8a 1e 0d 39 Aug 26 13:14:53.403707: | 10 00 0f 1f db a3 5d dd 25 8d ff 91 24 a7 71 30 Aug 26 13:14:53.403708: | c1 45 c8 48 1e ef 2c 18 a5 24 4d f9 29 00 00 08 Aug 26 13:14:53.403710: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f3 cf be 71 Aug 26 13:14:53.403711: | 29 dc a6 90 57 8f 74 12 a5 91 66 9c b7 06 e4 02 Aug 26 13:14:53.403713: | 00 00 00 1c 00 00 40 05 b9 23 37 15 60 21 82 af Aug 26 13:14:53.403714: | 08 88 a3 06 85 66 08 5c f7 bd 44 71 Aug 26 13:14:53.403719: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:14:53.403722: | **parse ISAKMP Message: Aug 26 13:14:53.403724: | initiator cookie: Aug 26 13:14:53.403725: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.403727: | responder cookie: Aug 26 13:14:53.403728: | 00 00 00 00 00 00 00 00 Aug 26 13:14:53.403730: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.403732: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.403734: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.403735: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.403737: | Message ID: 0 (0x0) Aug 26 13:14:53.403739: | length: 828 (0x33c) Aug 26 13:14:53.403741: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:14:53.403743: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:14:53.403745: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:14:53.403747: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.403749: | ***parse IKEv2 Security Association Payload: Aug 26 13:14:53.403751: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:14:53.403753: | flags: none (0x0) Aug 26 13:14:53.403754: | length: 436 (0x1b4) Aug 26 13:14:53.403756: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:14:53.403757: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:14:53.403759: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:14:53.403761: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:14:53.403762: | flags: none (0x0) Aug 26 13:14:53.403764: | length: 264 (0x108) Aug 26 13:14:53.403765: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.403767: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:14:53.403768: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.403770: | ***parse IKEv2 Nonce Payload: Aug 26 13:14:53.403772: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.403773: | flags: none (0x0) Aug 26 13:14:53.403775: | length: 36 (0x24) Aug 26 13:14:53.403776: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:14:53.403778: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.403781: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.403782: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.403784: | flags: none (0x0) Aug 26 13:14:53.403785: | length: 8 (0x8) Aug 26 13:14:53.403787: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403788: | SPI size: 0 (0x0) Aug 26 13:14:53.403790: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.403792: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:14:53.403793: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.403795: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.403796: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.403798: | flags: none (0x0) Aug 26 13:14:53.403799: | length: 28 (0x1c) Aug 26 13:14:53.403801: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403802: | SPI size: 0 (0x0) Aug 26 13:14:53.403804: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.403806: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.403807: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.403808: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.403810: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.403812: | flags: none (0x0) Aug 26 13:14:53.403813: | length: 28 (0x1c) Aug 26 13:14:53.403814: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403816: | SPI size: 0 (0x0) Aug 26 13:14:53.403818: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.403819: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.403821: | DDOS disabled and no cookie sent, continuing Aug 26 13:14:53.403824: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.403828: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.403830: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:14:53.403832: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.403834: | find_next_host_connection returns empty Aug 26 13:14:53.403837: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.403839: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:14:53.403840: | find_next_host_connection returns empty Aug 26 13:14:53.403842: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:14:53.403845: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.403848: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.403850: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:14:53.403852: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.403853: | find_next_host_connection returns empty Aug 26 13:14:53.403855: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.403857: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:14:53.403859: | find_next_host_connection returns empty Aug 26 13:14:53.403861: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Aug 26 13:14:53.403864: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports Aug 26 13:14:53.403866: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.403868: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:14:53.403870: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2) Aug 26 13:14:53.403872: | find_next_host_connection returns westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:53.403874: | find_next_host_connection policy=PSK+IKEV2_ALLOW Aug 26 13:14:53.403876: | find_next_host_connection returns empty Aug 26 13:14:53.403878: | found connection: westnet-eastnet-ipv4-psk-ikev2 with policy PSK+IKEV2_ALLOW Aug 26 13:14:53.403897: | creating state object #1 at 0x556578237f98 Aug 26 13:14:53.403899: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:14:53.403905: | pstats #1 ikev2.ike started Aug 26 13:14:53.403907: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:53.403909: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:14:53.403912: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.403917: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.403919: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:53.403922: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:53.403924: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:14:53.403927: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:14:53.403930: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:14:53.403932: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:14:53.403934: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:14:53.403935: | Now let's proceed with state specific processing Aug 26 13:14:53.403937: | calling processor Respond to IKE_SA_INIT Aug 26 13:14:53.403944: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:14:53.403946: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals) Aug 26 13:14:53.403952: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.403957: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.403959: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.403962: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.403965: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.403968: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.403970: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.403974: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.403979: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.403984: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:14:53.403987: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.403989: | local proposal 1 type PRF has 2 transforms Aug 26 13:14:53.403990: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.403992: | local proposal 1 type DH has 8 transforms Aug 26 13:14:53.403993: | local proposal 1 type ESN has 0 transforms Aug 26 13:14:53.403996: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.403997: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.403999: | local proposal 2 type PRF has 2 transforms Aug 26 13:14:53.404000: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.404002: | local proposal 2 type DH has 8 transforms Aug 26 13:14:53.404003: | local proposal 2 type ESN has 0 transforms Aug 26 13:14:53.404005: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.404007: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.404008: | local proposal 3 type PRF has 2 transforms Aug 26 13:14:53.404010: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.404012: | local proposal 3 type DH has 8 transforms Aug 26 13:14:53.404013: | local proposal 3 type ESN has 0 transforms Aug 26 13:14:53.404015: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.404017: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.404018: | local proposal 4 type PRF has 2 transforms Aug 26 13:14:53.404020: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.404021: | local proposal 4 type DH has 8 transforms Aug 26 13:14:53.404023: | local proposal 4 type ESN has 0 transforms Aug 26 13:14:53.404025: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.404027: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.404028: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.404030: | length: 100 (0x64) Aug 26 13:14:53.404032: | prop #: 1 (0x1) Aug 26 13:14:53.404033: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.404035: | spi size: 0 (0x0) Aug 26 13:14:53.404036: | # transforms: 11 (0xb) Aug 26 13:14:53.404039: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:14:53.404041: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404044: | length: 12 (0xc) Aug 26 13:14:53.404045: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.404047: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.404049: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.404050: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.404052: | length/value: 256 (0x100) Aug 26 13:14:53.404055: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.404057: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404058: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404060: | length: 8 (0x8) Aug 26 13:14:53.404061: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404063: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.404065: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:14:53.404067: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:14:53.404070: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:14:53.404072: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:14:53.404074: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404077: | length: 8 (0x8) Aug 26 13:14:53.404078: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404080: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.404082: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404085: | length: 8 (0x8) Aug 26 13:14:53.404086: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404088: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.404090: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:14:53.404092: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:14:53.404094: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:14:53.404096: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:14:53.404097: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404100: | length: 8 (0x8) Aug 26 13:14:53.404102: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404104: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.404105: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404108: | length: 8 (0x8) Aug 26 13:14:53.404110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404111: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.404113: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404116: | length: 8 (0x8) Aug 26 13:14:53.404118: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404119: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.404121: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404124: | length: 8 (0x8) Aug 26 13:14:53.404125: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404127: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.404129: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404132: | length: 8 (0x8) Aug 26 13:14:53.404133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404135: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.404137: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404138: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404140: | length: 8 (0x8) Aug 26 13:14:53.404141: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404143: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.404144: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404146: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.404147: | length: 8 (0x8) Aug 26 