Aug 26 13:14:53.103751: FIPS Product: YES Aug 26 13:14:53.103842: FIPS Kernel: NO Aug 26 13:14:53.103845: FIPS Mode: NO Aug 26 13:14:53.103846: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:14:53.103963: Initializing NSS Aug 26 13:14:53.103968: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:14:53.129064: NSS initialized Aug 26 13:14:53.129077: NSS crypto library initialized Aug 26 13:14:53.129079: FIPS HMAC integrity support [enabled] Aug 26 13:14:53.129082: FIPS mode disabled for pluto daemon Aug 26 13:14:53.154075: FIPS HMAC integrity verification self-test FAILED Aug 26 13:14:53.154176: libcap-ng support [enabled] Aug 26 13:14:53.154183: Linux audit support [enabled] Aug 26 13:14:53.154211: Linux audit activated Aug 26 13:14:53.154218: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19365 Aug 26 13:14:53.154221: core dump dir: /tmp Aug 26 13:14:53.154224: secrets file: /etc/ipsec.secrets Aug 26 13:14:53.154226: leak-detective enabled Aug 26 13:14:53.154228: NSS crypto [enabled] Aug 26 13:14:53.154231: XAUTH PAM support [enabled] Aug 26 13:14:53.154322: | libevent is using pluto's memory allocator Aug 26 13:14:53.154345: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:14:53.154359: | libevent_malloc: new ptr-libevent@0x55c1611957f8 size 40 Aug 26 13:14:53.154366: | libevent_malloc: new ptr-libevent@0x55c161195cd8 size 40 Aug 26 13:14:53.154369: | libevent_malloc: new ptr-libevent@0x55c161195dd8 size 40 Aug 26 13:14:53.154372: | creating event base Aug 26 13:14:53.154375: | libevent_malloc: new ptr-libevent@0x55c16121a4b8 size 56 Aug 26 13:14:53.154380: | libevent_malloc: new ptr-libevent@0x55c1611beb98 size 664 Aug 26 13:14:53.154391: | libevent_malloc: new ptr-libevent@0x55c16121a528 size 24 Aug 26 13:14:53.154394: | libevent_malloc: new ptr-libevent@0x55c16121a578 size 384 Aug 26 13:14:53.154404: | libevent_malloc: new ptr-libevent@0x55c16121a478 size 16 Aug 26 13:14:53.154407: | libevent_malloc: new ptr-libevent@0x55c161195908 size 40 Aug 26 13:14:53.154410: | libevent_malloc: new ptr-libevent@0x55c161195d38 size 48 Aug 26 13:14:53.154416: | libevent_realloc: new ptr-libevent@0x55c1611bf698 size 256 Aug 26 13:14:53.154420: | libevent_malloc: new ptr-libevent@0x55c16121a728 size 16 Aug 26 13:14:53.154425: | libevent_free: release ptr-libevent@0x55c16121a4b8 Aug 26 13:14:53.154429: | libevent initialized Aug 26 13:14:53.154433: | libevent_realloc: new ptr-libevent@0x55c16121a4b8 size 64 Aug 26 13:14:53.154439: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:14:53.154454: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:14:53.154457: NAT-Traversal support [enabled] Aug 26 13:14:53.154460: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:14:53.154473: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:14:53.154477: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:14:53.154509: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:14:53.154513: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:14:53.154516: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:14:53.154568: Encryption algorithms: Aug 26 13:14:53.154575: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:14:53.154579: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:14:53.154584: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:14:53.154587: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:14:53.154591: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:14:53.154600: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:14:53.154605: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:14:53.154609: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:14:53.154613: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:14:53.154618: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:14:53.154622: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:14:53.154626: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:14:53.154630: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:14:53.154634: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:14:53.154639: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:14:53.154642: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:14:53.154646: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:14:53.154653: Hash algorithms: Aug 26 13:14:53.154656: MD5 IKEv1: IKE IKEv2: Aug 26 13:14:53.154660: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:14:53.154664: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:14:53.154667: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:14:53.154671: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:14:53.154686: PRF algorithms: Aug 26 13:14:53.154690: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:14:53.154694: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:14:53.154698: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:14:53.154702: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:14:53.154705: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:14:53.154709: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:14:53.154736: Integrity algorithms: Aug 26 13:14:53.154740: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:14:53.154745: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:14:53.154749: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:14:53.154754: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:14:53.154759: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:14:53.154762: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:14:53.154766: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:14:53.154769: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:14:53.154773: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:14:53.154786: DH algorithms: Aug 26 13:14:53.154790: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:14:53.154793: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:14:53.154796: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:14:53.154802: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:14:53.154805: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:14:53.154809: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:14:53.154812: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:14:53.154816: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:14:53.154820: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:14:53.154823: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:14:53.154827: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:14:53.154830: testing CAMELLIA_CBC: Aug 26 13:14:53.154833: Camellia: 16 bytes with 128-bit key Aug 26 13:14:53.154946: Camellia: 16 bytes with 128-bit key Aug 26 13:14:53.154977: Camellia: 16 bytes with 256-bit key Aug 26 13:14:53.155007: Camellia: 16 bytes with 256-bit key Aug 26 13:14:53.155035: testing AES_GCM_16: Aug 26 13:14:53.155038: empty string Aug 26 13:14:53.155069: one block Aug 26 13:14:53.155095: two blocks Aug 26 13:14:53.155122: two blocks with associated data Aug 26 13:14:53.155148: testing AES_CTR: Aug 26 13:14:53.155151: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:14:53.155179: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:14:53.155207: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:14:53.155236: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:14:53.155263: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:14:53.155298: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:14:53.155348: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:14:53.155391: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:14:53.155419: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:14:53.155449: testing AES_CBC: Aug 26 13:14:53.155452: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:14:53.155480: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:14:53.155510: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:14:53.155554: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:14:53.155590: testing AES_XCBC: Aug 26 13:14:53.155593: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:14:53.155721: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:14:53.155878: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:14:53.155998: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:14:53.156121: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:14:53.156243: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:14:53.156409: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:14:53.156722: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:14:53.156876: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:14:53.157009: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:14:53.157237: testing HMAC_MD5: Aug 26 13:14:53.157241: RFC 2104: MD5_HMAC test 1 Aug 26 13:14:53.157441: RFC 2104: MD5_HMAC test 2 Aug 26 13:14:53.157592: RFC 2104: MD5_HMAC test 3 Aug 26 13:14:53.157829: 8 CPU cores online Aug 26 13:14:53.157834: starting up 7 crypto helpers Aug 26 13:14:53.157864: started thread for crypto helper 0 Aug 26 13:14:53.157890: | starting up helper thread 0 Aug 26 13:14:53.157901: started thread for crypto helper 1 Aug 26 13:14:53.157905: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:14:53.157907: | starting up helper thread 1 Aug 26 13:14:53.157908: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:53.157920: started thread for crypto helper 2 Aug 26 13:14:53.157922: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:14:53.157947: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:53.157970: started thread for crypto helper 3 Aug 26 13:14:53.157924: | starting up helper thread 2 Aug 26 13:14:53.157988: | starting up helper thread 3 Aug 26 13:14:53.158005: started thread for crypto helper 4 Aug 26 13:14:53.158008: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:14:53.158024: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:53.157992: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:14:53.158051: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:53.158047: | starting up helper thread 4 Aug 26 13:14:53.158049: started thread for crypto helper 5 Aug 26 13:14:53.158067: | starting up helper thread 5 Aug 26 13:14:53.158063: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:14:53.158071: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:14:53.158080: | crypto helper 4 waiting (nothing to do) Aug 26 13:14:53.158087: | starting up helper thread 6 Aug 26 13:14:53.158093: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:14:53.158096: | crypto helper 6 waiting (nothing to do) Aug 26 13:14:53.158085: started thread for crypto helper 6 Aug 26 13:14:53.158102: | crypto helper 5 waiting (nothing to do) Aug 26 13:14:53.158104: | checking IKEv1 state table Aug 26 13:14:53.158116: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158119: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:14:53.158122: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158124: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:14:53.158127: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:14:53.158130: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:14:53.158132: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:53.158135: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:53.158137: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:14:53.158140: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:14:53.158142: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:53.158145: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:14:53.158147: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:14:53.158150: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:53.158152: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:53.158155: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:53.158157: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:14:53.158160: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:53.158162: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:53.158165: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:14:53.158167: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:14:53.158170: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158173: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:14:53.158175: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158178: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158180: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:14:53.158183: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158186: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:53.158188: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:14:53.158191: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:14:53.158193: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:53.158195: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:14:53.158198: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:14:53.158201: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158203: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:14:53.158206: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158209: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:14:53.158211: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:14:53.158217: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:14:53.158220: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:14:53.158222: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:14:53.158225: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:14:53.158228: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:14:53.158230: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158233: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:14:53.158235: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158238: | INFO: category: informational flags: 0: Aug 26 13:14:53.158241: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158243: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:14:53.158246: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158249: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:14:53.158251: | -> XAUTH_R1 EVENT_NULL Aug 26 13:14:53.158254: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:14:53.158256: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:14:53.158259: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:14:53.158262: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:14:53.158265: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:14:53.158267: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:14:53.158270: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:14:53.158272: | -> UNDEFINED EVENT_NULL Aug 26 13:14:53.158275: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:14:53.158278: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:14:53.158280: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:14:53.158283: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:14:53.158286: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:14:53.158293: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:14:53.158302: | checking IKEv2 state table Aug 26 13:14:53.158308: | PARENT_I0: category: ignore flags: 0: Aug 26 13:14:53.158311: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:14:53.158327: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158330: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:14:53.158333: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:14:53.158336: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:14:53.158338: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:14:53.158341: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:14:53.158344: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:14:53.158347: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:14:53.158349: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:14:53.158352: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:14:53.158355: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:14:53.158358: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:14:53.158360: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:14:53.158363: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:14:53.158365: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158368: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:14:53.158371: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:14:53.158374: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:14:53.158377: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:14:53.158379: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:14:53.158382: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:14:53.158387: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:14:53.158389: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:14:53.158392: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:14:53.158395: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:14:53.158398: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:14:53.158400: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:14:53.158403: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:14:53.158406: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:14:53.158409: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:53.158412: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:14:53.158414: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:14:53.158417: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:14:53.158420: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:14:53.158423: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:14:53.158426: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:14:53.158429: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:14:53.158432: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:14:53.158434: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:14:53.158437: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:14:53.158440: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:14:53.158443: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:14:53.158446: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:14:53.158449: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:14:53.158451: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:14:53.158464: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:14:53.158519: | Hard-wiring algorithms Aug 26 13:14:53.158523: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:14:53.158527: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:14:53.158529: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:14:53.158532: | adding 3DES_CBC to kernel algorithm db Aug 26 13:14:53.158534: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:14:53.158537: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:14:53.158539: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:14:53.158542: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:14:53.158544: | adding AES_CTR to kernel algorithm db Aug 26 13:14:53.158547: | adding AES_CBC to kernel algorithm db Aug 26 13:14:53.158549: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:14:53.158552: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:14:53.158554: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:14:53.158557: | adding NULL to kernel algorithm db Aug 26 13:14:53.158560: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:14:53.158563: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:14:53.158565: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:14:53.158568: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:14:53.158570: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:14:53.158573: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:14:53.158575: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:14:53.158577: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:14:53.158580: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:14:53.158582: | adding NONE to kernel algorithm db Aug 26 13:14:53.158603: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:14:53.158609: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:14:53.158611: | setup kernel fd callback Aug 26 13:14:53.158615: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55c16121f2a8 Aug 26 13:14:53.158619: | libevent_malloc: new ptr-libevent@0x55c161203568 size 128 Aug 26 13:14:53.158622: | libevent_malloc: new ptr-libevent@0x55c16121f3b8 size 16 Aug 26 13:14:53.158628: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55c16121fdc8 Aug 26 13:14:53.158632: | libevent_malloc: new ptr-libevent@0x55c1611c0198 size 128 Aug 26 13:14:53.158635: | libevent_malloc: new ptr-libevent@0x55c16121fd88 size 16 Aug 26 13:14:53.158883: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:14:53.158891: selinux support is enabled. Aug 26 13:14:53.159119: | unbound context created - setting debug level to 5 Aug 26 13:14:53.159144: | /etc/hosts lookups activated Aug 26 13:14:53.159158: | /etc/resolv.conf usage activated Aug 26 13:14:53.159222: | outgoing-port-avoid set 0-65535 Aug 26 13:14:53.159251: | outgoing-port-permit set 32768-60999 Aug 26 13:14:53.159254: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:14:53.159257: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:14:53.159260: | Setting up events, loop start Aug 26 13:14:53.159263: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55c16121fe38 Aug 26 13:14:53.159266: | libevent_malloc: new ptr-libevent@0x55c16122c048 size 128 Aug 26 13:14:53.159270: | libevent_malloc: new ptr-libevent@0x55c161237318 size 16 Aug 26 13:14:53.159275: | libevent_realloc: new ptr-libevent@0x55c1611be828 size 256 Aug 26 13:14:53.159279: | libevent_malloc: new ptr-libevent@0x55c161237358 size 8 Aug 26 13:14:53.159282: | libevent_realloc: new ptr-libevent@0x55c161191918 size 144 Aug 26 13:14:53.159285: | libevent_malloc: new ptr-libevent@0x55c1611ca388 size 152 Aug 26 13:14:53.159292: | libevent_malloc: new ptr-libevent@0x55c161237398 size 16 Aug 26 13:14:53.159299: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:14:53.159302: | libevent_malloc: new ptr-libevent@0x55c1612373d8 size 8 Aug 26 13:14:53.159307: | libevent_malloc: new ptr-libevent@0x55c1611c2238 size 152 Aug 26 13:14:53.159310: | signal event handler PLUTO_SIGTERM installed Aug 26 13:14:53.159313: | libevent_malloc: new ptr-libevent@0x55c161237418 size 8 Aug 26 13:14:53.159316: | libevent_malloc: new ptr-libevent@0x55c161237458 size 152 Aug 26 13:14:53.159319: | signal event handler PLUTO_SIGHUP installed Aug 26 13:14:53.159321: | libevent_malloc: new ptr-libevent@0x55c161237528 size 8 Aug 26 13:14:53.159324: | libevent_realloc: release ptr-libevent@0x55c161191918 Aug 26 13:14:53.159327: | libevent_realloc: new ptr-libevent@0x55c161237568 size 256 Aug 26 13:14:53.159330: | libevent_malloc: new ptr-libevent@0x55c161237698 size 152 Aug 26 13:14:53.159333: | signal event handler PLUTO_SIGSYS installed Aug 26 13:14:53.159678: | created addconn helper (pid:19412) using fork+execve Aug 26 13:14:53.159694: | forked child 19412 Aug 26 13:14:53.160331: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.160345: listening for IKE messages Aug 26 13:14:53.160378: | Inspecting interface lo Aug 26 13:14:53.160383: | found lo with address 127.0.0.1 Aug 26 13:14:53.160386: | Inspecting interface eth0 Aug 26 13:14:53.160389: | found eth0 with address 192.0.1.254 Aug 26 13:14:53.160392: | Inspecting interface eth1 Aug 26 13:14:53.160395: | found eth1 with address 192.1.2.45 Aug 26 13:14:53.160495: Kernel supports NIC esp-hw-offload Aug 26 13:14:53.160505: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Aug 26 13:14:53.160526: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:53.160531: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:53.160533: adding interface eth1/eth1 192.1.2.45:4500 Aug 26 13:14:53.160558: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Aug 26 13:14:53.160577: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:53.160581: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:53.160583: adding interface eth0/eth0 192.0.1.254:4500 Aug 26 13:14:53.160604: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:14:53.160622: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:14:53.160626: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:14:53.160628: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:14:53.160674: | no interfaces to sort Aug 26 13:14:53.160677: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:53.160683: | add_fd_read_event_handler: new ethX-pe@0x55c161237a98 Aug 26 13:14:53.160685: | libevent_malloc: new ptr-libevent@0x55c16122bf98 size 128 Aug 26 13:14:53.160688: | libevent_malloc: new ptr-libevent@0x55c161237b08 size 16 Aug 26 13:14:53.160693: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:53.160695: | add_fd_read_event_handler: new ethX-pe@0x55c161237b48 Aug 26 13:14:53.160698: | libevent_malloc: new ptr-libevent@0x55c1611c0098 size 128 Aug 26 13:14:53.160700: | libevent_malloc: new ptr-libevent@0x55c161237bb8 size 16 Aug 26 13:14:53.160703: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:53.160705: | add_fd_read_event_handler: new ethX-pe@0x55c161237bf8 Aug 26 13:14:53.160707: | libevent_malloc: new ptr-libevent@0x55c1611c1838 size 128 Aug 26 13:14:53.160709: | libevent_malloc: new ptr-libevent@0x55c161237c68 size 16 Aug 26 13:14:53.160712: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:14:53.160714: | add_fd_read_event_handler: new ethX-pe@0x55c161237ca8 Aug 26 13:14:53.160715: | libevent_malloc: new ptr-libevent@0x55c1611c1788 size 128 Aug 26 13:14:53.160717: | libevent_malloc: new ptr-libevent@0x55c161237d18 size 16 Aug 26 13:14:53.160720: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:14:53.160722: | add_fd_read_event_handler: new ethX-pe@0x55c161237d58 Aug 26 13:14:53.160724: | libevent_malloc: new ptr-libevent@0x55c1611964e8 size 128 Aug 26 13:14:53.160726: | libevent_malloc: new ptr-libevent@0x55c161237dc8 size 16 Aug 26 13:14:53.160729: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:14:53.160731: | add_fd_read_event_handler: new ethX-pe@0x55c161237e08 Aug 26 13:14:53.160732: | libevent_malloc: new ptr-libevent@0x55c1611961d8 size 128 Aug 26 13:14:53.160734: | libevent_malloc: new ptr-libevent@0x55c161237e78 size 16 Aug 26 13:14:53.160737: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:14:53.160740: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:53.160742: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:53.160757: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:53.160766: | id type added to secret(0x55c161191b58) PKK_PSK: @east Aug 26 13:14:53.160770: | id type added to secret(0x55c161191b58) PKK_PSK: @west Aug 26 13:14:53.160773: | Processing PSK at line 1: passed Aug 26 13:14:53.160775: | certs and keys locked by 'process_secret' Aug 26 13:14:53.160777: | certs and keys unlocked by 'process_secret' Aug 26 13:14:53.160786: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.160792: | spent 0.467 milliseconds in whack Aug 26 13:14:53.178799: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.178816: listening for IKE messages Aug 26 13:14:53.178843: | Inspecting interface lo Aug 26 13:14:53.178848: | found lo with address 127.0.0.1 Aug 26 13:14:53.178850: | Inspecting interface eth0 Aug 26 13:14:53.178853: | found eth0 with address 192.0.1.254 Aug 26 13:14:53.178855: | Inspecting interface eth1 Aug 26 13:14:53.178858: | found eth1 with address 192.1.2.45 Aug 26 13:14:53.178911: | no interfaces to sort Aug 26 13:14:53.178926: | libevent_free: release ptr-libevent@0x55c16122bf98 Aug 26 13:14:53.178931: | free_event_entry: release EVENT_NULL-pe@0x55c161237a98 Aug 26 13:14:53.178935: | add_fd_read_event_handler: new ethX-pe@0x55c161237a98 Aug 26 13:14:53.178939: | libevent_malloc: new ptr-libevent@0x55c16122bf98 size 128 Aug 26 13:14:53.178947: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:14:53.178953: | libevent_free: release ptr-libevent@0x55c1611c0098 Aug 26 13:14:53.178956: | free_event_entry: release EVENT_NULL-pe@0x55c161237b48 Aug 26 13:14:53.178960: | add_fd_read_event_handler: new ethX-pe@0x55c161237b48 Aug 26 13:14:53.178964: | libevent_malloc: new ptr-libevent@0x55c1611c0098 size 128 Aug 26 13:14:53.178971: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:14:53.178976: | libevent_free: release ptr-libevent@0x55c1611c1838 Aug 26 13:14:53.178979: | free_event_entry: release EVENT_NULL-pe@0x55c161237bf8 Aug 26 13:14:53.178983: | add_fd_read_event_handler: new ethX-pe@0x55c161237bf8 Aug 26 13:14:53.178987: | libevent_malloc: new ptr-libevent@0x55c1611c1838 size 128 Aug 26 13:14:53.178993: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Aug 26 13:14:53.178997: | libevent_free: release ptr-libevent@0x55c1611c1788 Aug 26 13:14:53.179001: | free_event_entry: release EVENT_NULL-pe@0x55c161237ca8 Aug 26 13:14:53.179005: | add_fd_read_event_handler: new ethX-pe@0x55c161237ca8 Aug 26 13:14:53.179009: | libevent_malloc: new ptr-libevent@0x55c1611c1788 size 128 Aug 26 13:14:53.179015: | setup callback for interface eth0 192.0.1.254:500 fd 19 Aug 26 13:14:53.179020: | libevent_free: release ptr-libevent@0x55c1611964e8 Aug 26 13:14:53.179024: | free_event_entry: release EVENT_NULL-pe@0x55c161237d58 Aug 26 13:14:53.179028: | add_fd_read_event_handler: new ethX-pe@0x55c161237d58 Aug 26 13:14:53.179032: | libevent_malloc: new ptr-libevent@0x55c1611964e8 size 128 Aug 26 13:14:53.179038: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Aug 26 13:14:53.179043: | libevent_free: release ptr-libevent@0x55c1611961d8 Aug 26 13:14:53.179047: | free_event_entry: release EVENT_NULL-pe@0x55c161237e08 Aug 26 13:14:53.179051: | add_fd_read_event_handler: new ethX-pe@0x55c161237e08 Aug 26 13:14:53.179054: | libevent_malloc: new ptr-libevent@0x55c1611961d8 size 128 Aug 26 13:14:53.179060: | setup callback for interface eth1 192.1.2.45:500 fd 17 Aug 26 13:14:53.179065: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:53.179068: forgetting secrets Aug 26 13:14:53.179077: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:53.179093: loading secrets from "/etc/ipsec.secrets" Aug 26 13:14:53.179103: | id type added to secret(0x55c161191b58) PKK_PSK: @east Aug 26 13:14:53.179108: | id type added to secret(0x55c161191b58) PKK_PSK: @west Aug 26 13:14:53.179114: | Processing PSK at line 1: passed Aug 26 13:14:53.179117: | certs and keys locked by 'process_secret' Aug 26 13:14:53.179121: | certs and keys unlocked by 'process_secret' Aug 26 13:14:53.179132: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.179138: | spent 0.346 milliseconds in whack Aug 26 13:14:53.179693: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.179709: | waitpid returned pid 19412 (exited with status 0) Aug 26 13:14:53.179712: | reaped addconn helper child (status 0) Aug 26 13:14:53.179716: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.179719: | spent 0.0147 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.235382: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.235401: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.235404: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:53.235406: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.235408: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:14:53.235411: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.235417: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:53.235462: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:14:53.235465: | from whack: got --esp= Aug 26 13:14:53.235491: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:14:53.235494: | counting wild cards for @west is 0 Aug 26 13:14:53.235496: | counting wild cards for @east is 0 Aug 26 13:14:53.235503: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:14:53.235505: | new hp@0x55c16123a2c8 Aug 26 13:14:53.235508: added connection description "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.235516: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:14:53.235527: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:14:53.235535: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.235541: | spent 0.165 milliseconds in whack Aug 26 13:14:53.291607: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.291625: | old debugging base+cpu-usage + none Aug 26 13:14:53.291628: | base debugging = base+cpu-usage Aug 26 13:14:53.291630: | old impairing none + suppress-retransmits Aug 26 13:14:53.291632: | base impairing = suppress-retransmits Aug 26 13:14:53.291637: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.291642: | spent 0.0435 milliseconds in whack Aug 26 13:14:53.401522: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:53.401540: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:14:53.401558: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:53.401563: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:14:53.401565: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:14:53.401567: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:14:53.401569: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:53.401599: | creating state object #1 at 0x55c16123a3a8 Aug 26 13:14:53.401602: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:14:53.401607: | pstats #1 ikev2.ike started Aug 26 13:14:53.401609: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:53.401612: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:14:53.401616: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.401621: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:53.401625: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:53.401628: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:14:53.401631: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.401634: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Aug 26 13:14:53.401641: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Aug 26 13:14:53.401667: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.401674: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.401676: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.401680: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.401682: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.401686: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.401688: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:14:53.401691: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.401710: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.401717: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:14:53.401735: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c16123cb18 Aug 26 13:14:53.401738: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.401741: | libevent_malloc: new ptr-libevent@0x55c16123cb88 size 128 Aug 26 13:14:53.401754: | #1 spent 0.189 milliseconds in ikev2_parent_outI1() Aug 26 13:14:53.401756: | crypto helper 0 resuming Aug 26 13:14:53.401758: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.401781: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:14:53.401785: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.401785: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:14:53.401792: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:53.401794: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:14:53.401798: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Aug 26 13:14:53.401802: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:53.401806: | spent 0.303 milliseconds in whack Aug 26 13:14:53.402411: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000625 seconds Aug 26 13:14:53.402421: | (#1) spent 0.613 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:14:53.402423: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:14:53.402425: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.402430: | libevent_malloc: new ptr-libevent@0x7fb6f8002888 size 128 Aug 26 13:14:53.402436: | crypto helper 0 waiting (nothing to do) Aug 26 13:14:53.402442: | processing resume sending helper answer for #1 Aug 26 13:14:53.402448: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:53.402451: | crypto helper 0 replies to request ID 1 Aug 26 13:14:53.402453: | calling continuation function 0x55c1609efb50 Aug 26 13:14:53.402455: | ikev2_parent_outI1_continue for #1 Aug 26 13:14:53.402478: | **emit ISAKMP Message: Aug 26 13:14:53.402480: | initiator cookie: Aug 26 13:14:53.402482: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.402484: | responder cookie: Aug 26 13:14:53.402485: | 00 00 00 00 00 00 00 00 Aug 26 13:14:53.402487: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.402489: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.402491: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.402493: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.402495: | Message ID: 0 (0x0) Aug 26 13:14:53.402497: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.402506: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.402508: | Emitting ikev2_proposals ... Aug 26 13:14:53.402510: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:53.402512: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.402513: | flags: none (0x0) Aug 26 13:14:53.402515: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.402517: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.402519: | discarding INTEG=NONE Aug 26 13:14:53.402521: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.402523: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.402525: | prop #: 1 (0x1) Aug 26 13:14:53.402526: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.402528: | spi size: 0 (0x0) Aug 26 13:14:53.402529: | # transforms: 11 (0xb) Aug 26 13:14:53.402531: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.402533: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.402538: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.402540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402542: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.402544: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.402545: | length/value: 256 (0x100) Aug 26 13:14:53.402548: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.402549: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402552: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402556: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.402559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402562: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402564: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402567: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402569: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.402570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402574: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402575: | discarding INTEG=NONE Aug 26 13:14:53.402577: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402582: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.402584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402587: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402589: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402593: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.402595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402599: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402600: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402605: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.402607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402610: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402612: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402617: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.402619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402622: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402625: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402629: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.402631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402635: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402636: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402638: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402641: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.402643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402646: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402648: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402653: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.402654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402658: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402659: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402661: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.402663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402664: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.402666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402668: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402670: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402671: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:53.402673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.402675: | discarding INTEG=NONE Aug 26 13:14:53.402676: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.402678: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.402679: | prop #: 2 (0x2) Aug 26 13:14:53.402681: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.402683: | spi size: 0 (0x0) Aug 26 13:14:53.402684: | # transforms: 11 (0xb) Aug 26 13:14:53.402686: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.402688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.402690: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402693: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.402694: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.402697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402699: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.402701: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.402702: | length/value: 128 (0x80) Aug 26 13:14:53.402704: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.402706: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402709: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402710: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.402712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402716: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402717: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402719: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402720: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402722: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.402724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402729: | discarding INTEG=NONE Aug 26 13:14:53.402730: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402733: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402735: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.402737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402740: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402742: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402746: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.402748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402753: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402758: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.402760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402763: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402766: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402767: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402769: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402770: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.402772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402776: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402777: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402779: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402782: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.402784: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402787: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402789: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402792: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402793: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.402795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402799: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402800: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402802: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402803: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402805: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.402807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402810: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402812: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402813: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.402815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402817: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.402819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402824: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:53.402825: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.402827: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.402829: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.402830: | prop #: 3 (0x3) Aug 26 13:14:53.402832: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.402833: | spi size: 0 (0x0) Aug 26 13:14:53.402837: | # transforms: 13 (0xd) Aug 26 13:14:53.402839: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.402841: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.402843: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402846: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.402848: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.402849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402851: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.402853: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.402854: | length/value: 256 (0x100) Aug 26 13:14:53.402856: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.402857: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402861: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402862: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.402864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402868: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402869: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402872: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.402874: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.402876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402878: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402879: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402881: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402884: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.402886: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.402887: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402892: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402894: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402896: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.402897: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.402899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402903: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402904: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402908: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402910: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.402912: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402915: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402916: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402921: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.402923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402927: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402928: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402933: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.402935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402938: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402944: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.402946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402950: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402951: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402956: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.402958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402960: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402961: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402963: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402967: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.402969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402973: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402975: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402980: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.402982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402985: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402987: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.402988: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.402990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.402991: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.402993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.402995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.402997: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.402998: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:53.403000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.403002: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.403003: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.403005: | prop #: 4 (0x4) Aug 26 13:14:53.403006: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.403008: | spi size: 0 (0x0) Aug 26 13:14:53.403010: | # transforms: 13 (0xd) Aug 26 13:14:53.403012: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.403013: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.403015: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403018: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.403020: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.403021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403023: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.403025: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.403026: | length/value: 128 (0x80) Aug 26 