Aug 26 13:10:01.192492: FIPS Product: YES Aug 26 13:10:01.192533: FIPS Kernel: NO Aug 26 13:10:01.192537: FIPS Mode: NO Aug 26 13:10:01.192540: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:10:01.192688: Initializing NSS Aug 26 13:10:01.192696: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:10:01.218026: NSS initialized Aug 26 13:10:01.218044: NSS crypto library initialized Aug 26 13:10:01.218049: FIPS HMAC integrity support [enabled] Aug 26 13:10:01.218051: FIPS mode disabled for pluto daemon Aug 26 13:10:01.246915: FIPS HMAC integrity verification self-test FAILED Aug 26 13:10:01.247023: libcap-ng support [enabled] Aug 26 13:10:01.247032: Linux audit support [enabled] Aug 26 13:10:01.247061: Linux audit activated Aug 26 13:10:01.247071: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:14453 Aug 26 13:10:01.247075: core dump dir: /tmp Aug 26 13:10:01.247077: secrets file: /etc/ipsec.secrets Aug 26 13:10:01.247080: leak-detective disabled Aug 26 13:10:01.247082: NSS crypto [enabled] Aug 26 13:10:01.247084: XAUTH PAM support [enabled] Aug 26 13:10:01.247163: | libevent is using pluto's memory allocator Aug 26 13:10:01.247172: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:10:01.247188: | libevent_malloc: new ptr-libevent@0x55ad88abb320 size 40 Aug 26 13:10:01.247193: | libevent_malloc: new ptr-libevent@0x55ad88abc5d0 size 40 Aug 26 13:10:01.247196: | libevent_malloc: new ptr-libevent@0x55ad88abc600 size 40 Aug 26 13:10:01.247199: | creating event base Aug 26 13:10:01.247202: | libevent_malloc: new ptr-libevent@0x55ad88abc590 size 56 Aug 26 13:10:01.247206: | libevent_malloc: new ptr-libevent@0x55ad88abc630 size 664 Aug 26 13:10:01.247218: | libevent_malloc: new ptr-libevent@0x55ad88abc8d0 size 24 Aug 26 13:10:01.247223: | libevent_malloc: new ptr-libevent@0x55ad88aae020 size 384 Aug 26 13:10:01.247235: | libevent_malloc: new ptr-libevent@0x55ad88abc8f0 size 16 Aug 26 13:10:01.247239: | libevent_malloc: new ptr-libevent@0x55ad88abc910 size 40 Aug 26 13:10:01.247242: | libevent_malloc: new ptr-libevent@0x55ad88abc940 size 48 Aug 26 13:10:01.247249: | libevent_realloc: new ptr-libevent@0x55ad88a3e370 size 256 Aug 26 13:10:01.247253: | libevent_malloc: new ptr-libevent@0x55ad88abc980 size 16 Aug 26 13:10:01.247259: | libevent_free: release ptr-libevent@0x55ad88abc590 Aug 26 13:10:01.247263: | libevent initialized Aug 26 13:10:01.247267: | libevent_realloc: new ptr-libevent@0x55ad88abc9a0 size 64 Aug 26 13:10:01.247273: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:10:01.247305: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:10:01.247311: NAT-Traversal support [enabled] Aug 26 13:10:01.247315: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:10:01.247322: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:10:01.247326: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:10:01.247363: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:10:01.247368: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:10:01.247372: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:10:01.247419: Encryption algorithms: Aug 26 13:10:01.247430: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:10:01.247435: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:10:01.247439: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:10:01.247443: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:10:01.247447: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:10:01.247457: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:10:01.247462: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:10:01.247466: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:10:01.247470: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:10:01.247474: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:10:01.247478: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:10:01.247482: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:10:01.247486: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:10:01.247490: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:10:01.247494: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:10:01.247497: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:10:01.247501: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:10:01.247508: Hash algorithms: Aug 26 13:10:01.247511: MD5 IKEv1: IKE IKEv2: Aug 26 13:10:01.247515: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:10:01.247518: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:10:01.247521: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:10:01.247525: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:10:01.247539: PRF algorithms: Aug 26 13:10:01.247543: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:10:01.247547: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:10:01.247550: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:10:01.247554: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:10:01.247557: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:10:01.247560: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:10:01.247587: Integrity algorithms: Aug 26 13:10:01.247593: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:10:01.247597: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:10:01.247601: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:10:01.247606: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:10:01.247610: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:10:01.247614: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:10:01.247618: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:10:01.247621: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:10:01.247624: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:10:01.247637: DH algorithms: Aug 26 13:10:01.247641: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:10:01.247644: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:10:01.247648: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:10:01.247654: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:10:01.247657: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:10:01.247660: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:10:01.247663: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:10:01.247667: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:10:01.247670: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:10:01.247673: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:10:01.247676: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:10:01.247679: testing CAMELLIA_CBC: Aug 26 13:10:01.247682: Camellia: 16 bytes with 128-bit key Aug 26 13:10:01.247803: Camellia: 16 bytes with 128-bit key Aug 26 13:10:01.247837: Camellia: 16 bytes with 256-bit key Aug 26 13:10:01.247870: Camellia: 16 bytes with 256-bit key Aug 26 13:10:01.247902: testing AES_GCM_16: Aug 26 13:10:01.247907: empty string Aug 26 13:10:01.247940: one block Aug 26 13:10:01.247969: two blocks Aug 26 13:10:01.247999: two blocks with associated data Aug 26 13:10:01.248028: testing AES_CTR: Aug 26 13:10:01.248033: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:10:01.248062: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:10:01.248092: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:10:01.248122: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:10:01.248152: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:10:01.248182: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:10:01.248212: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:10:01.248243: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:10:01.248273: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:10:01.248308: testing AES_CBC: Aug 26 13:10:01.248314: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:10:01.248344: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:10:01.248376: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:10:01.248409: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:10:01.248447: testing AES_XCBC: Aug 26 13:10:01.248452: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:10:01.248576: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:10:01.248713: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:10:01.248843: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:10:01.248976: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:10:01.249110: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:10:01.249245: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:10:01.249544: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:10:01.249691: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:10:01.249829: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:10:01.250071: testing HMAC_MD5: Aug 26 13:10:01.250076: RFC 2104: MD5_HMAC test 1 Aug 26 13:10:01.250246: RFC 2104: MD5_HMAC test 2 Aug 26 13:10:01.250439: RFC 2104: MD5_HMAC test 3 Aug 26 13:10:01.250633: 8 CPU cores online Aug 26 13:10:01.250638: starting up 7 crypto helpers Aug 26 13:10:01.250670: started thread for crypto helper 0 Aug 26 13:10:01.250697: | starting up helper thread 0 Aug 26 13:10:01.250710: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:10:01.250712: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:01.250722: