Aug 26 13:28:14.363272: FIPS Product: YES Aug 26 13:28:14.363440: FIPS Kernel: NO Aug 26 13:28:14.363444: FIPS Mode: NO Aug 26 13:28:14.363447: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:28:14.363616: Initializing NSS Aug 26 13:28:14.363625: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:28:14.398879: NSS initialized Aug 26 13:28:14.398896: NSS crypto library initialized Aug 26 13:28:14.398900: FIPS HMAC integrity support [enabled] Aug 26 13:28:14.398902: FIPS mode disabled for pluto daemon Aug 26 13:28:14.433038: FIPS HMAC integrity verification self-test FAILED Aug 26 13:28:14.433419: libcap-ng support [enabled] Aug 26 13:28:14.433429: Linux audit support [enabled] Aug 26 13:28:14.433658: Linux audit activated Aug 26 13:28:14.433661: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18888 Aug 26 13:28:14.433663: core dump dir: /tmp Aug 26 13:28:14.433665: secrets file: /etc/ipsec.secrets Aug 26 13:28:14.433666: leak-detective enabled Aug 26 13:28:14.433668: NSS crypto [enabled] Aug 26 13:28:14.433669: XAUTH PAM support [enabled] Aug 26 13:28:14.433725: | libevent is using pluto's memory allocator Aug 26 13:28:14.433731: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:28:14.433742: | libevent_malloc: new ptr-libevent@0x561fb40c35c8 size 40 Aug 26 13:28:14.433748: | libevent_malloc: new ptr-libevent@0x561fb4097cd8 size 40 Aug 26 13:28:14.433750: | libevent_malloc: new ptr-libevent@0x561fb4097dd8 size 40 Aug 26 13:28:14.433752: | creating event base Aug 26 13:28:14.433754: | libevent_malloc: new ptr-libevent@0x561fb411c4d8 size 56 Aug 26 13:28:14.433757: | libevent_malloc: new ptr-libevent@0x561fb40c08c8 size 664 Aug 26 13:28:14.433765: | libevent_malloc: new ptr-libevent@0x561fb411c548 size 24 Aug 26 13:28:14.433767: | libevent_malloc: new ptr-libevent@0x561fb411c598 size 384 Aug 26 13:28:14.433774: | libevent_malloc: new ptr-libevent@0x561fb411c498 size 16 Aug 26 13:28:14.433776: | libevent_malloc: new ptr-libevent@0x561fb4097908 size 40 Aug 26 13:28:14.433778: | libevent_malloc: new ptr-libevent@0x561fb4097d38 size 48 Aug 26 13:28:14.433781: | libevent_realloc: new ptr-libevent@0x561fb40c0558 size 256 Aug 26 13:28:14.433783: | libevent_malloc: new ptr-libevent@0x561fb411c748 size 16 Aug 26 13:28:14.433787: | libevent_free: release ptr-libevent@0x561fb411c4d8 Aug 26 13:28:14.433790: | libevent initialized Aug 26 13:28:14.433792: | libevent_realloc: new ptr-libevent@0x561fb411c4d8 size 64 Aug 26 13:28:14.433795: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:28:14.433806: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:28:14.433807: NAT-Traversal support [enabled] Aug 26 13:28:14.433809: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:28:14.433814: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:28:14.433819: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:28:14.433848: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:28:14.433850: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:28:14.433852: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:28:14.433885: Encryption algorithms: Aug 26 13:28:14.433891: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:28:14.433894: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:28:14.433896: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:28:14.433898: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:28:14.433900: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:28:14.433906: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:28:14.433909: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:28:14.433911: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:28:14.433913: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:28:14.433915: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:28:14.433917: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:28:14.433919: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:28:14.433922: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:28:14.433924: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:28:14.433926: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:28:14.433928: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:28:14.433930: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:28:14.433934: Hash algorithms: Aug 26 13:28:14.433936: MD5 IKEv1: IKE IKEv2: Aug 26 13:28:14.433938: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:28:14.433940: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:28:14.433942: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:28:14.433944: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:28:14.433952: PRF algorithms: Aug 26 13:28:14.433954: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:28:14.433956: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:28:14.433958: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:28:14.433960: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:28:14.433962: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:28:14.433964: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:28:14.433980: Integrity algorithms: Aug 26 13:28:14.433982: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:28:14.433984: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:28:14.433987: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:28:14.433989: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:28:14.433991: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:28:14.433993: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:28:14.433995: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:28:14.433997: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:28:14.433999: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:28:14.434007: DH algorithms: Aug 26 13:28:14.434009: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:28:14.434011: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:28:14.434013: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:28:14.434016: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:28:14.434018: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:28:14.434020: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:28:14.434021: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:28:14.434023: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:28:14.434025: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:28:14.434027: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:28:14.434029: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:28:14.434031: testing CAMELLIA_CBC: Aug 26 13:28:14.434033: Camellia: 16 bytes with 128-bit key Aug 26 13:28:14.434125: Camellia: 16 bytes with 128-bit key Aug 26 13:28:14.434145: Camellia: 16 bytes with 256-bit key Aug 26 13:28:14.434163: Camellia: 16 bytes with 256-bit key Aug 26 13:28:14.434180: testing AES_GCM_16: Aug 26 13:28:14.434183: empty string Aug 26 13:28:14.434204: one block Aug 26 13:28:14.434220: two blocks Aug 26 13:28:14.434236: two blocks with associated data Aug 26 13:28:14.434253: testing AES_CTR: Aug 26 13:28:14.434255: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:28:14.434271: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:28:14.434308: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:28:14.434332: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:28:14.434365: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:28:14.434382: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:28:14.434399: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:28:14.434415: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:28:14.434434: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:28:14.434451: testing AES_CBC: Aug 26 13:28:14.434453: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:28:14.434469: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:28:14.434487: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:28:14.434505: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:28:14.434525: testing AES_XCBC: Aug 26 13:28:14.434527: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:28:14.434602: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:28:14.434682: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:28:14.434756: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:28:14.434831: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:28:14.434907: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:28:14.434983: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:28:14.435152: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:28:14.435229: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:28:14.435367: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:28:14.435517: testing HMAC_MD5: Aug 26 13:28:14.435520: RFC 2104: MD5_HMAC test 1 Aug 26 13:28:14.435629: RFC 2104: MD5_HMAC test 2 Aug 26 13:28:14.435724: RFC 2104: MD5_HMAC test 3 Aug 26 13:28:14.435901: 8 CPU cores online Aug 26 13:28:14.435906: starting up 7 crypto helpers Aug 26 13:28:14.435941: started thread for crypto helper 0 Aug 26 13:28:14.435947: | starting up helper thread 0 Aug 26 13:28:14.435958: started thread for crypto helper 1 Aug 26 13:28:14.435963: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:28:14.435965: | starting up helper thread 1 Aug 26 13:28:14.435965: | crypto helper 0 waiting (nothing to do) Aug 26 13:28:14.435981: | starting up helper thread 2 Aug 26 13:28:14.435977: started thread for crypto helper 2 Aug 26 13:28:14.435982: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:28:14.436009: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:28:14.436015: | crypto helper 1 waiting (nothing to do) Aug 26 13:28:14.436040: | crypto helper 2 waiting (nothing to do) Aug 26 13:28:14.436045: started thread for crypto helper 3 Aug 26 13:28:14.436047: | starting up helper thread 3 Aug 26 13:28:14.436054: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:28:14.436057: | crypto helper 3 waiting (nothing to do) Aug 26 13:28:14.436064: started thread for crypto helper 4 Aug 26 13:28:14.436065: | starting up helper thread 4 Aug 26 13:28:14.436070: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:28:14.436073: | crypto helper 4 waiting (nothing to do) Aug 26 13:28:14.436083: started thread for crypto helper 5 Aug 26 13:28:14.436086: | starting up helper thread 5 Aug 26 13:28:14.436099: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:28:14.436102: | crypto helper 5 waiting (nothing to do) Aug 26 13:28:14.436111: started thread for crypto helper 6 Aug 26 13:28:14.436112: | starting up helper thread 6 Aug 26 13:28:14.436115: | checking IKEv1 state table Aug 26 13:28:14.436118: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:28:14.436120: | crypto helper 6 waiting (nothing to do) Aug 26 13:28:14.436125: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436128: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:28:14.436131: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436134: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:28:14.436137: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:28:14.436139: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:28:14.436142: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:14.436144: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:14.436147: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:28:14.436149: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:28:14.436151: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:14.436154: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:28:14.436157: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:28:14.436159: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:14.436161: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:14.436164: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:28:14.436167: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:28:14.436169: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:14.436171: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:14.436174: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:28:14.436176: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:28:14.436179: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436182: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:28:14.436184: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436187: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436189: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:28:14.436192: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436195: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:28:14.436197: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:28:14.436200: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:28:14.436202: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:28:14.436205: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:28:14.436207: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:28:14.436210: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436213: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:28:14.436215: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436218: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:28:14.436220: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:28:14.436226: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:28:14.436229: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:28:14.436232: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:28:14.436234: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:28:14.436237: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:28:14.436240: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436242: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:28:14.436245: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436247: | INFO: category: informational flags: 0: Aug 26 13:28:14.436250: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436253: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:28:14.436255: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436258: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:28:14.436260: | -> XAUTH_R1 EVENT_NULL Aug 26 13:28:14.436263: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:28:14.436266: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:28:14.436268: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:28:14.436271: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:28:14.436274: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:28:14.436276: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:28:14.436279: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:28:14.436281: | -> UNDEFINED EVENT_NULL Aug 26 13:28:14.436284: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:28:14.436286: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:28:14.436313: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:28:14.436316: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:28:14.436319: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:28:14.436321: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:28:14.436327: | checking IKEv2 state table Aug 26 13:28:14.436334: | PARENT_I0: category: ignore flags: 0: Aug 26 