Aug 26 13:28:11.869929: FIPS Product: YES Aug 26 13:28:11.869960: FIPS Kernel: NO Aug 26 13:28:11.869962: FIPS Mode: NO Aug 26 13:28:11.869964: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:28:11.870080: Initializing NSS Aug 26 13:28:11.870085: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:28:11.893086: NSS initialized Aug 26 13:28:11.893101: NSS crypto library initialized Aug 26 13:28:11.893103: FIPS HMAC integrity support [enabled] Aug 26 13:28:11.893104: FIPS mode disabled for pluto daemon Aug 26 13:28:11.918719: FIPS HMAC integrity verification self-test FAILED Aug 26 13:28:11.918808: libcap-ng support [enabled] Aug 26 13:28:11.918816: Linux audit support [enabled] Aug 26 13:28:11.918848: Linux audit activated Aug 26 13:28:11.918852: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:15262 Aug 26 13:28:11.918854: core dump dir: /tmp Aug 26 13:28:11.918856: secrets file: /etc/ipsec.secrets Aug 26 13:28:11.918857: leak-detective enabled Aug 26 13:28:11.918859: NSS crypto [enabled] Aug 26 13:28:11.918860: XAUTH PAM support [enabled] Aug 26 13:28:11.918918: | libevent is using pluto's memory allocator Aug 26 13:28:11.918923: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:28:11.918938: | libevent_malloc: new ptr-libevent@0x5571a50529f8 size 40 Aug 26 13:28:11.918941: | libevent_malloc: new ptr-libevent@0x5571a5054448 size 40 Aug 26 13:28:11.918944: | libevent_malloc: new ptr-libevent@0x5571a50543c8 size 40 Aug 26 13:28:11.918946: | creating event base Aug 26 13:28:11.918949: | libevent_malloc: new ptr-libevent@0x5571a50531c8 size 56 Aug 26 13:28:11.918952: | libevent_malloc: new ptr-libevent@0x5571a4fe5028 size 664 Aug 26 13:28:11.918960: | libevent_malloc: new ptr-libevent@0x5571a5084598 size 24 Aug 26 13:28:11.918962: | libevent_malloc: new ptr-libevent@0x5571a50845e8 size 384 Aug 26 13:28:11.918970: | libevent_malloc: new ptr-libevent@0x5571a5084558 size 16 Aug 26 13:28:11.918972: | libevent_malloc: new ptr-libevent@0x5571a5054348 size 40 Aug 26 13:28:11.918974: | libevent_malloc: new ptr-libevent@0x5571a50542c8 size 48 Aug 26 13:28:11.918978: | libevent_realloc: new ptr-libevent@0x5571a4fe4cb8 size 256 Aug 26 13:28:11.918980: | libevent_malloc: new ptr-libevent@0x5571a5084798 size 16 Aug 26 13:28:11.918984: | libevent_free: release ptr-libevent@0x5571a50531c8 Aug 26 13:28:11.918987: | libevent initialized Aug 26 13:28:11.918989: | libevent_realloc: new ptr-libevent@0x5571a50531c8 size 64 Aug 26 13:28:11.918992: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:28:11.919002: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:28:11.919004: NAT-Traversal support [enabled] Aug 26 13:28:11.919006: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:28:11.919010: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:28:11.919015: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:28:11.919043: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:28:11.919046: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:28:11.919048: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:28:11.919081: Encryption algorithms: Aug 26 13:28:11.919087: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:28:11.919090: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:28:11.919092: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:28:11.919094: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:28:11.919096: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:28:11.919103: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:28:11.919106: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:28:11.919108: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:28:11.919110: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:28:11.919113: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:28:11.919115: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:28:11.919117: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:28:11.919119: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:28:11.919122: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:28:11.919124: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:28:11.919126: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:28:11.919128: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:28:11.919132: Hash algorithms: Aug 26 13:28:11.919134: MD5 IKEv1: IKE IKEv2: Aug 26 13:28:11.919136: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:28:11.919138: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:28:11.919140: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:28:11.919142: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:28:11.919151: PRF algorithms: Aug 26 13:28:11.919153: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:28:11.919155: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:28:11.919157: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:28:11.919159: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:28:11.919161: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:28:11.919163: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:28:11.919179: Integrity algorithms: Aug 26 13:28:11.919181: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:28:11.919184: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:28:11.919186: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:28:11.919189: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:28:11.919191: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:28:11.919193: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:28:11.919195: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:28:11.919197: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:28:11.919199: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:28:11.919207: DH algorithms: Aug 26 13:28:11.919209: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:28:11.919211: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:28:11.919213: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:28:11.919217: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:28:11.919218: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:28:11.919220: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:28:11.919222: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:28:11.919224: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:28:11.919226: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:28:11.919228: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:28:11.919230: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:28:11.919232: testing CAMELLIA_CBC: Aug 26 13:28:11.919234: Camellia: 16 bytes with 128-bit key Aug 26 13:28:11.919335: Camellia: 16 bytes with 128-bit key Aug 26 13:28:11.919359: Camellia: 16 bytes with 256-bit key Aug 26 13:28:11.919377: Camellia: 16 bytes with 256-bit key Aug 26 13:28:11.919394: testing AES_GCM_16: Aug 26 13:28:11.919397: empty string Aug 26 13:28:11.919417: one block Aug 26 13:28:11.919434: two blocks Aug 26 13:28:11.919451: two blocks with associated data Aug 26 13:28:11.919467: testing AES_CTR: Aug 26 13:28:11.919469: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:28:11.919486: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:28:11.919504: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:28:11.919522: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:28:11.919538: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:28:11.919555: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:28:11.919571: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:28:11.919588: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:28:11.919605: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:28:11.919622: testing AES_CBC: Aug 26 13:28:11.919624: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:28:11.919640: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:28:11.919657: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:28:11.919676: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:28:11.919696: testing AES_XCBC: Aug 26 13:28:11.919698: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:28:11.919772: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:28:11.919851: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:28:11.919928: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:28:11.920005: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:28:11.920081: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:28:11.920159: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:28:11.920333: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:28:11.920414: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:28:11.920497: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:28:11.920640: testing HMAC_MD5: Aug 26 13:28:11.920642: RFC 2104: MD5_HMAC test 1 Aug 26 13:28:11.920746: RFC 2104: MD5_HMAC test 2 Aug 26 13:28:11.920840: RFC 2104: MD5_HMAC test 3 Aug 26 13:28:11.920959: 8 CPU cores online Aug 26 13:28:11.920962: starting up 7 crypto helpers Aug 26 13:28:11.920990: started thread for crypto helper 0 Aug 26 13:28:11.921010: started thread for crypto helper 1 Aug 26 13:28:11.921024: | starting up helper thread 0 Aug 26 13:28:11.921029: | starting up helper thread 2 Aug 26 13:28:11.921025: started thread for crypto helper 2 Aug 26 13:28:11.921041: | starting up helper thread 1 Aug 26 13:28:11.921045: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:28:11.921060: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:28:11.921066: | crypto helper 2 waiting (nothing to do) Aug 26 13:28:11.921067: started thread for crypto helper 3 Aug 26 13:28:11.921078: | crypto helper 1 waiting (nothing to do) Aug 26 13:28:11.921039: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:28:11.921085: | starting up helper thread 3 Aug 26 13:28:11.921094: | starting up helper thread 4 Aug 26 13:28:11.921099: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:28:11.921087: | crypto helper 0 waiting (nothing to do) Aug 26 13:28:11.921092: started thread for crypto helper 4 Aug 26 13:28:11.921109: | crypto helper 3 waiting (nothing to do) Aug 26 13:28:11.921102: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:28:11.921117: | crypto helper 4 waiting (nothing to do) Aug 26 13:28:11.921124: started thread for crypto helper 5 Aug 26 13:28:11.921126: | starting up helper thread 5 Aug 26 13:28:11.921132: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:28:11.921133: | crypto helper 5 waiting (nothing to do) Aug 26 13:28:11.921145: started thread for crypto helper 6 Aug 26 13:28:11.921149: | checking IKEv1 state table Aug 26 13:28:11.921155: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921157: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:28:11.921158: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921160: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:28:11.921162: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:28:11.921163: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:28:11.921165: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:11.921166: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:11.921168: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:28:11.921170: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:28:11.921171: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:11.921173: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:11.921174: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:28:11.921176: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:11.921177: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:11.921179: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:28:11.921181: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:28:11.921182: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:11.921184: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:11.921185: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:28:11.921187: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:28:11.921188: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921190: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:28:11.921192: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921193: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921195: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:28:11.921197: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921198: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:28:11.921200: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:28:11.921201: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:28:11.921203: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:28:11.921204: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:28:11.921206: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:28:11.921207: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921209: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:28:11.921211: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921212: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:28:11.921214: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:28:11.921216: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:28:11.921217: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:28:11.921219: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:28:11.921223: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:28:11.921225: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:28:11.921226: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921228: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:28:11.921230: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921231: | INFO: category: informational flags: 0: Aug 26 13:28:11.921233: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921234: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:28:11.921236: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921238: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:28:11.921239: | -> XAUTH_R1 EVENT_NULL Aug 26 13:28:11.921241: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:28:11.921242: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:11.921244: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:28:11.921246: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:28:11.921248: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:28:11.921249: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:28:11.921251: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:28:11.921252: | -> UNDEFINED EVENT_NULL Aug 26 13:28:11.921254: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:28:11.921256: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:11.921257: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:28:11.921259: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:28:11.921261: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:28:11.921262: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:28:11.921267: | checking IKEv2 state table Aug 26 13:28:11.921271: | PARENT_I0: category: ignore flags: 0: Aug 26 