started thread for crypto helper 1 Aug 26 13:10:01.250760: started thread for crypto helper 2 Aug 26 13:10:01.250784: | starting up helper thread 1 Aug 26 13:10:01.250784: | starting up helper thread 2 Aug 26 13:10:01.250800: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:10:01.250803: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:01.250798: started thread for crypto helper 3 Aug 26 13:10:01.250804: | starting up helper thread 3 Aug 26 13:10:01.250806: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:10:01.250821: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:10:01.250821: | crypto helper 2 waiting (nothing to do) Aug 26 13:10:01.250832: started thread for crypto helper 4 Aug 26 13:10:01.250834: | starting up helper thread 4 Aug 26 13:10:01.250834: | crypto helper 3 waiting (nothing to do) Aug 26 13:10:01.250859: started thread for crypto helper 5 Aug 26 13:10:01.250841: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:10:01.250900: | starting up helper thread 5 Aug 26 13:10:01.250907: started thread for crypto helper 6 Aug 26 13:10:01.250904: | crypto helper 4 waiting (nothing to do) Aug 26 13:10:01.250918: | checking IKEv1 state table Aug 26 13:10:01.250910: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:10:01.250927: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:01.250929: | crypto helper 5 waiting (nothing to do) Aug 26 13:10:01.250914: | starting up helper thread 6 Aug 26 13:10:01.250930: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:10:01.250941: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:10:01.250948: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:01.250950: | crypto helper 6 waiting (nothing to do) Aug 26 13:10:01.250954: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:10:01.250962: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:10:01.250965: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:10:01.250968: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:01.250971: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:01.250973: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:10:01.250976: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:10:01.250978: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:01.250981: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:10:01.250984: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:10:01.250986: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:01.250989: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:01.250991: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:01.250995: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:10:01.250997: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:01.251000: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:01.251002: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:10:01.251005: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:10:01.251008: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251011: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:10:01.251013: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251016: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:01.251018: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:10:01.251021: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:01.251024: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:01.251026: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:10:01.251029: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:10:01.251032: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:01.251034: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:10:01.251038: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:10:01.251040: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251043: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:10:01.251046: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251049: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:10:01.251051: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:10:01.251057: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:10:01.251060: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:10:01.251063: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:10:01.251066: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:10:01.251069: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:10:01.251071: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251075: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:10:01.251077: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251080: | INFO: category: informational flags: 0: Aug 26 13:10:01.251083: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251086: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:10:01.251088: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251091: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:10:01.251094: | -> XAUTH_R1 EVENT_NULL Aug 26 13:10:01.251097: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:10:01.251099: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:10:01.251102: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:10:01.251105: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:10:01.251108: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:10:01.251111: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:10:01.251114: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:10:01.251116: | -> UNDEFINED EVENT_NULL Aug 26 13:10:01.251120: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:10:01.251122: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:10:01.251125: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:10:01.251128: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:10:01.251131: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:10:01.251133: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:10:01.251139: | checking IKEv2 state table Aug 26 13:10:01.251146: | PARENT_I0: category: ignore flags: 0: Aug 26 13:10:01.251149: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:10:01.251152: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:10:01.251156: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:10:01.251159: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:10:01.251162: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:10:01.251165: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:10:01.251168: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:10:01.251171: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:10:01.251174: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:10:01.251176: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:10:01.251180: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:10:01.251182: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:10:01.251185: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:10:01.251188: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:10:01.251191: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:10:01.251194: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:10:01.251197: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:10:01.251200: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:10:01.251203: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:10:01.251206: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:10:01.251209: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:10:01.251212: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:10:01.251217: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:10:01.251220: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:10:01.251223: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:10:01.251226: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:10:01.251229: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:10:01.251232: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:10:01.251235: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:10:01.251238: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:10:01.251241: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:01.251244: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:10:01.251247: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:10:01.251250: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:10:01.251253: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:10:01.251256: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:10:01.251259: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:10:01.251262: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:10:01.251265: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:10:01.251268: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:10:01.251271: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:10:01.251274: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:10:01.251278: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:10:01.251280: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:10:01.251283: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:10:01.251286: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:10:01.251309: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:10:01.251758: | Hard-wiring