13:28:14.436350: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:28:14.436353: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436356: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:28:14.436358: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:28:14.436361: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:28:14.436364: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:28:14.436367: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:28:14.436370: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:28:14.436373: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:28:14.436375: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:28:14.436378: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:28:14.436381: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:28:14.436384: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:28:14.436386: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:28:14.436389: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:28:14.436392: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436395: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:28:14.436397: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:28:14.436400: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:28:14.436403: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:28:14.436406: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:28:14.436409: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:28:14.436414: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:28:14.436417: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:28:14.436419: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:28:14.436422: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:28:14.436425: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:28:14.436428: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:28:14.436431: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:28:14.436433: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:28:14.436436: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:28:14.436439: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:28:14.436442: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:28:14.436445: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:28:14.436448: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:28:14.436451: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:28:14.436454: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:28:14.436456: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:28:14.436459: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:28:14.436462: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:28:14.436465: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:28:14.436468: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:28:14.436471: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:28:14.436474: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:28:14.436477: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:28:14.436480: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:28:14.436493: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:28:14.436890: | Hard-wiring algorithms Aug 26 13:28:14.436894: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:28:14.436898: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:28:14.436901: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:28:14.436903: | adding 3DES_CBC to kernel algorithm db Aug 26 13:28:14.436906: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:28:14.436908: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:28:14.436911: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:28:14.436914: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:28:14.436916: | adding AES_CTR to kernel algorithm db Aug 26 13:28:14.436919: | adding AES_CBC to kernel algorithm db Aug 26 13:28:14.436921: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:28:14.436924: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:28:14.436927: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:28:14.436929: | adding NULL to kernel algorithm db Aug 26 13:28:14.436932: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:28:14.436935: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:28:14.436937: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:28:14.436940: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:28:14.436942: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:28:14.436945: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:28:14.436947: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:28:14.436950: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:28:14.436952: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:28:14.436955: | adding NONE to kernel algorithm db Aug 26 13:28:14.436978: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:28:14.436984: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:28:14.436987: | setup kernel fd callback Aug 26 13:28:14.436990: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561fb41211a8 Aug 26 13:28:14.436995: | libevent_malloc: new ptr-libevent@0x561fb4105638 size 128 Aug 26 13:28:14.436999: | libevent_malloc: new ptr-libevent@0x561fb41212b8 size 16 Aug 26 13:28:14.437005: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561fb4121ce8 Aug 26 13:28:14.437008: | libevent_malloc: new ptr-libevent@0x561fb40c3818 size 128 Aug 26 13:28:14.437011: | libevent_malloc: new ptr-libevent@0x561fb4121ca8 size 16 Aug 26 13:28:14.437261: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:28:14.437270: selinux support is enabled. Aug 26 13:28:14.437983: | unbound context created - setting debug level to 5 Aug 26 13:28:14.438015: | /etc/hosts lookups activated Aug 26 13:28:14.438030: | /etc/resolv.conf usage activated Aug 26 13:28:14.438098: | outgoing-port-avoid set 0-65535 Aug 26 13:28:14.438130: | outgoing-port-permit set 32768-60999 Aug 26 13:28:14.438134: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:28:14.438143: | Added contents of trusted key file /testing/baseconfigs/all/etc/bind/keys/testing.key to unbound resolver context Aug 26 13:28:14.438147: | Setting up events, loop start Aug 26 13:28:14.438151: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561fb4121d58 Aug 26 13:28:14.438154: | libevent_malloc: new ptr-libevent@0x561fb412df68 size 128 Aug 26 13:28:14.438158: | libevent_malloc: new ptr-libevent@0x561fb4139278 size 16 Aug 26 13:28:14.438164: | libevent_realloc: new ptr-libevent@0x561fb4139318 size 256 Aug 26 13:28:14.438168: | libevent_malloc: new ptr-libevent@0x561fb4139448 size 8 Aug 26 13:28:14.438171: | libevent_realloc: new ptr-libevent@0x561fb4139488 size 144 Aug 26 13:28:14.438174: | libevent_malloc: new ptr-libevent@0x561fb40c1428 size 152 Aug 26 13:28:14.438178: | libevent_malloc: new ptr-libevent@0x561fb4139548 size 16 Aug 26 13:28:14.438183: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:28:14.438186: | libevent_malloc: new ptr-libevent@0x561fb4139588 size 8 Aug 26 13:28:14.438189: | libevent_malloc: new ptr-libevent@0x561fb40cca58 size 152 Aug 26 13:28:14.438192: | signal event handler PLUTO_SIGTERM installed Aug 26 13:28:14.438195: | libevent_malloc: new ptr-libevent@0x561fb41395c8 size 8 Aug 26 13:28:14.438199: | libevent_malloc: new ptr-libevent@0x561fb40c48b8 size 152 Aug 26 13:28:14.438202: | signal event handler PLUTO_SIGHUP installed Aug 26 13:28:14.438205: | libevent_malloc: new ptr-libevent@0x561fb4139608 size 8 Aug 26 13:28:14.438208: | libevent_realloc: release ptr-libevent@0x561fb4139488 Aug 26 13:28:14.438211: | libevent_realloc: new ptr-libevent@0x561fb4139648 size 256 Aug 26 13:28:14.438214: | libevent_malloc: new ptr-libevent@0x561fb4139778 size 152 Aug 26 13:28:14.438217: | signal event handler PLUTO_SIGSYS installed Aug 26 13:28:14.438608: | created addconn helper (pid:19052) using fork+execve Aug 26 13:28:14.438624: | forked child 19052 Aug 26 13:28:14.438674: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.439077: listening for IKE messages Aug 26 13:28:14.439534: | Inspecting interface lo Aug 26 13:28:14.439546: | found lo with address 127.0.0.1 Aug 26 13:28:14.439549: | Inspecting interface eth0 Aug 26 13:28:14.439553: | found eth0 with address 192.1.3.209 Aug 26 13:28:14.439667: Kernel supports NIC esp-hw-offload Aug 26 13:28:14.439682: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Aug 26 13:28:14.439741: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:28:14.439745: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:28:14.439748: adding interface eth0/eth0 192.1.3.209:4500 Aug 26 13:28:14.439766: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:28:14.439792: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:28:14.439809: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:28:14.439812: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:28:14.439903: | no interfaces to sort Aug 26 13:28:14.439920: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:28:14.439929: | add_fd_read_event_handler: new ethX-pe@0x561fb4139ae8 Aug 26 13:28:14.439932: | libevent_malloc: new ptr-libevent@0x561fb412deb8 size 128 Aug 26 13:28:14.439937: | libevent_malloc: new ptr-libevent@0x561fb4139b58 size 16 Aug 26 13:28:14.439944: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:28:14.439947: | add_fd_read_event_handler: new ethX-pe@0x561fb4139b98 Aug 26 13:28:14.439951: | libevent_malloc: new ptr-libevent@0x561fb40c34b8 size 128 Aug 26 13:28:14.439954: | libevent_malloc: new ptr-libevent@0x561fb4139c08 size 16 Aug 26 13:28:14.439959: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:28:14.439962: | add_fd_read_event_handler: new ethX-pe@0x561fb4139c48 Aug 26 13:28:14.439965: | libevent_malloc: new ptr-libevent@0x561fb40c3f38 size 128 Aug 26 13:28:14.439967: | libevent_malloc: new ptr-libevent@0x561fb4139cb8 size 16 Aug 26 13:28:14.439973: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:28:14.439975: | add_fd_read_event_handler: new ethX-pe@0x561fb4139cf8 Aug 26 13:28:14.439979: | libevent_malloc: new ptr-libevent@0x561fb40c47e8 size 128 Aug 26 13:28:14.439982: | libevent_malloc: new ptr-libevent@0x561fb4139d68 size 16 Aug 26 13:28:14.439987: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:28:14.439992: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:14.439995: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:14.440011: loading secrets from "/etc/ipsec.secrets" Aug 26 13:28:14.440028: | saving Modulus Aug 26 13:28:14.440033: | saving PublicExponent Aug 26 13:28:14.440037: | ignoring PrivateExponent Aug 26 13:28:14.440041: | ignoring Prime1 Aug 26 13:28:14.440044: | ignoring Prime2 Aug 26 13:28:14.440047: | ignoring Exponent1 Aug 26 13:28:14.440051: | ignoring Exponent2 Aug 26 13:28:14.440054: | ignoring Coefficient Aug 26 13:28:14.440057: | ignoring CKAIDNSS Aug 26 13:28:14.440095: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:28:14.440098: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:28:14.440102: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:28:14.440109: | certs and keys locked by 'process_secret' Aug 26 13:28:14.440112: | certs and keys unlocked by 'process_secret' Aug 26 13:28:14.440122: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.440130: | spent 1.46 milliseconds in whack Aug 26 13:28:14.459954: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.459976: listening for IKE messages Aug 26 13:28:14.460008: | Inspecting interface lo Aug 26 13:28:14.460015: | found lo with address 127.0.0.1 Aug 26 13:28:14.460019: | Inspecting interface eth0 Aug 26 13:28:14.460024: | found eth0 with address 192.1.3.209 Aug 26 13:28:14.460450: | no interfaces to sort Aug 26 13:28:14.460463: | libevent_free: release ptr-libevent@0x561fb412deb8 Aug 26 13:28:14.460467: | free_event_entry: release EVENT_NULL-pe@0x561fb4139ae8 Aug 26 13:28:14.460471: | add_fd_read_event_handler: new ethX-pe@0x561fb4139ae8 Aug 26 13:28:14.460475: | libevent_malloc: new ptr-libevent@0x561fb412deb8 size 128 Aug 26 13:28:14.460482: | setup callback for interface lo 127.0.0.1:4500 fd 20 Aug 26 13:28:14.460486: | libevent_free: release ptr-libevent@0x561fb40c34b8 Aug 26 13:28:14.460489: | free_event_entry: release EVENT_NULL-pe@0x561fb4139b98 Aug 26 13:28:14.460492: | add_fd_read_event_handler: new ethX-pe@0x561fb4139b98 Aug 26 13:28:14.460495: | libevent_malloc: new ptr-libevent@0x561fb40c34b8 size 128 Aug 26 13:28:14.460500: | setup callback for interface lo 127.0.0.1:500 fd 19 Aug 26 13:28:14.460509: | libevent_free: release ptr-libevent@0x561fb40c3f38 Aug 26 13:28:14.460512: | free_event_entry: release EVENT_NULL-pe@0x561fb4139c48 Aug 26 13:28:14.460515: | add_fd_read_event_handler: new ethX-pe@0x561fb4139c48 Aug 26 13:28:14.460518: | libevent_malloc: new ptr-libevent@0x561fb40c3f38 size 128 Aug 26 13:28:14.460524: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Aug 26 13:28:14.460527: | libevent_free: release ptr-libevent@0x561fb40c47e8 Aug 26 13:28:14.460530: | free_event_entry: release EVENT_NULL-pe@0x561fb4139cf8 Aug 26 13:28:14.460533: | add_fd_read_event_handler: new ethX-pe@0x561fb4139cf8 Aug 26 13:28:14.460536: | libevent_malloc: new ptr-libevent@0x561fb40c47e8 size 128 Aug 26 13:28:14.460541: | setup callback for interface eth0 192.1.3.209:500 fd 17 Aug 26 13:28:14.460545: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:14.460547: forgetting secrets Aug 26 13:28:14.460557: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:14.460570: loading secrets from "/etc/ipsec.secrets" Aug 26 13:28:14.460585: | saving Modulus Aug 26 13:28:14.460588: | saving PublicExponent Aug 26 13:28:14.460592: | ignoring PrivateExponent Aug 26 13:28:14.460596: | ignoring Prime1 Aug 26 13:28:14.460599: | ignoring Prime2 Aug 26 13:28:14.460602: | ignoring Exponent1 Aug 26 13:28:14.460606: | ignoring Exponent2 Aug 26 13:28:14.460609: | ignoring Coefficient Aug 26 13:28:14.460612: | ignoring CKAIDNSS Aug 26 13:28:14.460637: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:28:14.460641: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:28:14.460644: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:28:14.460651: | certs and keys locked by 'process_secret' Aug 26 13:28:14.460653: | certs and keys unlocked by 'process_secret' Aug 26 13:28:14.460661: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.460668: | spent 0.72 milliseconds in whack Aug 26 13:28:14.461081: | processing signal PLUTO_SIGCHLD Aug 26 13:28:14.461092: | waitpid returned pid 19052 (exited with status 0) Aug 26 13:28:14.461095: | reaped addconn helper child (status 0) Aug 26 13:28:14.461100: | waitpid returned ECHILD (no child processes left) Aug 26 13:28:14.461105: | spent 0.0179 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:28:14.520563: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.520587: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:14.520589: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:28:14.520591: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:14.520593: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:28:14.520596: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:14.520602: | Added new connection road-east-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:28:14.520604: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:28:14.520644: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:28:14.520647: | from whack: got --esp= Aug 26 13:28:14.520673: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:28:14.520677: | counting wild cards for @north.testing.libreswan.org is 0 Aug 26 13:28:14.520681: | counting wild cards for 192.1.2.23 is 0 Aug 26 13:28:14.520688: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:28:14.520690: | new hp@0x561fb413c2e8 Aug 26 13:28:14.520694: added connection description "road-east-ikev2" Aug 26 13:28:14.520706: | ike_life: 90s; ipsec_life: 300s; rekey_margin: 20s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:28:14.520712: | 192.1.3.209<192.1.3.209>[@north.testing.libreswan.org]...192.1.2.23<192.1.2.23> Aug 26 13:28:14.520717: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.520723: | spent 0.169 milliseconds in whack Aug 26 13:28:14.520758: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.520769: add keyid @north.testing.libreswan.org Aug 26 13:28:14.520773: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:28:14.520775: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:28:14.520778: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:28:14.520780: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:28:14.520782: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:28:14.520785: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:28:14.520787: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:28:14.520789: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:28:14.520791: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:28:14.520794: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:28:14.520796: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:28:14.520798: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:28:14.520800: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:28:14.520802: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:28:14.520804: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:28:14.520807: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:28:14.520809: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:28:14.520811: | add pubkey c7 5e a5 99 Aug 26 