13:14:53.403028: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.403029: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403033: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.403034: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.403036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403039: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403041: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403044: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.403046: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:53.403048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403050: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403052: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403053: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403056: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.403058: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.403060: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403063: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403065: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403068: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.403070: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.403071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403075: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403076: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403081: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.403083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403086: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403088: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403091: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403093: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:53.403095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403096: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403098: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403100: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403104: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:53.403106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403110: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403111: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403113: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403117: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:53.403118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403122: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403123: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403128: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:53.403130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403134: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403135: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403140: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:53.403142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403145: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403147: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403151: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:53.403153: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403157: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403158: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.403160: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.403161: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.403163: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:53.403165: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.403167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.403168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.403170: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:53.403172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.403173: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:14:53.403175: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.403177: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:53.403178: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.403181: | flags: none (0x0) Aug 26 13:14:53.403182: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.403185: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:53.403186: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.403189: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:53.403190: | ikev2 g^x cc 77 f8 ce 06 f9 42 8c b6 ec fa b6 26 f1 6a 0a Aug 26 13:14:53.403192: | ikev2 g^x 95 c0 5d 82 17 41 ff 42 7c f8 7c 87 81 f3 d4 c4 Aug 26 13:14:53.403194: | ikev2 g^x 4b 1c 85 88 18 13 79 d3 ac 9f f5 c0 08 71 7b 15 Aug 26 13:14:53.403195: | ikev2 g^x 0c 5e 29 5b db a9 dc ab dc bf 97 cf 0b e1 5e a0 Aug 26 13:14:53.403197: | ikev2 g^x 78 20 95 a8 f8 ef c7 89 04 57 77 f4 a1 52 fe aa Aug 26 13:14:53.403198: | ikev2 g^x 08 ea 6e eb 3a b3 17 8e 1c c9 8b 9b 28 f7 5d ea Aug 26 13:14:53.403200: | ikev2 g^x da fe a5 eb 60 7a 77 8b 7e 64 20 93 ae 8c 3c c3 Aug 26 13:14:53.403201: | ikev2 g^x db 4a 2e 02 2c 21 96 6d 76 36 6e aa 91 f3 34 9d Aug 26 13:14:53.403203: | ikev2 g^x 7c af d5 e9 b6 45 22 94 da 38 96 54 e2 8c 0b 4d Aug 26 13:14:53.403204: | ikev2 g^x 7f 96 40 1e 6e ba ca 8b 35 b8 30 b9 06 8a f5 c8 Aug 26 13:14:53.403206: | ikev2 g^x 24 a7 ad 4b 28 19 9b e9 77 f4 d1 2f 25 fa 7e 80 Aug 26 13:14:53.403207: | ikev2 g^x dc 4c 00 6c d0 b4 ae 3d eb cc d7 11 ac 62 b6 d9 Aug 26 13:14:53.403209: | ikev2 g^x 50 f2 de 6c 28 b9 a7 dd b9 ab ed bb 86 df df 1f Aug 26 13:14:53.403210: | ikev2 g^x 30 95 e1 a5 65 bc 0b 90 8a cb b7 c2 d7 a0 ca d0 Aug 26 13:14:53.403212: | ikev2 g^x 03 93 ab 1c 50 f9 e9 8c d2 57 c3 a2 c2 15 03 9e Aug 26 13:14:53.403213: | ikev2 g^x bc c8 6d b3 2c 6f 00 49 7e 16 a9 8d 6b 13 79 6e Aug 26 13:14:53.403215: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:53.403217: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:53.403218: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.403220: | flags: none (0x0) Aug 26 13:14:53.403222: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:53.403224: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.403225: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.403227: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:53.403229: | IKEv2 nonce 8a 1e 0d 39 10 00 0f 1f db a3 5d dd 25 8d ff 91 Aug 26 13:14:53.403231: | IKEv2 nonce 24 a7 71 30 c1 45 c8 48 1e ef 2c 18 a5 24 4d f9 Aug 26 13:14:53.403232: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:53.403234: | Adding a v2N Payload Aug 26 13:14:53.403236: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.403237: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.403239: | flags: none (0x0) Aug 26 13:14:53.403240: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403242: | SPI size: 0 (0x0) Aug 26 13:14:53.403244: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.403246: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.403247: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.403249: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:53.403251: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:53.403253: | natd_hash: rcookie is zero Aug 26 13:14:53.403261: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:53.403263: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.403264: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.403266: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.403268: | natd_hash: port=500 Aug 26 13:14:53.403270: | natd_hash: hash= f3 cf be 71 29 dc a6 90 57 8f 74 12 a5 91 66 9c Aug 26 13:14:53.403271: | natd_hash: hash= b7 06 e4 02 Aug 26 13:14:53.403273: | Adding a v2N Payload Aug 26 13:14:53.403274: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.403276: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.403278: | flags: none (0x0) Aug 26 13:14:53.403279: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403281: | SPI size: 0 (0x0) Aug 26 13:14:53.403282: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.403284: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.403286: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.403311: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.403316: | Notify data f3 cf be 71 29 dc a6 90 57 8f 74 12 a5 91 66 9c Aug 26 13:14:53.403318: | Notify data b7 06 e4 02 Aug 26 13:14:53.403319: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.403321: | natd_hash: rcookie is zero Aug 26 13:14:53.403328: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:53.403330: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.403332: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:53.403333: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.403335: | natd_hash: port=500 Aug 26 13:14:53.403350: | natd_hash: hash= b9 23 37 15 60 21 82 af 08 88 a3 06 85 66 08 5c Aug 26 13:14:53.403351: | natd_hash: hash= f7 bd 44 71 Aug 26 13:14:53.403353: | Adding a v2N Payload Aug 26 13:14:53.403354: | ***emit IKEv2 Notify Payload: Aug 26 13:14:53.403356: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.403357: | flags: none (0x0) Aug 26 13:14:53.403359: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.403360: | SPI size: 0 (0x0) Aug 26 13:14:53.403362: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.403364: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:53.403366: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.403368: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:53.403369: | Notify data b9 23 37 15 60 21 82 af 08 88 a3 06 85 66 08 5c Aug 26 13:14:53.403371: | Notify data f7 bd 44 71 Aug 26 13:14:53.403372: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:53.403374: | emitting length of ISAKMP Message: 828 Aug 26 13:14:53.403378: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:14:53.403384: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.403387: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:14:53.403389: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:14:53.403391: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:14:53.403393: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:14:53.403395: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:14:53.403398: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:53.403400: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:53.403407: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:53.403414: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:53.403432: | 44 fe 8f 5e 66 f2 6b 1a 00 00 00 00 00 00 00 00 Aug 26 13:14:53.403433: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:53.403435: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.403437: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:53.403438: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:53.403440: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:53.403441: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:53.403443: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:53.403444: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:53.403446: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:53.403447: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:53.403449: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:53.403450: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:53.403452: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:53.403453: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:53.403455: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:53.403456: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:53.403458: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:53.403459: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:53.403474: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:53.403475: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:53.403477: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:53.403478: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:53.403480: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:53.403481: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:53.403483: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:53.403484: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:53.403486: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:53.403487: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:53.403489: | 28 00 01 08 00 0e 00 00 cc 77 f8 ce 06 f9 42 8c Aug 26 13:14:53.403490: | b6 ec fa b6 26 f1 6a 0a 95 c0 5d 82 17 41 ff 42 Aug 26 13:14:53.403492: | 7c f8 7c 87 81 f3 d4 c4 4b 1c 85 88 18 13 79 d3 Aug 26 13:14:53.403493: | ac 9f f5 c0 08 71 7b 15 0c 5e 29 5b db a9 dc ab Aug 26 13:14:53.403495: | dc bf 97 cf 0b e1 5e a0 78 20 95 a8 f8 ef c7 89 Aug 26 13:14:53.403496: | 04 57 77 f4 a1 52 fe aa 08 ea 6e eb 3a b3 17 8e Aug 26 13:14:53.403498: | 1c c9 8b 9b 28 f7 5d ea da fe a5 eb 60 7a 77 8b Aug 26 13:14:53.403499: | 7e 64 20 93 ae 8c 3c c3 db 4a 2e 02 2c 21 96 6d Aug 26 13:14:53.403501: | 76 36 6e aa 91 f3 34 9d 7c af d5 e9 b6 45 22 94 Aug 26 13:14:53.403502: | da 38 96 54 e2 8c 0b 4d 7f 96 40 1e 6e ba ca 8b Aug 26 13:14:53.403504: | 35 b8 30 b9 06 8a f5 c8 24 a7 ad 4b 28 19 9b e9 Aug 26 13:14:53.403505: | 77 f4 d1 2f 25 fa 7e 80 dc 4c 00 6c d0 b4 ae 3d Aug 26 13:14:53.403507: | eb cc d7 11 ac 62 b6 d9 50 f2 de 6c 28 b9 a7 dd Aug 26 13:14:53.403508: | b9 ab ed bb 86 df df 1f 30 95 e1 a5 65 bc 0b 90 Aug 26 13:14:53.403510: | 8a cb b7 c2 d7 a0 ca d0 03 93 ab 1c 50 f9 e9 8c Aug 26 13:14:53.403511: | d2 57 c3 a2 c2 15 03 9e bc c8 6d b3 2c 6f 00 49 Aug 26 13:14:53.403513: | 7e 16 a9 8d 6b 13 79 6e 29 00 00 24 8a 1e 0d 39 Aug 26 13:14:53.403514: | 10 00 0f 1f db a3 5d dd 25 8d ff 91 24 a7 71 30 Aug 26 13:14:53.403516: | c1 45 c8 48 1e ef 2c 18 a5 24 4d f9 29 00 00 08 Aug 26 13:14:53.403517: | 00 00 40 2e 29 00 00 1c 00 00 40 04 f3 cf be 71 Aug 26 13:14:53.403519: | 29 dc a6 90 57 8f 74 12 a5 91 66 9c b7 06 e4 02 Aug 26 13:14:53.403520: | 00 00 00 1c 00 00 40 05 b9 23 37 15 60 21 82 af Aug 26 13:14:53.403522: | 08 88 a3 06 85 66 08 5c f7 bd 44 71 Aug 26 13:14:53.403558: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.403576: | libevent_free: release ptr-libevent@0x55c16123cb88 Aug 26 13:14:53.403579: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c16123cb18 Aug 26 13:14:53.403580: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:53.403583: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:53.403588: | event_schedule: new EVENT_RETRANSMIT-pe@0x55c16123cb18 Aug 26 13:14:53.403591: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:14:53.403592: | libevent_malloc: new ptr-libevent@0x55c16123cb88 size 128 Aug 26 13:14:53.403596: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10579.146054 Aug 26 13:14:53.403598: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:14:53.403602: | #1 spent 1.11 milliseconds in resume sending helper answer Aug 26 13:14:53.403605: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:53.403607: | libevent_free: release ptr-libevent@0x7fb6f8002888 Aug 26 13:14:53.406118: | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.406136: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:53.406139: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.406140: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Aug 26 13:14:53.406142: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:14:53.406143: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:14:53.406145: | 04 00 00 0e 28 00 01 08 00 0e 00 00 7b 5b eb 68 Aug 26 13:14:53.406147: | a1 c0 8e e7 48 5b fb c7 ed f2 38 3c fa c6 c7 bb Aug 26 13:14:53.406148: | bb c0 d7 34 76 b5 01 9c e1 34 0c df f9 dd 62 94 Aug 26 13:14:53.406150: | 16 4a 36 95 ad 4b 06 a7 e4 56 dc e3 38 0e e0 0b Aug 26 13:14:53.406151: | da ac 2c 09 7f cc 14 c4 4e 5c 52 2c 4e a4 23 dc Aug 26 13:14:53.406153: | 32 98 48 54 37 bb 14 0e 2b de d7 f0 42 ea 7f 06 Aug 26 13:14:53.406154: | 0d 4d c4 20 cc 4f 26 69 b9 fb 1a 6d 85 1e c8 b6 Aug 26 13:14:53.406156: | 10 c0 70 fb f4 f5 5d a5 97 32 60 05 45 a4 72 4b Aug 26 13:14:53.406157: | 43 2b 44 98 bd 04 a9 0f ea e0 56 58 08 11 3f c4 Aug 26 13:14:53.406159: | 18 9a 58 87 79 a7 29 c2 a2 3e 4b 6a 14 98 dd 45 Aug 26 13:14:53.406160: | b0 38 ad 9f 8a a4 45 c9 21 ec 10 10 e1 cd 70 9f Aug 26 13:14:53.406162: | 83 8c 33 70 98 ac 13 f0 5c 62 89 b4 7b 85 94 15 Aug 26 13:14:53.406163: | 29 27 5c 65 80 2d 42 66 e2 25 c5 c7 da bd cf 8f Aug 26 13:14:53.406165: | 1e a1 f0 f5 35 71 3a 30 b6 8b d8 91 48 3c d4 89 Aug 26 13:14:53.406166: | 4e 67 61 f7 26 36 4a 6f d0 cf d9 2e 1e 84 29 8e Aug 26 13:14:53.406168: | 85 b7 f4 de 7a e0 de b6 63 78 54 bc f6 19 d4 15 Aug 26 13:14:53.406169: | 46 47 3b 7b b1 a5 e7 67 b8 30 0f 59 29 00 00 24 Aug 26 13:14:53.406171: | 09 9c 05 fa fa 52 df ec 40 fa 4f c2 2c f5 0e 14 Aug 26 13:14:53.406172: | 39 f7 7d 42 6a 6b 54 d9 e9 12 6e 09 b1 be 56 a6 Aug 26 13:14:53.406174: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:14:53.406176: | f5 63 95 99 ce 92 8b a0 11 e7 80 aa be 5a 30 f8 Aug 26 13:14:53.406177: | c6 1d 82 42 00 00 00 1c 00 00 40 05 c1 17 95 68 Aug 26 13:14:53.406179: | 2d aa 39 11 65 72 3c 80 6d 9a 07 48 dc a3 6a 74 Aug 26 13:14:53.406182: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:53.406184: | **parse ISAKMP Message: Aug 26 13:14:53.406186: | initiator cookie: Aug 26 13:14:53.406187: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.406189: | responder cookie: Aug 26 13:14:53.406190: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.406192: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.406196: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.406198: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:53.406200: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.406201: | Message ID: 0 (0x0) Aug 26 13:14:53.406203: | length: 432 (0x1b0) Aug 26 13:14:53.406205: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:14:53.406207: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:14:53.406210: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:14:53.406214: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.406217: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.406219: | #1 is idle Aug 26 13:14:53.406220: | #1 idle Aug 26 13:14:53.406222: | unpacking clear payload Aug 26 13:14:53.406223: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.406225: | ***parse IKEv2 Security Association Payload: Aug 26 13:14:53.406227: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:14:53.406229: | flags: none (0x0) Aug 26 13:14:53.406230: | length: 40 (0x28) Aug 26 13:14:53.406232: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:14:53.406234: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:14:53.406236: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:14:53.406237: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:14:53.406239: | flags: none (0x0) Aug 26 13:14:53.406241: | length: 264 (0x108) Aug 26 13:14:53.406242: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.406244: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:14:53.406245: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:14:53.406247: | ***parse IKEv2 Nonce Payload: Aug 26 13:14:53.406249: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.406250: | flags: none (0x0) Aug 26 13:14:53.406252: | length: 36 (0x24) Aug 26 13:14:53.406253: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:14:53.406255: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.406257: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.406258: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.406260: | flags: none (0x0) Aug 26 13:14:53.406261: | length: 8 (0x8) Aug 26 13:14:53.406263: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.406265: | SPI size: 0 (0x0) Aug 26 13:14:53.406266: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:53.406268: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:14:53.406270: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.406271: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.406273: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:53.406275: | flags: none (0x0) Aug 26 13:14:53.406276: | length: 28 (0x1c) Aug 26 13:14:53.406278: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.406279: | SPI size: 0 (0x0) Aug 26 13:14:53.406281: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:53.406282: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.406284: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:14:53.406286: | ***parse IKEv2 Notify Payload: Aug 26 13:14:53.406287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.406295: | flags: none (0x0) Aug 26 13:14:53.406297: | length: 28 (0x1c) Aug 26 13:14:53.406298: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:53.406300: | SPI size: 0 (0x0) Aug 26 13:14:53.406301: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:53.406303: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:14:53.406305: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:14:53.406308: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:53.406311: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:14:53.406325: | Now let's proceed with state specific processing Aug 26 13:14:53.406327: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:14:53.406330: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:14:53.406340: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:53.406342: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:14:53.406345: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.406347: | local proposal 1 type PRF has 2 transforms Aug 26 13:14:53.406348: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.406350: | local proposal 1 type DH has 8 transforms Aug 26 13:14:53.406351: | local proposal 1 type ESN has 0 transforms Aug 26 13:14:53.406354: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.406355: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.406357: | local proposal 2 type PRF has 2 transforms Aug 26 13:14:53.406358: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.406360: | local proposal 2 type DH has 8 transforms Aug 26 13:14:53.406362: | local proposal 2 type ESN has 0 transforms Aug 26 13:14:53.406363: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:14:53.406365: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.406367: | local proposal 3 type PRF has 2 transforms Aug 26 13:14:53.406368: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.406370: | local proposal 3 type DH has 8 transforms Aug 26 13:14:53.406371: | local proposal 3 type ESN has 0 transforms Aug 26 13:14:53.406373: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.406375: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.406376: | local proposal 4 type PRF has 2 transforms Aug 26 13:14:53.406378: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.406379: | local proposal 4 type DH has 8 transforms Aug 26 13:14:53.406381: | local proposal 4 type ESN has 0 transforms Aug 26 13:14:53.406383: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:14:53.406385: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.406386: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.406388: | length: 36 (0x24) Aug 26 13:14:53.406390: | prop #: 1 (0x1) Aug 26 13:14:53.406391: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:53.406393: | spi size: 0 (0x0) Aug 26 13:14:53.406409: | # transforms: 3 (0x3) Aug 26 13:14:53.406412: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:14:53.406414: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.406415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.406417: | length: 12 (0xc) Aug 26 13:14:53.406418: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.406420: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.406422: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.406436: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.406438: | length/value: 256 (0x100) Aug 26 13:14:53.406442: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.406444: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.406446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.406447: | length: 8 (0x8) Aug 26 13:14:53.406449: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:53.406450: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:53.406453: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:14:53.406454: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.406456: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.406457: | length: 8 (0x8) Aug 26 13:14:53.406459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:53.406461: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:53.406463: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:14:53.406465: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:14:53.406468: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:14:53.406469: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.406471: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:14:53.406473: | converting proposal to internal trans attrs Aug 26 13:14:53.406483: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:53.406485: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.406487: | natd_hash: rcookie= 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.406488: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:53.406490: | natd_hash: port=500 Aug 26 13:14:53.406492: | natd_hash: hash= c1 17 95 68 2d aa 39 11 65 72 3c 80 6d 9a 07 48 Aug 26 13:14:53.406493: | natd_hash: hash= dc a3 6a 74 Aug 26 13:14:53.406497: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:53.406499: | natd_hash: icookie= 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.406500: | natd_hash: rcookie= 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.406502: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:53.406503: | natd_hash: port=500 Aug 26 13:14:53.406505: | natd_hash: hash= f5 63 95 99 ce 92 8b a0 11 e7 80 aa be 5a 30 f8 Aug 26 13:14:53.406506: | natd_hash: hash= c6 1d 82 42 Aug 26 13:14:53.406508: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:14:53.406510: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:14:53.406511: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:14:53.406513: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:14:53.406517: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:14:53.406520: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:14:53.406522: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:53.406524: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:14:53.406526: | libevent_free: release ptr-libevent@0x55c16123cb88 Aug 26 13:14:53.406528: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55c16123cb18 Aug 26 13:14:53.406530: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55c16123cb18 