algorithms Aug 26 13:10:01.251763: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:10:01.251768: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:10:01.251771: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:10:01.251774: | adding 3DES_CBC to kernel algorithm db Aug 26 13:10:01.251776: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:10:01.251779: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:10:01.251781: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:10:01.251784: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:10:01.251787: | adding AES_CTR to kernel algorithm db Aug 26 13:10:01.251789: | adding AES_CBC to kernel algorithm db Aug 26 13:10:01.251792: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:10:01.251795: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:10:01.251798: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:10:01.251800: | adding NULL to kernel algorithm db Aug 26 13:10:01.251803: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:10:01.251806: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:10:01.251809: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:10:01.251811: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:10:01.251814: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:10:01.251816: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:10:01.251819: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:10:01.251822: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:10:01.251824: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:10:01.251827: | adding NONE to kernel algorithm db Aug 26 13:10:01.251852: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:10:01.251859: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:10:01.251862: | setup kernel fd callback Aug 26 13:10:01.251866: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ad88ac1f20 Aug 26 13:10:01.251872: | libevent_malloc: new ptr-libevent@0x55ad88acdfd0 size 128 Aug 26 13:10:01.251876: | libevent_malloc: new ptr-libevent@0x55ad88ac1200 size 16 Aug 26 13:10:01.251882: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ad88ac1ee0 Aug 26 13:10:01.251885: | libevent_malloc: new ptr-libevent@0x55ad88ace060 size 128 Aug 26 13:10:01.251889: | libevent_malloc: new ptr-libevent@0x55ad88ac1220 size 16 Aug 26 13:10:01.252122: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:10:01.252132: selinux support is enabled. Aug 26 13:10:01.252469: | unbound context created - setting debug level to 5 Aug 26 13:10:01.252502: | /etc/hosts lookups activated Aug 26 13:10:01.252522: | /etc/resolv.conf usage activated Aug 26 13:10:01.252588: | outgoing-port-avoid set 0-65535 Aug 26 13:10:01.252621: | outgoing-port-permit set 32768-60999 Aug 26 13:10:01.252625: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:10:01.252629: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:10:01.252632: | Setting up events, loop start Aug 26 13:10:01.252636: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ad88abc590 Aug 26 13:10:01.252639: | libevent_malloc: new ptr-libevent@0x55ad88ad8580 size 128 Aug 26 13:10:01.252643: | libevent_malloc: new ptr-libevent@0x55ad88ad8610 size 16 Aug 26 13:10:01.252650: | libevent_realloc: new ptr-libevent@0x55ad88a3c5b0 size 256 Aug 26 13:10:01.252654: | libevent_malloc: new ptr-libevent@0x55ad88ad8630 size 8 Aug 26 13:10:01.252658: | libevent_realloc: new ptr-libevent@0x55ad88acd440 size 144 Aug 26 13:10:01.252660: | libevent_malloc: new ptr-libevent@0x55ad88ad8650 size 152 Aug 26 13:10:01.252665: | libevent_malloc: new ptr-libevent@0x55ad88ad86f0 size 16 Aug 26 13:10:01.252669: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:10:01.252672: | libevent_malloc: new ptr-libevent@0x55ad88ad8710 size 8 Aug 26 13:10:01.252675: | libevent_malloc: new ptr-libevent@0x55ad88ad8730 size 152 Aug 26 13:10:01.252679: | signal event handler PLUTO_SIGTERM installed Aug 26 13:10:01.252682: | libevent_malloc: new ptr-libevent@0x55ad88ad87d0 size 8 Aug 26 13:10:01.252685: | libevent_malloc: new ptr-libevent@0x55ad88ad87f0 size 152 Aug 26 13:10:01.252688: | signal event handler PLUTO_SIGHUP installed Aug 26 13:10:01.252691: | libevent_malloc: new ptr-libevent@0x55ad88ad8890 size 8 Aug 26 13:10:01.252694: | libevent_realloc: release ptr-libevent@0x55ad88acd440 Aug 26 13:10:01.252697: | libevent_realloc: new ptr-libevent@0x55ad88ad88b0 size 256 Aug 26 13:10:01.252700: | libevent_malloc: new ptr-libevent@0x55ad88acd440 size 152 Aug 26 13:10:01.252703: | signal event handler PLUTO_SIGSYS installed Aug 26 13:10:01.253048: | created addconn helper (pid:14481) using fork+execve Aug 26 13:10:01.253076: | forked child 14481 Aug 26 13:10:01.253114: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.253131: listening for IKE messages Aug 26 13:10:01.253575: | Inspecting interface lo Aug 26 13:10:01.253587: | found lo with address 127.0.0.1 Aug 26 13:10:01.253591: | Inspecting interface eth0 Aug 26 13:10:01.253596: | found eth0 with address 192.0.3.254 Aug 26 13:10:01.253598: | Inspecting interface eth1 Aug 26 13:10:01.253603: | found eth1 with address 192.1.3.33 Aug 26 13:10:01.253697: Kernel supports NIC esp-hw-offload Aug 26 13:10:01.253710: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:10:01.253765: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:01.253772: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:01.253776: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:10:01.253809: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:10:01.253835: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:01.253840: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:01.253845: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:10:01.253872: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:10:01.253897: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:10:01.253902: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:10:01.253907: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:10:01.253968: | no interfaces to sort Aug 26 13:10:01.253974: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:10:01.253984: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8c20 Aug 26 13:10:01.253988: | libevent_malloc: new ptr-libevent@0x55ad88ad8c60 size 128 Aug 26 13:10:01.253992: | libevent_malloc: new ptr-libevent@0x55ad88ad8cf0 size 16 Aug 26 13:10:01.254000: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:01.254004: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8d10 Aug 26 13:10:01.254007: | libevent_malloc: new ptr-libevent@0x55ad88ad8d50 size 128 Aug 26 13:10:01.254010: | libevent_malloc: new ptr-libevent@0x55ad88ad8de0 size 16 Aug 26 13:10:01.254015: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:01.254019: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8e00 Aug 26 13:10:01.254021: | libevent_malloc: new ptr-libevent@0x55ad88ad8e40 size 128 Aug 26 13:10:01.254024: | libevent_malloc: new ptr-libevent@0x55ad88ad8ed0 size 16 Aug 26 13:10:01.254029: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:10:01.254033: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8ef0 Aug 26 13:10:01.254036: | libevent_malloc: new ptr-libevent@0x55ad88ad8f30 size 128 Aug 26 13:10:01.254039: | libevent_malloc: new ptr-libevent@0x55ad88ad8fc0 size 16 Aug 26 13:10:01.254043: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:10:01.254047: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8fe0 Aug 26 13:10:01.254050: | libevent_malloc: new ptr-libevent@0x55ad88ad9020 size 128 Aug 26 13:10:01.254053: | libevent_malloc: new ptr-libevent@0x55ad88ad90b0 size 16 Aug 26 13:10:01.254058: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:10:01.254061: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad90d0 Aug 26 13:10:01.254064: | libevent_malloc: new ptr-libevent@0x55ad88ad9110 size 128 Aug 26 13:10:01.254067: | libevent_malloc: new ptr-libevent@0x55ad88ad91a0 size 16 Aug 26 13:10:01.254072: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:10:01.254077: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:01.254080: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:01.254103: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:01.254122: | saving Modulus Aug 26 13:10:01.254127: | saving PublicExponent Aug 26 13:10:01.254132: | ignoring PrivateExponent Aug 26 13:10:01.254135: | ignoring Prime1 Aug 26 13:10:01.254138: | ignoring Prime2 Aug 26 13:10:01.254142: | ignoring Exponent1 Aug 26 13:10:01.254145: | ignoring Exponent2 Aug 26 13:10:01.254148: | ignoring Coefficient Aug 26 13:10:01.254152: | ignoring CKAIDNSS Aug 26 13:10:01.254183: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:01.254188: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:01.254191: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:10:01.254199: | certs and keys locked by 'process_secret' Aug 26 13:10:01.254203: | certs and keys unlocked by 'process_secret' Aug 26 13:10:01.254215: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.254223: | spent 1.11 milliseconds in whack Aug 26 13:10:01.275072: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.275102: listening for IKE messages Aug 26 13:10:01.275144: | Inspecting interface lo Aug 26 13:10:01.275153: | found lo with address 127.0.0.1 Aug 26 13:10:01.275156: | Inspecting interface eth0 Aug 26 13:10:01.275161: | found eth0 with address 192.0.3.254 Aug 26 13:10:01.275164: | Inspecting interface eth1 Aug 26 13:10:01.275168: | found eth1 with address 192.1.3.33 Aug 26 13:10:01.275226: | no interfaces to sort Aug 26 13:10:01.275237: | libevent_free: release ptr-libevent@0x55ad88ad8c60 Aug 26 13:10:01.275241: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad8c20 Aug 26 13:10:01.275245: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8c20 Aug 26 13:10:01.275248: | libevent_malloc: new ptr-libevent@0x55ad88ad8c60 size 128 Aug 26 13:10:01.275256: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:10:01.275261: | libevent_free: release ptr-libevent@0x55ad88ad8d50 Aug 26 13:10:01.275264: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad8d10 Aug 26 13:10:01.275267: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8d10 Aug 26 13:10:01.275270: | libevent_malloc: new ptr-libevent@0x55ad88ad8d50 size 128 Aug 26 13:10:01.275275: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:10:01.275280: | libevent_free: release ptr-libevent@0x55ad88ad8e40 Aug 26 13:10:01.275283: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad8e00 Aug 26 13:10:01.275285: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8e00 Aug 26 13:10:01.275292: | libevent_malloc: new ptr-libevent@0x55ad88ad8e40 size 128 Aug 26 13:10:01.275300: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:10:01.275304: | libevent_free: release ptr-libevent@0x55ad88ad8f30 Aug 26 13:10:01.275307: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad8ef0 Aug 26 13:10:01.275310: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8ef0 Aug 26 13:10:01.275313: | libevent_malloc: new ptr-libevent@0x55ad88ad8f30 size 128 Aug 26 13:10:01.275331: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:10:01.275336: | libevent_free: release ptr-libevent@0x55ad88ad9020 Aug 26 13:10:01.275339: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad8fe0 Aug 26 13:10:01.275341: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad8fe0 Aug 26 13:10:01.275344: | libevent_malloc: new ptr-libevent@0x55ad88ad9020 size 128 Aug 26 13:10:01.275349: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:10:01.275353: | libevent_free: release ptr-libevent@0x55ad88ad9110 Aug 26 13:10:01.275356: | free_event_entry: release EVENT_NULL-pe@0x55ad88ad90d0 Aug 26 13:10:01.275359: | add_fd_read_event_handler: new ethX-pe@0x55ad88ad90d0 Aug 26 13:10:01.275361: | libevent_malloc: new ptr-libevent@0x55ad88ad9110 size 128 Aug 26 13:10:01.275367: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:10:01.275370: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:10:01.275373: forgetting secrets Aug 26 13:10:01.275380: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:10:01.275399: loading secrets from "/etc/ipsec.secrets" Aug 26 13:10:01.275414: | saving Modulus Aug 26 13:10:01.275419: | saving PublicExponent Aug 26 13:10:01.275422: | ignoring PrivateExponent Aug 26 13:10:01.275426: | ignoring Prime1 Aug 26 13:10:01.275429: | ignoring Prime2 Aug 26 13:10:01.275432: | ignoring Exponent1 Aug 26 13:10:01.275435: | ignoring Exponent2 Aug 26 13:10:01.275439: | ignoring Coefficient Aug 26 13:10:01.275442: | ignoring CKAIDNSS Aug 26 13:10:01.275480: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:01.275484: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:01.275488: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:10:01.275494: | certs and keys locked by 'process_secret' Aug 26 13:10:01.275497: | certs and keys unlocked by 'process_secret' Aug 26 13:10:01.275519: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.275527: | spent 0.461 milliseconds in whack Aug 26 13:10:01.276129: | processing signal PLUTO_SIGCHLD Aug 26 13:10:01.276140: | waitpid returned pid 14481 (exited with status 0) Aug 26 13:10:01.276146: | reaped addconn helper child (status 0) Aug 26 13:10:01.276150: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:01.276154: | spent 0.0161 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:01.332701: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.332720: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.332724: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:01.332725: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.332727: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:01.332730: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.332736: | Added new connection north-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:01.332738: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:10:01.332757: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 13:10:01.332759: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 13:10:01.332770: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 13:10:01.332773: | counting wild cards for @north is 0 Aug 26 13:10:01.332775: | counting wild cards for @east is 0 Aug 26 13:10:01.332782: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:10:01.332785: | new hp@0x55ad88aa56e0 Aug 26 13:10:01.332788: added connection description "north-eastnets/0x1" Aug 26 13:10:01.332797: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:01.332809: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Aug 26 13:10:01.332818: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.332825: | spent 0.129 milliseconds in whack Aug 26 13:10:01.332865: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.332875: add keyid @north Aug 26 13:10:01.332879: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:10:01.332882: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:10:01.332884: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:10:01.332886: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:10:01.332889: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:10:01.332891: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:10:01.332893: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:10:01.332895: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:10:01.332897: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:10:01.332900: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:10:01.332902: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:10:01.332904: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:10:01.332907: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:10:01.332909: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:10:01.332911: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:10:01.332913: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:10:01.332915: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:10:01.332918: | add pubkey c7 5e a5 99 Aug 26 13:10:01.332942: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:01.332946: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:01.332958: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.332964: | spent 0.104 milliseconds in whack Aug 26 13:10:01.332994: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.333001: add keyid @east Aug 26 13:10:01.333004: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:10:01.333006: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:10:01.333007: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:10:01.333009: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:10:01.333010: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:10:01.333012: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:10:01.333013: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:10:01.333015: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:10:01.333016: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:10:01.333018: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:10:01.333019: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:10:01.333021: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:10:01.333022: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:10:01.333024: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:10:01.333025: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:10:01.333027: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:10:01.333028: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:10:01.333030: | add pubkey 51 51 48 ef Aug 26 13:10:01.333037: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:01.333039: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:01.333045: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.333048: | spent 0.0577 milliseconds in whack Aug 26 13:10:01.333076: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.333083: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.333085: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:01.333087: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.333089: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:10:01.333091: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:10:01.333094: | Added new connection north-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:01.333096: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:10:01.333108: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Aug 