13:28:11.921273: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:28:11.921275: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921277: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:28:11.921279: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:28:11.921281: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:28:11.921283: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:28:11.921284: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:28:11.921286: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:28:11.921297: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:28:11.921302: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:28:11.921305: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:28:11.921307: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:28:11.921310: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:28:11.921312: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:28:11.921315: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:28:11.921317: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921320: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:28:11.921322: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:28:11.921324: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:28:11.921326: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:28:11.921328: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:28:11.921329: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:28:11.921331: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:28:11.921333: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:28:11.921336: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:28:11.921338: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:28:11.921340: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:28:11.921342: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:28:11.921344: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:28:11.921345: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:28:11.921347: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:28:11.921349: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:28:11.921351: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:28:11.921353: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:28:11.921354: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:28:11.921356: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:28:11.921358: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:28:11.921360: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:28:11.921362: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:28:11.921364: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:28:11.921365: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:28:11.921367: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:28:11.921369: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:28:11.921371: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:28:11.921373: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:28:11.921374: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:28:11.921384: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:28:11.921425: | Hard-wiring algorithms Aug 26 13:28:11.921428: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:28:11.921431: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:28:11.921432: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:28:11.921434: | adding 3DES_CBC to kernel algorithm db Aug 26 13:28:11.921435: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:28:11.921437: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:28:11.921439: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:28:11.921440: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:28:11.921442: | adding AES_CTR to kernel algorithm db Aug 26 13:28:11.921444: | adding AES_CBC to kernel algorithm db Aug 26 13:28:11.921445: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:28:11.921447: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:28:11.921448: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:28:11.921450: | adding NULL to kernel algorithm db Aug 26 13:28:11.921452: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:28:11.921454: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:28:11.921455: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:28:11.921457: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:28:11.921458: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:28:11.921460: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:28:11.921461: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:28:11.921463: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:28:11.921465: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:28:11.921466: | adding NONE to kernel algorithm db Aug 26 13:28:11.921481: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:28:11.921484: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:28:11.921486: | setup kernel fd callback Aug 26 13:28:11.921490: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5571a5083fb8 Aug 26 13:28:11.921492: | libevent_malloc: new ptr-libevent@0x5571a50827c8 size 128 Aug 26 13:28:11.921494: | libevent_malloc: new ptr-libevent@0x5571a50899b8 size 16 Aug 26 13:28:11.921498: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5571a5089d28 Aug 26 13:28:11.921500: | libevent_malloc: new ptr-libevent@0x5571a50580e8 size 128 Aug 26 13:28:11.921502: | libevent_malloc: new ptr-libevent@0x5571a508a2d8 size 16 Aug 26 13:28:11.921649: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:28:11.921656: selinux support is enabled. Aug 26 13:28:11.921831: | unbound context created - setting debug level to 5 Aug 26 13:28:11.921850: | /etc/hosts lookups activated Aug 26 13:28:11.921862: | /etc/resolv.conf usage activated Aug 26 13:28:11.921899: | outgoing-port-avoid set 0-65535 Aug 26 13:28:11.921916: | outgoing-port-permit set 32768-60999 Aug 26 13:28:11.921918: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:28:11.921927: | Added contents of trusted key file /testing/baseconfigs/all/etc/bind/keys/testing.key to unbound resolver context Aug 26 13:28:11.921930: | Setting up events, loop start Aug 26 13:28:11.921932: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5571a508a1c8 Aug 26 13:28:11.921934: | libevent_malloc: new ptr-libevent@0x5571a5096128 size 128 Aug 26 13:28:11.921936: | libevent_malloc: new ptr-libevent@0x5571a50a1438 size 16 Aug 26 13:28:11.921940: | libevent_realloc: new ptr-libevent@0x5571a50a14d8 size 256 Aug 26 13:28:11.921943: | libevent_malloc: new ptr-libevent@0x5571a50a1608 size 8 Aug 26 13:28:11.921945: | libevent_realloc: new ptr-libevent@0x5571a50a1648 size 144 Aug 26 13:28:11.921946: | libevent_malloc: new ptr-libevent@0x5571a4fe5a08 size 152 Aug 26 13:28:11.921949: | libevent_malloc: new ptr-libevent@0x5571a50a1708 size 16 Aug 26 13:28:11.921951: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:28:11.921953: | libevent_malloc: new ptr-libevent@0x5571a50a1748 size 8 Aug 26 13:28:11.921955: | libevent_malloc: new ptr-libevent@0x5571a50a1788 size 152 Aug 26 13:28:11.921957: | signal event handler PLUTO_SIGTERM installed Aug 26 13:28:11.921959: | libevent_malloc: new ptr-libevent@0x5571a50a1858 size 8 Aug 26 13:28:11.921961: | libevent_malloc: new ptr-libevent@0x5571a50a1898 size 152 Aug 26 13:28:11.921963: | signal event handler PLUTO_SIGHUP installed Aug 26 13:28:11.921964: | libevent_malloc: new ptr-libevent@0x5571a50a1968 size 8 Aug 26 13:28:11.921966: | libevent_realloc: release ptr-libevent@0x5571a50a1648 Aug 26 13:28:11.921968: | libevent_realloc: new ptr-libevent@0x5571a50a19a8 size 256 Aug 26 13:28:11.921970: | libevent_malloc: new ptr-libevent@0x5571a50a1ad8 size 152 Aug 26 13:28:11.921972: | signal event handler PLUTO_SIGSYS installed Aug 26 13:28:11.922211: | created addconn helper (pid:15298) using fork+execve Aug 26 13:28:11.922224: | forked child 15298 Aug 26 13:28:11.922253: | starting up helper thread 6 Aug 26 13:28:11.922257: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:28:11.922262: | crypto helper 6 waiting (nothing to do) Aug 26 13:28:11.926551: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:11.926572: listening for IKE messages Aug 26 13:28:11.926668: | Inspecting interface lo Aug 26 13:28:11.926676: | found lo with address 127.0.0.1 Aug 26 13:28:11.926679: | Inspecting interface eth0 Aug 26 13:28:11.926682: | found eth0 with address 192.1.3.209 Aug 26 13:28:11.926754: Kernel supports NIC esp-hw-offload Aug 26 13:28:11.926763: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Aug 26 13:28:11.926807: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:28:11.926810: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:28:11.926813: adding interface eth0/eth0 192.1.3.209:4500 Aug 26 13:28:11.926832: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:28:11.926850: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:28:11.926853: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:28:11.926855: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:28:11.926921: | no interfaces to sort Aug 26 13:28:11.926925: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:28:11.926930: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1e48 Aug 26 13:28:11.926932: | libevent_malloc: new ptr-libevent@0x5571a5096078 size 128 Aug 26 13:28:11.926935: | libevent_malloc: new ptr-libevent@0x5571a50a1eb8 size 16 Aug 26 13:28:11.926943: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:28:11.926944: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1ef8 Aug 26 13:28:11.926947: | libevent_malloc: new ptr-libevent@0x5571a5058198 size 128 Aug 26 13:28:11.926949: | libevent_malloc: new ptr-libevent@0x5571a50a1f68 size 16 Aug 26 13:28:11.926952: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:28:11.926954: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1fa8 Aug 26 13:28:11.926957: | libevent_malloc: new ptr-libevent@0x5571a50593c8 size 128 Aug 26 13:28:11.926958: | libevent_malloc: new ptr-libevent@0x5571a50a2018 size 16 Aug 26 13:28:11.926962: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:28:11.926963: | add_fd_read_event_handler: new ethX-pe@0x5571a50a2058 Aug 26 13:28:11.926966: | libevent_malloc: new ptr-libevent@0x5571a5052dc8 size 128 Aug 26 13:28:11.926968: | libevent_malloc: new ptr-libevent@0x5571a50a20c8 size 16 Aug 26 13:28:11.926971: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:28:11.926974: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:11.926975: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:11.926990: loading secrets from "/etc/ipsec.secrets" Aug 26 13:28:11.927005: | saving Modulus Aug 26 13:28:11.927008: | saving PublicExponent Aug 26 13:28:11.927040: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Aug 26 13:28:11.927043: | computed rsa CKAID 59 b0 ef 45 Aug 26 13:28:11.927046: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Aug 26 13:28:11.927051: | certs and keys locked by 'process_secret' Aug 26 13:28:11.927052: | certs and keys unlocked by 'process_secret' Aug 26 13:28:11.927060: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:11.927065: | spent 0.524 milliseconds in whack Aug 26 13:28:11.942554: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:11.942586: listening for IKE messages Aug 26 13:28:11.954998: | Inspecting interface lo Aug 26 13:28:11.955019: | found lo with address 127.0.0.1 Aug 26 13:28:11.955023: | Inspecting interface eth0 Aug 26 13:28:11.955028: | found eth0 with address 192.1.3.209 Aug 26 13:28:11.955090: | no interfaces to sort Aug 26 13:28:11.955101: | libevent_free: release ptr-libevent@0x5571a5096078 Aug 26 13:28:11.955105: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1e48 Aug 26 13:28:11.955108: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1e48 Aug 26 13:28:11.955111: | libevent_malloc: new ptr-libevent@0x5571a5096078 size 128 Aug 26 13:28:11.955117: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:28:11.955121: | libevent_free: release ptr-libevent@0x5571a5058198 Aug 26 13:28:11.955123: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1ef8 Aug 26 13:28:11.955125: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1ef8 Aug 26 13:28:11.955128: | libevent_malloc: new ptr-libevent@0x5571a5058198 size 128 Aug 26 13:28:11.955132: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:28:11.955136: | libevent_free: release ptr-libevent@0x5571a50593c8 Aug 26 13:28:11.955138: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1fa8 Aug 26 13:28:11.955140: | add_fd_read_event_handler: new ethX-pe@0x5571a50a1fa8 Aug 26 13:28:11.955143: | libevent_malloc: new ptr-libevent@0x5571a50593c8 size 128 Aug 26 13:28:11.955154: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:28:11.955158: | libevent_free: release ptr-libevent@0x5571a5052dc8 Aug 26 13:28:11.955161: | free_event_entry: release EVENT_NULL-pe@0x5571a50a2058 Aug 26 13:28:11.955163: | add_fd_read_event_handler: new ethX-pe@0x5571a50a2058 Aug 26 13:28:11.955165: | libevent_malloc: new ptr-libevent@0x5571a5052dc8 size 128 Aug 26 13:28:11.955169: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:28:11.955173: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:11.955175: forgetting secrets Aug 26 13:28:11.955187: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:11.955203: loading secrets from "/etc/ipsec.secrets" Aug 26 13:28:11.955220: | saving Modulus Aug 26 13:28:11.955223: | saving PublicExponent Aug 26 13:28:11.955245: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Aug 26 13:28:11.955248: | computed rsa CKAID 59 b0 ef 45 Aug 26 13:28:11.955252: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Aug 26 13:28:11.955257: | certs and keys locked by 'process_secret' Aug 26 13:28:11.955260: | certs and keys unlocked by 'process_secret' Aug 26 13:28:11.955270: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:11.955276: | spent 0.374 milliseconds in whack Aug 26 13:28:11.956139: | processing signal PLUTO_SIGCHLD Aug 26 13:28:11.956155: | waitpid returned pid 15298 (exited with status 0) Aug 26 13:28:11.956159: | reaped addconn helper child (status 0) Aug 26 13:28:11.956163: | waitpid returned ECHILD (no child processes left) Aug 26 13:28:11.956166: | spent 0.0159 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:28:12.005433: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.005459: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:12.005461: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:28:12.005464: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:12.005465: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:28:12.005491: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:12.005497: | Added new connection road-east-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:28:12.005499: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:28:12.005550: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:28:12.005554: | from whack: got --esp= Aug 26 13:28:12.005576: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:28:12.005580: | counting wild cards for @road.testing.libreswan.org is 0 Aug 26 13:28:12.005584: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:28:12.005591: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:28:12.005593: | new hp@0x5571a50a4778 Aug 26 13:28:12.005597: added connection description "road-east-ikev2" Aug 26 13:28:12.005604: | ike_life: 90s; ipsec_life: 300s; rekey_margin: 20s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:28:12.005609: | 192.1.3.209<192.1.3.209>[@road.testing.libreswan.org]...192.1.2.23<192.1.2.23> Aug 26 13:28:12.005614: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.005619: | spent 0.195 milliseconds in whack Aug 26 13:28:12.005689: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.005709: add keyid @road.testing.libreswan.org Aug 26 13:28:12.005714: | add pubkey 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c Aug 26 13:28:12.005716: | add pubkey 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 Aug 26 13:28:12.005719: | add pubkey a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 Aug 26 13:28:12.005722: | add pubkey 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 Aug 26 13:28:12.005724: | add pubkey dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 Aug 26 13:28:12.005727: | add pubkey ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 Aug 26 13:28:12.005729: | add pubkey f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d Aug 26 13:28:12.005732: | add pubkey 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c Aug 26 13:28:12.005734: | add pubkey 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c Aug 26 13:28:12.005737: | add pubkey 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 Aug 26 13:28:12.005757: | add pubkey f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c Aug 26 13:28:12.005759: | add pubkey bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 Aug 26 13:28:12.005760: | add pubkey 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 Aug 26 13:28:12.005762: | add pubkey 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb Aug 26 13:28:12.005764: | add pubkey 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e Aug 26 13:28:12.005767: | add pubkey f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 Aug 26 13:28:12.005769: | add pubkey 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 Aug 26 13:28:12.005771: | add pubkey 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 Aug 26 13:28:12.005774: | add pubkey 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 Aug 26 13:28:12.005776: | add pubkey 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed Aug 26 13:28:12.005779: | add pubkey 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c Aug 26 13:28:12.005794: | add pubkey da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b Aug 26 13:28:12.005796: | add pubkey 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c Aug 26 13:28:12.005798: | add pubkey 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 Aug 26 13:28:12.005801: | add pubkey 90 6a fd 31 f5 ab Aug 26 13:28:12.005820: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Aug 26 13:28:12.005822: | computed rsa CKAID 59 b0 ef 45 Aug 26 13:28:12.005831: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.005835: | spent 0.152 milliseconds in whack Aug 26 13:28:12.062035: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.062055: | old debugging base+cpu-usage + none Aug 26 13:28:12.062058: | base debugging = base+cpu-usage Aug 26 13:28:12.062060: | old impairing none + suppress-retransmits Aug 26 13:28:12.062062: | base impairing = suppress-retransmits Aug 26 13:28:12.062068: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.062073: | spent 0.0467 milliseconds in whack Aug 26 13:28:12.176393: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.176439: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.176447: | spent 0.0623 milliseconds in whack Aug 26 13:28:12.391455: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.391504: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.391513: | spent 0.0666 milliseconds in whack Aug 26 13:28:12.451480: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:12.451747: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 13:28:12.451754: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:12.451758: | start processing: connection "road-east-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:28:12.451761: | connection 'road-east-ikev2' +POLICY_UP Aug 26 13:28:12.451767: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 13:28:12.451769: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:28:12.451789: | creating state object #1 at 0x5571a50a4cf8 Aug 26 13:28:12.451792: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:28:12.451798: | pstats #1 ikev2.ike started Aug 26 13:28:12.451800: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:28:12.451803: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:28:12.451807: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:28:12.451813: | suspend processing: connection "road-east-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:28:12.451817: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:28:12.451819: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:28:12.451822: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-east-ikev2" IKE SA #1 "road-east-ikev2" Aug 26 13:28:12.451826: "road-east-ikev2" #1: initiating v2 parent SA Aug 26 13:28:12.451838: | "road-east-ikev2" #1 start IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- Aug 26 13:28:12.454601: | libevent_malloc: new ptr-libevent@0x5571a53572c8 size 16 Aug 26 13:28:12.454715: | constructing local IKE proposals for road-east-ikev2 (IKE SA initiator selecting KE) Aug 26 13:28:12.454728: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:12.454738: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.454744: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:12.454751: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.454756: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:12.454762: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.454767: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:12.454773: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.454787: "road-east-ikev2": constructed local IKE proposals for road-east-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.454805: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:28:12.454811: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5571a5358f88 Aug 26 13:28:12.454816: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:28:12.454826: | libevent_malloc: new ptr-libevent@0x5571a50a49b8 size 128 Aug 26 13:28:12.454845: | #1 spent 3 milliseconds in ikev2_parent_outI1() Aug 26 13:28:12.454849: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:12.454850: | crypto helper 2 resuming Aug 26 13:28:12.454870: | crypto helper 2 starting work-order 1 for state #1 Aug 26 13:28:12.454876: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:28:12.455887: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001009 seconds Aug 26 13:28:12.455908: | (#1) spent 1.02 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:28:12.455912: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Aug 26 13:28:12.455916: | scheduling resume sending helper answer for #1 Aug 26 13:28:12.455920: | libevent_malloc: new ptr-libevent@0x7f75c0002888 size 128 Aug 26 13:28:12.455928: | crypto helper 2 waiting (nothing to do) Aug 26 13:28:12.454855: | RESET processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:12.455941: | RESET processing: connection "road-east-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:12.455945: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:28:12.455950: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 13:28:12.455954: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:12.455959: | spent 3.33 milliseconds in whack Aug 26 13:28:12.456114: | libevent_malloc: new ptr-libevent@0x5571a5359228 size 16 Aug 26 13:28:12.456176: | processing resume sending helper answer for #1 Aug 26 13:28:12.456186: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:28:12.456191: | crypto helper 2 replies to request ID 1 Aug 26 13:28:12.456194: | calling continuation function 0x5571a3abab50 Aug 26 13:28:12.456197: | ikev2_parent_outI1_continue for #1 Aug 26 13:28:12.456228: | **emit ISAKMP Message: Aug 26 13:28:12.456232: | initiator cookie: Aug 26 13:28:12.456235: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.456238: | responder cookie: Aug 26 13:28:12.456240: | 00 00 00 00 00 00 00 00 Aug 26 13:28:12.456243: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:12.456247: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.456250: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:28:12.456253: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:12.456256: | Message ID: 0 (0x0) Aug 26 13:28:12.456259: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:12.456276: | using existing local IKE proposals for connection road-east-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.456280: | Emitting ikev2_proposals ... Aug 26 13:28:12.456283: | ***emit IKEv2 Security Association Payload: Aug 26 13:28:12.456287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.456318: | flags: none (0x0) Aug 26 13:28:12.456323: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:28:12.456326: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.456335: | discarding INTEG=NONE Aug 26 13:28:12.456339: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.456343: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.456345: | prop #: 1 (0x1) Aug 26 13:28:12.456348: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:12.456351: | spi size: 0 (0x0) Aug 26 13:28:12.456353: | # transforms: 11 (0xb) Aug 26 13:28:12.456357: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.456360: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456365: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.456368: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:12.456371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456375: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.456378: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.456381: | length/value: 256 (0x100) Aug 26 13:28:12.456384: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.456387: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456393: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456395: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:12.456399: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456405: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456408: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456413: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456416: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:12.456419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456424: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456426: | discarding INTEG=NONE Aug 26 13:28:12.456429: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456432: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456437: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.456441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456444: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456447: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456449: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456458: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:12.456461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456464: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456469: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456472: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456481: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:12.456484: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456490: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456493: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456500: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:12.456504: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456509: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456512: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456520: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:12.456523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456529: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456537: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456540: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:12.456543: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456551: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456556: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456558: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:12.456561: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456567: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456570: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456572: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.456575: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456578: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:12.456581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456590: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456593: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:28:12.456596: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.456598: | discarding INTEG=NONE Aug 26 13:28:12.456601: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.456604: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.456606: | prop #: 2 (0x2) Aug 26 13:28:12.456609: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:12.456611: | spi size: 0 (0x0) Aug 26 13:28:12.456614: | # transforms: 11 (0xb) Aug 26 13:28:12.456617: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.456620: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.456623: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456629: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.456631: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:12.456634: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456637: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.456640: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.456643: | length/value: 128 (0x80) Aug 26 13:28:12.456646: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.456648: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456654: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456657: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:12.456660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456666: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456669: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456674: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456677: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:12.456680: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456686: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456688: | discarding INTEG=NONE Aug 26 13:28:12.456690: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456698: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.456701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456710: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456712: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456718: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456720: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:12.456723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456729: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456732: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456737: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456739: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:12.456742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456746: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456751: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456757: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456759: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:12.456763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456768: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456771: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456776: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456779: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:12.456782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456785: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456788: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456790: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456793: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456799: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:12.456802: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456808: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456811: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456813: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456818: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:12.456822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456832: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456835: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456838: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.456841: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456843: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:12.456847: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456850: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456852: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456856: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:28:12.456859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.456862: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.456864: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.456867: | prop #: 3 (0x3) Aug 26 13:28:12.456870: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:12.456872: | spi size: 0 (0x0) Aug 26 13:28:12.456874: | # transforms: 13 (0xd) Aug 26 13:28:12.456878: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.456881: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.456884: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456887: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456890: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.456892: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:12.456895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456899: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.456902: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.456904: | length/value: 256 (0x100) Aug 26 