13:14:53.404149: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404151: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.404153: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:14:53.404156: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:14:53.404158: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.404160: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.404162: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.404163: | length: 100 (0x64) Aug 26 13:14:53.404165: | prop #: 2 (0x2) Aug 26 13:14:53.404166: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.404168: | spi size: 0 (0x0) Aug 26 13:14:53.404169: | # transforms: 11 (0xb) Aug 26 13:14:53.404171: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.404173: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404175: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404176: | length: 12 (0xc) Aug 26 13:14:53.404178: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.404179: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.404181: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.404182: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.404184: | length/value: 128 (0x80) Aug 26 13:14:53.404186: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404187: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404189: | length: 8 (0x8) Aug 26 13:14:53.404190: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404192: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.404194: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404197: | length: 8 (0x8) Aug 26 13:14:53.404198: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404200: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.404201: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404204: | length: 8 (0x8) Aug 26 13:14:53.404206: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404207: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.404209: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404211: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404212: | length: 8 (0x8) Aug 26 13:14:53.404214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404215: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.404217: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404220: | length: 8 (0x8) Aug 26 13:14:53.404221: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404223: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.404225: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404228: | length: 8 (0x8) Aug 26 13:14:53.404229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404231: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.404232: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404235: | length: 8 (0x8) Aug 26 13:14:53.404237: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404239: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.404240: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404243: | length: 8 (0x8) Aug 26 13:14:53.404245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404246: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.404248: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404251: | length: 8 (0x8) Aug 26 13:14:53.404253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404256: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.404258: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404259: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.404261: | length: 8 (0x8) Aug 26 13:14:53.404262: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404264: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.404266: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:14:53.404268: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:14:53.404270: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.404271: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.404273: | length: 116 (0x74) Aug 26 13:14:53.404274: | prop #: 3 (0x3) Aug 26 13:14:53.404276: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.404277: | spi size: 0 (0x0) Aug 26 13:14:53.404279: | # transforms: 13 (0xd) Aug 26 13:14:53.404281: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.404282: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404285: | length: 12 (0xc) Aug 26 13:14:53.404287: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.404313: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.404315: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.404316: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.404318: | length/value: 256 (0x100) Aug 26 13:14:53.404320: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404323: | length: 8 (0x8) Aug 26 13:14:53.404324: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404326: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.404328: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404329: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404331: | length: 8 (0x8) Aug 26 13:14:53.404332: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404334: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.404336: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404350: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404352: | length: 8 (0x8) Aug 26 13:14:53.404353: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.404355: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.404357: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404358: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404360: | length: 8 (0x8) Aug 26 13:14:53.404361: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.404363: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.404364: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404366: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404367: | length: 8 (0x8) Aug 26 13:14:53.404369: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404370: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.404372: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404374: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404375: | length: 8 (0x8) Aug 26 13:14:53.404377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404378: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.404380: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404383: | length: 8 (0x8) Aug 26 13:14:53.404384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404386: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.404389: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404392: | length: 8 (0x8) Aug 26 13:14:53.404393: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404395: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.404397: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404398: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404400: | length: 8 (0x8) Aug 26 13:14:53.404401: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404403: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.404404: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404407: | length: 8 (0x8) Aug 26 13:14:53.404409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404411: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.404412: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404415: | length: 8 (0x8) Aug 26 13:14:53.404417: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404418: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.404420: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404422: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.404423: | length: 8 (0x8) Aug 26 13:14:53.404425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404426: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.404429: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:14:53.404431: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:14:53.404432: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.404434: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.404435: | length: 116 (0x74) Aug 26 13:14:53.404437: | prop #: 4 (0x4) Aug 26 13:14:53.404438: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.404440: | spi size: 0 (0x0) Aug 26 13:14:53.404441: | # transforms: 13 (0xd) Aug 26 13:14:53.404443: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.404445: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404448: | length: 12 (0xc) Aug 26 13:14:53.404449: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.404451: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.404453: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.404454: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.404456: | length/value: 128 (0x80) Aug 26 13:14:53.404457: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404460: | length: 8 (0x8) Aug 26 13:14:53.404462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404464: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.404465: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404467: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404468: | length: 8 (0x8) Aug 26 13:14:53.404470: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.404471: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.404473: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404476: | length: 8 (0x8) Aug 26 13:14:53.404478: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.404479: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.404481: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404486: | length: 8 (0x8) Aug 26 13:14:53.404488: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.404489: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.404491: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404494: | length: 8 (0x8) Aug 26 13:14:53.404495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404497: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.404499: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404502: | length: 8 (0x8) Aug 26 13:14:53.404503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404505: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.404506: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404509: | length: 8 (0x8) Aug 26 13:14:53.404511: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404512: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.404514: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404517: | length: 8 (0x8) Aug 26 13:14:53.404519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404520: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.404522: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404523: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404525: | length: 8 (0x8) Aug 26 13:14:53.404526: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404528: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.404530: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404533: | length: 8 (0x8) Aug 26 13:14:53.404534: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404536: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.404537: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.404540: | length: 8 (0x8) Aug 26 13:14:53.404542: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404543: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.404545: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.404547: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.404548: | length: 8 (0x8) Aug 26 13:14:53.404550: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.404551: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.404553: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:14:53.404555: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:14:53.404558: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:14:53.404562: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:14:53.404563: | converting proposal to internal trans attrs Aug 26 13:14:53.404566: | natd_hash: rcookie is zero Aug 26 13:14:53.404574: | natd_hash: hasher=0x5565769eb800(20) Aug 26 13:14:53.404576: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.404578: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.404579: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.404581: | natd_hash: port=500 Aug 26 13:14:53.404582: | natd_hash: hash= b9 23 37 15 60 21 82 af 08 88 a3 06 85 66 08 5c Aug 26 13:14:53.404584: | natd_hash: hash= f7 bd 44 71 Aug 26 13:14:53.404585: | natd_hash: rcookie is zero Aug 26 13:14:53.404589: | natd_hash: hasher=0x5565769eb800(20) Aug 26 13:14:53.404590: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.404592: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.404593: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.404594: | natd_hash: port=500 Aug 26 13:14:53.404596: | natd_hash: hash= f3 cf be 71 29 dc a6 90 57 8f 74 12 a5 91 66 9c Aug 26 13:14:53.404597: | natd_hash: hash= b7 06 e4 02 Aug 26 13:14:53.404599: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:14:53.404601: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:14:53.404602: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:14:53.404604: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Aug 26 