Aug 26 13:09:53.071662: FIPS Product: YES Aug 26 13:09:53.071755: FIPS Kernel: NO Aug 26 13:09:53.071759: FIPS Mode: NO Aug 26 13:09:53.071761: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:09:53.071899: Initializing NSS Aug 26 13:09:53.071907: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:09:53.096669: NSS initialized Aug 26 13:09:53.096691: NSS crypto library initialized Aug 26 13:09:53.096695: FIPS HMAC integrity support [enabled] Aug 26 13:09:53.096697: FIPS mode disabled for pluto daemon Aug 26 13:09:53.124698: FIPS HMAC integrity verification self-test FAILED Aug 26 13:09:53.124809: libcap-ng support [enabled] Aug 26 13:09:53.124817: Linux audit support [enabled] Aug 26 13:09:53.124849: Linux audit activated Aug 26 13:09:53.124853: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9237 Aug 26 13:09:53.124854: core dump dir: /tmp Aug 26 13:09:53.124856: secrets file: /etc/ipsec.secrets Aug 26 13:09:53.124857: leak-detective enabled Aug 26 13:09:53.124859: NSS crypto [enabled] Aug 26 13:09:53.124860: XAUTH PAM support [enabled] Aug 26 13:09:53.124915: | libevent is using pluto's memory allocator Aug 26 13:09:53.124919: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:09:53.124931: | libevent_malloc: new ptr-libevent@0x564529d170d8 size 40 Aug 26 13:09:53.124936: | libevent_malloc: new ptr-libevent@0x564529cedcd8 size 40 Aug 26 13:09:53.124938: | libevent_malloc: new ptr-libevent@0x564529ceddd8 size 40 Aug 26 13:09:53.124940: | creating event base Aug 26 13:09:53.124942: | libevent_malloc: new ptr-libevent@0x564529d72638 size 56 Aug 26 13:09:53.124945: | libevent_malloc: new ptr-libevent@0x564529d16ce8 size 664 Aug 26 13:09:53.124954: | libevent_malloc: new ptr-libevent@0x564529d726a8 size 24 Aug 26 13:09:53.124955: | libevent_malloc: new ptr-libevent@0x564529d726f8 size 384 Aug 26 13:09:53.124962: | libevent_malloc: new ptr-libevent@0x564529d725f8 size 16 Aug 26 13:09:53.124964: | libevent_malloc: new ptr-libevent@0x564529ced908 size 40 Aug 26 13:09:53.124966: | libevent_malloc: new ptr-libevent@0x564529cedd38 size 48 Aug 26 13:09:53.124969: | libevent_realloc: new ptr-libevent@0x564529d16978 size 256 Aug 26 13:09:53.124971: | libevent_malloc: new ptr-libevent@0x564529d728a8 size 16 Aug 26 13:09:53.124975: | libevent_free: release ptr-libevent@0x564529d72638 Aug 26 13:09:53.124978: | libevent initialized Aug 26 13:09:53.124980: | libevent_realloc: new ptr-libevent@0x564529d72638 size 64 Aug 26 13:09:53.124982: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:09:53.124993: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:09:53.124995: NAT-Traversal support [enabled] Aug 26 13:09:53.124996: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:09:53.125001: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:09:53.125003: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:09:53.125030: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:09:53.125033: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:09:53.125035: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:09:53.125066: Encryption algorithms: Aug 26 13:09:53.125073: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:09:53.125075: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:09:53.125078: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:09:53.125080: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:09:53.125082: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:09:53.125089: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:09:53.125092: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:09:53.125094: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:09:53.125096: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:09:53.125099: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:09:53.125101: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:09:53.125103: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:09:53.125105: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:09:53.125107: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:09:53.125109: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:09:53.125111: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:09:53.125113: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:09:53.125118: Hash algorithms: Aug 26 13:09:53.125119: MD5 IKEv1: IKE IKEv2: Aug 26 13:09:53.125121: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:09:53.125123: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:09:53.125125: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:09:53.125127: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:09:53.125135: PRF algorithms: Aug 26 13:09:53.125137: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:09:53.125139: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:09:53.125141: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:09:53.125143: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:09:53.125145: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:09:53.125147: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:09:53.125163: Integrity algorithms: Aug 26 13:09:53.125165: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:09:53.125167: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:09:53.125170: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:09:53.125172: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:09:53.125174: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:09:53.125176: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:09:53.125178: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:09:53.125180: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:09:53.125182: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:09:53.125190: DH algorithms: Aug 26 13:09:53.125192: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:09:53.125194: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:09:53.125195: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:09:53.125200: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:09:53.125202: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:09:53.125204: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:09:53.125205: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:09:53.125207: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:09:53.125209: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:09:53.125211: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:09:53.125213: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:09:53.125215: testing CAMELLIA_CBC: Aug 26 13:09:53.125217: Camellia: 16 bytes with 128-bit key Aug 26 13:09:53.125330: Camellia: 16 bytes with 128-bit key Aug 26 13:09:53.125366: Camellia: 16 bytes with 256-bit key Aug 26 13:09:53.125384: Camellia: 16 bytes with 256-bit key Aug 26 13:09:53.125401: testing AES_GCM_16: Aug 26 13:09:53.125403: empty string Aug 26 13:09:53.125423: one block Aug 26 13:09:53.125439: two blocks Aug 26 13:09:53.125455: two blocks with associated data Aug 26 13:09:53.125470: testing AES_CTR: Aug 26 13:09:53.125472: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:09:53.125488: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:09:53.125505: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:09:53.125522: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:09:53.125537: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:09:53.125553: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:09:53.125570: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:09:53.125586: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:09:53.125603: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:09:53.125619: testing AES_CBC: Aug 26 13:09:53.125621: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:09:53.125637: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:09:53.125654: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:09:53.125671: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:09:53.125690: testing AES_XCBC: Aug 26 13:09:53.125692: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:09:53.125765: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:09:53.125844: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:09:53.125916: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:09:53.125990: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:09:53.126065: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:09:53.126140: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:09:53.126333: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:09:53.126424: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:09:53.126504: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:09:53.126646: testing HMAC_MD5: Aug 26 13:09:53.126649: RFC 2104: MD5_HMAC test 1 Aug 26 13:09:53.126780: RFC 2104: MD5_HMAC test 2 Aug 26 13:09:53.126902: RFC 2104: MD5_HMAC test 3 Aug 26 13:09:53.127023: 8 CPU cores online Aug 26 13:09:53.127027: starting up 7 crypto helpers Aug 26 13:09:53.127053: started thread for crypto helper 0 Aug 26 13:09:53.127070: started thread for crypto helper 1 Aug 26 13:09:53.127077: | starting up helper thread 1 Aug 26 13:09:53.127086: | starting up helper thread 0 Aug 26 13:09:53.127116: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:09:53.127118: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:53.127111: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:09:53.127110: | starting up helper thread 2 Aug 26 13:09:53.127084: started thread for crypto helper 2 Aug 26 13:09:53.127134: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:09:53.127129: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:53.127145: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:53.127153: started thread for crypto helper 3 Aug 26 13:09:53.127158: | starting up helper thread 3 Aug 26 13:09:53.127171: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:09:53.127175: started thread for crypto helper 4 Aug 26 13:09:53.127175: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:53.127178: | starting up helper thread 4 Aug 26 13:09:53.127188: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:09:53.127190: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:53.127198: started thread for crypto helper 5 Aug 26 13:09:53.127213: started thread for crypto helper 6 Aug 26 13:09:53.127215: | starting up helper thread 6 Aug 26 13:09:53.127217: | checking IKEv1 state table Aug 26 13:09:53.127222: | starting up helper thread 5 Aug 26 13:09:53.127225: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:09:53.127240: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:09:53.127240: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127244: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:53.127247: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:09:53.127253: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:53.127254: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127259: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:09:53.127261: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:09:53.127263: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:09:53.127264: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:53.127266: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:53.127267: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:09:53.127269: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:09:53.127270: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:53.127272: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:09:53.127274: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:09:53.127275: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:53.127277: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:53.127278: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:53.127280: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:09:53.127281: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:53.127283: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:53.127284: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:09:53.127286: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:09:53.127291: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127298: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:09:53.127301: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127303: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127305: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:09:53.127308: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127310: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:53.127312: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:09:53.127315: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:09:53.127317: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:53.127319: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:09:53.127322: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:09:53.127324: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127327: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:09:53.127329: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127332: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:09:53.127334: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:09:53.127339: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:09:53.127341: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:09:53.127342: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:09:53.127344: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:09:53.127346: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:09:53.127347: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127349: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:09:53.127363: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127365: | INFO: category: informational flags: 0: Aug 26 13:09:53.127366: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127368: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:09:53.127369: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127371: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:09:53.127388: | -> XAUTH_R1 EVENT_NULL Aug 26 13:09:53.127390: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:09:53.127392: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:09:53.127393: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:09:53.127395: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:09:53.127397: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:09:53.127398: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:09:53.127400: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:09:53.127401: | -> UNDEFINED EVENT_NULL Aug 26 13:09:53.127403: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:09:53.127404: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:09:53.127406: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:09:53.127408: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:09:53.127409: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:09:53.127411: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:09:53.127429: | checking IKEv2 state table Aug 26 13:09:53.127433: | PARENT_I0: category: ignore flags: 0: Aug 26 13:09:53.127435: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:09:53.127437: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127439: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:09:53.127440: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:09:53.127442: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:09:53.127444: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:09:53.127446: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:09:53.127447: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:09:53.127449: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:09:53.127451: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:09:53.127453: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:09:53.127454: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:09:53.127456: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:09:53.127458: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:09:53.127459: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:09:53.127461: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127463: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:09:53.127464: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:09:53.127466: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:09:53.127468: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:09:53.127469: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:09:53.127471: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:09:53.127474: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:09:53.127476: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:09:53.127477: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:09:53.127479: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:09:53.127481: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:09:53.127483: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:09:53.127484: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:09:53.127486: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:09:53.127488: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:53.127490: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:09:53.127491: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:09:53.127493: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:09:53.127495: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:09:53.127497: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:09:53.127499: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:09:53.127500: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:09:53.127502: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:09:53.127504: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:09:53.127505: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:09:53.127507: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:09:53.127509: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:09:53.127511: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:09:53.127512: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:09:53.127514: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:09:53.127523: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:09:53.127900: | Hard-wiring algorithms Aug 26 13:09:53.127907: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:09:53.127912: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:09:53.127915: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:09:53.127918: | adding 3DES_CBC to kernel algorithm db Aug 26 13:09:53.127920: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:09:53.127923: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:09:53.127926: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:09:53.127928: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:09:53.127931: | adding AES_CTR to kernel algorithm db Aug 26 13:09:53.127934: | adding AES_CBC to kernel algorithm db Aug 26 13:09:53.127937: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:09:53.127940: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:09:53.127943: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:09:53.127945: | adding NULL to kernel algorithm db Aug 26 13:09:53.127948: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:09:53.127951: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:09:53.127953: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:09:53.127956: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:09:53.127958: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:09:53.127961: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:09:53.127964: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:09:53.127966: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:09:53.127969: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:09:53.127971: | adding NONE to kernel algorithm db Aug 26 13:09:53.127994: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:09:53.128000: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:09:53.128003: | setup kernel fd callback Aug 26 13:09:53.128007: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x564529d771b8 Aug 26 13:09:53.128012: | libevent_malloc: new ptr-libevent@0x564529d5b688 size 128 Aug 26 13:09:53.128015: | libevent_malloc: new ptr-libevent@0x564529d772c8 size 16 Aug 26 13:09:53.128021: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x564529d77cf8 Aug 26 13:09:53.128025: | libevent_malloc: new ptr-libevent@0x564529d18238 size 128 Aug 26 13:09:53.128028: | libevent_malloc: new ptr-libevent@0x564529d77cb8 size 16 Aug 26 13:09:53.128231: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:09:53.128241: selinux support is enabled. Aug 26 13:09:53.128771: | unbound context created - setting debug level to 5 Aug 26 13:09:53.128793: | /etc/hosts lookups activated Aug 26 13:09:53.128803: | /etc/resolv.conf usage activated Aug 26 13:09:53.128840: | outgoing-port-avoid set 0-65535 Aug 26 13:09:53.128857: | outgoing-port-permit set 32768-60999 Aug 26 13:09:53.128859: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:09:53.128861: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:09:53.128863: | Setting up events, loop start Aug 26 13:09:53.128866: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x564529d77d68 Aug 26 13:09:53.128868: | libevent_malloc: new ptr-libevent@0x564529d83f68 size 128 Aug 26 13:09:53.128870: | libevent_malloc: new ptr-libevent@0x564529d8f238 size 16 Aug 26 13:09:53.128875: | libevent_realloc: new ptr-libevent@0x564529d8f278 size 256 Aug 26 13:09:53.128877: | libevent_malloc: new ptr-libevent@0x564529d8f3a8 size 8 Aug 26 13:09:53.128879: | libevent_realloc: new ptr-libevent@0x564529d177e8 size 144 Aug 26 13:09:53.128880: | libevent_malloc: new ptr-libevent@0x564529d22678 size 152 Aug 26 13:09:53.128883: | libevent_malloc: new ptr-libevent@0x564529d8f3e8 size 16 Aug 26 13:09:53.128885: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:09:53.128887: | libevent_malloc: new ptr-libevent@0x564529d8f428 size 8 Aug 26 13:09:53.128889: | libevent_malloc: new ptr-libevent@0x564529d1a498 size 152 Aug 26 13:09:53.128891: | signal event handler PLUTO_SIGTERM installed Aug 26 13:09:53.128893: | libevent_malloc: new ptr-libevent@0x564529d8f468 size 8 Aug 26 13:09:53.128894: | libevent_malloc: new ptr-libevent@0x564529d8f4a8 size 152 Aug 26 13:09:53.128896: | signal event handler PLUTO_SIGHUP installed Aug 26 13:09:53.128898: | libevent_malloc: new ptr-libevent@0x564529d8f578 size 8 Aug 26 13:09:53.128899: | libevent_realloc: release ptr-libevent@0x564529d177e8 Aug 26 13:09:53.128901: | libevent_realloc: new ptr-libevent@0x564529d8f5b8 size 256 Aug 26 13:09:53.128903: | libevent_malloc: new ptr-libevent@0x564529d8f6e8 size 152 Aug 26 13:09:53.128905: | signal event handler PLUTO_SIGSYS installed Aug 26 13:09:53.129145: | created addconn helper (pid:9293) using fork+execve Aug 26 13:09:53.129157: | forked child 9293 Aug 26 13:09:53.129191: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.129333: listening for IKE messages Aug 26 13:09:53.129575: | Inspecting interface lo Aug 26 13:09:53.129581: | found lo with address 127.0.0.1 Aug 26 13:09:53.129582: | Inspecting interface eth0 Aug 26 13:09:53.129585: | found eth0 with address 192.0.2.254 Aug 26 13:09:53.129587: | Inspecting interface eth0 Aug 26 13:09:53.129589: | found eth0 with address 192.0.22.251 Aug 26 13:09:53.129591: | Inspecting interface eth0 Aug 26 13:09:53.129593: | found eth0 with address 192.0.22.254 Aug 26 13:09:53.129595: | Inspecting interface eth0 Aug 26 13:09:53.129597: | found eth0 with address 192.0.2.251 Aug 26 13:09:53.129599: | Inspecting interface eth1 Aug 26 13:09:53.129601: | found eth1 with address 192.1.2.23 Aug 26 13:09:53.129685: Kernel supports NIC esp-hw-offload Aug 26 13:09:53.129697: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:09:53.129734: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129739: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129741: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:09:53.129761: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.251:500 Aug 26 13:09:53.129779: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129782: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129785: adding interface eth0/eth0 192.0.2.251:4500 Aug 26 13:09:53.129804: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.254:500 Aug 26 13:09:53.129821: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129825: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129827: adding interface eth0/eth0 192.0.22.254:4500 Aug 26 13:09:53.129845: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.22.251:500 Aug 26 13:09:53.129862: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129865: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129867: adding interface eth0/eth0 192.0.22.251:4500 Aug 26 13:09:53.129887: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:09:53.129905: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129908: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129910: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:09:53.129931: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:09:53.129948: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:09:53.129951: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:09:53.129954: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:09:53.130014: | no interfaces to sort Aug 26 13:09:53.130018: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:09:53.130025: | add_fd_read_event_handler: new ethX-pe@0x564529d8ffd8 Aug 26 13:09:53.130028: | libevent_malloc: new ptr-libevent@0x564529d83eb8 size 128 Aug 26 13:09:53.130030: | libevent_malloc: new ptr-libevent@0x564529d90048 size 16 Aug 26 13:09:53.130034: | setup callback for interface lo 127.0.0.1:4500 fd 28 Aug 26 13:09:53.130036: | add_fd_read_event_handler: new ethX-pe@0x564529d90088 Aug 26 13:09:53.130039: | libevent_malloc: new ptr-libevent@0x564529d18188 size 128 Aug 26 13:09:53.130040: | libevent_malloc: new ptr-libevent@0x564529d900f8 size 16 Aug 26 13:09:53.130043: | setup callback for interface lo 127.0.0.1:500 fd 27 Aug 26 13:09:53.130045: | add_fd_read_event_handler: new ethX-pe@0x564529d90138 Aug 26 13:09:53.130048: | libevent_malloc: new ptr-libevent@0x564529d19ae8 size 128 Aug 26 13:09:53.130049: | libevent_malloc: new ptr-libevent@0x564529d901a8 size 16 Aug 26 13:09:53.130052: | setup callback for interface eth0 192.0.2.254:4500 fd 26 Aug 26 13:09:53.130054: | add_fd_read_event_handler: new ethX-pe@0x564529d90858 Aug 26 13:09:53.130057: | libevent_malloc: new ptr-libevent@0x564529d1a358 size 128 Aug 26 13:09:53.130058: | libevent_malloc: new ptr-libevent@0x564529d908c8 size 16 Aug 26 13:09:53.130061: | setup callback for interface eth0 192.0.2.254:500 fd 25 Aug 26 13:09:53.130063: | add_fd_read_event_handler: new ethX-pe@0x564529d90908 Aug 26 13:09:53.130065: | libevent_malloc: new ptr-libevent@0x564529cee4e8 size 128 Aug 26 13:09:53.130066: | libevent_malloc: new ptr-libevent@0x564529d90978 size 16 Aug 26 13:09:53.130069: | setup callback for interface eth0 192.0.22.251:4500 fd 24 Aug 26 13:09:53.130071: | add_fd_read_event_handler: new ethX-pe@0x564529d909b8 Aug 26 13:09:53.130073: | libevent_malloc: new ptr-libevent@0x564529cee1d8 size 128 Aug 26 13:09:53.130074: | libevent_malloc: new ptr-libevent@0x564529d90a28 size 16 Aug 26 13:09:53.130079: | setup callback for interface eth0 192.0.22.251:500 fd 23 Aug 26 13:09:53.130081: | add_fd_read_event_handler: new ethX-pe@0x564529d90a68 Aug 26 13:09:53.130083: | libevent_malloc: new ptr-libevent@0x564529d90ad8 size 128 Aug 26 13:09:53.130085: | libevent_malloc: new ptr-libevent@0x564529d90b88 size 16 Aug 26 13:09:53.130088: | setup callback for interface eth0 192.0.22.254:4500 fd 22 Aug 26 13:09:53.130089: | add_fd_read_event_handler: new ethX-pe@0x564529d90bc8 Aug 26 13:09:53.130091: | libevent_malloc: new ptr-libevent@0x564529d90c38 size 128 Aug 26 13:09:53.130093: | libevent_malloc: new ptr-libevent@0x564529d90ce8 size 16 Aug 26 13:09:53.130095: | setup callback for interface eth0 192.0.22.254:500 fd 21 Aug 26 13:09:53.130097: | add_fd_read_event_handler: new ethX-pe@0x564529d90d28 Aug 26 13:09:53.130099: | libevent_malloc: new ptr-libevent@0x564529d90d98 size 128 Aug 26 13:09:53.130100: | libevent_malloc: new ptr-libevent@0x564529d90e48 size 16 Aug 26 13:09:53.130103: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Aug 26 13:09:53.130105: | add_fd_read_event_handler: new ethX-pe@0x564529d90e88 Aug 26 13:09:53.130107: | libevent_malloc: new ptr-libevent@0x564529d90ef8 size 128 Aug 26 13:09:53.130108: | libevent_malloc: new ptr-libevent@0x564529d90fa8 size 16 Aug 26 13:09:53.130111: | setup callback for interface eth0 192.0.2.251:500 fd 19 Aug 26 13:09:53.130115: | add_fd_read_event_handler: new ethX-pe@0x564529d90fe8 Aug 26 13:09:53.130116: | libevent_malloc: new ptr-libevent@0x564529d91058 size 128 Aug 26 13:09:53.130118: | libevent_malloc: new ptr-libevent@0x564529d91108 size 16 Aug 26 13:09:53.130121: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:53.130123: | add_fd_read_event_handler: new ethX-pe@0x564529d91148 Aug 26 13:09:53.130124: | libevent_malloc: new ptr-libevent@0x564529d911b8 size 128 Aug 26 13:09:53.130126: | libevent_malloc: new ptr-libevent@0x564529d91268 size 16 Aug 26 13:09:53.130129: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:53.130132: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:53.130133: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:53.130148: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:53.130162: | saving Modulus Aug 26 13:09:53.130166: | saving PublicExponent Aug 26 13:09:53.130168: | ignoring PrivateExponent Aug 26 13:09:53.130170: | ignoring Prime1 Aug 26 13:09:53.130172: | ignoring Prime2 Aug 26 13:09:53.130174: | ignoring Exponent1 Aug 26 13:09:53.130176: | ignoring Exponent2 Aug 26 13:09:53.130178: | ignoring Coefficient Aug 26 13:09:53.130180: | ignoring CKAIDNSS Aug 26 13:09:53.130203: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:53.130205: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:53.130208: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:53.130213: | certs and keys locked by 'process_secret' Aug 26 13:09:53.130217: | certs and keys unlocked by 'process_secret' Aug 26 13:09:53.130225: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.130233: | spent 1.04 milliseconds in whack Aug 26 13:09:53.147043: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147062: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147064: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:53.147066: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147068: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:53.147071: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147076: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:53.147079: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:53.147097: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 13:09:53.147100: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 13:09:53.147114: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 13:09:53.147117: | counting wild cards for @north is 0 Aug 26 13:09:53.147120: | counting wild cards for @east is 0 Aug 26 13:09:53.147127: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 13:09:53.147129: | new hp@0x564529d91dc8 Aug 26 13:09:53.147132: added connection description "north-eastnets/0x1" Aug 26 13:09:53.147140: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:53.147147: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Aug 26 13:09:53.147153: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147158: | spent 0.124 milliseconds in whack Aug 26 13:09:53.147176: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147183: add keyid @north Aug 26 13:09:53.147185: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:09:53.147187: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:09:53.147188: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:09:53.147190: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:09:53.147191: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:09:53.147193: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:09:53.147194: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:09:53.147196: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:09:53.147197: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:09:53.147199: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:09:53.147200: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:09:53.147202: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:09:53.147203: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:09:53.147204: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:09:53.147206: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:09:53.147207: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:09:53.147209: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:09:53.147210: | add pubkey c7 5e a5 99 Aug 26 13:09:53.147226: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:53.147228: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:53.147235: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147238: | spent 0.0645 milliseconds in whack Aug 26 13:09:53.147254: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147259: add keyid @east Aug 26 13:09:53.147261: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:09:53.147263: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:09:53.147264: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:09:53.147266: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:09:53.147267: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:09:53.147269: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:09:53.147270: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:09:53.147271: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:09:53.147273: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:09:53.147274: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:09:53.147276: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:09:53.147280: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:09:53.147281: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:09:53.147283: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:09:53.147284: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:09:53.147286: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:09:53.147287: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:09:53.147295: | add pubkey 51 51 48 ef Aug 26 13:09:53.147302: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:53.147304: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:53.147309: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147313: | spent 0.0576 milliseconds in whack Aug 26 13:09:53.147394: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147407: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147409: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:53.147411: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147413: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:09:53.147415: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.147419: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:53.147421: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:09:53.147435: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 13:09:53.147437: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 13:09:53.147446: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 13:09:53.147448: | counting wild cards for @north is 0 Aug 26 13:09:53.147450: | counting wild cards for @east is 0 Aug 26 13:09:53.147455: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:53.147458: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x564529d91dc8: north-eastnets/0x1 Aug 26 13:09:53.147460: added connection description "north-eastnets/0x2" Aug 26 13:09:53.147467: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:09:53.147473: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.0/24 Aug 26 13:09:53.147479: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147482: | spent 0.0935 milliseconds in whack Aug 26 13:09:53.147502: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147510: add keyid @north Aug 26 13:09:53.147513: | unreference key: 0x564529ce9c48 @north cnt 1-- Aug 26 13:09:53.147516: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:09:53.147518: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:09:53.147519: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:09:53.147521: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:09:53.147522: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:09:53.147524: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:09:53.147525: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:09:53.147527: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:09:53.147528: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:09:53.147530: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:09:53.147531: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:09:53.147532: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:09:53.147534: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:09:53.147538: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:09:53.147540: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:09:53.147541: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:09:53.147543: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:09:53.147544: | add pubkey c7 5e a5 99 Aug 26 13:09:53.147551: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:09:53.147552: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:09:53.147558: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147562: | spent 0.0629 milliseconds in whack Aug 26 13:09:53.147622: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147634: add keyid @east Aug 26 13:09:53.147637: | unreference key: 0x564529d92138 @east cnt 1-- Aug 26 13:09:53.147640: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:09:53.147642: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:09:53.147643: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:09:53.147645: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:09:53.147646: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:09:53.147648: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:09:53.147649: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:09:53.147651: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:09:53.147652: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:09:53.147654: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:09:53.147655: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:09:53.147657: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:09:53.147658: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:09:53.147660: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:09:53.147661: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:09:53.147663: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:09:53.147664: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:09:53.147666: | add pubkey 51 51 48 ef Aug 26 13:09:53.147672: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:53.147674: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:53.147681: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.147685: | spent 0.069 milliseconds in whack Aug 26 13:09:53.147700: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.147708: listening for IKE messages Aug 26 13:09:53.147735: | Inspecting interface lo Aug 26 13:09:53.147740: | found lo with address 127.0.0.1 Aug 26 13:09:53.147742: | Inspecting interface eth0 Aug 26 13:09:53.147744: | found eth0 with address 192.0.2.254 Aug 26 13:09:53.147746: | Inspecting interface eth0 Aug 26 13:09:53.147748: | found eth0 with address 192.0.22.251 Aug 26 13:09:53.147750: | Inspecting interface eth0 Aug 26 13:09:53.147752: | found eth0 with address 192.0.22.254 Aug 26 13:09:53.147754: | Inspecting interface eth0 Aug 26 13:09:53.147756: | found eth0 with address 192.0.2.251 Aug 26 13:09:53.147758: | Inspecting interface eth1 Aug 26 13:09:53.147760: | found eth1 with address 192.1.2.23 Aug 26 13:09:53.147808: | no interfaces to sort Aug 26 13:09:53.147814: | libevent_free: release ptr-libevent@0x564529d83eb8 Aug 26 13:09:53.147816: | free_event_entry: release EVENT_NULL-pe@0x564529d8ffd8 Aug 26 13:09:53.147818: | add_fd_read_event_handler: new ethX-pe@0x564529d8ffd8 Aug 26 13:09:53.147821: | libevent_malloc: new ptr-libevent@0x564529d933a8 size 128 Aug 26 13:09:53.147828: | setup callback for interface lo 127.0.0.1:4500 fd 28 Aug 26 13:09:53.147831: | libevent_free: release ptr-libevent@0x564529d18188 Aug 26 13:09:53.147833: | free_event_entry: release EVENT_NULL-pe@0x564529d90088 Aug 26 13:09:53.147835: | add_fd_read_event_handler: new ethX-pe@0x564529d90088 Aug 26 13:09:53.147836: | libevent_malloc: new ptr-libevent@0x564529d18188 size 128 Aug 26 13:09:53.147839: | setup callback for interface lo 127.0.0.1:500 fd 27 Aug 26 13:09:53.147842: | libevent_free: release ptr-libevent@0x564529d19ae8 Aug 26 13:09:53.147843: | free_event_entry: release EVENT_NULL-pe@0x564529d90138 Aug 26 13:09:53.147845: | add_fd_read_event_handler: new ethX-pe@0x564529d90138 Aug 26 13:09:53.147847: | libevent_malloc: new ptr-libevent@0x564529d19ae8 size 128 Aug 26 13:09:53.147850: | setup callback for interface eth0 192.0.2.254:4500 fd 26 Aug 26 13:09:53.147852: | libevent_free: release ptr-libevent@0x564529d1a358 Aug 26 13:09:53.147854: | free_event_entry: release EVENT_NULL-pe@0x564529d90858 Aug 26 13:09:53.147856: | add_fd_read_event_handler: new ethX-pe@0x564529d90858 Aug 26 13:09:53.147857: | libevent_malloc: new ptr-libevent@0x564529d1a358 size 128 Aug 26 13:09:53.147860: | setup callback for interface eth0 192.0.2.254:500 fd 25 Aug 26 13:09:53.147863: | libevent_free: release ptr-libevent@0x564529cee4e8 Aug 26 13:09:53.147865: | free_event_entry: release EVENT_NULL-pe@0x564529d90908 Aug 26 13:09:53.147866: | add_fd_read_event_handler: new ethX-pe@0x564529d90908 Aug 26 13:09:53.147868: | libevent_malloc: new ptr-libevent@0x564529cee4e8 size 128 Aug 26 13:09:53.147871: | setup callback for interface eth0 192.0.22.251:4500 fd 24 Aug 26 13:09:53.147873: | libevent_free: release ptr-libevent@0x564529cee1d8 Aug 26 13:09:53.147875: | free_event_entry: release EVENT_NULL-pe@0x564529d909b8 Aug 26 13:09:53.147877: | add_fd_read_event_handler: new ethX-pe@0x564529d909b8 Aug 26 13:09:53.147878: | libevent_malloc: new ptr-libevent@0x564529cee1d8 size 128 Aug 26 13:09:53.147881: | setup callback for interface eth0 192.0.22.251:500 fd 23 Aug 26 13:09:53.147883: | libevent_free: release ptr-libevent@0x564529d90ad8 Aug 26 13:09:53.147885: | free_event_entry: release EVENT_NULL-pe@0x564529d90a68 Aug 26 13:09:53.147887: | add_fd_read_event_handler: new ethX-pe@0x564529d90a68 Aug 26 13:09:53.147888: | libevent_malloc: new ptr-libevent@0x564529d90ad8 size 128 Aug 26 13:09:53.147891: | setup callback for interface eth0 192.0.22.254:4500 fd 22 Aug 26 13:09:53.147894: | libevent_free: release ptr-libevent@0x564529d90c38 Aug 26 13:09:53.147895: | free_event_entry: release EVENT_NULL-pe@0x564529d90bc8 Aug 26 13:09:53.147897: | add_fd_read_event_handler: new ethX-pe@0x564529d90bc8 Aug 26 13:09:53.147898: | libevent_malloc: new ptr-libevent@0x564529d90c38 size 128 Aug 26 13:09:53.147901: | setup callback for interface eth0 192.0.22.254:500 fd 21 Aug 26 13:09:53.147904: | libevent_free: release ptr-libevent@0x564529d90d98 Aug 26 13:09:53.147905: | free_event_entry: release EVENT_NULL-pe@0x564529d90d28 Aug 26 13:09:53.147907: | add_fd_read_event_handler: new ethX-pe@0x564529d90d28 Aug 26 13:09:53.147909: | libevent_malloc: new ptr-libevent@0x564529d90d98 size 128 Aug 26 13:09:53.147912: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Aug 26 13:09:53.147914: | libevent_free: release ptr-libevent@0x564529d90ef8 Aug 26 13:09:53.147915: | free_event_entry: release EVENT_NULL-pe@0x564529d90e88 Aug 26 13:09:53.147917: | add_fd_read_event_handler: new ethX-pe@0x564529d90e88 Aug 26 13:09:53.147919: | libevent_malloc: new ptr-libevent@0x564529d90ef8 size 128 Aug 26 13:09:53.147922: | setup callback for interface eth0 192.0.2.251:500 fd 19 Aug 26 13:09:53.147924: | libevent_free: release ptr-libevent@0x564529d91058 Aug 26 13:09:53.147926: | free_event_entry: release EVENT_NULL-pe@0x564529d90fe8 Aug 26 13:09:53.147927: | add_fd_read_event_handler: new ethX-pe@0x564529d90fe8 Aug 26 13:09:53.147929: | libevent_malloc: new ptr-libevent@0x564529d91058 size 128 Aug 26 13:09:53.147932: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:09:53.147936: | libevent_free: release ptr-libevent@0x564529d911b8 Aug 26 13:09:53.147938: | free_event_entry: release EVENT_NULL-pe@0x564529d91148 Aug 26 13:09:53.147939: | add_fd_read_event_handler: new ethX-pe@0x564529d91148 Aug 26 13:09:53.147941: | libevent_malloc: new ptr-libevent@0x564529d911b8 size 128 Aug 26 13:09:53.147944: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:09:53.147946: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:09:53.147948: forgetting secrets Aug 26 13:09:53.147953: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:09:53.147966: loading secrets from "/etc/ipsec.secrets" Aug 26 13:09:53.147976: | saving Modulus Aug 26 13:09:53.147979: | saving PublicExponent Aug 26 13:09:53.147981: | ignoring PrivateExponent Aug 26 13:09:53.147983: | ignoring Prime1 Aug 26 13:09:53.147985: | ignoring Prime2 Aug 26 13:09:53.147987: | ignoring Exponent1 Aug 26 13:09:53.147989: | ignoring Exponent2 Aug 26 13:09:53.147991: | ignoring Coefficient Aug 26 13:09:53.147993: | ignoring CKAIDNSS Aug 26 13:09:53.148000: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:09:53.148002: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:09:53.148004: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:09:53.148008: | certs and keys locked by 'process_secret' Aug 26 13:09:53.148010: | certs and keys unlocked by 'process_secret' Aug 26 13:09:53.148016: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.148020: | spent 0.323 milliseconds in whack Aug 26 13:09:53.148033: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.148039: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.148042: | start processing: connection "north-eastnets/0x1" (in whack_route_connection() at rcv_whack.c:106) Aug 26 13:09:53.148045: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:53.148047: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:53.148049: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.148051: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:53.148052: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.148054: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:53.148057: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:53.148059: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:53.148060: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:53.148062: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.148064: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:53.148065: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.148067: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:53.148069: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:09:53.148071: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Aug 26 13:09:53.148074: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:53.148076: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:53.148078: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:53.148082: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:53.148116: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:53.148119: | route_and_eroute: firewall_notified: true Aug 26 13:09:53.148121: | running updown command "ipsec _updown" for verb prepare Aug 26 13:09:53.148123: | command executing prepare-client Aug 26 13:09:53.148139: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:09:53.148147: | popen cmd is 1030 chars long Aug 26 13:09:53.148168: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Aug 26 13:09:53.148171: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' P: Aug 26 13:09:53.148175: | cmd( 160):LUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0: Aug 26 13:09:53.148178: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 13:09:53.148181: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID: Aug 26 13:09:53.148197: | cmd( 400):='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLU: Aug 26 13:09:53.148200: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Aug 26 13:09:53.148203: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI: Aug 26 13:09:53.148206: | cmd( 640):G+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K: Aug 26 13:09:53.148209: | cmd( 720):IND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Aug 26 13:09:53.148212: | cmd( 800):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Aug 26 13:09:53.148215: | cmd( 880):TO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Aug 26 13:09:53.148218: | cmd( 960):ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:53.155426: | running updown command "ipsec _updown" for verb route Aug 26 13:09:53.155437: | command executing route-client Aug 26 13:09:53.155457: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN Aug 26 13:09:53.155460: | popen cmd is 1028 chars long Aug 26 13:09:53.155462: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Aug 26 13:09:53.155463: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLU: Aug 26 13:09:53.155465: | cmd( 160):TO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' : Aug 26 13:09:53.155467: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Aug 26 13:09:53.155472: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID=': Aug 26 13:09:53.155473: | cmd( 400):@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO: Aug 26 13:09:53.155475: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:09:53.155477: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Aug 26 13:09:53.155478: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Aug 26 13:09:53.155480: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:09:53.155482: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:09:53.155483: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:09:53.155485: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:09:53.165948: | stop processing: connection "north-eastnets/0x1" (in whack_route_connection() at rcv_whack.c:116) Aug 26 13:09:53.165970: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.165979: | spent 1.2 milliseconds in whack Aug 26 13:09:53.165991: | kernel_process_msg_cb process netlink message Aug 26 13:09:53.166246: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:09:53.166249: | xfrm netlink msg len 376 Aug 26 13:09:53.166251: | xfrm acquire rtattribute type 5 Aug 26 13:09:53.166253: | xfrm acquire rtattribute type 16 Aug 26 13:09:53.166263: | add bare shunt 0x564529d92528 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.166268: initiate on demand from 192.0.2.254:8 to 192.0.3.254:0 proto=1 because: acquire Aug 26 13:09:53.166272: | find_connection: looking for policy for connection: 192.0.2.254:1/8 -> 192.0.3.254:1/0 Aug 26 13:09:53.166274: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:09:53.166277: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24 -> 192.0.3.0/24 [pri: 25214986] Aug 26 13:09:53.166279: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x564529d91308} (child none) Aug 26 13:09:53.166282: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x564529d91308} kind=CK_PERMANENT Aug 26 13:09:53.166284: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:09:53.166285: | assign_holdpass() need broad(er) shunt Aug 26 13:09:53.166287: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:53.166298: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:09:53.166302: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:09:53.166321: | raw_eroute result=success Aug 26 13:09:53.166323: | assign_holdpass() eroute_connection() done Aug 26 13:09:53.166324: | fiddle_bare_shunt called Aug 26 13:09:53.166326: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:09:53.166328: | removing specific host-to-host bare shunt Aug 26 13:09:53.166331: | delete narrow %hold eroute 192.0.2.254/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Aug 26 13:09:53.166333: | netlink_raw_eroute: SPI_PASS Aug 26 13:09:53.166359: | raw_eroute result=success Aug 26 13:09:53.166361: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:09:53.166365: | delete bare shunt 0x564529d92528 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.166366: assign_holdpass() delete_bare_shunt() failed Aug 26 