13:28:12.456907: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.456910: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456915: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456918: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:12.456922: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456927: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456930: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456935: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.456938: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:12.456941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456947: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456951: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456957: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.456959: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:12.456963: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456968: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456971: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456976: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.456978: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:12.456981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.456987: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.456990: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.456993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.456995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.456998: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.457001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457007: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457009: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457017: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:12.457020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457026: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457028: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457036: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:12.457039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457045: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457048: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457053: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457056: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:12.457059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457070: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457075: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457078: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:12.457081: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457087: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457089: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457092: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457097: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:12.457100: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457106: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457108: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457114: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457116: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:12.457119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457125: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457128: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457131: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.457133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457136: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:12.457139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457145: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457148: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:28:12.457150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.457154: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.457156: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:12.457159: | prop #: 4 (0x4) Aug 26 13:28:12.457161: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:12.457164: | spi size: 0 (0x0) Aug 26 13:28:12.457166: | # transforms: 13 (0xd) Aug 26 13:28:12.457170: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.457172: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.457175: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457182: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.457185: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:12.457188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457191: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.457194: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.457196: | length/value: 128 (0x80) Aug 26 13:28:12.457199: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.457201: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457206: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.457208: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:12.457211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457217: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457220: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457225: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.457228: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:12.457231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457236: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457239: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457244: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.457246: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:12.457249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457255: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457257: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457262: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.457265: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:12.457268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457274: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457276: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457284: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.457286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457301: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457305: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457311: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457314: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:12.457317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457323: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457326: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457331: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457334: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:12.457337: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457343: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457345: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457350: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457353: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:12.457356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457359: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457361: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457364: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457366: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457368: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457371: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:12.457374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457380: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457382: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457389: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:12.457392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457398: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457400: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457405: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457408: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:12.457411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457418: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457421: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.457423: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.457425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.457428: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:12.457431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.457434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.457437: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.457440: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:28:12.457442: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.457445: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:28:12.457448: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:28:12.457451: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:28:12.457454: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.457457: | flags: none (0x0) Aug 26 13:28:12.457460: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.457463: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:28:12.457467: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.457470: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:28:12.457473: | ikev2 g^x b2 ae 6f 7b 10 0b 1d 08 a1 b5 c4 49 be 71 0d 63 Aug 26 13:28:12.457476: | ikev2 g^x cf 6a bb dd ae b1 79 d3 31 5e cd e1 49 ae 8f ed Aug 26 13:28:12.457478: | ikev2 g^x 2f fa 5a 6d 0a 60 71 94 6e b3 40 3d 0f f0 f3 62 Aug 26 13:28:12.457481: | ikev2 g^x 6d 61 dc 8f 39 1a 89 a0 f3 f9 13 0a 59 09 1c ff Aug 26 13:28:12.457483: | ikev2 g^x bd 67 dd 85 91 89 37 bd 1d c9 08 45 7d 2a 9f 04 Aug 26 13:28:12.457486: | ikev2 g^x 26 d3 dd 20 b1 b0 57 c8 24 58 15 fe ff 6d 87 58 Aug 26 13:28:12.457488: | ikev2 g^x 50 b1 0b cc ae 15 28 17 dc 17 66 2c 64 98 39 e6 Aug 26 13:28:12.457490: | ikev2 g^x d0 c0 9f 89 52 46 fa 18 b8 b9 6c ee 25 7b 67 a5 Aug 26 13:28:12.457493: | ikev2 g^x 52 31 19 f1 7d e0 b3 6b b1 58 31 16 c1 df 6e 2d Aug 26 13:28:12.457495: | ikev2 g^x ea 29 38 0c 83 5a 3f 78 ac ef 18 8e a0 1a 30 16 Aug 26 13:28:12.457497: | ikev2 g^x 5d 72 4e c8 4f 7a 8b a7 80 e4 87 cc e7 0d 80 c9 Aug 26 13:28:12.457500: | ikev2 g^x a6 c6 71 f8 47 de 44 a5 0a d7 57 6d 99 91 e2 d7 Aug 26 13:28:12.457502: | ikev2 g^x 94 95 37 0b c3 7b 6f 7a c7 25 41 09 4d 7f c3 39 Aug 26 13:28:12.457505: | ikev2 g^x f4 47 ea 32 4d 33 52 a3 d9 ff 74 18 74 86 37 f0 Aug 26 13:28:12.457508: | ikev2 g^x 1c 81 68 90 d6 f1 13 83 84 9a 62 98 69 dc 02 ee Aug 26 13:28:12.457510: | ikev2 g^x 5d 39 ca 3c 8a 50 6e 3a b1 a5 2a 65 2a 9b 54 c0 Aug 26 13:28:12.457513: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:28:12.457516: | ***emit IKEv2 Nonce Payload: Aug 26 13:28:12.457519: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:12.457521: | flags: none (0x0) Aug 26 13:28:12.457524: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:28:12.457527: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:28:12.457529: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.457539: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:28:12.457542: | IKEv2 nonce 27 a5 6d 06 2b 74 2e 30 1e 8b 7f 5c 11 64 92 31 Aug 26 13:28:12.457545: | IKEv2 nonce b8 df 35 0d 93 54 a6 d2 65 69 d6 be 12 66 59 38 Aug 26 13:28:12.457547: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:28:12.457550: | Adding a v2N Payload Aug 26 13:28:12.457553: | ***emit IKEv2 Notify Payload: Aug 26 13:28:12.457556: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.457558: | flags: none (0x0) Aug 26 13:28:12.457561: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.457563: | SPI size: 0 (0x0) Aug 26 13:28:12.457566: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:28:12.457569: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:12.457572: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.457575: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:28:12.457578: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:28:12.457581: | natd_hash: rcookie is zero Aug 26 13:28:12.457601: | natd_hash: hasher=0x5571a3b8f800(20) Aug 26 13:28:12.457605: | natd_hash: icookie= 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.457607: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:28:12.457609: | natd_hash: ip= c0 01 03 d1 Aug 26 13:28:12.457612: | natd_hash: port=500 Aug 26 13:28:12.457614: | natd_hash: hash= 9c 28 4c be 11 c5 29 f2 60 df ef 71 29 7e 5e 33 Aug 26 13:28:12.457616: | natd_hash: hash= 28 d3 e4 aa Aug 26 13:28:12.457619: | Adding a v2N Payload Aug 26 13:28:12.457621: | ***emit IKEv2 Notify Payload: Aug 26 13:28:12.457624: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.457627: | flags: none (0x0) Aug 26 13:28:12.457629: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.457631: | SPI size: 0 (0x0) Aug 26 13:28:12.457634: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:28:12.457637: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:12.457640: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.457643: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:28:12.457646: | Notify data 9c 28 4c be 11 c5 29 f2 60 df ef 71 29 7e 5e 33 Aug 26 13:28:12.457648: | Notify data 28 d3 e4 aa Aug 26 13:28:12.457651: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:28:12.457653: | natd_hash: rcookie is zero Aug 26 13:28:12.457660: | natd_hash: hasher=0x5571a3b8f800(20) Aug 26 13:28:12.457663: | natd_hash: icookie= 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.457665: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:28:12.457667: | natd_hash: ip= c0 01 02 17 Aug 26 13:28:12.457669: | natd_hash: port=500 Aug 26 13:28:12.457672: | natd_hash: hash= 41 78 3a 9e 20 ee 82 88 0a 06 e3 93 48 b6 91 a5 Aug 26 13:28:12.457674: | natd_hash: hash= da 74 f2 ad Aug 26 13:28:12.457676: | Adding a v2N Payload Aug 26 13:28:12.457679: | ***emit IKEv2 Notify Payload: Aug 26 13:28:12.457682: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.457684: | flags: none (0x0) Aug 26 13:28:12.457687: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.457689: | SPI size: 0 (0x0) Aug 26 13:28:12.457692: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:28:12.457695: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:12.457698: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.457700: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:28:12.457705: | Notify data 41 78 3a 9e 20 ee 82 88 0a 06 e3 93 48 b6 91 a5 Aug 26 13:28:12.457707: | Notify data da 74 f2 ad Aug 26 13:28:12.457709: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:28:12.457712: | emitting length of ISAKMP Message: 828 Aug 26 13:28:12.457721: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:28:12.457731: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:12.457736: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:28:12.457739: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:28:12.457743: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:28:12.457746: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:28:12.457749: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:28:12.457754: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:28:12.457758: "road-east-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:28:12.457772: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:28:12.457779: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:12.457781: | 95 d6 ea 5a 9f 11 a4 8c 00 00 00 00 00 00 00 00 Aug 26 13:28:12.457783: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:28:12.457785: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:28:12.457788: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:28:12.457790: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:28:12.457792: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:28:12.457794: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:28:12.457796: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:28:12.457798: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:28:12.457800: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:28:12.457803: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:28:12.457805: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:28:12.457807: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:28:12.457809: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:28:12.457811: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:28:12.457813: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:28:12.457815: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:28:12.457817: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:28:12.457820: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:28:12.457822: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:28:12.457824: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:28:12.457826: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:28:12.457829: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:28:12.457831: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:28:12.457833: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:28:12.457836: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:28:12.457838: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:28:12.457840: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:28:12.457842: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:28:12.457845: | 28 00 01 08 00 0e 00 00 b2 ae 6f 7b 10 0b 1d 08 Aug 26 13:28:12.457847: | a1 b5 c4 49 be 71 0d 63 cf 6a bb dd ae b1 79 d3 Aug 26 13:28:12.457849: | 31 5e cd e1 49 ae 8f ed 2f fa 5a 6d 0a 60 71 94 Aug 26 13:28:12.457852: | 6e b3 40 3d 0f f0 f3 62 6d 61 dc 8f 39 1a 89 a0 Aug 26 13:28:12.457856: | f3 f9 13 0a 59 09 1c ff bd 67 dd 85 91 89 37 bd Aug 26 13:28:12.457858: | 1d c9 08 45 7d 2a 9f 04 26 d3 dd 20 b1 b0 57 c8 Aug 26 13:28:12.457861: | 24 58 15 fe ff 6d 87 58 50 b1 0b cc ae 15 28 17 Aug 26 13:28:12.457863: | dc 17 66 2c 64 98 39 e6 d0 c0 9f 89 52 46 fa 18 Aug 26 13:28:12.457865: | b8 b9 6c ee 25 7b 67 a5 52 31 19 f1 7d e0 b3 6b Aug 26 13:28:12.457868: | b1 58 31 16 c1 df 6e 2d ea 29 38 0c 83 5a 3f 78 Aug 26 13:28:12.457870: | ac ef 18 8e a0 1a 30 16 5d 72 4e c8 4f 7a 8b a7 Aug 26 13:28:12.457872: | 80 e4 87 cc e7 0d 80 c9 a6 c6 71 f8 47 de 44 a5 Aug 26 13:28:12.457875: | 0a d7 57 6d 99 91 e2 d7 94 95 37 0b c3 7b 6f 7a Aug 26 13:28:12.457877: | c7 25 41 09 4d 7f c3 39 f4 47 ea 32 4d 33 52 a3 Aug 26 13:28:12.457879: | d9 ff 74 18 74 86 37 f0 1c 81 68 90 d6 f1 13 83 Aug 26 13:28:12.457882: | 84 9a 62 98 69 dc 02 ee 5d 39 ca 3c 8a 50 6e 3a Aug 26 13:28:12.457884: | b1 a5 2a 65 2a 9b 54 c0 29 00 00 24 27 a5 6d 06 Aug 26 13:28:12.457887: | 2b 74 2e 30 1e 8b 7f 5c 11 64 92 31 b8 df 35 0d Aug 26 13:28:12.457889: | 93 54 a6 d2 65 69 d6 be 12 66 59 38 29 00 00 08 Aug 26 13:28:12.457891: | 00 00 40 2e 29 00 00 1c 00 00 40 04 9c 28 4c be Aug 26 13:28:12.457894: | 11 c5 29 f2 60 df ef 71 29 7e 5e 33 28 d3 e4 aa Aug 26 13:28:12.457896: | 00 00 00 1c 00 00 40 05 41 78 3a 9e 20 ee 82 88 Aug 26 13:28:12.457898: | 0a 06 e3 93 48 b6 91 a5 da 74 f2 ad Aug 26 13:28:12.457974: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:28:12.457981: | libevent_free: release ptr-libevent@0x5571a50a49b8 Aug 26 13:28:12.457984: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5571a5358f88 Aug 26 13:28:12.457987: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=2000ms Aug 26 13:28:12.457991: "road-east-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:28:12.457999: | event_schedule: new EVENT_RETRANSMIT-pe@0x5571a5358f88 Aug 26 13:28:12.458003: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:28:12.458006: | libevent_malloc: new ptr-libevent@0x5571a5359328 size 128 Aug 26 13:28:12.458011: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11378.200464 Aug 26 13:28:12.458016: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:28:12.458022: | #1 spent 1.75 milliseconds in resume sending helper answer Aug 26 13:28:12.458028: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:28:12.458031: | libevent_free: release ptr-libevent@0x7f75c0002888 Aug 26 13:28:12.458177: | libevent_malloc: new ptr-libevent@0x5571a5358f48 size 16 Aug 26 13:28:12.458769: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in idr_ipseckey_fetch_continue() at ikev2_ipseckey.c:519) Aug 26 13:28:12.458784: | IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- returned SERVFAIL cache=no elapsed time 0.006923 Aug 26 13:28:12.458788: | DNSSEC=INSECURE MSG SIZE 52 bytes Aug 26 13:28:12.458792: "road-east-ikev2" #1: IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- returned SERVFAIL rr parse error SERVFAIL elapsed time 0.006923 Aug 26 13:28:12.458801: | RESET processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in idr_ipseckey_fetch_continue() at ikev2_ipseckey.c:541) Aug 26 13:28:12.460835: | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:28:12.460862: | *received 437 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:28:12.460865: | 95 d6 ea 5a 9f 11 a4 8c 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.460867: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Aug 26 13:28:12.460869: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:28:12.460872: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:28:12.460880: | 04 00 00 0e 28 00 01 08 00 0e 00 00 59 32 86 c6 Aug 26 13:28:12.460883: | e0 81 e9 77 75 af 18 97 15 42 6c 1c c3 83 94 1a Aug 26 13:28:12.460885: | 53 73 2c b3 d8 d6 fe bf ea 94 f4 62 92 e8 07 af Aug 26 13:28:12.460887: | 2c cc 99 44 9c df a9 f8 51 b9 d5 91 e5 3d 61 de Aug 26 13:28:12.460890: | ba 93 0c 2f 49 43 f4 12 3b 34 e0 83 e4 58 7d 1d Aug 26 13:28:12.460892: | f6 7d bd f8 99 5c de 50 1a eb 47 b3 9e 48 17 8a Aug 26 13:28:12.460895: | 03 c7 b0 6a 57 46 1e 54 6e e3 bb 02 39 ad fd fc Aug 26 13:28:12.460897: | 81 38 0b 86 f2 bd ee e1 6b 07 28 41 13 b6 e8 87 Aug 26 13:28:12.460900: | 77 51 ef 7e 51 81 6f 49 e2 a0 12 3a 9b 06 18 73 Aug 26 13:28:12.460902: | eb e2 4e ef d7 f3 f6 e2 3d 04 b1 57 5f 5d 3b aa Aug 26 13:28:12.460905: | fa 19 a0 b0 e6 9a 25 a5 88 c1 63 5b 94 ab 2f a9 Aug 26 13:28:12.460907: | 51 be ba 64 0a 55 b6 52 be 5f 31 8e 3e 7c 3b 8b Aug 26 13:28:12.460910: | 6b 73 dd 5b d4 30 73 80 b4 06 b3 f1 04 cd 9c 92 Aug 26 13:28:12.460913: | bc 99 53 57 d9 a3 ec c4 a8 e5 75 6c 26 54 8e a7 Aug 26 13:28:12.460915: | d7 92 95 89 b8 eb ba a3 b6 38 16 08 32 4b 70 bc Aug 26 13:28:12.460918: | ab d1 06 ae 22 d2 7e 6b d8 d1 62 67 7f 6b bd b3 Aug 26 13:28:12.460920: | c5 d9 1c 8d 6d aa d4 a1 70 29 a6 27 29 00 00 24 Aug 26 13:28:12.460923: | d5 30 ed 53 75 2b 03 da 97 05 d8 24 ac 90 09 22 Aug 26 13:28:12.460925: | a2 46 75 51 97 c4 6a 3d 03 e8 a4 55 75 b2 a8 97 Aug 26 13:28:12.460928: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:28:12.460931: | e1 f0 b6 ca dc 82 0c 88 f6 ad e2 c6 48 31 20 eb Aug 26 13:28:12.460933: | 3f 36 72 fc 26 00 00 1c 00 00 40 05 1b 5e d8 0c Aug 26 13:28:12.460936: | 75 6d b4 d9 d3 5a a0 34 ce 3f ea db b1 17 e9 a6 Aug 26 13:28:12.460938: | 00 00 00 05 04 Aug 26 13:28:12.460944: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:28:12.460948: | **parse ISAKMP Message: Aug 26 13:28:12.460952: | initiator cookie: Aug 26 13:28:12.460955: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.460958: | responder cookie: Aug 26 13:28:12.460961: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.460964: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:28:12.460967: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.460970: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:28:12.460973: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:28:12.460977: | Message ID: 0 (0x0) Aug 26 13:28:12.460979: | length: 437 (0x1b5) Aug 26 13:28:12.460983: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:28:12.460986: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:28:12.460990: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:28:12.460996: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:28:12.461000: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:12.461003: | #1 is idle Aug 26 13:28:12.461005: | #1 idle Aug 26 13:28:12.461007: | unpacking clear payload Aug 26 13:28:12.461010: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:28:12.461013: | ***parse IKEv2 Security Association Payload: Aug 26 13:28:12.461016: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:28:12.461019: | flags: none (0x0) Aug 26 13:28:12.461022: | length: 40 (0x28) Aug 26 13:28:12.461024: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:28:12.461027: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:28:12.461030: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:28:12.461033: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:28:12.461035: | flags: none (0x0) Aug 26 13:28:12.461038: | length: 264 (0x108) Aug 26 13:28:12.461041: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.461046: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:28:12.461049: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:28:12.461052: | ***parse IKEv2 Nonce Payload: Aug 26 13:28:12.461055: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:12.461058: | flags: none (0x0) Aug 26 13:28:12.461061: | length: 36 (0x24) Aug 26 13:28:12.461063: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:28:12.461066: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:12.461068: | ***parse IKEv2 Notify Payload: Aug 26 13:28:12.461071: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:12.461073: | flags: none (0x0) Aug 26 13:28:12.461076: | length: 8 (0x8) Aug 26 13:28:12.461078: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.461081: | SPI size: 0 (0x0) Aug 26 13:28:12.461084: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:28:12.461087: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:28:12.461090: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:12.461093: | ***parse IKEv2 Notify Payload: Aug 26 13:28:12.461096: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:12.461098: | flags: none (0x0) Aug 26 13:28:12.461101: | length: 28 (0x1c) Aug 26 13:28:12.461104: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.461106: | SPI size: 0 (0x0) Aug 26 13:28:12.461109: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:28:12.461112: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:28:12.461115: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:12.461117: | ***parse IKEv2 Notify Payload: Aug 26 13:28:12.461120: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:28:12.461122: | flags: none (0x0) Aug 26 13:28:12.461125: | length: 28 (0x1c) Aug 26 13:28:12.461127: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.461129: | SPI size: 0 (0x0) Aug 26 13:28:12.461132: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:28:12.461135: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:28:12.461137: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:28:12.461140: | ***parse IKEv2 Certificate Request Payload: Aug 26 13:28:12.461143: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.461146: | flags: none (0x0) Aug 26 13:28:12.461148: | length: 5 (0x5) Aug 26 13:28:12.461151: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:28:12.461154: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Aug 26 13:28:12.461157: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:28:12.461163: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:28:12.461167: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:28:12.461169: | Now let's proceed with state specific processing Aug 26 13:28:12.461172: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:28:12.461176: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:28:12.461193: | using existing local IKE proposals for connection road-east-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:12.461198: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:28:12.461202: | local proposal 1 type ENCR has 1 transforms Aug 26 13:28:12.461207: | local proposal 1 type PRF has 2 transforms Aug 26 13:28:12.461210: | local proposal 1 type INTEG has 1 transforms Aug 26 13:28:12.461213: | local proposal 1 type DH has 8 transforms Aug 26 13:28:12.461215: | local proposal 1 type ESN has 0 transforms Aug 26 13:28:12.461219: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:28:12.461222: | local proposal 2 type ENCR has 1 transforms Aug 26 13:28:12.461225: | local proposal 2 type PRF has 2 transforms Aug 26 13:28:12.461227: | local proposal 2 type INTEG has 1 transforms Aug 26 13:28:12.461230: | local proposal 2 type DH has 8 transforms Aug 26 13:28:12.461232: | local proposal 2 type ESN has 0 transforms Aug 26 13:28:12.461235: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:28:12.461238: | local proposal 3 type ENCR has 1 transforms Aug 26 13:28:12.461240: | local proposal 3 type PRF has 2 transforms Aug 26 13:28:12.461243: | local proposal 3 type INTEG has 2 transforms Aug 26 13:28:12.461245: | local proposal 3 type DH has 8 transforms Aug 26 13:28:12.461247: | local proposal 3 type ESN has 0 transforms Aug 26 13:28:12.461249: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:28:12.461251: | local proposal 4 type ENCR has 1 transforms Aug 26 13:28:12.461252: | local proposal 4 type PRF has 2 transforms Aug 26 13:28:12.461254: | local proposal 4 type INTEG has 2 transforms Aug 26 13:28:12.461256: | local proposal 4 type DH has 8 transforms Aug 26 13:28:12.461257: | local proposal 4 type ESN has 0 transforms Aug 26 13:28:12.461259: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:28:12.461261: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.461263: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:12.461265: | length: 36 (0x24) Aug 26 13:28:12.461266: | prop #: 1 (0x1) Aug 26 13:28:12.461268: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:12.461270: | spi size: 0 (0x0) Aug 26 13:28:12.461271: | # transforms: 3 (0x3) Aug 26 13:28:12.461274: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:28:12.461276: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:12.461277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.461279: | length: 12 (0xc) Aug 26 13:28:12.461281: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.461282: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:12.461284: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.461286: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.461299: | length/value: 256 (0x100) Aug 26 13:28:12.461306: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:28:12.461310: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:12.461312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.461315: | length: 8 (0x8) Aug 26 13:28:12.461317: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:12.461319: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:12.461323: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:28:12.461326: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:12.461329: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.461331: | length: 8 (0x8) Aug 26 13:28:12.461334: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:12.461337: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:12.461340: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:28:12.461344: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:28:12.461349: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:28:12.461354: | remote proposal 1 matches local proposal 1 Aug 26 13:28:12.461358: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:28:12.461360: | converting proposal to internal trans attrs Aug 26 13:28:12.461379: | natd_hash: hasher=0x5571a3b8f800(20) Aug 26 13:28:12.461387: | natd_hash: icookie= 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.461390: | natd_hash: rcookie= 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.461392: | natd_hash: ip= c0 01 03 d1 Aug 26 13:28:12.461395: | natd_hash: port=500 Aug 26 13:28:12.461397: | natd_hash: hash= 1b 5e d8 0c 75 6d b4 d9 d3 5a a0 34 ce 3f ea db Aug 26 13:28:12.461400: | natd_hash: hash= b1 17 e9 a6 Aug 26 13:28:12.461407: | natd_hash: hasher=0x5571a3b8f800(20) Aug 26 13:28:12.461411: | natd_hash: icookie= 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.461413: | natd_hash: rcookie= 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.461416: | natd_hash: ip= c0 01 02 17 Aug 26 13:28:12.461418: | natd_hash: port=500 Aug 26 13:28:12.461420: | natd_hash: hash= e1 f0 b6 ca dc 82 0c 88 f6 ad e2 c6 48 31 20 eb Aug 26 13:28:12.461423: | natd_hash: hash= 3f 36 72 fc Aug 26 13:28:12.461426: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:28:12.461429: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:28:12.461432: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:28:12.461436: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:28:12.461441: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:28:12.461445: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:28:12.461449: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:28:12.461452: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:28:12.461456: | libevent_free: release ptr-libevent@0x5571a5359328 Aug 26 13:28:12.461460: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5571a5358f88 Aug 26 13:28:12.461463: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5571a5358f88 Aug 26 13:28:12.461468: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:28:12.461471: | libevent_malloc: new ptr-libevent@0x7f75c0002888 size 128 Aug 26 13:28:12.461483: | #1 spent 0.292 