Aug 26 13:14:53.406532: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:14:53.406534: | libevent_malloc: new ptr-libevent@0x55c16123c8b8 size 128 Aug 26 13:14:53.406542: | #1 spent 0.211 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:14:53.406560: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.406563: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:14:53.406565: | suspending state #1 and saving MD Aug 26 13:14:53.406566: | #1 is busy; has a suspended MD Aug 26 13:14:53.406569: | crypto helper 1 resuming Aug 26 13:14:53.406584: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:14:53.406570: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:53.406589: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:14:53.406591: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:53.406596: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.406599: | #1 spent 0.464 milliseconds in ikev2_process_packet() Aug 26 13:14:53.406602: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:53.406604: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.406606: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.406608: | spent 0.474 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.407305: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:14:53.407646: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001057 seconds Aug 26 13:14:53.407653: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:14:53.407656: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:14:53.407658: | scheduling resume sending helper answer for #1 Aug 26 13:14:53.407660: | libevent_malloc: new ptr-libevent@0x7fb6f0000f48 size 128 Aug 26 13:14:53.407665: | crypto helper 1 waiting (nothing to do) Aug 26 13:14:53.407694: | processing resume sending helper answer for #1 Aug 26 13:14:53.407703: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:53.407707: | crypto helper 1 replies to request ID 2 Aug 26 13:14:53.407709: | calling continuation function 0x55c1609efb50 Aug 26 13:14:53.407711: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:14:53.407717: | creating state object #2 at 0x55c16123f798 Aug 26 13:14:53.407720: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:14:53.407722: | pstats #2 ikev2.child started Aug 26 13:14:53.407724: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Aug 26 13:14:53.407728: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:53.407732: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:53.407736: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:14:53.407738: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:53.407740: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:53.407755: | libevent_free: release ptr-libevent@0x55c16123c8b8 Aug 26 13:14:53.407758: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55c16123cb18 Aug 26 13:14:53.407760: | event_schedule: new EVENT_SA_REPLACE-pe@0x55c16123cb18 Aug 26 13:14:53.407762: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:14:53.407778: | libevent_malloc: new ptr-libevent@0x55c16123c8b8 size 128 Aug 26 13:14:53.407780: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:14:53.407784: | **emit ISAKMP Message: Aug 26 13:14:53.407799: | initiator cookie: Aug 26 13:14:53.407801: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.407802: | responder cookie: Aug 26 13:14:53.407806: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.407808: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:53.407810: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.407811: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.407813: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:53.407815: | Message ID: 1 (0x1) Aug 26 13:14:53.407817: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:53.407819: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:53.407820: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.407822: | flags: none (0x0) Aug 26 13:14:53.407824: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:53.407826: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.407828: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:53.407833: | IKEv2 CERT: send a certificate? Aug 26 13:14:53.407836: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Aug 26 13:14:53.407838: | IDr payload will be sent Aug 26 13:14:53.407848: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:14:53.407850: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.407852: | flags: none (0x0) Aug 26 13:14:53.407854: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.407856: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:14:53.407858: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.407860: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:14:53.407861: | my identity 77 65 73 74 Aug 26 13:14:53.407863: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:14:53.407869: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.407871: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.407872: | flags: none (0x0) Aug 26 13:14:53.407874: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.407876: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:14:53.407878: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.407880: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.407882: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:14:53.407883: | IDr 65 61 73 74 Aug 26 13:14:53.407885: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:14:53.407887: | not sending INITIAL_CONTACT Aug 26 13:14:53.407889: | ****emit IKEv2 Authentication Payload: Aug 26 13:14:53.407890: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.407892: | flags: none (0x0) Aug 26 13:14:53.407894: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.407896: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.407898: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.407900: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Aug 26 13:14:53.407903: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.407905: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.407907: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:14:53.407910: | 1: compared key @west to @west / @east -> 010 Aug 26 13:14:53.407913: | 2: compared key @east to @west / @east -> 014 Aug 26 13:14:53.407915: | line 1: match=014 Aug 26 13:14:53.407917: | match 014 beats previous best_match 000 match=0x55c161191b58 (line=1) Aug 26 13:14:53.407919: | concluding with best_match=014 best=0x55c161191b58 (lineno=1) Aug 26 13:14:53.407956: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Aug 26 13:14:53.407958: | PSK auth ad c9 6e d0 84 15 a7 6e ba 47 09 f8 42 1f 0c 9d Aug 26 13:14:53.407960: | PSK auth 90 1b b1 66 5d 07 3c 22 28 bf 2b d4 82 0b 20 40 Aug 26 13:14:53.407962: | PSK auth 56 b9 37 75 07 3b 3a 0b 97 03 45 79 22 37 43 2a Aug 26 13:14:53.407963: | PSK auth b4 38 52 4e 6f 65 8a 58 db 3c 64 59 dd 1e cf db Aug 26 13:14:53.407965: | emitting length of IKEv2 Authentication Payload: 72 Aug 26 13:14:53.407967: | getting first pending from state #1 Aug 26 13:14:53.407997: | netlink_get_spi: allocated 0x6ae690b2 for esp.0@192.1.2.45 Aug 26 13:14:53.408000: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:14:53.408006: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:53.408010: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.408012: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:53.408014: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:14:53.408016: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.408020: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.408021: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:53.408024: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.408029: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.408035: | Emitting ikev2_proposals ... Aug 26 13:14:53.408038: | ****emit IKEv2 Security Association Payload: Aug 26 13:14:53.408039: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.408041: | flags: none (0x0) Aug 26 13:14:53.408043: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:53.408045: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.408047: | discarding INTEG=NONE Aug 26 13:14:53.408048: | discarding DH=NONE Aug 26 13:14:53.408050: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.408053: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408055: | prop #: 1 (0x1) Aug 26 13:14:53.408057: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.408059: | spi size: 4 (0x4) Aug 26 13:14:53.408062: | # transforms: 2 (0x2) Aug 26 13:14:53.408064: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.408067: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.408070: | our spi 6a e6 90 b2 Aug 26 13:14:53.408072: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408077: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.408079: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.408082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408087: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.408090: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.408093: | length/value: 256 (0x100) Aug 26 13:14:53.408096: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.408098: | discarding INTEG=NONE Aug 26 13:14:53.408100: | discarding DH=NONE Aug 26 13:14:53.408103: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408105: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.408107: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.408110: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.408113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408118: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408121: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.408123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.408126: | discarding INTEG=NONE Aug 26 13:14:53.408128: | discarding DH=NONE Aug 26 13:14:53.408130: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.408133: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408136: | prop #: 2 (0x2) Aug 26 13:14:53.408138: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.408140: | spi size: 4 (0x4) Aug 26 13:14:53.408143: | # transforms: 2 (0x2) Aug 26 13:14:53.408146: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408149: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.408152: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.408155: | our spi 6a e6 90 b2 Aug 26 13:14:53.408157: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408162: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.408165: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.408168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408170: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.408173: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.408175: | length/value: 128 (0x80) Aug 26 13:14:53.408178: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.408180: | discarding INTEG=NONE Aug 26 13:14:53.408181: | discarding DH=NONE Aug 26 13:14:53.408183: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408185: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.408186: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.408188: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.408190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408192: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408193: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408195: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:14:53.408197: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.408200: | discarding DH=NONE Aug 26 13:14:53.408202: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.408204: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408205: | prop #: 3 (0x3) Aug 26 13:14:53.408207: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.408208: | spi size: 4 (0x4) Aug 26 13:14:53.408210: | # transforms: 4 (0x4) Aug 26 13:14:53.408212: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408214: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.408216: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.408218: | our spi 6a e6 90 b2 Aug 26 13:14:53.408219: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408222: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.408224: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.408226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408228: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.408229: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.408231: | length/value: 256 (0x100) Aug 26 13:14:53.408233: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.408234: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408237: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.408239: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.408241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408243: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408245: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408246: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408248: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408249: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.408251: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.408253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408257: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408258: | discarding DH=NONE Aug 26 13:14:53.408260: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408261: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.408263: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.408264: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.408266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408270: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408272: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:14:53.408273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.408275: | discarding DH=NONE Aug 26 13:14:53.408278: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.408280: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.408281: | prop #: 4 (0x4) Aug 26 13:14:53.408283: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.408284: | spi size: 4 (0x4) Aug 26 13:14:53.408286: | # transforms: 4 (0x4) Aug 26 13:14:53.408298: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:53.408304: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:53.408307: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:53.408310: | our spi 6a e6 90 b2 Aug 26 13:14:53.408312: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408330: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.408333: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:53.408335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408338: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.408341: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.408343: | length/value: 128 (0x80) Aug 26 13:14:53.408346: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:53.408347: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408350: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.408352: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:53.408354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408374: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408375: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408378: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:53.408380: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:53.408382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408385: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408387: | discarding DH=NONE Aug 26 13:14:53.408388: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:53.408390: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.408392: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.408393: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.408395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.408397: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:53.408399: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:53.408400: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:14:53.408402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:53.408404: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:14:53.408406: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:53.408409: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.408411: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.408413: | flags: none (0x0) Aug 26 13:14:53.408415: | number of TS: 1 (0x1) Aug 26 13:14:53.408417: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.408419: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.408421: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.408422: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.408424: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.408426: | start port: 0 (0x0) Aug 26 13:14:53.408427: | end port: 65535 (0xffff) Aug 26 13:14:53.408429: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.408431: | ipv4 start c0 00 01 00 Aug 26 13:14:53.408433: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.408434: | ipv4 end c0 00 01 ff Aug 26 13:14:53.408436: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.408438: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:14:53.408440: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.408441: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.408443: | flags: none (0x0) Aug 26 13:14:53.408444: | number of TS: 1 (0x1) Aug 26 13:14:53.408446: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.408448: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:14:53.408450: | *****emit IKEv2 Traffic Selector: Aug 26 13:14:53.408452: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.408453: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.408455: | start port: 0 (0x0) Aug 26 13:14:53.408456: | end port: 65535 (0xffff) Aug 26 13:14:53.408458: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:14:53.408460: | ipv4 start c0 00 02 00 Aug 26 13:14:53.408461: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:14:53.408463: | ipv4 end c0 00 02 ff Aug 26 13:14:53.408465: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:14:53.408466: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:14:53.408468: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:14:53.408470: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:14:53.408472: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:53.408474: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:53.408476: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:53.408478: | emitting length of IKEv2 Encryption Payload: 337 Aug 26 13:14:53.408479: | emitting length of ISAKMP Message: 365 Aug 26 13:14:53.408492: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.408495: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.408497: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:14:53.408499: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:14:53.408502: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:14:53.408503: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:14:53.408509: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:14:53.408512: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:14:53.408515: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:14:53.408522: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:53.408526: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:53.408528: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.408530: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Aug 26 13:14:53.408531: | 59 5a 23 56 c5 88 39 62 67 0d 97 87 90 84 cb 72 Aug 26 13:14:53.408533: | b5 6f e3 2e db c6 e6 d7 ec b2 5f 55 ad 9b 06 e8 Aug 26 13:14:53.408535: | fb af 55 9a 15 83 d5 47 bb b1 e6 fc c7 5b 9f a6 Aug 26 13:14:53.408538: | 90 f5 68 c5 ef 2f 0d 13 78 2d 69 aa c1 d5 73 2b Aug 26 13:14:53.408540: | 18 fe 2c 0f 75 5e 60 7e 0e cf 21 28 48 41 86 d7 Aug 26 13:14:53.408542: | e9 c0 d1 74 3c 78 da ae 93 88 52 4c a6 82 29 11 Aug 26 13:14:53.408544: | 8b c0 96 94 61 69 56 a9 5c 3b f3 99 d4 93 e8 72 Aug 26 13:14:53.408547: | 2c 96 ce b3 99 6a 6d 75 a6 4d 5c d3 b2 b2 27 5c Aug 26 13:14:53.408549: | 6b 8d 1b ac cb 16 f3 99 1b 44 79 74 5b 3c e3 65 Aug 26 13:14:53.408551: | f2 39 e2 e5 63 79 93 0a f0 0a 01 a4 2d 3d 9d 7d Aug 26 13:14:53.408554: | e9 21 d6 b7 00 43 28 6d a6 b9 d4 bb de 29 e2 11 Aug 26 13:14:53.408556: | a3 97 de ed 01 55 eb 38 46 09 2e 42 cf 7d 1a 99 Aug 26 13:14:53.408558: | 7c 4d 03 f1 d5 0b 06 e1 51 72 63 27 46 9b 1a 1c Aug 26 13:14:53.408561: | 1f 6a 21 15 32 03 e7 b4 c1 8b b1 04 fb 37 13 97 Aug 26 13:14:53.408563: | 50 63 8e dd 0c 8e 08 a4 11 df 0f 52 4d cc fc b7 Aug 26 13:14:53.408566: | 9c 79 a1 6d 4f 0e 83 8f 57 98 a5 ca 6f b5 74 fd Aug 26 13:14:53.408568: | df b1 67 b5 f7 9a 72 a7 8b 9f 25 b7 f6 f3 2f 5e Aug 26 13:14:53.408570: | d3 c3 a6 25 d0 65 d4 da d7 3c 7b b6 a4 fa dd 21 Aug 26 13:14:53.408573: | c1 5d 4c a5 7c dd dc c3 59 f6 08 7f f0 56 6d 49 Aug 26 13:14:53.408575: | a2 d2 ed 8b ab bc c6 6b e0 50 1e 8b af ad 8c 78 Aug 26 13:14:53.408577: | 0c 5d 65 48 93 f3 e1 32 4f 55 b1 d2 fe Aug 26 13:14:53.408607: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:53.408612: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:53.408620: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb6f8002b78 Aug 26 13:14:53.408625: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:14:53.408628: | libevent_malloc: new ptr-libevent@0x55c161240468 size 128 Aug 26 13:14:53.408633: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10579.151086 Aug 26 13:14:53.408637: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:14:53.408642: | #1 spent 0.911 milliseconds in resume sending helper answer Aug 26 13:14:53.408647: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:53.408651: | libevent_free: release ptr-libevent@0x7fb6f0000f48 Aug 26 13:14:53.438531: | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:53.438550: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:53.438552: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.438554: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Aug 26 13:14:53.438556: | bd c8 c2 b5 8b e8 88 d3 8c 0a 1f 46 3d bf f5 8d Aug 26 13:14:53.438559: | 3f 0a 49 11 60 6b 5f b9 d4 cf 8a 0f 0c f7 e8 8e Aug 26 13:14:53.438561: | 7c 3f c5 b9 14 3e 4c 23 ec d0 af e0 3d 83 c2 f1 Aug 26 13:14:53.438563: | df ef ff 67 a8 d8 a8 ff ac 23 a7 5b 98 37 c1 50 Aug 26 13:14:53.438564: | 2a 0a 06 fb 90 63 22 1d 95 85 cb 56 fa 14 24 1b Aug 26 13:14:53.438566: | 9d 29 6a bb f1 0f 1c 6f b3 0e d6 cb ff 56 1b ff Aug 26 13:14:53.438567: | fe 22 75 7c d5 1c d8 fa c6 7c 70 c1 a1 38 32 60 Aug 26 13:14:53.438569: | 41 d1 43 ea 6b a0 e9 d8 38 eb 1b 77 2f 8e 19 ee Aug 26 13:14:53.438570: | a4 2c 01 4a e4 0b a6 3d 37 0e ad cd 4b 79 59 86 Aug 26 13:14:53.438572: | 11 93 36 07 06 af 20 27 21 96 b4 90 b3 5f 41 db Aug 26 13:14:53.438573: | 94 48 18 73 20 61 55 e5 92 5d cf 40 15 4e 15 c8 Aug 26 13:14:53.438575: | 56 2b 84 bb 11 cc bc fe 33 58 f0 7e a5 1f 97 d1 Aug 26 13:14:53.438576: | 18 Aug 26 13:14:53.438579: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:53.438582: | **parse ISAKMP Message: Aug 26 13:14:53.438584: | initiator cookie: Aug 26 13:14:53.438586: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:53.438587: | responder cookie: Aug 26 13:14:53.438589: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:53.438591: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:53.438593: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:53.438594: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:14:53.438596: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:14:53.438598: | Message ID: 1 (0x1) Aug 26 13:14:53.438612: | length: 225 (0xe1) Aug 26 13:14:53.438614: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:14:53.438617: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:14:53.438620: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:14:53.438624: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:53.438626: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:14:53.438628: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.438631: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:14:53.438633: | #2 is idle Aug 26 13:14:53.438634: | #2 idle Aug 26 13:14:53.438636: | unpacking clear payload Aug 26 13:14:53.438637: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:53.438639: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:53.438641: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:14:53.438643: | flags: none (0x0) Aug 26 13:14:53.438644: | length: 197 (0xc5) Aug 26 13:14:53.438646: | processing payload: ISAKMP_NEXT_v2SK (len=193) Aug 26 13:14:53.438648: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:14:53.438660: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:14:53.438662: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:14:53.438664: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:14:53.438666: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:14:53.438667: | flags: none (0x0) Aug 26 13:14:53.438669: | length: 12 (0xc) Aug 26 13:14:53.438671: | ID type: ID_FQDN (0x2) Aug 26 13:14:53.438672: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:14:53.438674: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:14:53.438676: | **parse IKEv2 Authentication Payload: Aug 26 13:14:53.438677: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:14:53.438679: | flags: none (0x0) Aug 26 13:14:53.438680: | length: 72 (0x48) Aug 26 13:14:53.438682: | auth method: IKEv2_AUTH_SHARED (0x2) Aug 26 13:14:53.438684: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Aug 