13:28:14.520834: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:28:14.520838: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:28:14.520848: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.520854: | spent 0.0996 milliseconds in whack Aug 26 13:28:14.578131: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.578155: | old debugging base+cpu-usage + none Aug 26 13:28:14.578158: | base debugging = base+cpu-usage Aug 26 13:28:14.578160: | old impairing none + suppress-retransmits Aug 26 13:28:14.578161: | base impairing = suppress-retransmits Aug 26 13:28:14.578167: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.578173: | spent 0.0479 milliseconds in whack Aug 26 13:28:14.691698: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.691736: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.691742: | spent 0.337 milliseconds in whack Aug 26 13:28:14.748773: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.748798: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:28:14.748805: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.748811: | spent 0.0458 milliseconds in whack Aug 26 13:28:14.914942: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.915168: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.915176: | spent 0.241 milliseconds in whack Aug 26 13:28:14.974670: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:14.974709: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Aug 26 13:28:14.974713: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:28:14.974717: | start processing: connection "road-east-ikev2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:28:14.974719: | connection 'road-east-ikev2' +POLICY_UP Aug 26 13:28:14.974721: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Aug 26 13:28:14.974723: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:28:14.974758: | creating state object #1 at 0x561fb413c5b8 Aug 26 13:28:14.974761: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:28:14.974767: | pstats #1 ikev2.ike started Aug 26 13:28:14.974769: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:28:14.974772: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:28:14.974776: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:28:14.974782: | suspend processing: connection "road-east-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:28:14.974785: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:28:14.974788: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:28:14.974791: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-east-ikev2" IKE SA #1 "road-east-ikev2" Aug 26 13:28:14.974794: "road-east-ikev2" #1: initiating v2 parent SA Aug 26 13:28:14.974803: | "road-east-ikev2" #1 start IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- Aug 26 13:28:14.976558: | libevent_malloc: new ptr-libevent@0x561fb43ee9e8 size 16 Aug 26 13:28:14.976663: | constructing local IKE proposals for road-east-ikev2 (IKE SA initiator selecting KE) Aug 26 13:28:14.976675: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:14.976696: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.976700: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:14.976706: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.976710: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:14.976715: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.976719: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:28:14.976724: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.976735: "road-east-ikev2": constructed local IKE proposals for road-east-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.976752: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:28:14.976771: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561fb43f06a8 Aug 26 13:28:14.976775: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:28:14.976778: | libevent_malloc: new ptr-libevent@0x561fb413c438 size 128 Aug 26 13:28:14.976794: | #1 spent 2.02 milliseconds in ikev2_parent_outI1() Aug 26 13:28:14.976796: | crypto helper 0 resuming Aug 26 13:28:14.976797: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:14.976829: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:28:14.976833: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:28:14.976833: | RESET processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:14.976838: | RESET processing: connection "road-east-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:28:14.976843: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Aug 26 13:28:14.976847: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Aug 26 13:28:14.976851: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:14.976856: | spent 2.13 milliseconds in whack Aug 26 13:28:14.977145: | libevent_malloc: new ptr-libevent@0x561fb43f0948 size 16 Aug 26 13:28:14.977305: | libevent_malloc: new ptr-libevent@0x561fb43ee908 size 16 Aug 26 13:28:14.977490: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000657 seconds Aug 26 13:28:14.977513: | (#1) spent 0.675 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:28:14.977515: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:28:14.977518: | scheduling resume sending helper answer for #1 Aug 26 13:28:14.977520: | libevent_malloc: new ptr-libevent@0x7faab0002888 size 128 Aug 26 13:28:14.977534: | crypto helper 0 waiting (nothing to do) Aug 26 13:28:14.977676: | processing resume sending helper answer for #1 Aug 26 13:28:14.977687: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:28:14.977692: | crypto helper 0 replies to request ID 1 Aug 26 13:28:14.977695: | calling continuation function 0x561fb1f9ab50 Aug 26 13:28:14.977697: | ikev2_parent_outI1_continue for #1 Aug 26 13:28:14.977741: | **emit ISAKMP Message: Aug 26 13:28:14.977744: | initiator cookie: Aug 26 13:28:14.977747: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.977749: | responder cookie: Aug 26 13:28:14.977752: | 00 00 00 00 00 00 00 00 Aug 26 13:28:14.977755: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:14.977758: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.977761: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:28:14.977764: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:14.977766: | Message ID: 0 (0x0) Aug 26 13:28:14.977769: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:14.977786: | using existing local IKE proposals for connection road-east-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.977793: | Emitting ikev2_proposals ... Aug 26 13:28:14.977796: | ***emit IKEv2 Security Association Payload: Aug 26 13:28:14.977799: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.977801: | flags: none (0x0) Aug 26 13:28:14.977804: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:28:14.977807: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.977810: | discarding INTEG=NONE Aug 26 13:28:14.977813: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.977816: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.977818: | prop #: 1 (0x1) Aug 26 13:28:14.977821: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:14.977824: | spi size: 0 (0x0) Aug 26 13:28:14.977826: | # transforms: 11 (0xb) Aug 26 13:28:14.977829: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.977832: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977837: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.977840: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:14.977843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977846: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.977849: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.977851: | length/value: 256 (0x100) Aug 26 13:28:14.977854: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.977857: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977859: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977862: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.977864: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:14.977867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977873: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977875: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977880: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.977883: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:14.977886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977891: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977893: | discarding INTEG=NONE Aug 26 13:28:14.977895: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.977903: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.977906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977909: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977912: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977914: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977924: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.977927: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:14.977930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977936: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977938: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977943: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.977946: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:14.977949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977954: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977957: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.977964: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:14.977967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977972: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977975: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977980: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.977982: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:14.977985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.977991: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.977993: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.977996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.977999: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978001: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:14.978004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978010: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978013: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978020: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:14.978023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978031: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978056: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978058: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.978060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978061: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:14.978063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978065: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978067: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978069: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:28:14.978071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.978072: | discarding INTEG=NONE Aug 26 13:28:14.978074: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.978076: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.978077: | prop #: 2 (0x2) Aug 26 13:28:14.978079: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:14.978080: | spi size: 0 (0x0) Aug 26 13:28:14.978082: | # transforms: 11 (0xb) Aug 26 13:28:14.978084: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.978086: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.978088: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978091: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.978093: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:14.978094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978096: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.978098: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.978100: | length/value: 128 (0x80) Aug 26 13:28:14.978101: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.978103: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978106: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978108: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:14.978110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978113: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978115: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978118: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978120: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:14.978122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978125: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978127: | discarding INTEG=NONE Aug 26 13:28:14.978128: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978134: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.978136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978140: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978141: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978145: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978146: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:14.978148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978151: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978153: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978156: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978163: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:14.978165: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978170: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978173: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978175: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978178: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978180: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:14.978183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978188: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978190: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978198: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:14.978200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978205: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978208: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978212: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978215: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:14.978218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978223: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978229: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978234: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978237: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:14.978240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978243: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978245: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978248: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978250: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.978253: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978255: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:14.978258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978263: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978266: | emitting length of IKEv2 Proposal Substructure Payload: 100 Aug 26 13:28:14.978269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.978271: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.978274: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.978276: | prop #: 3 (0x3) Aug 26 13:28:14.978279: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:14.978281: | spi size: 0 (0x0) Aug 26 13:28:14.978284: | # transforms: 13 (0xd) Aug 26 13:28:14.978287: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.978301: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.978305: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978308: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978310: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.978326: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:14.978329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978332: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.978335: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.978337: | length/value: 256 (0x100) Aug 26 