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:28:12.461490: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:12.461489: | crypto helper 1 resuming Aug 26 13:28:12.461495: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:28:12.461506: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:28:12.461510: | suspending state #1 and saving MD Aug 26 13:28:12.461517: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:28:12.461520: | #1 is busy; has a suspended MD Aug 26 13:28:12.461526: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:28:12.461531: | "road-east-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:28:12.461535: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:28:12.461540: | #1 spent 0.669 milliseconds in ikev2_process_packet() Aug 26 13:28:12.461545: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:28:12.461548: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:28:12.461551: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:28:12.461555: | spent 0.684 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:28:12.462449: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:28:12.462926: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001408 seconds Aug 26 13:28:12.462941: | (#1) spent 1.42 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:28:12.462945: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:28:12.462949: | scheduling resume sending helper answer for #1 Aug 26 13:28:12.462953: | libevent_malloc: new ptr-libevent@0x7f75b8000f48 size 128 Aug 26 13:28:12.462963: | crypto helper 1 waiting (nothing to do) Aug 26 13:28:12.462973: | processing resume sending helper answer for #1 Aug 26 13:28:12.462987: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:28:12.462992: | crypto helper 1 replies to request ID 2 Aug 26 13:28:12.462996: | calling continuation function 0x5571a3abab50 Aug 26 13:28:12.463000: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:28:12.463006: | creating state object #2 at 0x5571a535c538 Aug 26 13:28:12.463010: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:28:12.463015: | pstats #2 ikev2.child started Aug 26 13:28:12.463018: | duplicating state object #1 "road-east-ikev2" as #2 for IPSEC SA Aug 26 13:28:12.463024: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:28:12.463032: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:28:12.463038: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:28:12.463043: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:28:12.463047: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:28:12.463051: | libevent_free: release ptr-libevent@0x7f75c0002888 Aug 26 13:28:12.463054: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5571a5358f88 Aug 26 13:28:12.463058: | event_schedule: new EVENT_SA_REPLACE-pe@0x5571a5358f88 Aug 26 13:28:12.463062: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:28:12.463066: | libevent_malloc: new ptr-libevent@0x7f75c0002888 size 128 Aug 26 13:28:12.463070: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:28:12.463077: | **emit ISAKMP Message: Aug 26 13:28:12.463081: | initiator cookie: Aug 26 13:28:12.463083: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.463086: | responder cookie: Aug 26 13:28:12.463088: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.463091: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:12.463094: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.463097: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:12.463101: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:12.463103: | Message ID: 1 (0x1) Aug 26 13:28:12.463106: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:12.463110: | ***emit IKEv2 Encryption Payload: Aug 26 13:28:12.463113: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.463116: | flags: none (0x0) Aug 26 13:28:12.463119: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:28:12.463122: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.463126: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:28:12.463138: | IKEv2 CERT: send a certificate? Aug 26 13:28:12.463142: | IKEv2 CERT: no certificate to send Aug 26 13:28:12.463144: | IDr payload will NOT be sent Aug 26 13:28:12.463161: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:28:12.463165: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.463167: | flags: none (0x0) Aug 26 13:28:12.463170: | ID type: ID_FQDN (0x2) Aug 26 13:28:12.463176: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:28:12.463179: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.463183: | emitting 26 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:28:12.463185: | my identity 72 6f 61 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:28:12.463188: | my identity 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:28:12.463191: | emitting length of IKEv2 Identification - Initiator - Payload: 34 Aug 26 13:28:12.463200: | not sending INITIAL_CONTACT Aug 26 13:28:12.463204: | ****emit IKEv2 Authentication Payload: Aug 26 13:28:12.463207: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.463210: | flags: none (0x0) Aug 26 13:28:12.463213: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:28:12.463216: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:28:12.463219: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.463226: | started looking for secret for @road.testing.libreswan.org->192.1.2.23 of kind PKK_RSA Aug 26 13:28:12.463231: | actually looking for secret for @road.testing.libreswan.org->192.1.2.23 of kind PKK_RSA Aug 26 13:28:12.463235: | line 1: key type PKK_RSA(@road.testing.libreswan.org) to type PKK_RSA Aug 26 13:28:12.463240: | 1: compared key (none) to @road.testing.libreswan.org / 192.1.2.23 -> 002 Aug 26 13:28:12.463243: | 2: compared key (none) to @road.testing.libreswan.org / 192.1.2.23 -> 002 Aug 26 13:28:12.463246: | line 1: match=002 Aug 26 13:28:12.463249: | match 002 beats previous best_match 000 match=0x5571a4fb1c48 (line=1) Aug 26 13:28:12.463251: | concluding with best_match=002 best=0x5571a4fb1c48 (lineno=1) Aug 26 13:28:12.471109: | #1 spent 7.76 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:28:12.471133: | emitting 388 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:28:12.471137: | rsa signature 1c b8 ab 6e d4 38 41 18 08 43 2a 7c a0 b7 87 93 Aug 26 13:28:12.471140: | rsa signature 98 c7 85 a4 38 4d 39 12 f0 4f 0a 57 ea bc 80 d7 Aug 26 13:28:12.471142: | rsa signature 19 0e 5f b6 2e 4e b2 2a be 74 99 2d 14 84 f3 cd Aug 26 13:28:12.471145: | rsa signature c6 68 85 ae 0b f1 cf 36 78 98 a6 8b a8 95 6c 44 Aug 26 13:28:12.471147: | rsa signature 13 b3 35 fe 06 d5 d6 88 1c e4 e5 81 f1 06 6f 7e Aug 26 13:28:12.471149: | rsa signature 75 71 8c a5 21 8a 07 98 82 b3 8e 6d b6 a8 14 b9 Aug 26 13:28:12.471151: | rsa signature d4 69 cd 02 54 e6 4a c2 85 e4 22 da 70 f8 4d 31 Aug 26 13:28:12.471154: | rsa signature d1 09 e4 e7 be 8b 0a 91 a5 31 1d c6 82 ad de 0f Aug 26 13:28:12.471156: | rsa signature e8 15 c4 b1 33 e3 03 d5 6a 12 0e 96 a1 83 5b 6c Aug 26 13:28:12.471159: | rsa signature 24 84 17 03 85 a1 7a 05 39 83 d2 1f 87 c2 4e f3 Aug 26 13:28:12.471161: | rsa signature 1b d4 cd f8 16 37 4e c8 f1 05 2e 7d 4f 32 d8 d1 Aug 26 13:28:12.471164: | rsa signature b1 50 61 82 56 29 3d 6c c2 fa f0 29 61 d1 01 c6 Aug 26 13:28:12.471166: | rsa signature 55 49 82 e2 d9 e2 21 9a 8b e8 63 ba c6 73 ed de Aug 26 13:28:12.471169: | rsa signature dc 54 b6 41 31 4b 76 65 ee ea 34 fb 6e 4d e5 45 Aug 26 13:28:12.471171: | rsa signature da 7b 3c 61 1a 5a 20 9b 99 5f 83 f0 3e 09 b4 f1 Aug 26 13:28:12.471174: | rsa signature b3 f6 af bb 02 61 3d e4 df 68 8e 2c 5d 89 b3 64 Aug 26 13:28:12.471176: | rsa signature ea 29 83 26 c7 02 05 c2 4e ab ed 08 91 e6 0f d8 Aug 26 13:28:12.471179: | rsa signature 95 3a 3e b0 7f b3 38 60 b2 90 0d b1 27 87 86 7f Aug 26 13:28:12.471181: | rsa signature ac bb 5e c6 30 90 9c c3 e4 5a 63 41 bc ab 8c 58 Aug 26 13:28:12.471183: | rsa signature 82 d3 1e 32 e2 cf 15 4b 5a 25 c3 3c 80 23 6d 87 Aug 26 13:28:12.471188: | rsa signature ba 59 47 e3 b8 47 50 c2 b7 fb fe 5a 45 4b bd 6e Aug 26 13:28:12.471190: | rsa signature ab 70 c3 fa 36 91 9a 67 8e 88 c5 d8 dd d1 24 47 Aug 26 13:28:12.471191: | rsa signature 9d 5c 36 bf 70 00 67 70 99 6b 34 1c c9 6f 11 86 Aug 26 13:28:12.471193: | rsa signature 5e 53 5f 30 b7 76 df 46 f5 b6 af dd f1 2a 8a 73 Aug 26 13:28:12.471194: | rsa signature 38 32 6c 0b Aug 26 13:28:12.471199: | #1 spent 7.9 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:28:12.471201: | emitting length of IKEv2 Authentication Payload: 396 Aug 26 13:28:12.471205: | getting first pending from state #1 Aug 26 13:28:12.471241: | netlink_get_spi: allocated 0xc8ef6937 for esp.0@192.1.3.209 Aug 26 13:28:12.471249: | constructing ESP/AH proposals with all DH removed for road-east-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:28:12.471255: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:28:12.471260: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:28:12.471262: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:28:12.471264: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:28:12.471267: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:28:12.471270: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:12.471271: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:28:12.471274: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:12.471279: "road-east-ikev2": constructed local ESP/AH proposals for road-east-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:12.471299: | Emitting ikev2_proposals ... Aug 26 13:28:12.471306: | ****emit IKEv2 Security Association Payload: Aug 26 13:28:12.471310: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.471313: | flags: none (0x0) Aug 26 13:28:12.471316: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:28:12.471320: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.471322: | discarding INTEG=NONE Aug 26 13:28:12.471325: | discarding DH=NONE Aug 26 13:28:12.471327: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.471330: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471332: | prop #: 1 (0x1) Aug 26 13:28:12.471334: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:12.471337: | spi size: 4 (0x4) Aug 26 13:28:12.471343: | # transforms: 2 (0x2) Aug 26 13:28:12.471348: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.471351: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:12.471354: | our spi c8 ef 69 37 Aug 26 13:28:12.471357: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471360: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471363: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.471367: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:12.471371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471374: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.471377: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.471382: | length/value: 256 (0x100) Aug 26 13:28:12.471386: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.471389: | discarding INTEG=NONE Aug 26 13:28:12.471391: | discarding DH=NONE Aug 26 13:28:12.471394: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471398: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.471401: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:12.471404: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:12.471409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471417: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471420: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:28:12.471424: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.471427: | discarding INTEG=NONE Aug 26 13:28:12.471430: | discarding DH=NONE Aug 26 13:28:12.471432: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.471435: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471438: | prop #: 2 (0x2) Aug 26 13:28:12.471441: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:12.471443: | spi size: 4 (0x4) Aug 26 13:28:12.471446: | # transforms: 2 (0x2) Aug 26 13:28:12.471450: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471453: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.471457: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:12.471460: | our spi c8 ef 69 37 Aug 26 13:28:12.471462: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471468: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.471471: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:12.471474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471478: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.471481: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.471484: | length/value: 128 (0x80) Aug 26 13:28:12.471487: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.471489: | discarding INTEG=NONE Aug 26 13:28:12.471492: | discarding DH=NONE Aug 26 13:28:12.471495: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471498: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.471501: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:12.471503: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:12.471508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471515: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471518: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:28:12.471522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.471525: | discarding DH=NONE Aug 26 13:28:12.471528: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.471531: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471534: | prop #: 3 (0x3) Aug 26 13:28:12.471539: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:12.471543: | spi size: 4 (0x4) Aug 26 13:28:12.471545: | # transforms: 4 (0x4) Aug 26 13:28:12.471550: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471554: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.471558: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:12.471561: | our spi c8 ef 69 37 Aug 26 13:28:12.471563: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471569: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.471572: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:12.471576: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471579: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.471582: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.471585: | length/value: 256 (0x100) Aug 26 13:28:12.471588: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.471591: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471596: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.471599: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:12.471603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471614: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471633: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.471636: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:12.471640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471647: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471650: | discarding DH=NONE Aug 26 13:28:12.471654: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471657: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.471660: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:12.471663: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:12.471667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471678: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:28:12.471682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.471685: | discarding DH=NONE Aug 26 13:28:12.471688: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:12.471690: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:12.471693: | prop #: 4 (0x4) Aug 26 13:28:12.471696: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:12.471698: | spi size: 4 (0x4) Aug 26 13:28:12.471703: | # transforms: 4 (0x4) Aug 26 13:28:12.471707: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:12.471711: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:12.471715: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:12.471718: | our spi c8 ef 69 37 Aug 26 13:28:12.471721: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471727: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:12.471730: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:12.471734: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471738: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:12.471741: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:12.471744: | length/value: 128 (0x80) Aug 26 