26 13:14:53.438685: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:14:53.438688: | **parse IKEv2 Security Association Payload: Aug 26 13:14:53.438690: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:14:53.438691: | flags: none (0x0) Aug 26 13:14:53.438693: | length: 36 (0x24) Aug 26 13:14:53.438695: | processing payload: ISAKMP_NEXT_v2SA (len=32) Aug 26 13:14:53.438696: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:14:53.438698: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:14:53.438699: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:14:53.438701: | flags: none (0x0) Aug 26 13:14:53.438702: | length: 24 (0x18) Aug 26 13:14:53.438704: | number of TS: 1 (0x1) Aug 26 13:14:53.438706: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:14:53.438707: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:14:53.438709: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:14:53.438711: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:53.438712: | flags: none (0x0) Aug 26 13:14:53.438714: | length: 24 (0x18) Aug 26 13:14:53.438715: | number of TS: 1 (0x1) Aug 26 13:14:53.438717: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:14:53.438719: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:14:53.438720: | Now let's proceed with state specific processing Aug 26 13:14:53.438722: | calling processor Initiator: process IKE_AUTH response Aug 26 13:14:53.438726: | offered CA: '%none' Aug 26 13:14:53.438728: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:14:53.438771: | verifying AUTH payload Aug 26 13:14:53.438775: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Aug 26 13:14:53.438779: | started looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.438782: | actually looking for secret for @west->@east of kind PKK_PSK Aug 26 13:14:53.438786: | line 1: key type PKK_PSK(@west) to type PKK_PSK Aug 26 13:14:53.438788: | 1: compared key @west to @west / @east -> 010 Aug 26 13:14:53.438790: | 2: compared key @east to @west / @east -> 014 Aug 26 13:14:53.438792: | line 1: match=014 Aug 26 13:14:53.438807: | match 014 beats previous best_match 000 match=0x55c161191b58 (line=1) Aug 26 13:14:53.438809: | concluding with best_match=014 best=0x55c161191b58 (lineno=1) Aug 26 13:14:53.438851: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Aug 26 13:14:53.438858: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:14:53.438876: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:14:53.438878: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:14:53.438881: | libevent_free: release ptr-libevent@0x55c16123c8b8 Aug 26 13:14:53.438883: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55c16123cb18 Aug 26 13:14:53.438885: | event_schedule: new EVENT_SA_REKEY-pe@0x55c16123cb18 Aug 26 13:14:53.438888: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:14:53.438891: | libevent_malloc: new ptr-libevent@0x7fb6f0000f48 size 128 Aug 26 13:14:53.438972: | pstats #1 ikev2.ike established Aug 26 13:14:53.438977: | TSi: parsing 1 traffic selectors Aug 26 13:14:53.438981: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.438985: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.438988: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.438991: | length: 16 (0x10) Aug 26 13:14:53.439007: | start port: 0 (0x0) Aug 26 13:14:53.439010: | end port: 65535 (0xffff) Aug 26 13:14:53.439014: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.439016: | TS low c0 00 01 00 Aug 26 13:14:53.439019: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.439022: | TS high c0 00 01 ff Aug 26 13:14:53.439025: | TSi: parsed 1 traffic selectors Aug 26 13:14:53.439028: | TSr: parsing 1 traffic selectors Aug 26 13:14:53.439032: | ***parse IKEv2 Traffic Selector: Aug 26 13:14:53.439037: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:14:53.439040: | IP Protocol ID: 0 (0x0) Aug 26 13:14:53.439044: | length: 16 (0x10) Aug 26 13:14:53.439047: | start port: 0 (0x0) Aug 26 13:14:53.439050: | end port: 65535 (0xffff) Aug 26 13:14:53.439053: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:14:53.439055: | TS low c0 00 02 00 Aug 26 13:14:53.439059: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:14:53.439061: | TS high c0 00 02 ff Aug 26 13:14:53.439064: | TSr: parsed 1 traffic selectors Aug 26 13:14:53.439071: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:14:53.439076: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.439084: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Aug 26 13:14:53.439088: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:14:53.439091: | TSi[0] port match: YES fitness 65536 Aug 26 13:14:53.439095: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:14:53.439098: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.439103: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:14:53.439107: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:14:53.439109: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:14:53.439110: | TSr[0] port match: YES fitness 65536 Aug 26 13:14:53.439112: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:14:53.439114: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:14:53.439115: | best fit so far: TSi[0] TSr[0] Aug 26 13:14:53.439117: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:14:53.439119: | printing contents struct traffic_selector Aug 26 13:14:53.439120: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:14:53.439122: | ipprotoid: 0 Aug 26 13:14:53.439123: | port range: 0-65535 Aug 26 13:14:53.439126: | ip range: 192.0.1.0-192.0.1.255 Aug 26 13:14:53.439127: | printing contents struct traffic_selector Aug 26 13:14:53.439129: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:14:53.439130: | ipprotoid: 0 Aug 26 13:14:53.439132: | port range: 0-65535 Aug 26 13:14:53.439134: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:14:53.439142: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:14:53.439145: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Aug 26 13:14:53.439147: | local proposal 1 type ENCR has 1 transforms Aug 26 13:14:53.439149: | local proposal 1 type PRF has 0 transforms Aug 26 13:14:53.439151: | local proposal 1 type INTEG has 1 transforms Aug 26 13:14:53.439152: | local proposal 1 type DH has 1 transforms Aug 26 13:14:53.439154: | local proposal 1 type ESN has 1 transforms Aug 26 13:14:53.439156: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.439158: | local proposal 2 type ENCR has 1 transforms Aug 26 13:14:53.439159: | local proposal 2 type PRF has 0 transforms Aug 26 13:14:53.439161: | local proposal 2 type INTEG has 1 transforms Aug 26 13:14:53.439163: | local proposal 2 type DH has 1 transforms Aug 26 13:14:53.439164: | local proposal 2 type ESN has 1 transforms Aug 26 13:14:53.439166: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:14:53.439168: | local proposal 3 type ENCR has 1 transforms Aug 26 13:14:53.439169: | local proposal 3 type PRF has 0 transforms Aug 26 13:14:53.439172: | local proposal 3 type INTEG has 2 transforms Aug 26 13:14:53.439174: | local proposal 3 type DH has 1 transforms Aug 26 13:14:53.439176: | local proposal 3 type ESN has 1 transforms Aug 26 13:14:53.439177: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.439179: | local proposal 4 type ENCR has 1 transforms Aug 26 13:14:53.439181: | local proposal 4 type PRF has 0 transforms Aug 26 13:14:53.439182: | local proposal 4 type INTEG has 2 transforms Aug 26 13:14:53.439184: | local proposal 4 type DH has 1 transforms Aug 26 13:14:53.439185: | local proposal 4 type ESN has 1 transforms Aug 26 13:14:53.439187: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:14:53.439189: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:14:53.439191: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:53.439193: | length: 32 (0x20) Aug 26 13:14:53.439194: | prop #: 1 (0x1) Aug 26 13:14:53.439196: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:53.439198: | spi size: 4 (0x4) Aug 26 13:14:53.439199: | # transforms: 2 (0x2) Aug 26 13:14:53.439201: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:14:53.439203: | remote SPI 46 63 29 a6 Aug 26 13:14:53.439205: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:14:53.439207: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.439208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:53.439210: | length: 12 (0xc) Aug 26 13:14:53.439212: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:53.439213: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:53.439215: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:14:53.439217: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:53.439219: | length/value: 256 (0x100) Aug 26 13:14:53.439221: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:14:53.439223: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:14:53.439225: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:53.439226: | length: 8 (0x8) Aug 26 13:14:53.439228: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:53.439229: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:53.439232: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:14:53.439234: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:14:53.439236: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:14:53.439238: | remote proposal 1 matches local proposal 1 Aug 26 13:14:53.439240: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Aug 26 13:14:53.439243: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=466329a6;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:14:53.439245: | converting proposal to internal trans attrs Aug 26 13:14:53.439249: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:14:53.439389: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:14:53.439395: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Aug 26 13:14:53.439398: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.439400: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.439402: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.439404: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.439407: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.439409: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.439411: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.439414: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.439418: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.439420: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.439422: | netlink: enabling tunnel mode Aug 26 13:14:53.439424: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.439426: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.439496: | netlink response for Add SA esp.466329a6@192.1.2.23 included non-error error Aug 26 13:14:53.439499: | set up outgoing SA, ref=0/0 Aug 26 13:14:53.439501: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:14:53.439505: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:14:53.439508: | AES_GCM_16 requires 4 salt bytes Aug 26 13:14:53.439511: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:14:53.439516: | setting IPsec SA replay-window to 32 Aug 26 13:14:53.439520: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Aug 26 13:14:53.439535: | netlink: enabling tunnel mode Aug 26 13:14:53.439538: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:14:53.439541: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:14:53.439594: | netlink response for Add SA esp.6ae690b2@192.1.2.45 included non-error error Aug 26 13:14:53.439601: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.439609: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:53.439613: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.439664: | raw_eroute result=success Aug 26 13:14:53.439668: | set up incoming SA, ref=0/0 Aug 26 13:14:53.439671: | sr for #2: unrouted Aug 26 13:14:53.439675: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:14:53.439679: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:53.439682: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:53.439699: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:53.439703: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Aug 26 13:14:53.439708: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:14:53.439712: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:53.439720: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:14:53.439723: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:53.439736: | raw_eroute result=success Aug 26 13:14:53.439740: | running updown command "ipsec _updown" for verb up Aug 26 13:14:53.439758: | command executing up-client Aug 26 13:14:53.439805: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:14:53.439812: | popen cmd is 1049 chars long Aug 26 13:14:53.439816: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Aug 26 13:14:53.439820: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Aug 26 13:14:53.439824: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='19: Aug 26 13:14:53.439827: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCO: Aug 26 13:14:53.439831: | cmd( 320):L='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_P: Aug 26 13:14:53.439834: | cmd( 400):EER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Aug 26 13:14:53.439838: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:14:53.439841: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=': Aug 26 13:14:53.439844: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:14:53.439846: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:14:53.439847: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:14:53.439849: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:14:53.439851: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x466329a6 SPI_OUT=0x6ae690b2 ipsec _up: Aug 26 13:14:53.439852: | cmd(1040):down 2>&1: Aug 26 13:14:53.447414: | route_and_eroute: firewall_notified: true Aug 26 13:14:53.447427: | running updown command "ipsec _updown" for verb prepare Aug 26 13:14:53.447429: | command executing prepare-client Aug 26 13:14:53.447452: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR Aug 26 13:14:53.447455: | popen cmd is 1054 chars long Aug 26 13:14:53.447457: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:53.447459: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:14:53.447460: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:53.447462: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:53.447464: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Aug 26 13:14:53.447465: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Aug 26 13:14:53.447467: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Aug 26 13:14:53.447469: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Aug 26 13:14:53.447470: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Aug 26 13:14:53.447472: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Aug 26 13:14:53.447475: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Aug 26 13:14:53.447477: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Aug 26 13:14:53.447479: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x466329a6 SPI_OUT=0x6ae690b2 ipse: Aug 26 13:14:53.447480: | cmd(1040):c _updown 2>&1: Aug 26 13:14:53.455035: | running updown command "ipsec _updown" for verb route Aug 26 13:14:53.455064: | command executing route-client Aug 26 13:14:53.455089: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' Aug 26 13:14:53.455092: | popen cmd is 1052 chars long Aug 26 13:14:53.455094: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Aug 26 13:14:53.455095: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Aug 26 13:14:53.455097: | cmd( 160):.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=: Aug 26 13:14:53.455099: | cmd( 240):'192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROT: Aug 26 13:14:53.455100: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: Aug 26 13:14:53.455102: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:14:53.455104: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:14:53.455105: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Aug 26 13:14:53.455107: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: Aug 26 13:14:53.455109: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Aug 26 13:14:53.455110: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Aug 26 13:14:53.455112: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Aug 26 13:14:53.455114: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x466329a6 SPI_OUT=0x6ae690b2 ipsec : Aug 26 13:14:53.455115: | cmd(1040):_updown 2>&1: Aug 26 13:14:53.465939: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55c161238888,sr=0x55c161238888} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:14:53.465998: | #1 spent 1.59 milliseconds in install_ipsec_sa() Aug 26 13:14:53.466005: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:14:53.466007: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:53.466010: | #2 STATE_PARENT_I2: retransmits: cleared Aug 26 13:14:53.466020: | libevent_free: release ptr-libevent@0x55c161240468 Aug 26 13:14:53.466024: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb6f8002b78 Aug 26 13:14:53.466031: | #2 spent 2.26 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:14:53.466047: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:53.466053: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:14:53.466056: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:14:53.466062: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:14:53.466066: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:14:53.466072: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:14:53.466078: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:53.466082: | pstats #2 ikev2.child established Aug 26 13:14:53.466093: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:14:53.466103: | NAT-T: encaps is 'auto' Aug 26 13:14:53.466107: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x466329a6 <0x6ae690b2 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Aug 26 13:14:53.466110: | releasing whack for #2 (sock=fd@25) Aug 26 13:14:53.466113: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:14:53.466114: | releasing whack and unpending for parent #1 Aug 26 13:14:53.466116: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.466121: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:53.466123: | removing pending policy for no connection {0x55c16122b428} Aug 26 13:14:53.466128: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:14:53.466132: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:14:53.466134: | event_schedule: new EVENT_SA_REKEY-pe@0x7fb6f8002b78 Aug 26 13:14:53.466136: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Aug 26 13:14:53.466140: | libevent_malloc: new ptr-libevent@0x55c16123ebc8 size 128 Aug 26 13:14:53.466157: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:53.466162: | #1 spent 2.58 milliseconds in ikev2_process_packet() Aug 26 13:14:53.466165: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:53.466169: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:53.466171: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:53.466175: | spent 2.59 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:53.466186: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.466191: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.466194: | spent 0.00407 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.466195: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.466198: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.466200: | spent 0.00246 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:53.466202: | processing signal PLUTO_SIGCHLD Aug 26 13:14:53.466206: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:53.466209: | spent 0.00468 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:56.644561: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:56.644609: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:14:56.644614: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:56.644621: | get_sa_info esp.6ae690b2@192.1.2.45 Aug 26 13:14:56.644649: | get_sa_info esp.466329a6@192.1.2.23 Aug 26 13:14:56.644667: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:56.644689: | spent 0.121 milliseconds in whack Aug 26 13:14:57.515581: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:57.516150: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:57.516164: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:14:57.516319: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:14:57.516333: | FOR_EACH_STATE_... in sort_states Aug 26 13:14:57.516359: | get_sa_info esp.6ae690b2@192.1.2.45 Aug 26 13:14:57.516407: | get_sa_info esp.466329a6@192.1.2.23 Aug 26 13:14:57.516470: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:14:57.516488: | spent 0.917 milliseconds in whack Aug 26 13:14:57.789161: | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:57.789196: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:57.789200: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.789202: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.789203: | 87 28 04 cd f2 af fa 80 05 3a ef 19 64 a0 64 b4 Aug 26 13:14:57.789205: | 96 8a bf 30 20 5f 03 ff b4 e8 c1 68 46 a2 03 3b Aug 26 13:14:57.789206: | f1 eb 7b 3f 64 Aug 26 13:14:57.789210: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:57.789212: | **parse ISAKMP Message: Aug 26 13:14:57.789214: | initiator cookie: Aug 26 13:14:57.789216: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.789217: | responder cookie: Aug 26 13:14:57.789219: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.789221: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:57.789223: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.789224: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.789227: | flags: none (0x0) Aug 26 13:14:57.789229: | Message ID: 0 (0x0) Aug 26 13:14:57.789231: | length: 69 (0x45) Aug 26 13:14:57.789233: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:14:57.789235: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:14:57.789238: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:14:57.789242: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:57.789245: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:57.789247: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:57.789250: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:14:57.789252: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Aug 26 13:14:57.789254: | unpacking clear payload Aug 26 13:14:57.789256: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:57.789258: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:57.789260: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:14:57.789261: | flags: none (0x0) Aug 26 13:14:57.789263: | length: 41 (0x29) Aug 26 13:14:57.789265: | processing payload: ISAKMP_NEXT_v2SK (len=37) Aug 26 13:14:57.789268: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:14:57.789270: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:14:57.789287: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:14:57.789296: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:14:57.789299: | **parse IKEv2 Delete Payload: Aug 26 13:14:57.789301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.789303: | flags: none (0x0) Aug 26 13:14:57.789304: | length: 12 (0xc) Aug 26 13:14:57.789306: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.789308: | SPI size: 4 (0x4) Aug 26 13:14:57.789312: | number of SPIs: 1 (0x1) Aug 26 13:14:57.789313: | processing payload: ISAKMP_NEXT_v2D (len=4) Aug 26 13:14:57.789315: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:14:57.789317: | Now let's proceed with state specific processing Aug 26 13:14:57.789319: | calling processor I3: INFORMATIONAL Request Aug 26 13:14:57.789321: | an informational request should send a response Aug 26 13:14:57.789341: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:14:57.789344: | **emit ISAKMP Message: Aug 26 13:14:57.789346: | initiator cookie: Aug 26 13:14:57.789347: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.789349: | responder cookie: Aug 26 13:14:57.789350: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.789352: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.789367: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.789368: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.789370: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:14:57.789372: | Message ID: 0 (0x0) Aug 26 13:14:57.789374: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.789376: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.789377: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.789379: | flags: none (0x0) Aug 26 13:14:57.789381: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.789383: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.789385: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.789395: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Aug 26 13:14:57.789397: | SPI 46 63 29 a6 Aug 26 13:14:57.789398: | delete PROTO_v2_ESP SA(0x466329a6) Aug 26 13:14:57.789401: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Aug 26 13:14:57.789402: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Aug 26 13:14:57.789404: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x466329a6) Aug 26 13:14:57.789406: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Aug 26 13:14:57.789409: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.789411: | libevent_free: release ptr-libevent@0x55c16123ebc8 Aug 26 13:14:57.789414: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fb6f8002b78 Aug 26 13:14:57.789416: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fb6f8002b78 