13:28:14.978341: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.978343: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978348: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978351: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:14.978355: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978358: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978361: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978364: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978366: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978369: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978372: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:14.978377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978383: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978385: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978388: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978391: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.978393: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:14.978396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978402: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978405: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978410: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.978413: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:14.978416: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978422: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978425: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978430: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978433: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.978436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978457: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978460: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978468: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:14.978471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978477: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978480: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978488: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:14.978492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978495: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978498: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978501: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978511: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:14.978514: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978533: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978536: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978541: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978544: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:14.978547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978553: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978556: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978561: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978564: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:14.978567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978570: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978573: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978575: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978583: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:14.978587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978592: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978595: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978597: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.978600: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978602: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:14.978606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978611: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978614: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:28:14.978616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.978619: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.978621: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:14.978624: | prop #: 4 (0x4) Aug 26 13:28:14.978627: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:14.978629: | spi size: 0 (0x0) Aug 26 13:28:14.978631: | # transforms: 13 (0xd) Aug 26 13:28:14.978636: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.978640: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.978642: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978647: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.978650: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:14.978652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978655: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.978658: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.978661: | length/value: 128 (0x80) Aug 26 13:28:14.978663: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.978666: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978672: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978674: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:14.978677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978683: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978700: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978705: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.978707: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:28:14.978710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978713: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978715: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978717: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978720: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.978721: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:14.978723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978727: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978728: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978731: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.978733: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:14.978735: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978737: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978738: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978740: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978743: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978746: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.978748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978752: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978753: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978755: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978758: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:28:14.978760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978763: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978765: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978768: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978770: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:28:14.978771: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978775: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978777: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978781: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:28:14.978783: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978785: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978787: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978788: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978791: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978793: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:28:14.978795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978799: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978801: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:28:14.978811: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978830: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978834: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978841: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:28:14.978844: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978847: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978850: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978852: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.978855: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.978857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.978860: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:28:14.978863: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.978866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.978869: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.978872: | emitting length of IKEv2 Proposal Substructure Payload: 116 Aug 26 13:28:14.978875: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.978877: | emitting length of IKEv2 Security Association Payload: 436 Aug 26 13:28:14.978880: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:28:14.978883: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:28:14.978886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.978888: | flags: none (0x0) Aug 26 13:28:14.978891: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.978894: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:28:14.978897: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.978901: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:28:14.978903: | ikev2 g^x 94 09 96 88 a4 22 f7 42 98 83 14 63 35 39 43 81 Aug 26 13:28:14.978905: | ikev2 g^x bf 7b 86 ea 3a f8 4c b6 dd 2f 58 23 26 6d 94 5f Aug 26 13:28:14.978906: | ikev2 g^x 26 5d 94 03 92 57 01 35 89 1a c5 21 e9 1a ee 13 Aug 26 13:28:14.978908: | ikev2 g^x 35 bc 93 c6 14 f1 c3 8d 3c 85 0e b4 47 f4 60 97 Aug 26 13:28:14.978909: | ikev2 g^x a8 00 bc 46 1f 09 20 a5 88 f9 38 f9 39 3d 09 9e Aug 26 13:28:14.978911: | ikev2 g^x 57 fb ca 8b 5f 69 2a 3f 18 62 eb 12 87 b2 f2 89 Aug 26 13:28:14.978912: | ikev2 g^x 13 42 9f e7 d4 83 0c a1 d5 65 48 47 2e f1 cd 68 Aug 26 13:28:14.978914: | ikev2 g^x cb 07 f3 56 15 0e 8a b0 6f 6d 1d 62 f0 5a 7c e9 Aug 26 13:28:14.978915: | ikev2 g^x 0d 23 d0 80 fa 6c 74 43 0d e2 10 59 08 0f eb 63 Aug 26 13:28:14.978917: | ikev2 g^x 04 42 3d 4f 01 a7 df 05 b4 b2 4c 7a af ff c6 55 Aug 26 13:28:14.978918: | ikev2 g^x cc 72 09 38 b4 94 fc 5f c1 d9 b6 88 e4 4e d3 d4 Aug 26 13:28:14.978920: | ikev2 g^x 5e c7 69 91 f5 8d 2f c6 74 d6 f1 66 a7 1b 61 37 Aug 26 13:28:14.978921: | ikev2 g^x 84 8d 15 ea 17 e3 6b 42 b6 0b d2 0a e0 a2 cf 7d Aug 26 13:28:14.978923: | ikev2 g^x e0 d0 62 e7 11 d5 88 52 23 b8 ce fc d4 1f 21 e6 Aug 26 13:28:14.978924: | ikev2 g^x 1c 87 02 56 fb 47 47 43 14 0b 17 7a d1 ec f2 64 Aug 26 13:28:14.978926: | ikev2 g^x 42 fb 0c cc 4a c7 3b c1 c1 65 b0 a9 82 e8 eb e5 Aug 26 13:28:14.978927: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:28:14.978929: | ***emit IKEv2 Nonce Payload: Aug 26 13:28:14.978932: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:14.978934: | flags: none (0x0) Aug 26 13:28:14.978936: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:28:14.978938: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:28:14.978940: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.978942: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:28:14.978943: | IKEv2 nonce c4 83 1a 7e 26 8b 28 30 2a 92 99 e8 8f ac 18 d1 Aug 26 13:28:14.978945: | IKEv2 nonce 31 98 4e 60 bf 89 96 61 34 4d 31 a0 1f 31 22 ae Aug 26 13:28:14.978946: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:28:14.978948: | Adding a v2N Payload Aug 26 13:28:14.978950: | ***emit IKEv2 Notify Payload: Aug 26 13:28:14.978951: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.978953: | flags: none (0x0) Aug 26 13:28:14.978955: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.978956: | SPI size: 0 (0x0) Aug 26 13:28:14.978958: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:28:14.978960: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:14.978962: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.978964: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:28:14.978966: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:28:14.978968: | natd_hash: rcookie is zero Aug 26 13:28:14.978980: | natd_hash: hasher=0x561fb206f800(20) Aug 26 13:28:14.978982: | natd_hash: icookie= aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.978984: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:28:14.978985: | natd_hash: ip= c0 01 03 d1 Aug 26 13:28:14.978987: | natd_hash: port=500 Aug 26 13:28:14.978989: | natd_hash: hash= 48 75 3d aa f3 15 f9 b5 17 dc d3 36 73 d0 7f ea Aug 26 13:28:14.978990: | natd_hash: hash= f0 99 02 d7 Aug 26 13:28:14.978992: | Adding a v2N Payload Aug 26 13:28:14.978993: | ***emit IKEv2 Notify Payload: Aug 26 13:28:14.978995: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.978996: | flags: none (0x0) Aug 26 13:28:14.978998: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.978999: | SPI size: 0 (0x0) Aug 26 13:28:14.979001: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:28:14.979003: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:14.979005: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.979007: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:28:14.979008: | Notify data 48 75 3d aa f3 15 f9 b5 17 dc d3 36 73 d0 7f ea Aug 26 13:28:14.979010: | Notify data f0 99 02 d7 Aug 26 13:28:14.979011: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:28:14.979013: | natd_hash: rcookie is zero Aug 26 13:28:14.979017: | natd_hash: hasher=0x561fb206f800(20) Aug 26 13:28:14.979019: | natd_hash: icookie= aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.979020: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:28:14.979022: | natd_hash: ip= c0 01 02 17 Aug 26 13:28:14.979023: | natd_hash: port=500 Aug 26 13:28:14.979025: | natd_hash: hash= f4 40 35 2a 9c 91 1d 59 d8 c9 bf fa 41 95 3a 58 Aug 26 13:28:14.979026: | natd_hash: hash= 9b dd 71 be Aug 26 13:28:14.979028: | Adding a v2N Payload Aug 26 13:28:14.979029: | ***emit IKEv2 Notify Payload: Aug 26 13:28:14.979031: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.979032: | flags: none (0x0) Aug 26 13:28:14.979034: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.979035: | SPI size: 0 (0x0) Aug 26 13:28:14.979038: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:28:14.979040: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:28:14.979042: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.979043: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:28:14.979045: | Notify data f4 40 35 2a 9c 91 1d 59 d8 c9 bf fa 41 95 3a 58 Aug 26 13:28:14.979047: | Notify data 9b dd 71 be Aug 26 13:28:14.979050: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:28:14.979052: | emitting length of ISAKMP Message: 828 Aug 26 13:28:14.979059: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:28:14.979069: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:14.979073: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:28:14.979077: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:28:14.979080: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:28:14.979083: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:28:14.979086: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:28:14.979091: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:28:14.979095: "road-east-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:28:14.979108: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:28:14.979115: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:14.979118: | aa ed 6c e9 a9 68 3c 32 00 00 00 00 00 00 00 00 Aug 26 