13:14:53.404606: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:14:53.404608: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556578237b78 Aug 26 13:14:53.404611: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.404613: | libevent_malloc: new ptr-libevent@0x55657823a2f8 size 128 Aug 26 13:14:53.404621: | #1 spent 0.66 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:14:53.404625: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.404627: | crypto helper 0 resuming Aug 26 13:14:53.404628: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:14:53.404641: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:14:53.404643: | suspending state #1 and saving MD Aug 26 13:14:53.404648: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:14:53.404651: | #1 is busy; has a suspended MD Aug 26 13:14:53.404655: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.404657: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.404660: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.404664: | #1 spent 1.03 milliseconds in ikev2_process_packet() Aug 26 13:14:53.404666: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:14:53.404668: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.404670: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.404672: | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.405651: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001003 seconds Aug 26 13:14:53.405663: | (#1) spent 1.01 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:14:53.405666: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:14:53.405669: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.405672: | libevent_malloc: new ptr-libevent@0x7fdc10002888 size 128 Aug 26 13:14:53.405679: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:53.405714: | processing resume sending helper answer for #1 Aug 26 13:14:53.405723: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:14:53.405727: | crypto helper 0 replies to request ID 1 Aug 26 13:14:53.405729: | calling continuation function 0x556576916b50 Aug 26 13:14:53.405731: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:14:53.405756: | **emit ISAKMP Message: Aug 26 13:14:53.405758: | initiator cookie: Aug 26 13:14:53.405759: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.405761: | responder cookie: Aug 26 13:14:53.405762: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.405764: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.405766: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.405768: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.405770: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.405771: | Message ID: 0 (0x0) Aug 26 13:14:53.405773: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.405775: | Emitting ikev2_proposal ... Aug 26 13:14:53.405777: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:53.405778: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.405780: | flags: none (0x0) Aug 26 13:14:53.405782: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.405784: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405786: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.405787: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.405789: | prop #: 1 (0x1) Aug 26 13:14:53.405791: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.405792: | spi size: 0 (0x0) Aug 26 13:14:53.405794: | # transforms: 3 (0x3) Aug 26 13:14:53.405796: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.405797: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.405799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.405801: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.405802: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.405804: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.405806: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.405808: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.405809: | length/value: 256 (0x100) Aug 26 13:14:53.405811: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.405813: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.405815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.405816: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.405818: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.405820: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.405822: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.405823: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.405825: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.405826: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.405828: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.405830: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.405832: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.405835: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.405837: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.405838: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:14:53.405840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.405842: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:14:53.405844: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.405846: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:53.405847: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.405849: | flags: none (0x0) Aug 26 13:14:53.405850: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.405853: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:53.405854: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405856: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:53.405858: | ikev2 g^x 7b 5b eb 68 a1 c0 8e e7 48 5b fb c7 ed f2 38 3c Aug 26 13:14:53.405860: | ikev2 g^x fa c6 c7 bb bb c0 d7 34 76 b5 01 9c e1 34 0c df Aug 26 13:14:53.405861: | ikev2 g^x f9 dd 62 94 16 4a 36 95 ad 4b 06 a7 e4 56 dc e3 Aug 26 13:14:53.405863: | ikev2 g^x 38 0e e0 0b da ac 2c 09 7f cc 14 c4 4e 5c 52 2c Aug 26 13:14:53.405864: | ikev2 g^x 4e a4 23 dc 32 98 48 54 37 bb 14 0e 2b de d7 f0 Aug 26 13:14:53.405866: | ikev2 g^x 42 ea 7f 06 0d 4d c4 20 cc 4f 26 69 b9 fb 1a 6d Aug 26 13:14:53.405867: | ikev2 g^x 85 1e c8 b6 10 c0 70 fb f4 f5 5d a5 97 32 60 05 Aug 26 13:14:53.405869: | ikev2 g^x 45 a4 72 4b 43 2b 44 98 bd 04 a9 0f ea e0 56 58 Aug 26 13:14:53.405870: | ikev2 g^x 08 11 3f c4 18 9a 58 87 79 a7 29 c2 a2 3e 4b 6a Aug 26 13:14:53.405872: | ikev2 g^x 14 98 dd 45 b0 38 ad 9f 8a a4 45 c9 21 ec 10 10 Aug 26 13:14:53.405873: | ikev2 g^x e1 cd 70 9f 83 8c 33 70 98 ac 13 f0 5c 62 89 b4 Aug 26 13:14:53.405875: | ikev2 g^x 7b 85 94 15 29 27 5c 65 80 2d 42 66 e2 25 c5 c7 Aug 26 13:14:53.405876: | ikev2 g^x da bd cf 8f 1e a1 f0 f5 35 71 3a 30 b6 8b d8 91 Aug 26 13:14:53.405878: | ikev2 g^x 48 3c d4 89 4e 67 61 f7 26 36 4a 6f d0 cf d9 2e Aug 26 13:14:53.405879: | ikev2 g^x 1e 84 29 8e 85 b7 f4 de 7a e0 de b6 63 78 54 bc Aug 26 13:14:53.405881: | ikev2 g^x f6 19 d4 15 46 47 3b 7b b1 a5 e7 67 b8 30 0f 59 Aug 26 13:14:53.405882: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:53.405884: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:53.405886: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.405887: | flags: none (0x0) Aug 26 13:14:53.405889: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:53.405891: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.405893: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405895: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:53.405896: | IKEv2 nonce 09 9c 05 fa fa 52 df ec 40 fa 4f c2 2c f5 0e 14 Aug 26 13:14:53.405898: | IKEv2 nonce 39 f7 7d 42 6a 6b 54 d9 e9 12 6e 09 b1 be 56 a6 Aug 26 13:14:53.405899: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:53.405901: | Adding a v2N Payload Aug 26 13:14:53.405903: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.405904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.405906: | flags: none (0x0) Aug 26 13:14:53.405907: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.405910: | SPI size: 0 (0x0) Aug 26 13:14:53.405912: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.405914: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.405915: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405917: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:53.405919: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:53.405926: | natd_hash: hasher=0x5565769eb800(20) Aug 26 13:14:53.405928: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.405930: | natd_hash: rcookie= 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.405931: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.405933: | natd_hash: port=500 Aug 26 13:14:53.405935: | natd_hash: hash= f5 63 95 99 ce 92 8b a0 11 e7 80 aa be 5a 30 f8 Aug 26 13:14:53.405936: | natd_hash: hash= c6 1d 82 42 Aug 26 13:14:53.405938: | Adding a v2N Payload Aug 26 13:14:53.405939: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.405941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.405942: | flags: none (0x0) Aug 26 13:14:53.405944: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.405945: | SPI size: 0 (0x0) Aug 26 13:14:53.405947: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.405949: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.405951: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405953: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.405954: | Notify data f5 63 95 99 ce 92 8b a0 11 e7 80 aa be 5a 30 f8 Aug 26 13:14:53.405956: | Notify data c6 1d 82 42 Aug 26 13:14:53.405957: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.405961: | natd_hash: hasher=0x5565769eb800(20) Aug 26 13:14:53.405963: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.405964: | natd_hash: rcookie= 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.405966: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.405967: | natd_hash: port=500 Aug 26 13:14:53.405969: | natd_hash: hash= c1 17 95 68 2d aa 39 11 65 72 3c 80 6d 9a 07 48 Aug 26 13:14:53.405970: | natd_hash: hash= dc a3 6a 74 Aug 26 13:14:53.405971: | Adding a v2N Payload Aug 26 13:14:53.405973: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.405975: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.405976: | flags: none (0x0) Aug 26 13:14:53.405978: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.405979: | SPI size: 0 (0x0) Aug 26 13:14:53.405981: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.405983: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.405984: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.405986: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.405988: | Notify data c1 17 95 68 2d aa 39 11 65 72 3c 80 6d 9a 07 48 Aug 26 13:14:53.405989: | Notify data dc a3 6a 74 Aug 26 13:14:53.405991: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.405992: | emitting length of ISAKMP Message: 432 Aug 26 13:14:53.405997: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.405999: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:14:53.406001: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:14:53.406003: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:14:53.406005: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:14:53.406009: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:14:53.406012: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.406015: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:14:53.406018: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:14:53.406022: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:53.406025: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.406027: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:14:53.406028: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.406030: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:14:53.406031: | 04 00 00 0e 28 00 01 08 00 0e 00 00 7b 5b eb 68 Aug 26 13:14:53.406033: | a1 c0 8e e7 48 5b fb c7 ed f2 38 3c fa c6 c7 bb Aug 26 13:14:53.406034: | bb c0 d7 34 76 b5 01 9c e1 34 0c df f9 dd 62 94 Aug 26 13:14:53.406036: | 16 4a 36 95 ad 4b 06 a7 e4 56 dc e3 38 0e e0 0b Aug 26 13:14:53.406037: | da ac 2c 09 7f cc 14 c4 4e 5c 52 2c 4e a4 23 dc Aug 26 13:14:53.406039: | 32 98 48 54 37 bb 14 0e 2b de d7 f0 42 ea 7f 06 Aug 26 13:14:53.406040: | 0d 4d c4 20 cc 4f 26 69 b9 fb 1a 6d 85 1e c8 b6 Aug 26 13:14:53.406042: | 10 c0 70 fb f4 f5 5d a5 97 32 60 05 45 a4 72 4b Aug 26 13:14:53.406043: | 43 2b 44 98 bd 04 a9 0f ea e0 56 58 08 11 3f c4 Aug 26 13:14:53.406045: | 18 9a 58 87 79 a7 29 c2 a2 3e 4b 6a 14 98 dd 45 Aug 26 13:14:53.406046: | b0 38 ad 9f 8a a4 45 c9 21 ec 10 10 e1 cd 70 9f Aug 26 13:14:53.406048: | 83 8c 33 70 98 ac 13 f0 5c 62 89 b4 7b 85 94 15 Aug 26 13:14:53.406049: | 29 27 5c 65 80 2d 42 66 e2 25 c5 c7 da bd cf 8f Aug 26 13:14:53.406051: | 1e a1 f0 f5 35 71 3a 30 b6 8b d8 91 48 3c d4 89 Aug 26 13:14:53.406052: | 4e 67 61 f7 26 36 4a 6f d0 cf d9 2e 1e 84 29 8e Aug 26 13:14:53.406054: | 85 b7 f4 de 7a e0 de b6 63 78 54 bc f6 19 d4 15 Aug 26 13:14:53.406055: | 46 47 3b 7b b1 a5 e7 67 b8 30 0f 59 29 00 00 24 Aug 26 13:14:53.406057: | 09 9c 05 fa fa 52 df ec 40 fa 4f c2 2c f5 0e 14 Aug 26 13:14:53.406058: | 39 f7 7d 42 6a 6b 54 d9 e9 12 6e 09 b1 be 56 a6 Aug 26 13:14:53.406059: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:14:53.406061: | f5 63 95 99 ce 92 8b a0 11 e7 80 aa be 5a 30 f8 Aug 26 13:14:53.406062: | c6 1d 82 42 00 00 00 1c 00 00 40 05 c1 17 95 68 Aug 26 13:14:53.406064: | 2d aa 39 11 65 72 3c 80 6d 9a 07 48 dc a3 6a 74 Aug 26 13:14:53.406087: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.406106: | libevent_free: release ptr-libevent@0x55657823a2f8 Aug 26 13:14:53.406108: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556578237b78 Aug 26 13:14:53.406110: | event_schedule: new EVENT_SO_DISCARD-pe@0x556578237b78 Aug 26 13:14:53.406113: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:14:53.406115: | libevent_malloc: new ptr-libevent@0x55657823b448 size 128 Aug 26 13:14:53.406117: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.406121: | #1 spent 0.383 milliseconds in resume sending helper answer Aug 26 13:14:53.406125: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:14:53.406127: | libevent_free: release ptr-libevent@0x7fdc10002888 Aug 26 13:14:53.408614: | spent 0.00166 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.408634: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Aug 26 13:14:53.408637: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.408642: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:14:53.408643: | 59 5a 23 56 c5 88 39 62 67 0d 97 87 90 84 cb 72 Aug 26 13:14:53.408645: | b5 6f e3 2e db c6 e6 d7 ec b2 5f 55 ad 9b 06 e8 Aug 26 13:14:53.408646: | fb af 55 9a 15 83 d5 47 bb b1 e6 fc c7 5b 9f a6 Aug 26 13:14:53.408648: | 90 f5 68 c5 ef 2f 0d 13 78 2d 69 aa c1 d5 73 2b Aug 26 13:14:53.408649: | 18 fe 2c 0f 75 5e 60 7e 0e cf 21 28 48 41 86 d7 Aug 26 13:14:53.408651: | e9 c0 d1 74 3c 78 da ae 93 88 52 4c a6 82 29 11 Aug 26 13:14:53.408652: | 8b c0 96 94 61 69 56 a9 5c 3b f3 99 d4 93 e8 72 Aug 26 13:14:53.408654: | 2c 96 ce b3 99 6a 6d 75 a6 4d 5c d3 b2 b2 27 5c Aug 26 13:14:53.408655: | 6b 8d 1b ac cb 16 f3 99 1b 44 79 74 5b 3c e3 65 Aug 26 13:14:53.408657: | f2 39 e2 e5 63 79 93 0a f0 0a 01 a4 2d 3d 9d 7d Aug 26 13:14:53.408658: | e9 21 d6 b7 00 43 28 6d a6 b9 d4 bb de 29 e2 11 Aug 26 13:14:53.408660: | a3 97 de ed 01 55 eb 38 46 09 2e 42 cf 7d 1a 99 Aug 26 13:14:53.408661: | 7c 4d 03 f1 d5 0b 06 e1 51 72 63 27 46 9b 1a 1c Aug 26 13:14:53.408663: | 1f 6a 21 15 32 03 e7 b4 c1 8b b1 04 fb 37 13 97 Aug 26 13:14:53.408664: | 50 63 8e dd 0c 8e 08 a4 11 df 0f 52 4d cc fc b7 Aug 26 13:14:53.408666: | 9c 79 a1 6d 4f 0e 83 8f 57 98 a5 ca 6f b5 74 fd Aug 26 13:14:53.408667: | df b1 67 b5 f7 9a 72 a7 8b 9f 25 b7 f6 f3 2f 5e Aug 26 13:14:53.408669: | d3 c3 a6 25 d0 65 d4 da d7 3c 7b b6 a4 fa dd 21 Aug 26 13:14:53.408670: | c1 5d 4c a5 7c dd dc c3 59 f6 08 7f f0 56 6d 49 Aug 26 13:14:53.408672: | a2 d2 ed 8b ab bc c6 6b e0 50 1e 8b af ad 8c 78 Aug 26 13:14:53.408673: | 0c 5d 65 48 93 f3 e1 32 4f 55 b1 d2 fe Aug 26 13:14:53.408677: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Aug 26 13:14:53.408679: | **parse ISAKMP Message: Aug 26 13:14:53.408681: | initiator cookie: Aug 26 13:14:53.408683: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.408684: | responder cookie: Aug 26 13:14:53.408686: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.408688: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:53.408689: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.408691: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.408693: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.408695: | Message ID: 1 (0x1) Aug 26 13:14:53.408696: | length: 365 (0x16d) Aug 26 13:14:53.408698: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:14:53.408700: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:14:53.408703: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:14:53.408707: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.408709: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:53.408712: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:53.408714: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:14:53.408717: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:14:53.408718: | unpacking clear payload Aug 26 13:14:53.408720: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:53.408722: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:53.408724: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:14:53.408725: | flags: none (0x0) Aug 26 13:14:53.408727: | length: 337 (0x151) Aug 26 13:14:53.408728: | processing payload: ISAKMP_NEXT_v2SK (len=333) Aug 26 13:14:53.408731: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:53.408733: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:14:53.408737: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:14:53.408738: | Now let's proceed with state specific processing Aug 26 13:14:53.408740: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:14:53.408742: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:14:53.408745: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:14:53.408748: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:14:53.408749: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:14:53.408752: | libevent_free: release ptr-libevent@0x55657823b448 Aug 26 13:14:53.408754: | free_event_entry: release EVENT_SO_DISCARD-pe@0x556578237b78 Aug 26 13:14:53.408756: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556578237b78 Aug 26 13:14:53.408758: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.408760: | libevent_malloc: new ptr-libevent@0x7fdc10002888 size 128 Aug 26 13:14:53.408768: | #1 spent 0.0243 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:14:53.408771: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.408773: | crypto helper 2 resuming Aug 26 13:14:53.408774: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:14:53.408785: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:14:53.408786: | suspending state #1 and saving MD Aug 26 13:14:53.408791: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:14:53.408792: | #1 is busy; has a suspended MD Aug 26 13:14:53.408796: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.408798: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.408801: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.408804: | #1 spent 0.172 milliseconds in ikev2_process_packet() Aug 26 13:14:53.408807: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Aug 26 13:14:53.408809: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.408811: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.408813: | spent 0.181 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.409341: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:14:53.409616: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.000826 seconds Aug 26 13:14:53.409623: | (#1) spent 0.829 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:14:53.409625: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:14:53.409627: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.409629: | libevent_malloc: new ptr-libevent@0x7fdc08000f48 size 128 Aug 26 13:14:53.409634: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:53.409669: | processing resume sending helper answer for #1 Aug 26 13:14:53.409678: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Aug 26 13:14:53.409681: | crypto helper 2 replies to request ID 2 Aug 26 13:14:53.409683: | calling continuation function 0x556576916b50 Aug 26 13:14:53.409685: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:14:53.409687: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:14:53.409698: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:14:53.409702: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:14:53.409705: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:14:53.409706: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:14:53.409708: | flags: none (0x0) Aug 26 13:14:53.409710: | length: 12 (0xc) Aug 26 13:14:53.409711: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.409713: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 13:14:53.409715: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.409716: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.409718: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.409720: | flags: none (0x0) Aug 26 13:14:53.409721: | length: 12 (0xc) Aug 26 13:14:53.409723: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.409724: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:14:53.409726: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.409728: | **parse IKEv2 Authentication Payload: Aug 26 13:14:53.409729: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.409731: | flags: none (0x0) Aug 26 13:14:53.409732: | length: 72 (0x48) Aug 26 13:14:53.409734: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.409736: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:14:53.409737: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.409739: | **parse IKEv2 Security Association Payload: Aug 26 13:14:53.409740: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:14:53.409742: | flags: none (0x0) Aug 26 13:14:53.409743: | length: 164 (0xa4) Aug 26 13:14:53.409745: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:14:53.409747: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.409748: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.409750: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:14:53.409751: | flags: none (0x0) Aug 26 13:14:53.409753: | length: 24 (0x18) Aug 26 13:14:53.409754: | number of TS: 1 (0x1) Aug 26 13:14:53.409756: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:14:53.409757: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.409759: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.409761: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.409762: | flags: none (0x0) Aug 26 13:14:53.409764: | length: 24 (0x18) Aug 26 13:14:53.409765: | number of TS: 1 (0x1) Aug 26 13:14:53.409767: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:14:53.409768: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:14:53.409770: | Now let's proceed with state specific processing Aug 26 13:14:53.409771: | calling processor Responder: process IKE_AUTH request Aug 26 13:14:53.409775: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:14:53.409779: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:14:53.409781: | received IDr payload - extracting our alleged ID Aug 26 13:14:53.409784: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.409787: | match_id a=@west Aug 26 13:14:53.409788: | b=@west Aug 26 13:14:53.409790: | results matched Aug 26 13:14:53.409793: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:14:53.409795: | Warning: not switching back to template of current instance Aug 26 13:14:53.409796: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 13:14:53.409798: | This connection's local id is @east (ID_FQDN) Aug 26 13:14:53.409800: | refine_host_connection: checked westnet-eastnet-ipv4-psk-ikev2 against westnet-eastnet-ipv4-psk-ikev2, now for see if best Aug 26 13:14:53.409802: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.409808: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.409810: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.409812: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.409814: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.409816: | line 1: match=014 Aug 26 13:14:53.409818: | match 014 beats previous best_match 000 match=0x55657818db58 (line=1) Aug 26 13:14:53.409819: | concluding with best_match=014 best=0x55657818db58 (lineno=1) Aug 26 13:14:53.409821: | returning because exact peer id match Aug 26 13:14:53.409823: | offered CA: '%none' Aug 26 13:14:53.409825: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west' Aug 26 13:14:53.409838: | verifying AUTH payload Aug 26 13:14:53.409841: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Aug 26 13:14:53.409843: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.409845: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.409847: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.409849: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.409851: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.409852: | line 1: match=014 Aug 26 13:14:53.409854: | match 014 beats previous best_match 000 match=0x55657818db58 (line=1) Aug 26 13:14:53.409855: | concluding with best_match=014 best=0x55657818db58 (lineno=1) Aug 26 13:14:53.409895: "westnet-eastnet-ipv4-psk-ikev2" #1: Authenticated using authby=secret Aug 26 13:14:53.409899: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:14:53.409902: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:14:53.409904: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.409906: | libevent_free: release ptr-libevent@0x7fdc10002888 Aug 26 13:14:53.409908: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556578237b78 Aug 26 13:14:53.409910: | event_schedule: new EVENT_SA_REKEY-pe@0x556578237b78 Aug 26 13:14:53.409912: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:14:53.409914: | libevent_malloc: new ptr-libevent@0x55657823b448 size 128 Aug 26 13:14:53.410016: | pstats #1 ikev2.ike established Aug 26 13:14:53.410023: | **emit ISAKMP Message: Aug 26 13:14:53.410025: | initiator cookie: Aug 26 13:14:53.410027: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.410028: | responder cookie: Aug 26 13:14:53.410030: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.410032: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.410034: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.410035: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.410037: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.410039: | Message ID: 1 (0x1) Aug 26 13:14:53.410041: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.410043: | IKEv2 CERT: send a certificate? Aug 26 13:14:53.410045: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:14:53.410046: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:53.410048: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.410050: | flags: none (0x0) Aug 26 13:14:53.410052: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:53.410054: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410056: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:53.410062: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.410071: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.410073: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.410075: | flags: none (0x0) Aug 26 13:14:53.410078: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.410080: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.410082: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410084: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:14:53.410086: | my identity 65 61 73 74 Aug 26 13:14:53.410088: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:14:53.410093: | assembled IDr payload Aug 26 13:14:53.410095: | CHILD SA proposals received Aug 26 13:14:53.410096: | going to assemble AUTH payload Aug 26 13:14:53.410098: | ****emit IKEv2 Authentication Payload: Aug 26 13:14:53.410100: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.410101: | flags: none (0x0) Aug 26 13:14:53.410103: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.410105: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:14:53.410107: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.410109: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410111: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Aug 26 13:14:53.410113: | started looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.410115: | actually looking for secret for @east->@west of kind PKK_PSK Aug 26 13:14:53.410117: | line 1: key type PKK_PSK(@east) to type PKK_PSK Aug 26 13:14:53.410119: | 1: compared key @west to @east / @west -> 004 Aug 26 13:14:53.410121: | 2: compared key @east to @east / @west -> 014 Aug 26 13:14:53.410123: | line 1: match=014 Aug 26 13:14:53.410124: | match 014 beats previous best_match 000 match=0x55657818db58 (line=1) Aug 26 13:14:53.410126: | concluding with best_match=014 best=0x55657818db58 (lineno=1) Aug 26 13:14:53.410161: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:14:53.410164: | PSK auth 3a dc f8 1c d7 b8 b4 77 bb 08 c4 fa 53 97 ae 46 Aug 26 13:14:53.410165: | PSK auth 9c 61 fd f4 97 de de e4 7b d6 88 a1 e0 91 98 be Aug 26 13:14:53.410167: | PSK auth 88 af de 8b 3f 8e 91 fe e2 f5 cd 50 51 c0 f1 92 Aug 26 13:14:53.410168: | PSK auth 66 e3 b4 64 7c ef 4c 8f a0 17 33 4d f2 e2 82 37 Aug 26 13:14:53.410170: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:14:53.410173: | creating state object #2 at 0x55657823bff8 Aug 26 13:14:53.410175: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:14:53.410178: | pstats #2 ikev2.child started Aug 26 13:14:53.410180: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:14:53.410183: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:53.410187: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.410190: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:14:53.410193: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:53.410195: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:14:53.410197: | TSi: parsing 1 traffic selectors Aug 26 13:14:53.410199: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.410201: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.410202: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.410205: | length: 16 (0x10) Aug 26 13:14:53.410207: | start port: 0 (0x0) Aug 26 13:14:53.410209: | end port: 65535 (0xffff) Aug 26 13:14:53.410211: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.410212: | TS low c0 00 01 00 Aug 26 13:14:53.410214: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.410216: | TS high c0 00 01 ff Aug 26 13:14:53.410217: | TSi: parsed 1 traffic selectors Aug 26 13:14:53.410219: | TSr: parsing 1 traffic selectors Aug 26 13:14:53.410221: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.410222: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.410224: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.410225: | length: 16 (0x10) Aug 26 13:14:53.410227: | start port: 0 (0x0) Aug 26 13:14:53.410228: | end port: 65535 (0xffff) Aug 26 13:14:53.410230: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.410231: | TS low c0 00 02 00 Aug 26 13:14:53.410233: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.410235: | TS high c0 00 02 ff Aug 26 13:14:53.410236: | TSr: parsed 1 traffic selectors Aug 26 13:14:53.410238: | looking for best SPD in current connection Aug 26 13:14:53.410241: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.410245: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.410249: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.410251: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.410252: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.410254: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.410256: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.410259: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.410262: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.410264: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.410266: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.410267: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.410269: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.410271: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.410273: | found better spd route for TSi[0],TSr[0] Aug 26 13:14:53.410274: | looking for better host pair Aug 26 13:14:53.410277: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Aug 26 13:14:53.410280: | checking hostpair 192.0.2.0/24 -> 192.0.1.0/24 is found Aug 26 13:14:53.410282: | investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match Aug 26 13:14:53.410284: | match_id a=@west Aug 26 13:14:53.410286: | b=@west Aug 26 13:14:53.410287: | results matched Aug 26 13:14:53.410299: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.410304: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.410308: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.410310: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.410312: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.410326: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.410329: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.410331: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.410334: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.410336: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.410337: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.410340: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.410342: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.410344: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.410345: | did not find a better connection using host pair Aug 26 13:14:53.410347: | printing contents struct traffic_selector Aug 26 13:14:53.410348: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:14:53.410350: | ipprotoid: 0 Aug 26 13:14:53.410351: | port range: 0-65535 Aug 26 13:14:53.410354: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:14:53.410355: | printing contents struct traffic_selector Aug 26 13:14:53.410357: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:14:53.410358: | ipprotoid: 0 Aug 26 13:14:53.410359: | port range: 0-65535 Aug 26 13:14:53.410362: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:14:53.410364: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:14:53.410368: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:53.410372: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.410374: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:53.410377: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.410379: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.410382: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.410383: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.410386: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.410390: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.410393: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:14:53.410395: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.410397: | local proposal 1 type PRF has 0 transforms Aug 26 13:14:53.410398: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.410400: | local proposal 1 type DH has 1 transforms Aug 26 13:14:53.410401: | local proposal 1 type ESN has 1 transforms Aug 26 13:14:53.410404: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.410405: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.410407: | local proposal 2 type PRF has 0 transforms Aug 26 13:14:53.410408: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.410410: | local proposal 2 type DH has 1 transforms Aug 26 13:14:53.410411: | local proposal 2 type ESN has 1 transforms Aug 26 13:14:53.410413: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.410415: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.410416: | local proposal 3 type PRF has 0 transforms Aug 26 13:14:53.410418: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.410419: | local proposal 3 type DH has 1 transforms Aug 26 13:14:53.410421: | local proposal 3 type ESN has 1 transforms Aug 26 13:14:53.410423: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.410424: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.410426: | local proposal 4 type PRF has 0 transforms Aug 26 13:14:53.410428: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.410429: | local proposal 4 type DH has 1 transforms Aug 26 13:14:53.410432: | local proposal 4 type ESN has 1 transforms Aug 26 13:14:53.410433: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.410435: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.410437: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.410439: | length: 32 (0x20) Aug 26 13:14:53.410441: | prop #: 1 (0x1) Aug 26 13:14:53.410442: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.410444: | spi size: 4 (0x4) Aug 26 13:14:53.410445: | # transforms: 2 (0x2) Aug 26 13:14:53.410447: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.410449: | remote SPI 6a e6 90 b2 Aug 26 13:14:53.410451: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:14:53.410453: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410455: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410456: | length: 12 (0xc) Aug 26 13:14:53.410458: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.410459: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.410461: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.410463: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.410464: | length/value: 256 (0x100) Aug 26 13:14:53.410467: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.410469: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410471: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.410472: | length: 8 (0x8) Aug 26 13:14:53.410474: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.410475: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.410477: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:14:53.410479: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:14:53.410481: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:14:53.410483: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:14:53.410485: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:14:53.410488: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:14:53.410490: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.410492: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.410493: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.410495: | length: 32 (0x20) Aug 26 13:14:53.410496: | prop #: 2 (0x2) Aug 26 13:14:53.410498: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.410499: | spi size: 4 (0x4) Aug 26 13:14:53.410501: | # transforms: 2 (0x2) Aug 26 13:14:53.410503: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.410504: | remote SPI 6a e6 90 b2 Aug 26 13:14:53.410506: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.410508: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410511: | length: 12 (0xc) Aug 26 13:14:53.410512: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.410514: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.410516: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.410517: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.410519: | length/value: 128 (0x80) Aug 26 13:14:53.410521: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410522: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.410524: | length: 8 (0x8) Aug 26 13:14:53.410525: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.410528: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.410530: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:14:53.410532: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:14:53.410533: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.410535: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.410536: | length: 48 (0x30) Aug 26 13:14:53.410538: | prop #: 3 (0x3) Aug 26 13:14:53.410539: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.410541: | spi size: 4 (0x4) Aug 26 13:14:53.410542: | # transforms: 4 (0x4) Aug 26 13:14:53.410544: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.410546: | remote SPI 6a e6 90 b2 Aug 26 13:14:53.410547: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.410549: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410552: | length: 12 (0xc) Aug 26 13:14:53.410554: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.410555: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.410557: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.410558: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.410560: | length/value: 256 (0x100) Aug 26 13:14:53.410562: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410565: | length: 8 (0x8) Aug 26 13:14:53.410566: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.410568: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.410570: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410573: | length: 8 (0x8) Aug 26 13:14:53.410574: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.410576: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.410578: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410579: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.410581: | length: 8 (0x8) Aug 26 13:14:53.410582: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.410584: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.410586: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:14:53.410588: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:14:53.410589: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.410591: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.410592: | length: 48 (0x30) Aug 26 13:14:53.410594: | prop #: 4 (0x4) Aug 26 13:14:53.410595: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.410597: | spi size: 4 (0x4) Aug 26 13:14:53.410598: | # transforms: 4 (0x4) Aug 26 13:14:53.410600: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.410601: | remote SPI 6a e6 90 b2 Aug 26 13:14:53.410603: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:14:53.410605: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410608: | length: 12 (0xc) Aug 26 13:14:53.410609: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.410611: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.410613: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.410614: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.410616: | length/value: 128 (0x80) Aug 26 13:14:53.410617: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410619: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410622: | length: 8 (0x8) Aug 26 13:14:53.410623: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.410625: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.410626: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410629: | length: 8 (0x8) Aug 26 13:14:53.410631: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.410633: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.410634: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410636: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.410637: | length: 8 (0x8) Aug 26 13:14:53.410639: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.410640: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.410642: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:14:53.410644: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:14:53.410647: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:ESP:SPI=6ae690b2;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:14:53.410650: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=6ae690b2;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:14:53.410652: | converting proposal to internal trans attrs Aug 26 13:14:53.410666: | netlink_get_spi: allocated 0x466329a6 for esp.0@192.1.2.23 Aug 26 13:14:53.410668: | Emitting ikev2_proposal ... Aug 26 13:14:53.410670: | ****emit IKEv2 Security Association Payload: Aug 26 13:14:53.410671: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.410673: | flags: none (0x0) Aug 26 13:14:53.410675: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.410677: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410679: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.410681: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.410682: | prop #: 1 (0x1) Aug 26 13:14:53.410684: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.410685: | spi size: 4 (0x4) Aug 26 13:14:53.410687: | # transforms: 2 (0x2) Aug 26 13:14:53.410688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.410691: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.410692: | our spi 46 63 29 a6 Aug 26 13:14:53.410694: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410697: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.410698: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.410700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.410702: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.410704: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.410705: | length/value: 256 (0x100) Aug 26 13:14:53.410707: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.410709: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.410710: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.410712: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.410713: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.410715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.410718: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.410720: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.410722: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.410724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.410725: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:14:53.410727: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.410729: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.410730: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.410732: | flags: none (0x0) Aug 26 13:14:53.410734: | number of TS: 1 (0x1) Aug 26 13:14:53.410736: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.410738: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410739: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.410741: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.410742: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.410744: | start port: 0 (0x0) Aug 26 13:14:53.410745: | end port: 65535 (0xffff) Aug 26 13:14:53.410747: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.410749: | ipv4 start c0 00 01 00 Aug 26 13:14:53.410751: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.410752: | ipv4 end c0 00 01 ff Aug 26 13:14:53.410754: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.410755: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:14:53.410757: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.410759: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.410760: | flags: none (0x0) Aug 26 13:14:53.410762: | number of TS: 1 (0x1) Aug 26 13:14:53.410764: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.410765: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.410767: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.410769: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.410770: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.410772: | start port: 0 (0x0) Aug 26 13:14:53.410773: | end port: 65535 (0xffff) Aug 26 13:14:53.410775: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.410776: | ipv4 start c0 00 02 00 Aug 26 13:14:53.410778: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.410779: | ipv4 end c0 00 02 ff Aug 26 13:14:53.410781: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.410783: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:14:53.410784: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.410787: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:14:53.410880: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:14:53.410886: | #1 spent 1.1 milliseconds Aug 26 13:14:53.410888: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:14:53.410890: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:14:53.410892: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.410894: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.410897: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.410900: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.410902: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.410905: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.410906: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.410908: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.410911: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.410913: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.410915: | netlink: enabling tunnel mode Aug 26 13:14:53.410917: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.410919: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.410971: | netlink response for Add SA esp.6ae690b2@192.1.2.45 included non-error error Aug 26 13:14:53.410975: | set up outgoing SA, ref=0/0 Aug 26 13:14:53.410993: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.410995: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.410997: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.410998: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.411001: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.411003: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.411004: | netlink: enabling tunnel mode Aug 26 13:14:53.411006: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.411008: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.411033: | netlink response for Add SA esp.466329a6@192.1.2.23 included non-error error Aug 26 13:14:53.411038: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.411042: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:14:53.411044: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.411064: | raw_eroute result=success Aug 26 13:14:53.411067: | set up incoming SA, ref=0/0 Aug 26 13:14:53.411069: | sr for #2: unrouted Aug 26 13:14:53.411071: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:14:53.411073: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.411075: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.411077: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.411079: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.411081: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:14:53.411084: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.411088: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Aug 26 13:14:53.411090: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.411098: | raw_eroute result=success Aug 26 13:14:53.411101: | running updown command "ipsec _updown" for verb up Aug 26 13:14:53.411104: | command executing up-client Aug 26 13:14:53.411120: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Aug 26 13:14:53.411124: | popen cmd is 1046 chars long Aug 26 13:14:53.411126: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:14:53.411128: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.: Aug 26 13:14:53.411130: | cmd( 160):2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 13:14:53.411131: | cmd( 240):2.