Aug 26 13:14:57.789419: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Aug 26 13:14:57.789421: | libevent_malloc: new ptr-libevent@0x55c161240468 size 128 Aug 26 13:14:57.789423: | ****emit IKEv2 Delete Payload: Aug 26 13:14:57.789425: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.789426: | flags: none (0x0) Aug 26 13:14:57.789428: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:14:57.789429: | SPI size: 4 (0x4) Aug 26 13:14:57.789431: | number of SPIs: 1 (0x1) Aug 26 13:14:57.789433: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:14:57.789435: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.789437: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Aug 26 13:14:57.789439: | local SPIs 6a e6 90 b2 Aug 26 13:14:57.789440: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:14:57.789442: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.789444: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.789446: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.789449: | emitting length of IKEv2 Encryption Payload: 41 Aug 26 13:14:57.789451: | emitting length of ISAKMP Message: 69 Aug 26 13:14:57.789465: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:57.789467: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.789469: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Aug 26 13:14:57.789470: | c4 5e ca 35 7c e5 40 29 93 82 25 92 2c 2f 66 a2 Aug 26 13:14:57.789472: | 33 15 a9 e5 2b 95 ee c9 81 e0 97 24 6f ff ed 28 Aug 26 13:14:57.789473: | 1c b4 32 ac 34 Aug 26 13:14:57.789496: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:14:57.789500: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Aug 26 13:14:57.789504: | #1 spent 0.173 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Aug 26 13:14:57.789507: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.789510: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Aug 26 13:14:57.789512: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:14:57.789515: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:14:57.789517: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:57.789520: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Aug 26 13:14:57.789522: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:57.789525: | #1 spent 0.341 milliseconds in ikev2_process_packet() Aug 26 13:14:57.789528: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:57.789530: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:57.789532: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:57.789535: | spent 0.351 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:57.789540: | timer_event_cb: processing event@0x7fb6f8002b78 Aug 26 13:14:57.789542: | handling event EVENT_SA_REPLACE for child state #2 Aug 26 13:14:57.789545: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.789547: | picked newest_ipsec_sa #2 for #2 Aug 26 13:14:57.789549: | replacing stale CHILD SA Aug 26 13:14:57.789552: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:14:57.789554: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:57.789557: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:14:57.789559: | creating state object #3 at 0x55c161244c78 Aug 26 13:14:57.789561: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:14:57.789567: | pstats #3 ikev2.child started Aug 26 13:14:57.789570: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Aug 26 13:14:57.789574: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:14:57.789581: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:57.789584: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:14:57.789589: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:14:57.789591: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Aug 26 13:14:57.789594: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:14:57.789596: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Aug 26 13:14:57.789603: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:14:57.789608: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.789610: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:14:57.789612: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.789615: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:57.789618: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.789619: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:14:57.789622: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.789626: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Aug 26 13:14:57.789630: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Aug 26 13:14:57.789632: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55c16123cc88 Aug 26 13:14:57.789635: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Aug 26 13:14:57.789637: | libevent_malloc: new ptr-libevent@0x55c16123ebc8 size 128 Aug 26 13:14:57.789640: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:14:57.789642: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55c16123f5c8 Aug 26 13:14:57.789645: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Aug 26 13:14:57.789646: | libevent_malloc: new ptr-libevent@0x55c16123c808 size 128 Aug 26 13:14:57.789649: | libevent_free: release ptr-libevent@0x55c161240468 Aug 26 13:14:57.789650: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fb6f8002b78 Aug 26 13:14:57.789653: | #2 spent 0.113 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:14:57.789655: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.789659: | timer_event_cb: processing event@0x55c16123cc88 Aug 26 13:14:57.789660: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Aug 26 13:14:57.789663: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.789667: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Aug 26 13:14:57.789669: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb6f8002b78 Aug 26 13:14:57.789672: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:14:57.789673: | libevent_malloc: new ptr-libevent@0x55c161240468 size 128 Aug 26 13:14:57.789679: | libevent_free: release ptr-libevent@0x55c16123ebc8 Aug 26 13:14:57.789681: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55c16123cc88 Aug 26 13:14:57.789684: | #3 spent 0.025 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:14:57.789702: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.789707: | timer_event_cb: processing event@0x55c16123f5c8 Aug 26 13:14:57.789709: | handling event EVENT_SA_EXPIRE for child state #2 Aug 26 13:14:57.789712: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:14:57.789714: | crypto helper 3 resuming Aug 26 13:14:57.789714: | picked newest_ipsec_sa #2 for #2 Aug 26 13:14:57.789728: | crypto helper 3 starting work-order 3 for state #3 Aug 26 13:14:57.789733: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:14:57.789742: | pstats #2 ikev2.child re-failed exchange-timeout Aug 26 13:14:57.789746: | pstats #2 ikev2.child deleted completed Aug 26 13:14:57.789750: | #2 spent 2.37 milliseconds in total Aug 26 13:14:57.789738: | crypto helper 3 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Aug 26 13:14:57.789754: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.789767: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 4.382s and NOT sending notification Aug 26 13:14:57.789770: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:14:57.789773: | get_sa_info esp.466329a6@192.1.2.23 Aug 26 13:14:57.789782: | get_sa_info esp.6ae690b2@192.1.2.45 Aug 26 13:14:57.789788: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=336B out=336B Aug 26 13:14:57.789791: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:14:57.789833: | running updown command "ipsec _updown" for verb down Aug 26 13:14:57.789838: | command executing down-client Aug 26 13:14:57.789854: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Aug 26 13:14:57.789857: | popen cmd is 1060 chars long Aug 26 13:14:57.789859: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Aug 26 13:14:57.789860: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Aug 26 13:14:57.789862: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET=': Aug 26 13:14:57.789864: | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Aug 26 13:14:57.789866: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: Aug 26 13:14:57.789867: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2: Aug 26 13:14:57.789869: | cmd( 480):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:14:57.789871: | cmd( 560):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825293' PLUTO_CO: Aug 26 13:14:57.789872: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Aug 26 13:14:57.789874: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Aug 26 13:14:57.789876: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Aug 26 13:14:57.789879: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Aug 26 13:14:57.789881: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x466329a6 SPI_OUT=0x6ae690b: Aug 26 13:14:57.789883: | cmd(1040):2 ipsec _updown 2>&1: Aug 26 13:14:57.790476: | crypto helper 3 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000737 seconds Aug 26 13:14:57.790493: | (#3) spent 0.741 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Aug 26 13:14:57.790497: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Aug 26 13:14:57.790500: | scheduling resume sending helper answer for #3 Aug 26 13:14:57.790503: | libevent_malloc: new ptr-libevent@0x7fb6f4002888 size 128 Aug 26 13:14:57.790516: | crypto helper 3 waiting (nothing to do) Aug 26 13:14:57.797012: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:14:57.797023: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:57.797026: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.797030: | IPsec Sa SPD priority set to 1042407 Aug 26 13:14:57.797056: | delete esp.466329a6@192.1.2.23 Aug 26 13:14:57.797073: | netlink response for Del SA esp.466329a6@192.1.2.23 included non-error error Aug 26 13:14:57.797077: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.797082: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:57.797101: | raw_eroute result=success Aug 26 13:14:57.797106: | delete esp.6ae690b2@192.1.2.45 Aug 26 13:14:57.797114: | netlink response for Del SA esp.6ae690b2@192.1.2.45 included non-error error Aug 26 13:14:57.797124: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.797127: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:14:57.797130: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:14:57.797135: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.797147: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Aug 26 13:14:57.797149: | can't expire unused IKE SA #1; it has the child #3 Aug 26 13:14:57.797152: | libevent_free: release ptr-libevent@0x55c16123c808 Aug 26 13:14:57.797154: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55c16123f5c8 Aug 26 13:14:57.797156: | in statetime_stop() and could not find #2 Aug 26 13:14:57.797158: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:14:57.797167: | processing resume sending helper answer for #3 Aug 26 13:14:57.797171: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:57.797174: | crypto helper 3 replies to request ID 3 Aug 26 13:14:57.797176: | calling continuation function 0x55c1609efb50 Aug 26 13:14:57.797180: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Aug 26 13:14:57.797182: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:57.797184: | libevent_free: release ptr-libevent@0x55c161240468 Aug 26 13:14:57.797187: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb6f8002b78 Aug 26 13:14:57.797189: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fb6f8002b78 Aug 26 13:14:57.797191: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Aug 26 13:14:57.797193: | libevent_malloc: new ptr-libevent@0x55c16123c808 size 128 Aug 26 13:14:57.797197: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:57.797199: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:14:57.797206: | libevent_malloc: new ptr-libevent@0x55c16123ebc8 size 128 Aug 26 13:14:57.797210: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.797213: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Aug 26 13:14:57.797215: | suspending state #3 and saving MD Aug 26 13:14:57.797217: | #3 is busy; has a suspended MD Aug 26 13:14:57.797219: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:14:57.797222: | "westnet-eastnet-ipv4-psk-ikev2" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:14:57.797224: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Aug 26 13:14:57.797228: | #3 spent 0.0527 milliseconds in resume sending helper answer Aug 26 13:14:57.797231: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:57.797233: | libevent_free: release ptr-libevent@0x7fb6f4002888 Aug 26 13:14:57.797235: | processing signal PLUTO_SIGCHLD Aug 26 13:14:57.797239: | waitpid returned ECHILD (no child processes left) Aug 26 13:14:57.797241: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:14:57.797245: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:14:57.797247: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in callback_handler() at server.c:904) Aug 26 13:14:57.797251: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:14:57.797254: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:14:57.797256: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:14:57.797276: | **emit ISAKMP Message: Aug 26 13:14:57.797277: | initiator cookie: Aug 26 13:14:57.797279: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.797281: | responder cookie: Aug 26 13:14:57.797282: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.797284: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.797286: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.797292: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:14:57.797312: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:57.797314: | Message ID: 2 (0x2) Aug 26 13:14:57.797316: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.797319: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.797320: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.797322: | flags: none (0x0) Aug 26 13:14:57.797324: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.797326: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.797328: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.797356: | netlink_get_spi: allocated 0x9d25a1fc for esp.0@192.1.2.45 Aug 26 13:14:57.797358: | Emitting ikev2_proposals ... Aug 26 13:14:57.797360: | ****emit IKEv2 Security Association Payload: Aug 26 13:14:57.797362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.797363: | flags: none (0x0) Aug 26 13:14:57.797365: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:57.797367: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.797371: | discarding INTEG=NONE Aug 26 13:14:57.797373: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.797375: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797376: | prop #: 1 (0x1) Aug 26 13:14:57.797378: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:57.797379: | spi size: 4 (0x4) Aug 26 13:14:57.797381: | # transforms: 3 (0x3) Aug 26 13:14:57.797383: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.797385: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:57.797387: | our spi 9d 25 a1 fc Aug 26 13:14:57.797388: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797392: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.797394: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.797396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797398: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.797400: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.797401: | length/value: 256 (0x100) Aug 26 13:14:57.797403: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.797405: | discarding INTEG=NONE Aug 26 13:14:57.797406: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.797411: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.797413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797418: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797420: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.797422: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:57.797423: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:57.797425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797429: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797430: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:14:57.797432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.797434: | discarding INTEG=NONE Aug 26 13:14:57.797435: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.797437: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797439: | prop #: 2 (0x2) Aug 26 13:14:57.797440: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:57.797442: | spi size: 4 (0x4) Aug 26 13:14:57.797443: | # transforms: 3 (0x3) Aug 26 13:14:57.797445: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797447: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.797449: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:57.797451: | our spi 9d 25 a1 fc Aug 26 13:14:57.797452: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797456: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.797458: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.797460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797461: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.797463: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.797465: | length/value: 128 (0x80) Aug 26 13:14:57.797466: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.797468: | discarding INTEG=NONE Aug 26 13:14:57.797469: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.797474: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.797476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797479: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797481: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797483: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.797484: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:57.797486: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:57.797488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797491: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797493: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:14:57.797495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.797496: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.797498: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797499: | prop #: 3 (0x3) Aug 26 13:14:57.797501: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:57.797502: | spi size: 4 (0x4) Aug 26 13:14:57.797504: | # transforms: 5 (0x5) Aug 26 13:14:57.797506: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797508: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.797510: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:57.797511: | our spi 9d 25 a1 fc Aug 26 13:14:57.797513: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797516: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.797518: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.797520: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797521: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.797523: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.797524: | length/value: 256 (0x100) Aug 26 13:14:57.797526: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.797528: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797531: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.797533: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.797535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797539: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797541: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797544: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.797545: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.797547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797551: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797552: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797555: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.797557: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.797559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797562: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797564: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797565: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.797567: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:57.797569: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:57.797570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797574: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797576: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:14:57.797577: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.797579: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.797581: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:57.797582: | prop #: 4 (0x4) Aug 26 13:14:57.797584: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:14:57.797585: | spi size: 4 (0x4) Aug 26 13:14:57.797587: | # transforms: 5 (0x5) Aug 26 13:14:57.797589: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.797590: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.797592: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:14:57.797594: | our spi 9d 25 a1 fc Aug 26 13:14:57.797595: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797598: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.797600: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.797602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797604: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.797606: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.797608: | length/value: 128 (0x80) Aug 26 13:14:57.797609: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.797611: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797614: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.797615: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.797617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797621: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797622: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797625: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.797627: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.797629: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797632: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797634: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.797639: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.797641: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797644: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797646: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.797647: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.797649: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:14:57.797650: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:14:57.797652: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.797654: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.797656: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.797657: | emitting length of IKEv2 Proposal Substructure Payload: 56 Aug 26 13:14:57.797659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.797661: | emitting length of IKEv2 Security Association Payload: 196 Aug 26 13:14:57.797662: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:57.797665: "westnet-eastnet-ipv4-psk-ikev2" #3: CHILD SA to rekey #2 vanished abort this exchange Aug 26 13:14:57.797666: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Aug 26 13:14:57.797669: | [RE]START processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.797672: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Aug 26 13:14:57.797752: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Aug 26 13:14:57.797761: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:14:57.797765: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:14:57.797769: | #1 spent 0.513 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:14:57.797772: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in callback_handler() at server.c:908) Aug 26 13:14:57.797775: | libevent_free: release ptr-libevent@0x55c16123ebc8 Aug 26 13:14:57.799892: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:14:57.799912: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Aug 26 13:14:57.799917: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.799920: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Aug 26 13:14:57.799922: | 1d 7e e8 a0 e0 e6 0d 3b 35 54 07 79 d7 3d 80 4a Aug 26 13:14:57.799925: | 31 aa f3 3c 62 95 4f 43 0a 10 e4 b0 e2 48 c9 c4 Aug 26 13:14:57.799928: | c9 Aug 26 13:14:57.799933: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:14:57.799936: | **parse ISAKMP Message: Aug 26 13:14:57.799939: | initiator cookie: Aug 26 13:14:57.799941: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.799943: | responder cookie: Aug 26 13:14:57.799945: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.799948: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:14:57.799951: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.799954: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.799957: | flags: none (0x0) Aug 26 13:14:57.799960: | Message ID: 1 (0x1) Aug 26 13:14:57.799962: | length: 65 (0x41) Aug 26 13:14:57.799965: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Aug 26 13:14:57.799969: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Aug 26 