13:09:53.166368: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:09:53.166370: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:53.166385: | creating state object #1 at 0x564529d93458 Aug 26 13:09:53.166392: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:09:53.166398: | pstats #1 ikev2.ike started Aug 26 13:09:53.166401: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:53.166404: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Aug 26 13:09:53.166407: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:53.166414: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_parent_outI1() at ikev2_parent.c:535) Aug 26 13:09:53.166416: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Aug 26 13:09:53.166419: | Queuing pending IPsec SA negotiating with 192.1.3.33 "north-eastnets/0x1" IKE SA #1 "north-eastnets/0x1" Aug 26 13:09:53.166423: "north-eastnets/0x1" #1: initiating v2 parent SA Aug 26 13:09:53.166425: | constructing local IKE proposals for north-eastnets/0x1 (IKE SA initiator selecting KE) Aug 26 13:09:53.166429: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Aug 26 13:09:53.166434: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:53.166437: "north-eastnets/0x1": constructed local IKE proposals for north-eastnets/0x1 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:53.166441: | adding ikev2_outI1 KE work-order 1 for state #1 Aug 26 13:09:53.166443: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529d91ea8 Aug 26 13:09:53.166446: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:53.166449: | libevent_malloc: new ptr-libevent@0x564529d83eb8 size 128 Aug 26 13:09:53.166460: | #1 spent 0.19 milliseconds in ikev2_parent_outI1() Aug 26 13:09:53.166463: | RESET processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_parent_outI1() at ikev2_parent.c:610) Aug 26 13:09:53.166466: | initiate on demand using RSASIG from 192.0.2.254 to 192.0.3.254 Aug 26 13:09:53.166470: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:09:53.166471: | xfrm netlink msg len 376 Aug 26 13:09:53.166473: | xfrm acquire rtattribute type 5 Aug 26 13:09:53.166474: | xfrm acquire rtattribute type 16 Aug 26 13:09:53.166478: | add bare shunt 0x564529d92528 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.166482: initiate on demand from 192.0.2.251:8 to 192.0.3.254:0 proto=1 because: acquire Aug 26 13:09:53.166485: | find_connection: looking for policy for connection: 192.0.2.251:1/8 -> 192.0.3.254:1/0 Aug 26 13:09:53.166486: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:09:53.166489: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24 -> 192.0.3.0/24 [pri: 25214986] Aug 26 13:09:53.166491: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x564529d91308} (child none) Aug 26 13:09:53.166493: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x564529d91308} kind=CK_PERMANENT Aug 26 13:09:53.166494: | crypto helper 0 resuming Aug 26 13:09:53.166495: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:09:53.166509: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:09:53.166510: | assign_holdpass() need broad(er) shunt Aug 26 13:09:53.166514: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:53.166514: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Aug 26 13:09:53.166520: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:09:53.166528: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:09:53.166530: | raw_eroute result=success Aug 26 13:09:53.166531: | assign_holdpass() eroute_connection() done Aug 26 13:09:53.166533: | fiddle_bare_shunt called Aug 26 13:09:53.166534: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:09:53.166537: | removing specific host-to-host bare shunt Aug 26 13:09:53.166540: | delete narrow %hold eroute 192.0.2.251/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Aug 26 13:09:53.166542: | netlink_raw_eroute: SPI_PASS Aug 26 13:09:53.166548: | raw_eroute result=success Aug 26 13:09:53.166550: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:09:53.166553: | delete bare shunt 0x564529d92528 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.166555: assign_holdpass() delete_bare_shunt() failed Aug 26 13:09:53.166557: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:09:53.166558: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:53.166561: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x1" Aug 26 13:09:53.166564: | initiate on demand using RSASIG from 192.0.2.251 to 192.0.3.254 Aug 26 13:09:53.166568: | spent 0.566 milliseconds in kernel message Aug 26 13:09:53.166574: | processing signal PLUTO_SIGCHLD Aug 26 13:09:53.166578: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:09:53.166581: | spent 0.00399 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:53.166582: | processing signal PLUTO_SIGCHLD Aug 26 13:09:53.166585: | waitpid returned nothing left to do (all child processes are busy) Aug 26 13:09:53.166587: | spent 0.00241 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:53.166598: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.166606: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:09:53.166609: | start processing: connection "north-eastnets/0x2" (in whack_route_connection() at rcv_whack.c:106) Aug 26 13:09:53.166611: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:53.166613: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:53.166615: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.166617: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:53.166618: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.166620: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:53.166623: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Aug 26 13:09:53.166625: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:53.166627: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:53.166628: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.166630: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:53.166632: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:53.166633: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:53.166636: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Aug 26 13:09:53.166638: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x564529d91458} and state: #0 Aug 26 13:09:53.166640: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'add' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:09:53.166642: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:09:53.166644: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:53.166646: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:53.166683: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:53.166686: | route_and_eroute: firewall_notified: true Aug 26 13:09:53.166688: | stop processing: connection "north-eastnets/0x2" (in whack_route_connection() at rcv_whack.c:116) Aug 26 13:09:53.166697: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.166705: | spent 0.112 milliseconds in whack Aug 26 13:09:53.167410: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000894 seconds Aug 26 13:09:53.167426: | (#1) spent 0.895 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Aug 26 13:09:53.167431: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:09:53.167434: | scheduling resume sending helper answer for #1 Aug 26 13:09:53.167438: | libevent_malloc: new ptr-libevent@0x7f511c002888 size 128 Aug 26 13:09:53.167448: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:53.167457: | processing resume sending helper answer for #1 Aug 26 13:09:53.167468: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:797) Aug 26 13:09:53.167472: | crypto helper 0 replies to request ID 1 Aug 26 13:09:53.167475: | calling continuation function 0x564528dcdb50 Aug 26 13:09:53.167478: | ikev2_parent_outI1_continue for #1 Aug 26 13:09:53.167508: | **emit ISAKMP Message: Aug 26 13:09:53.167512: | initiator cookie: Aug 26 13:09:53.167514: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:53.167517: | responder cookie: Aug 26 13:09:53.167519: | 00 00 00 00 00 00 00 00 Aug 26 13:09:53.167522: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:53.167525: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:53.167528: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:53.167533: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:53.167536: | Message ID: 0 (0x0) Aug 26 13:09:53.167539: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:53.167547: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:53.167550: | Emitting ikev2_proposals ... Aug 26 13:09:53.167553: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:53.167556: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:53.167559: | flags: none (0x0) Aug 26 13:09:53.167562: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:53.167565: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167569: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:53.167572: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:53.167575: | prop #: 1 (0x1) Aug 26 13:09:53.167577: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:53.167580: | spi size: 0 (0x0) Aug 26 13:09:53.167583: | # transforms: 4 (0x4) Aug 26 13:09:53.167586: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:53.167589: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:53.167592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167594: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:53.167597: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:53.167600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:53.167603: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:53.167605: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:53.167608: | length/value: 256 (0x100) Aug 26 13:09:53.167611: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:53.167614: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:53.167617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167619: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:53.167622: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:53.167626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:53.167635: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:53.167637: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:53.167640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167643: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:53.167645: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:53.167648: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:53.167654: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:53.167657: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:53.167660: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:53.167663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:53.167665: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:53.167669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:53.167672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:53.167675: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:53.167677: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 26 13:09:53.167681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:53.167683: | emitting length of IKEv2 Security Association Payload: 48 Aug 26 13:09:53.167686: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:53.167689: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:53.167692: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:53.167695: | flags: none (0x0) Aug 26 13:09:53.167697: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:53.167701: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:53.167704: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167708: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:53.167711: | ikev2 g^x 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 27 bc b8 e1 Aug 26 13:09:53.167713: | ikev2 g^x b7 21 94 f2 ee 3b e2 88 9d fe 56 16 9f 2b a1 64 Aug 26 13:09:53.167716: | ikev2 g^x fd 3e 70 a6 69 b3 25 64 44 ba 83 25 51 37 e4 f8 Aug 26 13:09:53.167719: | ikev2 g^x 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 1b b8 6a 51 Aug 26 13:09:53.167721: | ikev2 g^x 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 4c 29 41 94 Aug 26 13:09:53.167724: | ikev2 g^x b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 28 23 6d 24 Aug 26 13:09:53.167726: | ikev2 g^x e9 0b a7 96 21 fd 6a 51 a3 90 88 97 17 e6 95 b7 Aug 26 13:09:53.167729: | ikev2 g^x c0 43 a3 ea e4 50 8b 86 35 2e f7 cc c1 e9 11 c7 Aug 26 13:09:53.167732: | ikev2 g^x 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 2b 33 a4 b8 Aug 26 13:09:53.167734: | ikev2 g^x ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e 54 90 23 13 Aug 26 13:09:53.167737: | ikev2 g^x 1d c8 2a ac b9 32 ac aa bd 65 14 02 fa 67 01 a2 Aug 26 13:09:53.167740: | ikev2 g^x 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 c1 6e 0a 74 Aug 26 13:09:53.167742: | ikev2 g^x f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a 77 9c 92 6a Aug 26 13:09:53.167745: | ikev2 g^x 76 61 28 32 ba c6 83 1d 32 6c 72 fa 36 a2 b8 c4 Aug 26 13:09:53.167747: | ikev2 g^x a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 fa f6 78 80 Aug 26 13:09:53.167752: | ikev2 g^x 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd f1 30 31 94 Aug 26 13:09:53.167755: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:53.167757: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:53.167760: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:53.167763: | flags: none (0x0) Aug 26 13:09:53.167766: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:53.167769: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:53.167772: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167776: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:53.167778: | IKEv2 nonce 79 a8 44 0e 5f b9 b0 23 5a ff 5c c9 48 94 fa 0a Aug 26 13:09:53.167781: | IKEv2 nonce d2 c6 05 1f a6 d7 e0 a3 9a 57 03 f2 20 58 3a 29 Aug 26 13:09:53.167784: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:53.167786: | Adding a v2N Payload Aug 26 13:09:53.167789: | ***emit IKEv2 Notify Payload: Aug 26 13:09:53.167792: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:53.167794: | flags: none (0x0) Aug 26 13:09:53.167797: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:53.167800: | SPI size: 0 (0x0) Aug 26 13:09:53.167803: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:53.167806: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:53.167809: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167812: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:53.167816: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:53.167819: | natd_hash: rcookie is zero Aug 26 13:09:53.167833: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:53.167836: | natd_hash: icookie= a9 6d 2c db 22 7f 10 cd Aug 26 13:09:53.167839: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:53.167841: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:53.167844: | natd_hash: port=500 Aug 26 13:09:53.167847: | natd_hash: hash= c4 62 89 64 0a 54 50 39 dd 9a e2 ef e5 83 c8 53 Aug 26 13:09:53.167849: | natd_hash: hash= 4c e2 69 61 Aug 26 13:09:53.167852: | Adding a v2N Payload Aug 26 13:09:53.167854: | ***emit IKEv2 Notify Payload: Aug 26 13:09:53.167857: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:53.167860: | flags: none (0x0) Aug 26 13:09:53.167863: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:53.167865: | SPI size: 0 (0x0) Aug 26 13:09:53.167868: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:53.167871: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:53.167874: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167877: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:53.167880: | Notify data c4 62 89 64 0a 54 50 39 dd 9a e2 ef e5 83 c8 53 Aug 26 13:09:53.167883: | Notify data 4c e2 69 61 Aug 26 13:09:53.167885: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:53.167893: | natd_hash: rcookie is zero Aug 26 13:09:53.167900: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:53.167903: | natd_hash: icookie= a9 6d 2c db 22 7f 10 cd Aug 26 13:09:53.167906: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:53.167909: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:53.167911: | natd_hash: port=500 Aug 26 13:09:53.167914: | natd_hash: hash= 0c 44 21 8c 70 e1 be 77 02 67 87 8e a8 87 7e d8 Aug 26 13:09:53.167916: | natd_hash: hash= 45 e3 32 03 Aug 26 13:09:53.167919: | Adding a v2N Payload Aug 26 13:09:53.167923: | ***emit IKEv2 Notify Payload: Aug 26 13:09:53.167926: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:53.167929: | flags: none (0x0) Aug 26 13:09:53.167932: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:53.167934: | SPI size: 0 (0x0) Aug 26 13:09:53.167937: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:53.167940: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:53.167943: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:53.167946: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:53.167949: | Notify data 0c 44 21 8c 70 e1 be 77 02 67 87 8e a8 87 7e d8 Aug 26 13:09:53.167952: | Notify data 45 e3 32 03 Aug 26 13:09:53.167954: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:53.167957: | emitting length of ISAKMP Message: 440 Aug 26 13:09:53.167964: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Aug 26 13:09:53.167975: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:53.167979: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Aug 26 13:09:53.167983: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Aug 26 13:09:53.167986: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Aug 26 13:09:53.167990: | Message ID: updating counters for #1 to 4294967295 after switching state Aug 26 13:09:53.167993: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:53.167999: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:53.168002: "north-eastnets/0x1" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:53.168008: | sending V2 reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:53.168018: | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.168023: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.168025: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.168028: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.168030: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.168033: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.168036: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.168038: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.168041: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.168043: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.168046: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.168048: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.168051: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.168053: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.168056: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.168058: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.168061: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.168063: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.168065: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.168067: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.168070: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.168072: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.168075: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.168077: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.168081: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.168084: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.168086: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.168089: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.168091: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.168147: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:53.168153: | libevent_free: release ptr-libevent@0x564529d83eb8 Aug 26 13:09:53.168157: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529d91ea8 Aug 26 13:09:53.168160: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Aug 26 13:09:53.168164: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.168168: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Aug 26 13:09:53.168171: | libevent_malloc: new ptr-libevent@0x564529d94098 size 128 Aug 26 13:09:53.168176: | #1 STATE_PARENT_I1: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10278.91063 Aug 26 13:09:53.168180: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:53.168186: | #1 spent 0.684 milliseconds in resume sending helper answer Aug 26 13:09:53.168192: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:833) Aug 26 13:09:53.168195: | libevent_free: release ptr-libevent@0x7f511c002888 Aug 26 13:09:53.168206: | processing signal PLUTO_SIGCHLD Aug 26 13:09:53.168215: | waitpid returned pid 9293 (exited with status 0) Aug 26 13:09:53.168219: | reaped addconn helper child (status 0) Aug 26 13:09:53.168226: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:53.168231: | spent 0.0198 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:53.171365: | kernel_process_msg_cb process netlink message Aug 26 13:09:53.171388: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:09:53.171393: | xfrm netlink msg len 376 Aug 26 13:09:53.171396: | xfrm acquire rtattribute type 5 Aug 26 13:09:53.171398: | xfrm acquire rtattribute type 16 Aug 26 13:09:53.171409: | add bare shunt 0x564529d92528 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.171416: initiate on demand from 192.0.22.251:8 to 192.0.3.254:0 proto=1 because: acquire Aug 26 13:09:53.171422: | find_connection: looking for policy for connection: 192.0.22.251:1/8 -> 192.0.3.254:1/0 Aug 26 13:09:53.171426: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:09:53.171432: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24 -> 192.0.3.0/24 [pri: 25214986] Aug 26 13:09:53.171435: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x564529d92838} (child none) Aug 26 13:09:53.171439: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x564529d92838} kind=CK_PERMANENT Aug 26 13:09:53.171442: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:09:53.171445: | assign_holdpass() need broad(er) shunt Aug 26 13:09:53.171449: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:53.171457: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:09:53.171460: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:09:53.171464: | raw_eroute result=success Aug 26 13:09:53.171467: | assign_holdpass() eroute_connection() done Aug 26 13:09:53.171470: | fiddle_bare_shunt called Aug 26 13:09:53.171473: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:09:53.171476: | removing specific host-to-host bare shunt Aug 26 13:09:53.171483: | delete narrow %hold eroute 192.0.22.251/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Aug 26 13:09:53.171486: | netlink_raw_eroute: SPI_PASS Aug 26 13:09:53.171498: | raw_eroute result=success Aug 26 13:09:53.171503: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:09:53.171513: | delete bare shunt 0x564529d92528 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.171517: assign_holdpass() delete_bare_shunt() failed Aug 26 13:09:53.171520: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:09:53.171523: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:53.171529: | Queuing pending IPsec SA negotiating with 192.1.3.33 "north-eastnets/0x2" IKE SA #1 "north-eastnets/0x1" Aug 26 13:09:53.171535: | initiate on demand using RSASIG from 192.0.22.251 to 192.0.3.254 Aug 26 13:09:53.171544: | spent 0.157 milliseconds in kernel message Aug 26 13:09:53.173324: | kernel_process_msg_cb process netlink message Aug 26 13:09:53.173344: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:09:53.173347: | xfrm netlink msg len 376 Aug 26 13:09:53.173350: | xfrm acquire rtattribute type 5 Aug 26 13:09:53.173352: | xfrm acquire rtattribute type 16 Aug 26 13:09:53.173359: | add bare shunt 0x564529d92528 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.173363: initiate on demand from 192.0.22.254:8 to 192.0.3.254:0 proto=1 because: acquire Aug 26 13:09:53.173367: | find_connection: looking for policy for connection: 192.0.22.254:1/8 -> 192.0.3.254:1/0 Aug 26 13:09:53.173369: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:09:53.173372: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24 -> 192.0.3.0/24 [pri: 25214986] Aug 26 13:09:53.173375: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x564529d92838} (child none) Aug 26 13:09:53.173377: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x564529d92838} kind=CK_PERMANENT Aug 26 13:09:53.173379: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:09:53.173380: | assign_holdpass() need broad(er) shunt Aug 26 13:09:53.173382: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:53.173386: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:09:53.173388: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:09:53.173390: | raw_eroute result=success Aug 26 13:09:53.173392: | assign_holdpass() eroute_connection() done Aug 26 13:09:53.173393: | fiddle_bare_shunt called Aug 26 13:09:53.173395: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:09:53.173396: | removing specific host-to-host bare shunt Aug 26 13:09:53.173399: | delete narrow %hold eroute 192.0.22.254/32:8 --1-> 192.0.3.254/32:0 => %hold (raw_eroute) Aug 26 13:09:53.173401: | netlink_raw_eroute: SPI_PASS Aug 26 13:09:53.173410: | raw_eroute result=success Aug 26 13:09:53.173412: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:09:53.173416: | delete bare shunt 0x564529d92528 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:09:53.173417: assign_holdpass() delete_bare_shunt() failed Aug 26 13:09:53.173419: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:09:53.173421: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:09:53.173424: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x2" Aug 26 13:09:53.173426: | initiate on demand using RSASIG from 192.0.22.254 to 192.0.3.254 Aug 26 13:09:53.173431: | spent 0.0892 milliseconds in kernel message Aug 26 13:09:53.189650: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:09:53.189880: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:53.189886: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:09:53.190010: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:09:53.190013: | FOR_EACH_STATE_... in sort_states Aug 26 13:09:53.190028: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:09:53.190036: | spent 0.393 milliseconds in whack Aug 26 13:09:53.219106: | timer_event_cb: processing event@0x564529d91ea8 Aug 26 13:09:53.219122: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:53.219131: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:53.219134: | IKEv2 retransmit event Aug 26 13:09:53.219139: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:53.219144: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:53.219148: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:53.219155: | retransmits: current time 10278.961618; retransmit count 0 exceeds limit? NO; deltatime 0.05 exceeds limit? NO; monotime 0.050988 exceeds limit? NO Aug 26 13:09:53.219159: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:53.219163: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Aug 26 13:09:53.219167: | libevent_malloc: new ptr-libevent@0x7f511c002888 size 128 Aug 26 13:09:53.219172: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.05 seconds for response Aug 26 13:09:53.219179: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.219182: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.219184: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.219187: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.219189: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.219191: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.219193: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.219196: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.219198: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.219200: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.219203: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.219205: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.219207: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.219210: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.219212: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.219214: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.219217: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.219219: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.219221: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.219223: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.219226: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.219228: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.219230: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.219233: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.219235: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.219237: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.219240: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.219242: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.219244: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.219294: | libevent_free: release ptr-libevent@0x564529d94098 Aug 26 13:09:53.219300: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.219321: | #1 spent 0.173 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:53.219326: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:53.269400: | timer_event_cb: processing event@0x7f511c002b78 Aug 26 13:09:53.269424: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:53.269432: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:53.269436: | IKEv2 retransmit event Aug 26 13:09:53.269441: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:53.269445: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:53.269449: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 2 Aug 26 13:09:53.269456: | retransmits: current time 10279.011919; retransmit count 1 exceeds limit? NO; deltatime 0.1 exceeds limit? NO; monotime 0.101289 exceeds limit? NO Aug 26 13:09:53.269460: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.269464: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #1 Aug 26 13:09:53.269468: | libevent_malloc: new ptr-libevent@0x564529d94098 size 128 Aug 26 13:09:53.269472: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.1 seconds for response Aug 26 13:09:53.269480: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.269483: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.269485: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.269488: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.269490: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.269492: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.269495: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.269497: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.269499: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.269502: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.269504: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.269506: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.269509: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.269511: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.269513: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.269516: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.269518: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.269520: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.269523: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.269525: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.269527: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.269530: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.269532: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.269534: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.269537: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.269539: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.269542: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.269544: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.269546: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.269596: | libevent_free: release ptr-libevent@0x7f511c002888 Aug 26 13:09:53.269602: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:53.269610: | #1 spent 0.184 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:53.269615: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:53.370795: | timer_event_cb: processing event@0x564529d91ea8 Aug 26 13:09:53.370812: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:53.370840: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:53.370845: | IKEv2 retransmit event Aug 26 13:09:53.370851: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:53.370856: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:53.370874: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 3 Aug 26 13:09:53.370881: | retransmits: current time 10279.113344; retransmit count 2 exceeds limit? NO; deltatime 0.2 exceeds limit? NO; monotime 0.202714 exceeds limit? NO Aug 26 13:09:53.370886: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:53.370890: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #1 Aug 26 13:09:53.370894: | libevent_malloc: new ptr-libevent@0x7f511c002888 size 128 Aug 26 13:09:53.370900: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.2 seconds for response Aug 26 13:09:53.370908: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.370911: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.370914: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.370916: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.370919: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.370921: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.370924: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.370926: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.370929: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.370931: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.370934: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.370936: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.370938: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.370940: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.370943: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.370945: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.370948: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.370950: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.370953: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.370955: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.370957: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.370959: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.370961: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.370964: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.370966: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.370968: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.370971: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.370974: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.370976: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.371045: | libevent_free: release ptr-libevent@0x564529d94098 Aug 26 13:09:53.371051: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.371071: | #1 spent 0.233 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:53.371077: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:53.571472: | timer_event_cb: processing event@0x7f511c002b78 Aug 26 13:09:53.571485: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:53.571491: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:53.571497: | IKEv2 retransmit event Aug 26 13:09:53.571500: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:53.571503: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:53.571506: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 4 Aug 26 13:09:53.571510: | retransmits: current time 10279.313975; retransmit count 3 exceeds limit? NO; deltatime 0.4 exceeds limit? NO; monotime 0.403345 exceeds limit? NO Aug 26 13:09:53.571513: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.571516: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #1 Aug 26 13:09:53.571518: | libevent_malloc: new ptr-libevent@0x564529d94098 size 128 Aug 26 13:09:53.571521: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.4 seconds for response Aug 26 13:09:53.571526: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.571528: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.571530: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.571531: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.571532: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.571534: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.571535: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.571537: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.571538: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.571540: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.571541: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.571543: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.571544: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.571546: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.571547: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.571548: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.571550: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.571551: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.571553: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.571554: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.571556: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.571557: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.571559: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.571560: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.571562: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.571563: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.571564: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.571566: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.571567: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.571604: | libevent_free: release ptr-libevent@0x7f511c002888 Aug 26 13:09:53.571608: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:53.571613: | #1 spent 0.133 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:53.571616: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:53.973088: | timer_event_cb: processing event@0x564529d91ea8 Aug 26 13:09:53.973101: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:53.973108: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:53.973111: | IKEv2 retransmit event Aug 26 13:09:53.973114: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:53.973122: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:53.973125: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 5 Aug 26 13:09:53.973130: | retransmits: current time 10279.715594; retransmit count 4 exceeds limit? NO; deltatime 0.8 exceeds limit? NO; monotime 0.804964 exceeds limit? NO Aug 26 13:09:53.973133: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:53.973136: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #1 Aug 26 13:09:53.973138: | libevent_malloc: new ptr-libevent@0x7f511c002888 size 128 Aug 26 13:09:53.973141: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.8 seconds for response Aug 26 13:09:53.973146: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:53.973148: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:53.973150: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:53.973151: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:53.973153: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:53.973154: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:53.973156: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:53.973157: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:53.973159: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:53.973160: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:53.973161: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:53.973163: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:53.973164: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:53.973166: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:53.973167: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:53.973169: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:53.973170: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:53.973172: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:53.973173: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:53.973174: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:53.973176: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:53.973177: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:53.973179: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:53.973180: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:53.973182: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:53.973183: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:53.973185: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:53.973186: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:53.973188: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:53.973479: | libevent_free: release ptr-libevent@0x564529d94098 Aug 26 13:09:53.973486: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:53.973491: | #1 spent 0.379 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:53.973495: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:54.774382: | timer_event_cb: processing event@0x7f511c002b78 Aug 26 13:09:54.774399: | handling event EVENT_RETRANSMIT for parent state #1 Aug 26 13:09:54.774405: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:54.774408: | IKEv2 retransmit event Aug 26 13:09:54.774411: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:54.774414: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Aug 26 13:09:54.774424: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 6 Aug 26 13:09:54.774428: | retransmits: current time 10280.516893; retransmit count 5 exceeds limit? NO; deltatime 1.6 exceeds limit? NO; monotime 1.606263 exceeds limit? NO Aug 26 13:09:54.774431: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:54.774434: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #1 Aug 26 13:09:54.774436: | libevent_malloc: new ptr-libevent@0x564529d94098 size 128 Aug 26 13:09:54.774440: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 1.6 seconds for response Aug 26 13:09:54.774444: | sending 440 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:54.774446: | a9 6d 2c db 22 7f 10 cd 00 00 00 00 00 00 00 00 Aug 26 13:09:54.774448: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:54.774450: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:54.774451: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:54.774453: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:54.774454: | 00 0e 00 00 18 4e f9 94 02 d2 39 1e 4b f3 ec 76 Aug 26 13:09:54.774455: | 27 bc b8 e1 b7 21 94 f2 ee 3b e2 88 9d fe 56 16 Aug 26 13:09:54.774457: | 9f 2b a1 64 fd 3e 70 a6 69 b3 25 64 44 ba 83 25 Aug 26 13:09:54.774458: | 51 37 e4 f8 61 3a d8 c3 91 6b 43 bd 0f 44 a7 28 Aug 26 13:09:54.774460: | 1b b8 6a 51 98 65 29 8c 2b cf 94 e4 a9 69 aa 12 Aug 26 13:09:54.774461: | 4c 29 41 94 b5 b8 4f 4e 1c 3c 83 72 b1 75 01 e6 Aug 26 13:09:54.774463: | 28 23 6d 24 e9 0b a7 96 21 fd 6a 51 a3 90 88 97 Aug 26 13:09:54.774464: | 17 e6 95 b7 c0 43 a3 ea e4 50 8b 86 35 2e f7 cc Aug 26 13:09:54.774466: | c1 e9 11 c7 52 dd ce d4 87 c7 9e 76 c2 f3 8c 93 Aug 26 13:09:54.774467: | 2b 33 a4 b8 ba a0 a4 4a 5d a8 b1 ae 3e 8b 23 2e Aug 26 13:09:54.774469: | 54 90 23 13 1d c8 2a ac b9 32 ac aa bd 65 14 02 Aug 26 13:09:54.774470: | fa 67 01 a2 8a ee 5d 37 50 ad 60 ab 8a 6d b6 e8 Aug 26 13:09:54.774472: | c1 6e 0a 74 f7 ba 6f c7 c5 16 d4 3c 21 f4 ad 7a Aug 26 13:09:54.774473: | 77 9c 92 6a 76 61 28 32 ba c6 83 1d 32 6c 72 fa Aug 26 13:09:54.774474: | 36 a2 b8 c4 a1 e1 a3 27 7f 9f e0 d9 77 3c f8 94 Aug 26 13:09:54.774476: | fa f6 78 80 66 e5 50 95 cf 2f 3e 2d 66 4d 2e cd Aug 26 13:09:54.774477: | f1 30 31 94 29 00 00 24 79 a8 44 0e 5f b9 b0 23 Aug 26 13:09:54.774479: | 5a ff 5c c9 48 94 fa 0a d2 c6 05 1f a6 d7 e0 a3 Aug 26 13:09:54.774480: | 9a 57 03 f2 20 58 3a 29 29 00 00 08 00 00 40 2e Aug 26 13:09:54.774482: | 29 00 00 1c 00 00 40 04 c4 62 89 64 0a 54 50 39 Aug 26 13:09:54.774483: | dd 9a e2 ef e5 83 c8 53 4c e2 69 61 00 00 00 1c Aug 26 13:09:54.774485: | 00 00 40 05 0c 44 21 8c 70 e1 be 77 02 67 87 8e Aug 26 13:09:54.774486: | a8 87 7e d8 45 e3 32 03 Aug 26 13:09:54.774514: | libevent_free: release ptr-libevent@0x7f511c002888 Aug 26 13:09:54.774517: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f511c002b78 Aug 26 13:09:54.774523: | #1 spent 0.14 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:54.774526: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:55.421661: | spent 0.00325 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:55.421696: | *received 440 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:55.421715: | f4 b6 d6 b1 3a 28 54 37 00 00 00 00 00 00 00 00 Aug 26 13:09:55.421717: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:55.421720: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:55.421722: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:55.421724: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:55.421726: | 00 0e 00 00 dc 1c 58 e1 89 30 89 23 39 5a f8 bb Aug 26 13:09:55.421728: | 84 41 b9 68 07 c6 2e 88 cc 3f 94 e3 0c e3 3d dc Aug 26 13:09:55.421734: | f7 4d 47 4f 74 96 26 9a df ad ea b8 d3 3b 1d bc Aug 26 13:09:55.421736: | 5d 5d 78 f3 b6 e0 b1 07 6d 89 10 81 1d d3 82 f1 Aug 26 13:09:55.421739: | 7d 61 10 59 6f 3f 0a e4 9f 54 16 b0 b6 e0 f6 df Aug 26 13:09:55.421741: | 4a 4f 40 bf 62 e4 1e 0d bd 7e ca 41 21 fa c5 7d Aug 26 13:09:55.421742: | ef ba d4 12 0b 55 54 23 c2 2a bf bc 8a 9f 3c 59 Aug 26 13:09:55.421744: | 2e a9 59 d9 c4 d5 4b a9 15 54 c2 e0 d4 a2 70 00 Aug 26 13:09:55.421745: | 6b 94 cc 16 b5 24 f1 c0 90 58 8e 1e 1b 59 40 ee Aug 26 13:09:55.421747: | 55 54 0d 37 56 30 31 e8 d5 1f b9 83 65 df 52 6f Aug 26 13:09:55.421748: | da e0 0c 90 6c 8f b1 66 8d 37 19 52 be 94 ce 92 Aug 26 13:09:55.421750: | bc 51 d5 ce e9 b2 c4 7c 4c 54 af 89 88 5a 24 58 Aug 26 13:09:55.421751: | 46 b2 03 c2 f6 a5 5c 50 37 e4 13 bc a8 92 c1 1e Aug 26 13:09:55.421753: | fc 54 12 9a bf 1d 5c d8 ef 33 72 d1 24 6c 80 04 Aug 26 13:09:55.421754: | 32 7f e7 65 a0 0f 42 1e 5f f4 c0 ac 89 57 5e 75 Aug 26 13:09:55.421756: | 0b a6 3f ff c1 7c c5 4d 3c 3d 3e 6e 3a 95 38 7e Aug 26 13:09:55.421757: | b9 39 82 66 29 00 00 24 29 ba 1e fb d3 96 67 cc Aug 26 13:09:55.421759: | d0 3c 87 81 8b 34 5b 7d c1 fb d9 e1 9e 58 01 9b Aug 26 13:09:55.421760: | 2c 4b 83 1f c2 61 4b 9e 29 00 00 08 00 00 40 2e Aug 26 13:09:55.421762: | 29 00 00 1c 00 00 40 04 b2 73 1e dd 35 69 ae a2 Aug 26 13:09:55.421763: | da db cb 31 11 e4 44 d5 2d da 22 64 00 00 00 1c Aug 26 13:09:55.421765: | 00 00 40 05 90 75 df 89 c4 de 22 74 9a 4d 78 0f Aug 26 13:09:55.421766: | 07 f7 0e 68 57 7f c9 9d Aug 26 13:09:55.421769: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:55.421772: | **parse ISAKMP Message: Aug 26 13:09:55.421774: | initiator cookie: Aug 26 13:09:55.421776: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.421777: | responder cookie: Aug 26 13:09:55.421779: | 00 00 00 00 00 00 00 00 Aug 26 13:09:55.421781: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:55.421782: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:55.421784: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:55.421786: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:55.421788: | Message ID: 0 (0x0) Aug 26 13:09:55.421789: | length: 440 (0x1b8) Aug 26 13:09:55.421791: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:55.421794: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:09:55.421796: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:55.421798: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:55.421800: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:55.421802: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:55.421804: | flags: none (0x0) Aug 26 13:09:55.421805: | length: 48 (0x30) Aug 26 13:09:55.421807: | processing payload: ISAKMP_NEXT_v2SA (len=44) Aug 26 13:09:55.421809: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:55.421811: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:55.421812: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:55.421814: | flags: none (0x0) Aug 26 13:09:55.421816: | length: 264 (0x108) Aug 26 13:09:55.421817: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.421819: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:55.421821: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:55.421822: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:55.421824: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.421825: | flags: none (0x0) Aug 26 13:09:55.421827: | length: 36 (0x24) Aug 26 13:09:55.421829: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:55.421830: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.421832: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.421834: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.421836: | flags: none (0x0) Aug 26 13:09:55.421838: | length: 8 (0x8) Aug 26 13:09:55.421840: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.421841: | SPI size: 0 (0x0) Aug 26 13:09:55.421843: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:55.421845: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:55.421847: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.421848: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.421850: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.421851: | flags: none (0x0) Aug 26 13:09:55.421853: | length: 28 (0x1c) Aug 26 13:09:55.421854: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.421856: | SPI size: 0 (0x0) Aug 26 13:09:55.421870: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:55.421872: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:55.421874: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.421875: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.421877: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.421878: | flags: none (0x0) Aug 26 13:09:55.421880: | length: 28 (0x1c) Aug 26 13:09:55.421881: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.421883: | SPI size: 0 (0x0) Aug 26 13:09:55.421884: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:55.421887: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:55.421889: | DDOS disabled and no cookie sent, continuing Aug 26 13:09:55.421895: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:55.421899: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:55.421902: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:55.421906: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Aug 26 13:09:55.421909: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Aug 26 13:09:55.421911: | find_next_host_connection returns empty Aug 26 13:09:55.421915: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:09:55.421918: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:09:55.421920: | find_next_host_connection returns empty Aug 26 13:09:55.421924: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:09:55.421929: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:09:55.421933: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:55.421936: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:55.421939: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Aug 26 13:09:55.421941: | find_next_host_connection returns north-eastnets/0x2 Aug 26 13:09:55.421942: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:55.421944: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Aug 26 13:09:55.421946: | find_next_host_connection returns north-eastnets/0x1 Aug 26 13:09:55.421947: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:09:55.421949: | find_next_host_connection returns empty Aug 26 13:09:55.421951: | found connection: north-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 13:09:55.421965: | creating state object #2 at 0x564529d96d08 Aug 26 13:09:55.421968: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:09:55.421973: | pstats #2 ikev2.ike started Aug 26 13:09:55.421976: | Message ID: init #2: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:09:55.421978: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:09:55.421983: | Message ID: init_ike #2; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:55.421991: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:55.421993: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:55.421996: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:55.421998: | #2 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:09:55.422000: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:09:55.422003: | Message ID: start-responder #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:09:55.422005: | #2 in state PARENT_R0: processing SA_INIT request Aug 26 13:09:55.422007: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:09:55.422008: | Now let's proceed with state specific processing Aug 26 13:09:55.422010: | calling processor Respond to IKE_SA_INIT Aug 26 13:09:55.422014: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:55.422016: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 13:09:55.422019: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Aug 26 13:09:55.422024: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:55.422027: "north-eastnets/0x2": constructed local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:55.422029: | Comparing remote proposals against IKE responder 1 local proposals Aug 26 13:09:55.422034: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:55.422036: | local proposal 1 type PRF has 1 transforms Aug 26 13:09:55.422037: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:55.422039: | local proposal 1 type DH has 1 transforms Aug 26 13:09:55.422041: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:55.422043: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:55.422045: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:55.422047: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:55.422048: | length: 44 (0x2c) Aug 26 13:09:55.422050: | prop #: 1 (0x1) Aug 26 13:09:55.422052: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:55.422053: | spi size: 0 (0x0) Aug 26 13:09:55.422055: | # transforms: 4 (0x4) Aug 26 13:09:55.422057: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:55.422059: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.422061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.422062: | length: 12 (0xc) Aug 26 13:09:55.422064: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:55.422065: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:55.422067: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:55.422069: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:55.422070: | length/value: 256 (0x100) Aug 26 13:09:55.422073: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:55.422075: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.422077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.422078: | length: 8 (0x8) Aug 26 13:09:55.422080: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:55.422081: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:55.422083: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:55.422086: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.422088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.422089: | length: 8 (0x8) Aug 26 13:09:55.422091: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:55.422092: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:55.422095: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:55.422096: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.422098: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:55.422099: | length: 8 (0x8) Aug 26 13:09:55.422101: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:55.422103: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.422105: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:55.422107: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Aug 26 13:09:55.422110: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Aug 26 13:09:55.422112: | remote proposal 1 matches local proposal 1 Aug 26 13:09:55.422115: "north-eastnets/0x2" #2: proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Aug 26 13:09:55.422117: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:55.422119: | converting proposal to internal trans attrs Aug 26 13:09:55.422122: | natd_hash: rcookie is zero Aug 26 13:09:55.422127: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.422129: | natd_hash: icookie= f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.422131: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:55.422132: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:55.422134: | natd_hash: port=500 Aug 26 13:09:55.422135: | natd_hash: hash= 90 75 df 89 c4 de 22 74 9a 4d 78 0f 07 f7 0e 68 Aug 26 13:09:55.422137: | natd_hash: hash= 57 7f c9 9d Aug 26 13:09:55.422138: | natd_hash: rcookie is zero Aug 26 13:09:55.422142: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.422143: | natd_hash: icookie= f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.422145: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:09:55.422146: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:55.422148: | natd_hash: port=500 Aug 26 13:09:55.422149: | natd_hash: hash= b2 73 1e dd 35 69 ae a2 da db cb 31 11 e4 44 d5 Aug 26 13:09:55.422151: | natd_hash: hash= 2d da 22 64 Aug 26 13:09:55.422152: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:55.422154: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:55.422155: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:55.422157: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:09:55.422161: | adding ikev2_inI1outR1 KE work-order 2 for state #2 Aug 26 13:09:55.422164: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f511c002b78 Aug 26 13:09:55.422166: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:09:55.422168: | libevent_malloc: new ptr-libevent@0x7f511c002888 size 128 Aug 26 13:09:55.422176: | #2 spent 0.163 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:09:55.422194: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:55.422196: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:55.422198: | suspending state #2 and saving MD Aug 26 13:09:55.422199: | #2 is busy; has a suspended MD Aug 26 13:09:55.422202: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:55.422200: | crypto helper 1 resuming Aug 26 13:09:55.422209: | "north-eastnets/0x2" #2 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:55.422217: | crypto helper 1 starting work-order 2 for state #2 Aug 26 13:09:55.422220: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:55.422221: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 2 Aug 26 13:09:55.422224: | #2 spent 0.546 milliseconds in ikev2_process_packet() Aug 26 13:09:55.422227: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:55.422229: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:55.422231: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:55.422233: | spent 0.556 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:55.423042: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 2 time elapsed 0.00082 seconds Aug 26 13:09:55.423058: | (#2) spent 0.826 milliseconds in crypto helper computing work-order 2: ikev2_inI1outR1 KE (pcr) Aug 26 13:09:55.423062: | crypto helper 1 sending results from work-order 2 for state #2 to event queue Aug 26 13:09:55.423065: | scheduling resume sending helper answer for #2 Aug 26 13:09:55.423069: | libevent_malloc: new ptr-libevent@0x7f5114002888 size 128 Aug 26 13:09:55.423077: | crypto helper 1 waiting (nothing to do) Aug 26 13:09:55.423081: | processing resume sending helper answer for #2 Aug 26 13:09:55.423086: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:55.423089: | crypto helper 1 replies to request ID 2 Aug 26 13:09:55.423091: | calling continuation function 0x564528dcdb50 Aug 26 13:09:55.423093: | ikev2_parent_inI1outR1_continue for #2: calculated ke+nonce, sending R1 Aug 26 13:09:55.423097: | **emit ISAKMP Message: Aug 26 13:09:55.423099: | initiator cookie: Aug 26 13:09:55.423101: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.423102: | responder cookie: Aug 26 13:09:55.423104: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:55.423106: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:55.423107: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:55.423109: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:55.423111: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:55.423113: | Message ID: 0 (0x0) Aug 26 13:09:55.423115: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:55.423117: | Emitting ikev2_proposal ... Aug 26 13:09:55.423118: | ***emit IKEv2 Security Association Payload: Aug 26 13:09:55.423120: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.423122: | flags: none (0x0) Aug 26 13:09:55.423124: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:55.423126: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423128: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:55.423130: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:55.423131: | prop #: 1 (0x1) Aug 26 13:09:55.423133: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:55.423134: | spi size: 0 (0x0) Aug 26 13:09:55.423136: | # transforms: 4 (0x4) Aug 26 13:09:55.423138: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:55.423140: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.423141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423143: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:55.423146: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:55.423148: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.423150: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:55.423152: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:55.423154: | length/value: 256 (0x100) Aug 26 13:09:55.423156: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:55.423157: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.423159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423161: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:55.423162: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:55.423164: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.423168: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:55.423170: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.423171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423173: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:55.423175: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:55.423176: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.423180: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:55.423181: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.423183: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:55.423185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:55.423186: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.423188: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.423190: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.423192: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:55.423193: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 26 13:09:55.423195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:55.423197: | emitting length of IKEv2 Security Association Payload: 48 Aug 26 13:09:55.423199: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:55.423201: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:09:55.423203: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.423205: | flags: none (0x0) Aug 26 13:09:55.423206: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.423208: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:55.423210: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423212: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:55.423214: | ikev2 g^x e7 13 82 d8 bb 54 a6 8c 1d 79 bc b8 87 69 70 71 Aug 26 13:09:55.423216: | ikev2 g^x 93 20 8f 3b db 52 b3 4b 95 25 47 41 86 1a 91 f3 Aug 26 13:09:55.423217: | ikev2 g^x ab 05 dc 85 58 3b 28 40 83 84 e7 73 74 78 60 6f Aug 26 13:09:55.423219: | ikev2 g^x a0 77 3f 7f d0 55 b8 eb 40 bd c4 04 8b 06 34 57 Aug 26 13:09:55.423221: | ikev2 g^x 54 4c 39 cf f0 74 8d c9 5a ce 8c d3 65 56 72 d9 Aug 26 13:09:55.423223: | ikev2 g^x 3f 4e fc ad e5 95 25 3b 7e a0 c2 4f a2 50 3c 4a Aug 26 13:09:55.423225: | ikev2 g^x 7f 8e b2 f0 40 78 1d 86 0b a5 48 26 11 43 55 ea Aug 26 13:09:55.423226: | ikev2 g^x 34 8e a2 f4 4d 09 09 c0 ab 03 10 81 b9 ed b1 74 Aug 26 13:09:55.423228: | ikev2 g^x a7 05 d7 7b e8 17 00 f1 2e ed 71 e6 fe 9b db 45 Aug 26 13:09:55.423229: | ikev2 g^x 23 4e 19 a8 61 d4 22 dd ff fa 6a 51 88 d8 45 da Aug 26 13:09:55.423231: | ikev2 g^x b7 cf 4a 46 9f d1 c9 d5 86 6b 42 34 7c 98 79 20 Aug 26 13:09:55.423232: | ikev2 g^x 44 46 bc cb 80 19 08 ed bb 32 ac 43 e8 79 47 6c Aug 26 13:09:55.423234: | ikev2 g^x da 97 21 74 db b7 89 16 9c 5e 12 2b 33 cb de 82 Aug 26 13:09:55.423235: | ikev2 g^x 3a b3 a8 87 a7 36 c6 78 f9 d6 88 b2 b9 6c b5 10 Aug 26 13:09:55.423237: | ikev2 g^x a7 1f e3 e9 0b 95 c3 d0 90 67 17 cb 71 f5 ec 4c Aug 26 13:09:55.423238: | ikev2 g^x 4b 39 57 b5 51 cb 7a e9 6c ce b8 6d e5 96 5f 31 Aug 26 13:09:55.423240: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:09:55.423242: | ***emit IKEv2 Nonce Payload: Aug 26 13:09:55.423243: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.423245: | flags: none (0x0) Aug 26 13:09:55.423247: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:09:55.423249: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:55.423251: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423253: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:55.423254: | IKEv2 nonce 33 54 b4 80 94 43 5f 73 22 ca 5f ba 23 3d 59 15 Aug 26 13:09:55.423256: | IKEv2 nonce 45 f7 29 e5 8d ca c3 d4 2c 2d 1c 64 b1 e7 8f f2 Aug 26 13:09:55.423257: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:55.423260: | Adding a v2N Payload Aug 26 13:09:55.423262: | ***emit IKEv2 Notify Payload: Aug 26 13:09:55.423263: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.423265: | flags: none (0x0) Aug 26 13:09:55.423266: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.423268: | SPI size: 0 (0x0) Aug 26 13:09:55.423270: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:55.423272: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:55.423274: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423275: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:09:55.423277: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:09:55.423283: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.423285: | natd_hash: icookie= f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.423287: | natd_hash: rcookie= ed ec 45 23 73 d7 1a d3 Aug 26 13:09:55.423294: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:55.423297: | natd_hash: port=500 Aug 26 13:09:55.423300: | natd_hash: hash= fc f5 e9 7e 87 b3 dc 13 83 db 76 22 b6 d8 f0 53 Aug 26 13:09:55.423301: | natd_hash: hash= 04 b9 41 02 Aug 26 13:09:55.423303: | Adding a v2N Payload Aug 26 13:09:55.423304: | ***emit IKEv2 Notify Payload: Aug 26 13:09:55.423306: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.423308: | flags: none (0x0) Aug 26 13:09:55.423309: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.423311: | SPI size: 0 (0x0) Aug 26 13:09:55.423313: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:55.423315: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:55.423316: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423320: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:55.423322: | Notify data fc f5 e9 7e 87 b3 dc 13 83 db 76 22 b6 d8 f0 53 Aug 26 13:09:55.423323: | Notify data 04 b9 41 02 Aug 26 13:09:55.423325: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:55.423329: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.423331: | natd_hash: icookie= f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:55.423332: | natd_hash: rcookie= ed ec 45 23 73 d7 1a d3 Aug 26 13:09:55.423334: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:55.423335: | natd_hash: port=500 Aug 26 13:09:55.423337: | natd_hash: hash= 04 1f 76 61 db 60 35 12 3e f2 66 1b 5c e3 25 d8 Aug 26 13:09:55.423338: | natd_hash: hash= 0b 8d b1 ae Aug 26 13:09:55.423340: | Adding a v2N Payload Aug 26 13:09:55.423341: | ***emit IKEv2 Notify Payload: Aug 26 13:09:55.423343: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.423345: | flags: none (0x0) Aug 26 13:09:55.423346: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.423348: | SPI size: 0 (0x0) Aug 26 13:09:55.423349: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:55.423351: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:09:55.423353: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.423355: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:09:55.423357: | Notify data 04 1f 76 61 db 60 35 12 3e f2 66 1b 5c e3 25 d8 Aug 26 13:09:55.423358: | Notify data 0b 8d b1 ae Aug 26 13:09:55.423360: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:09:55.423361: | emitting length of ISAKMP Message: 440 Aug 26 13:09:55.423366: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:55.423368: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:09:55.423371: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:09:55.423373: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:09:55.423375: | Message ID: updating counters for #2 to 0 after switching state Aug 26 13:09:55.423378: | Message ID: recv #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:09:55.423381: | Message ID: sent #2 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:55.423383: "north-eastnets/0x2" #2: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Aug 26 13:09:55.423386: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:55.423390: | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:55.423392: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:55.423394: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:55.423395: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:55.423397: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:55.423398: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:55.423400: | 00 0e 00 00 e7 13 82 d8 bb 54 a6 8c 1d 79 bc b8 Aug 26 13:09:55.423401: | 87 69 70 71 93 20 8f 3b db 52 b3 4b 95 25 47 41 Aug 26 13:09:55.423403: | 86 1a 91 f3 ab 05 dc 85 58 3b 28 40 83 84 e7 73 Aug 26 13:09:55.423404: | 74 78 60 6f a0 77 3f 7f d0 55 b8 eb 40 bd c4 04 Aug 26 13:09:55.423406: | 8b 06 34 57 54 4c 39 cf f0 74 8d c9 5a ce 8c d3 Aug 26 13:09:55.423407: | 65 56 72 d9 3f 4e fc ad e5 95 25 3b 7e a0 c2 4f Aug 26 13:09:55.423409: | a2 50 3c 4a 7f 8e b2 f0 40 78 1d 86 0b a5 48 26 Aug 26 13:09:55.423410: | 11 43 55 ea 34 8e a2 f4 4d 09 09 c0 ab 03 10 81 Aug 26 13:09:55.423413: | b9 ed b1 74 a7 05 d7 7b e8 17 00 f1 2e ed 71 e6 Aug 26 13:09:55.423415: | fe 9b db 45 23 4e 19 a8 61 d4 22 dd ff fa 6a 51 Aug 26 13:09:55.423416: | 88 d8 45 da b7 cf 4a 46 9f d1 c9 d5 86 6b 42 34 Aug 26 13:09:55.423418: | 7c 98 79 20 44 46 bc cb 80 19 08 ed bb 32 ac 43 Aug 26 13:09:55.423419: | e8 79 47 6c da 97 21 74 db b7 89 16 9c 5e 12 2b Aug 26 13:09:55.423421: | 33 cb de 82 3a b3 a8 87 a7 36 c6 78 f9 d6 88 b2 Aug 26 13:09:55.423422: | b9 6c b5 10 a7 1f e3 e9 0b 95 c3 d0 90 67 17 cb Aug 26 13:09:55.423424: | 71 f5 ec 4c 4b 39 57 b5 51 cb 7a e9 6c ce b8 6d Aug 26 13:09:55.423425: | e5 96 5f 31 29 00 00 24 33 54 b4 80 94 43 5f 73 Aug 26 13:09:55.423427: | 22 ca 5f ba 23 3d 59 15 45 f7 29 e5 8d ca c3 d4 Aug 26 13:09:55.423428: | 2c 2d 1c 64 b1 e7 8f f2 29 00 00 08 00 00 40 2e Aug 26 13:09:55.423430: | 29 00 00 1c 00 00 40 04 fc f5 e9 7e 87 b3 dc 13 Aug 26 13:09:55.423431: | 83 db 76 22 b6 d8 f0 53 04 b9 41 02 00 00 00 1c Aug 26 13:09:55.423433: | 00 00 40 05 04 1f 76 61 db 60 35 12 3e f2 66 1b Aug 26 13:09:55.423434: | 5c e3 25 d8 0b 8d b1 ae Aug 26 13:09:55.423470: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:55.423473: | libevent_free: release ptr-libevent@0x7f511c002888 Aug 26 13:09:55.423476: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f511c002b78 Aug 26 13:09:55.423478: | event_schedule: new EVENT_SO_DISCARD-pe@0x7f511c002b78 Aug 26 13:09:55.423481: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #2 Aug 26 13:09:55.423482: | libevent_malloc: new ptr-libevent@0x564529d83eb8 size 128 Aug 26 13:09:55.423485: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Aug 26 13:09:55.423489: | #2 spent 0.375 milliseconds in resume sending helper answer Aug 26 13:09:55.423492: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:55.423494: | libevent_free: release ptr-libevent@0x7f5114002888 Aug 26 13:09:55.776936: | spent 0.00387 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:55.776965: | *received 440 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:55.776970: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.776973: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:09:55.776975: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:09:55.776978: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:09:55.776980: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:09:55.776982: | 00 0e 00 00 45 85 e9 ba f2 fe df 02 6e dc 2a 89 Aug 26 13:09:55.776985: | 59 5f 81 1f 39 19 19 db 57 48 57 5e ab 48 f4 60 Aug 26 13:09:55.776987: | d6 53 0c 58 f0 1e 17 c6 21 3d db d3 9c 1d 07 bf Aug 26 13:09:55.776990: | a8 3a 5c 7a e2 97 7a 61 f7 01 13 e4 12 ba 1d f1 Aug 26 13:09:55.776992: | b6 6f f6 86 14 1f 9e af b1 e2 31 1d da 6c 1e 58 Aug 26 13:09:55.776995: | 32 a7 4e b1 36 2b 14 60 5c eb 77 18 59 b2 9c 55 Aug 26 13:09:55.776997: | 5d d1 b0 52 7b d5 60 3f 90 e7 63 f7 de 9d d1 ef Aug 26 13:09:55.776999: | 82 ad bb be e1 36 10 8a fb d3 71 ee f7 d8 ca 34 Aug 26 13:09:55.777002: | f4 2c c8 a0 1d b6 78 36 2d d5 eb 58 22 08 d2 ce Aug 26 13:09:55.777004: | 03 6a 9f e1 87 48 5b e0 5c 8a 86 72 cd bf 6a 30 Aug 26 13:09:55.777007: | 10 e1 c4 44 d9 12 ae dc 83 92 51 0c 1b ec 0a 32 Aug 26 13:09:55.777009: | 5a d5 42 94 ac ea 0b 86 af 1b 32 73 e8 01 be 36 Aug 26 13:09:55.777012: | 1c 2e 25 b2 b8 a2 d8 fd 76 82 28 26 c0 48 c3 25 Aug 26 13:09:55.777014: | 89 c1 c9 43 ac 15 a6 ff fe bb 90 48 54 dd fd 57 Aug 26 13:09:55.777016: | cc 41 c7 cb df e6 e1 ee e8 32 a4 b0 d0 e4 f7 cd Aug 26 13:09:55.777019: | ab 35 01 35 c2 d0 e4 07 48 6a 04 11 80 e7 d4 3c Aug 26 13:09:55.777021: | e0 4d 30 d3 29 00 00 24 ac 5e a3 43 99 45 4c 20 Aug 26 13:09:55.777024: | c2 16 55 3a 8f b4 74 e9 72 c5 ab a7 70 8e 25 dc Aug 26 13:09:55.777030: | b7 59 ba be 00 4f c2 6f 29 00 00 08 00 00 40 2e Aug 26 13:09:55.777032: | 29 00 00 1c 00 00 40 04 e3 e4 aa a8 43 4a 9d fe Aug 26 13:09:55.777035: | d4 39 3a 77 ca 8f 0c 59 ce 75 a8 72 00 00 00 1c Aug 26 13:09:55.777037: | 00 00 40 05 34 c6 7e 17 47 38 5d 8b 86 e5 fa 27 Aug 26 13:09:55.777039: | e6 bd 1a 7f be b4 fa b0 Aug 26 13:09:55.777044: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:55.777049: | **parse ISAKMP Message: Aug 26 13:09:55.777052: | initiator cookie: Aug 26 13:09:55.777054: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:55.777057: | responder cookie: Aug 26 13:09:55.777059: | a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.777062: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:55.777065: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:55.777068: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:09:55.777071: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:55.777073: | Message ID: 0 (0x0) Aug 26 13:09:55.777076: | length: 440 (0x1b8) Aug 26 13:09:55.777079: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:09:55.777083: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Aug 26 13:09:55.777087: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Aug 26 13:09:55.777094: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:55.777099: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:55.777102: | #1 is idle Aug 26 13:09:55.777104: | #1 idle Aug 26 13:09:55.777107: | unpacking clear payload Aug 26 13:09:55.777110: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:55.777113: | ***parse IKEv2 Security Association Payload: Aug 26 13:09:55.777116: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:55.777119: | flags: none (0x0) Aug 26 13:09:55.777121: | length: 48 (0x30) Aug 26 13:09:55.777124: | processing payload: ISAKMP_NEXT_v2SA (len=44) Aug 26 13:09:55.777127: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:55.777130: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:09:55.777132: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:55.777135: | flags: none (0x0) Aug 26 13:09:55.777137: | length: 264 (0x108) Aug 26 13:09:55.777140: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.777143: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:09:55.777145: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:55.777148: | ***parse IKEv2 Nonce Payload: Aug 26 13:09:55.777151: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.777153: | flags: none (0x0) Aug 26 13:09:55.777156: | length: 36 (0x24) Aug 26 13:09:55.777158: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:55.777161: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.777164: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.777166: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.777168: | flags: none (0x0) Aug 26 13:09:55.777171: | length: 8 (0x8) Aug 26 13:09:55.777174: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.777176: | SPI size: 0 (0x0) Aug 26 13:09:55.777179: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:09:55.777182: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:09:55.777184: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.777187: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.777190: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:09:55.777192: | flags: none (0x0) Aug 26 13:09:55.777194: | length: 28 (0x1c) Aug 26 13:09:55.777197: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.777199: | SPI size: 0 (0x0) Aug 26 13:09:55.777202: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:09:55.777206: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:55.777209: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:09:55.777211: | ***parse IKEv2 Notify Payload: Aug 26 13:09:55.777214: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.777217: | flags: none (0x0) Aug 26 13:09:55.777219: | length: 28 (0x1c) Aug 26 13:09:55.777221: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:09:55.777224: | SPI size: 0 (0x0) Aug 26 13:09:55.777227: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:09:55.777229: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:09:55.777232: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Aug 26 13:09:55.777240: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Aug 26 13:09:55.777243: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:55.777246: | Now let's proceed with state specific processing Aug 26 13:09:55.777249: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Aug 26 13:09:55.777253: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Aug 26 13:09:55.777261: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:09:55.777265: | Comparing remote proposals against IKE initiator (accepting) 1 local proposals Aug 26 13:09:55.777269: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:55.777272: | local proposal 1 type PRF has 1 transforms Aug 26 13:09:55.777274: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:55.777277: | local proposal 1 type DH has 1 transforms Aug 26 13:09:55.777279: | local proposal 1 type ESN has 0 transforms Aug 26 13:09:55.777283: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:09:55.777287: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:55.777296: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:55.777299: | length: 44 (0x2c) Aug 26 13:09:55.777302: | prop #: 1 (0x1) Aug 26 13:09:55.777304: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:09:55.777307: | spi size: 0 (0x0) Aug 26 13:09:55.777310: | # transforms: 4 (0x4) Aug 26 13:09:55.777313: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:55.777317: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.777322: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.777325: | length: 12 (0xc) Aug 26 13:09:55.777327: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:55.777330: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:55.777333: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:55.777336: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:55.777338: | length/value: 256 (0x100) Aug 26 13:09:55.777343: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:55.777346: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.777349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.777351: | length: 8 (0x8) Aug 26 13:09:55.777354: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:09:55.777356: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:09:55.777360: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:09:55.777363: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.777365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.777368: | length: 8 (0x8) Aug 26 13:09:55.777370: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:55.777373: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:09:55.777377: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:55.777382: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:55.777384: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:55.777387: | length: 8 (0x8) Aug 26 13:09:55.777390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:55.777392: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:09:55.777396: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:55.777400: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Aug 26 13:09:55.777405: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Aug 26 13:09:55.777408: | remote proposal 1 matches local proposal 1 Aug 26 13:09:55.777411: | remote accepted the proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Aug 26 13:09:55.777414: | converting proposal to internal trans attrs Aug 26 13:09:55.777432: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.777435: | natd_hash: icookie= a9 6d 2c db 22 7f 10 cd Aug 26 13:09:55.777438: | natd_hash: rcookie= a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.777453: | natd_hash: ip= c0 01 02 17 Aug 26 13:09:55.777456: | natd_hash: port=500 Aug 26 13:09:55.777458: | natd_hash: hash= 34 c6 7e 17 47 38 5d 8b 86 e5 fa 27 e6 bd 1a 7f Aug 26 13:09:55.777460: | natd_hash: hash= be b4 fa b0 Aug 26 13:09:55.777467: | natd_hash: hasher=0x564528ea2800(20) Aug 26 13:09:55.777470: | natd_hash: icookie= a9 6d 2c db 22 7f 10 cd Aug 26 13:09:55.777472: | natd_hash: rcookie= a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.777474: | natd_hash: ip= c0 01 03 21 Aug 26 13:09:55.777476: | natd_hash: port=500 Aug 26 13:09:55.777478: | natd_hash: hash= e3 e4 aa a8 43 4a 9d fe d4 39 3a 77 ca 8f 0c 59 Aug 26 13:09:55.777480: | natd_hash: hash= ce 75 a8 72 Aug 26 13:09:55.777483: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:09:55.777485: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:09:55.777487: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:09:55.777490: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:09:55.777496: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Aug 26 13:09:55.777499: | adding ikev2_inR1outI2 KE work-order 3 for state #1 Aug 26 13:09:55.777502: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:55.777505: | #1 STATE_PARENT_I1: retransmits: cleared Aug 26 13:09:55.777508: | libevent_free: release ptr-libevent@0x564529d94098 Aug 26 13:09:55.777511: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d91ea8 Aug 26 13:09:55.777514: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529d91ea8 Aug 26 13:09:55.777517: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:09:55.777520: | libevent_malloc: new ptr-libevent@0x7f5114002888 size 128 Aug 26 13:09:55.777531: | #1 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Aug 26 13:09:55.777536: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:55.777539: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Aug 26 13:09:55.777540: | crypto helper 2 resuming Aug 26 13:09:55.777560: | crypto helper 2 starting work-order 3 for state #1 Aug 26 13:09:55.777542: | suspending state #1 and saving MD Aug 26 13:09:55.777571: | crypto helper 2 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 3 Aug 26 13:09:55.777578: | #1 is busy; has a suspended MD Aug 26 13:09:55.777591: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:55.777595: | "north-eastnets/0x1" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:55.777601: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:55.777606: | #1 spent 0.639 milliseconds in ikev2_process_packet() Aug 26 13:09:55.777610: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:55.777613: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:55.777615: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:55.777619: | spent 0.652 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:55.778452: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Aug 26 13:09:55.779080: | crypto helper 2 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 3 time elapsed 0.001509 seconds Aug 26 13:09:55.779094: | (#1) spent 1.51 milliseconds in crypto helper computing work-order 3: ikev2_inR1outI2 KE (pcr) Aug 26 13:09:55.779100: | crypto helper 2 sending results from work-order 3 for state #1 to event queue Aug 26 13:09:55.779105: | scheduling resume sending helper answer for #1 Aug 26 13:09:55.779110: | libevent_malloc: new ptr-libevent@0x7f511800d5d8 size 128 Aug 26 13:09:55.779121: | crypto helper 2 waiting (nothing to do) Aug 26 13:09:55.779131: | processing resume sending helper answer for #1 Aug 26 13:09:55.779144: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:797) Aug 26 13:09:55.779148: | crypto helper 2 replies to request ID 3 Aug 26 13:09:55.779151: | calling continuation function 0x564528dcdb50 Aug 26 13:09:55.779154: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Aug 26 13:09:55.779162: | creating state object #3 at 0x564529d998c8 Aug 26 13:09:55.779165: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:09:55.779170: | pstats #3 ikev2.child started Aug 26 13:09:55.779173: | duplicating state object #1 "north-eastnets/0x1" as #3 for IPSEC SA Aug 26 13:09:55.779177: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:55.779183: | Message ID: init_child #1.#3; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:55.779187: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:55.779191: | Message ID: switch-to #1.#3 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Aug 26 13:09:55.779194: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:55.779197: | libevent_free: release ptr-libevent@0x7f5114002888 Aug 26 13:09:55.779199: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529d91ea8 Aug 26 13:09:55.779202: | event_schedule: new EVENT_SA_REPLACE-pe@0x564529d91ea8 Aug 26 13:09:55.779206: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Aug 26 13:09:55.779208: | libevent_malloc: new ptr-libevent@0x7f5114002888 size 128 Aug 26 13:09:55.779212: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Aug 26 13:09:55.779218: | **emit ISAKMP Message: Aug 26 13:09:55.779221: | initiator cookie: Aug 26 13:09:55.779223: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:55.779225: | responder cookie: Aug 26 13:09:55.779227: | a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.779230: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:55.779233: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:55.779235: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:55.779238: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:55.779240: | Message ID: 1 (0x1) Aug 26 13:09:55.779243: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:55.779246: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:55.779249: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.779253: | flags: none (0x0) Aug 26 13:09:55.779256: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:55.779259: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.779262: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:55.779270: | IKEv2 CERT: send a certificate? Aug 26 13:09:55.779272: | IKEv2 CERT: no certificate to send Aug 26 13:09:55.779275: | IDr payload will be sent Aug 26 13:09:55.779302: | ****emit IKEv2 Identification - Initiator - Payload: Aug 26 13:09:55.779312: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.779317: | flags: none (0x0) Aug 26 13:09:55.779320: | ID type: ID_FQDN (0x2) Aug 26 13:09:55.779325: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Aug 26 13:09:55.779330: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.779334: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Aug 26 13:09:55.779336: | my identity 65 61 73 74 Aug 26 13:09:55.779339: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Aug 26 13:09:55.779348: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:55.779351: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:55.779353: | flags: none (0x0) Aug 26 13:09:55.779355: | ID type: ID_FQDN (0x2) Aug 26 13:09:55.779358: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Aug 26 13:09:55.779361: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:55.779364: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.779367: | emitting 5 raw bytes of IDr into IKEv2 Identification - Responder - Payload Aug 26 13:09:55.779369: | IDr 6e 6f 72 74 68 Aug 26 13:09:55.779371: | emitting length of IKEv2 Identification - Responder - Payload: 13 Aug 26 13:09:55.779373: | not sending INITIAL_CONTACT Aug 26 13:09:55.779376: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:55.779379: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.779381: | flags: none (0x0) Aug 26 13:09:55.779383: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:55.779386: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:55.779389: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.779394: | started looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:55.779397: | actually looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:55.779400: | line 1: key type PKK_RSA(@east) to type PKK_RSA Aug 26 13:09:55.779403: | 1: compared key (none) to @east / @north -> 002 Aug 26 13:09:55.779406: | 2: compared key (none) to @east / @north -> 002 Aug 26 13:09:55.779408: | line 1: match=002 Aug 26 13:09:55.779411: | match 002 beats previous best_match 000 match=0x564529ce9b58 (line=1) Aug 26 13:09:55.779413: | concluding with best_match=002 best=0x564529ce9b58 (lineno=1) Aug 26 13:09:55.783328: | #1 spent 3.88 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:55.783338: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:55.783340: | rsa signature 3e a2 08 7b cf 70 05 a5 75 9b 75 49 96 e7 1c da Aug 26 13:09:55.783343: | rsa signature 1d 26 09 46 f6 86 d7 0d 32 95 0f c6 2a 0b 97 e1 Aug 26 13:09:55.783347: | rsa signature e5 20 44 5d b6 cb 04 65 51 ef 44 34 ef d9 8e 65 Aug 26 13:09:55.783349: | rsa signature f9 70 19 39 ae 59 1b 3c 84 e3 e7 9a 28 21 c9 39 Aug 26 13:09:55.783351: | rsa signature 5a ca e0 e8 ed aa dc 65 12 60 e5 51 7e c0 77 92 Aug 26 13:09:55.783353: | rsa signature a7 7b 1a 08 56 9f 21 b1 ff a6 1b cd 10 88 84 ae Aug 26 13:09:55.783355: | rsa signature 69 51 f4 a6 27 0f f4 d7 44 0e 08 30 78 d7 af 45 Aug 26 13:09:55.783357: | rsa signature 3b 2a db 10 b7 c1 fa 14 84 6d ae ce 07 2c 1e 52 Aug 26 13:09:55.783359: | rsa signature 03 4e 1b de 02 28 0c 2e f9 29 ad a1 86 98 f3 a3 Aug 26 13:09:55.783360: | rsa signature b7 6a 3b d7 d4 bf 71 e5 89 3a 3d 04 6f 94 24 19 Aug 26 13:09:55.783362: | rsa signature 8f c3 54 64 f6 ce f3 63 1a ef a0 12 1c 4a 84 44 Aug 26 13:09:55.783364: | rsa signature f0 a6 35 fd ba 06 db c3 87 8d d5 9e 76 cf 9e 70 Aug 26 13:09:55.783366: | rsa signature b2 23 ee 0e ff 8a 87 ff 6c 9c 33 10 05 a0 71 d9 Aug 26 13:09:55.783368: | rsa signature a2 85 09 24 a8 0b 1b 0c d0 57 c3 80 03 10 b7 9d Aug 26 13:09:55.783370: | rsa signature 4f 93 9e 0e 44 46 21 34 9d 3b 77 2c 2a ab cf 35 Aug 26 13:09:55.783372: | rsa signature 82 f6 5a c1 f6 8b c0 41 60 df 66 a0 96 e5 34 60 Aug 26 13:09:55.783374: | rsa signature af 1f 21 51 f0 a1 96 c8 07 64 a4 f7 01 a4 9c db Aug 26 13:09:55.783376: | rsa signature 7a 72 Aug 26 13:09:55.783379: | #1 spent 3.97 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:55.783382: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:09:55.783384: | getting first pending from state #1 Aug 26 13:09:55.783387: | Switching Child connection for #3 to "north-eastnets/0x2" from "north-eastnets/0x1" Aug 26 13:09:55.783390: | in connection_discard for connection north-eastnets/0x1 Aug 26 13:09:55.783408: | netlink_get_spi: allocated 0x7d9f9faa for esp.0@192.1.2.23 Aug 26 13:09:55.783412: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x2 (IKE SA initiator emitting ESP/AH proposals) Aug 26 13:09:55.783416: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:09:55.783421: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:09:55.783425: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:09:55.783427: | Emitting ikev2_proposals ... Aug 26 13:09:55.783430: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:55.783432: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.783434: | flags: none (0x0) Aug 26 13:09:55.783437: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:55.783439: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.783442: | discarding DH=NONE Aug 26 13:09:55.783444: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:55.783446: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:55.783448: | prop #: 1 (0x1) Aug 26 13:09:55.783450: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:55.783452: | spi size: 4 (0x4) Aug 26 13:09:55.783454: | # transforms: 3 (0x3) Aug 26 13:09:55.783456: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:55.783459: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:55.783461: | our spi 7d 9f 9f aa Aug 26 13:09:55.783463: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.783465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.783467: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:55.783469: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:55.783471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.783475: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:55.783478: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:55.783480: | length/value: 128 (0x80) Aug 26 13:09:55.783482: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:55.783484: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.783486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.783488: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:55.783490: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:55.783492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.783495: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.783497: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:55.783499: | discarding DH=NONE Aug 26 13:09:55.783501: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:55.783503: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:55.783505: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:55.783507: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:55.783509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:55.783511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:55.783513: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:55.783515: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:55.783518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:55.783520: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:09:55.783522: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:55.783524: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:55.783526: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.783528: | flags: none (0x0) Aug 26 13:09:55.783530: | number of TS: 1 (0x1) Aug 26 13:09:55.783533: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:55.783535: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.783537: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:55.783540: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:55.783541: | IP Protocol ID: 0 (0x0) Aug 26 13:09:55.783543: | start port: 0 (0x0) Aug 26 13:09:55.783545: | end port: 65535 (0xffff) Aug 26 13:09:55.783548: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:55.783550: | ipv4 start c0 00 16 00 Aug 26 13:09:55.783552: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:55.783554: | ipv4 end c0 00 16 ff Aug 26 13:09:55.783556: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:55.783558: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:55.783560: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:55.783562: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:55.783564: | flags: none (0x0) Aug 26 13:09:55.783566: | number of TS: 1 (0x1) Aug 26 13:09:55.783568: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:55.783573: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:55.783575: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:55.783577: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:55.783579: | IP Protocol ID: 0 (0x0) Aug 26 13:09:55.783581: | start port: 0 (0x0) Aug 26 13:09:55.783582: | end port: 65535 (0xffff) Aug 26 13:09:55.783585: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:55.783586: | ipv4 start c0 00 03 00 Aug 26 13:09:55.783589: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:55.783590: | ipv4 end c0 00 03 ff Aug 26 13:09:55.783592: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:55.783594: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:55.783596: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:55.783599: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:55.783601: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:09:55.783604: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:55.783606: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:55.783608: | emitting length of IKEv2 Encryption Payload: 436 Aug 26 13:09:55.783610: | emitting length of ISAKMP Message: 464 Aug 26 13:09:55.783633: | data being hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.783636: | data being hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:55.783638: | data being hmac: bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:55.783640: | data being hmac: 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:55.783642: | data being hmac: 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:55.783644: | data being hmac: 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:55.783646: | data being hmac: 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:55.783648: | data being hmac: 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:55.783650: | data being hmac: cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:55.783651: | data being hmac: 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:55.783653: | data being hmac: fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:55.783655: | data being hmac: 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:55.783657: | data being hmac: de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:55.783659: | data being hmac: 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:55.783661: | data being hmac: fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:55.783663: | data being hmac: e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:55.783665: | data being hmac: 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:55.783667: | data being hmac: 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:55.783669: | data being hmac: fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:55.783671: | data being hmac: 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:55.783673: | data being hmac: 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:55.783675: | data being hmac: 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:55.783676: | data being hmac: cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:55.783678: | data being hmac: ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:55.783680: | data being hmac: a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:55.783682: | data being hmac: 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:55.783684: | data being hmac: 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:55.783687: | data being hmac: 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:55.783689: | out calculated auth: Aug 26 13:09:55.783691: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:55.783698: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:55.783701: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:55.783705: | #3 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Aug 26 13:09:55.783707: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Aug 26 13:09:55.783710: | child state #3: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Aug 26 13:09:55.783712: | Message ID: updating counters for #3 to 0 after switching state Aug 26 13:09:55.783717: | Message ID: recv #1.#3 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Aug 26 13:09:55.783720: | Message ID: sent #1.