13:28:12.471747: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:12.471750: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471756: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.471760: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:12.471764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471771: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471774: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471781: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:12.471784: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:12.471788: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471795: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471798: | discarding DH=NONE Aug 26 13:28:12.471801: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:12.471804: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:12.471807: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:12.471810: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:12.471815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:12.471819: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:12.471822: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:12.471826: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:28:12.471829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:12.471833: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:28:12.471836: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:28:12.471840: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:28:12.471844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.471846: | flags: none (0x0) Aug 26 13:28:12.471851: | number of TS: 1 (0x1) Aug 26 13:28:12.471856: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:28:12.471860: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.471864: | *****emit IKEv2 Traffic Selector: Aug 26 13:28:12.471868: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:28:12.471871: | IP Protocol ID: 0 (0x0) Aug 26 13:28:12.471874: | start port: 0 (0x0) Aug 26 13:28:12.471878: | end port: 65535 (0xffff) Aug 26 13:28:12.471882: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:28:12.471885: | ipv4 start c0 01 03 d1 Aug 26 13:28:12.471889: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:28:12.471892: | ipv4 end c0 01 03 d1 Aug 26 13:28:12.471895: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:28:12.471898: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:28:12.471901: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:28:12.471904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.471906: | flags: none (0x0) Aug 26 13:28:12.471907: | number of TS: 1 (0x1) Aug 26 13:28:12.471909: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:28:12.471911: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:12.471913: | *****emit IKEv2 Traffic Selector: Aug 26 13:28:12.471915: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:28:12.471916: | IP Protocol ID: 0 (0x0) Aug 26 13:28:12.471918: | start port: 0 (0x0) Aug 26 13:28:12.471919: | end port: 65535 (0xffff) Aug 26 13:28:12.471921: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:28:12.471922: | ipv4 start c0 01 02 17 Aug 26 13:28:12.471924: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:28:12.471926: | ipv4 end c0 01 02 17 Aug 26 13:28:12.471927: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:28:12.471929: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:28:12.471931: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:28:12.471933: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:28:12.471934: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:12.471937: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:28:12.471939: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:28:12.471941: | emitting length of IKEv2 Encryption Payload: 671 Aug 26 13:28:12.471942: | emitting length of ISAKMP Message: 699 Aug 26 13:28:12.471946: | **parse ISAKMP Message: Aug 26 13:28:12.471948: | initiator cookie: Aug 26 13:28:12.471949: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.471951: | responder cookie: Aug 26 13:28:12.471952: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.471954: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:28:12.471956: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.471957: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:12.471959: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:12.471961: | Message ID: 1 (0x1) Aug 26 13:28:12.471962: | length: 699 (0x2bb) Aug 26 13:28:12.471964: | **parse IKEv2 Encryption Payload: Aug 26 13:28:12.471965: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:28:12.471967: | flags: none (0x0) Aug 26 13:28:12.471969: | length: 671 (0x29f) Aug 26 13:28:12.471970: | **emit ISAKMP Message: Aug 26 13:28:12.471972: | initiator cookie: Aug 26 13:28:12.471974: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.471976: | responder cookie: Aug 26 13:28:12.471977: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.471979: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:12.471981: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.471982: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:12.471984: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:12.471985: | Message ID: 1 (0x1) Aug 26 13:28:12.471987: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:12.471989: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:28:12.471991: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:28:12.471992: | flags: none (0x0) Aug 26 13:28:12.471994: | fragment number: 1 (0x1) Aug 26 13:28:12.471995: | total fragments: 2 (0x2) Aug 26 13:28:12.471997: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:28:12.471999: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:28:12.472001: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:28:12.472003: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:28:12.472011: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:28:12.472013: | cleartext fragment 27 00 00 22 02 00 00 00 72 6f 61 64 2e 74 65 73 Aug 26 13:28:12.472014: | cleartext fragment 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:28:12.472016: | cleartext fragment 72 67 21 00 01 8c 01 00 00 00 1c b8 ab 6e d4 38 Aug 26 13:28:12.472018: | cleartext fragment 41 18 08 43 2a 7c a0 b7 87 93 98 c7 85 a4 38 4d Aug 26 13:28:12.472019: | cleartext fragment 39 12 f0 4f 0a 57 ea bc 80 d7 19 0e 5f b6 2e 4e Aug 26 13:28:12.472021: | cleartext fragment b2 2a be 74 99 2d 14 84 f3 cd c6 68 85 ae 0b f1 Aug 26 13:28:12.472022: | cleartext fragment cf 36 78 98 a6 8b a8 95 6c 44 13 b3 35 fe 06 d5 Aug 26 13:28:12.472024: | cleartext fragment d6 88 1c e4 e5 81 f1 06 6f 7e 75 71 8c a5 21 8a Aug 26 13:28:12.472025: | cleartext fragment 07 98 82 b3 8e 6d b6 a8 14 b9 d4 69 cd 02 54 e6 Aug 26 13:28:12.472027: | cleartext fragment 4a c2 85 e4 22 da 70 f8 4d 31 d1 09 e4 e7 be 8b Aug 26 13:28:12.472028: | cleartext fragment 0a 91 a5 31 1d c6 82 ad de 0f e8 15 c4 b1 33 e3 Aug 26 13:28:12.472030: | cleartext fragment 03 d5 6a 12 0e 96 a1 83 5b 6c 24 84 17 03 85 a1 Aug 26 13:28:12.472031: | cleartext fragment 7a 05 39 83 d2 1f 87 c2 4e f3 1b d4 cd f8 16 37 Aug 26 13:28:12.472033: | cleartext fragment 4e c8 f1 05 2e 7d 4f 32 d8 d1 b1 50 61 82 56 29 Aug 26 13:28:12.472034: | cleartext fragment 3d 6c c2 fa f0 29 61 d1 01 c6 55 49 82 e2 d9 e2 Aug 26 13:28:12.472036: | cleartext fragment 21 9a 8b e8 63 ba c6 73 ed de dc 54 b6 41 31 4b Aug 26 13:28:12.472037: | cleartext fragment 76 65 ee ea 34 fb 6e 4d e5 45 da 7b 3c 61 1a 5a Aug 26 13:28:12.472039: | cleartext fragment 20 9b 99 5f 83 f0 3e 09 b4 f1 b3 f6 af bb 02 61 Aug 26 13:28:12.472040: | cleartext fragment 3d e4 df 68 8e 2c 5d 89 b3 64 ea 29 83 26 c7 02 Aug 26 13:28:12.472042: | cleartext fragment 05 c2 4e ab ed 08 91 e6 0f d8 95 3a 3e b0 7f b3 Aug 26 13:28:12.472044: | cleartext fragment 38 60 b2 90 0d b1 27 87 86 7f ac bb 5e c6 30 90 Aug 26 13:28:12.472045: | cleartext fragment 9c c3 e4 5a 63 41 bc ab 8c 58 82 d3 1e 32 e2 cf Aug 26 13:28:12.472047: | cleartext fragment 15 4b 5a 25 c3 3c 80 23 6d 87 ba 59 47 e3 b8 47 Aug 26 13:28:12.472048: | cleartext fragment 50 c2 b7 fb fe 5a 45 4b bd 6e ab 70 c3 fa 36 91 Aug 26 13:28:12.472050: | cleartext fragment 9a 67 8e 88 c5 d8 dd d1 24 47 9d 5c 36 bf 70 00 Aug 26 13:28:12.472051: | cleartext fragment 67 70 99 6b 34 1c c9 6f 11 86 5e 53 5f 30 b7 76 Aug 26 13:28:12.472053: | cleartext fragment df 46 f5 b6 af dd f1 2a 8a 73 38 32 6c 0b 2c 00 Aug 26 13:28:12.472055: | cleartext fragment 00 a4 02 00 00 20 01 03 04 02 c8 ef 69 37 03 00 Aug 26 13:28:12.472057: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 13:28:12.472058: | cleartext fragment 00 00 02 00 00 20 02 03 04 02 c8 ef 69 37 Aug 26 13:28:12.472060: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:12.472062: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:28:12.472064: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:28:12.472065: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:28:12.472067: | emitting length of ISAKMP Message: 539 Aug 26 13:28:12.472081: | **emit ISAKMP Message: Aug 26 13:28:12.472087: | initiator cookie: Aug 26 13:28:12.472090: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.472093: | responder cookie: Aug 26 13:28:12.472095: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.472098: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:12.472101: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.472104: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:12.472106: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:12.472109: | Message ID: 1 (0x1) Aug 26 13:28:12.472112: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:12.472115: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:28:12.472118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.472120: | flags: none (0x0) Aug 26 13:28:12.472123: | fragment number: 2 (0x2) Aug 26 13:28:12.472126: | total fragments: 2 (0x2) Aug 26 13:28:12.472129: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:28:12.472132: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:28:12.472134: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:28:12.472138: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:28:12.472143: | emitting 164 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:28:12.472146: | cleartext fragment 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 Aug 26 13:28:12.472149: | cleartext fragment 05 00 00 00 02 00 00 30 03 03 04 04 c8 ef 69 37 Aug 26 13:28:12.472152: | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:28:12.472155: | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 Aug 26 13:28:12.472158: | cleartext fragment 05 00 00 00 00 00 00 30 04 03 04 04 c8 ef 69 37 Aug 26 13:28:12.472161: | cleartext fragment 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 Aug 26 13:28:12.472165: | cleartext fragment 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 Aug 26 13:28:12.472167: | cleartext fragment 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 Aug 26 13:28:12.472170: | cleartext fragment 00 00 ff ff c0 01 03 d1 c0 01 03 d1 00 00 00 18 Aug 26 13:28:12.472172: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 02 17 Aug 26 13:28:12.472175: | cleartext fragment c0 01 02 17 Aug 26 13:28:12.472177: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:12.472181: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:28:12.472183: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:28:12.472186: | emitting length of IKEv2 Encrypted Fragment: 197 Aug 26 13:28:12.472188: | emitting length of ISAKMP Message: 225 Aug 26 13:28:12.472201: | suspend processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:12.472206: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:12.472212: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:28:12.472216: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:28:12.472219: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:28:12.472222: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:28:12.472228: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:28:12.472233: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:28:12.472239: "road-east-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:28:12.472252: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:28:12.472268: | sending fragments ... Aug 26 13:28:12.472276: | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:12.472279: | 95 d6 ea 5a 9f 11 a4 8c 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.472282: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:28:12.472285: | 00 01 00 02 25 6c 1c 26 27 4e 94 d8 92 c2 b7 42 Aug 26 13:28:12.472292: | 61 db 32 e4 8d 6e 01 2a 86 8e e0 f7 b4 53 37 27 Aug 26 13:28:12.472297: | b5 c0 34 29 75 d6 c1 0a 8c 0a 42 6a 69 22 92 ef Aug 26 13:28:12.472299: | 8d 4e da 54 f6 31 7a 19 bb bb 05 fc 59 8f 94 6f Aug 26 13:28:12.472302: | 00 16 d6 11 3c 18 91 46 cf 05 65 b8 6b 8b a0 c7 Aug 26 13:28:12.472304: | d0 9e 53 50 64 7c a3 f3 4a 08 30 cb 89 23 9b 8c Aug 26 13:28:12.472307: | 18 66 9c 07 a8 54 e8 b2 bd a0 76 a8 0b 68 81 e3 Aug 26 13:28:12.472309: | 05 0c 00 37 81 99 30 9c 8f 77 c5 a2 48 32 ac 7f Aug 26 13:28:12.472312: | 5d 0f d3 99 db 71 4b 40 10 66 c1 67 f4 de f6 1c Aug 26 13:28:12.472314: | 14 0b 53 dd 66 bb c0 f0 eb f5 9d cb 1e c9 95 d8 Aug 26 13:28:12.472317: | 26 e9 10 16 41 f9 79 53 3a fb a0 94 0d 81 65 fd Aug 26 13:28:12.472320: | ec 2c 08 72 62 2e cc 78 25 ab d0 c1 cc 5f d9 bf Aug 26 13:28:12.472335: | 3d ff 58 22 fa e2 a0 d6 0c d1 74 42 1d e0 4c f8 Aug 26 13:28:12.472337: | 31 06 93 87 4f ed ea 74 4b f7 46 a8 8f 51 a8 df Aug 26 13:28:12.472340: | df a5 1b 88 e4 af 41 86 14 72 22 e4 d0 59 08 7a Aug 26 13:28:12.472342: | 75 54 07 13 81 20 ba a3 6a ed 9a db 62 6e ce 4f Aug 26 13:28:12.472345: | fc ba 0b 11 35 d6 60 fd 1e 3e b6 94 f6 62 01 02 Aug 26 13:28:12.472348: | 42 01 34 71 9a 5b 79 62 e9 22 97 a8 a4 18 3e 65 Aug 26 13:28:12.472350: | 42 bc fa 78 e6 37 30 0f da 72 66 87 a3 cd 4e 25 Aug 26 13:28:12.472353: | 71 bc 30 7d 9d b4 28 66 dc a7 97 34 a3 6e 19 8b Aug 26 13:28:12.472355: | 79 15 77 a8 3d be 37 41 e4 16 c1 9c d2 76 d1 8d Aug 26 13:28:12.472358: | f5 be a2 0a d3 6c ef 9b 0b 4a 26 13 99 bc 2b 3e Aug 26 13:28:12.472361: | 3e c4 3b 2d 0b 13 ec d3 08 59 f8 e9 6c b7 2d df Aug 26 13:28:12.472363: | 7e 75 b8 1a 15 71 2b 8f 33 42 5d cd c6 bc 06 60 Aug 26 13:28:12.472366: | 59 b3 1d 85 c9 0b bc 62 55 72 79 c6 51 0e c7 ee Aug 26 13:28:12.472368: | 45 72 1e 98 67 bf cf c8 9f 3f 3d e5 08 fe 66 fd Aug 26 13:28:12.472371: | 85 cf 37 b5 96 75 8a bd 1f 4d f4 b2 a6 a1 93 01 Aug 26 13:28:12.472373: | de 09 3a 6b 4b ff b2 bf c0 cb f1 95 b8 0b d7 53 Aug 26 13:28:12.472376: | ef 27 3f 3b cc 96 d2 0e ce ed 75 1c 60 4e b2 bd Aug 26 13:28:12.472378: | d3 05 a7 79 2c fc bc 94 5d 4a eb 18 67 a7 87 a4 Aug 26 13:28:12.472381: | 3b 38 78 50 20 a8 0c 58 24 aa 29 b2 b6 3d 7f 03 Aug 26 13:28:12.472383: | bd 46 bd 1f d2 cb 4f 22 5a 0a a8 Aug 26 13:28:12.472456: | sending 225 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:12.472461: | 95 d6 ea 5a 9f 11 a4 8c 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.472465: | 35 20 23 08 00 00 00 01 00 00 00 e1 00 00 00 c5 Aug 26 13:28:12.472468: | 00 02 00 02 81 b8 0f 2f 5e 7d 7a 5c ec c5 cd b8 Aug 26 13:28:12.472470: | 3f 5e 58 8f c6 40 3f 87 c8 38 c5 22 cb d7 0e de Aug 26 13:28:12.472472: | 71 e6 f6 ae 06 09 52 e4 7b 78 51 a5 1c 1d 5c a3 Aug 26 13:28:12.472487: | b4 4e be ff 34 35 27 f7 ab 43 0f 22 aa 96 89 ca Aug 26 13:28:12.472489: | ae 7f 20 34 ba 60 72 e5 ff ef 78 0f 17 5c ea 74 Aug 26 13:28:12.472491: | 00 4e ee 56 b0 15 21 55 31 c8 82 c7 80 a0 ad d4 Aug 26 13:28:12.472494: | 8d b8 a4 57 06 65 83 c5 cf 2c 2a 16 d7 09 42 ee Aug 26 13:28:12.472510: | 2f 6e 0e 40 a4 8a d8 7d 2b 40 a0 0c 42 0f 64 d9 Aug 26 13:28:12.472513: | 98 de b8 56 b1 c4 b6 94 c6 bb d1 d1 f3 0b 9e 69 Aug 26 13:28:12.472515: | 81 a7 3f 0f 75 42 f6 bf 13 0a 55 24 10 b1 c6 9e Aug 26 13:28:12.472517: | 05 a9 d6 a0 95 d3 17 fb 51 d9 5e 29 78 83 8f 5d Aug 26 13:28:12.472519: | 3d bd 4f d9 24 e0 c4 cf 8f 4c 5b 96 92 59 a7 48 Aug 26 13:28:12.472521: | 4e Aug 26 13:28:12.472537: | sent 2 fragments Aug 26 13:28:12.472542: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=2000ms Aug 26 13:28:12.472558: "road-east-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:28:12.472580: | event_schedule: new EVENT_RETRANSMIT-pe@0x5571a50a4948 Aug 26 13:28:12.472584: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:28:12.472588: | libevent_malloc: new ptr-libevent@0x5571a50a49b8 size 128 Aug 26 13:28:12.472594: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11378.215033 Aug 26 13:28:12.472597: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:28:12.472602: | #1 spent 1.33 milliseconds Aug 26 13:28:12.472604: | #1 spent 9.46 milliseconds in resume sending helper answer Aug 26 13:28:12.472608: | stop processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:28:12.472611: | libevent_free: release ptr-libevent@0x7f75b8000f48 Aug 26 13:28:12.477067: | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:28:12.477088: | *received 65 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:28:12.477091: | 95 d6 ea 5a 9f 11 a4 8c 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.477093: | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 Aug 26 13:28:12.477095: | 39 a5 cc c5 eb 32 2e e5 5a e1 db 12 94 93 78 7e Aug 26 13:28:12.477096: | b8 f3 c2 7f f0 a2 0a 5c de e8 08 ce 54 22 86 21 Aug 26 13:28:12.477098: | 76 Aug 26 13:28:12.477101: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:28:12.477103: | **parse ISAKMP Message: Aug 26 13:28:12.477105: | initiator cookie: Aug 26 13:28:12.477107: | 95 d6 ea 5a 9f 11 a4 8c Aug 26 13:28:12.477108: | responder cookie: Aug 26 13:28:12.477110: | 89 42 bc e0 5a 03 c0 49 Aug 26 13:28:12.477112: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:28:12.477114: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:12.477115: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:12.477117: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:28:12.477119: | Message ID: 1 (0x1) Aug 26 13:28:12.477121: | length: 65 (0x41) Aug 26 13:28:12.477123: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:28:12.477125: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:28:12.477128: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:28:12.477133: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:28:12.477135: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:28:12.477138: | suspend processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:12.477143: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:12.477145: | #2 is idle Aug 26 13:28:12.477146: | #2 idle Aug 26 13:28:12.477148: | unpacking clear payload Aug 26 13:28:12.477149: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:28:12.477151: | ***parse IKEv2 Encryption Payload: Aug 26 13:28:12.477154: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:12.477157: | flags: none (0x0) Aug 26 13:28:12.477159: | length: 37 (0x25) Aug 26 13:28:12.477162: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:28:12.477164: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:28:12.477179: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:28:12.477182: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:12.477185: | **parse IKEv2 Notify Payload: Aug 26 13:28:12.477188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:12.477191: | flags: none (0x0) Aug 26 13:28:12.477194: | length: 8 (0x8) Aug 26 13:28:12.477196: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:12.477199: | SPI size: 0 (0x0) Aug 26 13:28:12.477202: | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) Aug 26 13:28:12.477205: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:28:12.477207: | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification Aug 26 13:28:12.477210: | Now let's proceed with state specific processing Aug 26 13:28:12.477212: | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification Aug 26 13:28:12.477217: "road-east-ikev2" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED Aug 26 13:28:12.477227: | pstats #1 ikev2.ike failed auth-failed Aug 26 13:28:12.477230: "road-east-ikev2" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack Aug 26 13:28:12.477236: | release_pending_whacks: state #2 fd@23 .st_dev=9 .st_ino=8886048 Aug 26 13:28:12.477241: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 13:28:12.477248: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 13:28:12.477252: | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@23 Aug 26 13:28:12.477256: | libevent_free: release ptr-libevent@0x5571a50a49b8 Aug 26 13:28:12.477260: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5571a50a4948 Aug 26 13:28:12.477263: | event_schedule: new EVENT_RETRANSMIT-pe@0x5571a50a4948 Aug 26 13:28:12.477267: | inserting event EVENT_RETRANSMIT, timeout in 59.995311 seconds for #2 Aug 26 13:28:12.477270: | libevent_malloc: new ptr-libevent@0x7f75b8000f48 size 128 Aug 26 13:28:12.477274: "road-east-ikev2" #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.995311 seconds for retry Aug 26 13:28:12.477280: | #2 spent 0.0622 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() Aug 26 13:28:12.477285: | [RE]START processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:12.477293: | #2 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE Aug 26 13:28:12.477300: | stop processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:28:12.477305: | #1 spent 0.22 milliseconds in ikev2_process_packet() Aug 26 13:28:12.477309: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:28:12.477313: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:28:12.477316: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:28:12.477321: | spent 0.235 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:28:15.748655: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:15.748677: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:28:15.748681: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:15.748687: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:15.748693: | spent 0.183 milliseconds in whack Aug 26 13:28:16.898325: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:16.898370: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:16.898376: | spent 0.0588 milliseconds in whack Aug 26 13:28:16.953834: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:16.953854: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:28:16.953858: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:16.953866: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:16.953873: | spent 0.0449 milliseconds in whack Aug 26 13:28:17.064462: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:17.064868: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:28:17.064874: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:28:17.064917: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:28:17.064920: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:17.064936: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:17.064942: | spent 0.488 milliseconds in whack Aug 26 13:28:18.120232: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:18.120252: shutting down Aug 26 13:28:18.120259: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:28:18.120262: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:18.120263: forgetting secrets Aug 26 13:28:18.120268: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:18.120271: | unreference key: 0x5571a50a4858 @road.testing.libreswan.org cnt 1-- Aug 26 13:28:18.120275: | start processing: connection "road-east-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:28:18.120280: | close_any(fd@23) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) Aug 26 13:28:18.120281: | removing pending policy for no connection {0x5571a50953f8} Aug 26 13:28:18.120284: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:28:18.120285: | pass 0 Aug 26 13:28:18.120287: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:28:18.120305: | state #2 Aug 26 13:28:18.120308: | suspend processing: connection "road-east-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:18.120312: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:18.120314: | pstats #2 ikev2.child deleted other Aug 26 13:28:18.120319: | #2 spent 0.0622 milliseconds in total Aug 26 13:28:18.120322: | [RE]START processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:28:18.120326: "road-east-ikev2" #2: deleting state (STATE_PARENT_I2) aged 5.657s and NOT sending notification Aug 26 13:28:18.120330: | child state #2: PARENT_I2(open IKE SA) => delete Aug 26 13:28:18.120334: | child state #2: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) Aug 26 13:28:18.120337: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:28:18.120339: | #2 STATE_CHILDSA_DEL: retransmits: cleared Aug 26 13:28:18.120343: | libevent_free: release ptr-libevent@0x7f75b8000f48 Aug 26 13:28:18.120345: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5571a50a4948 Aug 26 13:28:18.120349: | priority calculation of connection "road-east-ikev2" is 0xfdfdf Aug 26 13:28:18.120354: | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 13:28:18.120370: | raw_eroute result=success Aug 26 13:28:18.120374: | stop processing: connection "road-east-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:28:18.120376: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:28:18.120378: | in connection_discard for connection road-east-ikev2 Aug 26 13:28:18.120380: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:28:18.120382: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:28:18.120385: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:28:18.120391: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:28:18.120394: | state #1 Aug 26 13:28:18.120397: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:18.120399: | pstats #1 ikev2.ike deleted auth-failed Aug 26 13:28:18.120402: | #1 spent 17.5 milliseconds in total Aug 26 13:28:18.120405: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:28:18.120407: "road-east-ikev2" #1: deleting state (STATE_PARENT_I2) aged 5.668s and NOT sending notification Aug 26 13:28:18.120409: | parent state #1: PARENT_I2(open IKE SA) => delete Aug 26 13:28:18.120411: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:28:18.120413: | libevent_free: release ptr-libevent@0x7f75c0002888 Aug 26 13:28:18.120415: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5571a5358f88 Aug 26 13:28:18.120417: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:28:18.120419: | picked newest_isakmp_sa #0 for #1 Aug 26 13:28:18.120421: "road-east-ikev2" #1: deleting IKE SA for connection 'road-east-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:28:18.120423: | add revival: connection 'road-east-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:28:18.120425: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:28:18.120428: | in connection_discard for connection road-east-ikev2 Aug 26 13:28:18.120430: | State DB: deleting IKEv2 state #1 in PARENT_I2 Aug 26 13:28:18.120432: | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) Aug 26 13:28:18.120449: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:28:18.120461: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:28:18.120463: | pass 1 Aug 26 13:28:18.120464: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:28:18.120467: | free hp@0x5571a50a4778 Aug 26 13:28:18.120469: | flush revival: connection 'road-east-ikev2' revival flushed Aug 26 13:28:18.120471: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:28:18.120477: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:28:18.120480: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:28:18.120487: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:28:18.120491: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:28:18.120493: shutting down interface eth0/eth0 192.1.3.209:4500 Aug 26 13:28:18.120495: shutting down interface eth0/eth0 192.1.3.209:500 Aug 26 13:28:18.120498: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:28:18.120503: | libevent_free: release ptr-libevent@0x5571a5096078 Aug 26 13:28:18.120505: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1e48 Aug 26 13:28:18.120514: | libevent_free: release ptr-libevent@0x5571a5058198 Aug 26 13:28:18.120516: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1ef8 Aug 26 13:28:18.120521: | libevent_free: release ptr-libevent@0x5571a50593c8 Aug 26 13:28:18.120522: | free_event_entry: release EVENT_NULL-pe@0x5571a50a1fa8 Aug 26 13:28:18.120527: | libevent_free: release ptr-libevent@0x5571a5052dc8 Aug 26 13:28:18.120529: | free_event_entry: release EVENT_NULL-pe@0x5571a50a2058 Aug 26 13:28:18.120535: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:28:18.120902: | libevent_free: release ptr-libevent@0x5571a5096128 Aug 26 13:28:18.120910: | free_event_entry: release EVENT_NULL-pe@0x5571a508a1c8 Aug 26 13:28:18.120914: | libevent_free: release ptr-libevent@0x5571a50580e8 Aug 26 13:28:18.120916: | free_event_entry: release EVENT_NULL-pe@0x5571a5089d28 Aug 26 13:28:18.120919: | libevent_free: release ptr-libevent@0x5571a50827c8 Aug 26 13:28:18.120920: | free_event_entry: release EVENT_NULL-pe@0x5571a5083fb8 Aug 26 13:28:18.120923: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:28:18.120924: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:28:18.120926: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:28:18.120928: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:28:18.120929: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:28:18.120931: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:28:18.120932: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:28:18.120934: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:28:18.120935: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:28:18.120940: | libevent_free: release ptr-libevent@0x5571a4fe5a08 Aug 26 13:28:18.120941: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:28:18.120944: | libevent_free: release ptr-libevent@0x5571a50a1788 Aug 26 13:28:18.120945: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:28:18.120947: | libevent_free: release ptr-libevent@0x5571a50a1898 Aug 26 13:28:18.120949: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:28:18.120951: | libevent_free: release ptr-libevent@0x5571a50a1ad8 Aug 26 13:28:18.120953: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:28:18.120954: | releasing event base Aug 26 13:28:18.120964: | libevent_free: release ptr-libevent@0x5571a50a19a8 Aug 26 13:28:18.120966: | libevent_free: release ptr-libevent@0x5571a50845e8 Aug 26 13:28:18.120969: | libevent_free: release ptr-libevent@0x5571a5084598 Aug 26 13:28:18.120971: | libevent_free: release ptr-libevent@0x5571a50531c8 Aug 26 13:28:18.120972: | libevent_free: release ptr-libevent@0x5571a5084558 Aug 26 13:28:18.120974: | libevent_free: release ptr-libevent@0x5571a50a1438 Aug 26 13:28:18.120976: | libevent_free: release ptr-libevent@0x5571a50a1708 Aug 26 13:28:18.120978: | libevent_free: release ptr-libevent@0x5571a5084798 Aug 26 13:28:18.120979: | libevent_free: release ptr-libevent@0x5571a50899b8 Aug 26 13:28:18.120981: | libevent_free: release ptr-libevent@0x5571a508a2d8 Aug 26 13:28:18.120982: | libevent_free: release ptr-libevent@0x5571a5359228 Aug 26 13:28:18.120984: | libevent_free: release ptr-libevent@0x5571a50a20c8 Aug 26 13:28:18.120986: | libevent_free: release ptr-libevent@0x5571a50a2018 Aug 26 13:28:18.120987: | libevent_free: release ptr-libevent@0x5571a50a1f68 Aug 26 13:28:18.120989: | libevent_free: release ptr-libevent@0x5571a50a1eb8 Aug 26 13:28:18.120990: | libevent_free: release ptr-libevent@0x5571a5358f48 Aug 26 13:28:18.120992: | libevent_free: release ptr-libevent@0x5571a53572c8 Aug 26 13:28:18.120994: | libevent_free: release ptr-libevent@0x5571a4fe4cb8 Aug 26 13:28:18.120995: | libevent_free: release ptr-libevent@0x5571a50a1858 Aug 26 13:28:18.120997: | libevent_free: release ptr-libevent@0x5571a50a1748 Aug 26 13:28:18.120998: | libevent_free: release ptr-libevent@0x5571a50a1608 Aug 26 13:28:18.121000: | libevent_free: release ptr-libevent@0x5571a50a1968 Aug 26 13:28:18.121002: | libevent_free: release ptr-libevent@0x5571a50a14d8 Aug 26 13:28:18.121003: | libevent_free: release ptr-libevent@0x5571a5054348 Aug 26 13:28:18.121005: | libevent_free: release ptr-libevent@0x5571a50542c8 Aug 26 13:28:18.121007: | libevent_free: release ptr-libevent@0x5571a4fe5028 Aug 26 13:28:18.121008: | releasing global libevent data Aug 26 13:28:18.121010: | libevent_free: release ptr-libevent@0x5571a50529f8 Aug 26 13:28:18.121012: | libevent_free: release ptr-libevent@0x5571a5054448 Aug 26 13:28:18.121016: | libevent_free: release ptr-libevent@0x5571a50543c8 Aug 26 13:28:18.121140: leak detective found no leaks