13:14:57.799973: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:14:57.799980: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:14:57.799984: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:14:57.799989: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:14:57.799992: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:14:57.799997: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Aug 26 13:14:57.799999: | unpacking clear payload Aug 26 13:14:57.800002: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:14:57.800006: | ***parse IKEv2 Encryption Payload: Aug 26 13:14:57.800009: | next payload type: ISAKMP_NEXT_v2D (0x2a) Aug 26 13:14:57.800011: | flags: none (0x0) Aug 26 13:14:57.800014: | length: 37 (0x25) Aug 26 13:14:57.800016: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:14:57.800021: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:14:57.800039: | #1 in state PARENT_I3: PARENT SA established Aug 26 13:14:57.800056: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Aug 26 13:14:57.800059: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Aug 26 13:14:57.800062: | **parse IKEv2 Delete Payload: Aug 26 13:14:57.800065: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.800081: | flags: none (0x0) Aug 26 13:14:57.800083: | length: 8 (0x8) Aug 26 13:14:57.800086: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:14:57.800088: | SPI size: 0 (0x0) Aug 26 13:14:57.800093: | number of SPIs: 0 (0x0) Aug 26 13:14:57.800096: | processing payload: ISAKMP_NEXT_v2D (len=0) Aug 26 13:14:57.800111: | selected state microcode I3: INFORMATIONAL Request Aug 26 13:14:57.800114: | Now let's proceed with state specific processing Aug 26 13:14:57.800116: | calling processor I3: INFORMATIONAL Request Aug 26 13:14:57.800120: | an informational request should send a response Aug 26 13:14:57.800126: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Aug 26 13:14:57.800130: | **emit ISAKMP Message: Aug 26 13:14:57.800133: | initiator cookie: Aug 26 13:14:57.800135: | 44 fe 8f 5e 66 f2 6b 1a Aug 26 13:14:57.800138: | responder cookie: Aug 26 13:14:57.800141: | 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.800144: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.800147: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.800150: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:14:57.800153: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Aug 26 13:14:57.800156: | Message ID: 1 (0x1) Aug 26 13:14:57.800159: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.800163: | ***emit IKEv2 Encryption Payload: Aug 26 13:14:57.800166: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.800168: | flags: none (0x0) Aug 26 13:14:57.800172: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:14:57.800175: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Aug 26 13:14:57.800178: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:14:57.800184: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:14:57.800188: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:14:57.800191: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:14:57.800193: | emitting length of IKEv2 Encryption Payload: 29 Aug 26 13:14:57.800196: | emitting length of ISAKMP Message: 57 Aug 26 13:14:57.800212: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Aug 26 13:14:57.800215: | 44 fe 8f 5e 66 f2 6b 1a 0c 7a ef b7 ff 5d 86 8f Aug 26 13:14:57.800218: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Aug 26 13:14:57.800220: | ad f9 a6 da 4e 89 ff 01 07 4d a2 99 cf 6b 61 0d Aug 26 13:14:57.800222: | 07 bb 65 c3 f3 80 84 cd a8 Aug 26 13:14:57.800246: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:14:57.800252: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:14:57.800256: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Aug 26 13:14:57.800259: | pstats #3 ikev2.child deleted other Aug 26 13:14:57.800263: | #3 spent 0.819 milliseconds in total Aug 26 13:14:57.800267: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.800272: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.800275: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.010s and NOT sending notification Aug 26 13:14:57.800279: | child state #3: CHILDSA_DEL(informational) => delete Aug 26 13:14:57.800282: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:14:57.800285: | libevent_free: release ptr-libevent@0x55c16123c808 Aug 26 13:14:57.800306: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fb6f8002b78 Aug 26 13:14:57.800313: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:57.800320: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Aug 26 13:14:57.800332: | raw_eroute result=success Aug 26 13:14:57.800337: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.800340: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Aug 26 13:14:57.800347: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:14:57.800368: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.800374: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.800379: | State DB: IKEv2 state not found (delete_my_family) Aug 26 13:14:57.800382: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Aug 26 13:14:57.800385: | pstats #1 ikev2.ike deleted completed Aug 26 13:14:57.800388: | #1 spent 7.77 milliseconds in total Aug 26 13:14:57.800393: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:57.800397: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 4.398s and NOT sending notification Aug 26 13:14:57.800399: | parent state #1: IKESA_DEL(established IKE SA) => delete Aug 26 13:14:57.800438: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:14:57.800444: | libevent_free: release ptr-libevent@0x7fb6f0000f48 Aug 26 13:14:57.800449: | free_event_entry: release EVENT_SA_REKEY-pe@0x55c16123cb18 Aug 26 13:14:57.800452: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:57.800455: | picked newest_isakmp_sa #0 for #1 Aug 26 13:14:57.800458: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:14:57.800461: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:14:57.800464: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:14:57.800468: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:57.800471: | State DB: deleting IKEv2 state #1 in IKESA_DEL Aug 26 13:14:57.800474: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Aug 26 13:14:57.800493: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:57.800516: | in statetime_stop() and could not find #1 Aug 26 13:14:57.800520: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.800524: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Aug 26 13:14:57.800527: | STF_OK but no state object remains Aug 26 13:14:57.800530: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:14:57.800533: | in statetime_stop() and could not find #1 Aug 26 13:14:57.800537: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:14:57.800541: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:14:57.800544: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:14:57.800550: | spent 0.624 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:14:57.800556: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:14:57.800560: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Aug 26 13:14:57.800563: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:14:57.800569: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:14:57.800574: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Aug 26 13:14:57.800577: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:14:57.800580: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:14:57.800586: | creating state object #4 at 0x55c16123f798 Aug 26 13:14:57.800588: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:14:57.800593: | pstats #4 ikev2.ike started Aug 26 13:14:57.800595: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:14:57.800597: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:14:57.800600: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:14:57.800604: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:57.800607: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:14:57.800609: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:14:57.800612: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Aug 26 13:14:57.800615: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Aug 26 13:14:57.800625: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:57.800629: | adding ikev2_outI1 KE work-order 4 for state #4 Aug 26 13:14:57.800631: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fb6f0002bb8 Aug 26 13:14:57.800634: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:14:57.800636: | libevent_malloc: new ptr-libevent@0x55c16123ebc8 size 128 Aug 26 13:14:57.800655: | #4 spent 0.0874 milliseconds in ikev2_parent_outI1() Aug 26 13:14:57.800659: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:57.800676: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:14:57.800678: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:14:57.800681: | spent 0.121 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:14:57.800686: | crypto helper 2 resuming Aug 26 13:14:57.800695: | crypto helper 2 starting work-order 4 for state #4 Aug 26 13:14:57.800699: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Aug 26 13:14:57.801324: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000625 seconds Aug 26 13:14:57.801334: | (#4) spent 0.629 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Aug 26 13:14:57.801337: | crypto helper 2 sending results from work-order 4 for state #4 to event queue Aug 26 13:14:57.801339: | scheduling resume sending helper answer for #4 Aug 26 13:14:57.801341: | libevent_malloc: new ptr-libevent@0x7fb6e8002888 size 128 Aug 26 13:14:57.801347: | crypto helper 2 waiting (nothing to do) Aug 26 13:14:57.801356: | processing resume sending helper answer for #4 Aug 26 13:14:57.801380: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:14:57.801388: | crypto helper 2 replies to request ID 4 Aug 26 13:14:57.801392: | calling continuation function 0x55c1609efb50 Aug 26 13:14:57.801394: | ikev2_parent_outI1_continue for #4 Aug 26 13:14:57.801399: | **emit ISAKMP Message: Aug 26 13:14:57.801403: | initiator cookie: Aug 26 13:14:57.801405: | d2 53 51 59 5c 28 2e a3 Aug 26 13:14:57.801408: | responder cookie: Aug 26 13:14:57.801410: | 00 00 00 00 00 00 00 00 Aug 26 13:14:57.801413: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:14:57.801415: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:14:57.801418: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:14:57.801421: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:14:57.801423: | Message ID: 0 (0x0) Aug 26 13:14:57.801426: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:14:57.801442: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:14:57.801445: | Emitting ikev2_proposals ... Aug 26 13:14:57.801448: | ***emit IKEv2 Security Association Payload: Aug 26 13:14:57.801451: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.801453: | flags: none (0x0) Aug 26 13:14:57.801457: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:14:57.801460: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.801462: | discarding INTEG=NONE Aug 26 13:14:57.801465: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.801468: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.801470: | prop #: 1 (0x1) Aug 26 13:14:57.801473: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.801475: | spi size: 0 (0x0) Aug 26 13:14:57.801478: | # transforms: 11 (0xb) Aug 26 13:14:57.801481: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.801484: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801489: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.801492: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.801495: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801498: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.801501: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.801503: | length/value: 256 (0x100) Aug 26 13:14:57.801506: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.801509: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801514: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.801517: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.801520: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801523: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801528: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801530: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801535: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.801537: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.801540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801542: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801545: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801547: | discarding INTEG=NONE Aug 26 13:14:57.801550: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801557: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.801559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801565: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801568: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801570: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801573: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801575: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.801578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801584: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801587: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801594: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.801597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801602: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801605: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801612: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.801615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801621: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801623: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801631: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.801634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801641: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801643: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801648: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801650: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.801653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801659: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801662: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801669: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.801672: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801674: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801677: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801680: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801682: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.801685: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801687: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.801690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801693: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801696: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801698: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:57.801701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.801704: | discarding INTEG=NONE Aug 26 13:14:57.801706: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.801709: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.801711: | prop #: 2 (0x2) Aug 26 13:14:57.801714: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.801716: | spi size: 0 (0x0) Aug 26 13:14:57.801719: | # transforms: 11 (0xb) Aug 26 13:14:57.801722: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.801725: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.801727: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801732: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.801735: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:14:57.801738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801740: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.801743: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.801747: | length/value: 128 (0x80) Aug 26 13:14:57.801750: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.801753: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801758: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.801760: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.801763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801768: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801771: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801775: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.801777: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.801780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801786: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801788: | discarding INTEG=NONE Aug 26 13:14:57.801790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801797: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.801800: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801803: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801805: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801807: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801812: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801814: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.801817: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801824: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801829: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801832: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.801835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801854: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801857: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801862: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801864: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.801867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801873: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801880: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801882: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.801885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801890: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801893: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801897: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801900: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.801903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801908: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801910: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801912: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801915: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801917: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.801920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801923: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801925: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801940: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801943: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.801945: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.801947: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.801950: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801953: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801956: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.801958: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:14:57.801961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.801964: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.801966: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.801968: | prop #: 3 (0x3) Aug 26 13:14:57.801971: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.801973: | spi size: 0 (0x0) Aug 26 13:14:57.801975: | # transforms: 13 (0xd) Aug 26 13:14:57.801978: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.801981: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.801986: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.801988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.801990: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.801993: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.801995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.801998: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.802001: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.802003: | length/value: 256 (0x100) Aug 26 13:14:57.802006: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.802008: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802013: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.802015: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.802018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802023: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802025: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802030: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.802032: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.802035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802037: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802040: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802042: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802046: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.802049: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.802051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802057: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802060: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802064: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.802066: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.802069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802075: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802078: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802086: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.802089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802096: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802098: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802106: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.802109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802114: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802117: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802124: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.802126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802131: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802134: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802142: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.802145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802150: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802152: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802159: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.802162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802171: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802178: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.802181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802186: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802188: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802193: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802209: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.802213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802216: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802219: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802221: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802223: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.802226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802228: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.802231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802236: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802239: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:57.802242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.802244: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:14:57.802247: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:14:57.802249: | prop #: 4 (0x4) Aug 26 13:14:57.802252: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:14:57.802254: | spi size: 0 (0x0) Aug 26 13:14:57.802256: | # transforms: 13 (0xd) Aug 26 13:14:57.802258: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:14:57.802260: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:14:57.802261: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802265: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:14:57.802266: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:14:57.802268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802270: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:14:57.802272: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:14:57.802273: | length/value: 128 (0x80) Aug 26 