#3 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Aug 26 13:09:55.783724: "north-eastnets/0x2" #3: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Aug 26 13:09:55.783728: | sending V2 reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:55.783732: | sending 464 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:55.783735: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.783736: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:55.783738: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:55.783740: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:55.783742: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:55.783744: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:55.783746: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:55.783747: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:55.783749: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:55.783751: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:55.783753: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:55.783755: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:55.783756: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:55.783758: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:55.783760: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:55.783762: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:55.783764: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:55.783766: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:55.783767: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:55.783769: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:55.783771: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:55.783773: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:55.783775: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:55.783776: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:55.783778: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:55.783780: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:55.783782: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:55.783784: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:55.783786: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:55.783818: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Aug 26 13:09:55.783826: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:55.783830: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Aug 26 13:09:55.783832: | libevent_malloc: new ptr-libevent@0x564529d95538 size 128 Aug 26 13:09:55.783837: | #3 STATE_PARENT_I2: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10281.526292 Aug 26 13:09:55.783840: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:09:55.783844: | #1 spent 4.65 milliseconds in resume sending helper answer Aug 26 13:09:55.783848: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in resume_handler() at server.c:833) Aug 26 13:09:55.783851: | libevent_free: release ptr-libevent@0x7f511800d5d8 Aug 26 13:09:55.833922: | timer_event_cb: processing event@0x7f5114002b78 Aug 26 13:09:55.833938: | handling event EVENT_RETRANSMIT for child state #3 Aug 26 13:09:55.833947: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:55.833952: | IKEv2 retransmit event Aug 26 13:09:55.833957: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:55.833961: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Aug 26 13:09:55.833965: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:55.833972: | retransmits: current time 10281.576435; retransmit count 0 exceeds limit? NO; deltatime 0.05 exceeds limit? NO; monotime 0.050143 exceeds limit? NO Aug 26 13:09:55.833977: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d94028 Aug 26 13:09:55.833981: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Aug 26 13:09:55.833985: | libevent_malloc: new ptr-libevent@0x7f511800d5d8 size 128 Aug 26 13:09:55.833990: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.05 seconds for response Aug 26 13:09:55.833998: | sending 464 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:55.834001: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.834003: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:55.834005: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:55.834008: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:55.834010: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:55.834013: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:55.834015: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:55.834018: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:55.834020: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:55.834023: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:55.834025: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:55.834028: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:55.834030: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:55.834033: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:55.834035: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:55.834037: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:55.834040: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:55.834042: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:55.834045: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:55.834047: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:55.834050: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:55.834052: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:55.834055: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:55.834057: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:55.834063: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:55.834066: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:55.834068: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:55.834071: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:55.834073: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:55.834110: | libevent_free: release ptr-libevent@0x564529d95538 Aug 26 13:09:55.834115: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:55.834122: | #3 spent 0.18 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:55.834127: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:55.885255: | timer_event_cb: processing event@0x564529d94028 Aug 26 13:09:55.885266: | handling event EVENT_RETRANSMIT for child state #3 Aug 26 13:09:55.885272: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:55.885295: | IKEv2 retransmit event Aug 26 13:09:55.885299: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:55.885302: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Aug 26 13:09:55.885305: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:55.885310: | retransmits: current time 10281.627774; retransmit count 1 exceeds limit? NO; deltatime 0.1 exceeds limit? NO; monotime 0.101482 exceeds limit? NO Aug 26 13:09:55.885312: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:55.885328: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #3 Aug 26 13:09:55.885330: | libevent_malloc: new ptr-libevent@0x564529d95538 size 128 Aug 26 13:09:55.885333: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.1 seconds for response Aug 26 13:09:55.885338: | sending 464 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:55.885340: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.885342: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:55.885343: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:55.885344: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:55.885346: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:55.885347: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:55.885349: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:55.885350: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:55.885352: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:55.885353: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:55.885355: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:55.885356: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:55.885358: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:55.885359: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:55.885361: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:55.885362: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:55.885363: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:55.885365: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:55.885366: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:55.885368: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:55.885369: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:55.885371: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:55.885372: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:55.885374: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:55.885377: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:55.885379: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:55.885380: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:55.885382: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:55.885383: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:55.885425: | libevent_free: release ptr-libevent@0x7f511800d5d8 Aug 26 13:09:55.885443: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d94028 Aug 26 13:09:55.885448: | #3 spent 0.167 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:55.885451: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:55.985572: | timer_event_cb: processing event@0x7f5114002b78 Aug 26 13:09:55.985603: | handling event EVENT_RETRANSMIT for child state #3 Aug 26 13:09:55.985613: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:55.985618: | IKEv2 retransmit event Aug 26 13:09:55.985624: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:55.985629: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Aug 26 13:09:55.985632: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:55.985637: | retransmits: current time 10281.728101; retransmit count 2 exceeds limit? NO; deltatime 0.2 exceeds limit? NO; monotime 0.201809 exceeds limit? NO Aug 26 13:09:55.985640: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d94028 Aug 26 13:09:55.985643: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #3 Aug 26 13:09:55.985646: | libevent_malloc: new ptr-libevent@0x7f511800d5d8 size 128 Aug 26 13:09:55.985649: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.2 seconds for response Aug 26 13:09:55.985655: | sending 464 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:55.985657: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:55.985658: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:55.985660: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:55.985661: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:55.985663: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:55.985664: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:55.985666: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:55.985667: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:55.985669: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:55.985670: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:55.985672: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:55.985673: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:55.985675: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:55.985676: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:55.985678: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:55.985679: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:55.985681: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:55.985682: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:55.985684: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:55.985685: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:55.985687: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:55.985688: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:55.985690: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:55.985691: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:55.985693: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:55.985697: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:55.985699: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:55.985700: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:55.985702: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:55.985759: | libevent_free: release ptr-libevent@0x564529d95538 Aug 26 13:09:55.985763: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:55.985768: | #3 spent 0.16 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:55.985771: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:56.187053: | timer_event_cb: processing event@0x564529d94028 Aug 26 13:09:56.187077: | handling event EVENT_RETRANSMIT for child state #3 Aug 26 13:09:56.187086: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:56.187091: | IKEv2 retransmit event Aug 26 13:09:56.187097: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:56.187102: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Aug 26 13:09:56.187107: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:56.187115: | retransmits: current time 10281.929578; retransmit count 3 exceeds limit? NO; deltatime 0.4 exceeds limit? NO; monotime 0.403286 exceeds limit? NO Aug 26 13:09:56.187119: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:56.187124: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #3 Aug 26 13:09:56.187128: | libevent_malloc: new ptr-libevent@0x564529d95538 size 128 Aug 26 13:09:56.187133: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.4 seconds for response Aug 26 13:09:56.187142: | sending 464 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:56.187145: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.187148: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:56.187151: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:56.187153: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:56.187156: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:56.187158: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:56.187160: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:56.187163: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:56.187165: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:56.187168: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:56.187170: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:56.187172: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:56.187175: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:56.187177: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:56.187180: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:56.187182: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:56.187185: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:56.187187: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:56.187190: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:56.187192: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:56.187195: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:56.187197: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:56.187200: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:56.187202: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:56.187205: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:56.187211: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:56.187214: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:56.187216: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:56.187219: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:56.187560: | libevent_free: release ptr-libevent@0x7f511800d5d8 Aug 26 13:09:56.187572: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d94028 Aug 26 13:09:56.187580: | #3 spent 0.499 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:56.187586: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:56.449461: | spent 0.00886 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:56.449531: | *received 464 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:56.449543: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.449550: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:56.449557: | 66 58 0f a9 8f 2a 2f e8 8a 63 8b 03 75 c0 51 b0 Aug 26 13:09:56.449563: | 26 67 d0 66 7d 92 b6 0b 7e fb c3 70 87 45 c9 bf Aug 26 13:09:56.449570: | 2d cb 9a 83 f8 21 92 13 e6 8f cc 33 78 84 26 83 Aug 26 13:09:56.449576: | de fb 32 44 9b 0d f6 07 6c 38 ec 74 f4 96 be 22 Aug 26 13:09:56.449583: | f8 bf 9f 1b 67 96 9c 98 14 fa 28 b5 62 2a ea 99 Aug 26 13:09:56.449589: | 81 ba 9e 2c 98 e7 7c 50 ef 28 60 07 4b 68 48 c7 Aug 26 13:09:56.449596: | dd 43 3e 18 6e eb ad a9 20 56 1e 4d fe de 9b 80 Aug 26 13:09:56.449602: | ca a4 a1 2a c9 91 bb ba 28 90 b7 1a ce ad c6 be Aug 26 13:09:56.449609: | b6 5f fe f8 e9 3e 18 fa 81 a5 7f f7 81 54 5f 3f Aug 26 13:09:56.449615: | cc 93 75 d1 45 7d 7f d3 89 87 dd 03 73 e4 d0 a5 Aug 26 13:09:56.449622: | fb 5a d3 b7 fc 2b c6 22 9d 61 4d e3 36 ab 3f 41 Aug 26 13:09:56.449628: | 88 a4 74 cc 96 a6 1c e1 14 ae 42 3f 1b dc 24 93 Aug 26 13:09:56.449635: | c6 7c ef 1d 74 0e f0 93 37 5e 2b a8 65 64 81 51 Aug 26 13:09:56.449641: | 92 3c 32 3f 7e 28 ed d0 be 3b 58 d1 58 38 68 5a Aug 26 13:09:56.449648: | 5e e8 40 f5 be d4 99 1e eb 87 65 fc c9 4b cd 10 Aug 26 13:09:56.449654: | b1 58 95 8a 3c d4 0c f7 50 3c 63 65 4b 0b a2 c0 Aug 26 13:09:56.449661: | 00 e9 66 2d b2 56 d8 97 40 fc 1b 4b a9 0f c4 d6 Aug 26 13:09:56.449667: | 98 ad d3 15 1f 58 90 67 4a cb de 9b 6e 04 7b 43 Aug 26 13:09:56.449674: | d9 1a 28 1b ce 18 a8 d3 c2 7f 18 41 d1 b3 7c fc Aug 26 13:09:56.449680: | e4 c8 bb d7 f5 79 45 91 7e 04 32 a9 9d 70 4c 37 Aug 26 13:09:56.449687: | 3c fe 5b 2f 72 9b 33 7c 4b 65 3a 1c 77 fc 90 38 Aug 26 13:09:56.449693: | 31 2a 5f 69 ad 98 44 93 42 83 c5 7a 1b 5d d7 46 Aug 26 13:09:56.449700: | 2b 72 f0 c0 46 18 19 b9 b6 ff a9 2d 2c 0b 16 cb Aug 26 13:09:56.449706: | 3c 67 0c 6b b3 59 3e 3d 39 1f 19 20 f0 59 15 5b Aug 26 13:09:56.449713: | 6c dd fe e9 fa b7 6c 4b 9b f9 f5 a3 d0 d2 b2 b5 Aug 26 13:09:56.449719: | 21 d9 e4 09 83 c3 7b 7a ee f5 8a 8c d7 f7 d0 b0 Aug 26 13:09:56.449726: | eb db 45 5e bc 70 d6 e7 51 2b d5 82 7e 55 c3 1e Aug 26 13:09:56.449739: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:56.449750: | **parse ISAKMP Message: Aug 26 13:09:56.449758: | initiator cookie: Aug 26 13:09:56.449765: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:56.449772: | responder cookie: Aug 26 13:09:56.449778: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.449786: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:56.449794: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:56.449801: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:56.449809: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:56.449816: | Message ID: 1 (0x1) Aug 26 13:09:56.449824: | length: 464 (0x1d0) Aug 26 13:09:56.449832: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:56.449841: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:56.449861: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:09:56.449880: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:56.449889: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:56.449902: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:56.449910: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:09:56.449923: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:09:56.449930: | unpacking clear payload Aug 26 13:09:56.449937: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:56.449945: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:56.449953: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:09:56.449961: | flags: none (0x0) Aug 26 13:09:56.449968: | length: 436 (0x1b4) Aug 26 13:09:56.449975: | processing payload: ISAKMP_NEXT_v2SK (len=432) Aug 26 13:09:56.449988: | Message ID: start-responder #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:56.449996: | #2 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:56.450004: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:56.450011: | Now let's proceed with state specific processing Aug 26 13:09:56.450018: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:09:56.450028: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:09:56.450041: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Aug 26 13:09:56.450051: | adding ikev2_inI2outR2 KE work-order 4 for state #2 Aug 26 13:09:56.450059: | state #2 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:09:56.450069: | libevent_free: release ptr-libevent@0x564529d83eb8 Aug 26 13:09:56.450079: | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f511c002b78 Aug 26 13:09:56.450088: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f511c002b78 Aug 26 13:09:56.450099: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:09:56.450108: | libevent_malloc: new ptr-libevent@0x7f511800d5d8 size 128 Aug 26 13:09:56.450138: | #2 spent 0.105 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:09:56.450155: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.450164: | #2 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:09:56.450164: | crypto helper 3 resuming Aug 26 13:09:56.450175: | suspending state #2 and saving MD Aug 26 13:09:56.450232: | crypto helper 3 starting work-order 4 for state #2 Aug 26 13:09:56.450243: | #2 is busy; has a suspended MD Aug 26 13:09:56.450259: | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 Aug 26 13:09:56.450268: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:56.450283: | "north-eastnets/0x2" #2 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:56.450335: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:56.450372: | #2 spent 0.822 milliseconds in ikev2_process_packet() Aug 26 13:09:56.450394: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:56.450406: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:56.450419: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:56.450439: | spent 0.893 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:56.454468: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Aug 26 13:09:56.456682: | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 time elapsed 0.006422 seconds Aug 26 13:09:56.456733: | (#2) spent 6.38 milliseconds in crypto helper computing work-order 4: ikev2_inI2outR2 KE (pcr) Aug 26 13:09:56.456751: | crypto helper 3 sending results from work-order 4 for state #2 to event queue Aug 26 13:09:56.456765: | scheduling resume sending helper answer for #2 Aug 26 13:09:56.456781: | libevent_malloc: new ptr-libevent@0x7f510c00dec8 size 128 Aug 26 13:09:56.456796: | libevent_realloc: release ptr-libevent@0x564529d72638 Aug 26 13:09:56.456809: | libevent_realloc: new ptr-libevent@0x7f510c00de18 size 128 Aug 26 13:09:56.456838: | crypto helper 3 waiting (nothing to do) Aug 26 13:09:56.456934: | processing resume sending helper answer for #2 Aug 26 13:09:56.456975: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:56.456991: | crypto helper 3 replies to request ID 4 Aug 26 13:09:56.456999: | calling continuation function 0x564528dcdb50 Aug 26 13:09:56.457007: | ikev2_parent_inI2outR2_continue for #2: calculating g^{xy}, sending R2 Aug 26 13:09:56.457017: | #2 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:09:56.457094: | data for hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.457105: | data for hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:56.457112: | data for hmac: 66 58 0f a9 8f 2a 2f e8 8a 63 8b 03 75 c0 51 b0 Aug 26 13:09:56.457119: | data for hmac: 26 67 d0 66 7d 92 b6 0b 7e fb c3 70 87 45 c9 bf Aug 26 13:09:56.457126: | data for hmac: 2d cb 9a 83 f8 21 92 13 e6 8f cc 33 78 84 26 83 Aug 26 13:09:56.457133: | data for hmac: de fb 32 44 9b 0d f6 07 6c 38 ec 74 f4 96 be 22 Aug 26 13:09:56.457140: | data for hmac: f8 bf 9f 1b 67 96 9c 98 14 fa 28 b5 62 2a ea 99 Aug 26 13:09:56.457147: | data for hmac: 81 ba 9e 2c 98 e7 7c 50 ef 28 60 07 4b 68 48 c7 Aug 26 13:09:56.457154: | data for hmac: dd 43 3e 18 6e eb ad a9 20 56 1e 4d fe de 9b 80 Aug 26 13:09:56.457161: | data for hmac: ca a4 a1 2a c9 91 bb ba 28 90 b7 1a ce ad c6 be Aug 26 13:09:56.457168: | data for hmac: b6 5f fe f8 e9 3e 18 fa 81 a5 7f f7 81 54 5f 3f Aug 26 13:09:56.457175: | data for hmac: cc 93 75 d1 45 7d 7f d3 89 87 dd 03 73 e4 d0 a5 Aug 26 13:09:56.457182: | data for hmac: fb 5a d3 b7 fc 2b c6 22 9d 61 4d e3 36 ab 3f 41 Aug 26 13:09:56.457188: | data for hmac: 88 a4 74 cc 96 a6 1c e1 14 ae 42 3f 1b dc 24 93 Aug 26 13:09:56.457195: | data for hmac: c6 7c ef 1d 74 0e f0 93 37 5e 2b a8 65 64 81 51 Aug 26 13:09:56.457202: | data for hmac: 92 3c 32 3f 7e 28 ed d0 be 3b 58 d1 58 38 68 5a Aug 26 13:09:56.457209: | data for hmac: 5e e8 40 f5 be d4 99 1e eb 87 65 fc c9 4b cd 10 Aug 26 13:09:56.457216: | data for hmac: b1 58 95 8a 3c d4 0c f7 50 3c 63 65 4b 0b a2 c0 Aug 26 13:09:56.457223: | data for hmac: 00 e9 66 2d b2 56 d8 97 40 fc 1b 4b a9 0f c4 d6 Aug 26 13:09:56.457230: | data for hmac: 98 ad d3 15 1f 58 90 67 4a cb de 9b 6e 04 7b 43 Aug 26 13:09:56.457237: | data for hmac: d9 1a 28 1b ce 18 a8 d3 c2 7f 18 41 d1 b3 7c fc Aug 26 13:09:56.457244: | data for hmac: e4 c8 bb d7 f5 79 45 91 7e 04 32 a9 9d 70 4c 37 Aug 26 13:09:56.457250: | data for hmac: 3c fe 5b 2f 72 9b 33 7c 4b 65 3a 1c 77 fc 90 38 Aug 26 13:09:56.457257: | data for hmac: 31 2a 5f 69 ad 98 44 93 42 83 c5 7a 1b 5d d7 46 Aug 26 13:09:56.457264: | data for hmac: 2b 72 f0 c0 46 18 19 b9 b6 ff a9 2d 2c 0b 16 cb Aug 26 13:09:56.457271: | data for hmac: 3c 67 0c 6b b3 59 3e 3d 39 1f 19 20 f0 59 15 5b Aug 26 13:09:56.457278: | data for hmac: 6c dd fe e9 fa b7 6c 4b 9b f9 f5 a3 d0 d2 b2 b5 Aug 26 13:09:56.457285: | data for hmac: 21 d9 e4 09 83 c3 7b 7a ee f5 8a 8c d7 f7 d0 b0 Aug 26 13:09:56.457325: | calculated auth: eb db 45 5e bc 70 d6 e7 51 2b d5 82 7e 55 c3 1e Aug 26 13:09:56.457352: | provided auth: eb db 45 5e bc 70 d6 e7 51 2b d5 82 7e 55 c3 1e Aug 26 13:09:56.457363: | authenticator matched Aug 26 13:09:56.457403: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:56.457419: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:09:56.457433: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:09:56.457446: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:56.457459: | flags: none (0x0) Aug 26 13:09:56.457471: | length: 13 (0xd) Aug 26 13:09:56.457482: | ID type: ID_FQDN (0x2) Aug 26 13:09:56.457493: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Aug 26 13:09:56.457501: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:56.457508: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:56.457515: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:56.457522: | flags: none (0x0) Aug 26 13:09:56.457529: | length: 12 (0xc) Aug 26 13:09:56.457535: | ID type: ID_FQDN (0x2) Aug 26 13:09:56.457542: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Aug 26 13:09:56.457549: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:56.457556: | **parse IKEv2 Authentication Payload: Aug 26 13:09:56.457563: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:56.457570: | flags: none (0x0) Aug 26 13:09:56.457577: | length: 282 (0x11a) Aug 26 13:09:56.457584: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:56.457591: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:09:56.457598: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:56.457605: | **parse IKEv2 Security Association Payload: Aug 26 13:09:56.457612: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:56.457619: | flags: none (0x0) Aug 26 13:09:56.457625: | length: 44 (0x2c) Aug 26 13:09:56.457632: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:09:56.457639: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:56.457646: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:56.457653: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:56.457660: | flags: none (0x0) Aug 26 13:09:56.457666: | length: 24 (0x18) Aug 26 13:09:56.457673: | number of TS: 1 (0x1) Aug 26 13:09:56.457680: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:56.457687: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:56.457694: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:56.457701: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.457708: | flags: none (0x0) Aug 26 13:09:56.457714: | length: 24 (0x18) Aug 26 13:09:56.457721: | number of TS: 1 (0x1) Aug 26 13:09:56.457728: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:56.457736: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:09:56.457743: | Now let's proceed with state specific processing Aug 26 13:09:56.457750: | calling processor Responder: process IKE_AUTH request Aug 26 13:09:56.457767: "north-eastnets/0x2" #2: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:09:56.457784: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:56.457793: | received IDr payload - extracting our alleged ID Aug 26 13:09:56.457803: | refine_host_connection for IKEv2: starting with "north-eastnets/0x2" Aug 26 13:09:56.457816: | match_id a=@north Aug 26 13:09:56.457823: | b=@north Aug 26 13:09:56.457829: | results matched Aug 26 13:09:56.457840: | refine_host_connection: checking "north-eastnets/0x2" against "north-eastnets/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:09:56.457848: | Warning: not switching back to template of current instance Aug 26 13:09:56.457856: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Aug 26 13:09:56.457864: | This connection's local id is @east (ID_FQDN) Aug 26 13:09:56.457879: | refine_host_connection: checked north-eastnets/0x2 against north-eastnets/0x2, now for see if best Aug 26 13:09:56.457890: | started looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:56.457898: | actually looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:56.457907: | line 1: key type PKK_RSA(@east) to type PKK_RSA Aug 26 13:09:56.457917: | 1: compared key (none) to @east / @north -> 002 Aug 26 13:09:56.457925: | 2: compared key (none) to @east / @north -> 002 Aug 26 13:09:56.457932: | line 1: match=002 Aug 26 13:09:56.457941: | match 002 beats previous best_match 000 match=0x564529ce9b58 (line=1) Aug 26 13:09:56.457949: | concluding with best_match=002 best=0x564529ce9b58 (lineno=1) Aug 26 13:09:56.457956: | returning because exact peer id match Aug 26 13:09:56.457963: | offered CA: '%none' Aug 26 13:09:56.457972: "north-eastnets/0x2" #2: IKEv2 mode peer ID is ID_FQDN: '@north' Aug 26 13:09:56.458023: | verifying AUTH payload Aug 26 13:09:56.458057: | required RSA CA is '%any' Aug 26 13:09:56.458067: | checking RSA keyid '@east' for match with '@north' Aug 26 13:09:56.458075: | checking RSA keyid '@north' for match with '@north' Aug 26 13:09:56.458083: | key issuer CA is '%any' Aug 26 13:09:56.458233: | an RSA Sig check passed with *AQPl33O2P [preloaded key] Aug 26 13:09:56.458253: | #2 spent 0.155 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:56.458262: "north-eastnets/0x2" #2: Authenticated using RSA Aug 26 13:09:56.458275: | #2 spent 0.237 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:56.458286: | parent state #2: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:09:56.458326: | #2 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:56.458335: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:56.458345: | libevent_free: release ptr-libevent@0x7f511800d5d8 Aug 26 13:09:56.458354: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f511c002b78 Aug 26 13:09:56.458363: | event_schedule: new EVENT_SA_REKEY-pe@0x7f511c002b78 Aug 26 13:09:56.458374: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #2 Aug 26 13:09:56.458382: | libevent_malloc: new ptr-libevent@0x564529d9c518 size 128 Aug 26 13:09:56.459177: | pstats #2 ikev2.ike established Aug 26 13:09:56.459204: | **emit ISAKMP Message: Aug 26 13:09:56.459222: | initiator cookie: Aug 26 13:09:56.459246: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:56.459261: | responder cookie: Aug 26 13:09:56.459273: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.459323: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:56.459353: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:56.459368: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:56.459382: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:56.459395: | Message ID: 1 (0x1) Aug 26 13:09:56.459411: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:56.459427: | IKEv2 CERT: send a certificate? Aug 26 13:09:56.459440: | IKEv2 CERT: no certificate to send Aug 26 13:09:56.459453: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:56.459468: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.459481: | flags: none (0x0) Aug 26 13:09:56.459502: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:56.459519: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.459537: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:56.459570: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:56.459635: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:09:56.459654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.459668: | flags: none (0x0) Aug 26 13:09:56.459676: | ID type: ID_FQDN (0x2) Aug 26 13:09:56.459694: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:09:56.459703: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.459713: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:09:56.459721: | my identity 65 61 73 74 Aug 26 13:09:56.459728: | emitting length of IKEv2 Identification - Responder - Payload: 12 Aug 26 13:09:56.459753: | assembled IDr payload Aug 26 13:09:56.459760: | CHILD SA proposals received Aug 26 13:09:56.459767: | going to assemble AUTH payload Aug 26 13:09:56.459775: | ****emit IKEv2 Authentication Payload: Aug 26 13:09:56.459782: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:56.459789: | flags: none (0x0) Aug 26 13:09:56.459796: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:56.459805: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:09:56.459814: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:09:56.459822: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.459838: | #2 spent 1.52 milliseconds Aug 26 13:09:56.459848: | started looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:56.459856: | actually looking for secret for @east->@north of kind PKK_RSA Aug 26 13:09:56.459865: | line 1: key type PKK_RSA(@east) to type PKK_RSA Aug 26 13:09:56.459875: | 1: compared key (none) to @east / @north -> 002 Aug 26 13:09:56.459883: | 2: compared key (none) to @east / @north -> 002 Aug 26 13:09:56.459890: | line 1: match=002 Aug 26 13:09:56.459898: | match 002 beats previous best_match 000 match=0x564529ce9b58 (line=1) Aug 26 13:09:56.459906: | concluding with best_match=002 best=0x564529ce9b58 (lineno=1) Aug 26 13:09:56.472719: | #2 spent 12.5 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:09:56.472757: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:09:56.472767: | rsa signature 1c 1a 65 a6 48 20 a4 b8 67 2c 15 0b be 40 d4 5f Aug 26 13:09:56.472775: | rsa signature b1 7d e3 28 d7 b4 81 48 5c 9b 9b 30 25 b0 a6 b9 Aug 26 13:09:56.472782: | rsa signature fe b2 94 92 92 49 ac ff a2 8b 2d 25 7e 76 0a e1 Aug 26 13:09:56.472788: | rsa signature a2 f7 9a f6 53 3d 67 29 9e cf 50 6a 27 b4 b9 0d Aug 26 13:09:56.472795: | rsa signature 3a fa ff 9b 49 19 52 7a 53 bb bf b6 35 63 8e e6 Aug 26 13:09:56.472802: | rsa signature 2d e1 0e e6 4a 8e 9a 25 66 5c bc 65 40 65 8c da Aug 26 13:09:56.472808: | rsa signature 21 7c cc 94 66 75 b8 29 c2 5a 1f e9 33 e5 fe 08 Aug 26 13:09:56.472815: | rsa signature 91 69 c4 83 e8 38 47 5a 84 c0 52 10 72 c8 ce 0d Aug 26 13:09:56.472822: | rsa signature 18 d0 6d 09 1b 6e 06 95 ef 4a 6c d8 f3 68 51 9b Aug 26 13:09:56.472828: | rsa signature 9f 48 c6 0d 48 0d c1 10 f3 3c b3 17 49 26 77 b9 Aug 26 13:09:56.472835: | rsa signature 32 9c c1 ca 24 df ab 7b 07 0a dd dd 61 42 23 17 Aug 26 13:09:56.472842: | rsa signature 96 80 10 46 d8 c3 1b 1a d3 be c1 bb c6 a7 82 d1 Aug 26 13:09:56.472848: | rsa signature 8d 1d e2 71 53 b2 e3 a7 d1 5f a3 ac f2 a4 1b 89 Aug 26 13:09:56.472855: | rsa signature 35 21 cd e6 a8 c4 86 e6 fd 1a e3 00 50 91 18 a9 Aug 26 13:09:56.472862: | rsa signature 21 71 98 50 1e 84 99 c1 34 28 5a f9 8d 18 53 22 Aug 26 13:09:56.472868: | rsa signature e3 96 96 21 4d d0 28 ec fd 15 4e 23 66 32 fa fc Aug 26 13:09:56.472875: | rsa signature 89 c9 04 86 d2 ee 41 b0 68 7a 20 bf b9 d5 fe 20 Aug 26 13:09:56.472881: | rsa signature e7 45 Aug 26 13:09:56.472895: | #2 spent 12.8 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:09:56.472904: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:09:56.472928: | creating state object #4 at 0x564529da0a78 Aug 26 13:09:56.472938: | State DB: adding IKEv2 state #4 in UNDEFINED Aug 26 13:09:56.472949: | pstats #4 ikev2.child started Aug 26 13:09:56.472958: | duplicating state object #2 "north-eastnets/0x2" as #4 for IPSEC SA Aug 26 13:09:56.472974: | #4 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:56.472992: | Message ID: init_child #2.#4; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:56.473005: | Message ID: switch-from #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:56.473018: | Message ID: switch-to #2.#4 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:09:56.473026: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:09:56.473034: | TSi: parsing 1 traffic selectors Aug 26 13:09:56.473042: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:56.473050: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.473058: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.473065: | length: 16 (0x10) Aug 26 13:09:56.473073: | start port: 0 (0x0) Aug 26 13:09:56.473080: | end port: 65535 (0xffff) Aug 26 13:09:56.473088: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:56.473095: | TS low c0 00 03 00 Aug 26 13:09:56.473103: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:56.473110: | TS high c0 00 03 ff Aug 26 13:09:56.473117: | TSi: parsed 1 traffic selectors Aug 26 13:09:56.473124: | TSr: parsing 1 traffic selectors Aug 26 13:09:56.473131: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:56.473138: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.473145: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.473152: | length: 16 (0x10) Aug 26 13:09:56.473158: | start port: 0 (0x0) Aug 26 13:09:56.473165: | end port: 65535 (0xffff) Aug 26 13:09:56.473172: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:56.473179: | TS low c0 00 02 00 Aug 26 13:09:56.473186: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:56.473192: | TS high c0 00 02 ff Aug 26 13:09:56.473199: | TSr: parsed 1 traffic selectors Aug 26 13:09:56.473206: | looking for best SPD in current connection Aug 26 13:09:56.473222: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:56.473235: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473253: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:56.473262: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:56.473269: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:56.473277: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:56.473286: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.473323: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473341: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:56.473348: | looking for better host pair Aug 26 13:09:56.473362: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:56.473374: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:56.473382: | investigating connection "north-eastnets/0x2" as a better match Aug 26 13:09:56.473391: | match_id a=@north Aug 26 13:09:56.473398: | b=@north Aug 26 13:09:56.473404: | results matched Aug 26 13:09:56.473418: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:56.473430: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473450: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:56.473458: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:56.473466: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:56.473473: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:56.473482: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.473493: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473506: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:09:56.473514: | investigating connection "north-eastnets/0x1" as a better match Aug 26 13:09:56.473522: | match_id a=@north Aug 26 13:09:56.473529: | b=@north Aug 26 13:09:56.473535: | results matched Aug 26 13:09:56.473547: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:56.473558: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473572: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:56.473580: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:56.473587: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:56.473594: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:56.473602: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.473613: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.473627: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:56.473635: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:56.473641: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:56.473649: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:56.473657: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.473664: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:56.473672: | protocol fitness found better match d north-eastnets/0x1, TSi[0],TSr[0] Aug 26 13:09:56.473680: | in connection_discard for connection north-eastnets/0x2 Aug 26 13:09:56.473688: | printing contents struct traffic_selector Aug 26 13:09:56.473695: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:56.473701: | ipprotoid: 0 Aug 26 13:09:56.473708: | port range: 0-65535 Aug 26 13:09:56.473719: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:56.473725: | printing contents struct traffic_selector Aug 26 13:09:56.473732: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:56.473738: | ipprotoid: 0 Aug 26 13:09:56.473744: | port range: 0-65535 Aug 26 13:09:56.473754: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:56.473765: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:09:56.473778: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:09:56.473794: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:09:56.473807: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:09:56.473817: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Aug 26 13:09:56.473827: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:56.473835: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:56.473842: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:56.473849: | local proposal 1 type DH has 1 transforms Aug 26 13:09:56.473856: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:56.473866: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:56.473879: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:56.473887: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:56.473894: | length: 40 (0x28) Aug 26 13:09:56.473902: | prop #: 1 (0x1) Aug 26 13:09:56.473909: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:56.473916: | spi size: 4 (0x4) Aug 26 13:09:56.473923: | # transforms: 3 (0x3) Aug 26 13:09:56.473932: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:56.473939: | remote SPI ea 23 2a f2 Aug 26 13:09:56.473947: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:56.473956: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.473963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.473970: | length: 12 (0xc) Aug 26 13:09:56.473977: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:56.473984: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:56.473992: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:56.474000: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:56.474007: | length/value: 128 (0x80) Aug 26 13:09:56.474019: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:56.474026: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.474033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.474040: | length: 8 (0x8) Aug 26 13:09:56.474047: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:56.474054: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:56.474064: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:56.474071: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.474078: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:56.474085: | length: 8 (0x8) Aug 26 13:09:56.474092: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:56.474099: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:56.474108: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:56.474119: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:09:56.474131: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:09:56.474138: | remote proposal 1 matches local proposal 1 Aug 26 13:09:56.474153: "north-eastnets/0x2" #2: proposal 1:ESP:SPI=ea232af2;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Aug 26 13:09:56.474166: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=ea232af2;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Aug 26 13:09:56.474173: | converting proposal to internal trans attrs Aug 26 13:09:56.474226: | netlink_get_spi: allocated 0x2e93a512 for esp.0@192.1.2.23 Aug 26 13:09:56.474236: | Emitting ikev2_proposal ... Aug 26 13:09:56.474244: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:56.474251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.474259: | flags: none (0x0) Aug 26 13:09:56.474269: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:56.474278: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.474287: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:56.474317: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:56.474326: | prop #: 1 (0x1) Aug 26 13:09:56.474333: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:56.474339: | spi size: 4 (0x4) Aug 26 13:09:56.474352: | # transforms: 3 (0x3) Aug 26 13:09:56.474361: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:56.474370: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:56.474377: | our spi 2e 93 a5 12 Aug 26 13:09:56.474385: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.474392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.474399: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:56.474406: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:56.474414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.474422: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:56.474430: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:56.474437: | length/value: 128 (0x80) Aug 26 13:09:56.474445: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:56.474452: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.474459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.474466: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:56.474473: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:56.474482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.474491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.474498: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:56.474505: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.474512: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:56.474519: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:56.474526: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:56.474534: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.474542: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.474550: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:56.474557: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:09:56.474565: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:56.474572: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:09:56.474580: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:56.474588: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:56.474596: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.474602: | flags: none (0x0) Aug 26 13:09:56.474609: | number of TS: 1 (0x1) Aug 26 13:09:56.474619: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:56.474627: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.474635: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:56.474641: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.474648: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.474655: | start port: 0 (0x0) Aug 26 13:09:56.474662: | end port: 65535 (0xffff) Aug 26 13:09:56.474671: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:56.474678: | ipv4 start c0 00 03 00 Aug 26 13:09:56.474685: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:56.474692: | ipv4 end c0 00 03 ff Aug 26 13:09:56.474702: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:56.474710: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:56.474717: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:56.474724: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.474731: | flags: none (0x0) Aug 26 13:09:56.474738: | number of TS: 1 (0x1) Aug 26 13:09:56.474746: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:56.474755: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.474762: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:56.474769: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.474775: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.474782: | start port: 0 (0x0) Aug 26 13:09:56.474789: | end port: 65535 (0xffff) Aug 26 13:09:56.474796: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:56.474803: | ipv4 start c0 00 02 00 Aug 26 13:09:56.474810: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:56.474817: | ipv4 end c0 00 02 ff Aug 26 13:09:56.474823: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:56.474831: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:56.474838: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:56.474848: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Aug 26 13:09:56.475669: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:09:56.475701: | #2 spent 2.78 milliseconds Aug 26 13:09:56.475711: | install_ipsec_sa() for #4: inbound and outbound Aug 26 13:09:56.475719: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:56.475726: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:56.475735: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.475744: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:56.475753: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.475760: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:56.475772: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Aug 26 13:09:56.475782: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:56.475791: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:56.475800: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:56.475811: | setting IPsec SA replay-window to 32 Aug 26 13:09:56.475820: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:09:56.475828: | netlink: enabling tunnel mode Aug 26 13:09:56.475836: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:56.475845: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:56.476026: | netlink response for Add SA esp.ea232af2@192.1.3.33 included non-error error Aug 26 13:09:56.476059: | set up outgoing SA, ref=0/0 Aug 26 13:09:56.476082: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:56.476101: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:56.476118: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:56.476137: | setting IPsec SA replay-window to 32 Aug 26 13:09:56.476154: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:09:56.476168: | netlink: enabling tunnel mode Aug 26 13:09:56.476182: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:56.476197: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:56.476417: | netlink response for Add SA esp.2e93a512@192.1.2.23 included non-error error Aug 26 13:09:56.476467: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:56.476504: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:56.476522: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:56.476633: | raw_eroute result=success Aug 26 13:09:56.476654: | set up incoming SA, ref=0/0 Aug 26 13:09:56.476669: | sr for #4: prospective erouted Aug 26 13:09:56.476686: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:56.476701: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:56.476718: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.476734: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:56.476751: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.476766: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:56.476786: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Aug 26 13:09:56.476809: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #4 Aug 26 13:09:56.476827: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:56.476867: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:56.476885: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:56.476954: | raw_eroute result=success Aug 26 13:09:56.476976: | running updown command "ipsec _updown" for verb up Aug 26 13:09:56.476992: | command executing up-client Aug 26 13:09:56.477143: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xea23 Aug 26 13:09:56.477167: | popen cmd is 1038 chars long Aug 26 13:09:56.477184: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Aug 26 13:09:56.477201: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_: Aug 26 13:09:56.477218: | cmd( 160):MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLU: Aug 26 13:09:56.477235: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_: Aug 26 13:09:56.477252: | cmd( 320):SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@nor: Aug 26 13:09:56.477268: | cmd( 400):th' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEE: Aug 26 13:09:56.477284: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Aug 26 13:09:56.477322: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCR: Aug 26 13:09:56.477335: | cmd( 640):YPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='C: Aug 26 13:09:56.477345: | cmd( 720):K_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0': Aug 26 13:09:56.477352: | cmd( 800): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Aug 26 13:09:56.477370: | cmd( 880):_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Aug 26 13:09:56.477378: | cmd( 960):G='no' VTI_SHARED='no' SPI_IN=0xea232af2 SPI_OUT=0x2e93a512 ipsec _updown 2>&1: Aug 26 13:09:56.512412: | route_and_eroute: firewall_notified: true Aug 26 13:09:56.512482: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x564529d91458,sr=0x564529d91458} to #4 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:56.512719: | #2 spent 3.12 milliseconds in install_ipsec_sa() Aug 26 13:09:56.512756: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #2 Aug 26 13:09:56.512773: | adding 14 bytes of padding (including 1 byte padding-length) Aug 26 13:09:56.512789: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512808: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512821: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512833: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512847: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512860: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512874: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512888: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512902: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512916: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512929: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512942: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512955: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512968: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.512981: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:56.512994: | emitting length of IKEv2 Encryption Payload: 436 Aug 26 13:09:56.513006: | emitting length of ISAKMP Message: 464 Aug 26 13:09:56.513246: | data being hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.513268: | data being hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:09:56.513281: | data being hmac: 39 52 32 25 db ae a0 8d 06 b0 1d 13 df d7 82 56 Aug 26 13:09:56.513319: | data being hmac: 7a 4d 59 93 fb d2 7f 37 70 e8 d5 af 93 7d d9 76 Aug 26 13:09:56.513341: | data being hmac: 6e f6 11 1f d2 29 f1 36 f4 96 8e a3 3e 37 0b 18 Aug 26 13:09:56.513353: | data being hmac: 14 9c 88 9e 9c 8e e8 57 94 5c f6 76 f3 37 fd d5 Aug 26 13:09:56.513363: | data being hmac: 5e c2 37 a2 fe 1b 3e 40 88 b2 a0 84 29 79 30 ee Aug 26 13:09:56.513375: | data being hmac: 61 f3 22 f1 6e b4 82 7f 94 66 b9 4e 6b 9d 01 79 Aug 26 13:09:56.513386: | data being hmac: 5a 35 59 67 c2 97 bf b1 db 0f b1 e6 fc 9e d2 6a Aug 26 13:09:56.513398: | data being hmac: e6 92 d9 93 00 c3 f1 a2 20 8b 13 95 5f 23 39 75 Aug 26 13:09:56.513409: | data being hmac: 06 2b 68 eb 5e b4 09 f4 9c ce 8e b1 5c b4 43 6a Aug 26 13:09:56.513420: | data being hmac: c2 46 9c b3 f6 3f 95 c8 6c 82 09 41 ac e8 14 46 Aug 26 13:09:56.513431: | data being hmac: 72 7f 29 11 0f 09 16 4f 76 7f 45 94 bc 11 42 79 Aug 26 13:09:56.513442: | data being hmac: c8 a2 66 3a e3 43 c4 00 69 95 a0 d7 a9 75 23 90 Aug 26 13:09:56.513453: | data being hmac: d4 29 2b 73 1c 0e 75 4d 9b 01 8e 31 9f 79 17 da Aug 26 13:09:56.513464: | data being hmac: 8b 5d c7 fc 22 41 e2 49 d6 2d c0 59 93 7e 93 dd Aug 26 13:09:56.513488: | data being hmac: 66 9d 2a 47 1d f4 94 2e 42 e4 c1 ab 9f 45 1a 59 Aug 26 13:09:56.513501: | data being hmac: 59 0e a3 15 e1 fa cf ee c3 1e 59 4f 98 4c 67 72 Aug 26 13:09:56.513512: | data being hmac: 9a e8 d5 ca 95 4f ac 68 43 51 93 0b d3 f5 20 c6 Aug 26 13:09:56.513523: | data being hmac: e9 8b e3 29 53 b8 20 8c b3 3d 23 46 c0 91 7f 31 Aug 26 13:09:56.513535: | data being hmac: ae 01 76 69 8d a2 a5 45 33 90 90 11 14 42 3a f0 Aug 26 13:09:56.513546: | data being hmac: 99 72 5b b3 76 a7 94 37 60 e6 bb 8a 8e 8e fe 41 Aug 26 13:09:56.513557: | data being hmac: e7 79 49 35 02 5a 73 a4 05 ec 52 75 c0 70 d1 ec Aug 26 13:09:56.513569: | data being hmac: 44 7d a1 7f d6 11 bf b4 9b ba 3d 72 d4 57 1f 14 Aug 26 13:09:56.513580: | data being hmac: ab ec f4 b6 97 76 96 df da bd 7f e2 83 fa 29 f1 Aug 26 13:09:56.513591: | data being hmac: 53 42 f7 49 54 04 28 a5 93 8a 24 05 b1 10 6b d1 Aug 26 13:09:56.513603: | data being hmac: b1 11 cf 6b 26 cf 4c af c8 15 56 22 e3 a9 d7 2e Aug 26 13:09:56.513614: | data being hmac: 46 d8 14 12 c8 14 a0 ab da 2d 79 6a a2 c8 8d 4e Aug 26 13:09:56.513625: | out calculated auth: Aug 26 13:09:56.513637: | c2 92 2d d8 0c 2e 81 d7 d1 a9 60 8c 86 31 32 21 Aug 26 13:09:56.513675: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:09:56.513706: | #2 spent 21.7 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:09:56.513742: | suspend processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.513770: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.513790: | #4 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:09:56.513805: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:09:56.513822: | child state #4: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:56.513836: | Message ID: updating counters for #4 to 1 after switching state Aug 26 13:09:56.513861: | Message ID: recv #2.