26 13:10:01.333111: | from whack: got --esp=aes128-sha2_512;modp3072 Aug 26 13:10:01.333124: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Aug 26 13:10:01.333128: | counting wild cards for @north is 0 Aug 26 13:10:01.333132: | counting wild cards for @east is 0 Aug 26 13:10:01.333138: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:10:01.333143: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55ad88aa56e0: north-eastnets/0x1 Aug 26 13:10:01.333146: added connection description "north-eastnets/0x2" Aug 26 13:10:01.333155: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:10:01.333164: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Aug 26 13:10:01.333171: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.333176: | spent 0.102 milliseconds in whack Aug 26 13:10:01.333202: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.333212: add keyid @north Aug 26 13:10:01.333219: | unreference key: 0x55ad88a612f0 @north cnt 1-- Aug 26 13:10:01.333224: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Aug 26 13:10:01.333227: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Aug 26 13:10:01.333230: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Aug 26 13:10:01.333232: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Aug 26 13:10:01.333235: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Aug 26 13:10:01.333237: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Aug 26 13:10:01.333240: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Aug 26 13:10:01.333241: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Aug 26 13:10:01.333243: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Aug 26 13:10:01.333244: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Aug 26 13:10:01.333246: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Aug 26 13:10:01.333247: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Aug 26 13:10:01.333249: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Aug 26 13:10:01.333251: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Aug 26 13:10:01.333252: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Aug 26 13:10:01.333254: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Aug 26 13:10:01.333255: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Aug 26 13:10:01.333257: | add pubkey c7 5e a5 99 Aug 26 13:10:01.333264: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:10:01.333265: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:10:01.333272: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.333275: | spent 0.0772 milliseconds in whack Aug 26 13:10:01.333305: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:10:01.333314: add keyid @east Aug 26 13:10:01.333317: | unreference key: 0x55ad88a338f0 @east cnt 1-- Aug 26 13:10:01.333319: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Aug 26 13:10:01.333321: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Aug 26 13:10:01.333322: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Aug 26 13:10:01.333324: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Aug 26 13:10:01.333326: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Aug 26 13:10:01.333327: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Aug 26 13:10:01.333329: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Aug 26 13:10:01.333330: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Aug 26 13:10:01.333332: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Aug 26 13:10:01.333333: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Aug 26 13:10:01.333335: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Aug 26 13:10:01.333336: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Aug 26 13:10:01.333338: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Aug 26 13:10:01.333339: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Aug 26 13:10:01.333341: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Aug 26 13:10:01.333342: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Aug 26 13:10:01.333344: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Aug 26 13:10:01.333345: | add pubkey 51 51 48 ef Aug 26 13:10:01.333351: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:10:01.333353: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:10:01.333358: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:10:01.333361: | spent 0.0589 milliseconds in whack Aug 26 13:10:21.271341: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:10:21.271363: | expiring aged bare shunts from shunt table Aug 26 13:10:21.271369: | spent 0.00433 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:10:25.185524: | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:25.185808: | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:25.185813: | 8b 87 d7 26 c3 30 6b 14 00 00 00 00 00 00 00 00 Aug 26 13:10:25.185814: | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:10:25.185816: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:10:25.185817: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:25.185819: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:10:25.185820: | 00 0e 00 00 46 49 8e 2c e9 3f 06 93 46 99 ca 74 Aug 26 13:10:25.185822: | e5 f7 3b 1d b1 a2 0a 03 c9 67 c4 9e 16 bb 5c 7f Aug 26 13:10:25.185823: | 3c 10 62 1a b6 71 0b 74 cb b9 e1 7b 30 b4 f2 57 Aug 26 13:10:25.185825: | 1d 3b 5a a6 4b f1 d2 52 20 75 1a 57 9f 4e fe d9 Aug 26 13:10:25.185826: | 7f f0 7b 13 f5 45 2c 02 a3 02 c6 07 8f 08 d7 f5 Aug 26 13:10:25.185828: | b7 c0 36 06 c1 6d 3e 0f 5b ca 2b ad f2 b5 47 f0 Aug 26 13:10:25.185829: | e4 a1 34 c0 a4 c6 03 34 ed c8 ec 45 4d 9c c0 cf Aug 26 13:10:25.185831: | aa 16 cd 7a aa 0e ac c5 77 39 e1 e4 0b a9 41 4d Aug 26 13:10:25.185832: | 5f 3a e2 86 93 b6 92 94 a1 2c 1b 26 b6 39 9a 53 Aug 26 13:10:25.185833: | 58 4b e1 f3 28 9e 07 53 ae 55 d2 59 8e a5 dd 36 Aug 26 13:10:25.185835: | b4 4a f4 ec 62 a0 69 1e bf b2 18 95 6e a1 e4 ea Aug 26 13:10:25.185836: | 57 65 65 59 06 9d b6 56 e0 42 69 72 08 5e 18 d1 Aug 26 13:10:25.185838: | c1 a1 0e bc ff e0 6a f8 9f f1 cb 5c b9 7f 72 53 Aug 26 13:10:25.185839: | 10 56 e8 5c 8a 0c 16 89 03 a7 cd 8a 2d 48 c4 86 Aug 26 13:10:25.185841: | fb f9 e5 c8 17 0b dd 97 f7 99 95 a3 9a a3 2b 30 Aug 26 13:10:25.185842: | c1 a7 a9 a4 ed 6f 1d 35 33 80 73 2e 2f 59 4e 55 Aug 26 13:10:25.185844: | 95 8f 9d a9 29 00 00 24 68 52 d7 6f 01 ea 94 77 Aug 26 13:10:25.185845: | db 29 2a 9b 81 9b 32 73 d9 a3 6c 68 4d 1f 9b 48 Aug 26 13:10:25.185847: | 71 1a 23 51 51 45 55 e1 29 00 00 08 00 00 40 2e Aug 26 13:10:25.185848: | 29 00 00 1c 00 00 40 04 3f f9 28 7c b6 d3 bd 80 Aug 26 13:10:25.185849: | a1 39 c1 36 60 63 78 f5 52 e4 d5 f2 00 00 00 1c Aug 26 13:10:25.185851: | 00 00 40 05 73 33 01 04 6c b2 8b fd 31 a2 0e f6 Aug 26 13:10:25.185852: | 48 b2 81 c8 29 fc 94 50 Aug 26 13:10:25.185858: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:25.185861: | **parse ISAKMP Message: Aug 26 13:10:25.185863: | initiator cookie: Aug 26 13:10:25.185865: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:25.185866: | responder cookie: Aug 26 13:10:25.185868: | 00 00 00 00 00 00 00 00 Aug 26 13:10:25.185870: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:25.185872: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:25.185873: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:25.185875: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:25.185877: | Message ID: 0 (0x0) Aug 26 13:10:25.185878: | length: 440 (0x1b8) Aug 26 13:10:25.185880: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:10:25.185883: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:10:25.185885: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:10:25.185887: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:25.185890: | ***parse IKEv2 Security Association Payload: Aug 26 13:10:25.185892: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:25.185893: | flags: none (0x0) Aug 26 13:10:25.185895: | length: 48 (0x30) Aug 26 13:10:25.185897: | processing payload: ISAKMP_NEXT_v2SA (len=44) Aug 26 13:10:25.185898: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:25.185900: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:10:25.185905: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:25.185907: | flags: none (0x0) Aug 26 13:10:25.185908: | length: 264 (0x108) Aug 26 13:10:25.185910: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:25.185911: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:10:25.185913: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:25.185915: | ***parse IKEv2 Nonce Payload: Aug 26 13:10:25.185916: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:25.185918: | flags: none (0x0) Aug 26 13:10:25.185919: | length: 36 (0x24) Aug 26 13:10:25.185921: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:25.185922: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:25.185924: | ***parse IKEv2 Notify Payload: Aug 26 13:10:25.185926: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:25.185927: | flags: none (0x0) Aug 26 13:10:25.185928: | length: 8 (0x8) Aug 26 13:10:25.185930: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:25.185932: | SPI size: 0 (0x0) Aug 26 