13:14:57.802275: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:14:57.802276: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802280: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.802281: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:14:57.802283: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802285: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802287: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802300: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802304: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:14:57.802305: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:14:57.802307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802312: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802314: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802317: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.802319: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:14:57.802321: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802323: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802324: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802326: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802329: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:14:57.802331: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:14:57.802333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802336: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802338: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802343: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.802345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802348: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802350: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802353: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802355: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:14:57.802356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802358: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802360: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802362: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802365: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802366: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:14:57.802368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802370: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802372: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802373: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802375: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802376: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802378: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:14:57.802380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802385: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802386: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802389: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802391: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:14:57.802393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802396: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802398: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802401: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802403: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:14:57.802405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802408: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802410: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802415: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:14:57.802417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802418: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802420: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802422: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:14:57.802423: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:14:57.802425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:14:57.802426: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:14:57.802428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:14:57.802430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:14:57.802432: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:14:57.802434: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:14:57.802435: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:14:57.802437: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:14:57.802439: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:14:57.802441: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:14:57.802443: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.802444: | flags: none (0x0) Aug 26 13:14:57.802446: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:14:57.802448: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:14:57.802450: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.802453: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:14:57.802456: | ikev2 g^x 9f a7 14 f0 30 67 5a 7e 7f d7 8b 49 53 4e ec 89 Aug 26 13:14:57.802457: | ikev2 g^x ff 36 48 bd 88 c5 ad 73 3f bf f3 c3 96 a6 fa 84 Aug 26 13:14:57.802459: | ikev2 g^x 31 69 16 9c 66 6f 09 df f1 f1 0f 29 7f b8 6b 2c Aug 26 13:14:57.802460: | ikev2 g^x 28 dd d7 bb f2 cf b4 4f 37 5a f1 c4 df 42 2c 4e Aug 26 13:14:57.802462: | ikev2 g^x a1 69 06 ea 6d d2 47 fd 3b 08 4b f6 6d fc 02 94 Aug 26 13:14:57.802463: | ikev2 g^x 91 4e cf c5 2a 3c 9a 86 b4 4d 5c ec 67 af ce f5 Aug 26 13:14:57.802465: | ikev2 g^x 34 7e 60 b2 67 54 99 be 79 ff 83 d4 cc 2c a6 c8 Aug 26 13:14:57.802467: | ikev2 g^x f4 2a 25 e2 db 45 22 78 07 fe c3 56 e8 17 00 34 Aug 26 13:14:57.802468: | ikev2 g^x ba a9 7c 01 68 a6 79 20 bc b8 7a 1c e2 dd e3 0a Aug 26 13:14:57.802470: | ikev2 g^x 88 32 61 60 b1 a9 d2 ed 3a c6 0e d7 ef e4 de 5a Aug 26 13:14:57.802471: | ikev2 g^x d3 f6 18 67 3b b8 2a 0d 4c 90 b3 3a d4 b3 87 42 Aug 26 13:14:57.802473: | ikev2 g^x f0 ed a2 8c 7f 98 2e 92 b1 9b d5 ed 0e 05 a0 cb Aug 26 13:14:57.802474: | ikev2 g^x d1 72 93 90 d4 cb e8 8e fe 02 3f 6b 62 81 fe 3c Aug 26 13:14:57.802476: | ikev2 g^x 73 c0 af 4a 05 d5 44 2e f7 fe d3 f0 8c 90 95 5e Aug 26 13:14:57.802477: | ikev2 g^x 4d c1 22 49 80 14 8f 53 b2 76 1d b1 ff 8e 09 c2 Aug 26 13:14:57.802479: | ikev2 g^x 29 fd 04 57 11 64 2f 26 50 5f a2 00 71 b1 f2 0e Aug 26 13:14:57.802481: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:14:57.802482: | ***emit IKEv2 Nonce Payload: Aug 26 13:14:57.802484: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:14:57.802486: | flags: none (0x0) Aug 26 13:14:57.802488: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:14:57.802490: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:14:57.802492: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.802494: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:14:57.802495: | IKEv2 nonce c4 91 a6 eb 14 d4 ac e7 57 38 a5 4d 3b 42 6c 4f Aug 26 13:14:57.802497: | IKEv2 nonce 31 47 85 dd 56 2d a3 df 4f 83 f4 76 0c b2 e0 3e Aug 26 13:14:57.802499: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:14:57.802500: | Adding a v2N Payload Aug 26 13:14:57.802502: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.802504: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.802505: | flags: none (0x0) Aug 26 13:14:57.802507: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.802509: | SPI size: 0 (0x0) Aug 26 13:14:57.802511: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:14:57.802513: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.802514: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.802516: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:14:57.802519: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:14:57.802520: | natd_hash: rcookie is zero Aug 26 13:14:57.802534: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:57.802536: | natd_hash: icookie= d2 53 51 59 5c 28 2e a3 Aug 26 13:14:57.802537: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:57.802539: | natd_hash: ip= c0 01 02 2d Aug 26 13:14:57.802540: | natd_hash: port=500 Aug 26 13:14:57.802542: | natd_hash: hash= 49 a6 bc 93 e3 67 39 5b ab c1 7d 1c 2d ab 1e 14 Aug 26 13:14:57.802544: | natd_hash: hash= 41 65 c8 b3 Aug 26 13:14:57.802545: | Adding a v2N Payload Aug 26 13:14:57.802547: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.802549: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.802553: | flags: none (0x0) Aug 26 13:14:57.802554: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.802556: | SPI size: 0 (0x0) Aug 26 13:14:57.802558: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:14:57.802560: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.802562: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.802564: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:57.802565: | Notify data 49 a6 bc 93 e3 67 39 5b ab c1 7d 1c 2d ab 1e 14 Aug 26 13:14:57.802567: | Notify data 41 65 c8 b3 Aug 26 13:14:57.802568: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:57.802570: | natd_hash: rcookie is zero Aug 26 13:14:57.802574: | natd_hash: hasher=0x55c160ac4800(20) Aug 26 13:14:57.802576: | natd_hash: icookie= d2 53 51 59 5c 28 2e a3 Aug 26 13:14:57.802577: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:14:57.802579: | natd_hash: ip= c0 01 02 17 Aug 26 13:14:57.802580: | natd_hash: port=500 Aug 26 13:14:57.802582: | natd_hash: hash= e4 30 65 08 bc 51 6a d9 13 ba 77 d2 b5 7f da f6 Aug 26 13:14:57.802583: | natd_hash: hash= 0b 7e 15 8b Aug 26 13:14:57.802585: | Adding a v2N Payload Aug 26 13:14:57.802587: | ***emit IKEv2 Notify Payload: Aug 26 13:14:57.802588: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:14:57.802590: | flags: none (0x0) Aug 26 13:14:57.802591: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:14:57.802593: | SPI size: 0 (0x0) Aug 26 13:14:57.802595: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:14:57.802597: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:14:57.802598: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:14:57.802600: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:14:57.802602: | Notify data e4 30 65 08 bc 51 6a d9 13 ba 77 d2 b5 7f da f6 Aug 26 13:14:57.802603: | Notify data 0b 7e 15 8b Aug 26 13:14:57.802605: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:14:57.802607: | emitting length of ISAKMP Message: 828 Aug 26 13:14:57.802612: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:14:57.802617: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:14:57.802620: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:14:57.802622: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:14:57.802624: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:14:57.802626: | Message ID: updating counters for #4 to 4294967295 after switching state Aug 26 13:14:57.802628: | Message ID: IKE #4 skipping update_recv as MD is fake Aug 26 13:14:57.802631: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:14:57.802634: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:14:57.802637: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Aug 26 13:14:57.802641: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Aug 26 13:14:57.802643: | d2 53 51 59 5c 28 2e a3 00 00 00 00 00 00 00 00 Aug 26 13:14:57.802644: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:14:57.802646: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:14:57.802648: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:14:57.802649: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:14:57.802652: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:14:57.802653: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:14:57.802655: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:14:57.802656: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:14:57.802658: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:14:57.802659: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:14:57.802661: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:14:57.802663: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:14:57.802664: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:14:57.802666: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:14:57.802667: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:14:57.802669: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:14:57.802670: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:14:57.802672: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:14:57.802673: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:14:57.802675: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:14:57.802676: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:14:57.802678: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:14:57.802679: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:14:57.802681: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:14:57.802682: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:14:57.802684: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:14:57.802686: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:14:57.802687: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:14:57.802689: | 28 00 01 08 00 0e 00 00 9f a7 14 f0 30 67 5a 7e Aug 26 13:14:57.802690: | 7f d7 8b 49 53 4e ec 89 ff 36 48 bd 88 c5 ad 73 Aug 26 13:14:57.802692: | 3f bf f3 c3 96 a6 fa 84 31 69 16 9c 66 6f 09 df Aug 26 13:14:57.802693: | f1 f1 0f 29 7f b8 6b 2c 28 dd d7 bb f2 cf b4 4f Aug 26 13:14:57.802695: | 37 5a f1 c4 df 42 2c 4e a1 69 06 ea 6d d2 47 fd Aug 26 13:14:57.802696: | 3b 08 4b f6 6d fc 02 94 91 4e cf c5 2a 3c 9a 86 Aug 26 13:14:57.802698: | b4 4d 5c ec 67 af ce f5 34 7e 60 b2 67 54 99 be Aug 26 13:14:57.802699: | 79 ff 83 d4 cc 2c a6 c8 f4 2a 25 e2 db 45 22 78 Aug 26 13:14:57.802701: | 07 fe c3 56 e8 17 00 34 ba a9 7c 01 68 a6 79 20 Aug 26 13:14:57.802702: | bc b8 7a 1c e2 dd e3 0a 88 32 61 60 b1 a9 d2 ed Aug 26 13:14:57.802704: | 3a c6 0e d7 ef e4 de 5a d3 f6 18 67 3b b8 2a 0d Aug 26 13:14:57.802705: | 4c 90 b3 3a d4 b3 87 42 f0 ed a2 8c 7f 98 2e 92 Aug 26 13:14:57.802707: | b1 9b d5 ed 0e 05 a0 cb d1 72 93 90 d4 cb e8 8e Aug 26 13:14:57.802709: | fe 02 3f 6b 62 81 fe 3c 73 c0 af 4a 05 d5 44 2e Aug 26 13:14:57.802710: | f7 fe d3 f0 8c 90 95 5e 4d c1 22 49 80 14 8f 53 Aug 26 13:14:57.802712: | b2 76 1d b1 ff 8e 09 c2 29 fd 04 57 11 64 2f 26 Aug 26 13:14:57.802726: | 50 5f a2 00 71 b1 f2 0e 29 00 00 24 c4 91 a6 eb Aug 26 13:14:57.802728: | 14 d4 ac e7 57 38 a5 4d 3b 42 6c 4f 31 47 85 dd Aug 26 13:14:57.802729: | 56 2d a3 df 4f 83 f4 76 0c b2 e0 3e 29 00 00 08 Aug 26 13:14:57.802731: | 00 00 40 2e 29 00 00 1c 00 00 40 04 49 a6 bc 93 Aug 26 13:14:57.802732: | e3 67 39 5b ab c1 7d 1c 2d ab 1e 14 41 65 c8 b3 Aug 26 13:14:57.802734: | 00 00 00 1c 00 00 40 05 e4 30 65 08 bc 51 6a d9 Aug 26 13:14:57.802735: | 13 ba 77 d2 b5 7f da f6 0b 7e 15 8b Aug 26 13:14:57.802764: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:14:57.802768: | libevent_free: release ptr-libevent@0x55c16123ebc8 Aug 26 13:14:57.802770: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fb6f0002bb8 Aug 26 13:14:57.802772: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Aug 26 13:14:57.802775: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:14:57.802778: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fb6f0002bb8 Aug 26 13:14:57.802780: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Aug 26 13:14:57.802782: | libevent_malloc: new ptr-libevent@0x55c16123c808 size 128 Aug 26 13:14:57.802786: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10583.545244 Aug 26 13:14:57.802789: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Aug 26 13:14:57.802793: | #4 spent 1.39 milliseconds in resume sending helper answer Aug 26 13:14:57.802796: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:14:57.802798: | libevent_free: release ptr-libevent@0x7fb6e8002888 Aug 26 13:14:58.519406: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:14:58.519434: shutting down Aug 26 13:14:58.519444: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:14:58.519448: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:14:58.519451: forgetting secrets Aug 26 13:14:58.519455: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:14:58.519459: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:14:58.519463: | removing pending policy for no connection {0x55c16122b428} Aug 26 13:14:58.519466: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:14:58.519469: | pass 0 Aug 26 13:14:58.519472: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:58.519475: | state #4 Aug 26 13:14:58.519479: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:58.519484: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:14:58.519488: | pstats #4 ikev2.ike deleted other Aug 26 13:14:58.519493: | #4 spent 2.1 milliseconds in total Aug 26 13:14:58.519498: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:14:58.519502: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.718s and NOT sending notification Aug 26 13:14:58.519506: | parent state #4: PARENT_I1(half-open IKE SA) => delete Aug 26 13:14:58.519509: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:14:58.519512: | #4 STATE_PARENT_I1: retransmits: cleared Aug 26 13:14:58.519517: | libevent_free: release ptr-libevent@0x55c16123c808 Aug 26 13:14:58.519520: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fb6f0002bb8 Aug 26 13:14:58.519524: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:14:58.519527: | picked newest_isakmp_sa #0 for #4 Aug 26 13:14:58.519530: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:14:58.519534: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Aug 26 13:14:58.519538: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Aug 26 13:14:58.519544: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:14:58.519548: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:14:58.519550: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Aug 26 13:14:58.519553: | State DB: deleting IKEv2 state #4 in PARENT_I1 Aug 26 13:14:58.519557: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:14:58.519581: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:14:58.519586: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:14:58.519588: | pass 1 Aug 26 13:14:58.519591: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:14:58.519595: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:14:58.519599: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:14:58.519602: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:58.519635: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Aug 26 13:14:58.519645: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:14:58.519649: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Aug 26 13:14:58.519652: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Aug 26 13:14:58.519656: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Aug 26 13:14:58.519659: | running updown command "ipsec _updown" for verb unroute Aug 26 13:14:58.519662: | command executing unroute-client Aug 26 13:14:58.519691: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Aug 26 13:14:58.519694: | popen cmd is 1041 chars long Aug 26 13:14:58.519698: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Aug 26 13:14:58.519701: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Aug 26 13:14:58.519703: | cmd( 160):92.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Aug 26 13:14:58.519706: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Aug 26 13:14:58.519709: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' P: Aug 26 13:14:58.519712: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Aug 26 13:14:58.519714: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Aug 26 13:14:58.519717: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: Aug 26 13:14:58.519720: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Aug 26 13:14:58.519723: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Aug 26 13:14:58.519725: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Aug 26 13:14:58.519728: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Aug 26 13:14:58.519731: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Aug 26 13:14:58.519733: | cmd(1040):1: Aug 26 13:14:58.529424: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529452: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529455: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529458: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529461: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529464: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529679: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529688: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529698: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.529707: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:14:58.534084: | free hp@0x55c16123a2c8 Aug 26 13:14:58.534099: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Aug 26 13:14:58.534107: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:14:58.534127: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:14:58.534130: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:14:58.534143: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:14:58.534147: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:14:58.534150: shutting down interface eth0/eth0 192.0.1.254:4500 Aug 26 13:14:58.534153: shutting down interface eth0/eth0 192.0.1.254:500 Aug 26 13:14:58.534156: shutting down interface eth1/eth1 192.1.2.45:4500 Aug 26 13:14:58.534159: shutting down interface eth1/eth1 192.1.2.45:500 Aug 26 13:14:58.534164: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:14:58.534176: | libevent_free: release ptr-libevent@0x55c16122bf98 Aug 26 13:14:58.534180: | free_event_entry: release EVENT_NULL-pe@0x55c161237a98 Aug 26 13:14:58.534191: | libevent_free: release ptr-libevent@0x55c1611c0098 Aug 26 13:14:58.534195: | free_event_entry: release EVENT_NULL-pe@0x55c161237b48 Aug 26 13:14:58.534202: | libevent_free: release ptr-libevent@0x55c1611c1838 Aug 26 13:14:58.534205: | free_event_entry: release EVENT_NULL-pe@0x55c161237bf8 Aug 26 13:14:58.534212: | libevent_free: release ptr-libevent@0x55c1611c1788 Aug 26 13:14:58.534215: | free_event_entry: release EVENT_NULL-pe@0x55c161237ca8 Aug 26 13:14:58.534221: | libevent_free: release ptr-libevent@0x55c1611964e8 Aug 26 13:14:58.534224: | free_event_entry: release EVENT_NULL-pe@0x55c161237d58 Aug 26 13:14:58.534231: | libevent_free: release ptr-libevent@0x55c1611961d8 Aug 26 13:14:58.534233: | free_event_entry: release EVENT_NULL-pe@0x55c161237e08 Aug 26 13:14:58.534238: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:14:58.534656: | libevent_free: release ptr-libevent@0x55c16122c048 Aug 26 13:14:58.534664: | free_event_entry: release EVENT_NULL-pe@0x55c16121fe38 Aug 26 13:14:58.534670: | libevent_free: release ptr-libevent@0x55c1611c0198 Aug 26 13:14:58.534673: | free_event_entry: release EVENT_NULL-pe@0x55c16121fdc8 Aug 26 13:14:58.534678: | libevent_free: release ptr-libevent@0x55c161203568 Aug 26 13:14:58.534681: | free_event_entry: release EVENT_NULL-pe@0x55c16121f2a8 Aug 26 13:14:58.534684: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:14:58.534687: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:14:58.534689: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:14:58.534692: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:14:58.534695: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:14:58.534697: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:14:58.534700: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:14:58.534703: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:14:58.534705: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:14:58.534711: | libevent_free: release ptr-libevent@0x55c1611ca388 Aug 26 13:14:58.534714: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:14:58.534717: | libevent_free: release ptr-libevent@0x55c1611c2238 Aug 26 13:14:58.534722: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:14:58.534725: | libevent_free: release ptr-libevent@0x55c161237458 Aug 26 13:14:58.534728: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:14:58.534732: | libevent_free: release ptr-libevent@0x55c161237698 Aug 26 13:14:58.534734: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:14:58.534737: | releasing event base Aug 26 13:14:58.534749: | libevent_free: release ptr-libevent@0x55c161237568 Aug 26 13:14:58.534752: | libevent_free: release ptr-libevent@0x55c16121a578 Aug 26 13:14:58.534756: | libevent_free: release ptr-libevent@0x55c16121a528 Aug 26 13:14:58.534759: | libevent_free: release ptr-libevent@0x55c16121a4b8 Aug 26 13:14:58.534762: | libevent_free: release ptr-libevent@0x55c16121a478 Aug 26 13:14:58.534765: | libevent_free: release ptr-libevent@0x55c161237318 Aug 26 13:14:58.534767: | libevent_free: release ptr-libevent@0x55c161237398 Aug 26 13:14:58.534770: | libevent_free: release ptr-libevent@0x55c16121a728 Aug 26 13:14:58.534773: | libevent_free: release ptr-libevent@0x55c16121f3b8 Aug 26 13:14:58.534775: | libevent_free: release ptr-libevent@0x55c16121fd88 Aug 26 13:14:58.534778: | libevent_free: release ptr-libevent@0x55c161237e78 Aug 26 13:14:58.534780: | libevent_free: release ptr-libevent@0x55c161237dc8 Aug 26 13:14:58.534783: | libevent_free: release ptr-libevent@0x55c161237d18 Aug 26 13:14:58.534785: | libevent_free: release ptr-libevent@0x55c161237c68 Aug 26 13:14:58.534788: | libevent_free: release ptr-libevent@0x55c161237bb8 Aug 26 13:14:58.534790: | libevent_free: release ptr-libevent@0x55c161237b08 Aug 26 13:14:58.534793: | libevent_free: release ptr-libevent@0x55c1611bf698 Aug 26 13:14:58.534796: | libevent_free: release ptr-libevent@0x55c161237418 Aug 26 13:14:58.534798: | libevent_free: release ptr-libevent@0x55c1612373d8 Aug 26 13:14:58.534801: | libevent_free: release ptr-libevent@0x55c161237358 Aug 26 13:14:58.534803: | libevent_free: release ptr-libevent@0x55c161237528 Aug 26 13:14:58.534806: | libevent_free: release ptr-libevent@0x55c1611be828 Aug 26 13:14:58.534809: | libevent_free: release ptr-libevent@0x55c161195908 Aug 26 13:14:58.534811: | libevent_free: release ptr-libevent@0x55c161195d38 Aug 26 13:14:58.534814: | libevent_free: release ptr-libevent@0x55c1611beb98 Aug 26 13:14:58.534816: | releasing global libevent data Aug 26 13:14:58.534819: | libevent_free: release ptr-libevent@0x55c1611957f8 Aug 26 13:14:58.534822: | libevent_free: release ptr-libevent@0x55c161195cd8 Aug 26 13:14:58.534825: | libevent_free: release ptr-libevent@0x55c161195dd8 Aug 26 13:14:58.534858: leak detective found no leaks