#4 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:09:56.513883: | Message ID: sent #2.#4 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:56.513897: | pstats #4 ikev2.child established Aug 26 13:09:56.513936: "north-eastnets/0x1" #4: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:56.513956: | NAT-T: encaps is 'auto' Aug 26 13:09:56.513978: "north-eastnets/0x1" #4: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xea232af2 <0x2e93a512 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Aug 26 13:09:56.514001: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:56.514040: | sending 464 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:56.514054: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.514066: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:09:56.514077: | 39 52 32 25 db ae a0 8d 06 b0 1d 13 df d7 82 56 Aug 26 13:09:56.514088: | 7a 4d 59 93 fb d2 7f 37 70 e8 d5 af 93 7d d9 76 Aug 26 13:09:56.514100: | 6e f6 11 1f d2 29 f1 36 f4 96 8e a3 3e 37 0b 18 Aug 26 13:09:56.514110: | 14 9c 88 9e 9c 8e e8 57 94 5c f6 76 f3 37 fd d5 Aug 26 13:09:56.514121: | 5e c2 37 a2 fe 1b 3e 40 88 b2 a0 84 29 79 30 ee Aug 26 13:09:56.514132: | 61 f3 22 f1 6e b4 82 7f 94 66 b9 4e 6b 9d 01 79 Aug 26 13:09:56.514143: | 5a 35 59 67 c2 97 bf b1 db 0f b1 e6 fc 9e d2 6a Aug 26 13:09:56.514154: | e6 92 d9 93 00 c3 f1 a2 20 8b 13 95 5f 23 39 75 Aug 26 13:09:56.514174: | 06 2b 68 eb 5e b4 09 f4 9c ce 8e b1 5c b4 43 6a Aug 26 13:09:56.514186: | c2 46 9c b3 f6 3f 95 c8 6c 82 09 41 ac e8 14 46 Aug 26 13:09:56.514197: | 72 7f 29 11 0f 09 16 4f 76 7f 45 94 bc 11 42 79 Aug 26 13:09:56.514208: | c8 a2 66 3a e3 43 c4 00 69 95 a0 d7 a9 75 23 90 Aug 26 13:09:56.514219: | d4 29 2b 73 1c 0e 75 4d 9b 01 8e 31 9f 79 17 da Aug 26 13:09:56.514230: | 8b 5d c7 fc 22 41 e2 49 d6 2d c0 59 93 7e 93 dd Aug 26 13:09:56.514241: | 66 9d 2a 47 1d f4 94 2e 42 e4 c1 ab 9f 45 1a 59 Aug 26 13:09:56.514251: | 59 0e a3 15 e1 fa cf ee c3 1e 59 4f 98 4c 67 72 Aug 26 13:09:56.514262: | 9a e8 d5 ca 95 4f ac 68 43 51 93 0b d3 f5 20 c6 Aug 26 13:09:56.514272: | e9 8b e3 29 53 b8 20 8c b3 3d 23 46 c0 91 7f 31 Aug 26 13:09:56.514283: | ae 01 76 69 8d a2 a5 45 33 90 90 11 14 42 3a f0 Aug 26 13:09:56.514336: | 99 72 5b b3 76 a7 94 37 60 e6 bb 8a 8e 8e fe 41 Aug 26 13:09:56.514350: | e7 79 49 35 02 5a 73 a4 05 ec 52 75 c0 70 d1 ec Aug 26 13:09:56.514361: | 44 7d a1 7f d6 11 bf b4 9b ba 3d 72 d4 57 1f 14 Aug 26 13:09:56.514372: | ab ec f4 b6 97 76 96 df da bd 7f e2 83 fa 29 f1 Aug 26 13:09:56.514383: | 53 42 f7 49 54 04 28 a5 93 8a 24 05 b1 10 6b d1 Aug 26 13:09:56.514393: | b1 11 cf 6b 26 cf 4c af c8 15 56 22 e3 a9 d7 2e Aug 26 13:09:56.514403: | 46 d8 14 12 c8 14 a0 ab da 2d 79 6a a2 c8 8d 4e Aug 26 13:09:56.514414: | c2 92 2d d8 0c 2e 81 d7 d1 a9 60 8c 86 31 32 21 Aug 26 13:09:56.514523: | releasing whack for #4 (sock=fd@-1) Aug 26 13:09:56.514545: | releasing whack and unpending for parent #2 Aug 26 13:09:56.514558: | unpending state #2 connection "north-eastnets/0x1" Aug 26 13:09:56.514579: | #4 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:56.514595: | event_schedule: new EVENT_SA_REKEY-pe@0x564529d94028 Aug 26 13:09:56.514612: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #4 Aug 26 13:09:56.514627: | libevent_malloc: new ptr-libevent@0x564529da1928 size 128 Aug 26 13:09:56.514681: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Aug 26 13:09:56.514715: | #2 spent 23.4 milliseconds in resume sending helper answer Aug 26 13:09:56.514742: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:56.514765: | libevent_free: release ptr-libevent@0x7f510c00dec8 Aug 26 13:09:56.514820: | spent 0.00695 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:56.514871: | *received 464 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:56.514888: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.514901: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:56.514913: | 66 58 0f a9 8f 2a 2f e8 8a 63 8b 03 75 c0 51 b0 Aug 26 13:09:56.514924: | 26 67 d0 66 7d 92 b6 0b 7e fb c3 70 87 45 c9 bf Aug 26 13:09:56.514936: | 2d cb 9a 83 f8 21 92 13 e6 8f cc 33 78 84 26 83 Aug 26 13:09:56.514948: | de fb 32 44 9b 0d f6 07 6c 38 ec 74 f4 96 be 22 Aug 26 13:09:56.514958: | f8 bf 9f 1b 67 96 9c 98 14 fa 28 b5 62 2a ea 99 Aug 26 13:09:56.514969: | 81 ba 9e 2c 98 e7 7c 50 ef 28 60 07 4b 68 48 c7 Aug 26 13:09:56.514980: | dd 43 3e 18 6e eb ad a9 20 56 1e 4d fe de 9b 80 Aug 26 13:09:56.514991: | ca a4 a1 2a c9 91 bb ba 28 90 b7 1a ce ad c6 be Aug 26 13:09:56.515003: | b6 5f fe f8 e9 3e 18 fa 81 a5 7f f7 81 54 5f 3f Aug 26 13:09:56.515014: | cc 93 75 d1 45 7d 7f d3 89 87 dd 03 73 e4 d0 a5 Aug 26 13:09:56.515025: | fb 5a d3 b7 fc 2b c6 22 9d 61 4d e3 36 ab 3f 41 Aug 26 13:09:56.515036: | 88 a4 74 cc 96 a6 1c e1 14 ae 42 3f 1b dc 24 93 Aug 26 13:09:56.515048: | c6 7c ef 1d 74 0e f0 93 37 5e 2b a8 65 64 81 51 Aug 26 13:09:56.515059: | 92 3c 32 3f 7e 28 ed d0 be 3b 58 d1 58 38 68 5a Aug 26 13:09:56.515070: | 5e e8 40 f5 be d4 99 1e eb 87 65 fc c9 4b cd 10 Aug 26 13:09:56.515082: | b1 58 95 8a 3c d4 0c f7 50 3c 63 65 4b 0b a2 c0 Aug 26 13:09:56.515102: | 00 e9 66 2d b2 56 d8 97 40 fc 1b 4b a9 0f c4 d6 Aug 26 13:09:56.515115: | 98 ad d3 15 1f 58 90 67 4a cb de 9b 6e 04 7b 43 Aug 26 13:09:56.515126: | d9 1a 28 1b ce 18 a8 d3 c2 7f 18 41 d1 b3 7c fc Aug 26 13:09:56.515137: | e4 c8 bb d7 f5 79 45 91 7e 04 32 a9 9d 70 4c 37 Aug 26 13:09:56.515148: | 3c fe 5b 2f 72 9b 33 7c 4b 65 3a 1c 77 fc 90 38 Aug 26 13:09:56.515159: | 31 2a 5f 69 ad 98 44 93 42 83 c5 7a 1b 5d d7 46 Aug 26 13:09:56.515170: | 2b 72 f0 c0 46 18 19 b9 b6 ff a9 2d 2c 0b 16 cb Aug 26 13:09:56.515182: | 3c 67 0c 6b b3 59 3e 3d 39 1f 19 20 f0 59 15 5b Aug 26 13:09:56.515194: | 6c dd fe e9 fa b7 6c 4b 9b f9 f5 a3 d0 d2 b2 b5 Aug 26 13:09:56.515205: | 21 d9 e4 09 83 c3 7b 7a ee f5 8a 8c d7 f7 d0 b0 Aug 26 13:09:56.515217: | eb db 45 5e bc 70 d6 e7 51 2b d5 82 7e 55 c3 1e Aug 26 13:09:56.515238: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:56.515254: | **parse ISAKMP Message: Aug 26 13:09:56.515266: | initiator cookie: Aug 26 13:09:56.515276: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:56.515286: | responder cookie: Aug 26 13:09:56.515322: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.515335: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:56.515347: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:56.515357: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:56.515373: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:56.515384: | Message ID: 1 (0x1) Aug 26 13:09:56.515394: | length: 464 (0x1d0) Aug 26 13:09:56.515406: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:56.515419: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:09:56.515433: | State DB: found IKEv2 state #2 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:09:56.515458: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:56.515471: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:56.515491: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:56.515506: | #2 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000001 Aug 26 13:09:56.515520: "north-eastnets/0x2" #2: received duplicate IKE_AUTH message request (Message ID 1); retransmitting response Aug 26 13:09:56.515547: | sending 464 bytes for ikev2-responder-retransmit through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:56.515560: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:56.515571: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:09:56.515582: | 39 52 32 25 db ae a0 8d 06 b0 1d 13 df d7 82 56 Aug 26 13:09:56.515593: | 7a 4d 59 93 fb d2 7f 37 70 e8 d5 af 93 7d d9 76 Aug 26 13:09:56.515604: | 6e f6 11 1f d2 29 f1 36 f4 96 8e a3 3e 37 0b 18 Aug 26 13:09:56.515615: | 14 9c 88 9e 9c 8e e8 57 94 5c f6 76 f3 37 fd d5 Aug 26 13:09:56.515626: | 5e c2 37 a2 fe 1b 3e 40 88 b2 a0 84 29 79 30 ee Aug 26 13:09:56.515637: | 61 f3 22 f1 6e b4 82 7f 94 66 b9 4e 6b 9d 01 79 Aug 26 13:09:56.515647: | 5a 35 59 67 c2 97 bf b1 db 0f b1 e6 fc 9e d2 6a Aug 26 13:09:56.515658: | e6 92 d9 93 00 c3 f1 a2 20 8b 13 95 5f 23 39 75 Aug 26 13:09:56.515670: | 06 2b 68 eb 5e b4 09 f4 9c ce 8e b1 5c b4 43 6a Aug 26 13:09:56.515681: | c2 46 9c b3 f6 3f 95 c8 6c 82 09 41 ac e8 14 46 Aug 26 13:09:56.515692: | 72 7f 29 11 0f 09 16 4f 76 7f 45 94 bc 11 42 79 Aug 26 13:09:56.515703: | c8 a2 66 3a e3 43 c4 00 69 95 a0 d7 a9 75 23 90 Aug 26 13:09:56.515714: | d4 29 2b 73 1c 0e 75 4d 9b 01 8e 31 9f 79 17 da Aug 26 13:09:56.515725: | 8b 5d c7 fc 22 41 e2 49 d6 2d c0 59 93 7e 93 dd Aug 26 13:09:56.515736: | 66 9d 2a 47 1d f4 94 2e 42 e4 c1 ab 9f 45 1a 59 Aug 26 13:09:56.515746: | 59 0e a3 15 e1 fa cf ee c3 1e 59 4f 98 4c 67 72 Aug 26 13:09:56.515757: | 9a e8 d5 ca 95 4f ac 68 43 51 93 0b d3 f5 20 c6 Aug 26 13:09:56.515775: | e9 8b e3 29 53 b8 20 8c b3 3d 23 46 c0 91 7f 31 Aug 26 13:09:56.515786: | ae 01 76 69 8d a2 a5 45 33 90 90 11 14 42 3a f0 Aug 26 13:09:56.515795: | 99 72 5b b3 76 a7 94 37 60 e6 bb 8a 8e 8e fe 41 Aug 26 13:09:56.515805: | e7 79 49 35 02 5a 73 a4 05 ec 52 75 c0 70 d1 ec Aug 26 13:09:56.515815: | 44 7d a1 7f d6 11 bf b4 9b ba 3d 72 d4 57 1f 14 Aug 26 13:09:56.515826: | ab ec f4 b6 97 76 96 df da bd 7f e2 83 fa 29 f1 Aug 26 13:09:56.515837: | 53 42 f7 49 54 04 28 a5 93 8a 24 05 b1 10 6b d1 Aug 26 13:09:56.515848: | b1 11 cf 6b 26 cf 4c af c8 15 56 22 e3 a9 d7 2e Aug 26 13:09:56.515859: | 46 d8 14 12 c8 14 a0 ab da 2d 79 6a a2 c8 8d 4e Aug 26 13:09:56.515870: | c2 92 2d d8 0c 2e 81 d7 d1 a9 60 8c 86 31 32 21 Aug 26 13:09:56.515961: | stop processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:56.515990: | #2 spent 1.1 milliseconds in ikev2_process_packet() Aug 26 13:09:56.516010: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:56.516026: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:56.516039: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:56.516059: | spent 1.17 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:56.516958: | processing signal PLUTO_SIGCHLD Aug 26 13:09:56.517007: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:56.517033: | spent 0.0278 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:56.590391: | timer_event_cb: processing event@0x7f5114002b78 Aug 26 13:09:56.590410: | handling event EVENT_RETRANSMIT for child state #3 Aug 26 13:09:56.590419: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:56.590425: | IKEv2 retransmit event Aug 26 13:09:56.590432: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:56.590437: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Aug 26 13:09:56.590442: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:56.590449: | retransmits: current time 10282.332912; retransmit count 4 exceeds limit? NO; deltatime 0.8 exceeds limit? NO; monotime 0.80662 exceeds limit? NO Aug 26 13:09:56.590454: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:56.590458: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #3 Aug 26 13:09:56.590463: | libevent_malloc: new ptr-libevent@0x7f510c00dec8 size 128 Aug 26 13:09:56.590468: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.8 seconds for response Aug 26 13:09:56.590476: | sending 464 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:56.590480: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.590483: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:09:56.590486: | bf a6 83 ef 6c 14 b4 1d 94 55 48 71 b0 5f 0a cb Aug 26 13:09:56.590489: | 45 e3 48 f8 06 21 db 58 63 cb 07 08 dc 07 47 d8 Aug 26 13:09:56.590492: | 09 5d 21 8d 9c f7 a2 52 f3 53 04 26 37 19 e9 46 Aug 26 13:09:56.590494: | 77 86 6f 6a 3c 55 05 64 54 58 7b f2 72 96 6b bc Aug 26 13:09:56.590497: | 7a 66 8d c7 23 2a 25 7f c9 ad a8 fe 97 2f 96 5a Aug 26 13:09:56.590500: | 29 8d f5 bf c3 68 24 c5 88 88 68 06 86 b6 0e f9 Aug 26 13:09:56.590503: | cf de eb fd 3a 76 80 12 a1 64 b1 8d 37 a0 a6 4e Aug 26 13:09:56.590505: | 4f 5f f8 1e 4b d4 52 20 25 e4 53 93 57 85 69 2f Aug 26 13:09:56.590508: | fd 67 af 96 73 35 d5 cf be 3a 9f bc 36 82 50 7a Aug 26 13:09:56.590511: | 0b 56 a1 48 b0 83 c7 96 57 bd 3c 38 05 83 a2 f1 Aug 26 13:09:56.590514: | de f6 99 82 ed 65 93 12 dd b8 59 14 fe 95 88 91 Aug 26 13:09:56.590517: | 7e 34 be ba 3a 59 7b e6 b5 42 d5 a2 0d 2c 82 44 Aug 26 13:09:56.590523: | fc 2f 76 dd 28 bf 64 0f a9 3e 6f 3f 34 12 3b 7e Aug 26 13:09:56.590526: | e2 53 2e 76 07 70 c8 01 03 a2 91 cf 89 97 95 f2 Aug 26 13:09:56.590528: | 21 04 5f 49 3c 76 1d 99 d9 59 7a fa 3b 41 b0 ce Aug 26 13:09:56.590531: | 81 ae 67 40 bc 86 14 9b 23 a4 62 93 cc f8 27 28 Aug 26 13:09:56.590534: | fe 4f 7b 07 fe 8c 82 39 10 84 b4 69 40 d5 a5 d7 Aug 26 13:09:56.590537: | 1d 23 bd 18 8c 77 24 12 50 26 b5 73 45 dc a6 9f Aug 26 13:09:56.590540: | 5c ee 73 59 2c 93 90 ac b3 4c d6 02 18 cc 2b 64 Aug 26 13:09:56.590542: | 5f 11 6c c9 fe 97 c7 7e b9 f0 04 29 af 51 fd be Aug 26 13:09:56.590545: | cb 71 6d 88 e1 d5 46 8b be f2 9d af 51 6e 0b 33 Aug 26 13:09:56.590548: | ea ab a3 b5 e1 e9 d9 9a 2f da 96 61 b4 e7 55 3a Aug 26 13:09:56.590551: | a0 b9 4a 59 8e 36 2a 48 72 fb d4 d1 7f 35 29 74 Aug 26 13:09:56.590553: | 9f e4 71 a0 6c 09 e3 73 c2 5a 74 92 0d 33 bf 85 Aug 26 13:09:56.590556: | 70 18 ef 71 0d f7 8e 72 a6 e6 10 81 37 e2 93 36 Aug 26 13:09:56.590559: | 1b b4 ea 28 00 09 34 6f 6c 6c c9 4d 31 f6 ed f3 Aug 26 13:09:56.590562: | 6c 21 ea 11 82 bb b4 73 8f 16 83 9c c8 8c 8b 60 Aug 26 13:09:56.590592: | libevent_free: release ptr-libevent@0x564529d95538 Aug 26 13:09:56.590601: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f5114002b78 Aug 26 13:09:56.590609: | #3 spent 0.205 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:56.590615: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:56.834583: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:56.834605: | *received 464 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:56.834610: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.834614: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:09:56.834616: | e7 71 a8 46 4f 36 63 72 31 cb aa 07 96 3b 1f fd Aug 26 13:09:56.834619: | c1 2f e7 c9 02 57 d3 b4 54 0c 48 6d 31 9d e6 94 Aug 26 13:09:56.834621: | 90 01 a2 55 35 35 85 ec 11 48 47 ac d5 52 d1 86 Aug 26 13:09:56.834624: | 9a 07 53 d0 2d f5 f8 ba 28 0b b7 63 dd 64 51 fb Aug 26 13:09:56.834626: | f7 e8 ba bf 41 0f f2 f4 30 16 4b a9 53 f8 48 a8 Aug 26 13:09:56.834629: | 5a 9b da 07 e1 f5 a5 f7 03 82 de 0c 7c 34 22 a8 Aug 26 13:09:56.834632: | 8f 89 01 6b f9 bd 27 d8 46 f4 64 bc 15 f2 58 7a Aug 26 13:09:56.834634: | a9 33 c9 4a 62 0e 45 73 e5 59 72 a8 54 cd 78 f8 Aug 26 13:09:56.834637: | c6 9b 2f 90 10 9e 46 c9 9e c8 34 4b da 2a 75 54 Aug 26 13:09:56.834639: | cb 5b e5 4d 58 d0 ff 2c a6 48 3b 97 33 0d c0 6e Aug 26 13:09:56.834642: | 9c 03 e0 6e 2b 6b 3f 6f b4 29 cc b1 d8 c5 8f 5b Aug 26 13:09:56.834644: | 49 4e 15 84 5f 3d ee 12 e1 14 fa a2 55 11 64 59 Aug 26 13:09:56.834647: | 3e 1b 46 10 8b 78 ef ff f5 b2 83 c0 b5 8c 91 ae Aug 26 13:09:56.834649: | 04 15 1a d8 36 32 b5 cd 22 a2 60 c2 dc bf d0 95 Aug 26 13:09:56.834652: | ab a6 48 50 68 3e 51 28 c5 26 19 09 e9 bb ee 9b Aug 26 13:09:56.834655: | 5d f2 9a 4c 8e 10 c7 0d 2a 60 ce 93 31 dd 5c 2a Aug 26 13:09:56.834657: | 48 b6 a0 73 3b 30 b9 3d 03 14 6f 87 20 cc 5a 38 Aug 26 13:09:56.834660: | f0 45 22 cd 22 7f b6 ff c2 9a 14 a0 4a 92 30 70 Aug 26 13:09:56.834662: | c8 fa bf 5c 37 58 1b 04 d1 10 6a 31 a4 52 41 25 Aug 26 13:09:56.834665: | bb 15 6d 6b 10 53 26 92 61 e9 7f da 92 99 2f 71 Aug 26 13:09:56.834667: | 3f 85 d6 77 98 78 0f 1a 24 ee 89 a5 75 ca 7d 66 Aug 26 13:09:56.834670: | d6 8d 2d 5a 52 ca 41 56 2e 7b 70 5f 87 ed 56 71 Aug 26 13:09:56.834672: | b1 c9 ae 16 db 47 95 c5 66 96 98 9b d7 54 13 0b Aug 26 13:09:56.834675: | 2f 20 e4 09 e6 46 92 6b 4d 14 9c 23 17 68 ca 8b Aug 26 13:09:56.834677: | 9b db aa 69 ef 8d 6c 8b 64 81 e4 51 fb 05 39 9a Aug 26 13:09:56.834680: | fd 99 48 e5 d4 e7 2b 5a 34 24 e2 ba a2 2e 86 68 Aug 26 13:09:56.834682: | 90 db c6 8a 4d 83 ab f5 24 80 d3 fc 7a 7b e0 fc Aug 26 13:09:56.834690: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:56.834695: | **parse ISAKMP Message: Aug 26 13:09:56.834698: | initiator cookie: Aug 26 13:09:56.834701: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:56.834704: | responder cookie: Aug 26 13:09:56.834706: | a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.834709: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:56.834713: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:56.834715: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:09:56.834718: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:56.834721: | Message ID: 1 (0x1) Aug 26 13:09:56.834724: | length: 464 (0x1d0) Aug 26 13:09:56.834727: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:09:56.834731: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Aug 26 13:09:56.834736: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Aug 26 13:09:56.834743: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:56.834747: | State DB: found IKEv2 state #3 in PARENT_I2 (find_v2_sa_by_initiator_wip) Aug 26 13:09:56.834752: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:56.834757: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:56.834760: | #3 is idle Aug 26 13:09:56.834763: | #3 idle Aug 26 13:09:56.834766: | unpacking clear payload Aug 26 13:09:56.834768: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:56.834772: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:56.834775: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:09:56.834778: | flags: none (0x0) Aug 26 13:09:56.834781: | length: 436 (0x1b4) Aug 26 13:09:56.834783: | processing payload: ISAKMP_NEXT_v2SK (len=432) Aug 26 13:09:56.834787: | #3 in state PARENT_I2: sent v2I2, expected v2R2 Aug 26 13:09:56.834823: | data for hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.834828: | data for hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:09:56.834831: | data for hmac: e7 71 a8 46 4f 36 63 72 31 cb aa 07 96 3b 1f fd Aug 26 13:09:56.834833: | data for hmac: c1 2f e7 c9 02 57 d3 b4 54 0c 48 6d 31 9d e6 94 Aug 26 13:09:56.834836: | data for hmac: 90 01 a2 55 35 35 85 ec 11 48 47 ac d5 52 d1 86 Aug 26 13:09:56.834838: | data for hmac: 9a 07 53 d0 2d f5 f8 ba 28 0b b7 63 dd 64 51 fb Aug 26 13:09:56.834841: | data for hmac: f7 e8 ba bf 41 0f f2 f4 30 16 4b a9 53 f8 48 a8 Aug 26 13:09:56.834844: | data for hmac: 5a 9b da 07 e1 f5 a5 f7 03 82 de 0c 7c 34 22 a8 Aug 26 13:09:56.834846: | data for hmac: 8f 89 01 6b f9 bd 27 d8 46 f4 64 bc 15 f2 58 7a Aug 26 13:09:56.834849: | data for hmac: a9 33 c9 4a 62 0e 45 73 e5 59 72 a8 54 cd 78 f8 Aug 26 13:09:56.834851: | data for hmac: c6 9b 2f 90 10 9e 46 c9 9e c8 34 4b da 2a 75 54 Aug 26 13:09:56.834854: | data for hmac: cb 5b e5 4d 58 d0 ff 2c a6 48 3b 97 33 0d c0 6e Aug 26 13:09:56.834857: | data for hmac: 9c 03 e0 6e 2b 6b 3f 6f b4 29 cc b1 d8 c5 8f 5b Aug 26 13:09:56.834859: | data for hmac: 49 4e 15 84 5f 3d ee 12 e1 14 fa a2 55 11 64 59 Aug 26 13:09:56.834862: | data for hmac: 3e 1b 46 10 8b 78 ef ff f5 b2 83 c0 b5 8c 91 ae Aug 26 13:09:56.834865: | data for hmac: 04 15 1a d8 36 32 b5 cd 22 a2 60 c2 dc bf d0 95 Aug 26 13:09:56.834867: | data for hmac: ab a6 48 50 68 3e 51 28 c5 26 19 09 e9 bb ee 9b Aug 26 13:09:56.834870: | data for hmac: 5d f2 9a 4c 8e 10 c7 0d 2a 60 ce 93 31 dd 5c 2a Aug 26 13:09:56.834872: | data for hmac: 48 b6 a0 73 3b 30 b9 3d 03 14 6f 87 20 cc 5a 38 Aug 26 13:09:56.834875: | data for hmac: f0 45 22 cd 22 7f b6 ff c2 9a 14 a0 4a 92 30 70 Aug 26 13:09:56.834878: | data for hmac: c8 fa bf 5c 37 58 1b 04 d1 10 6a 31 a4 52 41 25 Aug 26 13:09:56.834882: | data for hmac: bb 15 6d 6b 10 53 26 92 61 e9 7f da 92 99 2f 71 Aug 26 13:09:56.834885: | data for hmac: 3f 85 d6 77 98 78 0f 1a 24 ee 89 a5 75 ca 7d 66 Aug 26 13:09:56.834887: | data for hmac: d6 8d 2d 5a 52 ca 41 56 2e 7b 70 5f 87 ed 56 71 Aug 26 13:09:56.834890: | data for hmac: b1 c9 ae 16 db 47 95 c5 66 96 98 9b d7 54 13 0b Aug 26 13:09:56.834893: | data for hmac: 2f 20 e4 09 e6 46 92 6b 4d 14 9c 23 17 68 ca 8b Aug 26 13:09:56.834896: | data for hmac: 9b db aa 69 ef 8d 6c 8b 64 81 e4 51 fb 05 39 9a Aug 26 13:09:56.834898: | data for hmac: fd 99 48 e5 d4 e7 2b 5a 34 24 e2 ba a2 2e 86 68 Aug 26 13:09:56.834901: | calculated auth: 90 db c6 8a 4d 83 ab f5 24 80 d3 fc 7a 7b e0 fc Aug 26 13:09:56.834904: | provided auth: 90 db c6 8a 4d 83 ab f5 24 80 d3 fc 7a 7b e0 fc Aug 26 13:09:56.834906: | authenticator matched Aug 26 13:09:56.834922: | #3 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:09:56.834927: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:09:56.834931: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:09:56.834934: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:09:56.834936: | flags: none (0x0) Aug 26 13:09:56.834939: | length: 13 (0xd) Aug 26 13:09:56.834942: | ID type: ID_FQDN (0x2) Aug 26 13:09:56.834945: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Aug 26 13:09:56.834948: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:09:56.834951: | **parse IKEv2 Authentication Payload: Aug 26 13:09:56.834954: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:56.834956: | flags: none (0x0) Aug 26 13:09:56.834959: | length: 282 (0x11a) Aug 26 13:09:56.834962: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:09:56.834964: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:09:56.834967: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:56.834971: | **parse IKEv2 Security Association Payload: Aug 26 13:09:56.834973: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:56.834976: | flags: none (0x0) Aug 26 13:09:56.834979: | length: 44 (0x2c) Aug 26 13:09:56.834981: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:09:56.834984: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:56.834987: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:56.834990: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:56.834992: | flags: none (0x0) Aug 26 13:09:56.834995: | length: 24 (0x18) Aug 26 13:09:56.834998: | number of TS: 1 (0x1) Aug 26 13:09:56.835001: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:56.835003: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:56.835006: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:56.835009: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.835012: | flags: none (0x0) Aug 26 13:09:56.835014: | length: 24 (0x18) Aug 26 13:09:56.835017: | number of TS: 1 (0x1) Aug 26 13:09:56.835019: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:56.835022: | selected state microcode Initiator: process IKE_AUTH response Aug 26 13:09:56.835025: | Now let's proceed with state specific processing Aug 26 13:09:56.835028: | calling processor Initiator: process IKE_AUTH response Aug 26 13:09:56.835034: | offered CA: '%none' Aug 26 13:09:56.835039: "north-eastnets/0x2" #3: IKEv2 mode peer ID is ID_FQDN: '@north' Aug 26 13:09:56.835060: | verifying AUTH payload Aug 26 13:09:56.835080: | required RSA CA is '%any' Aug 26 13:09:56.835085: | checking RSA keyid '@east' for match with '@north' Aug 26 13:09:56.835089: | checking RSA keyid '@north' for match with '@north' Aug 26 13:09:56.835092: | key issuer CA is '%any' Aug 26 13:09:56.835154: | an RSA Sig check passed with *AQPl33O2P [preloaded key] Aug 26 13:09:56.835162: | #1 spent 0.0644 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:09:56.835166: "north-eastnets/0x2" #3: Authenticated using RSA Aug 26 13:09:56.835173: | #1 spent 0.106 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:09:56.835178: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Aug 26 13:09:56.835183: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Aug 26 13:09:56.835187: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:56.835192: | libevent_free: release ptr-libevent@0x7f5114002888 Aug 26 13:09:56.835196: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564529d91ea8 Aug 26 13:09:56.835199: | event_schedule: new EVENT_SA_REKEY-pe@0x564529d91ea8 Aug 26 13:09:56.835203: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Aug 26 13:09:56.835207: | libevent_malloc: new ptr-libevent@0x564529d95538 size 128 Aug 26 13:09:56.835251: | pstats #1 ikev2.ike established Aug 26 13:09:56.835258: | TSi: parsing 1 traffic selectors Aug 26 13:09:56.835262: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:56.835264: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.835267: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.835270: | length: 16 (0x10) Aug 26 13:09:56.835272: | start port: 0 (0x0) Aug 26 13:09:56.835275: | end port: 65535 (0xffff) Aug 26 13:09:56.835279: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:56.835281: | TS low c0 00 16 00 Aug 26 13:09:56.835284: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:56.835287: | TS high c0 00 16 ff Aug 26 13:09:56.835297: | TSi: parsed 1 traffic selectors Aug 26 13:09:56.835300: | TSr: parsing 1 traffic selectors Aug 26 13:09:56.835303: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:56.835306: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.835309: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.835311: | length: 16 (0x10) Aug 26 13:09:56.835314: | start port: 0 (0x0) Aug 26 13:09:56.835316: | end port: 65535 (0xffff) Aug 26 13:09:56.835319: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:56.835322: | TS low c0 00 03 00 Aug 26 13:09:56.835324: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:56.835327: | TS high c0 00 03 ff Aug 26 13:09:56.835329: | TSr: parsed 1 traffic selectors Aug 26 13:09:56.835336: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:09:56.835342: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.835349: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:56.835353: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:56.835356: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:56.835359: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:56.835362: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.835367: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:56.835374: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:56.835377: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:56.835380: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:56.835383: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:56.835386: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:56.835389: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:56.835392: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:56.835394: | printing contents struct traffic_selector Aug 26 13:09:56.835397: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:56.835400: | ipprotoid: 0 Aug 26 13:09:56.835402: | port range: 0-65535 Aug 26 13:09:56.835406: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:56.835409: | printing contents struct traffic_selector Aug 26 13:09:56.835412: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:56.835414: | ipprotoid: 0 Aug 26 13:09:56.835417: | port range: 0-65535 Aug 26 13:09:56.835423: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:56.835432: | using existing local ESP/AH proposals for north-eastnets/0x2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:09:56.835436: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:09:56.835441: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:56.835444: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:56.835447: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:56.835450: | local proposal 1 type DH has 1 transforms Aug 26 13:09:56.835452: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:56.835456: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:09:56.835460: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:56.835463: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:56.835465: | length: 40 (0x28) Aug 26 13:09:56.835468: | prop #: 1 (0x1) Aug 26 13:09:56.835471: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:56.835474: | spi size: 4 (0x4) Aug 26 13:09:56.835476: | # transforms: 3 (0x3) Aug 26 13:09:56.835480: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:56.835482: | remote SPI 39 ab 50 2d Aug 26 13:09:56.835486: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:56.835490: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.835493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.835495: | length: 12 (0xc) Aug 26 13:09:56.835498: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:56.835501: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:56.835504: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:56.835507: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:56.835509: | length/value: 128 (0x80) Aug 26 13:09:56.835514: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:56.835517: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.835520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.835523: | length: 8 (0x8) Aug 26 13:09:56.835526: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:56.835529: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:56.835533: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:56.835536: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:56.835538: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:56.835541: | length: 8 (0x8) Aug 26 13:09:56.835544: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:56.835546: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:56.835550: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:56.835554: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:09:56.835559: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:09:56.835562: | remote proposal 1 matches local proposal 1 Aug 26 13:09:56.835566: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Aug 26 13:09:56.835572: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=39ab502d;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Aug 26 13:09:56.835575: | converting proposal to internal trans attrs Aug 26 13:09:56.835581: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Aug 26 13:09:56.835918: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:09:56.835924: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:56.835930: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:56.835934: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.835937: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:56.835940: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.835943: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:56.835948: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Aug 26 13:09:56.835952: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:56.835956: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:56.835959: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:56.835964: | setting IPsec SA replay-window to 32 Aug 26 13:09:56.835968: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Aug 26 13:09:56.835971: | netlink: enabling tunnel mode Aug 26 13:09:56.835974: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:56.835977: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:56.836047: | netlink response for Add SA esp.39ab502d@192.1.3.33 included non-error error Aug 26 13:09:56.836052: | set up outgoing SA, ref=0/0 Aug 26 13:09:56.836056: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:56.836059: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:56.836062: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:56.836067: | setting IPsec SA replay-window to 32 Aug 26 13:09:56.836070: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Aug 26 13:09:56.836073: | netlink: enabling tunnel mode Aug 26 13:09:56.836076: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:56.836079: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:56.836118: | netlink response for Add SA esp.7d9f9faa@192.1.2.23 included non-error error Aug 26 13:09:56.836123: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:56.836131: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:09:56.836135: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:56.836162: | raw_eroute result=success Aug 26 13:09:56.836167: | set up incoming SA, ref=0/0 Aug 26 13:09:56.836170: | sr for #3: prospective erouted Aug 26 13:09:56.836173: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:56.836176: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:56.836179: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.836183: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:56.836186: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:56.836188: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:56.836193: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Aug 26 13:09:56.836197: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x564529d91458} and state: #3 Aug 26 13:09:56.836201: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:56.836209: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:56.836213: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:56.836228: | raw_eroute result=success Aug 26 13:09:56.836232: | running updown command "ipsec _updown" for verb up Aug 26 13:09:56.836236: | command executing up-client Aug 26 13:09:56.836263: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x39 Aug 26 13:09:56.836270: | popen cmd is 1040 chars long Aug 26 13:09:56.836274: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Aug 26 13:09:56.836277: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_: Aug 26 13:09:56.836280: | cmd( 160):MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' P: Aug 26 13:09:56.836283: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 13:09:56.836286: | cmd( 320):O_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@n: Aug 26 13:09:56.836292: | cmd( 400):orth' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_P: Aug 26 13:09:56.836298: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:09:56.836301: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 13:09:56.836304: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Aug 26 13:09:56.836306: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Aug 26 13:09:56.836309: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Aug 26 13:09:56.836312: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Aug 26 13:09:56.836315: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x39ab502d SPI_OUT=0x7d9f9faa ipsec _updown 2>&1: Aug 26 13:09:56.858587: | route_and_eroute: firewall_notified: true Aug 26 13:09:56.858608: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x564529d92988,sr=0x564529d92988} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:09:56.858726: | #1 spent 0.934 milliseconds in install_ipsec_sa() Aug 26 13:09:56.858735: | inR2: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:09:56.858739: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:56.858743: | #3 STATE_PARENT_I2: retransmits: cleared Aug 26 13:09:56.858757: | libevent_free: release ptr-libevent@0x7f510c00dec8 Aug 26 13:09:56.858764: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:56.858771: | #3 spent 1.86 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Aug 26 13:09:56.858779: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.858784: | #3 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Aug 26 13:09:56.858787: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Aug 26 13:09:56.858791: | child state #3: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:56.858794: | Message ID: updating counters for #3 to 1 after switching state Aug 26 13:09:56.858800: | Message ID: recv #1.#3 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Aug 26 13:09:56.858805: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:56.858811: | pstats #3 ikev2.child established Aug 26 13:09:56.858822: "north-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:56.858826: | NAT-T: encaps is 'auto' Aug 26 13:09:56.858832: "north-eastnets/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x39ab502d <0x7d9f9faa xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Aug 26 13:09:56.858835: | releasing whack for #3 (sock=fd@-1) Aug 26 13:09:56.858838: | releasing whack and unpending for parent #1 Aug 26 13:09:56.858841: | unpending state #1 connection "north-eastnets/0x2" Aug 26 13:09:56.858847: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x2" Aug 26 13:09:56.858851: | removing pending policy for no connection {0x564529d832c8} Aug 26 13:09:56.858856: | FOR_EACH_STATE_... in find_pending_phase2 Aug 26 13:09:56.858864: | creating state object #5 at 0x564529d98cf8 Aug 26 13:09:56.858868: | State DB: adding IKEv2 state #5 in UNDEFINED Aug 26 13:09:56.858877: | pstats #5 ikev2.child started Aug 26 13:09:56.858881: | duplicating state object #1 "north-eastnets/0x1" as #5 for IPSEC SA Aug 26 13:09:56.858887: | #5 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:56.858900: | Message ID: init_child #1.#5; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:56.858907: | suspend processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:56.858912: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_initiate_child_sa() at ikev2_parent.c:5637) Aug 26 13:09:56.858916: | child state #5: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Aug 26 13:09:56.858919: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:56.858924: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x1 (ESP/AH initiator emitting proposals) Aug 26 13:09:56.858929: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:09:56.858936: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:56.858941: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:56.858948: | #5 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP3072 Aug 26 13:09:56.858952: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x564529da03e8 Aug 26 13:09:56.858956: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Aug 26 13:09:56.858960: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:56.858967: | RESET processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:56.858972: | RESET processing: from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5737) Aug 26 13:09:56.858976: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x1" Aug 26 13:09:56.858979: | removing pending policy for no connection {0x564529d83348} Aug 26 13:09:56.858985: | #3 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Aug 26 13:09:56.858988: | event_schedule: new EVENT_SA_REKEY-pe@0x7f5114002b78 Aug 26 13:09:56.858992: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #3 Aug 26 13:09:56.858997: | libevent_malloc: new ptr-libevent@0x564529d940e8 size 128 Aug 26 13:09:56.859001: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:56.859006: | #1 spent 2.53 milliseconds in ikev2_process_packet() Aug 26 13:09:56.859013: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:56.859016: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:56.859021: | spent 2.55 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:56.859037: | timer_event_cb: processing event@0x564529da03e8 Aug 26 13:09:56.859041: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Aug 26 13:09:56.859047: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:56.859051: | adding Child Initiator KE and nonce ni work-order 5 for state #5 Aug 26 13:09:56.859055: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529da0378 Aug 26 13:09:56.859058: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:09:56.859061: | libevent_malloc: new ptr-libevent@0x564529d92228 size 128 Aug 26 13:09:56.859070: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:56.859073: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x564529da03e8 Aug 26 13:09:56.859078: | #5 spent 0.0403 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Aug 26 13:09:56.859082: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:56.859085: | processing signal PLUTO_SIGCHLD Aug 26 13:09:56.859091: | waitpid returned ECHILD (no child processes left) Aug 26 13:09:56.859095: | spent 0.00507 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:09:56.859107: | crypto helper 4 resuming Aug 26 13:09:56.859114: | crypto helper 4 starting work-order 5 for state #5 Aug 26 13:09:56.859118: | crypto helper 4 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 5 Aug 26 13:09:56.861359: | crypto helper 4 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 5 time elapsed 0.00224 seconds Aug 26 13:09:56.861374: | (#5) spent 2.25 milliseconds in crypto helper computing work-order 5: Child Initiator KE and nonce ni (pcr) Aug 26 13:09:56.861379: | crypto helper 4 sending results from work-order 5 for state #5 to event queue Aug 26 13:09:56.861383: | scheduling resume sending helper answer for #5 Aug 26 13:09:56.861387: | libevent_malloc: new ptr-libevent@0x7f5110001b78 size 128 Aug 26 13:09:56.861396: | crypto helper 4 waiting (nothing to do) Aug 26 13:09:56.861408: | processing resume sending helper answer for #5 Aug 26 13:09:56.861415: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:797) Aug 26 13:09:56.861420: | crypto helper 4 replies to request ID 5 Aug 26 13:09:56.861423: | calling continuation function 0x564528dcdb50 Aug 26 13:09:56.861427: | ikev2_child_outI_continue for #5 STATE_V2_CREATE_I0 Aug 26 13:09:56.861431: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:56.861434: | libevent_free: release ptr-libevent@0x564529d92228 Aug 26 13:09:56.861438: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529da0378 Aug 26 13:09:56.861441: | event_schedule: new EVENT_SA_REPLACE-pe@0x564529da0378 Aug 26 13:09:56.861445: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #5 Aug 26 13:09:56.861448: | libevent_malloc: new ptr-libevent@0x564529d92228 size 128 Aug 26 13:09:56.861454: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:56.861457: | scheduling callback v2_msgid_schedule_next_initiator (#1) Aug 26 13:09:56.861460: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:56.861466: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.861470: | #5 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Aug 26 13:09:56.861474: | suspending state #5 and saving MD Aug 26 13:09:56.861476: | #5 is busy; has a suspended MD Aug 26 13:09:56.861484: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:56.861488: | "north-eastnets/0x1" #5 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:56.861492: | resume sending helper answer for #5 suppresed complete_v2_state_transition() Aug 26 13:09:56.861498: | #5 spent 0.0768 milliseconds in resume sending helper answer Aug 26 13:09:56.861503: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:833) Aug 26 13:09:56.861506: | libevent_free: release ptr-libevent@0x7f5110001b78 Aug 26 13:09:56.861512: | processing callback v2_msgid_schedule_next_initiator for #1 Aug 26 13:09:56.861517: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in callback_handler() at server.c:904) Aug 26 13:09:56.861523: | Message ID: #1.#5 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:56.861528: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:56.861533: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in initiate_next() at ikev2_msgid.c:553) Aug 26 13:09:56.861558: | **emit ISAKMP Message: Aug 26 13:09:56.861562: | initiator cookie: Aug 26 13:09:56.861565: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:56.861568: | responder cookie: Aug 26 13:09:56.861570: | a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.861573: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:56.861576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:56.861579: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:56.861584: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:56.861587: | Message ID: 2 (0x2) Aug 26 13:09:56.861590: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:56.861594: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:56.861597: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861600: | flags: none (0x0) Aug 26 13:09:56.861604: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:56.861606: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861610: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:56.861632: | netlink_get_spi: allocated 0x6ab27b1b for esp.0@192.1.2.23 Aug 26 13:09:56.861636: | Emitting ikev2_proposals ... Aug 26 13:09:56.861640: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:56.861642: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861645: | flags: none (0x0) Aug 26 13:09:56.861648: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:56.861652: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861655: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:56.861658: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:56.861661: | prop #: 1 (0x1) Aug 26 13:09:56.861663: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:56.861666: | spi size: 4 (0x4) Aug 26 13:09:56.861669: | # transforms: 4 (0x4) Aug 26 13:09:56.861672: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:56.861676: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:56.861678: | our spi 6a b2 7b 1b Aug 26 13:09:56.861681: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.861684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861689: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:56.861692: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:56.861695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.861699: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:56.861701: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:56.861704: | length/value: 128 (0x80) Aug 26 13:09:56.861707: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:56.861710: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.861713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861716: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:56.861719: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:56.861722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.861728: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:56.861731: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.861733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:56.861739: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:56.861742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.861748: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:56.861751: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:56.861754: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:56.861756: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:56.861759: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:56.861762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:56.861765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:56.861768: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:56.861771: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:56.861774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:56.861777: | emitting length of IKEv2 Security Association Payload: 52 Aug 26 13:09:56.861780: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:56.861783: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:56.861786: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861789: | flags: none (0x0) Aug 26 13:09:56.861792: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:56.861795: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861799: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:56.861801: | IKEv2 nonce 29 28 30 16 7b df 72 9f ea 1e d1 62 ff 74 67 ae Aug 26 13:09:56.861804: | IKEv2 nonce a7 46 7f 7b 9b f9 c9 2d 5a a9 9c b1 a4 eb 71 a9 Aug 26 13:09:56.861807: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:56.861809: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:56.861812: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861817: | flags: none (0x0) Aug 26 13:09:56.861819: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:56.861823: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:56.861826: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861829: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:56.861832: | ikev2 g^x 1f 71 15 c1 c7 9d 97 a9 14 b5 26 27 a0 6f 83 96 Aug 26 13:09:56.861835: | ikev2 g^x 39 32 1d d1 65 50 76 b8 6f 1b 06 98 d3 3d 64 ce Aug 26 13:09:56.861837: | ikev2 g^x c8 f4 6b de 05 88 d3 6c 51 c4 33 3b c3 04 12 f4 Aug 26 13:09:56.861840: | ikev2 g^x d4 0b 63 b0 54 dc a4 a1 90 1d ce 72 23 d9 b6 69 Aug 26 13:09:56.861843: | ikev2 g^x 5a 5d ad 12 cb 5d 34 16 79 42 78 80 ac ed 38 d8 Aug 26 13:09:56.861845: | ikev2 g^x ac 79 29 ab c5 b2 be 5b 84 a7 67 33 66 4f 58 34 Aug 26 13:09:56.861848: | ikev2 g^x 95 77 8a aa 83 2b 9e e5 85 ba a0 6a a9 98 22 bb Aug 26 13:09:56.861850: | ikev2 g^x 39 bb 76 e9 a1 dd 05 ce dd 19 0a 48 5a 4d e7 d6 Aug 26 13:09:56.861853: | ikev2 g^x c1 f4 f6 57 11 ca 40 17 b7 6c 30 78 f7 3b 45 62 Aug 26 13:09:56.861855: | ikev2 g^x 31 b6 89 f9 6e 6a 3f 41 6e aa 15 60 75 9d 09 61 Aug 26 13:09:56.861858: | ikev2 g^x c1 94 e9 55 57 ae 34 13 00 94 df 87 57 ac c1 64 Aug 26 13:09:56.861860: | ikev2 g^x b8 71 69 b1 e9 6a d3 89 3f c7 f1 e0 1c fd 08 a2 Aug 26 13:09:56.861863: | ikev2 g^x 2e 08 3d b6 08 83 95 12 10 86 5f d9 76 bd cc c6 Aug 26 13:09:56.861866: | ikev2 g^x d6 61 ec f3 f3 55 81 40 8e b2 5d 9b 55 53 df d6 Aug 26 13:09:56.861868: | ikev2 g^x 04 e6 19 e0 b8 1b 81 23 4e a8 bf 25 1d d5 a6 34 Aug 26 13:09:56.861871: | ikev2 g^x ff e8 db 2d 85 0f e4 83 c4 d5 84 57 7d d9 47 9a Aug 26 13:09:56.861873: | ikev2 g^x 3f c9 91 52 25 0d 58 df ee e3 51 b8 c7 0e c8 28 Aug 26 13:09:56.861876: | ikev2 g^x 42 4d 36 33 9a a0 38 ed c8 d1 ec 56 e3 89 77 c5 Aug 26 13:09:56.861879: | ikev2 g^x e4 74 2d 45 e2 48 68 8f a8 93 03 7b 53 a2 b3 f5 Aug 26 13:09:56.861881: | ikev2 g^x fa 51 84 8a e0 bc 8d b6 dd 81 8a 11 d0 75 86 27 Aug 26 13:09:56.861884: | ikev2 g^x 7b c8 6d 79 ea 0f 0b 2e 26 f1 ae c7 a6 19 63 b4 Aug 26 13:09:56.861886: | ikev2 g^x 85 08 77 82 c2 86 f4 cc 7e ac 57 54 a6 12 34 2d Aug 26 13:09:56.861889: | ikev2 g^x 5e 13 ab e4 c2 87 95 0c f3 df a7 76 a0 64 4f 08 Aug 26 13:09:56.861891: | ikev2 g^x 71 c8 93 03 82 f2 73 c2 1d e5 c0 1c 85 cc a0 c8 Aug 26 13:09:56.861894: | emitting length of IKEv2 Key Exchange Payload: 392 Aug 26 13:09:56.861898: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:56.861901: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861903: | flags: none (0x0) Aug 26 13:09:56.861906: | number of TS: 1 (0x1) Aug 26 13:09:56.861910: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:56.861913: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861916: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:56.861919: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.861921: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.861924: | start port: 0 (0x0) Aug 26 13:09:56.861927: | end port: 65535 (0xffff) Aug 26 13:09:56.861930: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:56.861933: | ipv4 start c0 00 02 00 Aug 26 13:09:56.861936: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:56.861938: | ipv4 end c0 00 02 ff Aug 26 13:09:56.861941: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:56.861944: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:56.861947: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:56.861951: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:56.861954: | flags: none (0x0) Aug 26 13:09:56.861957: | number of TS: 1 (0x1) Aug 26 13:09:56.861960: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:56.861964: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:56.861966: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:56.861969: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:56.861972: | IP Protocol ID: 0 (0x0) Aug 26 13:09:56.861974: | start port: 0 (0x0) Aug 26 13:09:56.861977: | end port: 65535 (0xffff) Aug 26 13:09:56.861980: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:56.861983: | ipv4 start c0 00 03 00 Aug 26 13:09:56.861986: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:56.861988: | ipv4 end c0 00 03 ff Aug 26 13:09:56.861991: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:56.861994: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:56.861997: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Aug 26 13:09:56.862000: | adding 16 bytes of padding (including 1 byte padding-length) Aug 26 13:09:56.862004: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862007: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862010: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862013: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862016: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862019: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862022: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862025: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862028: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862031: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862034: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862037: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862040: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862043: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862046: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862050: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:56.862053: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:56.862056: | emitting length of IKEv2 Encryption Payload: 580 Aug 26 13:09:56.862059: | emitting length of ISAKMP Message: 608 Aug 26 13:09:56.862105: | data being hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.862110: | data being hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:56.862113: | data being hmac: f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:56.862116: | data being hmac: 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:56.862118: | data being hmac: a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:56.862121: | data being hmac: 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:56.862123: | data being hmac: 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:56.862129: | data being hmac: 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:56.862132: | data being hmac: 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:56.862135: | data being hmac: f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:56.862137: | data being hmac: 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:56.862140: | data being hmac: 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:56.862143: | data being hmac: 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:56.862145: | data being hmac: f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:56.862148: | data being hmac: 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:56.862150: | data being hmac: ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:56.862153: | data being hmac: db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:56.862155: | data being hmac: 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:56.862158: | data being hmac: fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:56.862161: | data being hmac: bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:56.862163: | data being hmac: b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:56.862166: | data being hmac: 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:56.862168: | data being hmac: 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:56.862171: | data being hmac: 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:56.862173: | data being hmac: 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:56.862176: | data being hmac: 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:56.862179: | data being hmac: e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:56.862182: | data being hmac: 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:56.862184: | data being hmac: e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:56.862187: | data being hmac: ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:56.862189: | data being hmac: 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:56.862192: | data being hmac: c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:56.862194: | data being hmac: 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:56.862197: | data being hmac: bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:56.862200: | data being hmac: 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:56.862202: | data being hmac: b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:56.862205: | data being hmac: b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:56.862207: | out calculated auth: Aug 26 13:09:56.862210: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:56.862220: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:56.862224: | #5 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Aug 26 13:09:56.862227: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Aug 26 13:09:56.862231: | child state #5: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Aug 26 13:09:56.862234: | Message ID: updating counters for #5 to 4294967295 after switching state Aug 26 13:09:56.862238: | Message ID: IKE #1 skipping update_recv as MD is fake Aug 26 13:09:56.862243: | Message ID: sent #1.