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 13:14:53.411133: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_P: Aug 26 13:14:53.411135: | cmd( 400):EER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0: Aug 26 13:14:53.411136: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:14:53.411138: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 13:14:53.411140: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 13:14:53.411141: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 13:14:53.411143: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 13:14:53.411145: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 13:14:53.411146: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6ae690b2 SPI_OUT=0x466329a6 ipsec _updow: Aug 26 13:14:53.411148: | cmd(1040):n 2>&1: Aug 26 13:14:53.418635: | route_and_eroute: firewall_notified: true Aug 26 13:14:53.418663: | running updown command "ipsec _updown" for verb prepare Aug 26 13:14:53.418666: | command executing prepare-client Aug 26 13:14:53.418687: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Aug 26 13:14:53.418690: | popen cmd is 1051 chars long Aug 26 13:14:53.418692: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:53.418694: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 13:14:53.418696: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:53.418697: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:53.418699: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PL: Aug 26 13:14:53.418701: | cmd( 400):UTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:14:53.418706: | cmd( 480):0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:14:53.418709: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:14:53.418711: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:14:53.418713: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:14:53.418715: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:14:53.418718: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:14:53.418720: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6ae690b2 SPI_OUT=0x466329a6 ipsec _: Aug 26 13:14:53.418722: | cmd(1040):updown 2>&1: Aug 26 13:14:53.426690: | running updown command "ipsec _updown" for verb route Aug 26 13:14:53.426702: | command executing route-client Aug 26 13:14:53.426724: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 13:14:53.426727: | popen cmd is 1049 chars long Aug 26 13:14:53.426729: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:14:53.426730: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192: Aug 26 13:14:53.426732: | cmd( 160):.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 13:14:53.426734: | cmd( 240):'192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 13:14:53.426735: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUT: Aug 26 13:14:53.426737: | cmd( 400):O_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:14:53.426739: | cmd( 480):1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:14:53.426740: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:14:53.426742: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:14:53.426744: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:14:53.426745: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:14:53.426747: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:14:53.426748: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6ae690b2 SPI_OUT=0x466329a6 ipsec _up: Aug 26 13:14:53.426750: | cmd(1040):down 2>&1: Aug 26 13:14:53.438231: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x556578234888,sr=0x556578234888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:14:53.438313: | #1 spent 1.52 milliseconds in install_ipsec_sa() Aug 26 13:14:53.438322: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:14:53.438328: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:53.438331: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:53.438334: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:53.438336: | emitting length of IKEv2 Encryption Payload: 197 Aug 26 13:14:53.438338: | emitting length of ISAKMP Message: 225 Aug 26 13:14:53.438367: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:14:53.438371: | #1 spent 2.68 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:14:53.438377: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.438381: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.438384: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:14:53.438387: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:14:53.438389: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:14:53.438392: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:14:53.438396: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:14:53.438399: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.438401: | pstats #2 ikev2.child established Aug 26 13:14:53.438407: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Aug 26 13:14:53.438410: | NAT-T: encaps is 'auto' Aug 26 13:14:53.438413: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x6ae690b2 <0x466329a6 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:14:53.438417: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Aug 26 13:14:53.438422: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:53.438424: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.438426: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:14:53.438427: | bd c8 c2 b5 8b e8 88 d3 8c 0a 1f 46 3d bf f5 8d Aug 26 13:14:53.438429: | 3f 0a 49 11 60 6b 5f b9 d4 cf 8a 0f 0c f7 e8 8e Aug 26 13:14:53.438430: | 7c 3f c5 b9 14 3e 4c 23 ec d0 af e0 3d 83 c2 f1 Aug 26 13:14:53.438432: | df ef ff 67 a8 d8 a8 ff ac 23 a7 5b 98 37 c1 50 Aug 26 13:14:53.438433: | 2a 0a 06 fb 90 63 22 1d 95 85 cb 56 fa 14 24 1b Aug 26 13:14:53.438435: | 9d 29 6a bb f1 0f 1c 6f b3 0e d6 cb ff 56 1b ff Aug 26 13:14:53.438436: | fe 22 75 7c d5 1c d8 fa c6 7c 70 c1 a1 38 32 60 Aug 26 13:14:53.438438: | 41 d1 43 ea 6b a0 e9 d8 38 eb 1b 77 2f 8e 19 ee Aug 26 13:14:53.438439: | a4 2c 01 4a e4 0b a6 3d 37 0e ad cd 4b 79 59 86 Aug 26 13:14:53.438441: | 11 93 36 07 06 af 20 27 21 96 b4 90 b3 5f 41 db Aug 26 13:14:53.438442: | 94 48 18 73 20 61 55 e5 92 5d cf 40 15 4e 15 c8 Aug 26 13:14:53.438444: | 56 2b 84 bb 11 cc bc fe 33 58 f0 7e a5 1f 97 d1 Aug 26 13:14:53.438445: | 18 Aug 26 13:14:53.438492: | releasing whack for #2 (sock=fd@-1) Aug 26 13:14:53.438509: | releasing whack and unpending for parent #1 Aug 26 13:14:53.438512: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.438515: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:14:53.438517: | event_schedule: new EVENT_SA_REKEY-pe@0x7fdc10002b78 Aug 26 13:14:53.438522: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:14:53.438525: | libevent_malloc: new ptr-libevent@0x55657823bef8 size 128 Aug 26 13:14:53.438535: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.438540: | #1 spent 2.93 milliseconds in resume sending helper answer Aug 26 13:14:53.438543: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Aug 26 13:14:53.438547: | libevent_free: release ptr-libevent@0x7fdc08000f48 Aug 26 13:14:53.438558: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.438562: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.438565: | spent 0.00399 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.438567: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.438570: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.438572: | spent 0.00245 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.438574: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.438576: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.438578: | spent 0.00241 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:56.992668: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:56.993000: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:56.993007: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:56.993063: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:14:56.993068: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:56.993078: | get_sa_info esp.466329a6@192.1.2.23 Aug 26 13:14:56.993093: | get_sa_info esp.6ae690b2@192.1.2.45 Aug 26 13:14:56.993113: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:56.993119: | spent 0.459 milliseconds in whack Aug 26 13:14:57.788883: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:57.788904: shutting down Aug 26 13:14:57.788912: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:14:57.788919: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:57.788922: forgetting secrets Aug 26 13:14:57.788928: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:57.788932: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:14:57.788934: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:14:57.788935: | pass 0 Aug 26 13:14:57.788937: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:57.788939: | state #2 Aug 26 13:14:57.788941: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.788946: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.788948: | pstats #2 ikev2.child deleted completed Aug 26 13:14:57.788951: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:14:57.788954: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_R) aged 4.378s and sending notification Aug 26 13:14:57.788956: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:14:57.788960: | get_sa_info esp.6ae690b2@192.1.2.45 Aug 26 13:14:57.788971: | get_sa_info esp.466329a6@192.1.2.23 Aug 26 13:14:57.788977: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 13:14:57.788980: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:14:57.788982: | Opening output PBS informational exchange delete request Aug 26 13:14:57.788984: | **emit ISAKMP Message: Aug 26 13:14:57.788986: | initiator cookie: Aug 26 13:14:57.788991: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.788992: | responder cookie: Aug 26 13:14:57.788994: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.788996: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.788997: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.788999: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.789001: | flags: none (0x0) Aug 26 13:14:57.789003: | Message ID: 0 (0x0) Aug 26 13:14:57.789005: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.789007: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.789009: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.789010: | flags: none (0x0) Aug 26 13:14:57.789012: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.789014: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.789017: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.789029: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.789031: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.789033: | flags: none (0x0) Aug 26 13:14:57.789035: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.789036: | SPI size: 4 (0x4) Aug 26 13:14:57.789038: | number of SPIs: 1 (0x1) Aug 26 13:14:57.789040: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.789042: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.789044: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:14:57.789045: | local spis 46 63 29 a6 Aug 26 13:14:57.789047: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:14:57.789049: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.789051: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.789053: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.789054: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:14:57.789056: | emitting length of ISAKMP Message: 69 Aug 26 13:14:57.789076: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Aug 26 13:14:57.789079: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.789080: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.789082: | 87 28 04 cd f2 af fa 80 05 3a ef 19 64 a0 64 b4 Aug 26 13:14:57.789083: | 96 8a bf 30 20 5f 03 ff b4 e8 c1 68 46 a2 03 3b Aug 26 13:14:57.789085: | f1 eb 7b 3f 64 Aug 26 13:14:57.789119: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:14:57.789122: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Aug 26 13:14:57.789125: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:57.789128: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.789131: | libevent_free: release ptr-libevent@0x55657823bef8 Aug 26 13:14:57.789133: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fdc10002b78 Aug 26 13:14:57.789194: | running updown command "ipsec _updown" for verb down Aug 26 13:14:57.789199: | command executing down-client Aug 26 13:14:57.789217: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 13:14:57.789221: | popen cmd is 1057 chars long Aug 26 13:14:57.789223: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:14:57.789225: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.: Aug 26 13:14:57.789227: | cmd( 160):1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 13:14:57.789229: | cmd( 240):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 13:14:57.789230: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO: Aug 26 13:14:57.789232: | cmd( 400):_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1: Aug 26 13:14:57.789234: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:14:57.789235: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CO: Aug 26 13:14:57.789237: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Aug 26 13:14:57.789239: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Aug 26 13:14:57.789240: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Aug 26 13:14:57.789242: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Aug 26 13:14:57.789244: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6ae690b2 SPI_OUT=0x466329a6 i: Aug 26 13:14:57.789245: | cmd(1040):psec _updown 2>&1: Aug 26 13:14:57.799362: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:14:57.799388: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.799391: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.799394: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:57.799446: | delete esp.6ae690b2@192.1.2.45 Aug 26 13:14:57.799467: | netlink response for Del SA esp.6ae690b2@192.1.2.45 included non-error error Aug 26 13:14:57.799476: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.799484: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:14:57.799508: | raw_eroute result=success Aug 26 13:14:57.799514: | delete esp.466329a6@192.1.2.23 Aug 26 13:14:57.799526: | netlink response for Del SA esp.466329a6@192.1.2.23 included non-error error Aug 26 13:14:57.799539: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:14:57.799544: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:14:57.799548: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.799552: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Aug 26 13:14:57.799559: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:14:57.799569: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:14:57.799584: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:57.799591: | state #1 Aug 26 13:14:57.799594: | pass 1 Aug 26 13:14:57.799597: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:57.799600: | state #1 Aug 26 13:14:57.799607: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:57.799610: | pstats #1 ikev2.ike deleted completed Aug 26 13:14:57.799617: | #1 spent 6.35 milliseconds in total Aug 26 13:14:57.799624: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Aug 26 13:14:57.799628: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_PARENT_R2) aged 4.395s and sending notification Aug 26 13:14:57.799632: | parent state #1: PARENT_R2(established IKE SA) => delete Aug 26 13:14:57.799680: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:14:57.799686: | Opening output PBS informational exchange delete request Aug 26 13:14:57.799690: | **emit ISAKMP Message: Aug 26 13:14:57.799693: | initiator cookie: Aug 26 13:14:57.799696: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.799699: | responder cookie: Aug 26 13:14:57.799702: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.799705: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.799709: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.799713: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.799717: | flags: none (0x0) Aug 26 13:14:57.799720: | Message ID: 1 (0x1) Aug 26 13:14:57.799724: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.799728: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.799732: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.799735: | flags: none (0x0) Aug 26 13:14:57.799739: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.799743: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.799747: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.799763: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.799767: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.799770: | flags: none (0x0) Aug 26 13:14:57.799773: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:14:57.799776: | SPI size: 0 (0x0) Aug 26 13:14:57.799779: | number of SPIs: 0 (0x0) Aug 26 13:14:57.799783: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.799787: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:14:57.799791: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:14:57.799794: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.799798: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.799802: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.799804: | emitting length of IKEv2 Encryption Payload: 37 Aug 26 13:14:57.799806: | emitting length of ISAKMP Message: 65 Aug 26 13:14:57.799842: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Aug 26 13:14:57.799844: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.799845: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:14:57.799847: | 1d 7e e8 a0 e0 e6 0d 3b 35 54 07 79 d7 3d 80 4a Aug 26 13:14:57.799848: | 31 aa f3 3c 62 95 4f 43 0a 10 e4 b0 e2 48 c9 c4 Aug 26 13:14:57.799850: | c9 Aug 26 13:14:57.799879: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:14:57.799887: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:14:57.799893: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Aug 26 13:14:57.799897: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Aug 26 13:14:57.799901: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.799910: | libevent_free: release ptr-libevent@0x55657823b448 Aug 26 13:14:57.799913: | free_event_entry: release EVENT_SA_REKEY-pe@0x556578237b78 Aug 26 13:14:57.799919: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:57.799922: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.799925: | State DB: deleting IKEv2 state #1 in PARENT_R2 Aug 26 13:14:57.799929: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:14:57.799967: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Aug 26 13:14:57.799995: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:57.800000: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:14:57.800003: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.800007: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.800039: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.800049: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:57.800052: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:57.800055: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:57.800059: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:14:57.800062: | running updown command "ipsec _updown" for verb unroute Aug 26 13:14:57.800065: | command executing unroute-client Aug 26 13:14:57.800119: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Aug 26 13:14:57.800123: | popen cmd is 1038 chars long Aug 26 13:14:57.800126: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:57.800129: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='1: Aug 26 13:14:57.800132: | cmd( 160):92.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:57.800135: | cmd( 240):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:57.800138: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' P: Aug 26 13:14:57.800141: | cmd( 400):LUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:14:57.800147: | cmd( 480):.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:14:57.800150: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 13:14:57.800153: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 13:14:57.800156: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:14:57.800159: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:14:57.800162: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:14:57.800165: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:14:57.808756: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.808774: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.809041: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.809051: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.809060: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.809070: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:57.813638: | free hp@0x5565782362c8 Aug 26 13:14:57.813656: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list Aug 26 13:14:57.813659: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:14:57.813672: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:14:57.813674: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:14:57.813685: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:14:57.813688: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:14:57.813690: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:14:57.813692: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:14:57.813694: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:14:57.813696: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:14:57.813699: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:14:57.813709: | libevent_free: release ptr-libevent@0x556578227f98 Aug 26 13:14:57.813712: | free_event_entry: release EVENT_NULL-pe@0x556578233a98 Aug 26 13:14:57.813721: | libevent_free: release ptr-libevent@0x5565781bc098 Aug 26 13:14:57.813723: | free_event_entry: release EVENT_NULL-pe@0x556578233b48 Aug 26 13:14:57.813728: | libevent_free: release ptr-libevent@0x5565781bd838 Aug 26 13:14:57.813730: | free_event_entry: release EVENT_NULL-pe@0x556578233bf8 Aug 26 13:14:57.813735: | libevent_free: release ptr-libevent@0x5565781bd788 Aug 26 13:14:57.813737: | free_event_entry: release EVENT_NULL-pe@0x556578233ca8 Aug 26 13:14:57.813742: | libevent_free: release ptr-libevent@0x5565781924e8 Aug 26 13:14:57.813744: | free_event_entry: release EVENT_NULL-pe@0x556578233d58 Aug 26 13:14:57.813748: | libevent_free: release ptr-libevent@0x5565781921d8 Aug 26 13:14:57.813750: | free_event_entry: release EVENT_NULL-pe@0x556578233e08 Aug 26 13:14:57.813754: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:57.814144: | libevent_free: release ptr-libevent@0x556578228048 Aug 26 13:14:57.814151: | free_event_entry: release EVENT_NULL-pe@0x55657821be38 Aug 26 13:14:57.814155: | libevent_free: release ptr-libevent@0x5565781bc198 Aug 26 13:14:57.814157: | free_event_entry: release EVENT_NULL-pe@0x55657821bdc8 Aug 26 13:14:57.814161: | libevent_free: release ptr-libevent@0x5565781ff568 Aug 26 13:14:57.814163: | free_event_entry: release EVENT_NULL-pe@0x55657821b2a8 Aug 26 13:14:57.814165: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:14:57.814167: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:14:57.814168: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:14:57.814170: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:14:57.814171: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:14:57.814176: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:14:57.814178: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:14:57.814179: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:14:57.814181: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:14:57.814185: | libevent_free: release ptr-libevent@0x5565781c6388 Aug 26 13:14:57.814186: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:14:57.814188: | libevent_free: release ptr-libevent@0x5565781be238 Aug 26 13:14:57.814190: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:14:57.814192: | libevent_free: release ptr-libevent@0x556578233458 Aug 26 13:14:57.814194: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:14:57.814196: | libevent_free: release ptr-libevent@0x556578233698 Aug 26 13:14:57.814197: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:14:57.814199: | releasing event base Aug 26 13:14:57.814208: | libevent_free: release ptr-libevent@0x556578233568 Aug 26 13:14:57.814210: | libevent_free: release ptr-libevent@0x556578216578 Aug 26 13:14:57.814213: | libevent_free: release ptr-libevent@0x556578216528 Aug 26 13:14:57.814215: | libevent_free: release ptr-libevent@0x5565782164b8 Aug 26 13:14:57.814216: | libevent_free: release ptr-libevent@0x556578216478 Aug 26 13:14:57.814218: | libevent_free: release ptr-libevent@0x556578233318 Aug 26 13:14:57.814220: | libevent_free: release ptr-libevent@0x556578233398 Aug 26 13:14:57.814221: | libevent_free: release ptr-libevent@0x556578216728 Aug 26 13:14:57.814223: | libevent_free: release ptr-libevent@0x55657821b3b8 Aug 26 13:14:57.814224: | libevent_free: release ptr-libevent@0x55657821bd88 Aug 26 13:14:57.814226: | libevent_free: release ptr-libevent@0x556578233e78 Aug 26 13:14:57.814228: | libevent_free: release ptr-libevent@0x556578233dc8 Aug 26 13:14:57.814229: | libevent_free: release ptr-libevent@0x556578233d18 Aug 26 13:14:57.814231: | libevent_free: release ptr-libevent@0x556578233c68 Aug 26 13:14:57.814232: | libevent_free: release ptr-libevent@0x556578233bb8 Aug 26 13:14:57.814234: | libevent_free: release ptr-libevent@0x556578233b08 Aug 26 13:14:57.814235: | libevent_free: release ptr-libevent@0x5565781bb698 Aug 26 13:14:57.814237: | libevent_free: release ptr-libevent@0x556578233418 Aug 26 13:14:57.814239: | libevent_free: release ptr-libevent@0x5565782333d8 Aug 26 13:14:57.814240: | libevent_free: release ptr-libevent@0x556578233358 Aug 26 13:14:57.814242: | libevent_free: release ptr-libevent@0x556578233528 Aug 26 13:14:57.814243: | libevent_free: release ptr-libevent@0x5565781ba828 Aug 26 13:14:57.814245: | libevent_free: release ptr-libevent@0x556578191908 Aug 26 13:14:57.814247: | libevent_free: release ptr-libevent@0x556578191d38 Aug 26 13:14:57.814248: | libevent_free: release ptr-libevent@0x5565781bab98 Aug 26 13:14:57.814250: | releasing global libevent data Aug 26 13:14:57.814252: | libevent_free: release ptr-libevent@0x5565781917f8 Aug 26 13:14:57.814254: | libevent_free: release ptr-libevent@0x556578191cd8 Aug 26 13:14:57.814256: | libevent_free: release ptr-libevent@0x556578191dd8 Aug 26 13:14:57.814284: leak detective found no leaks