13:28:14.979133: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:28:14.979136: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:28:14.979138: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:28:14.979141: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:28:14.979143: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:28:14.979146: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:28:14.979148: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:28:14.979151: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:28:14.979154: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:28:14.979156: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:28:14.979159: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:28:14.979162: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:28:14.979164: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:28:14.979167: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:28:14.979169: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:28:14.979172: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:28:14.979174: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:28:14.979177: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:28:14.979180: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:28:14.979182: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:28:14.979185: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:28:14.979187: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:28:14.979190: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:28:14.979192: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:28:14.979195: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:28:14.979198: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:28:14.979202: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:28:14.979205: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:28:14.979208: | 28 00 01 08 00 0e 00 00 94 09 96 88 a4 22 f7 42 Aug 26 13:28:14.979210: | 98 83 14 63 35 39 43 81 bf 7b 86 ea 3a f8 4c b6 Aug 26 13:28:14.979213: | dd 2f 58 23 26 6d 94 5f 26 5d 94 03 92 57 01 35 Aug 26 13:28:14.979215: | 89 1a c5 21 e9 1a ee 13 35 bc 93 c6 14 f1 c3 8d Aug 26 13:28:14.979218: | 3c 85 0e b4 47 f4 60 97 a8 00 bc 46 1f 09 20 a5 Aug 26 13:28:14.979221: | 88 f9 38 f9 39 3d 09 9e 57 fb ca 8b 5f 69 2a 3f Aug 26 13:28:14.979223: | 18 62 eb 12 87 b2 f2 89 13 42 9f e7 d4 83 0c a1 Aug 26 13:28:14.979226: | d5 65 48 47 2e f1 cd 68 cb 07 f3 56 15 0e 8a b0 Aug 26 13:28:14.979229: | 6f 6d 1d 62 f0 5a 7c e9 0d 23 d0 80 fa 6c 74 43 Aug 26 13:28:14.979231: | 0d e2 10 59 08 0f eb 63 04 42 3d 4f 01 a7 df 05 Aug 26 13:28:14.979233: | b4 b2 4c 7a af ff c6 55 cc 72 09 38 b4 94 fc 5f Aug 26 13:28:14.979235: | c1 d9 b6 88 e4 4e d3 d4 5e c7 69 91 f5 8d 2f c6 Aug 26 13:28:14.979238: | 74 d6 f1 66 a7 1b 61 37 84 8d 15 ea 17 e3 6b 42 Aug 26 13:28:14.979240: | b6 0b d2 0a e0 a2 cf 7d e0 d0 62 e7 11 d5 88 52 Aug 26 13:28:14.979243: | 23 b8 ce fc d4 1f 21 e6 1c 87 02 56 fb 47 47 43 Aug 26 13:28:14.979245: | 14 0b 17 7a d1 ec f2 64 42 fb 0c cc 4a c7 3b c1 Aug 26 13:28:14.979248: | c1 65 b0 a9 82 e8 eb e5 29 00 00 24 c4 83 1a 7e Aug 26 13:28:14.979251: | 26 8b 28 30 2a 92 99 e8 8f ac 18 d1 31 98 4e 60 Aug 26 13:28:14.979253: | bf 89 96 61 34 4d 31 a0 1f 31 22 ae 29 00 00 08 Aug 26 13:28:14.979256: | 00 00 40 2e 29 00 00 1c 00 00 40 04 48 75 3d aa Aug 26 13:28:14.979258: | f3 15 f9 b5 17 dc d3 36 73 d0 7f ea f0 99 02 d7 Aug 26 13:28:14.979261: | 00 00 00 1c 00 00 40 05 f4 40 35 2a 9c 91 1d 59 Aug 26 13:28:14.979264: | d8 c9 bf fa 41 95 3a 58 9b dd 71 be Aug 26 13:28:14.979363: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:28:14.979373: | libevent_free: release ptr-libevent@0x561fb413c438 Aug 26 13:28:14.979377: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561fb43f06a8 Aug 26 13:28:14.979380: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=2000ms Aug 26 13:28:14.979383: "road-east-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:28:14.979393: | event_schedule: new EVENT_RETRANSMIT-pe@0x561fb43f06a8 Aug 26 13:28:14.979397: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Aug 26 13:28:14.979401: | libevent_malloc: new ptr-libevent@0x561fb43f1018 size 128 Aug 26 13:28:14.979407: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11380.721858 Aug 26 13:28:14.979412: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:28:14.979418: | #1 spent 1.64 milliseconds in resume sending helper answer Aug 26 13:28:14.979422: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:28:14.979425: | libevent_free: release ptr-libevent@0x7faab0002888 Aug 26 13:28:14.979503: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in idr_ipseckey_fetch_continue() at ikev2_ipseckey.c:519) Aug 26 13:28:14.979510: | IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- returned SERVFAIL cache=no elapsed time 0.004696 Aug 26 13:28:14.979512: | DNSSEC=INSECURE MSG SIZE 52 bytes Aug 26 13:28:14.979514: "road-east-ikev2" #1: IKEv2 DNS query -- 23.2.1.192.IN-ADDR.ARPA. IN IPSECKEY -- returned SERVFAIL rr parse error SERVFAIL elapsed time 0.004696 Aug 26 13:28:14.979521: | RESET processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in idr_ipseckey_fetch_continue() at ikev2_ipseckey.c:541) Aug 26 13:28:14.981205: | spent 0.00233 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:28:14.981224: | *received 437 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:28:14.981229: | aa ed 6c e9 a9 68 3c 32 f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.981231: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Aug 26 13:28:14.981232: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:28:14.981234: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:28:14.981235: | 04 00 00 0e 28 00 01 08 00 0e 00 00 fe f8 1f 21 Aug 26 13:28:14.981237: | 41 a1 eb eb 90 40 14 ee 58 f1 9d 34 83 47 4f 09 Aug 26 13:28:14.981238: | aa 37 8e a0 b6 6c e9 29 8e 76 b3 7a af 74 da 14 Aug 26 13:28:14.981240: | 32 7e 93 d7 1e 86 21 0d c3 c7 31 68 0a 0c 5d 2c Aug 26 13:28:14.981241: | d6 51 21 d1 f3 18 62 b2 f9 72 ee 15 07 31 9b f5 Aug 26 13:28:14.981243: | 5e ee 64 2d 99 c5 ba 4f b7 b4 a2 78 ca aa 2e 77 Aug 26 13:28:14.981244: | 85 0f 8e d8 9d 7b 6e e5 e0 0b 1f a9 bf ba 8f 5e Aug 26 13:28:14.981246: | 59 80 20 16 fe c9 63 12 ae e7 24 fb 0f 84 12 bc Aug 26 13:28:14.981247: | 9f bf 19 8a 8e 92 e5 de 4e b8 3d 09 bd ca 0e da Aug 26 13:28:14.981249: | 84 8d a8 f3 d7 2a c6 56 29 73 0e 7d 4e d1 d2 0f Aug 26 13:28:14.981250: | 85 a6 ee b9 8e 63 77 59 20 a4 4b ef 0a e4 71 d9 Aug 26 13:28:14.981252: | ae 7b e4 da dd 79 ae 07 14 39 91 ae e7 6b d6 19 Aug 26 13:28:14.981254: | 71 f7 76 25 cb eb c3 84 3d 03 61 92 22 f0 08 24 Aug 26 13:28:14.981255: | c2 aa 25 34 52 b3 9f 45 f0 bf 77 e9 6f 0e c9 43 Aug 26 13:28:14.981257: | 43 57 b3 20 d6 10 5e 5b fe 4a 73 ab c7 e8 20 11 Aug 26 13:28:14.981258: | 33 7c 7a b7 53 4d 74 de ac c0 f6 09 b7 db 57 84 Aug 26 13:28:14.981260: | 60 87 92 80 ca 42 ff 1b 1b f5 4b 25 29 00 00 24 Aug 26 13:28:14.981261: | 79 0e d3 5e 92 b5 80 ea 0b d2 7b 23 02 22 07 ce Aug 26 13:28:14.981263: | 0e 44 e8 21 9b 46 38 79 1e ca 65 6a 66 eb 48 00 Aug 26 13:28:14.981264: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:28:14.981266: | e2 f8 df 99 52 c4 55 e4 c3 95 d4 b2 b3 23 ec 16 Aug 26 13:28:14.981267: | 26 75 43 0d 26 00 00 1c 00 00 40 05 41 a2 cc cd Aug 26 13:28:14.981269: | 49 21 bc e7 93 70 f6 1f fd 13 94 65 99 44 d4 17 Aug 26 13:28:14.981270: | 00 00 00 05 04 Aug 26 13:28:14.981273: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:28:14.981276: | **parse ISAKMP Message: Aug 26 13:28:14.981278: | initiator cookie: Aug 26 13:28:14.981280: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.981281: | responder cookie: Aug 26 13:28:14.981283: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.981285: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:28:14.981287: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.981293: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:28:14.981297: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:28:14.981299: | Message ID: 0 (0x0) Aug 26 13:28:14.981302: | length: 437 (0x1b5) Aug 26 13:28:14.981304: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:28:14.981307: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:28:14.981309: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:28:14.981327: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:28:14.981329: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:14.981331: | #1 is idle Aug 26 13:28:14.981333: | #1 idle Aug 26 13:28:14.981334: | unpacking clear payload Aug 26 13:28:14.981336: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:28:14.981338: | ***parse IKEv2 Security Association Payload: Aug 26 13:28:14.981340: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:28:14.981341: | flags: none (0x0) Aug 26 13:28:14.981343: | length: 40 (0x28) Aug 26 13:28:14.981345: | processing payload: ISAKMP_NEXT_v2SA (len=36) Aug 26 13:28:14.981348: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:28:14.981350: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:28:14.981351: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:28:14.981353: | flags: none (0x0) Aug 26 13:28:14.981354: | length: 264 (0x108) Aug 26 13:28:14.981356: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.981358: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:28:14.981359: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:28:14.981361: | ***parse IKEv2 Nonce Payload: Aug 26 13:28:14.981362: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:14.981364: | flags: none (0x0) Aug 26 13:28:14.981365: | length: 36 (0x24) Aug 26 13:28:14.981367: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:28:14.981368: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:14.981370: | ***parse IKEv2 Notify Payload: Aug 26 13:28:14.981372: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:14.981373: | flags: none (0x0) Aug 26 13:28:14.981375: | length: 8 (0x8) Aug 26 13:28:14.981376: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.981378: | SPI size: 0 (0x0) Aug 26 13:28:14.981380: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:28:14.981381: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:28:14.981383: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:14.981384: | ***parse IKEv2 Notify Payload: Aug 26 13:28:14.981386: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:14.981387: | flags: none (0x0) Aug 26 13:28:14.981389: | length: 28 (0x1c) Aug 26 13:28:14.981390: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.981392: | SPI size: 0 (0x0) Aug 26 13:28:14.981393: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:28:14.981395: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:28:14.981397: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:14.981398: | ***parse IKEv2 Notify Payload: Aug 26 13:28:14.981400: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:28:14.981401: | flags: none (0x0) Aug 26 13:28:14.981403: | length: 28 (0x1c) Aug 26 13:28:14.981404: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.981406: | SPI size: 0 (0x0) Aug 26 13:28:14.981407: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:28:14.981409: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:28:14.981410: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:28:14.981412: | ***parse IKEv2 Certificate Request Payload: Aug 26 13:28:14.981414: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.981415: | flags: none (0x0) Aug 26 13:28:14.981416: | length: 5 (0x5) Aug 26 13:28:14.981418: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:28:14.981420: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Aug 26 13:28:14.981421: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:28:14.981427: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:28:14.981429: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:28:14.981431: | Now let's proceed with state specific processing Aug 26 13:28:14.981432: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:28:14.981435: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:28:14.981445: | using existing local IKE proposals for connection road-east-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:28:14.981449: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Aug 26 13:28:14.981451: | local proposal 1 type ENCR has 1 transforms Aug 26 13:28:14.981453: | local proposal 1 type PRF has 2 transforms Aug 26 13:28:14.981455: | local proposal 1 type INTEG has 1 transforms Aug 26 13:28:14.981456: | local proposal 1 type DH has 8 transforms Aug 26 13:28:14.981458: | local proposal 1 type ESN has 0 transforms Aug 26 13:28:14.981460: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:28:14.981462: | local proposal 2 type ENCR has 1 transforms Aug 26 13:28:14.981463: | local proposal 2 type PRF has 2 transforms Aug 26 13:28:14.981465: | local proposal 2 type INTEG has 1 transforms Aug 26 13:28:14.981467: | local proposal 2 type DH has 8 transforms Aug 26 13:28:14.981468: | local proposal 2 type ESN has 0 transforms Aug 26 13:28:14.981470: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:28:14.981472: | local proposal 3 type ENCR has 1 transforms Aug 26 13:28:14.981473: | local proposal 3 type PRF has 2 transforms Aug 26 13:28:14.981475: | local proposal 3 type INTEG has 2 transforms Aug 26 13:28:14.981476: | local proposal 3 type DH has 8 transforms Aug 26 13:28:14.981478: | local proposal 3 type ESN has 0 transforms Aug 26 13:28:14.981480: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:28:14.981481: | local proposal 4 type ENCR has 1 transforms Aug 26 13:28:14.981483: | local proposal 4 type PRF has 2 transforms Aug 26 13:28:14.981484: | local proposal 4 type INTEG has 2 transforms Aug 26 13:28:14.981486: | local proposal 4 type DH has 8 transforms Aug 26 13:28:14.981487: | local proposal 4 type ESN has 0 transforms Aug 26 13:28:14.981489: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:28:14.981491: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.981493: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:14.981494: | length: 36 (0x24) Aug 26 13:28:14.981496: | prop #: 1 (0x1) Aug 26 13:28:14.981497: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:28:14.981499: | spi size: 0 (0x0) Aug 26 13:28:14.981500: | # transforms: 3 (0x3) Aug 26 13:28:14.981503: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Aug 26 13:28:14.981504: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:14.981506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.981508: | length: 12 (0xc) Aug 26 13:28:14.981509: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.981511: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:14.981513: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.981514: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.981516: | length/value: 256 (0x100) Aug 26 13:28:14.981518: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:28:14.981520: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:14.981522: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.981523: | length: 8 (0x8) Aug 26 13:28:14.981525: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:28:14.981527: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:28:14.981529: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:28:14.981530: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:28:14.981532: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.981533: | length: 8 (0x8) Aug 26 13:28:14.981535: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:28:14.981537: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:28:14.981539: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:28:14.981543: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:28:14.981546: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:28:14.981548: | remote proposal 1 matches local proposal 1 Aug 26 13:28:14.981550: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Aug 26 13:28:14.981551: | converting proposal to internal trans attrs Aug 26 13:28:14.981563: | natd_hash: hasher=0x561fb206f800(20) Aug 26 13:28:14.981565: | natd_hash: icookie= aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.981567: | natd_hash: rcookie= f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.981568: | natd_hash: ip= c0 01 03 d1 Aug 26 13:28:14.981570: | natd_hash: port=500 Aug 26 13:28:14.981572: | natd_hash: hash= 41 a2 cc cd 49 21 bc e7 93 70 f6 1f fd 13 94 65 Aug 26 13:28:14.981573: | natd_hash: hash= 99 44 d4 17 Aug 26 13:28:14.981577: | natd_hash: hasher=0x561fb206f800(20) Aug 26 13:28:14.981578: | natd_hash: icookie= aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.981580: | natd_hash: rcookie= f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.981581: | natd_hash: ip= c0 01 02 17 Aug 26 13:28:14.981583: | natd_hash: port=500 Aug 26 13:28:14.981584: | natd_hash: hash= e2 f8 df 99 52 c4 55 e4 c3 95 d4 b2 b3 23 ec 16 Aug 26 13:28:14.981586: | natd_hash: hash= 26 75 43 0d Aug 26 13:28:14.981587: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:28:14.981589: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:28:14.981590: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:28:14.981592: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:28:14.981595: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:28:14.981597: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Aug 