#5 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Aug 26 13:09:56.862247: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:56.862252: | sending V2 reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:56.862262: | sending 608 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:56.862267: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.862270: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:56.862273: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:56.862275: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:56.862278: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:56.862280: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:56.862283: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:56.862285: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:56.862291: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:56.862296: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:56.862299: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:56.862302: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:56.862304: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:56.862307: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:56.862309: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:56.862312: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:56.862314: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:56.862317: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:56.862319: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:56.862322: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:56.862324: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:56.862327: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:56.862329: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:56.862332: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:56.862334: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:56.862337: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:56.862339: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:56.862342: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:56.862344: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:56.862347: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:56.862349: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:56.862352: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:56.862354: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:56.862357: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:56.862359: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:56.862362: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:56.862364: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:56.862367: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:56.862380: | state #5 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:09:56.862385: | libevent_free: release ptr-libevent@0x564529d92228 Aug 26 13:09:56.862388: | free_event_entry: release EVENT_SA_REPLACE-pe@0x564529da0378 Aug 26 13:09:56.862391: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=50ms Aug 26 13:09:56.862395: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:56.862399: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #5 Aug 26 13:09:56.862402: | libevent_malloc: new ptr-libevent@0x564529da1748 size 128 Aug 26 13:09:56.862408: | #5 STATE_V2_CREATE_I: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10282.604861 Aug 26 13:09:56.862414: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:56.862419: | resume processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in initiate_next() at ikev2_msgid.c:557) Aug 26 13:09:56.862426: | #1 spent 0.901 milliseconds in callback v2_msgid_schedule_next_initiator Aug 26 13:09:56.862431: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in callback_handler() at server.c:908) Aug 26 13:09:56.862435: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:56.912713: | timer_event_cb: processing event@0x564529da0378 Aug 26 13:09:56.912728: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:56.912738: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:56.912742: | IKEv2 retransmit event Aug 26 13:09:56.912748: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:56.912753: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:56.912758: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:56.912765: | retransmits: current time 10282.655229; retransmit count 0 exceeds limit? NO; deltatime 0.05 exceeds limit? NO; monotime 0.050368 exceeds limit? NO Aug 26 13:09:56.912770: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:56.912774: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #5 Aug 26 13:09:56.912778: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:56.912784: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 0.05 seconds for response Aug 26 13:09:56.912792: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:56.912795: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.912798: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:56.912801: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:56.912803: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:56.912805: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:56.912808: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:56.912811: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:56.912813: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:56.912816: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:56.912818: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:56.912821: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:56.912823: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:56.912826: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:56.912828: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:56.912830: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:56.912833: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:56.912835: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:56.912838: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:56.912841: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:56.912843: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:56.912845: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:56.912848: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:56.912851: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:56.912853: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:56.912856: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:56.912858: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:56.912860: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:56.912863: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:56.912865: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:56.912868: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:56.912874: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:56.912877: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:56.912879: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:56.912882: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:56.912884: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:56.912887: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:56.912889: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:56.912892: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:56.912919: | libevent_free: release ptr-libevent@0x564529da1748 Aug 26 13:09:56.912924: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:56.912931: | #5 spent 0.207 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:56.912937: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:56.964073: | timer_event_cb: processing event@0x564529da03e8 Aug 26 13:09:56.964089: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:56.964099: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:56.964104: | IKEv2 retransmit event Aug 26 13:09:56.964109: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:56.964114: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:56.964119: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:56.964126: | retransmits: current time 10282.70659; retransmit count 1 exceeds limit? NO; deltatime 0.1 exceeds limit? NO; monotime 0.101729 exceeds limit? NO Aug 26 13:09:56.964131: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:56.964136: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #5 Aug 26 13:09:56.964140: | libevent_malloc: new ptr-libevent@0x564529da1748 size 128 Aug 26 13:09:56.964145: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 0.1 seconds for response Aug 26 13:09:56.964152: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:56.964156: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:56.964159: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:56.964161: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:56.964164: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:56.964166: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:56.964169: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:56.964172: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:56.964174: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:56.964177: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:56.964179: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:56.964182: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:56.964184: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:56.964187: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:56.964189: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:56.964192: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:56.964194: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:56.964197: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:56.964199: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:56.964202: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:56.964205: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:56.964208: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:56.964210: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:56.964216: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:56.964219: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:56.964221: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:56.964223: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:56.964226: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:56.964228: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:56.964231: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:56.964233: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:56.964236: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:56.964239: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:56.964241: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:56.964244: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:56.964246: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:56.964249: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:56.964251: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:56.964254: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:56.964281: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:56.964287: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:56.964300: | #5 spent 0.212 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:56.964306: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:57.064435: | timer_event_cb: processing event@0x564529da0378 Aug 26 13:09:57.064451: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:57.064460: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:57.064465: | IKEv2 retransmit event Aug 26 13:09:57.064471: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:57.064476: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:57.064481: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:57.064488: | retransmits: current time 10282.806952; retransmit count 2 exceeds limit? NO; deltatime 0.2 exceeds limit? NO; monotime 0.202091 exceeds limit? NO Aug 26 13:09:57.064493: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:57.064497: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #5 Aug 26 13:09:57.064502: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:57.064508: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 0.2 seconds for response Aug 26 13:09:57.064515: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:57.064519: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:57.064522: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.064525: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:57.064527: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:57.064529: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:57.064532: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:57.064534: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:57.064537: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:57.064539: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:57.064542: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:57.064544: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:57.064547: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:57.064549: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:57.064557: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:57.064560: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:57.064562: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:57.064565: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:57.064568: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:57.064570: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:57.064572: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:57.064575: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:57.064577: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:57.064580: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:57.064582: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:57.064585: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:57.064588: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:57.064590: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:57.064593: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:57.064595: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:57.064598: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:57.064600: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:57.064603: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:57.064605: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:57.064608: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:57.064610: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:57.064613: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:57.064615: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:57.064618: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:57.064632: | libevent_free: release ptr-libevent@0x564529da1748 Aug 26 13:09:57.064636: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:57.064644: | #5 spent 0.209 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:57.064650: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:57.265938: | timer_event_cb: processing event@0x564529da03e8 Aug 26 13:09:57.265962: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:57.265971: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:57.265976: | IKEv2 retransmit event Aug 26 13:09:57.265982: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:57.265988: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:57.265992: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:57.266000: | retransmits: current time 10283.008463; retransmit count 3 exceeds limit? NO; deltatime 0.4 exceeds limit? NO; monotime 0.403602 exceeds limit? NO Aug 26 13:09:57.266005: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:57.266010: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #5 Aug 26 13:09:57.266014: | libevent_malloc: new ptr-libevent@0x564529da1748 size 128 Aug 26 13:09:57.266019: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 0.4 seconds for response Aug 26 13:09:57.266027: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:57.266031: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:57.266033: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.266036: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:57.266038: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:57.266045: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:57.266048: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:57.266050: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:57.266053: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:57.266056: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:57.266058: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:57.266060: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:57.266063: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:57.266066: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:57.266068: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:57.266071: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:57.266073: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:57.266076: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:57.266078: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:57.266080: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:57.266083: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:57.266085: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:57.266088: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:57.266090: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:57.266093: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:57.266096: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:57.266098: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:57.266100: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:57.266103: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:57.266106: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:57.266108: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:57.266111: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:57.266113: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:57.266116: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:57.266118: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:57.266121: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:57.266123: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:57.266125: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:57.266128: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:57.266521: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:57.266530: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da03e8 Aug 26 13:09:57.266539: | #5 spent 0.599 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:57.266544: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:57.653159: | spent 0.00272 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:57.653182: | *received 608 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:57.653186: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.653188: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.653190: | ac 43 71 bd 80 b0 7a 7f 7d 06 2b 59 bb 3b b8 f3 Aug 26 13:09:57.653193: | 1a f5 e8 b9 71 e2 23 ce 50 5d d3 d8 78 da 44 ec Aug 26 13:09:57.653195: | 45 55 28 71 ec e8 ca 9b f3 65 ca a7 aa af 72 32 Aug 26 13:09:57.653197: | 4e 87 0c 32 28 05 89 48 22 6b d4 73 d1 2d 0f 47 Aug 26 13:09:57.653199: | ec 84 35 e8 f5 9b 46 80 e2 a1 20 6b 36 3f 66 7c Aug 26 13:09:57.653201: | 01 12 47 9f cf 3a ef 28 b5 0a 2e 34 68 5b 0d e3 Aug 26 13:09:57.653204: | 75 83 09 4f 45 d7 62 1f c0 c4 2c 23 2f e8 1e 9b Aug 26 13:09:57.653206: | 2d b8 a1 19 c9 93 9f 57 5c 49 87 ac 0b 8d 64 3d Aug 26 13:09:57.653208: | 54 83 4a c5 8e f2 6d 98 86 94 b0 b8 bf 1b 21 9f Aug 26 13:09:57.653213: | 91 8d a1 33 1a b8 67 04 4e 43 a9 a8 75 d9 c2 d6 Aug 26 13:09:57.653215: | e0 87 42 e2 ea 27 ec 9e 72 fd 54 6b 4c 5b 3a d5 Aug 26 13:09:57.653218: | 87 7c 30 9d 91 e1 db ec 16 51 00 96 36 5d f9 da Aug 26 13:09:57.653220: | 76 ea 7f 83 b4 34 d7 47 f4 53 eb 6f 53 2d 09 a2 Aug 26 13:09:57.653223: | 50 af 83 66 f6 8f 36 88 16 49 1c 63 8c b1 8a 19 Aug 26 13:09:57.653225: | 94 df 91 66 72 c3 91 e4 b6 55 e8 c8 a1 40 4a cf Aug 26 13:09:57.653227: | e4 6c 30 86 9f b2 cb d0 c7 57 11 ec 57 fa d9 76 Aug 26 13:09:57.653230: | 27 58 a2 45 7f 72 13 38 da 9e 4e 1a 94 d5 6f 48 Aug 26 13:09:57.653232: | c7 e0 eb 2a ff 19 cd b6 09 03 d7 30 9c 83 22 3f Aug 26 13:09:57.653235: | df 92 ff b2 a5 87 42 01 b1 b3 8c 2e ee c8 e5 54 Aug 26 13:09:57.653237: | 0c 84 bd db a2 4d d1 a3 17 47 35 d5 16 42 c7 22 Aug 26 13:09:57.653239: | a8 9f 64 ba 3a 6a 87 cf 4f ba 81 99 c7 d8 23 3c Aug 26 13:09:57.653242: | 0e 7c b9 3f 86 bd 13 68 56 d2 ad f9 e3 56 ca f7 Aug 26 13:09:57.653244: | 91 25 05 11 0f 55 11 e2 09 99 d5 37 a1 71 d0 e9 Aug 26 13:09:57.653247: | 3f 7e 6d 49 90 2a df db d3 5f 9e 2d 47 ad 31 3f Aug 26 13:09:57.653249: | 74 39 13 f3 45 6e 39 c7 05 ad 90 29 ba 2f 78 81 Aug 26 13:09:57.653251: | a0 a6 46 71 c6 34 a2 ef 40 c1 69 18 fc de b1 59 Aug 26 13:09:57.653254: | 1c bd 37 4c ee 96 b1 f8 2d 7a c5 cc eb 6f 5c f8 Aug 26 13:09:57.653256: | 91 d7 c0 a8 b1 9b 8b 35 65 32 d0 fd 9d 49 d7 a8 Aug 26 13:09:57.653259: | 75 7e 1a 00 7d 63 55 2c a8 a7 07 5c 33 11 3e cb Aug 26 13:09:57.653261: | 89 54 86 da eb f3 6c 03 91 ba ac 21 21 dc 93 8d Aug 26 13:09:57.653264: | fe 99 f9 63 4b 5f 71 3a a6 a2 60 80 fa 24 76 a7 Aug 26 13:09:57.653266: | 86 47 ff 09 dd 45 0c 8b 26 59 af b2 84 60 b2 52 Aug 26 13:09:57.653269: | a2 b9 da ac 6b 91 8e 20 b0 eb f2 d5 17 20 92 e4 Aug 26 13:09:57.653271: | 67 b4 8a eb 6b 3f 64 5d 41 58 98 00 ff a4 e5 d3 Aug 26 13:09:57.653274: | 96 89 da 11 08 e1 63 18 c4 33 8d 0c ab 0f f6 f8 Aug 26 13:09:57.653276: | 00 19 cb ba fc ff e0 98 7a f6 b4 66 9b ad df f9 Aug 26 13:09:57.653281: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:57.653286: | **parse ISAKMP Message: Aug 26 13:09:57.653294: | initiator cookie: Aug 26 13:09:57.653300: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:57.653303: | responder cookie: Aug 26 13:09:57.653305: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.653308: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:57.653311: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:57.653314: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:57.653317: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:09:57.653320: | Message ID: 2 (0x2) Aug 26 13:09:57.653323: | length: 608 (0x260) Aug 26 13:09:57.653326: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:57.653330: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:09:57.653334: | State DB: found IKEv2 state #2 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:09:57.653341: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:57.653346: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:09:57.653351: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:09:57.653354: | #2 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:09:57.653359: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 13:09:57.653361: | unpacking clear payload Aug 26 13:09:57.653364: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:57.653368: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:57.653371: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:57.653376: | flags: none (0x0) Aug 26 13:09:57.653378: | length: 580 (0x244) Aug 26 13:09:57.653381: | processing payload: ISAKMP_NEXT_v2SK (len=576) Aug 26 13:09:57.653388: | Message ID: start-responder #2 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:57.653392: | #2 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:09:57.653428: | data for hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.653432: | data for hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.653435: | data for hmac: ac 43 71 bd 80 b0 7a 7f 7d 06 2b 59 bb 3b b8 f3 Aug 26 13:09:57.653438: | data for hmac: 1a f5 e8 b9 71 e2 23 ce 50 5d d3 d8 78 da 44 ec Aug 26 13:09:57.653441: | data for hmac: 45 55 28 71 ec e8 ca 9b f3 65 ca a7 aa af 72 32 Aug 26 13:09:57.653443: | data for hmac: 4e 87 0c 32 28 05 89 48 22 6b d4 73 d1 2d 0f 47 Aug 26 13:09:57.653446: | data for hmac: ec 84 35 e8 f5 9b 46 80 e2 a1 20 6b 36 3f 66 7c Aug 26 13:09:57.653448: | data for hmac: 01 12 47 9f cf 3a ef 28 b5 0a 2e 34 68 5b 0d e3 Aug 26 13:09:57.653451: | data for hmac: 75 83 09 4f 45 d7 62 1f c0 c4 2c 23 2f e8 1e 9b Aug 26 13:09:57.653454: | data for hmac: 2d b8 a1 19 c9 93 9f 57 5c 49 87 ac 0b 8d 64 3d Aug 26 13:09:57.653456: | data for hmac: 54 83 4a c5 8e f2 6d 98 86 94 b0 b8 bf 1b 21 9f Aug 26 13:09:57.653459: | data for hmac: 91 8d a1 33 1a b8 67 04 4e 43 a9 a8 75 d9 c2 d6 Aug 26 13:09:57.653461: | data for hmac: e0 87 42 e2 ea 27 ec 9e 72 fd 54 6b 4c 5b 3a d5 Aug 26 13:09:57.653464: | data for hmac: 87 7c 30 9d 91 e1 db ec 16 51 00 96 36 5d f9 da Aug 26 13:09:57.653466: | data for hmac: 76 ea 7f 83 b4 34 d7 47 f4 53 eb 6f 53 2d 09 a2 Aug 26 13:09:57.653469: | data for hmac: 50 af 83 66 f6 8f 36 88 16 49 1c 63 8c b1 8a 19 Aug 26 13:09:57.653471: | data for hmac: 94 df 91 66 72 c3 91 e4 b6 55 e8 c8 a1 40 4a cf Aug 26 13:09:57.653474: | data for hmac: e4 6c 30 86 9f b2 cb d0 c7 57 11 ec 57 fa d9 76 Aug 26 13:09:57.653476: | data for hmac: 27 58 a2 45 7f 72 13 38 da 9e 4e 1a 94 d5 6f 48 Aug 26 13:09:57.653479: | data for hmac: c7 e0 eb 2a ff 19 cd b6 09 03 d7 30 9c 83 22 3f Aug 26 13:09:57.653482: | data for hmac: df 92 ff b2 a5 87 42 01 b1 b3 8c 2e ee c8 e5 54 Aug 26 13:09:57.653484: | data for hmac: 0c 84 bd db a2 4d d1 a3 17 47 35 d5 16 42 c7 22 Aug 26 13:09:57.653487: | data for hmac: a8 9f 64 ba 3a 6a 87 cf 4f ba 81 99 c7 d8 23 3c Aug 26 13:09:57.653489: | data for hmac: 0e 7c b9 3f 86 bd 13 68 56 d2 ad f9 e3 56 ca f7 Aug 26 13:09:57.653492: | data for hmac: 91 25 05 11 0f 55 11 e2 09 99 d5 37 a1 71 d0 e9 Aug 26 13:09:57.653495: | data for hmac: 3f 7e 6d 49 90 2a df db d3 5f 9e 2d 47 ad 31 3f Aug 26 13:09:57.653497: | data for hmac: 74 39 13 f3 45 6e 39 c7 05 ad 90 29 ba 2f 78 81 Aug 26 13:09:57.653500: | data for hmac: a0 a6 46 71 c6 34 a2 ef 40 c1 69 18 fc de b1 59 Aug 26 13:09:57.653503: | data for hmac: 1c bd 37 4c ee 96 b1 f8 2d 7a c5 cc eb 6f 5c f8 Aug 26 13:09:57.653505: | data for hmac: 91 d7 c0 a8 b1 9b 8b 35 65 32 d0 fd 9d 49 d7 a8 Aug 26 13:09:57.653508: | data for hmac: 75 7e 1a 00 7d 63 55 2c a8 a7 07 5c 33 11 3e cb Aug 26 13:09:57.653510: | data for hmac: 89 54 86 da eb f3 6c 03 91 ba ac 21 21 dc 93 8d Aug 26 13:09:57.653513: | data for hmac: fe 99 f9 63 4b 5f 71 3a a6 a2 60 80 fa 24 76 a7 Aug 26 13:09:57.653516: | data for hmac: 86 47 ff 09 dd 45 0c 8b 26 59 af b2 84 60 b2 52 Aug 26 13:09:57.653518: | data for hmac: a2 b9 da ac 6b 91 8e 20 b0 eb f2 d5 17 20 92 e4 Aug 26 13:09:57.653521: | data for hmac: 67 b4 8a eb 6b 3f 64 5d 41 58 98 00 ff a4 e5 d3 Aug 26 13:09:57.653524: | data for hmac: 96 89 da 11 08 e1 63 18 c4 33 8d 0c ab 0f f6 f8 Aug 26 13:09:57.653526: | calculated auth: 00 19 cb ba fc ff e0 98 7a f6 b4 66 9b ad df f9 Aug 26 13:09:57.653529: | provided auth: 00 19 cb ba fc ff e0 98 7a f6 b4 66 9b ad df f9 Aug 26 13:09:57.653531: | authenticator matched Aug 26 13:09:57.653545: | #2 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:57.653550: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:57.653552: | **parse IKEv2 Security Association Payload: Aug 26 13:09:57.653555: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:57.653558: | flags: none (0x0) Aug 26 13:09:57.653561: | length: 52 (0x34) Aug 26 13:09:57.653563: | processing payload: ISAKMP_NEXT_v2SA (len=48) Aug 26 13:09:57.653566: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:57.653569: | **parse IKEv2 Nonce Payload: Aug 26 13:09:57.653572: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:57.653574: | flags: none (0x0) Aug 26 13:09:57.653577: | length: 36 (0x24) Aug 26 13:09:57.653580: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:57.653582: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:57.653585: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:57.653588: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:57.653590: | flags: none (0x0) Aug 26 13:09:57.653593: | length: 392 (0x188) Aug 26 13:09:57.653596: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:57.653598: | processing payload: ISAKMP_NEXT_v2KE (len=384) Aug 26 13:09:57.653601: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:57.653604: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:57.653607: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:57.653610: | flags: none (0x0) Aug 26 13:09:57.653612: | length: 24 (0x18) Aug 26 13:09:57.653615: | number of TS: 1 (0x1) Aug 26 13:09:57.653617: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:57.653620: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:57.653623: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:57.653626: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.653628: | flags: none (0x0) Aug 26 13:09:57.653631: | length: 24 (0x18) Aug 26 13:09:57.653633: | number of TS: 1 (0x1) Aug 26 13:09:57.653636: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:57.653639: | state #2 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 13:09:57.653642: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:57.653648: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:57.653654: | creating state object #6 at 0x564529da70d8 Aug 26 13:09:57.653657: | State DB: adding IKEv2 state #6 in UNDEFINED Aug 26 13:09:57.653664: | pstats #6 ikev2.child started Aug 26 13:09:57.653668: | duplicating state object #2 "north-eastnets/0x2" as #6 for IPSEC SA Aug 26 13:09:57.653674: | #6 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:09:57.653681: | Message ID: init_child #2.#6; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:09:57.653685: | child state #6: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 13:09:57.653691: | "north-eastnets/0x2" #2 received Child SA Request CREATE_CHILD_SA from 192.1.3.33:500 Child "north-eastnets/0x2" #6 in STATE_V2_CREATE_R will process it further Aug 26 13:09:57.653696: | Message ID: switch-from #2 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:57.653701: | Message ID: switch-to #2.#6 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 13:09:57.653704: | forcing ST #2 to CHILD #2.#6 in FSM processor Aug 26 13:09:57.653707: | Now let's proceed with state specific processing Aug 26 13:09:57.653709: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:09:57.653715: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:09:57.653722: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 13:09:57.653729: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:09:57.653736: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:57.653741: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:57.653745: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Aug 26 13:09:57.653750: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:57.653753: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:57.653756: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:57.653758: | local proposal 1 type DH has 1 transforms Aug 26 13:09:57.653761: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:57.653764: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:57.653768: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:57.653771: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:57.653773: | length: 48 (0x30) Aug 26 13:09:57.653776: | prop #: 1 (0x1) Aug 26 13:09:57.653779: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:57.653781: | spi size: 4 (0x4) Aug 26 13:09:57.653784: | # transforms: 4 (0x4) Aug 26 13:09:57.653788: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:57.653790: | remote SPI 49 dd 51 18 Aug 26 13:09:57.653794: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:57.653797: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:57.653800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.653803: | length: 12 (0xc) Aug 26 13:09:57.653805: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:57.653808: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:57.653811: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:57.653814: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:57.653816: | length/value: 128 (0x80) Aug 26 13:09:57.653821: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:57.653824: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:57.653827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.653829: | length: 8 (0x8) Aug 26 13:09:57.653832: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:57.653835: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:57.653839: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:57.653842: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:57.653845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.653847: | length: 8 (0x8) Aug 26 13:09:57.653850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:57.653852: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:57.653856: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:57.653859: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:57.653862: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:57.653864: | length: 8 (0x8) Aug 26 13:09:57.653867: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:57.653869: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:57.653873: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:57.653877: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Aug 26 13:09:57.653884: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Aug 26 13:09:57.653888: | remote proposal 1 matches local proposal 1 Aug 26 13:09:57.653893: "north-eastnets/0x2" #2: proposal 1:ESP:SPI=49dd5118;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Aug 26 13:09:57.653899: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=49dd5118;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:57.653902: | converting proposal to internal trans attrs Aug 26 13:09:57.653907: | updating #6's .st_oakley with preserved PRF, but why update? Aug 26 13:09:57.653911: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 13:09:57.653914: | TSi: parsing 1 traffic selectors Aug 26 13:09:57.653917: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:57.653920: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:57.653923: | IP Protocol ID: 0 (0x0) Aug 26 13:09:57.653925: | length: 16 (0x10) Aug 26 13:09:57.653928: | start port: 0 (0x0) Aug 26 13:09:57.653930: | end port: 65535 (0xffff) Aug 26 13:09:57.653934: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:57.653937: | TS low c0 00 03 00 Aug 26 13:09:57.653939: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:57.653942: | TS high c0 00 03 ff Aug 26 13:09:57.653945: | TSi: parsed 1 traffic selectors Aug 26 13:09:57.653947: | TSr: parsing 1 traffic selectors Aug 26 13:09:57.653950: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:57.653953: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:57.653956: | IP Protocol ID: 0 (0x0) Aug 26 13:09:57.653958: | length: 16 (0x10) Aug 26 13:09:57.653961: | start port: 0 (0x0) Aug 26 13:09:57.653963: | end port: 65535 (0xffff) Aug 26 13:09:57.653966: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:57.653968: | TS low c0 00 16 00 Aug 26 13:09:57.653971: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:57.653973: | TS high c0 00 16 ff Aug 26 13:09:57.653976: | TSr: parsed 1 traffic selectors Aug 26 13:09:57.653978: | looking for best SPD in current connection Aug 26 13:09:57.653985: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:57.653990: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.653998: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:57.654002: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:57.654005: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:57.654008: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:57.654011: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:57.654016: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.654022: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:57.654026: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:57.654029: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:57.654031: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:57.654035: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:57.654037: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:57.654040: | found better spd route for TSi[0],TSr[0] Aug 26 13:09:57.654043: | looking for better host pair Aug 26 13:09:57.654048: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:09:57.654053: | checking hostpair 192.0.22.0/24 -> 192.0.3.0/24 is found Aug 26 13:09:57.654056: | investigating connection "north-eastnets/0x2" as a better match Aug 26 13:09:57.654063: | match_id a=@north Aug 26 13:09:57.654065: | b=@north Aug 26 13:09:57.654068: | results matched Aug 26 13:09:57.654073: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0/0 R=192.0.22.0/24:0/0 to their: Aug 26 13:09:57.654078: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.654084: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:57.654088: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:57.654090: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:57.654093: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:57.654096: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:57.654101: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.654107: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:09:57.654110: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:57.654113: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:57.654116: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:57.654119: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:57.654122: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:57.654125: | investigating connection "north-eastnets/0x1" as a better match Aug 26 13:09:57.654128: | match_id a=@north Aug 26 13:09:57.654130: | b=@north Aug 26 13:09:57.654132: | results matched Aug 26 13:09:57.654137: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0/0 R=192.0.2.0/24:0/0 to their: Aug 26 13:09:57.654142: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.654148: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:57.654152: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:57.654154: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:57.654157: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:57.654160: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:57.654165: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:57.654171: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Aug 26 13:09:57.654174: | did not find a better connection using host pair Aug 26 13:09:57.654177: | printing contents struct traffic_selector Aug 26 13:09:57.654179: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:57.654182: | ipprotoid: 0 Aug 26 13:09:57.654185: | port range: 0-65535 Aug 26 13:09:57.654189: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:09:57.654191: | printing contents struct traffic_selector Aug 26 13:09:57.654194: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:09:57.654196: | ipprotoid: 0 Aug 26 13:09:57.654199: | port range: 0-65535 Aug 26 13:09:57.654203: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:57.654209: | adding Child Responder KE and nonce nr work-order 6 for state #6 Aug 26 13:09:57.654213: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529da03e8 Aug 26 13:09:57.654217: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:09:57.654220: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:57.654231: | #6 spent 0.516 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 13:09:57.654237: | suspend processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:57.654242: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:57.654246: | #6 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:57.654251: | suspending state #6 and saving MD Aug 26 13:09:57.654254: | #6 is busy; has a suspended MD Aug 26 13:09:57.654258: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:57.654262: | "north-eastnets/0x2" #6 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:57.654267: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:57.654272: | #2 spent 1.09 milliseconds in ikev2_process_packet() Aug 26 13:09:57.654277: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:57.654280: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:57.654283: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:57.654291: | spent 1.11 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:57.654306: | crypto helper 6 resuming Aug 26 13:09:57.654313: | crypto helper 6 starting work-order 6 for state #6 Aug 26 13:09:57.654317: | crypto helper 6 doing build KE and nonce (Child Responder KE and nonce nr); request ID 6 Aug 26 13:09:57.656511: | crypto helper 6 finished build KE and nonce (Child Responder KE and nonce nr); request ID 6 time elapsed 0.002193 seconds Aug 26 13:09:57.656521: | (#6) spent 2.2 milliseconds in crypto helper computing work-order 6: Child Responder KE and nonce nr (pcr) Aug 26 13:09:57.656525: | crypto helper 6 sending results from work-order 6 for state #6 to event queue Aug 26 13:09:57.656529: | scheduling resume sending helper answer for #6 Aug 26 13:09:57.656533: | libevent_malloc: new ptr-libevent@0x7f5104001b78 size 128 Aug 26 13:09:57.656550: | processing resume sending helper answer for #6 Aug 26 13:09:57.656557: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:57.656562: | crypto helper 6 replies to request ID 6 Aug 26 13:09:57.656565: | calling continuation function 0x564528dcdb50 Aug 26 13:09:57.656568: | ikev2_child_inIoutR_continue for #6 STATE_V2_CREATE_R Aug 26 13:09:57.656573: | adding DHv2 for child sa work-order 7 for state #6 Aug 26 13:09:57.656576: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:57.656579: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:57.656582: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529da03e8 Aug 26 13:09:57.656586: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529da03e8 Aug 26 13:09:57.656590: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:09:57.656592: | libevent_malloc: new ptr-libevent@0x564529da1f38 size 128 Aug 26 13:09:57.656603: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:57.656607: | #6 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:09:57.656609: | crypto helper 5 resuming Aug 26 13:09:57.656621: | crypto helper 5 starting work-order 7 for state #6 Aug 26 13:09:57.656625: | crypto helper 5 doing crypto (DHv2 for child sa); request ID 7 Aug 26 13:09:57.656671: | crypto helper 6 waiting (nothing to do) Aug 26 13:09:57.658798: | crypto helper 5 finished crypto (DHv2 for child sa); request ID 7 time elapsed 0.002172 seconds Aug 26 13:09:57.658809: | (#6) spent 2.18 milliseconds in crypto helper computing work-order 7: DHv2 for child sa (dh) Aug 26 13:09:57.658813: | crypto helper 5 sending results from work-order 7 for state #6 to event queue Aug 26 13:09:57.658817: | scheduling resume sending helper answer for #6 Aug 26 13:09:57.658821: | libevent_malloc: new ptr-libevent@0x7f5108001188 size 128 Aug 26 13:09:57.658825: | crypto helper 5 waiting (nothing to do) Aug 26 13:09:57.656610: | suspending state #6 and saving MD Aug 26 13:09:57.658835: | #6 is busy; has a suspended MD Aug 26 13:09:57.658843: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:57.658848: | "north-eastnets/0x2" #6 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:57.658852: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Aug 26 13:09:57.658857: | #6 spent 0.0768 milliseconds in resume sending helper answer Aug 26 13:09:57.658863: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:57.658867: | libevent_free: release ptr-libevent@0x7f5104001b78 Aug 26 13:09:57.658873: | processing resume sending helper answer for #6 Aug 26 13:09:57.658879: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:09:57.658883: | crypto helper 5 replies to request ID 7 Aug 26 13:09:57.658885: | calling continuation function 0x564528dce9d0 Aug 26 13:09:57.658889: | ikev2_child_inIoutR_continue_continue for #6 STATE_V2_CREATE_R Aug 26 13:09:57.658894: | **emit ISAKMP Message: Aug 26 13:09:57.658898: | initiator cookie: Aug 26 13:09:57.658900: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:09:57.658903: | responder cookie: Aug 26 13:09:57.658906: | ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.658909: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:09:57.658912: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:57.658914: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:57.658917: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:57.658920: | Message ID: 2 (0x2) Aug 26 13:09:57.658923: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:09:57.658927: | ***emit IKEv2 Encryption Payload: Aug 26 13:09:57.658930: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.658932: | flags: none (0x0) Aug 26 13:09:57.658936: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:09:57.658939: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.658943: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:09:57.659333: | netlink_get_spi: allocated 0xdfc4d2d5 for esp.0@192.1.2.23 Aug 26 13:09:57.659340: | Emitting ikev2_proposal ... Aug 26 13:09:57.659343: | ****emit IKEv2 Security Association Payload: Aug 26 13:09:57.659345: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.659348: | flags: none (0x0) Aug 26 13:09:57.659351: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:09:57.659354: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.659357: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:09:57.659360: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:57.659362: | prop #: 1 (0x1) Aug 26 13:09:57.659364: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:57.659366: | spi size: 4 (0x4) Aug 26 13:09:57.659369: | # transforms: 4 (0x4) Aug 26 13:09:57.659372: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:09:57.659375: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:09:57.659378: | our spi df c4 d2 d5 Aug 26 13:09:57.659381: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:57.659384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659386: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:57.659389: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:57.659392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:57.659398: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:09:57.659401: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:57.659404: | length/value: 128 (0x80) Aug 26 13:09:57.659407: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:09:57.659410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:57.659413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659415: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:57.659419: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:57.659422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:57.659428: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:57.659431: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:57.659434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659436: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:57.659439: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:57.659443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:57.659449: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:57.659452: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:09:57.659454: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:57.659457: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:57.659460: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:57.659463: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:57.659466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:09:57.659469: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:09:57.659472: | emitting length of IKEv2 Proposal Substructure Payload: 48 Aug 26 13:09:57.659475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:09:57.659478: | emitting length of IKEv2 Security Association Payload: 52 Aug 26 13:09:57.659480: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:09:57.659484: | ****emit IKEv2 Nonce Payload: Aug 26 13:09:57.659486: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.659489: | flags: none (0x0) Aug 26 13:09:57.659492: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:09:57.659496: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.659499: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:09:57.659502: | IKEv2 nonce 47 04 62 84 bb dd c3 95 18 e1 08 04 9e 3d 34 de Aug 26 13:09:57.659505: | IKEv2 nonce fd a8 b2 78 72 34 2e 42 52 92 c3 4f eb 26 56 76 Aug 26 13:09:57.659507: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:09:57.659510: | ****emit IKEv2 Key Exchange Payload: Aug 26 13:09:57.659513: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.659516: | flags: none (0x0) Aug 26 13:09:57.659518: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:57.659521: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:09:57.659526: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.659530: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:09:57.659533: | ikev2 g^x d8 d7 5a 0e 85 5f 86 f0 95 0c ed 2b fa 44 5e 51 Aug 26 13:09:57.659536: | ikev2 g^x 3e 39 b0 ff dd 08 9a 48 c1 84 97 7e 32 96 f9 db Aug 26 13:09:57.659538: | ikev2 g^x 69 ab 25 c2 e9 e9 6f a6 2a 32 84 d3 13 a9 34 3d Aug 26 13:09:57.659541: | ikev2 g^x 5c 4c 76 85 36 29 a2 6a b9 6c f4 75 75 87 9c 7d Aug 26 13:09:57.659543: | ikev2 g^x 5a 08 9b f2 91 72 bf d1 8e 4b 27 c0 1b 69 10 bb Aug 26 13:09:57.659546: | ikev2 g^x 60 d3 8d 4d 49 17 43 40 87 e8 ef ab 13 8a 90 0c Aug 26 13:09:57.659549: | ikev2 g^x e3 8f 92 c2 18 cc e3 fd 3e 03 9d ca 8a 98 45 a9 Aug 26 13:09:57.659551: | ikev2 g^x e5 47 2a 4a 57 69 ef 50 4c 48 e4 5c 79 76 03 f5 Aug 26 13:09:57.659553: | ikev2 g^x 1f 5a 97 16 89 7d 7f 26 08 17 38 ea f7 10 8b 45 Aug 26 13:09:57.659556: | ikev2 g^x 2d a0 36 63 9a f7 f0 60 55 12 1b 91 1e 8f 59 ac Aug 26 13:09:57.659559: | ikev2 g^x 41 cf a2 6d 40 23 ce 96 af 33 86 03 1a 7a 34 f5 Aug 26 13:09:57.659561: | ikev2 g^x af 25 79 c1 94 e6 e7 4d 2e 2f 1c f9 c3 db e8 a0 Aug 26 13:09:57.659564: | ikev2 g^x 21 d2 55 2e e7 18 c5 ca e4 76 40 22 7c c2 3a 6d Aug 26 13:09:57.659566: | ikev2 g^x 38 02 92 c8 1a a8 b1 30 c7 f5 3b f3 a6 cf 36 b8 Aug 26 13:09:57.659569: | ikev2 g^x c1 52 8f 24 5c e3 ae a1 03 af f3 ef b5 f1 0b 55 Aug 26 13:09:57.659571: | ikev2 g^x 48 0e d7 c1 91 1a fe e2 6e b1 31 a4 0f 39 8c 51 Aug 26 13:09:57.659574: | ikev2 g^x b9 0b 41 c2 bf a1 4f 90 8d 24 d0 26 73 9b 96 7d Aug 26 13:09:57.659577: | ikev2 g^x 12 03 fa e4 ce 18 fa 21 6a 5b 0f f5 7d 27 f3 1d Aug 26 13:09:57.659579: | ikev2 g^x b3 7c f7 91 9e 24 78 6f 25 19 c6 74 dd ba 3d 7a Aug 26 13:09:57.659582: | ikev2 g^x ea ee f4 98 55 41 7e 67 8d 06 66 70 44 1a 3a 3b Aug 26 13:09:57.659585: | ikev2 g^x 2c 95 68 53 21 c4 ce f8 ab bc d1 2c bf cf 1b 6a Aug 26 13:09:57.659587: | ikev2 g^x ed 74 95 e1 08 1c f5 62 25 f9 de 11 39 7f 9c 16 Aug 26 13:09:57.659590: | ikev2 g^x 23 b5 1e 10 52 c5 84 d1 99 c5 a0 8e d7 b8 43 bc Aug 26 13:09:57.659592: | ikev2 g^x 85 2c a7 cd a1 5b 87 e5 dd 59 45 17 b3 5d 45 8d Aug 26 13:09:57.659595: | emitting length of IKEv2 Key Exchange Payload: 392 Aug 26 13:09:57.659598: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:57.659601: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.659604: | flags: none (0x0) Aug 26 13:09:57.659606: | number of TS: 1 (0x1) Aug 26 13:09:57.659610: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:09:57.659613: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.659616: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:57.659619: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:57.659622: | IP Protocol ID: 0 (0x0) Aug 26 13:09:57.659625: | start port: 0 (0x0) Aug 26 13:09:57.659627: | end port: 65535 (0xffff) Aug 26 13:09:57.659631: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:57.659633: | ipv4 start c0 00 03 00 Aug 26 13:09:57.659636: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:57.659639: | ipv4 end c0 00 03 ff Aug 26 13:09:57.659641: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:57.659644: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:09:57.659647: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:57.659650: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:57.659652: | flags: none (0x0) Aug 26 13:09:57.659655: | number of TS: 1 (0x1) Aug 26 13:09:57.659658: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:09:57.659663: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:09:57.659666: | *****emit IKEv2 Traffic Selector: Aug 26 13:09:57.659669: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:57.659671: | IP Protocol ID: 0 (0x0) Aug 26 13:09:57.659674: | start port: 0 (0x0) Aug 26 13:09:57.659677: | end port: 65535 (0xffff) Aug 26 13:09:57.659680: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:09:57.659682: | ipv4 start c0 00 16 00 Aug 26 13:09:57.659685: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:09:57.659688: | ipv4 end c0 00 16 ff Aug 26 13:09:57.659690: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:09:57.659693: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:09:57.659696: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:09:57.659700: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Aug 26 13:09:57.660058: | install_ipsec_sa() for #6: inbound and outbound Aug 26 13:09:57.660064: | could_route called for north-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:09:57.660068: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:57.660071: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:57.660074: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:57.660078: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:57.660081: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:57.660085: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:09:57.660090: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:57.660093: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:57.660097: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:57.660101: | setting IPsec SA replay-window to 32 Aug 26 13:09:57.660105: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Aug 26 13:09:57.660108: | netlink: enabling tunnel mode Aug 26 13:09:57.660112: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:57.660115: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:57.660187: | netlink response for Add SA esp.49dd5118@192.1.3.33 included non-error error Aug 26 13:09:57.660193: | set up outgoing SA, ref=0/0 Aug 26 13:09:57.660197: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:57.660200: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:57.660203: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:57.660207: | setting IPsec SA replay-window to 32 Aug 26 13:09:57.660211: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Aug 26 13:09:57.660213: | netlink: enabling tunnel mode Aug 26 13:09:57.660216: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:57.660219: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:57.660258: | netlink response for Add SA esp.dfc4d2d5@192.1.2.23 included non-error error Aug 26 13:09:57.660263: | set up incoming SA, ref=0/0 Aug 26 13:09:57.660266: | sr for #6: erouted Aug 26 13:09:57.660269: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:57.660273: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:57.660276: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:57.660279: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:57.660282: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:09:57.660285: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:57.660295: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:09:57.660301: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x2 rosr:{(nil)} and state: #6 Aug 26 13:09:57.660306: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:09:57.660315: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:57.660319: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:57.660336: | raw_eroute result=success Aug 26 13:09:57.660341: | route_and_eroute: firewall_notified: true Aug 26 13:09:57.660345: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x564529d92988,sr=0x564529d92988} to #6 (was #3) (newest_ipsec_sa=#3) Aug 26 13:09:57.660397: | #2 spent 0.334 milliseconds in install_ipsec_sa() Aug 26 13:09:57.660403: | ISAKMP_v2_CREATE_CHILD_SA: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #6 (was #3) (spd.eroute=#6) cloned from #2 Aug 26 13:09:57.660407: | adding 16 bytes of padding (including 1 byte padding-length) Aug 26 13:09:57.660410: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660413: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660417: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660419: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660423: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660425: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660428: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660432: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660435: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660438: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660441: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660444: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660447: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660450: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660453: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660456: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:09:57.660459: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:09:57.660462: | emitting length of IKEv2 Encryption Payload: 580 Aug 26 13:09:57.660465: | emitting length of ISAKMP Message: 608 Aug 26 13:09:57.660498: | data being hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.660503: | data being hmac: 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.660506: | data being hmac: 66 aa ca a6 8f 35 63 01 1e f4 43 8a 46 75 85 95 Aug 26 13:09:57.660509: | data being hmac: d3 38 82 87 d0 e7 38 a9 13 ba c7 5b 79 62 28 5b Aug 26 13:09:57.660512: | data being hmac: ca a4 24 c6 e9 df 84 70 e9 7f 56 a0 d4 b9 ce f5 Aug 26 13:09:57.660514: | data being hmac: b5 72 5e a9 7d e9 80 d7 15 b9 15 1a 3e bd 95 8f Aug 26 13:09:57.660517: | data being hmac: 37 12 3a ba 83 45 d8 15 63 0b 27 10 6c 06 2c 3c Aug 26 13:09:57.660519: | data being hmac: 4d bc 4d 85 b5 12 8f 1b 39 59 98 d3 20 4b c9 07 Aug 26 13:09:57.660522: | data being hmac: 27 37 bb 10 e1 2b da f9 cd 70 d2 8b 84 53 2f 02 Aug 26 13:09:57.660525: | data being hmac: 63 29 10 49 90 11 c1 22 4c 13 24 22 f6 72 5c 38 Aug 26 13:09:57.660529: | data being hmac: 6f 7d e8 35 9b cf 13 1b 74 c3 f5 bc 2f f6 71 d9 Aug 26 13:09:57.660532: | data being hmac: 55 be da 8e 28 29 7d e1 cc 08 a5 0c 78 18 d3 ba Aug 26 13:09:57.660535: | data being hmac: b4 dc 13 d4 93 e0 5f 34 b6 2c c3 c8 6f d8 c0 c6 Aug 26 13:09:57.660538: | data being hmac: 9a 66 58 57 77 fd 9e 85 35 7e d2 34 0a 48 ab 76 Aug 26 13:09:57.660540: | data being hmac: 0a e6 d3 54 86 4e 22 88 64 f5 bd d3 bb 9e 9a 49 Aug 26 13:09:57.660543: | data being hmac: 40 de 86 7e 0d 16 d4 0d 15 d2 80 c9 f8 0c 11 1a Aug 26 13:09:57.660546: | data being hmac: 8a 17 22 63 29 be 65 d1 19 3b 4c 3c 8f 44 8a 0c Aug 26 13:09:57.660549: | data being hmac: 38 6b fd c1 4d 6e a0 20 38 75 c7 bb 63 9d c8 84 Aug 26 13:09:57.660551: | data being hmac: 34 dd 97 2e 0c c5 c8 a4 df 33 ea 7d 4b 20 1c 4f Aug 26 13:09:57.660554: | data being hmac: bf 5f 1f 2a 65 18 a8 8b 9b a8 62 93 01 0e 02 e5 Aug 26 13:09:57.660557: | data being hmac: 66 18 f4 10 f9 61 8f 7b b8 42 b7 87 30 05 00 74 Aug 26 13:09:57.660559: | data being hmac: b1 46 40 d5 ce 50 6b b9 d6 ad ac 64 45 00 0d 68 Aug 26 13:09:57.660562: | data being hmac: b7 1d 97 3f 51 ca d7 c6 31 a0 72 30 b8 a4 1b de Aug 26 13:09:57.660564: | data being hmac: c9 97 f8 e2 88 f1 4a 1f 3a 11 c9 80 7c 8c ce 3c Aug 26 13:09:57.660567: | data being hmac: 3a 6e 16 29 36 14 e1 07 d5 2f 21 ce 20 0e e6 7b Aug 26 13:09:57.660570: | data being hmac: af 31 0f 86 b7 e6 da 36 20 25 1d 14 bf 4e 33 62 Aug 26 13:09:57.660572: | data being hmac: 00 39 71 fe 76 fd 82 6f b9 6d 96 f0 fe 1a 5e 4a Aug 26 13:09:57.660575: | data being hmac: e2 a4 41 88 6a 2f 2d 02 01 84 86 59 25 ff 83 c2 Aug 26 13:09:57.660578: | data being hmac: 94 6b 6e 38 74 88 55 b5 e1 2d 98 1a 07 3c 30 01 Aug 26 13:09:57.660580: | data being hmac: 72 c1 d7 13 b5 a0 a0 68 49 b0 6d eb 60 58 a5 9b Aug 26 13:09:57.660583: | data being hmac: e0 15 e3 08 b1 14 51 37 73 bb 21 79 48 2e 29 f2 Aug 26 13:09:57.660585: | data being hmac: 1a 61 b7 0f f6 cc 44 b7 7f 81 a3 f6 2a ec 69 99 Aug 26 13:09:57.660588: | data being hmac: 9b 55 cb 46 fd cf bd c4 ab b8 a3 d3 4a 58 17 32 Aug 26 13:09:57.660591: | data being hmac: f0 8e 41 b8 6d 37 c2 61 d3 b6 50 d8 dc f3 86 61 Aug 26 13:09:57.660593: | data being hmac: e1 47 97 44 1c ba 5c c4 61 0d f3 3e c1 40 c3 c7 Aug 26 13:09:57.660596: | data being hmac: 6f 24 15 f9 b7 93 d7 da b7 16 9c 56 4c b6 c1 41 Aug 26 13:09:57.660599: | data being hmac: 45 52 c9 09 60 52 e2 f2 63 5d 36 9c af 41 8a 3b Aug 26 13:09:57.660601: | out calculated auth: Aug 26 13:09:57.660604: | 71 58 dc 86 5f de ce 84 46 a0 2c 74 4a 35 91 3f Aug 26 13:09:57.660613: "north-eastnets/0x2" #6: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:57.660621: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:57.660626: | #6 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_OK Aug 26 13:09:57.660630: | IKEv2: transition from state STATE_V2_CREATE_R to state STATE_V2_IPSEC_R Aug 26 13:09:57.660634: | child state #6: V2_CREATE_R(established IKE SA) => V2_IPSEC_R(established CHILD SA) Aug 26 13:09:57.660637: | Message ID: updating counters for #6 to 2 after switching state Aug 26 13:09:57.660643: | Message ID: recv #2.#6 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1->2; child: wip.initiator=-1 wip.responder=2->-1 Aug 26 13:09:57.660648: | Message ID: sent #2.#6 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=2; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:09:57.660652: | pstats #6 ikev2.child established Aug 26 13:09:57.660659: "north-eastnets/0x2" #6: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:57.660664: | NAT-T: encaps is 'auto' Aug 26 13:09:57.660669: "north-eastnets/0x2" #6: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x49dd5118 <0xdfc4d2d5 xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Aug 26 13:09:57.660676: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:09:57.660683: | sending 608 bytes for STATE_V2_CREATE_R through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:09:57.660686: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:09:57.660689: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.660691: | 66 aa ca a6 8f 35 63 01 1e f4 43 8a 46 75 85 95 Aug 26 13:09:57.660694: | d3 38 82 87 d0 e7 38 a9 13 ba c7 5b 79 62 28 5b Aug 26 13:09:57.660696: | ca a4 24 c6 e9 df 84 70 e9 7f 56 a0 d4 b9 ce f5 Aug 26 13:09:57.660699: | b5 72 5e a9 7d e9 80 d7 15 b9 15 1a 3e bd 95 8f Aug 26 13:09:57.660702: | 37 12 3a ba 83 45 d8 15 63 0b 27 10 6c 06 2c 3c Aug 26 13:09:57.660704: | 4d bc 4d 85 b5 12 8f 1b 39 59 98 d3 20 4b c9 07 Aug 26 13:09:57.660707: | 27 37 bb 10 e1 2b da f9 cd 70 d2 8b 84 53 2f 02 Aug 26 13:09:57.660709: | 63 29 10 49 90 11 c1 22 4c 13 24 22 f6 72 5c 38 Aug 26 13:09:57.660712: | 6f 7d e8 35 9b cf 13 1b 74 c3 f5 bc 2f f6 71 d9 Aug 26 13:09:57.660714: | 55 be da 8e 28 29 7d e1 cc 08 a5 0c 78 18 d3 ba Aug 26 13:09:57.660717: | b4 dc 13 d4 93 e0 5f 34 b6 2c c3 c8 6f d8 c0 c6 Aug 26 13:09:57.660719: | 9a 66 58 57 77 fd 9e 85 35 7e d2 34 0a 48 ab 76 Aug 26 13:09:57.660721: | 0a e6 d3 54 86 4e 22 88 64 f5 bd d3 bb 9e 9a 49 Aug 26 13:09:57.660724: | 40 de 86 7e 0d 16 d4 0d 15 d2 80 c9 f8 0c 11 1a Aug 26 13:09:57.660727: | 8a 17 22 63 29 be 65 d1 19 3b 4c 3c 8f 44 8a 0c Aug 26 13:09:57.660729: | 38 6b fd c1 4d 6e a0 20 38 75 c7 bb 63 9d c8 84 Aug 26 13:09:57.660732: | 34 dd 97 2e 0c c5 c8 a4 df 33 ea 7d 4b 20 1c 4f Aug 26 13:09:57.660734: | bf 5f 1f 2a 65 18 a8 8b 9b a8 62 93 01 0e 02 e5 Aug 26 13:09:57.660737: | 66 18 f4 10 f9 61 8f 7b b8 42 b7 87 30 05 00 74 Aug 26 13:09:57.660739: | b1 46 40 d5 ce 50 6b b9 d6 ad ac 64 45 00 0d 68 Aug 26 13:09:57.660742: | b7 1d 97 3f 51 ca d7 c6 31 a0 72 30 b8 a4 1b de Aug 26 13:09:57.660744: | c9 97 f8 e2 88 f1 4a 1f 3a 11 c9 80 7c 8c ce 3c Aug 26 13:09:57.660747: | 3a 6e 16 29 36 14 e1 07 d5 2f 21 ce 20 0e e6 7b Aug 26 13:09:57.660749: | af 31 0f 86 b7 e6 da 36 20 25 1d 14 bf 4e 33 62 Aug 26 13:09:57.660752: | 00 39 71 fe 76 fd 82 6f b9 6d 96 f0 fe 1a 5e 4a Aug 26 13:09:57.660754: | e2 a4 41 88 6a 2f 2d 02 01 84 86 59 25 ff 83 c2 Aug 26 13:09:57.660757: | 94 6b 6e 38 74 88 55 b5 e1 2d 98 1a 07 3c 30 01 Aug 26 13:09:57.660759: | 72 c1 d7 13 b5 a0 a0 68 49 b0 6d eb 60 58 a5 9b Aug 26 13:09:57.660762: | e0 15 e3 08 b1 14 51 37 73 bb 21 79 48 2e 29 f2 Aug 26 13:09:57.660764: | 1a 61 b7 0f f6 cc 44 b7 7f 81 a3 f6 2a ec 69 99 Aug 26 13:09:57.660767: | 9b 55 cb 46 fd cf bd c4 ab b8 a3 d3 4a 58 17 32 Aug 26 13:09:57.660770: | f0 8e 41 b8 6d 37 c2 61 d3 b6 50 d8 dc f3 86 61 Aug 26 13:09:57.660772: | e1 47 97 44 1c ba 5c c4 61 0d f3 3e c1 40 c3 c7 Aug 26 13:09:57.660775: | 6f 24 15 f9 b7 93 d7 da b7 16 9c 56 4c b6 c1 41 Aug 26 13:09:57.660777: | 45 52 c9 09 60 52 e2 f2 63 5d 36 9c af 41 8a 3b Aug 26 13:09:57.660780: | 71 58 dc 86 5f de ce 84 46 a0 2c 74 4a 35 91 3f Aug 26 13:09:57.660791: | releasing whack for #6 (sock=fd@-1) Aug 26 13:09:57.660795: | releasing whack and unpending for parent #2 Aug 26 13:09:57.660798: | unpending state #2 connection "north-eastnets/0x2" Aug 26 13:09:57.660803: | #6 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:09:57.660806: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:57.660811: | libevent_free: release ptr-libevent@0x564529da1f38 Aug 26 13:09:57.660814: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529da03e8 Aug 26 13:09:57.660818: | event_schedule: new EVENT_SA_REKEY-pe@0x564529da03e8 Aug 26 13:09:57.660822: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #6 Aug 26 13:09:57.660827: | libevent_malloc: new ptr-libevent@0x564529da8d18 size 128 Aug 26 13:09:57.660834: | #6 spent 1.95 milliseconds in resume sending helper answer Aug 26 13:09:57.660839: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:09:57.660843: | libevent_free: release ptr-libevent@0x7f5108001188 Aug 26 13:09:57.668915: | timer_event_cb: processing event@0x564529da0378 Aug 26 13:09:57.668934: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:57.668944: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:57.668949: | IKEv2 retransmit event Aug 26 13:09:57.668955: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:57.668961: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:57.668966: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:57.668972: | retransmits: current time 10283.411436; retransmit count 4 exceeds limit? NO; deltatime 0.8 exceeds limit? NO; monotime 0.806575 exceeds limit? NO Aug 26 13:09:57.668975: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529d9d308 Aug 26 13:09:57.668978: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #5 Aug 26 13:09:57.668981: | libevent_malloc: new ptr-libevent@0x7f5108001188 size 128 Aug 26 13:09:57.668984: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 0.8 seconds for response Aug 26 13:09:57.668990: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:57.668992: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:57.668993: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:57.668995: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:57.668996: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:57.668998: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:57.668999: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:57.669001: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:57.669002: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:57.669004: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:57.669005: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:57.669007: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:57.669008: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:57.669010: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:57.669011: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:57.669013: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:57.669014: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:57.669016: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:57.669017: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:57.669019: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:57.669020: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:57.669022: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:57.669023: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:57.669025: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:57.669026: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:57.669028: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:57.669029: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:57.669031: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:57.669032: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:57.669034: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:57.669039: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:57.669040: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:57.669043: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:57.669045: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:57.669048: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:57.669050: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:57.669052: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:57.669055: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:57.669058: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:57.669089: | libevent_free: release ptr-libevent@0x564529da1748 Aug 26 13:09:57.669095: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:57.669102: | #5 spent 0.174 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:57.669107: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:58.469309: | timer_event_cb: processing event@0x564529d9d308 Aug 26 13:09:58.469332: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:09:58.469341: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:250) Aug 26 13:09:58.469346: | IKEv2 retransmit event Aug 26 13:09:58.469352: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in retransmit_v2_msg() at retry.c:144) Aug 26 13:09:58.469357: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Aug 26 13:09:58.469361: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Aug 26 13:09:58.469368: | retransmits: current time 10284.211832; retransmit count 5 exceeds limit? NO; deltatime 1.6 exceeds limit? NO; monotime 1.606971 exceeds limit? NO Aug 26 13:09:58.469373: | event_schedule: new EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:58.469378: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #5 Aug 26 13:09:58.469382: | libevent_malloc: new ptr-libevent@0x564529da1748 size 128 Aug 26 13:09:58.469387: "north-eastnets/0x1" #5: STATE_V2_CREATE_I: retransmission; will wait 1.6 seconds for response Aug 26 13:09:58.469396: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:09:58.469400: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:58.469402: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:58.469405: | f6 0c 6f b6 d8 31 e3 f4 50 80 a6 c2 ba 82 17 97 Aug 26 13:09:58.469407: | 9a ff d0 57 e3 f8 55 2e e8 58 11 5a f2 cf 5f a5 Aug 26 13:09:58.469410: | a5 f8 38 55 0c b2 b9 58 aa 11 7f d9 19 96 4c 21 Aug 26 13:09:58.469412: | 0e ef f9 0c ce 61 af 9f 2f bc 12 97 71 da 01 26 Aug 26 13:09:58.469414: | 0a 6e c6 10 a1 2f 38 7b 1f ae c2 d0 02 11 df f7 Aug 26 13:09:58.469417: | 1a 72 b0 64 03 60 81 ba d1 ed c3 95 d7 af 0d 72 Aug 26 13:09:58.469419: | 43 f0 e8 3d c7 c8 e0 97 94 47 21 36 80 e9 f9 d0 Aug 26 13:09:58.469422: | f1 60 5c 6a 89 e0 b9 6f 2a 9b 24 a8 b7 db 62 8a Aug 26 13:09:58.469424: | 11 04 53 33 29 cb f8 29 98 97 be f3 0b d2 2f 17 Aug 26 13:09:58.469427: | 57 07 4b ec 4b 7c 22 68 6a 02 9a 45 7f 8d 20 90 Aug 26 13:09:58.469429: | 87 ab 5c 3e 35 3d 8a 7f f6 d9 a4 3d d0 1f 2c 60 Aug 26 13:09:58.469432: | f3 9e c8 ef bc 64 22 d3 f6 5d 49 0a 1a e2 18 3c Aug 26 13:09:58.469434: | 15 68 b5 36 a2 d2 d1 86 bc 83 4e 2d 4f 3f 80 35 Aug 26 13:09:58.469437: | ff 36 8c 30 72 8d 4f 71 69 bf 5b c8 56 30 b5 6b Aug 26 13:09:58.469439: | db a5 34 df fb 7d 98 9a 60 15 b6 5c 0a ab 8a 9e Aug 26 13:09:58.469442: | 6c 70 e9 37 73 61 75 34 73 f1 72 84 a3 02 2d a3 Aug 26 13:09:58.469444: | fe 25 53 db c9 85 19 92 a3 26 2f b8 a3 a2 98 5c Aug 26 13:09:58.469447: | bb da ac 04 e7 59 94 14 80 5b 08 23 b6 65 20 91 Aug 26 13:09:58.469449: | b5 2c 09 c0 b7 90 7c d6 f9 c8 93 90 2b b5 2f 90 Aug 26 13:09:58.469456: | 04 ac 87 13 1c 09 05 6d 12 6d 3a b1 2b ee 61 b7 Aug 26 13:09:58.469458: | 61 a4 36 ed 1d e7 ea ae 1b ae a0 36 1f 49 3b 67 Aug 26 13:09:58.469461: | 8c 7f a7 bb a9 16 d7 55 b6 1a 07 04 eb f7 f7 68 Aug 26 13:09:58.469463: | 2e 41 52 cd a9 f6 d7 8d 77 7d e0 26 f8 90 a2 fc Aug 26 13:09:58.469466: | 15 b0 24 26 c2 08 57 09 41 95 eb e5 6d a0 d8 56 Aug 26 13:09:58.469469: | e0 8b 49 ae e2 b5 fd d6 3b 75 73 5f af 2c e6 45 Aug 26 13:09:58.469471: | 67 d1 9f c4 14 85 f9 d8 b9 54 b3 87 7c ee f9 7b Aug 26 13:09:58.469474: | e8 95 eb 0a a6 c3 4d c6 1d c0 1c 69 a4 2c b7 63 Aug 26 13:09:58.469476: | ba 37 fb ee 11 3f f8 bd a4 a6 8a 38 8c 6d aa 5a Aug 26 13:09:58.469479: | 76 f2 93 40 a4 73 49 46 c3 4d a7 f9 29 f0 0a dc Aug 26 13:09:58.469481: | c1 28 58 b2 b2 9c 6b ac 7b fa 94 ef d6 e0 6c 22 Aug 26 13:09:58.469484: | 5f 65 79 cf d7 ac bf 41 8a 8f 1e 82 7c 96 18 d3 Aug 26 13:09:58.469486: | bc 38 8f d1 60 c7 0b 60 75 39 8f 3f 56 e4 48 51 Aug 26 13:09:58.469489: | 98 ea 3e 29 73 de 81 2d 42 e7 e1 f2 dd 27 6f 04 Aug 26 13:09:58.469491: | b8 73 78 8d a9 2b 10 c7 15 18 65 65 88 ab 83 e6 Aug 26 13:09:58.469494: | b6 6e ec 2c 24 25 80 9d b0 58 dd bc 90 47 d6 31 Aug 26 13:09:58.469496: | 10 85 17 67 02 49 d4 74 f2 1f ae cd d5 a5 28 c9 Aug 26 13:09:58.469522: | libevent_free: release ptr-libevent@0x7f5108001188 Aug 26 13:09:58.469527: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529d9d308 Aug 26 13:09:58.469534: | #5 spent 0.215 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:09:58.469539: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in timer_event_cb() at timer.c:557) Aug 26 13:09:58.870657: | spent 0.000188 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:09:58.870953: | *received 608 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:09:58.870960: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:58.870963: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:58.870965: | 3a c5 13 df 3a eb a1 f9 18 4a 10 a3 da 3f 39 bf Aug 26 13:09:58.870967: | 1e d6 6c 83 dd a8 01 4a 85 e3 ac 0f fc ae 9d a9 Aug 26 13:09:58.870969: | 94 b5 10 4c de b3 05 68 b6 e8 81 6e 6c 68 e6 cc Aug 26 13:09:58.870971: | 7a 97 08 3c d1 e7 1d 5a 0f ae 95 5a 5b fe 06 a4 Aug 26 13:09:58.870973: | f6 c1 b5 82 97 fe e4 85 4b 64 22 25 d0 bf 79 29 Aug 26 13:09:58.870975: | a8 c5 ea d5 2e e9 0c c2 60 21 bf 26 4f 0c 66 bd Aug 26 13:09:58.870977: | c1 c2 bc f2 c3 14 e7 42 07 93 14 7f ea 71 d5 35 Aug 26 13:09:58.870979: | 78 a2 f0 d2 74 50 b6 35 7f d6 94 c0 e8 0b 53 7b Aug 26 13:09:58.870981: | 21 95 2c 67 e9 6a 33 7b bc 7c d9 8e d2 75 9b 07 Aug 26 13:09:58.870983: | db cf 9f 8d d5 76 39 55 0e e1 74 60 57 7c cf 66 Aug 26 13:09:58.870985: | 8a c8 b8 62 b6 a1 37 90 80 82 16 df 9b f1 84 8c Aug 26 13:09:58.870987: | ce 30 8e 4e ff 2f fa e0 b3 a8 15 47 75 c2 9c 6c Aug 26 13:09:58.870989: | 31 3c 19 5e 6e 4d 27 e7 cc b3 42 f1 5a a7 15 41 Aug 26 13:09:58.870991: | 54 e2 c3 77 6a db 86 53 c4 12 26 d3 19 80 d3 ba Aug 26 13:09:58.870993: | 84 a5 0d 44 fb bb 21 f3 2f c6 f1 a0 58 61 52 55 Aug 26 13:09:58.870995: | 58 a7 4a 53 8f 69 36 c6 e1 06 aa fc 61 e5 cc 84 Aug 26 13:09:58.870997: | 87 08 e0 8d 32 4f 0f fa b8 1e 7d ce fc 68 7b 9d Aug 26 13:09:58.870999: | 6b 6e 48 b5 53 fc 1e a9 cc b9 29 fb 92 6a 90 31 Aug 26 13:09:58.871001: | e8 f6 81 3a 30 84 78 2c d7 51 58 d9 e7 d0 a0 3a Aug 26 13:09:58.871004: | e8 eb 46 7c 2c 89 fb de 41 9b f7 ec d4 ce 1e b2 Aug 26 13:09:58.871006: | 98 ce c3 5d 9c 5b 95 ff 2f 69 23 3c f3 0b d2 7e Aug 26 13:09:58.871008: | 81 8a f2 7a ec 93 cc b9 7a 8e 25 37 3e d9 2e 79 Aug 26 13:09:58.871010: | c7 e2 38 bb b1 7b b7 39 80 ff d7 f8 e9 cf 93 4b Aug 26 13:09:58.871012: | 86 1a 75 54 cf 4d 47 0f 25 d7 23 97 8b f1 d0 a3 Aug 26 13:09:58.871014: | 2b 3d 9b 4a 19 04 e8 88 5c 45 dc 13 2f f8 96 53 Aug 26 13:09:58.871020: | c4 4a d4 2b 52 15 3c bf f4 e3 aa de 0b 0c 53 08 Aug 26 13:09:58.871022: | a5 71 a5 7e 7c 63 67 86 e4 70 83 db b5 39 6a 52 Aug 26 13:09:58.871024: | 2c c3 80 44 ff ce 7c 84 b1 1e 38 da 9e c5 fd ee Aug 26 13:09:58.871026: | 2a af 30 86 4d 5c 54 a0 32 6b 0d ad 0d 11 f2 3d Aug 26 13:09:58.871028: | 66 57 14 44 b4 eb a4 25 a2 22 28 38 6f 9e 2d ab Aug 26 13:09:58.871031: | 1d c7 18 08 c4 11 96 1a 00 fe bf 19 dd 9e 47 1d Aug 26 13:09:58.871033: | 22 ae 2d ed 1d 6c 96 43 23 c8 3a 68 c0 e0 68 f6 Aug 26 13:09:58.871035: | cd 09 66 61 92 fd 50 36 88 32 72 ce 6a 6c 75 51 Aug 26 13:09:58.871037: | 4c 46 19 09 7f c3 df a3 ad d6 43 26 85 b8 b6 5b Aug 26 13:09:58.871039: | 70 f3 2b 56 bc e9 8c 9c 70 48 ac 5c 93 18 59 bb Aug 26 13:09:58.871041: | 79 1f 6a d5 91 49 61 a9 59 d0 82 51 16 55 69 fc Aug 26 13:09:58.871047: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:09:58.871051: | **parse ISAKMP Message: Aug 26 13:09:58.871054: | initiator cookie: Aug 26 13:09:58.871056: | a9 6d 2c db 22 7f 10 cd Aug 26 13:09:58.871058: | responder cookie: Aug 26 13:09:58.871060: | a9 27 21 0d a1 26 af 75 Aug 26 13:09:58.871063: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:09:58.871066: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:09:58.871068: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:09:58.871071: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:09:58.871074: | Message ID: 2 (0x2) Aug 26 13:09:58.871076: | length: 608 (0x260) Aug 26 13:09:58.871079: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:09:58.871082: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Aug 26 13:09:58.871087: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Aug 26 13:09:58.871093: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:09:58.871097: | State DB: found IKEv2 state #5 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Aug 26 13:09:58.871102: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:58.871106: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:09:58.871108: | #5 is idle Aug 26 13:09:58.871111: | #5 idle Aug 26 13:09:58.871114: | unpacking clear payload Aug 26 13:09:58.871116: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:09:58.871120: | ***parse IKEv2 Encryption Payload: Aug 26 13:09:58.871123: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:09:58.871125: | flags: none (0x0) Aug 26 13:09:58.871128: | length: 580 (0x244) Aug 26 13:09:58.871130: | processing payload: ISAKMP_NEXT_v2SK (len=576) Aug 26 13:09:58.871134: | #5 in state V2_CREATE_I: sent IPsec Child req wait response Aug 26 13:09:58.871174: | data for hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:09:58.871178: | data for hmac: 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:09:58.871181: | data for hmac: 3a c5 13 df 3a eb a1 f9 18 4a 10 a3 da 3f 39 bf Aug 26 13:09:58.871184: | data for hmac: 1e d6 6c 83 dd a8 01 4a 85 e3 ac 0f fc ae 9d a9 Aug 26 13:09:58.871186: | data for hmac: 94 b5 10 4c de b3 05 68 b6 e8 81 6e 6c 68 e6 cc Aug 26 13:09:58.871189: | data for hmac: 7a 97 08 3c d1 e7 1d 5a 0f ae 95 5a 5b fe 06 a4 Aug 26 13:09:58.871191: | data for hmac: f6 c1 b5 82 97 fe e4 85 4b 64 22 25 d0 bf 79 29 Aug 26 13:09:58.871194: | data for hmac: a8 c5 ea d5 2e e9 0c c2 60 21 bf 26 4f 0c 66 bd Aug 26 13:09:58.871196: | data for hmac: c1 c2 bc f2 c3 14 e7 42 07 93 14 7f ea 71 d5 35 Aug 26 13:09:58.871199: | data for hmac: 78 a2 f0 d2 74 50 b6 35 7f d6 94 c0 e8 0b 53 7b Aug 26 13:09:58.871201: | data for hmac: 21 95 2c 67 e9 6a 33 7b bc 7c d9 8e d2 75 9b 07 Aug 26 13:09:58.871206: | data for hmac: db cf 9f 8d d5 76 39 55 0e e1 74 60 57 7c cf 66 Aug 26 13:09:58.871208: | data for hmac: 8a c8 b8 62 b6 a1 37 90 80 82 16 df 9b f1 84 8c Aug 26 13:09:58.871211: | data for hmac: ce 30 8e 4e ff 2f fa e0 b3 a8 15 47 75 c2 9c 6c Aug 26 13:09:58.871213: | data for hmac: 31 3c 19 5e 6e 4d 27 e7 cc b3 42 f1 5a a7 15 41 Aug 26 13:09:58.871216: | data for hmac: 54 e2 c3 77 6a db 86 53 c4 12 26 d3 19 80 d3 ba Aug 26 13:09:58.871218: | data for hmac: 84 a5 0d 44 fb bb 21 f3 2f c6 f1 a0 58 61 52 55 Aug 26 13:09:58.871221: | data for hmac: 58 a7 4a 53 8f 69 36 c6 e1 06 aa fc 61 e5 cc 84 Aug 26 13:09:58.871224: | data for hmac: 87 08 e0 8d 32 4f 0f fa b8 1e 7d ce fc 68 7b 9d Aug 26 13:09:58.871226: | data for hmac: 6b 6e 48 b5 53 fc 1e a9 cc b9 29 fb 92 6a 90 31 Aug 26 13:09:58.871593: | data for hmac: e8 f6 81 3a 30 84 78 2c d7 51 58 d9 e7 d0 a0 3a Aug 26 13:09:58.871604: | data for hmac: e8 eb 46 7c 2c 89 fb de 41 9b f7 ec d4 ce 1e b2 Aug 26 13:09:58.871607: | data for hmac: 98 ce c3 5d 9c 5b 95 ff 2f 69 23 3c f3 0b d2 7e Aug 26 13:09:58.871610: | data for hmac: 81 8a f2 7a ec 93 cc b9 7a 8e 25 37 3e d9 2e 79 Aug 26 13:09:58.871612: | data for hmac: c7 e2 38 bb b1 7b b7 39 80 ff d7 f8 e9 cf 93 4b Aug 26 13:09:58.871615: | data for hmac: 86 1a 75 54 cf 4d 47 0f 25 d7 23 97 8b f1 d0 a3 Aug 26 13:09:58.871618: | data for hmac: 2b 3d 9b 4a 19 04 e8 88 5c 45 dc 13 2f f8 96 53 Aug 26 13:09:58.871621: | data for hmac: c4 4a d4 2b 52 15 3c bf f4 e3 aa de 0b 0c 53 08 Aug 26 13:09:58.871625: | data for hmac: a5 71 a5 7e 7c 63 67 86 e4 70 83 db b5 39 6a 52 Aug 26 13:09:58.871627: | data for hmac: 2c c3 80 44 ff ce 7c 84 b1 1e 38 da 9e c5 fd ee Aug 26 13:09:58.871630: | data for hmac: 2a af 30 86 4d 5c 54 a0 32 6b 0d ad 0d 11 f2 3d Aug 26 13:09:58.871632: | data for hmac: 66 57 14 44 b4 eb a4 25 a2 22 28 38 6f 9e 2d ab Aug 26 13:09:58.871635: | data for hmac: 1d c7 18 08 c4 11 96 1a 00 fe bf 19 dd 9e 47 1d Aug 26 13:09:58.871637: | data for hmac: 22 ae 2d ed 1d 6c 96 43 23 c8 3a 68 c0 e0 68 f6 Aug 26 13:09:58.871640: | data for hmac: cd 09 66 61 92 fd 50 36 88 32 72 ce 6a 6c 75 51 Aug 26 13:09:58.871642: | data for hmac: 4c 46 19 09 7f c3 df a3 ad d6 43 26 85 b8 b6 5b Aug 26 13:09:58.871644: | data for hmac: 70 f3 2b 56 bc e9 8c 9c 70 48 ac 5c 93 18 59 bb Aug 26 13:09:58.871647: | calculated auth: 79 1f 6a d5 91 49 61 a9 59 d0 82 51 16 55 69 fc Aug 26 13:09:58.871650: | provided auth: 79 1f 6a d5 91 49 61 a9 59 d0 82 51 16 55 69 fc Aug 26 13:09:58.871652: | authenticator matched Aug 26 13:09:58.871671: | #5 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:09:58.871675: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:09:58.871678: | **parse IKEv2 Security Association Payload: Aug 26 13:09:58.871681: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:09:58.871684: | flags: none (0x0) Aug 26 13:09:58.871686: | length: 52 (0x34) Aug 26 13:09:58.871689: | processing payload: ISAKMP_NEXT_v2SA (len=48) Aug 26 13:09:58.871692: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:09:58.871694: | **parse IKEv2 Nonce Payload: Aug 26 13:09:58.871697: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:09:58.871699: | flags: none (0x0) Aug 26 13:09:58.871701: | length: 36 (0x24) Aug 26 13:09:58.871703: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:09:58.871705: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:09:58.871708: | **parse IKEv2 Key Exchange Payload: Aug 26 13:09:58.871710: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:09:58.871713: | flags: none (0x0) Aug 26 13:09:58.871715: | length: 392 (0x188) Aug 26 13:09:58.871717: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:58.871720: | processing payload: ISAKMP_NEXT_v2KE (len=384) Aug 26 13:09:58.871722: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:09:58.871725: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:09:58.871730: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:09:58.871733: | flags: none (0x0) Aug 26 13:09:58.871735: | length: 24 (0x18) Aug 26 13:09:58.871738: | number of TS: 1 (0x1) Aug 26 13:09:58.871740: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:09:58.871742: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:09:58.871745: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:09:58.871747: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:09:58.871750: | flags: none (0x0) Aug 26 13:09:58.871752: | length: 24 (0x18) Aug 26 13:09:58.871755: | number of TS: 1 (0x1) Aug 26 13:09:58.871757: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:09:58.871760: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:58.871767: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:09:58.871770: | forcing ST #5 to CHILD #1.#5 in FSM processor Aug 26 13:09:58.871773: | Now let's proceed with state specific processing Aug 26 13:09:58.871775: | calling processor Process CREATE_CHILD_SA IPsec SA Response Aug 26 13:09:58.871785: | using existing local ESP/AH proposals for north-eastnets/0x1 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:58.871789: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Aug 26 13:09:58.871793: | local proposal 1 type ENCR has 1 transforms Aug 26 13:09:58.871795: | local proposal 1 type PRF has 0 transforms Aug 26 13:09:58.871798: | local proposal 1 type INTEG has 1 transforms Aug 26 13:09:58.871801: | local proposal 1 type DH has 1 transforms Aug 26 13:09:58.871804: | local proposal 1 type ESN has 1 transforms Aug 26 13:09:58.871807: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:09:58.871811: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:09:58.871814: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:09:58.871816: | length: 48 (0x30) Aug 26 13:09:58.871819: | prop #: 1 (0x1) Aug 26 13:09:58.871822: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:09:58.871824: | spi size: 4 (0x4) Aug 26 13:09:58.871827: | # transforms: 4 (0x4) Aug 26 13:09:58.871831: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:09:58.871833: | remote SPI d0 d5 dc fa Aug 26 13:09:58.871837: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:09:58.871840: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:58.871843: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:58.871845: | length: 12 (0xc) Aug 26 13:09:58.871848: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:09:58.871851: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:09:58.871853: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:09:58.871856: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:09:58.871859: | length/value: 128 (0x80) Aug 26 13:09:58.871864: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:09:58.871867: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:58.871869: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:58.871871: | length: 8 (0x8) Aug 26 13:09:58.871874: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:09:58.871876: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:09:58.871880: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:09:58.871882: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:58.871885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:09:58.871888: | length: 8 (0x8) Aug 26 13:09:58.871890: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:09:58.871895: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:09:58.871898: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:09:58.871902: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:09:58.871905: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:09:58.871908: | length: 8 (0x8) Aug 26 13:09:58.871911: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:09:58.871913: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:09:58.871917: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:09:58.871921: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Aug 26 13:09:58.871925: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Aug 26 13:09:58.871928: | remote proposal 1 matches local proposal 1 Aug 26 13:09:58.871931: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Aug 26 13:09:58.871937: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=d0d5dcfa;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:09:58.871939: | converting proposal to internal trans attrs Aug 26 13:09:58.871944: | updating #5's .st_oakley with preserved PRF, but why update? Aug 26 13:09:58.871949: | adding ikev2 Child SA initiator pfs=yes work-order 8 for state #5 Aug 26 13:09:58.871952: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:09:58.871955: | #5 STATE_V2_CREATE_I: retransmits: cleared Aug 26 13:09:58.871960: | libevent_free: release ptr-libevent@0x564529da1748 Aug 26 13:09:58.871963: | free_event_entry: release EVENT_RETRANSMIT-pe@0x564529da0378 Aug 26 13:09:58.871966: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x564529da0378 Aug 26 13:09:58.871970: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:09:58.871973: | libevent_malloc: new ptr-libevent@0x7f5108001188 size 128 Aug 26 13:09:58.871986: | #5 spent 0.205 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Aug 26 13:09:58.871993: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:58.871997: | #5 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Aug 26 13:09:58.872000: | suspending state #5 and saving MD Aug 26 13:09:58.872003: | #5 is busy; has a suspended MD Aug 26 13:09:58.872008: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:09:58.872012: | "north-eastnets/0x1" #5 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:09:58.872017: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:09:58.872021: | crypto helper 0 resuming Aug 26 13:09:58.872033: | crypto helper 0 starting work-order 8 for state #5 Aug 26 13:09:58.872038: | crypto helper 0 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 8 Aug 26 13:09:58.872022: | #1 spent 0.991 milliseconds in ikev2_process_packet() Aug 26 13:09:58.872167: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Aug 26 13:09:58.872170: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:09:58.872173: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:09:58.872178: | spent 1.01 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:09:58.874213: | crypto helper 0 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 8 time elapsed 0.002174 seconds Aug 26 13:09:58.874236: | (#5) spent 2.18 milliseconds in crypto helper computing work-order 8: ikev2 Child SA initiator pfs=yes (dh) Aug 26 13:09:58.874243: | crypto helper 0 sending results from work-order 8 for state #5 to event queue Aug 26 13:09:58.874247: | scheduling resume sending helper answer for #5 Aug 26 13:09:58.874251: | libevent_malloc: new ptr-libevent@0x7f511c0027d8 size 128 Aug 26 13:09:58.874260: | crypto helper 0 waiting (nothing to do) Aug 26 13:09:58.874334: | processing resume sending helper answer for #5 Aug 26 13:09:58.874350: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:797) Aug 26 13:09:58.874355: | crypto helper 0 replies to request ID 8 Aug 26 13:09:58.874358: | calling continuation function 0x564528dce9d0 Aug 26 13:09:58.874362: | ikev2_child_inR_continue for #5 STATE_V2_CREATE_I Aug 26 13:09:58.874367: | TSi: parsing 1 traffic selectors Aug 26 13:09:58.874371: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:58.874375: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:58.874377: | IP Protocol ID: 0 (0x0) Aug 26 13:09:58.874380: | length: 16 (0x10) Aug 26 13:09:58.874383: | start port: 0 (0x0) Aug 26 13:09:58.874386: | end port: 65535 (0xffff) Aug 26 13:09:58.874390: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:58.874393: | TS low c0 00 02 00 Aug 26 13:09:58.874396: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:58.874398: | TS high c0 00 02 ff Aug 26 13:09:58.874401: | TSi: parsed 1 traffic selectors Aug 26 13:09:58.874404: | TSr: parsing 1 traffic selectors Aug 26 13:09:58.874407: | ***parse IKEv2 Traffic Selector: Aug 26 13:09:58.874409: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:09:58.874412: | IP Protocol ID: 0 (0x0) Aug 26 13:09:58.874414: | length: 16 (0x10) Aug 26 13:09:58.874417: | start port: 0 (0x0) Aug 26 13:09:58.874420: | end port: 65535 (0xffff) Aug 26 13:09:58.874422: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:09:58.874425: | TS low c0 00 03 00 Aug 26 13:09:58.874428: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:09:58.874430: | TS high c0 00 03 ff Aug 26 13:09:58.874433: | TSr: parsed 1 traffic selectors Aug 26 13:09:58.874439: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:09:58.874445: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:58.874452: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:09:58.874456: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:09:58.874459: | TSi[0] port match: YES fitness 65536 Aug 26 13:09:58.874462: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:09:58.874466: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:58.874471: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:09:58.874476: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:09:58.874480: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:09:58.874482: | TSr[0] port match: YES fitness 65536 Aug 26 13:09:58.874485: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:09:58.874488: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:09:58.874491: | best fit so far: TSi[0] TSr[0] Aug 26 13:09:58.874494: | found an acceptable TSi/TSr Traffic Selector Aug 26 13:09:58.874496: | printing contents struct traffic_selector Aug 26 13:09:58.874499: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:58.874502: | ipprotoid: 0 Aug 26 13:09:58.874504: | port range: 0-65535 Aug 26 13:09:58.874508: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:09:58.874511: | printing contents struct traffic_selector Aug 26 13:09:58.874513: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Aug 26 13:09:58.874516: | ipprotoid: 0 Aug 26 13:09:58.874518: | port range: 0-65535 Aug 26 13:09:58.874522: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:09:58.874527: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Aug 26 13:09:58.874875: | install_ipsec_sa() for #5: inbound and outbound Aug 26 13:09:58.874883: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:09:58.874887: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:58.874891: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:58.874895: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:58.874898: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:58.874902: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:58.874907: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:09:58.874912: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:58.874916: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:58.874920: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:58.874926: | setting IPsec SA replay-window to 32 Aug 26 13:09:58.874930: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:09:58.874934: | netlink: enabling tunnel mode Aug 26 13:09:58.874937: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:58.874941: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:58.875372: | netlink response for Add SA esp.d0d5dcfa@192.1.3.33 included non-error error Aug 26 13:09:58.875385: | set up outgoing SA, ref=0/0 Aug 26 13:09:58.875391: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:09:58.875396: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:09:58.875400: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:09:58.875405: | setting IPsec SA replay-window to 32 Aug 26 13:09:58.875409: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:09:58.875413: | netlink: enabling tunnel mode Aug 26 13:09:58.875417: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:09:58.875420: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:09:58.875469: | netlink response for Add SA esp.6ab27b1b@192.1.2.23 included non-error error Aug 26 13:09:58.875475: | set up incoming SA, ref=0/0 Aug 26 13:09:58.875479: | sr for #5: erouted Aug 26 13:09:58.875484: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:09:58.875488: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:09:58.875492: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:58.875496: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:09:58.875500: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:09:58.875504: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:09:58.875509: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:09:58.875514: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #5 Aug 26 13:09:58.875519: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:09:58.875530: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:09:58.875535: | IPsec Sa SPD priority set to 1042407 Aug 26 13:09:58.875553: | raw_eroute result=success Aug 26 13:09:58.875557: | route_and_eroute: firewall_notified: true Aug 26 13:09:58.875563: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x564529d91458,sr=0x564529d91458} to #5 (was #4) (newest_ipsec_sa=#4) Aug 26 13:09:58.875625: | #1 spent 0.745 milliseconds in install_ipsec_sa() Aug 26 13:09:58.875632: | inR2: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #5 (was #4) (spd.eroute=#5) cloned from #1 Aug 26 13:09:58.875636: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:09:58.875646: | libevent_free: release ptr-libevent@0x7f5108001188 Aug 26 13:09:58.875651: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x564529da0378 Aug 26 13:09:58.875659: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:09:58.875664: | #5 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Aug 26 13:09:58.875668: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Aug 26 13:09:58.875672: | child state #5: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Aug 26 13:09:58.875675: | Message ID: updating counters for #5 to 2 after switching state Aug 26 13:09:58.875682: | Message ID: recv #1.#5 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Aug 26 13:09:58.875688: | Message ID: #1.