26 13:28:14.981599: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:28:14.981601: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:28:14.981603: | libevent_free: release ptr-libevent@0x561fb43f1018 Aug 26 13:28:14.981605: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561fb43f06a8 Aug 26 13:28:14.981607: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561fb43f06a8 Aug 26 13:28:14.981609: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:28:14.981611: | libevent_malloc: new ptr-libevent@0x7faab0002888 size 128 Aug 26 13:28:14.981619: | #1 spent 0.183 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:28:14.981622: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:14.981624: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:28:14.981626: | crypto helper 1 resuming Aug 26 13:28:14.981626: | suspending state #1 and saving MD Aug 26 13:28:14.981640: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:28:14.981641: | #1 is busy; has a suspended MD Aug 26 13:28:14.981647: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Aug 26 13:28:14.981650: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:28:14.981653: | "road-east-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:28:14.981656: | stop processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:28:14.981659: | #1 spent 0.435 milliseconds in ikev2_process_packet() Aug 26 13:28:14.981661: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:28:14.981663: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:28:14.981665: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:28:14.981669: | spent 0.446 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:28:14.982562: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:28:14.982989: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001342 seconds Aug 26 13:28:14.982999: | (#1) spent 1.35 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Aug 26 13:28:14.983002: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:28:14.983005: | scheduling resume sending helper answer for #1 Aug 26 13:28:14.983008: | libevent_malloc: new ptr-libevent@0x7faaa8000f48 size 128 Aug 26 13:28:14.983016: | crypto helper 1 waiting (nothing to do) Aug 26 13:28:14.983051: | processing resume sending helper answer for #1 Aug 26 13:28:14.983060: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:28:14.983064: | crypto helper 1 replies to request ID 2 Aug 26 13:28:14.983065: | calling continuation function 0x561fb1f9ab50 Aug 26 13:28:14.983067: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:28:14.983071: | creating state object #2 at 0x561fb43f3c58 Aug 26 13:28:14.983073: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:28:14.983076: | pstats #2 ikev2.child started Aug 26 13:28:14.983078: | duplicating state object #1 "road-east-ikev2" as #2 for IPSEC SA Aug 26 13:28:14.983081: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:28:14.983086: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:28:14.983088: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:28:14.983091: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:28:14.983093: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:28:14.983095: | libevent_free: release ptr-libevent@0x7faab0002888 Aug 26 13:28:14.983097: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561fb43f06a8 Aug 26 13:28:14.983099: | event_schedule: new EVENT_SA_REPLACE-pe@0x561fb43f06a8 Aug 26 13:28:14.983102: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:28:14.983104: | libevent_malloc: new ptr-libevent@0x7faab0002888 size 128 Aug 26 13:28:14.983106: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:28:14.983110: | **emit ISAKMP Message: Aug 26 13:28:14.983112: | initiator cookie: Aug 26 13:28:14.983114: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.983115: | responder cookie: Aug 26 13:28:14.983117: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.983119: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:14.983121: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.983122: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:14.983124: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:14.983126: | Message ID: 1 (0x1) Aug 26 13:28:14.983128: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:14.983130: | ***emit IKEv2 Encryption Payload: Aug 26 13:28:14.983131: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.983133: | flags: none (0x0) Aug 26 13:28:14.983135: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:28:14.983137: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.983139: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:28:14.983145: | IKEv2 CERT: send a certificate? Aug 26 13:28:14.983149: | IKEv2 CERT: no certificate to send Aug 26 13:28:14.983151: | IDr payload will NOT be sent Aug 26 13:28:14.983162: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:28:14.983164: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.983166: | flags: none (0x0) Aug 26 13:28:14.983168: | ID type: ID_FQDN (0x2) Aug 26 13:28:14.983170: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:28:14.983172: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.983174: | emitting 27 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:28:14.983176: | my identity 6e 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 13:28:14.983177: | my identity 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:28:14.983179: | emitting length of IKEv2 Identification - Initiator - Payload: 35 Aug 26 13:28:14.983184: | not sending INITIAL_CONTACT Aug 26 13:28:14.983187: | ****emit IKEv2 Authentication Payload: Aug 26 13:28:14.983189: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.983190: | flags: none (0x0) Aug 26 13:28:14.983192: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:28:14.983194: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:28:14.983196: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.983200: | started looking for secret for @north.testing.libreswan.org->192.1.2.23 of kind PKK_RSA Aug 26 13:28:14.983203: | actually looking for secret for @north.testing.libreswan.org->192.1.2.23 of kind PKK_RSA Aug 26 13:28:14.983206: | line 1: key type PKK_RSA(@north.testing.libreswan.org) to type PKK_RSA Aug 26 13:28:14.983208: | 1: compared key (none) to @north.testing.libreswan.org / 192.1.2.23 -> 002 Aug 26 13:28:14.983210: | 2: compared key (none) to @north.testing.libreswan.org / 192.1.2.23 -> 002 Aug 26 13:28:14.983212: | line 1: match=002 Aug 26 13:28:14.983214: | match 002 beats previous best_match 000 match=0x561fb4093b58 (line=1) Aug 26 13:28:14.983216: | concluding with best_match=002 best=0x561fb4093b58 (lineno=1) Aug 26 13:28:14.987366: | #1 spent 3.58 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:28:14.987378: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:28:14.987381: | rsa signature 5d 4d 9e e0 a4 bb 52 fc d9 4a 75 a4 0a c7 b0 10 Aug 26 13:28:14.987383: | rsa signature eb 6d 99 79 9b 01 b3 7e 0b c1 23 a0 02 69 ef ce Aug 26 13:28:14.987384: | rsa signature 5f 95 e0 2a 45 8f db f4 71 b7 0d 7e 82 6e fb d5 Aug 26 13:28:14.987386: | rsa signature 59 44 bb 67 33 26 f1 3d dc 47 90 9b 2f 7f 16 2e Aug 26 13:28:14.987387: | rsa signature 99 af a9 2b e1 ee bb 3f ba a0 ec 23 ff e9 8b 71 Aug 26 13:28:14.987389: | rsa signature 5a ad f3 34 39 41 e8 79 98 f9 5d be 7e 98 33 99 Aug 26 13:28:14.987391: | rsa signature 66 61 84 e9 25 61 91 5d ce 9f 88 b5 46 38 d1 cd Aug 26 13:28:14.987392: | rsa signature 0c 1c 4c 4b 5f fa a5 59 1c 02 dd 31 f1 a4 8d 54 Aug 26 13:28:14.987394: | rsa signature b0 9f e9 3c 8f 62 23 1b fc c7 07 06 b3 9a d9 ce Aug 26 13:28:14.987395: | rsa signature 0f 80 6c 99 45 b7 5a 70 97 20 bc 7a 7d 14 b4 f6 Aug 26 13:28:14.987397: | rsa signature ca f4 ed e3 22 d4 5c e4 c7 6a 66 e0 03 19 f5 dc Aug 26 13:28:14.987398: | rsa signature 07 1a 01 ef bb ef 99 89 57 57 b7 b2 4e e9 68 24 Aug 26 13:28:14.987400: | rsa signature 8d e2 a3 2c 62 9c 45 69 8d 30 ab da 21 a7 97 12 Aug 26 13:28:14.987402: | rsa signature b4 89 21 3f 04 13 88 22 c0 03 f6 02 0c 8e d3 29 Aug 26 13:28:14.987403: | rsa signature f8 f0 cd 57 4f 74 37 c1 61 62 99 ed d1 f6 07 54 Aug 26 13:28:14.987405: | rsa signature 45 09 c9 b5 9b 97 4d 1e e7 3d 34 78 7d 85 3b 62 Aug 26 13:28:14.987409: | rsa signature 3a 82 30 fd 96 67 8a 11 32 9f 63 89 52 aa 5d 90 Aug 26 13:28:14.987411: | rsa signature 8e 13 Aug 26 13:28:14.987414: | #1 spent 3.65 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:28:14.987416: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:28:14.987418: | getting first pending from state #1 Aug 26 13:28:14.987438: | netlink_get_spi: allocated 0x60a96543 for esp.0@192.1.3.209 Aug 26 13:28:14.987441: | constructing ESP/AH proposals with all DH removed for road-east-ikev2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:28:14.987446: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:28:14.987451: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:28:14.987452: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:28:14.987455: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:28:14.987457: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:28:14.987460: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:14.987462: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:28:14.987464: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:14.987469: "road-east-ikev2": constructed local ESP/AH proposals for road-east-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:28:14.987477: | Emitting ikev2_proposals ... Aug 26 13:28:14.987480: | ****emit IKEv2 Security Association Payload: Aug 26 13:28:14.987482: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.987484: | flags: none (0x0) Aug 26 13:28:14.987486: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:28:14.987488: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.987490: | discarding INTEG=NONE Aug 26 13:28:14.987492: | discarding DH=NONE Aug 26 13:28:14.987495: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.987498: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987500: | prop #: 1 (0x1) Aug 26 13:28:14.987503: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:14.987506: | spi size: 4 (0x4) Aug 26 13:28:14.987508: | # transforms: 2 (0x2) Aug 26 13:28:14.987511: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.987515: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:14.987518: | our spi 60 a9 65 43 Aug 26 13:28:14.987521: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987526: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.987529: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:14.987533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987536: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.987540: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.987543: | length/value: 256 (0x100) Aug 26 13:28:14.987546: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.987548: | discarding INTEG=NONE Aug 26 13:28:14.987551: | discarding DH=NONE Aug 26 13:28:14.987554: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987559: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.987562: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:14.987565: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:14.987569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987575: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987578: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:28:14.987581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.987583: | discarding INTEG=NONE Aug 26 13:28:14.987586: | discarding DH=NONE Aug 26 13:28:14.987588: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.987591: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987594: | prop #: 2 (0x2) Aug 26 13:28:14.987597: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:14.987599: | spi size: 4 (0x4) Aug 26 13:28:14.987602: | # transforms: 2 (0x2) Aug 26 13:28:14.987605: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987608: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.987611: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:14.987613: | our spi 60 a9 65 43 Aug 26 13:28:14.987616: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987620: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.987622: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:28:14.987625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987640: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.987642: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.987645: | length/value: 128 (0x80) Aug 26 13:28:14.987648: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.987650: | discarding INTEG=NONE Aug 26 13:28:14.987652: | discarding DH=NONE Aug 26 13:28:14.987655: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987657: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.987660: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:14.987663: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:14.987666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987673: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987676: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:28:14.987679: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.987683: | discarding DH=NONE Aug 26 13:28:14.987685: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.987688: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987691: | prop #: 3 (0x3) Aug 26 13:28:14.987693: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:14.987695: | spi size: 4 (0x4) Aug 26 13:28:14.987698: | # transforms: 4 (0x4) Aug 26 13:28:14.987701: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987706: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.987710: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:14.987712: | our spi 60 a9 65 43 Aug 26 13:28:14.987714: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987717: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987719: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.987722: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:14.987740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987741: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.987743: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.987745: | length/value: 256 (0x100) Aug 26 13:28:14.987747: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.987748: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987751: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.987753: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:14.987755: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987757: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987759: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987760: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987763: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.987765: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:14.987767: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987770: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987772: | discarding DH=NONE Aug 26 13:28:14.987774: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987775: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.987777: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:14.987778: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:14.987780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987784: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987785: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:28:14.987787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.987789: | discarding DH=NONE Aug 26 13:28:14.987790: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:28:14.987792: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:28:14.987794: | prop #: 4 (0x4) Aug 26 13:28:14.987795: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:28:14.987797: | spi size: 4 (0x4) Aug 26 13:28:14.987798: | # transforms: 4 (0x4) Aug 26 13:28:14.987800: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:28:14.987802: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:28:14.987805: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:28:14.987807: | our spi 60 a9 65 43 Aug 26 13:28:14.987808: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987812: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:28:14.987813: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:28:14.987815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987817: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:28:14.987818: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:28:14.987820: | length/value: 128 (0x80) Aug 26 13:28:14.987822: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:28:14.987823: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987826: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.987828: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:28:14.987830: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987833: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987835: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987838: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:28:14.987840: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:28:14.987842: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987845: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987847: | discarding DH=NONE Aug 26 13:28:14.987848: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:28:14.987850: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:28:14.987851: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:28:14.987853: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:28:14.987855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:28:14.987857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:28:14.987858: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:28:14.987860: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:28:14.987862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:28:14.987863: | emitting length of IKEv2 Security Association Payload: 164 Aug 26 13:28:14.987865: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:28:14.987868: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:28:14.987869: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.987871: | flags: none (0x0) Aug 26 13:28:14.987873: | number of TS: 1 (0x1) Aug 26 13:28:14.987875: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:28:14.987878: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.987880: | *****emit IKEv2 Traffic Selector: Aug 26 13:28:14.987881: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:28:14.987883: | IP Protocol ID: 0 (0x0) Aug 26 13:28:14.987885: | start port: 0 (0x0) Aug 26 13:28:14.987886: | end port: 65535 (0xffff) Aug 26 13:28:14.987888: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:28:14.987890: | ipv4 start c0 01 03 d1 Aug 26 13:28:14.987892: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:28:14.987893: | ipv4 end c0 01 03 d1 Aug 26 13:28:14.987895: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:28:14.987897: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:28:14.987898: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:28:14.987900: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.987901: | flags: none (0x0) Aug 26 13:28:14.987903: | number of TS: 1 (0x1) Aug 26 13:28:14.987905: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:28:14.987907: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:28:14.987909: | *****emit IKEv2 Traffic Selector: Aug 26 13:28:14.987910: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:28:14.987912: | IP Protocol ID: 0 (0x0) Aug 26 13:28:14.987913: | start port: 0 (0x0) Aug 26 13:28:14.987915: | end port: 65535 (0xffff) Aug 26 13:28:14.987917: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:28:14.987918: | ipv4 start c0 01 02 17 Aug 26 13:28:14.987920: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:28:14.987921: | ipv4 end c0 01 02 17 Aug 26 13:28:14.987923: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:28:14.987925: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:28:14.987927: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:28:14.987929: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:28:14.987931: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:14.987933: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:28:14.987935: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:28:14.987937: | emitting length of IKEv2 Encryption Payload: 558 Aug 26 13:28:14.987938: | emitting length of ISAKMP Message: 586 Aug 26 13:28:14.987942: | **parse ISAKMP Message: Aug 26 13:28:14.987943: | initiator cookie: Aug 26 13:28:14.987945: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.987946: | responder cookie: Aug 26 13:28:14.987948: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.987950: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:28:14.987952: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.987953: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:14.987955: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:14.987956: | Message ID: 1 (0x1) Aug 26 13:28:14.987958: | length: 586 (0x24a) Aug 26 13:28:14.987960: | **parse IKEv2 Encryption Payload: Aug 26 13:28:14.987961: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:28:14.987963: | flags: none (0x0) Aug 26 13:28:14.987965: | length: 558 (0x22e) Aug 26 13:28:14.987966: | **emit ISAKMP Message: Aug 26 13:28:14.987968: | initiator cookie: Aug 26 13:28:14.987969: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.987971: | responder cookie: Aug 26 13:28:14.987972: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.987974: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:14.987976: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.987978: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:14.987980: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:14.987981: | Message ID: 1 (0x1) Aug 26 13:28:14.987983: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:14.987985: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:28:14.987987: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:28:14.987988: | flags: none (0x0) Aug 26 13:28:14.987990: | fragment number: 1 (0x1) Aug 26 13:28:14.987991: | total fragments: 2 (0x2) Aug 26 13:28:14.987993: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Aug 26 13:28:14.987996: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:28:14.987997: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:28:14.988000: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:28:14.988006: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:28:14.988008: | cleartext fragment 27 00 00 23 02 00 00 00 6e 6f 72 74 68 2e 74 65 Aug 26 13:28:14.988009: | cleartext fragment 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Aug 26 13:28:14.988011: | cleartext fragment 6f 72 67 21 00 01 1a 01 00 00 00 5d 4d 9e e0 a4 Aug 26 13:28:14.988012: | cleartext fragment bb 52 fc d9 4a 75 a4 0a c7 b0 10 eb 6d 99 79 9b Aug 26 13:28:14.988014: | cleartext fragment 01 b3 7e 0b c1 23 a0 02 69 ef ce 5f 95 e0 2a 45 Aug 26 13:28:14.988016: | cleartext fragment 8f db f4 71 b7 0d 7e 82 6e fb d5 59 44 bb 67 33 Aug 26 13:28:14.988017: | cleartext fragment 26 f1 3d dc 47 90 9b 2f 7f 16 2e 99 af a9 2b e1 Aug 26 13:28:14.988019: | cleartext fragment ee bb 3f ba a0 ec 23 ff e9 8b 71 5a ad f3 34 39 Aug 26 13:28:14.988020: | cleartext fragment 41 e8 79 98 f9 5d be 7e 98 33 99 66 61 84 e9 25 Aug 26 13:28:14.988022: | cleartext fragment 61 91 5d ce 9f 88 b5 46 38 d1 cd 0c 1c 4c 4b 5f Aug 26 13:28:14.988023: | cleartext fragment fa a5 59 1c 02 dd 31 f1 a4 8d 54 b0 9f e9 3c 8f Aug 26 13:28:14.988025: | cleartext fragment 62 23 1b fc c7 07 06 b3 9a d9 ce 0f 80 6c 99 45 Aug 26 13:28:14.988027: | cleartext fragment b7 5a 70 97 20 bc 7a 7d 14 b4 f6 ca f4 ed e3 22 Aug 26 13:28:14.988028: | cleartext fragment d4 5c e4 c7 6a 66 e0 03 19 f5 dc 07 1a 01 ef bb Aug 26 13:28:14.988030: | cleartext fragment ef 99 89 57 57 b7 b2 4e e9 68 24 8d e2 a3 2c 62 Aug 26 13:28:14.988031: | cleartext fragment 9c 45 69 8d 30 ab da 21 a7 97 12 b4 89 21 3f 04 Aug 26 13:28:14.988033: | cleartext fragment 13 88 22 c0 03 f6 02 0c 8e d3 29 f8 f0 cd 57 4f Aug 26 13:28:14.988034: | cleartext fragment 74 37 c1 61 62 99 ed d1 f6 07 54 45 09 c9 b5 9b Aug 26 13:28:14.988036: | cleartext fragment 97 4d 1e e7 3d 34 78 7d 85 3b 62 3a 82 30 fd 96 Aug 26 13:28:14.988038: | cleartext fragment 67 8a 11 32 9f 63 89 52 aa 5d 90 8e 13 2c 00 00 Aug 26 13:28:14.988039: | cleartext fragment a4 02 00 00 20 01 03 04 02 60 a9 65 43 03 00 00 Aug 26 13:28:14.988041: | cleartext fragment 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 00 Aug 26 13:28:14.988042: | cleartext fragment 00 02 00 00 20 02 03 04 02 60 a9 65 43 03 00 00 Aug 26 13:28:14.988044: | cleartext fragment 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 00 Aug 26 13:28:14.988045: | cleartext fragment 00 02 00 00 30 03 03 04 04 60 a9 65 43 03 00 00 Aug 26 13:28:14.988047: | cleartext fragment 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 00 Aug 26 13:28:14.988048: | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 00 Aug 26 13:28:14.988050: | cleartext fragment 00 00 00 00 30 04 03 04 04 60 a9 65 43 03 00 00 Aug 26 13:28:14.988052: | cleartext fragment 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 00 Aug 26 13:28:14.988053: | cleartext fragment 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 Aug 26 13:28:14.988056: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:14.988058: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:28:14.988060: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:28:14.988061: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:28:14.988063: | emitting length of ISAKMP Message: 539 Aug 26 13:28:14.988073: | **emit ISAKMP Message: Aug 26 13:28:14.988075: | initiator cookie: Aug 26 13:28:14.988077: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.988078: | responder cookie: Aug 26 13:28:14.988080: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.988081: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:28:14.988083: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.988085: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:14.988086: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:28:14.988088: | Message ID: 1 (0x1) Aug 26 13:28:14.988089: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:28:14.988091: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:28:14.988093: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.988094: | flags: none (0x0) Aug 26 13:28:14.988096: | fragment number: 2 (0x2) Aug 26 13:28:14.988098: | total fragments: 2 (0x2) Aug 26 13:28:14.988100: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:28:14.988101: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:28:14.988103: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:28:14.988105: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:28:14.988109: | emitting 51 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:28:14.988111: | cleartext fragment 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 Aug 26 13:28:14.988113: | cleartext fragment 00 ff ff c0 01 03 d1 c0 01 03 d1 00 00 00 18 01 Aug 26 13:28:14.988114: | cleartext fragment 00 00 00 07 00 00 10 00 00 ff ff c0 01 02 17 c0 Aug 26 13:28:14.988116: | cleartext fragment 01 02 17 Aug 26 13:28:14.988117: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:28:14.988119: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:28:14.988121: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:28:14.988123: | emitting length of IKEv2 Encrypted Fragment: 84 Aug 26 13:28:14.988124: | emitting length of ISAKMP Message: 112 Aug 26 13:28:14.988133: | suspend processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:14.988136: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:14.988139: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:28:14.988142: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:28:14.988144: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:28:14.988146: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:28:14.988150: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:28:14.988153: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:28:14.988156: "road-east-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:28:14.988165: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Aug 26 13:28:14.988167: | sending fragments ... Aug 26 13:28:14.988171: | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:14.988173: | aa ed 6c e9 a9 68 3c 32 f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.988174: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:28:14.988176: | 00 01 00 02 35 6f a3 d8 ff 2c a6 8f d4 49 ce df Aug 26 13:28:14.988177: | 78 92 e5 7d ec f1 f5 78 c0 8f d0 4d fb 94 98 f6 Aug 26 13:28:14.988179: | ac 82 81 02 54 9f 5c d1 30 46 8b 4d fd 5a 72 44 Aug 26 13:28:14.988180: | ba d7 5d 67 1f 5a 25 f1 2d 6a d5 85 26 83 34 d8 Aug 26 13:28:14.988182: | 18 08 95 33 1f 3d 33 5f 96 f9 64 6d 20 f3 1f 28 Aug 26 13:28:14.988183: | bb d0 f0 b5 ad a7 de d5 07 c2 91 b8 eb d1 ee a8 Aug 26 13:28:14.988185: | 36 b6 37 71 84 b6 bc 28 3a df 57 2d 52 49 0b 44 Aug 26 13:28:14.988186: | f2 3f e3 ef 44 ab 61 22 f0 1e a5 71 65 7c 48 b7 Aug 26 13:28:14.988188: | 0b 14 58 44 55 26 b2 74 63 ac 85 a3 13 9a 9a 20 Aug 26 13:28:14.988189: | b4 b2 c5 f4 16 3c f1 54 26 9f 6d 7c b9 73 cb 83 Aug 26 13:28:14.988191: | b8 06 0e 8d 32 38 dc eb 52 88 62 9b 0b e3 4f c3 Aug 26 13:28:14.988192: | eb 45 11 76 1b 1d bb 54 a6 47 72 eb a8 85 10 51 Aug 26 13:28:14.988194: | e0 99 19 be 17 85 39 1e ec 69 6f 89 26 2f 4a 80 Aug 26 13:28:14.988195: | e5 62 8a 8b 6d 34 0b 6b 20 fa ca c0 cc 9b 78 06 Aug 26 13:28:14.988197: | 99 09 98 d0 61 8a f1 1e 57 12 68 43 48 26 20 ec Aug 26 13:28:14.988198: | b2 4e 17 e6 78 c7 79 1c 47 a1 7c 5e 1a 38 80 d8 Aug 26 13:28:14.988200: | 95 d7 df 06 f0 fb 3a 1d ad 16 cc 47 b6 df 97 f9 Aug 26 13:28:14.988201: | aa 62 a2 a9 e0 f5 2a 47 45 dd f4 e8 24 4b a2 00 Aug 26 13:28:14.988203: | 55 0d 17 87 20 64 67 dd 8d 18 1a df 23 12 84 c1 Aug 26 13:28:14.988204: | a4 0c c1 c3 c0 43 d3 2f be 1b b9 30 fa 07 bf 14 Aug 26 13:28:14.988206: | 79 28 c5 c2 7c 52 a6 d6 f8 16 dc 28 69 72 42 f9 Aug 26 13:28:14.988207: | 1c 74 08 c8 01 22 9f 71 99 1d b8 42 8c c0 42 51 Aug 26 13:28:14.988209: | 2d f4 70 f4 4c fd a3 e3 f1 c4 05 ba 92 7b e1 48 Aug 26 13:28:14.988210: | b0 38 d5 c8 8d fe 99 6a f3 03 b3 f1 f7 0c f0 6e Aug 26 13:28:14.988212: | a4 fa 86 e8 0e 11 10 85 62 26 20 6e fd 64 7a 2a Aug 26 13:28:14.988213: | 62 08 a9 a6 a5 cd fc 8b 14 18 b7 37 08 e0 bf 76 Aug 26 13:28:14.988215: | 8c 64 d5 69 89 b3 fa fd 44 dc 0e b4 43 ae b8 fe Aug 26 13:28:14.988216: | 30 9e 07 00 8c 4c 53 6e ee 32 0c 88 05 fa b6 4a Aug 26 13:28:14.988218: | f4 15 00 43 2a f3 29 a3 69 52 80 e2 93 e3 2b 0d Aug 26 13:28:14.988219: | 40 ba e9 83 4f 1b 51 a9 5a 12 6b c0 23 ea d6 87 Aug 26 13:28:14.988221: | 2c 60 ff 3c 5e c4 d4 91 8b a2 a6 fb 2c 70 95 1f Aug 26 13:28:14.988222: | 29 b8 1b 22 41 1e 6d 57 ca 11 de Aug 26 13:28:14.988266: | sending 112 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Aug 26 13:28:14.988269: | aa ed 6c e9 a9 68 3c 32 f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.988270: | 35 20 23 08 00 00 00 01 00 00 00 70 00 00 00 54 Aug 26 13:28:14.988272: | 00 02 00 02 9e 09 43 9a 5b c5 0e c6 33 eb 51 ba Aug 26 13:28:14.988273: | a3 16 84 d3 ca 21 d8 68 51 ed e4 dd 61 c3 d2 45 Aug 26 13:28:14.988275: | 64 2b 88 0b 0a c1 4b 47 b3 99 05 2a de ab e2 4a Aug 26 13:28:14.988276: | 87 8a 1c b7 4e ed 83 d4 88 1c 97 c6 dc f9 35 e2 Aug 26 13:28:14.988278: | 83 79 30 06 95 3c c1 7d ea dc 5f 34 43 17 d3 45 Aug 26 13:28:14.988286: | sent 2 fragments Aug 26 13:28:14.988298: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=2000ms Aug 26 13:28:14.988305: "road-east-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Aug 26 13:28:14.988313: | event_schedule: new EVENT_RETRANSMIT-pe@0x561fb413c3c8 Aug 26 13:28:14.988318: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Aug 26 13:28:14.988325: | libevent_malloc: new ptr-libevent@0x561fb413c438 size 128 Aug 26 13:28:14.988332: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11380.730779 Aug 26 13:28:14.988337: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:28:14.988343: | #1 spent 4.68 milliseconds in resume sending helper answer Aug 26 13:28:14.988348: | stop processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:28:14.988353: | libevent_free: release ptr-libevent@0x7faaa8000f48 Aug 26 13:28:14.990441: | spent 0.00244 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:28:14.990460: | *received 65 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Aug 26 13:28:14.990462: | aa ed 6c e9 a9 68 3c 32 f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.990464: | 2e 20 23 20 00 00 00 01 00 00 00 41 29 00 00 25 Aug 26 13:28:14.990466: | 27 99 97 e3 66 6b 7b 60 a6 ac 27 e2 ac 5b 90 17 Aug 26 13:28:14.990467: | f9 19 16 d1 98 de eb 75 25 bb 1a 18 18 28 f8 d8 Aug 26 13:28:14.990469: | 32 Aug 26 13:28:14.990472: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:28:14.990487: | **parse ISAKMP Message: Aug 26 13:28:14.990489: | initiator cookie: Aug 26 13:28:14.990490: | aa ed 6c e9 a9 68 3c 32 Aug 26 13:28:14.990493: | responder cookie: Aug 26 13:28:14.990509: | f7 9a d5 c8 c5 53 a3 16 Aug 26 13:28:14.990512: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:28:14.990514: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:28:14.990517: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:28:14.990519: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:28:14.990522: | Message ID: 1 (0x1) Aug 26 13:28:14.990524: | length: 65 (0x41) Aug 26 13:28:14.990527: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:28:14.990530: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:28:14.990534: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:28:14.990539: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:28:14.990542: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:28:14.990547: | suspend processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:14.990552: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:28:14.990555: | #2 is idle Aug 26 13:28:14.990557: | #2 idle Aug 26 13:28:14.990559: | unpacking clear payload Aug 26 13:28:14.990562: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:28:14.990565: | ***parse IKEv2 Encryption Payload: Aug 26 13:28:14.990568: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:28:14.990571: | flags: none (0x0) Aug 26 13:28:14.990573: | length: 37 (0x25) Aug 26 13:28:14.990576: | processing payload: ISAKMP_NEXT_v2SK (len=33) Aug 26 13:28:14.990579: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:28:14.990595: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:28:14.990598: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:28:14.990601: | **parse IKEv2 Notify Payload: Aug 26 13:28:14.990604: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:28:14.990606: | flags: none (0x0) Aug 26 13:28:14.990609: | length: 8 (0x8) Aug 26 13:28:14.990612: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:28:14.990614: | SPI size: 0 (0x0) Aug 26 13:28:14.990617: | Notify Message Type: v2N_AUTHENTICATION_FAILED (0x18) Aug 26 13:28:14.990620: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:28:14.990623: | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification Aug 26 13:28:14.990626: | Now let's proceed with state specific processing Aug 26 13:28:14.990632: | calling processor Initiator: process AUTHENTICATION_FAILED AUTH notification Aug 26 13:28:14.990636: "road-east-ikev2" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED Aug 26 13:28:14.990646: | pstats #1 ikev2.ike failed auth-failed Aug 26 13:28:14.990650: "road-east-ikev2" #2: scheduling retry attempt 1 of an unlimited number, but releasing whack Aug 26 13:28:14.990656: | release_pending_whacks: state #2 fd@23 .st_dev=9 .st_ino=8897765 Aug 26 13:28:14.990661: | close_any(fd@23) (in release_whack() at state.c:654) Aug 26 13:28:14.990668: | close_any(fd@22) (in release_whack() at state.c:654) Aug 26 13:28:14.990671: | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@23 Aug 26 13:28:14.990676: | libevent_free: release ptr-libevent@0x561fb413c438 Aug 26 13:28:14.990680: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561fb413c3c8 Aug 26 13:28:14.990682: | event_schedule: new EVENT_RETRANSMIT-pe@0x561fb413c3c8 Aug 26 13:28:14.990686: | inserting event EVENT_RETRANSMIT, timeout in 59.997638 seconds for #2 Aug 26 13:28:14.990689: | libevent_malloc: new ptr-libevent@0x7faaa8000f48 size 128 Aug 26 13:28:14.990693: "road-east-ikev2" #2: STATE_PARENT_I2: suppressing retransmits; will wait 59.997638 seconds for retry Aug 26 13:28:14.990698: | #2 spent 0.0613 milliseconds in processing: Initiator: process AUTHENTICATION_FAILED AUTH notification in ikev2_process_state_packet() Aug 26 13:28:14.990704: | [RE]START processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:28:14.990709: | #2 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE Aug 26 13:28:14.990714: | stop processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:28:14.990718: | #1 spent 0.265 milliseconds in ikev2_process_packet() Aug 26 13:28:14.990723: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:28:14.990727: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:28:14.990731: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:28:14.990735: | spent 0.282 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:28:28.257766: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:28.257832: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:28:28.257849: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:28.257878: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:28.257902: | spent 0.155 milliseconds in whack Aug 26 13:28:29.419695: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:29.419738: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:29.419747: | spent 0.0579 milliseconds in whack Aug 26 13:28:29.476041: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:29.476065: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:28:29.476070: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:29.476081: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:29.476089: | spent 0.0544 milliseconds in whack Aug 26 13:28:29.586797: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:29.587191: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:28:29.587198: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:28:29.587257: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:28:29.587261: | FOR_EACH_STATE_... in sort_states Aug 26 13:28:29.587284: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:28:29.587303: | spent 0.506 milliseconds in whack Aug 26 13:28:30.597176: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:28:30.597203: shutting down Aug 26 13:28:30.597213: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:28:30.597217: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:28:30.597219: forgetting secrets Aug 26 13:28:30.597226: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:28:30.597231: | unreference key: 0x561fb4093c48 @north.testing.libreswan.org cnt 1-- Aug 26 13:28:30.597240: | start processing: connection "road-east-ikev2" (in delete_connection() at connections.c:189) Aug 26 13:28:30.597251: | close_any(fd@23) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) Aug 26 13:28:30.597256: | removing pending policy for no connection {0x561fb412d348} Aug 26 13:28:30.597260: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:28:30.597264: | pass 0 Aug 26 13:28:30.597268: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:28:30.597272: | state #2 Aug 26 13:28:30.597278: | suspend processing: connection "road-east-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:30.597287: | start processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:30.597316: | pstats #2 ikev2.child deleted other Aug 26 13:28:30.597324: | #2 spent 0.0613 milliseconds in total Aug 26 13:28:30.597332: | [RE]START processing: state #2 connection "road-east-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:28:30.597338: "road-east-ikev2" #2: deleting state (STATE_PARENT_I2) aged 15.614s and NOT sending notification Aug 26 13:28:30.597344: | child state #2: PARENT_I2(open IKE SA) => delete Aug 26 13:28:30.597350: | child state #2: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) Aug 26 13:28:30.597356: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:28:30.597360: | #2 STATE_CHILDSA_DEL: retransmits: cleared Aug 26 13:28:30.597365: | libevent_free: release ptr-libevent@0x7faaa8000f48 Aug 26 13:28:30.597370: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561fb413c3c8 Aug 26 13:28:30.597376: | priority calculation of connection "road-east-ikev2" is 0xfdfdf Aug 26 13:28:30.597386: | delete inbound eroute 192.1.2.23/32:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Aug 26 13:28:30.597408: | raw_eroute result=success Aug 26 13:28:30.597415: | stop processing: connection "road-east-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:28:30.597418: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:28:30.597421: | in connection_discard for connection road-east-ikev2 Aug 26 13:28:30.597423: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Aug 26 13:28:30.597427: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:28:30.597431: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:28:30.597436: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:28:30.597438: | state #1 Aug 26 13:28:30.597442: | start processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:28:30.597445: | pstats #1 ikev2.ike deleted auth-failed Aug 26 13:28:30.597449: | #1 spent 11.1 milliseconds in total Aug 26 13:28:30.597452: | [RE]START processing: state #1 connection "road-east-ikev2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:28:30.597455: "road-east-ikev2" #1: deleting state (STATE_PARENT_I2) aged 15.622s and NOT sending notification Aug 26 13:28:30.597458: | parent state #1: PARENT_I2(open IKE SA) => delete Aug 26 13:28:30.597460: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:28:30.597463: | libevent_free: release ptr-libevent@0x7faab0002888 Aug 26 13:28:30.597469: | free_event_entry: release EVENT_SA_REPLACE-pe@0x561fb43f06a8 Aug 26 13:28:30.597472: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:28:30.597474: | picked newest_isakmp_sa #0 for #1 Aug 26 13:28:30.597477: "road-east-ikev2" #1: deleting IKE SA for connection 'road-east-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:28:30.597480: | add revival: connection 'road-east-ikev2' added to the list and scheduled for 0 seconds Aug 26 13:28:30.597484: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:28:30.597487: | in connection_discard for connection road-east-ikev2 Aug 26 13:28:30.597489: | State DB: deleting IKEv2 state #1 in PARENT_I2 Aug 26 13:28:30.597492: | parent state #1: PARENT_I2(open IKE SA) => UNDEFINED(ignore) Aug 26 13:28:30.597518: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:28:30.597534: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:28:30.597536: | pass 1 Aug 26 13:28:30.597539: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:28:30.597542: | free hp@0x561fb413c2e8 Aug 26 13:28:30.597545: | flush revival: connection 'road-east-ikev2' revival flushed Aug 26 13:28:30.597548: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:28:30.597558: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:28:30.597561: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:28:30.597569: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:28:30.597572: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:28:30.597575: shutting down interface eth0/eth0 192.1.3.209:4500 Aug 26 13:28:30.597577: shutting down interface eth0/eth0 192.1.3.209:500 Aug 26 13:28:30.597581: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:28:30.597587: | libevent_free: release ptr-libevent@0x561fb412deb8 Aug 26 13:28:30.597590: | free_event_entry: release EVENT_NULL-pe@0x561fb4139ae8 Aug 26 13:28:30.597600: | libevent_free: release ptr-libevent@0x561fb40c34b8 Aug 26 13:28:30.597602: | free_event_entry: release EVENT_NULL-pe@0x561fb4139b98 Aug 26 13:28:30.597609: | libevent_free: release ptr-libevent@0x561fb40c3f38 Aug 26 13:28:30.597611: | free_event_entry: release EVENT_NULL-pe@0x561fb4139c48 Aug 26 13:28:30.597617: | libevent_free: release ptr-libevent@0x561fb40c47e8 Aug 26 13:28:30.597620: | free_event_entry: release EVENT_NULL-pe@0x561fb4139cf8 Aug 26 13:28:30.597625: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:28:30.598072: | libevent_free: release ptr-libevent@0x561fb412df68 Aug 26 13:28:30.598084: | free_event_entry: release EVENT_NULL-pe@0x561fb4121d58 Aug 26 13:28:30.598094: | libevent_free: release ptr-libevent@0x561fb40c3818 Aug 26 13:28:30.598099: | free_event_entry: release EVENT_NULL-pe@0x561fb4121ce8 Aug 26 13:28:30.598104: | libevent_free: release ptr-libevent@0x561fb4105638 Aug 26 13:28:30.598108: | free_event_entry: release EVENT_NULL-pe@0x561fb41211a8 Aug 26 13:28:30.598112: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:28:30.598114: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:28:30.598116: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:28:30.598119: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:28:30.598121: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:28:30.598123: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:28:30.598125: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:28:30.598127: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:28:30.598130: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:28:30.598135: | libevent_free: release ptr-libevent@0x561fb40c1428 Aug 26 13:28:30.598137: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:28:30.598140: | libevent_free: release ptr-libevent@0x561fb40cca58 Aug 26 13:28:30.598142: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:28:30.598145: | libevent_free: release ptr-libevent@0x561fb40c48b8 Aug 26 13:28:30.598150: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:28:30.598153: | libevent_free: release ptr-libevent@0x561fb4139778 Aug 26 13:28:30.598155: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:28:30.598157: | releasing event base Aug 26 13:28:30.598171: | libevent_free: release ptr-libevent@0x561fb4139648 Aug 26 13:28:30.598173: | libevent_free: release ptr-libevent@0x561fb411c598 Aug 26 13:28:30.598177: | libevent_free: release ptr-libevent@0x561fb411c548 Aug 26 13:28:30.598180: | libevent_free: release ptr-libevent@0x561fb411c4d8 Aug 26 13:28:30.598182: | libevent_free: release ptr-libevent@0x561fb411c498 Aug 26 13:28:30.598185: | libevent_free: release ptr-libevent@0x561fb4139278 Aug 26 13:28:30.598187: | libevent_free: release ptr-libevent@0x561fb4139548 Aug 26 13:28:30.598189: | libevent_free: release ptr-libevent@0x561fb411c748 Aug 26 13:28:30.598191: | libevent_free: release ptr-libevent@0x561fb41212b8 Aug 26 13:28:30.598193: | libevent_free: release ptr-libevent@0x561fb4121ca8 Aug 26 13:28:30.598196: | libevent_free: release ptr-libevent@0x561fb43f0948 Aug 26 13:28:30.598198: | libevent_free: release ptr-libevent@0x561fb4139d68 Aug 26 13:28:30.598200: | libevent_free: release ptr-libevent@0x561fb4139cb8 Aug 26 13:28:30.598202: | libevent_free: release ptr-libevent@0x561fb4139c08 Aug 26 13:28:30.598204: | libevent_free: release ptr-libevent@0x561fb4139b58 Aug 26 13:28:30.598207: | libevent_free: release ptr-libevent@0x561fb43ee908 Aug 26 13:28:30.598209: | libevent_free: release ptr-libevent@0x561fb43ee9e8 Aug 26 13:28:30.598211: | libevent_free: release ptr-libevent@0x561fb40c0558 Aug 26 13:28:30.598213: | libevent_free: release ptr-libevent@0x561fb41395c8 Aug 26 13:28:30.598216: | libevent_free: release ptr-libevent@0x561fb4139588 Aug 26 13:28:30.598218: | libevent_free: release ptr-libevent@0x561fb4139448 Aug 26 13:28:30.598220: | libevent_free: release ptr-libevent@0x561fb4139608 Aug 26 13:28:30.598222: | libevent_free: release ptr-libevent@0x561fb4139318 Aug 26 13:28:30.598225: | libevent_free: release ptr-libevent@0x561fb4097908 Aug 26 13:28:30.598227: | libevent_free: release ptr-libevent@0x561fb4097d38 Aug 26 13:28:30.598230: | libevent_free: release ptr-libevent@0x561fb40c08c8 Aug 26 13:28:30.598232: | releasing global libevent data Aug 26 13:28:30.598234: | libevent_free: release ptr-libevent@0x561fb40c35c8 Aug 26 13:28:30.598237: | libevent_free: release ptr-libevent@0x561fb4097cd8 Aug 26 13:28:30.598240: | libevent_free: release ptr-libevent@0x561fb4097dd8 Aug 26 13:28:30.598381: leak detective found no leaks