#5 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Aug 26 13:09:58.875692: | pstats #5 ikev2.child established Aug 26 13:09:58.875699: "north-eastnets/0x1" #5: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Aug 26 13:09:58.875704: | NAT-T: encaps is 'auto' Aug 26 13:09:58.875708: "north-eastnets/0x1" #5: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xd0d5dcfa <0x6ab27b1b xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Aug 26 13:09:58.875711: | releasing whack for #5 (sock=fd@-1) Aug 26 13:09:58.875715: | releasing whack and unpending for parent #1 Aug 26 13:09:58.875718: | unpending state #1 connection "north-eastnets/0x1" Aug 26 13:09:58.875723: | #5 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Aug 26 13:09:58.875727: | event_schedule: new EVENT_SA_REKEY-pe@0x564529da0378 Aug 26 13:09:58.875731: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #5 Aug 26 13:09:58.875735: | libevent_malloc: new ptr-libevent@0x564529da9678 size 128 Aug 26 13:09:58.875743: | #5 spent 1.38 milliseconds in resume sending helper answer Aug 26 13:09:58.875748: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in resume_handler() at server.c:833) Aug 26 13:09:58.875752: | libevent_free: release ptr-libevent@0x7f511c0027d8 Aug 26 13:10:13.143357: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:10:13.143389: | expiring aged bare shunts from shunt table Aug 26 13:10:13.143398: | spent 0.00759 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:10:15.991123: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:15.991147: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:10:15.991152: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:15.991162: | get_sa_info esp.2e93a512@192.1.2.23 Aug 26 13:10:15.991564: | get_sa_info esp.ea232af2@192.1.3.33 Aug 26 13:10:15.991589: | get_sa_info esp.6ab27b1b@192.1.2.23 Aug 26 13:10:15.991600: | get_sa_info esp.d0d5dcfa@192.1.3.33 Aug 26 13:10:15.991636: | get_sa_info esp.7d9f9faa@192.1.2.23 Aug 26 13:10:15.991646: | get_sa_info esp.39ab502d@192.1.3.33 Aug 26 13:10:15.991662: | get_sa_info esp.dfc4d2d5@192.1.2.23 Aug 26 13:10:15.991672: | get_sa_info esp.49dd5118@192.1.3.33 Aug 26 13:10:15.991688: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:15.991695: | spent 0.579 milliseconds in whack Aug 26 13:10:16.303991: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:16.305381: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:16.305424: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:10:16.306027: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:10:16.306050: | FOR_EACH_STATE_... in sort_states Aug 26 13:10:16.306110: | get_sa_info esp.2e93a512@192.1.2.23 Aug 26 13:10:16.306185: | get_sa_info esp.ea232af2@192.1.3.33 Aug 26 13:10:16.306273: | get_sa_info esp.6ab27b1b@192.1.2.23 Aug 26 13:10:16.306335: | get_sa_info esp.d0d5dcfa@192.1.3.33 Aug 26 13:10:16.306436: | get_sa_info esp.7d9f9faa@192.1.2.23 Aug 26 13:10:16.306481: | get_sa_info esp.39ab502d@192.1.3.33 Aug 26 13:10:16.306562: | get_sa_info esp.dfc4d2d5@192.1.2.23 Aug 26 13:10:16.306606: | get_sa_info esp.49dd5118@192.1.3.33 Aug 26 13:10:16.306706: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:16.306735: | spent 2.72 milliseconds in whack Aug 26 13:10:17.650678: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:17.650723: shutting down Aug 26 13:10:17.650739: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:10:17.650744: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:17.650746: forgetting secrets Aug 26 13:10:17.650755: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:17.650759: | unreference key: 0x564529d92138 @east cnt 1-- Aug 26 13:10:17.650765: | unreference key: 0x564529ce9c48 @north cnt 3-- Aug 26 13:10:17.650770: | start processing: connection "north-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:10:17.650774: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:10:17.650777: | pass 0 Aug 26 13:10:17.650779: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.650781: | state #6 Aug 26 13:10:17.650784: | suspend processing: connection "north-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.650788: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.650790: | pstats #6 ikev2.child deleted completed Aug 26 13:10:17.650794: | #6 spent 6.92 milliseconds in total Aug 26 13:10:17.650797: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:17.650801: "north-eastnets/0x2" #6: deleting state (STATE_V2_IPSEC_R) aged 19.997s and sending notification Aug 26 13:10:17.650803: | child state #6: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:10:17.650807: | get_sa_info esp.49dd5118@192.1.3.33 Aug 26 13:10:17.650822: | get_sa_info esp.dfc4d2d5@192.1.2.23 Aug 26 13:10:17.650828: "north-eastnets/0x2" #6: ESP traffic information: in=26MB out=26MB Aug 26 13:10:17.650831: | #6 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:10:17.650833: | Opening output PBS informational exchange delete request Aug 26 13:10:17.650835: | **emit ISAKMP Message: Aug 26 13:10:17.650837: | initiator cookie: Aug 26 13:10:17.650839: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:10:17.650841: | responder cookie: Aug 26 13:10:17.650842: | ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.650844: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.650846: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.650848: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.650850: | flags: none (0x0) Aug 26 13:10:17.650851: | Message ID: 0 (0x0) Aug 26 13:10:17.650853: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.650856: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.650858: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.650859: | flags: none (0x0) Aug 26 13:10:17.650862: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.650864: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.650866: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.650877: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.650879: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.650884: | flags: none (0x0) Aug 26 13:10:17.650886: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.650887: | SPI size: 4 (0x4) Aug 26 13:10:17.650889: | number of SPIs: 1 (0x1) Aug 26 13:10:17.650891: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.650893: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.650895: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:10:17.650897: | local spis df c4 d2 d5 Aug 26 13:10:17.650898: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:17.650900: | adding 4 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.650903: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.650904: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.650906: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.650908: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.650910: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.650912: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.650914: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.650943: | data being hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.650946: | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.650947: | data being hmac: 85 c6 85 5d 01 ee 25 14 7a 25 4f e4 f0 52 8d 6f Aug 26 13:10:17.650949: | data being hmac: dd 83 7e 73 71 11 13 15 bb a3 1a d4 c6 3c 47 ad Aug 26 13:10:17.650950: | out calculated auth: Aug 26 13:10:17.650952: | 50 cd 3a 5c 4f e5 f6 90 c3 b8 0b 22 bc 19 69 b8 Aug 26 13:10:17.650961: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:10:17.650963: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.650965: | 2e 20 25 00 00 00 00 00 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.650966: | 85 c6 85 5d 01 ee 25 14 7a 25 4f e4 f0 52 8d 6f Aug 26 13:10:17.650968: | dd 83 7e 73 71 11 13 15 bb a3 1a d4 c6 3c 47 ad Aug 26 13:10:17.650969: | 50 cd 3a 5c 4f e5 f6 90 c3 b8 0b 22 bc 19 69 b8 Aug 26 13:10:17.651014: | Message ID: IKE #2 sender #6 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:10:17.651017: | Message ID: IKE #2 sender #6 in send_delete hacking around record ' send Aug 26 13:10:17.651021: | Message ID: sent #2 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1->0 wip.responder=-1 Aug 26 13:10:17.651023: | state #6 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.651027: | libevent_free: release ptr-libevent@0x564529da8d18 Aug 26 13:10:17.651029: | free_event_entry: release EVENT_SA_REKEY-pe@0x564529da03e8 Aug 26 13:10:17.651084: | running updown command "ipsec _updown" for verb down Aug 26 13:10:17.651091: | command executing down-client Aug 26 13:10:17.651115: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824997' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Aug 26 13:10:17.651121: | popen cmd is 1051 chars long Aug 26 13:10:17.651124: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Aug 26 13:10:17.651126: | cmd( 80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUT: Aug 26 13:10:17.651128: | cmd( 160):O_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0': Aug 26 13:10:17.651130: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:10:17.651133: | cmd( 320):UTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID=': Aug 26 13:10:17.651135: | cmd( 400):@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO: Aug 26 13:10:17.651137: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:10:17.651139: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824997' PLUTO_CONN_POLICY: Aug 26 13:10:17.651141: | cmd( 640):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:10:17.651143: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:10:17.651146: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:10:17.651148: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:10:17.651150: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x49dd5118 SPI_OUT=0xdfc4d2d5 ipsec _: Aug 26 13:10:17.651152: | cmd(1040):updown 2>&1: Aug 26 13:10:17.664531: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:17.664546: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.664551: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:10:17.664556: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:17.664601: | delete esp.49dd5118@192.1.3.33 Aug 26 13:10:17.664622: | netlink response for Del SA esp.49dd5118@192.1.3.33 included non-error error Aug 26 13:10:17.664628: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:10:17.664637: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:10:17.664659: | raw_eroute result=success Aug 26 13:10:17.664664: | delete esp.dfc4d2d5@192.1.2.23 Aug 26 13:10:17.664674: | netlink response for Del SA esp.dfc4d2d5@192.1.2.23 included non-error error Aug 26 13:10:17.664688: | stop processing: connection "north-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:10:17.664694: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:10:17.664698: | in connection_discard for connection north-eastnets/0x2 Aug 26 13:10:17.664701: | State DB: deleting IKEv2 state #6 in V2_IPSEC_R Aug 26 13:10:17.664713: | child state #6: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:10:17.664758: | stop processing: state #6 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:17.664787: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.664791: | state #5 Aug 26 13:10:17.664795: | state #4 Aug 26 13:10:17.664802: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.664806: | pstats #4 ikev2.child deleted completed Aug 26 13:10:17.664811: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:17.664819: "north-eastnets/0x1" #4: deleting state (STATE_V2_IPSEC_R) aged 21.191s and sending notification Aug 26 13:10:17.664822: | child state #4: V2_IPSEC_R(established CHILD SA) => delete Aug 26 13:10:17.664827: | get_sa_info esp.ea232af2@192.1.3.33 Aug 26 13:10:17.664840: | get_sa_info esp.2e93a512@192.1.2.23 Aug 26 13:10:17.664851: "north-eastnets/0x1" #4: ESP traffic information: in=19MB out=19MB Aug 26 13:10:17.664857: | #4 send IKEv2 delete notification for STATE_V2_IPSEC_R Aug 26 13:10:17.664861: | Opening output PBS informational exchange delete request Aug 26 13:10:17.664864: | **emit ISAKMP Message: Aug 26 13:10:17.664868: | initiator cookie: Aug 26 13:10:17.664871: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:10:17.664874: | responder cookie: Aug 26 13:10:17.664876: | ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.664879: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.664882: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.664885: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.664889: | flags: none (0x0) Aug 26 13:10:17.664892: | Message ID: 1 (0x1) Aug 26 13:10:17.664895: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.664898: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.664901: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.664904: | flags: none (0x0) Aug 26 13:10:17.664907: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.664910: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.664915: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.664932: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.664936: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.664939: | flags: none (0x0) Aug 26 13:10:17.664943: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.664946: | SPI size: 4 (0x4) Aug 26 13:10:17.664949: | number of SPIs: 1 (0x1) Aug 26 13:10:17.664953: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.664957: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.664960: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:10:17.664963: | local spis 2e 93 a5 12 Aug 26 13:10:17.664965: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:17.664968: | adding 4 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.664972: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.664975: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.664978: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.664981: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.664984: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.664986: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.664990: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.665044: | data being hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.665048: | data being hmac: 2e 20 25 00 00 00 00 01 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.665050: | data being hmac: 38 e7 9d fb 26 ea c9 76 00 9f bb d2 90 2a f4 9e Aug 26 13:10:17.665053: | data being hmac: 7c 39 3d 60 32 37 32 19 ac 1c 29 a6 a3 10 2c 6d Aug 26 13:10:17.665055: | out calculated auth: Aug 26 13:10:17.665057: | 6e 80 a4 cc ee 86 a7 40 c6 ca 91 a6 70 f5 59 fa Aug 26 13:10:17.665071: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Aug 26 13:10:17.665078: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.665081: | 2e 20 25 00 00 00 00 01 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.665084: | 38 e7 9d fb 26 ea c9 76 00 9f bb d2 90 2a f4 9e Aug 26 13:10:17.665087: | 7c 39 3d 60 32 37 32 19 ac 1c 29 a6 a3 10 2c 6d Aug 26 13:10:17.665090: | 6e 80 a4 cc ee 86 a7 40 c6 ca 91 a6 70 f5 59 fa Aug 26 13:10:17.665152: | Message ID: IKE #2 sender #4 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:10:17.665159: | Message ID: IKE #2 sender #4 in send_delete hacking around record ' send Aug 26 13:10:17.665165: | Message ID: #2 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1 wip.responder=-1 Aug 26 13:10:17.665172: | Message ID: sent #2 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=0->1 wip.responder=-1 Aug 26 13:10:17.665175: | state #4 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.665183: | libevent_free: release ptr-libevent@0x564529da1928 Aug 26 13:10:17.665187: | free_event_entry: release EVENT_SA_REKEY-pe@0x564529d94028 Aug 26 13:10:17.665242: | delete esp.ea232af2@192.1.3.33 Aug 26 13:10:17.665259: | netlink response for Del SA esp.ea232af2@192.1.3.33 included non-error error Aug 26 13:10:17.665264: | delete esp.2e93a512@192.1.2.23 Aug 26 13:10:17.665274: | netlink response for Del SA esp.2e93a512@192.1.2.23 included non-error error Aug 26 13:10:17.665280: | in connection_discard for connection north-eastnets/0x1 Aug 26 13:10:17.665284: | State DB: deleting IKEv2 state #4 in V2_IPSEC_R Aug 26 13:10:17.665318: | child state #4: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:10:17.665332: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:17.665340: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.665343: | state #3 Aug 26 13:10:17.665349: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.665352: | pstats #3 ikev2.child deleted completed Aug 26 13:10:17.665358: | #3 spent 3.07 milliseconds in total Aug 26 13:10:17.665363: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33 (in delete_state() at state.c:879) Aug 26 13:10:17.665367: "north-eastnets/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 21.886s and sending notification Aug 26 13:10:17.665370: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:10:17.665374: | get_sa_info esp.39ab502d@192.1.3.33 Aug 26 13:10:17.665383: | get_sa_info esp.7d9f9faa@192.1.2.23 Aug 26 13:10:17.665391: "north-eastnets/0x2" #3: ESP traffic information: in=5MB out=5MB Aug 26 13:10:17.665395: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:10:17.665398: | Opening output PBS informational exchange delete request Aug 26 13:10:17.665400: | **emit ISAKMP Message: Aug 26 13:10:17.665403: | initiator cookie: Aug 26 13:10:17.665405: | a9 6d 2c db 22 7f 10 cd Aug 26 13:10:17.665408: | responder cookie: Aug 26 13:10:17.665410: | a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.665413: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.665416: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.665418: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.665421: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:17.665424: | Message ID: 3 (0x3) Aug 26 13:10:17.665427: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.665430: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.665433: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.665435: | flags: none (0x0) Aug 26 13:10:17.665438: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.665444: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.665448: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.665458: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.665462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.665465: | flags: none (0x0) Aug 26 13:10:17.665468: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.665472: | SPI size: 4 (0x4) Aug 26 13:10:17.665475: | number of SPIs: 1 (0x1) Aug 26 13:10:17.665479: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.665482: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.665487: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:10:17.665490: | local spis 7d 9f 9f aa Aug 26 13:10:17.665493: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:17.665496: | adding 4 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.665500: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665504: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665507: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665510: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665513: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.665515: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.665518: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.665549: | data being hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.665554: | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.665557: | data being hmac: e8 5e e8 45 96 10 b5 e4 1f ff a0 5c eb 2a a5 98 Aug 26 13:10:17.665561: | data being hmac: 2d ec 8e f5 86 7d fc 11 83 88 39 3f 03 95 09 60 Aug 26 13:10:17.665563: | out calculated auth: Aug 26 13:10:17.665566: | 22 18 a4 5a 65 36 fe dd 50 43 91 a2 61 aa 3d 74 Aug 26 13:10:17.665575: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:10:17.665579: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.665582: | 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.665585: | e8 5e e8 45 96 10 b5 e4 1f ff a0 5c eb 2a a5 98 Aug 26 13:10:17.665588: | 2d ec 8e f5 86 7d fc 11 83 88 39 3f 03 95 09 60 Aug 26 13:10:17.665591: | 22 18 a4 5a 65 36 fe dd 50 43 91 a2 61 aa 3d 74 Aug 26 13:10:17.665616: | Message ID: IKE #1 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Aug 26 13:10:17.665620: | Message ID: IKE #1 sender #3 in send_delete hacking around record ' send Aug 26 13:10:17.665625: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Aug 26 13:10:17.665628: | state #3 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.665633: | libevent_free: release ptr-libevent@0x564529d940e8 Aug 26 13:10:17.665639: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f5114002b78 Aug 26 13:10:17.665695: | delete esp.39ab502d@192.1.3.33 Aug 26 13:10:17.665711: | netlink response for Del SA esp.39ab502d@192.1.3.33 included non-error error Aug 26 13:10:17.665715: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:10:17.665721: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:10:17.665732: | raw_eroute result=success Aug 26 13:10:17.665738: | delete esp.7d9f9faa@192.1.2.23 Aug 26 13:10:17.665749: | netlink response for Del SA esp.7d9f9faa@192.1.2.23 included non-error error Aug 26 13:10:17.665753: | in connection_discard for connection north-eastnets/0x2 Aug 26 13:10:17.665756: | State DB: deleting IKEv2 state #3 in V2_IPSEC_I Aug 26 13:10:17.665759: | child state #3: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:10:17.665767: | stop processing: state #3 from 192.1.3.33 (in delete_state() at state.c:1143) Aug 26 13:10:17.665777: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.665780: | state #2 Aug 26 13:10:17.665782: | state #1 Aug 26 13:10:17.665785: | pass 1 Aug 26 13:10:17.665788: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.665790: | state #5 Aug 26 13:10:17.665792: | state #2 Aug 26 13:10:17.665797: | start processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.665800: | pstats #2 ikev2.ike deleted completed Aug 26 13:10:17.665805: | #2 spent 34.9 milliseconds in total Aug 26 13:10:17.665810: | [RE]START processing: state #2 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:17.665814: "north-eastnets/0x2" #2: deleting state (STATE_PARENT_R2) aged 22.243s and sending notification Aug 26 13:10:17.665817: | parent state #2: PARENT_R2(established IKE SA) => delete Aug 26 13:10:17.665847: | #2 send IKEv2 delete notification for STATE_PARENT_R2 Aug 26 13:10:17.665851: | Opening output PBS informational exchange delete request Aug 26 13:10:17.665854: | **emit ISAKMP Message: Aug 26 13:10:17.665856: | initiator cookie: Aug 26 13:10:17.665859: | f4 b6 d6 b1 3a 28 54 37 Aug 26 13:10:17.665861: | responder cookie: Aug 26 13:10:17.665864: | ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.665866: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.665869: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.665872: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.665874: | flags: none (0x0) Aug 26 13:10:17.665876: | Message ID: 2 (0x2) Aug 26 13:10:17.665879: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.665881: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.665884: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.665886: | flags: none (0x0) Aug 26 13:10:17.665889: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.665892: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.665895: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.665899: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.665902: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.665904: | flags: none (0x0) Aug 26 13:10:17.665907: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:10:17.665910: | SPI size: 0 (0x0) Aug 26 13:10:17.665912: | number of SPIs: 0 (0x0) Aug 26 13:10:17.665915: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.665919: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.665922: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:10:17.665925: | adding 8 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.665928: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665931: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665934: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665939: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665943: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665946: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665949: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665952: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.665955: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.665958: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.665961: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.665985: | data being hmac: f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.665989: | data being hmac: 2e 20 25 00 00 00 00 02 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.665992: | data being hmac: f4 ec b3 f4 0e 66 ff 8d 89 3b f7 1f 55 fd b5 c6 Aug 26 13:10:17.665995: | data being hmac: 7a ab e5 e7 6f 52 57 a8 2c a0 5b 19 01 3b 83 82 Aug 26 13:10:17.665997: | out calculated auth: Aug 26 13:10:17.666000: | df 30 66 28 4d 29 f2 ce d5 18 6e 16 13 64 1f 06 Aug 26 13:10:17.666008: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:10:17.666011: | f4 b6 d6 b1 3a 28 54 37 ed ec 45 23 73 d7 1a d3 Aug 26 13:10:17.666014: | 2e 20 25 00 00 00 00 02 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.666017: | f4 ec b3 f4 0e 66 ff 8d 89 3b f7 1f 55 fd b5 c6 Aug 26 13:10:17.666019: | 7a ab e5 e7 6f 52 57 a8 2c a0 5b 19 01 3b 83 82 Aug 26 13:10:17.666022: | df 30 66 28 4d 29 f2 ce d5 18 6e 16 13 64 1f 06 Aug 26 13:10:17.666044: | Message ID: IKE #2 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 13:10:17.666048: | Message ID: IKE #2 sender #2 in send_delete hacking around record ' send Aug 26 13:10:17.666053: | Message ID: #2 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?); initiator.sent=2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=2 wip.responder=-1 Aug 26 13:10:17.666058: | Message ID: sent #2 request 2; ike: initiator.sent=1->2 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=1->2 wip.responder=-1 Aug 26 13:10:17.666061: | state #2 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.666065: | libevent_free: release ptr-libevent@0x564529d9c518 Aug 26 13:10:17.666069: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f511c002b78 Aug 26 13:10:17.666073: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:17.666078: | in connection_discard for connection north-eastnets/0x2 Aug 26 13:10:17.666081: | State DB: deleting IKEv2 state #2 in PARENT_R2 Aug 26 13:10:17.666084: | parent state #2: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Aug 26 13:10:17.666089: | unreference key: 0x564529ce9c48 @north cnt 2-- Aug 26 13:10:17.666113: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:17.666143: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.666147: | state #1 Aug 26 13:10:17.666151: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:10:17.666154: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.666157: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:10:17.666174: | priority calculation of connection "north-eastnets/0x2" is 0xfe7e7 Aug 26 13:10:17.666185: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:17.666189: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:10:17.666192: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:10:17.666195: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:10:17.666200: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:10:17.666205: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" erouted Aug 26 13:10:17.666210: | flush revival: connection 'north-eastnets/0x2' wasn't on the list Aug 26 13:10:17.666214: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:10:17.666222: | start processing: connection "north-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:10:17.666225: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:10:17.666228: | pass 0 Aug 26 13:10:17.666230: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.666233: | state #5 Aug 26 13:10:17.666236: | suspend processing: connection "north-eastnets/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.666240: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.666243: | pstats #5 ikev2.child deleted completed Aug 26 13:10:17.666247: | #5 spent 7.74 milliseconds in total Aug 26 13:10:17.666251: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33 (in delete_state() at state.c:879) Aug 26 13:10:17.666255: "north-eastnets/0x1" #5: deleting state (STATE_V2_IPSEC_I) aged 20.807s and sending notification Aug 26 13:10:17.666258: | child state #5: V2_IPSEC_I(established CHILD SA) => delete Aug 26 13:10:17.666263: | get_sa_info esp.d0d5dcfa@192.1.3.33 Aug 26 13:10:17.666273: | get_sa_info esp.6ab27b1b@192.1.2.23 Aug 26 13:10:17.666281: "north-eastnets/0x1" #5: ESP traffic information: in=12MB out=12MB Aug 26 13:10:17.666284: | #5 send IKEv2 delete notification for STATE_V2_IPSEC_I Aug 26 13:10:17.666287: | Opening output PBS informational exchange delete request Aug 26 13:10:17.666300: | **emit ISAKMP Message: Aug 26 13:10:17.666303: | initiator cookie: Aug 26 13:10:17.666306: | a9 6d 2c db 22 7f 10 cd Aug 26 13:10:17.666308: | responder cookie: Aug 26 13:10:17.666310: | a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.666313: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.666316: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.666319: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.666322: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:17.666324: | Message ID: 4 (0x4) Aug 26 13:10:17.666327: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.666330: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.666333: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.666336: | flags: none (0x0) Aug 26 13:10:17.666339: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.666342: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.666345: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.666352: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.666356: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.666358: | flags: none (0x0) Aug 26 13:10:17.666361: | protocol ID: PROTO_v2_ESP (0x3) Aug 26 13:10:17.666363: | SPI size: 4 (0x4) Aug 26 13:10:17.666366: | number of SPIs: 1 (0x1) Aug 26 13:10:17.666369: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.666372: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.666375: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Aug 26 13:10:17.666378: | local spis 6a b2 7b 1b Aug 26 13:10:17.666380: | emitting length of IKEv2 Delete Payload: 12 Aug 26 13:10:17.666383: | adding 4 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.666388: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.666392: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.666395: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.666398: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.666401: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.666404: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.666406: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.666431: | data being hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.666435: | data being hmac: 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.666438: | data being hmac: 68 c4 db 3c f9 a6 1f 60 23 79 5d 66 87 7c 23 de Aug 26 13:10:17.666440: | data being hmac: 1a 92 e6 4f d6 10 81 a5 49 f0 8a a7 61 26 a4 c3 Aug 26 13:10:17.666443: | out calculated auth: Aug 26 13:10:17.666445: | 4b af 09 87 6f 75 d4 20 65 22 b3 92 8b 7e c0 94 Aug 26 13:10:17.666452: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:10:17.666455: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.666457: | 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.666460: | 68 c4 db 3c f9 a6 1f 60 23 79 5d 66 87 7c 23 de Aug 26 13:10:17.666462: | 1a 92 e6 4f d6 10 81 a5 49 f0 8a a7 61 26 a4 c3 Aug 26 13:10:17.666465: | 4b af 09 87 6f 75 d4 20 65 22 b3 92 8b 7e c0 94 Aug 26 13:10:17.666485: | Message ID: IKE #1 sender #5 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Aug 26 13:10:17.666490: | Message ID: IKE #1 sender #5 in send_delete hacking around record ' send Aug 26 13:10:17.666495: | Message ID: #1 XXX: expecting sender.wip.initiator 3 == -1 - suspect record'n'send out-of-order?); initiator.sent=4 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=4 wip.responder=-1 Aug 26 13:10:17.666499: | Message ID: sent #1 request 4; ike: initiator.sent=3->4 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=3->4 wip.responder=-1 Aug 26 13:10:17.666502: | state #5 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.666506: | libevent_free: release ptr-libevent@0x564529da9678 Aug 26 13:10:17.666509: | free_event_entry: release EVENT_SA_REKEY-pe@0x564529da0378 Aug 26 13:10:17.666568: | running updown command "ipsec _updown" for verb down Aug 26 13:10:17.666573: | command executing down-client Aug 26 13:10:17.666607: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824998' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Aug 26 13:10:17.666614: | popen cmd is 1049 chars long Aug 26 13:10:17.666618: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Aug 26 13:10:17.666622: | cmd( 80):1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUT: Aug 26 13:10:17.666628: | cmd( 160):O_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' P: Aug 26 13:10:17.666632: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Aug 26 13:10:17.666636: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@n: Aug 26 13:10:17.666639: | cmd( 400):orth' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_P: Aug 26 13:10:17.666643: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:10:17.666647: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566824998' PLUTO_CONN_POLICY=': Aug 26 13:10:17.666651: | cmd( 640):RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Aug 26 13:10:17.666655: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Aug 26 13:10:17.666659: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Aug 26 13:10:17.666663: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Aug 26 13:10:17.666667: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd0d5dcfa SPI_OUT=0x6ab27b1b ipsec _up: Aug 26 13:10:17.666670: | cmd(1040):down 2>&1: Aug 26 13:10:17.677873: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:10:17.677896: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.677901: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:17.677905: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:17.677951: | delete esp.d0d5dcfa@192.1.3.33 Aug 26 13:10:17.677973: | netlink response for Del SA esp.d0d5dcfa@192.1.3.33 included non-error error Aug 26 13:10:17.677979: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:17.677987: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:10:17.678009: | raw_eroute result=success Aug 26 13:10:17.678015: | delete esp.6ab27b1b@192.1.2.23 Aug 26 13:10:17.678026: | netlink response for Del SA esp.6ab27b1b@192.1.2.23 included non-error error Aug 26 13:10:17.678041: | stop processing: connection "north-eastnets/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:10:17.678047: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:10:17.678050: | in connection_discard for connection north-eastnets/0x1 Aug 26 13:10:17.678054: | State DB: deleting IKEv2 state #5 in V2_IPSEC_I Aug 26 13:10:17.678061: | child state #5: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:10:17.678106: | stop processing: state #5 from 192.1.3.33 (in delete_state() at state.c:1143) Aug 26 13:10:17.678133: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.678137: | state #1 Aug 26 13:10:17.678140: | pass 1 Aug 26 13:10:17.678143: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:10:17.678145: | state #1 Aug 26 13:10:17.678150: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:10:17.678155: | pstats #1 ikev2.ike deleted completed Aug 26 13:10:17.678163: | #1 spent 15 milliseconds in total Aug 26 13:10:17.678170: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:10:17.678175: "north-eastnets/0x1" #1: deleting state (STATE_PARENT_I3) aged 24.511s and sending notification Aug 26 13:10:17.678180: | parent state #1: PARENT_I3(established IKE SA) => delete Aug 26 13:10:17.679183: | #1 send IKEv2 delete notification for STATE_PARENT_I3 Aug 26 13:10:17.679196: | Opening output PBS informational exchange delete request Aug 26 13:10:17.679204: | **emit ISAKMP Message: Aug 26 13:10:17.679207: | initiator cookie: Aug 26 13:10:17.679210: | a9 6d 2c db 22 7f 10 cd Aug 26 13:10:17.679212: | responder cookie: Aug 26 13:10:17.679214: | a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.679217: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:17.679219: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:17.679222: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Aug 26 13:10:17.679226: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:17.679228: | Message ID: 5 (0x5) Aug 26 13:10:17.679231: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:17.679233: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:17.679236: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.679238: | flags: none (0x0) Aug 26 13:10:17.679241: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:17.679243: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.679247: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:17.679263: | ****emit IKEv2 Delete Payload: Aug 26 13:10:17.679266: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:17.679268: | flags: none (0x0) Aug 26 13:10:17.679270: | protocol ID: PROTO_v2_IKE (0x1) Aug 26 13:10:17.679273: | SPI size: 0 (0x0) Aug 26 13:10:17.679275: | number of SPIs: 0 (0x0) Aug 26 13:10:17.679278: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Aug 26 13:10:17.679280: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Aug 26 13:10:17.679283: | emitting length of IKEv2 Delete Payload: 8 Aug 26 13:10:17.679285: | adding 8 bytes of padding (including 1 byte padding-length) Aug 26 13:10:17.679294: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679298: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679301: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679304: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679306: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679308: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679311: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679314: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:17.679316: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:17.679318: | emitting length of IKEv2 Encryption Payload: 52 Aug 26 13:10:17.679321: | emitting length of ISAKMP Message: 80 Aug 26 13:10:17.679373: | data being hmac: a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.679376: | data being hmac: 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.679379: | data being hmac: 5f f0 35 0e 94 85 f9 33 49 21 29 b6 73 5b 06 42 Aug 26 13:10:17.679381: | data being hmac: bc f5 2a 32 b5 c6 e9 e5 05 c8 33 bf d1 df 37 a5 Aug 26 13:10:17.679383: | out calculated auth: Aug 26 13:10:17.679386: | 5a 93 a9 6f f2 68 49 87 6f e5 60 ad 94 80 a8 ad Aug 26 13:10:17.679398: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:10:17.679402: | a9 6d 2c db 22 7f 10 cd a9 27 21 0d a1 26 af 75 Aug 26 13:10:17.679404: | 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Aug 26 13:10:17.679407: | 5f f0 35 0e 94 85 f9 33 49 21 29 b6 73 5b 06 42 Aug 26 13:10:17.679409: | bc f5 2a 32 b5 c6 e9 e5 05 c8 33 bf d1 df 37 a5 Aug 26 13:10:17.679414: | 5a 93 a9 6f f2 68 49 87 6f e5 60 ad 94 80 a8 ad Aug 26 13:10:17.679470: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=2->3 and sender msgid=1->2 Aug 26 13:10:17.679475: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Aug 26 13:10:17.679481: | Message ID: #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?); initiator.sent=5 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=5 wip.responder=-1 Aug 26 13:10:17.679486: | Message ID: sent #1 request 5; ike: initiator.sent=4->5 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=4->5 wip.responder=-1 Aug 26 13:10:17.679489: | state #1 requesting EVENT_SA_REKEY to be deleted Aug 26 13:10:17.679500: | libevent_free: release ptr-libevent@0x564529d95538 Aug 26 13:10:17.679503: | free_event_entry: release EVENT_SA_REKEY-pe@0x564529d91ea8 Aug 26 13:10:17.679509: | State DB: IKEv2 state not found (flush_incomplete_children) Aug 26 13:10:17.679513: | in connection_discard for connection north-eastnets/0x1 Aug 26 13:10:17.679517: | State DB: deleting IKEv2 state #1 in PARENT_I3 Aug 26 13:10:17.679521: | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) Aug 26 13:10:17.679526: | unreference key: 0x564529ce9c48 @north cnt 1-- Aug 26 13:10:17.679553: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:10:17.679594: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:10:17.679601: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:10:17.679604: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:10:17.679608: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:17.679720: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:17.679736: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:17.679741: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:10:17.679744: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:10:17.679747: | route owner of "north-eastnets/0x1" unrouted: NULL Aug 26 13:10:17.679751: | running updown command "ipsec _updown" for verb unroute Aug 26 13:10:17.679754: | command executing unroute-client Aug 26 13:10:17.679783: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Aug 26 13:10:17.679788: | popen cmd is 1030 chars long Aug 26 13:10:17.679791: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Aug 26 13:10:17.679794: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' P: Aug 26 13:10:17.679797: | cmd( 160):LUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0: Aug 26 13:10:17.679800: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Aug 26 13:10:17.679806: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID: Aug 26 13:10:17.679808: | cmd( 400):='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLU: Aug 26 13:10:17.679811: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Aug 26 13:10:17.679814: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI: Aug 26 13:10:17.679816: | cmd( 640):G+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_K: Aug 26 13:10:17.679819: | cmd( 720):IND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Aug 26 13:10:17.679822: | cmd( 800):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Aug 26 13:10:17.679825: | cmd( 880):TO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Aug 26 13:10:17.679828: | cmd( 960):ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:10:17.694278: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694328: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694331: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694343: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694354: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694367: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694384: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694412: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694453: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694465: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694478: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694494: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694507: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694521: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694534: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694548: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694563: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694576: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694588: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694831: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694871: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694887: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694899: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694913: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694927: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694940: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694957: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694971: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694985: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.694997: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695010: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695025: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695038: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695052: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695064: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695078: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695095: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695109: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695122: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695133: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695145: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695160: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.695172: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:10:17.702489: | free hp@0x564529d91dc8 Aug 26 13:10:17.702511: | flush revival: connection 'north-eastnets/0x1' wasn't on the list Aug 26 13:10:17.702515: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:10:17.702528: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:10:17.702531: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:10:17.702545: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:10:17.702550: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:10:17.702554: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:10:17.702557: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:10:17.702561: shutting down interface eth0/eth0 192.0.22.251:4500 Aug 26 13:10:17.702564: shutting down interface eth0/eth0 192.0.22.251:500 Aug 26 13:10:17.702567: shutting down interface eth0/eth0 192.0.22.254:4500 Aug 26 13:10:17.702571: shutting down interface eth0/eth0 192.0.22.254:500 Aug 26 13:10:17.702574: shutting down interface eth0/eth0 192.0.2.251:4500 Aug 26 13:10:17.702577: shutting down interface eth0/eth0 192.0.2.251:500 Aug 26 13:10:17.702581: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:10:17.702584: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:10:17.702588: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:10:17.702600: | libevent_free: release ptr-libevent@0x564529d933a8 Aug 26 13:10:17.702604: | free_event_entry: release EVENT_NULL-pe@0x564529d8ffd8 Aug 26 13:10:17.702615: | libevent_free: release ptr-libevent@0x564529d18188 Aug 26 13:10:17.702618: | free_event_entry: release EVENT_NULL-pe@0x564529d90088 Aug 26 13:10:17.702627: | libevent_free: release ptr-libevent@0x564529d19ae8 Aug 26 13:10:17.702630: | free_event_entry: release EVENT_NULL-pe@0x564529d90138 Aug 26 13:10:17.702637: | libevent_free: release ptr-libevent@0x564529d1a358 Aug 26 13:10:17.702640: | free_event_entry: release EVENT_NULL-pe@0x564529d90858 Aug 26 13:10:17.702647: | libevent_free: release ptr-libevent@0x564529cee4e8 Aug 26 13:10:17.702650: | free_event_entry: release EVENT_NULL-pe@0x564529d90908 Aug 26 13:10:17.702656: | libevent_free: release ptr-libevent@0x564529cee1d8 Aug 26 13:10:17.702659: | free_event_entry: release EVENT_NULL-pe@0x564529d909b8 Aug 26 13:10:17.702664: | libevent_free: release ptr-libevent@0x564529d90ad8 Aug 26 13:10:17.702668: | free_event_entry: release EVENT_NULL-pe@0x564529d90a68 Aug 26 13:10:17.702674: | libevent_free: release ptr-libevent@0x564529d90c38 Aug 26 13:10:17.702677: | free_event_entry: release EVENT_NULL-pe@0x564529d90bc8 Aug 26 13:10:17.702683: | libevent_free: release ptr-libevent@0x564529d90d98 Aug 26 13:10:17.702686: | free_event_entry: release EVENT_NULL-pe@0x564529d90d28 Aug 26 13:10:17.702692: | libevent_free: release ptr-libevent@0x564529d90ef8 Aug 26 13:10:17.702695: | free_event_entry: release EVENT_NULL-pe@0x564529d90e88 Aug 26 13:10:17.702701: | libevent_free: release ptr-libevent@0x564529d91058 Aug 26 13:10:17.702704: | free_event_entry: release EVENT_NULL-pe@0x564529d90fe8 Aug 26 13:10:17.702710: | libevent_free: release ptr-libevent@0x564529d911b8 Aug 26 13:10:17.702713: | free_event_entry: release EVENT_NULL-pe@0x564529d91148 Aug 26 13:10:17.702718: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:17.703135: | libevent_free: release ptr-libevent@0x564529d83f68 Aug 26 13:10:17.703146: | free_event_entry: release EVENT_NULL-pe@0x564529d77d68 Aug 26 13:10:17.703152: | libevent_free: release ptr-libevent@0x564529d18238 Aug 26 13:10:17.703155: | free_event_entry: release EVENT_NULL-pe@0x564529d77cf8 Aug 26 13:10:17.703159: | libevent_free: release ptr-libevent@0x564529d5b688 Aug 26 13:10:17.703162: | free_event_entry: release EVENT_NULL-pe@0x564529d771b8 Aug 26 13:10:17.703167: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:10:17.703169: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:10:17.703172: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:10:17.703175: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:10:17.703177: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:10:17.703180: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:10:17.703183: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:10:17.703186: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:10:17.703188: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:10:17.703194: | libevent_free: release ptr-libevent@0x564529d22678 Aug 26 13:10:17.703197: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:10:17.703200: | libevent_free: release ptr-libevent@0x564529d1a498 Aug 26 13:10:17.703202: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:10:17.703206: | libevent_free: release ptr-libevent@0x564529d8f4a8 Aug 26 13:10:17.703208: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:10:17.703211: | libevent_free: release ptr-libevent@0x564529d8f6e8 Aug 26 13:10:17.703214: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:10:17.703217: | releasing event base Aug 26 13:10:17.703229: | libevent_free: release ptr-libevent@0x564529d8f5b8 Aug 26 13:10:17.703232: | libevent_free: release ptr-libevent@0x564529d726f8 Aug 26 13:10:17.703236: | libevent_free: release ptr-libevent@0x564529d726a8 Aug 26 13:10:17.703239: | libevent_free: release ptr-libevent@0x7f510c00de18 Aug 26 13:10:17.703242: | libevent_free: release ptr-libevent@0x564529d725f8 Aug 26 13:10:17.703245: | libevent_free: release ptr-libevent@0x564529d8f238 Aug 26 13:10:17.703248: | libevent_free: release ptr-libevent@0x564529d8f3e8 Aug 26 13:10:17.703250: | libevent_free: release ptr-libevent@0x564529d728a8 Aug 26 13:10:17.703253: | libevent_free: release ptr-libevent@0x564529d772c8 Aug 26 13:10:17.703256: | libevent_free: release ptr-libevent@0x564529d77cb8 Aug 26 13:10:17.703258: | libevent_free: release ptr-libevent@0x564529d91268 Aug 26 13:10:17.703261: | libevent_free: release ptr-libevent@0x564529d91108 Aug 26 13:10:17.703264: | libevent_free: release ptr-libevent@0x564529d90fa8 Aug 26 13:10:17.703266: | libevent_free: release ptr-libevent@0x564529d90e48 Aug 26 13:10:17.703269: | libevent_free: release ptr-libevent@0x564529d90ce8 Aug 26 13:10:17.703271: | libevent_free: release ptr-libevent@0x564529d90b88 Aug 26 13:10:17.703274: | libevent_free: release ptr-libevent@0x564529d90a28 Aug 26 13:10:17.703277: | libevent_free: release ptr-libevent@0x564529d90978 Aug 26 13:10:17.703279: | libevent_free: release ptr-libevent@0x564529d908c8 Aug 26 13:10:17.703282: | libevent_free: release ptr-libevent@0x564529d901a8 Aug 26 13:10:17.703284: | libevent_free: release ptr-libevent@0x564529d900f8 Aug 26 13:10:17.703287: | libevent_free: release ptr-libevent@0x564529d90048 Aug 26 13:10:17.703333: | libevent_free: release ptr-libevent@0x564529d16978 Aug 26 13:10:17.703336: | libevent_free: release ptr-libevent@0x564529d8f468 Aug 26 13:10:17.703339: | libevent_free: release ptr-libevent@0x564529d8f428 Aug 26 13:10:17.703341: | libevent_free: release ptr-libevent@0x564529d8f3a8 Aug 26 13:10:17.703344: | libevent_free: release ptr-libevent@0x564529d8f578 Aug 26 13:10:17.703347: | libevent_free: release ptr-libevent@0x564529d8f278 Aug 26 13:10:17.703350: | libevent_free: release ptr-libevent@0x564529ced908 Aug 26 13:10:17.703352: | libevent_free: release ptr-libevent@0x564529cedd38 Aug 26 13:10:17.703355: | libevent_free: release ptr-libevent@0x564529d16ce8 Aug 26 13:10:17.703359: | releasing global libevent data Aug 26 13:10:17.703363: | libevent_free: release ptr-libevent@0x564529d170d8 Aug 26 13:10:17.703366: | libevent_free: release ptr-libevent@0x564529cedcd8 Aug 26 13:10:17.703369: | libevent_free: release ptr-libevent@0x564529ceddd8 Aug 26 13:10:17.703413: leak detective found no leaks