13:10:25.185934: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:25.185935: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:10:25.185937: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:25.185938: | ***parse IKEv2 Notify Payload: Aug 26 13:10:25.185940: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:25.185941: | flags: none (0x0) Aug 26 13:10:25.185943: | length: 28 (0x1c) Aug 26 13:10:25.185944: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:25.185946: | SPI size: 0 (0x0) Aug 26 13:10:25.185947: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:25.185949: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:25.185950: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:10:25.185952: | ***parse IKEv2 Notify Payload: Aug 26 13:10:25.185954: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:25.185955: | flags: none (0x0) Aug 26 13:10:25.185957: | length: 28 (0x1c) Aug 26 13:10:25.185958: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:25.185960: | SPI size: 0 (0x0) Aug 26 13:10:25.185961: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:25.185963: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:10:25.185965: | DDOS disabled and no cookie sent, continuing Aug 26 13:10:25.185969: | find_host_connection local=192.1.3.33:500 remote=192.1.2.23:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:10:25.185987: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:10:25.185990: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:10:25.185992: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Aug 26 13:10:25.185994: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Aug 26 13:10:25.185996: | find_next_host_connection returns empty Aug 26 13:10:25.185999: | find_host_connection local=192.1.3.33:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:10:25.186001: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:10:25.186002: | find_next_host_connection returns empty Aug 26 13:10:25.186005: | initial parent SA message received on 192.1.3.33:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:10:25.186008: | find_host_connection local=192.1.3.33:500 remote=192.1.2.23:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:10:25.186010: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:10:25.186012: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:10:25.186014: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x2) Aug 26 13:10:25.186016: | find_next_host_connection returns north-eastnets/0x2 Aug 26 13:10:25.186018: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:10:25.186020: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-eastnets/0x1) Aug 26 13:10:25.186035: | find_next_host_connection returns north-eastnets/0x1 Aug 26 13:10:25.186037: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:10:25.186038: | find_next_host_connection returns empty Aug 26 13:10:25.186040: | found connection: north-eastnets/0x2 with policy RSASIG+IKEV2_ALLOW Aug 26 13:10:25.186061: | creating state object #1 at 0x55ad88adc1a0 Aug 26 13:10:25.186064: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:10:25.186070: | pstats #1 ikev2.ike started Aug 26 13:10:25.186072: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:10:25.186075: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:10:25.186079: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:25.186085: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:25.186087: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:25.186090: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:25.186092: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:10:25.186095: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:10:25.186098: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:10:25.186100: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:10:25.186102: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:10:25.186103: | Now let's proceed with state specific processing Aug 26 13:10:25.186105: | calling processor Respond to IKE_SA_INIT Aug 26 13:10:25.186112: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:10:25.186115: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals) Aug 26 13:10:25.186119: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Aug 26 13:10:25.186124: | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:10:25.186127: "north-eastnets/0x2": constructed local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:10:25.186129: | Comparing remote proposals against IKE responder 1 local proposals Aug 26 13:10:25.186131: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:25.186133: | local proposal 1 type PRF has 1 transforms Aug 26 13:10:25.186134: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:25.186136: | local proposal 1 type DH has 1 transforms Aug 26 13:10:25.186138: | local proposal 1 type ESN has 0 transforms Aug 26 13:10:25.186140: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:10:25.186142: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:25.186144: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:25.186146: | length: 44 (0x2c) Aug 26 13:10:25.186147: | prop #: 1 (0x1) Aug 26 13:10:25.186149: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:25.186151: | spi size: 0 (0x0) Aug 26 13:10:25.186152: | # transforms: 4 (0x4) Aug 26 13:10:25.186154: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:10:25.186156: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:25.186158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:25.186161: | length: 12 (0xc) Aug 26 13:10:25.186163: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:25.186164: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:25.186166: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:25.186168: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:25.186182: | length/value: 256 (0x100) Aug 26 13:10:25.186185: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:25.186187: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:25.186189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:25.186190: | length: 8 (0x8) Aug 26 13:10:25.186192: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:25.186194: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:25.186196: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:10:25.186198: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:25.186199: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:25.186201: | length: 8 (0x8) Aug 26 13:10:25.186202: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:25.186204: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:25.186206: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:10:25.186208: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:25.186210: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:25.186211: | length: 8 (0x8) Aug 26 13:10:25.186213: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:25.186214: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:25.186217: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:25.186219: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Aug 26 13:10:25.186222: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Aug 26 13:10:25.186224: | remote proposal 1 matches local proposal 1 Aug 26 13:10:25.186227: "north-eastnets/0x2" #1: proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Aug 26 13:10:25.186230: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 Aug 26 13:10:25.186231: | converting proposal to internal trans attrs Aug 26 13:10:25.186234: | natd_hash: rcookie is zero Aug 26 13:10:25.186241: | natd_hash: hasher=0x55ad87c58800(20) Aug 26 13:10:25.186243: | natd_hash: icookie= 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:25.186245: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:25.186246: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:25.186248: | natd_hash: port=500 Aug 26 13:10:25.186249: | natd_hash: hash= 73 33 01 04 6c b2 8b fd 31 a2 0e f6 48 b2 81 c8 Aug 26 13:10:25.186251: | natd_hash: hash= 29 fc 94 50 Aug 26 13:10:25.186252: | natd_hash: rcookie is zero Aug 26 13:10:25.186256: | natd_hash: hasher=0x55ad87c58800(20) Aug 26 13:10:25.186257: | natd_hash: icookie= 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:25.186259: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:10:25.186260: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:25.186262: | natd_hash: port=500 Aug 26 13:10:25.186264: | natd_hash: hash= 3f f9 28 7c b6 d3 bd 80 a1 39 c1 36 60 63 78 f5 Aug 26 13:10:25.186265: | natd_hash: hash= 52 e4 d5 f2 Aug 26 13:10:25.186267: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:10:25.186268: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:10:25.186270: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:10:25.186272: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:10:25.186276: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:10:25.186281: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ad88ade1c0 Aug 26 13:10:25.186284: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:25.186286: | libevent_malloc: new ptr-libevent@0x55ad88ade200 size 128 Aug 26 13:10:25.186302: | #1 spent 0.189 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:10:25.186309: | crypto helper 0 resuming Aug 26 13:10:25.186334: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:10:25.186312: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:25.186342: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:10:25.186348: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:10:25.186357: | suspending state #1 and saving MD Aug 26 13:10:25.186361: | #1 is busy; has a suspended MD Aug 26 13:10:25.186365: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:25.186352: | crypto helper is pausing for 2 seconds Aug 26 13:10:25.186368: | "north-eastnets/0x2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:25.186382: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:25.186386: | #1 spent 0.824 milliseconds in ikev2_process_packet() Aug 26 13:10:25.186389: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:25.186391: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:25.186392: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:25.186395: | spent 0.833 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.187267: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 2.000922 seconds Aug 26 13:10:27.187295: | (#1) spent 0.886 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:10:27.187302: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:10:27.187305: | scheduling resume sending helper answer for #1 Aug 26 13:10:27.187310: | libevent_malloc: new ptr-libevent@0x7f393c006900 size 128 Aug 26 13:10:27.187322: | crypto helper 0 waiting (nothing to do) Aug 26 13:10:27.187335: | processing resume sending helper answer for #1 Aug 26 13:10:27.187351: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:10:27.187357: | crypto helper 0 replies to request ID 1 Aug 26 13:10:27.187360: | calling continuation function 0x55ad87b83b50 Aug 26 13:10:27.187364: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:10:27.187400: | **emit ISAKMP Message: Aug 26 13:10:27.187404: | initiator cookie: Aug 26 13:10:27.187407: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.187410: | responder cookie: Aug 26 13:10:27.187412: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.187415: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:27.187419: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.187422: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:10:27.187426: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:27.187428: | Message ID: 0 (0x0) Aug 26 13:10:27.187432: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:27.187435: | Emitting ikev2_proposal ... Aug 26 13:10:27.187438: | ***emit IKEv2 Security Association Payload: Aug 26 13:10:27.187441: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:27.187444: | flags: none (0x0) Aug 26 13:10:27.187448: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:27.187455: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187463: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:27.187466: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:27.187469: | prop #: 1 (0x1) Aug 26 13:10:27.187472: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:10:27.187475: | spi size: 0 (0x0) Aug 26 13:10:27.187477: | # transforms: 4 (0x4) Aug 26 13:10:27.187481: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:27.187484: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:27.187487: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187490: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:27.187493: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:27.187496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:27.187499: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:27.187503: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:27.187506: | length/value: 256 (0x100) Aug 26 13:10:27.187508: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:27.187511: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:27.187514: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187517: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:10:27.187520: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:10:27.187524: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:27.187529: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:27.187532: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:27.187535: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187538: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:27.187540: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:10:27.187543: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:27.187549: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:27.187552: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:10:27.187555: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:27.187557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:27.187561: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:27.187563: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:27.187567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:27.187569: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:27.187572: | emitting length of IKEv2 Proposal Substructure Payload: 44 Aug 26 13:10:27.187575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:27.187578: | emitting length of IKEv2 Security Association Payload: 48 Aug 26 13:10:27.187581: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:27.187585: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:10:27.187591: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:27.187593: | flags: none (0x0) Aug 26 13:10:27.187596: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:10:27.187600: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:10:27.187603: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187607: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:10:27.187610: | ikev2 g^x 5f 75 e5 d5 c6 db 40 39 2a 0e 43 f2 29 02 40 6e Aug 26 13:10:27.187613: | ikev2 g^x 2e b6 2e e8 59 fc 05 3f d9 e4 bd 50 1d 91 0e 17 Aug 26 13:10:27.187615: | ikev2 g^x 72 de f4 33 58 4e a0 78 38 32 58 39 ca 75 d8 5f Aug 26 13:10:27.187618: | ikev2 g^x 4a 13 32 1f ab ea e6 14 0e 3b 41 ef 70 97 32 a2 Aug 26 13:10:27.187621: | ikev2 g^x 26 79 9d 4c b1 42 99 58 86 d8 71 17 de 97 6a 79 Aug 26 13:10:27.187624: | ikev2 g^x 41 10 a7 fd bf 7c d7 67 a4 1f 89 7c 50 c6 fd 60 Aug 26 13:10:27.187626: | ikev2 g^x ac 43 68 e3 44 24 b5 c1 30 46 8d cf 68 d1 b3 39 Aug 26 13:10:27.187629: | ikev2 g^x e9 92 bf 9c d6 f0 78 8a 24 47 da 06 ce fc ef 2a Aug 26 13:10:27.187632: | ikev2 g^x 52 ba 0e bc 8b 75 e7 40 a6 06 c7 13 48 f3 5f ea Aug 26 13:10:27.187634: | ikev2 g^x fa df 2f c5 fb 06 a4 ea 2d 5c 01 3a 9e 6d 38 6e Aug 26 13:10:27.187636: | ikev2 g^x 65 9e 92 72 3a e6 45 48 e9 2d 49 8a a9 ad 68 45 Aug 26 13:10:27.187639: | ikev2 g^x 65 d6 04 3e ce eb 39 a3 00 87 09 8b e8 96 fb 81 Aug 26 13:10:27.187641: | ikev2 g^x 05 c2 a6 30 80 f3 2c 5b 64 65 1e 53 a8 e1 5d 90 Aug 26 13:10:27.187643: | ikev2 g^x 57 65 bf 47 b9 b9 23 8e e4 05 5f 67 74 a3 0a e8 Aug 26 13:10:27.187646: | ikev2 g^x 2e 8d 8f a0 3a 61 c0 ca 5c f7 c5 9d 03 93 87 3c Aug 26 13:10:27.187649: | ikev2 g^x 7d 7b 8a 27 80 b9 4b e5 61 5f 23 ef 76 f3 23 a4 Aug 26 13:10:27.187652: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:10:27.187654: | ***emit IKEv2 Nonce Payload: Aug 26 13:10:27.187657: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:10:27.187660: | flags: none (0x0) Aug 26 13:10:27.187663: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:10:27.187666: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:10:27.187669: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187672: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:10:27.187675: | IKEv2 nonce 28 c4 6e 45 bf e1 9f 2b 6a c5 4f c5 a8 d0 68 b6 Aug 26 13:10:27.187677: | IKEv2 nonce 3f cf 73 7b c4 da 77 f4 53 cd ae 54 73 26 e3 c6 Aug 26 13:10:27.187680: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:10:27.187684: | Adding a v2N Payload Aug 26 13:10:27.187687: | ***emit IKEv2 Notify Payload: Aug 26 13:10:27.187690: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:27.187692: | flags: none (0x0) Aug 26 13:10:27.187695: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:27.187698: | SPI size: 0 (0x0) Aug 26 13:10:27.187701: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:10:27.187704: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:27.187707: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187710: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:10:27.187713: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:10:27.187727: | natd_hash: hasher=0x55ad87c58800(20) Aug 26 13:10:27.187730: | natd_hash: icookie= 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.187733: | natd_hash: rcookie= 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.187735: | natd_hash: ip= c0 01 03 21 Aug 26 13:10:27.187739: | natd_hash: port=500 Aug 26 13:10:27.187742: | natd_hash: hash= 9b 28 99 9a 12 57 bf c4 ed ee f8 52 09 04 95 90 Aug 26 13:10:27.187745: | natd_hash: hash= 7e 59 18 59 Aug 26 13:10:27.187747: | Adding a v2N Payload Aug 26 13:10:27.187750: | ***emit IKEv2 Notify Payload: Aug 26 13:10:27.187752: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:27.187755: | flags: none (0x0) Aug 26 13:10:27.187757: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:27.187760: | SPI size: 0 (0x0) Aug 26 13:10:27.187763: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:10:27.187766: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:27.187769: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187772: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:27.187775: | Notify data 9b 28 99 9a 12 57 bf c4 ed ee f8 52 09 04 95 90 Aug 26 13:10:27.187777: | Notify data 7e 59 18 59 Aug 26 13:10:27.187780: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:27.187786: | natd_hash: hasher=0x55ad87c58800(20) Aug 26 13:10:27.187789: | natd_hash: icookie= 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.187792: | natd_hash: rcookie= 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.187794: | natd_hash: ip= c0 01 02 17 Aug 26 13:10:27.187797: | natd_hash: port=500 Aug 26 13:10:27.187799: | natd_hash: hash= 44 a5 8b 90 40 7e aa 0d 14 c0 4d d7 ee 49 1a 16 Aug 26 13:10:27.187802: | natd_hash: hash= b5 85 4f 2c Aug 26 13:10:27.187804: | Adding a v2N Payload Aug 26 13:10:27.187807: | ***emit IKEv2 Notify Payload: Aug 26 13:10:27.187809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:27.187812: | flags: none (0x0) Aug 26 13:10:27.187815: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:10:27.187817: | SPI size: 0 (0x0) Aug 26 13:10:27.187820: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:10:27.187823: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:10:27.187826: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:10:27.187829: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:10:27.187832: | Notify data 44 a5 8b 90 40 7e aa 0d 14 c0 4d d7 ee 49 1a 16 Aug 26 13:10:27.187834: | Notify data b5 85 4f 2c Aug 26 13:10:27.187837: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:10:27.187839: | emitting length of ISAKMP Message: 440 Aug 26 13:10:27.187847: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:27.187852: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:10:27.187855: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:10:27.187858: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:10:27.187862: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:10:27.187867: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:10:27.187872: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:10:27.187877: "north-eastnets/0x2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Aug 26 13:10:27.187882: | sending V2 new request packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:10:27.187893: | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:27.187896: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.187901: | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 Aug 26 13:10:27.187903: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Aug 26 13:10:27.187906: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:10:27.187908: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Aug 26 13:10:27.187910: | 00 0e 00 00 5f 75 e5 d5 c6 db 40 39 2a 0e 43 f2 Aug 26 13:10:27.187913: | 29 02 40 6e 2e b6 2e e8 59 fc 05 3f d9 e4 bd 50 Aug 26 13:10:27.187915: | 1d 91 0e 17 72 de f4 33 58 4e a0 78 38 32 58 39 Aug 26 13:10:27.187917: | ca 75 d8 5f 4a 13 32 1f ab ea e6 14 0e 3b 41 ef Aug 26 13:10:27.187920: | 70 97 32 a2 26 79 9d 4c b1 42 99 58 86 d8 71 17 Aug 26 13:10:27.187922: | de 97 6a 79 41 10 a7 fd bf 7c d7 67 a4 1f 89 7c Aug 26 13:10:27.187924: | 50 c6 fd 60 ac 43 68 e3 44 24 b5 c1 30 46 8d cf Aug 26 13:10:27.187926: | 68 d1 b3 39 e9 92 bf 9c d6 f0 78 8a 24 47 da 06 Aug 26 13:10:27.187928: | ce fc ef 2a 52 ba 0e bc 8b 75 e7 40 a6 06 c7 13 Aug 26 13:10:27.187930: | 48 f3 5f ea fa df 2f c5 fb 06 a4 ea 2d 5c 01 3a Aug 26 13:10:27.187932: | 9e 6d 38 6e 65 9e 92 72 3a e6 45 48 e9 2d 49 8a Aug 26 13:10:27.187935: | a9 ad 68 45 65 d6 04 3e ce eb 39 a3 00 87 09 8b Aug 26 13:10:27.187937: | e8 96 fb 81 05 c2 a6 30 80 f3 2c 5b 64 65 1e 53 Aug 26 13:10:27.187939: | a8 e1 5d 90 57 65 bf 47 b9 b9 23 8e e4 05 5f 67 Aug 26 13:10:27.187942: | 74 a3 0a e8 2e 8d 8f a0 3a 61 c0 ca 5c f7 c5 9d Aug 26 13:10:27.187944: | 03 93 87 3c 7d 7b 8a 27 80 b9 4b e5 61 5f 23 ef Aug 26 13:10:27.187947: | 76 f3 23 a4 29 00 00 24 28 c4 6e 45 bf e1 9f 2b Aug 26 13:10:27.187949: | 6a c5 4f c5 a8 d0 68 b6 3f cf 73 7b c4 da 77 f4 Aug 26 13:10:27.187951: | 53 cd ae 54 73 26 e3 c6 29 00 00 08 00 00 40 2e Aug 26 13:10:27.187954: | 29 00 00 1c 00 00 40 04 9b 28 99 9a 12 57 bf c4 Aug 26 13:10:27.187956: | ed ee f8 52 09 04 95 90 7e 59 18 59 00 00 00 1c Aug 26 13:10:27.187958: | 00 00 40 05 44 a5 8b 90 40 7e aa 0d 14 c0 4d d7 Aug 26 13:10:27.187960: | ee 49 1a 16 b5 85 4f 2c Aug 26 13:10:27.188413: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:27.188425: | libevent_free: release ptr-libevent@0x55ad88ade200 Aug 26 13:10:27.188428: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ad88ade1c0 Aug 26 13:10:27.188430: | event_schedule: new EVENT_SO_DISCARD-pe@0x55ad88ade1c0 Aug 26 13:10:27.188433: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:10:27.188435: | libevent_malloc: new ptr-libevent@0x55ad88ade200 size 128 Aug 26 13:10:27.188438: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:27.188444: | #1 spent 1.04 milliseconds in resume sending helper answer Aug 26 13:10:27.188448: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:10:27.188450: | libevent_free: release ptr-libevent@0x7f393c006900 Aug 26 13:10:27.194426: | spent 0.00271 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.194447: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.194449: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.194451: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.194453: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.194454: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.194456: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.194457: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.194459: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.194460: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.194462: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.194463: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.194464: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.194468: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.194470: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.194471: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.194473: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.194474: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.194476: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.194477: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.194479: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.194480: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.194481: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.194483: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.194484: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.194486: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.194487: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.194489: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.194490: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.194492: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.194493: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.194496: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.194499: | **parse ISAKMP Message: Aug 26 13:10:27.194501: | initiator cookie: Aug 26 13:10:27.194502: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.194504: | responder cookie: Aug 26 13:10:27.194505: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.194507: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.194509: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.194511: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.194513: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.194514: | Message ID: 1 (0x1) Aug 26 13:10:27.194516: | length: 464 (0x1d0) Aug 26 13:10:27.194518: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.194520: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.194523: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.194527: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.194529: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:27.194532: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:27.194534: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.194537: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:10:27.194539: | unpacking clear payload Aug 26 13:10:27.194540: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:27.194542: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:27.194544: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:10:27.194546: | flags: none (0x0) Aug 26 13:10:27.194547: | length: 436 (0x1b4) Aug 26 13:10:27.194549: | processing payload: ISAKMP_NEXT_v2SK (len=432) Aug 26 13:10:27.194552: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:27.194554: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:10:27.194557: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:10:27.194558: | Now let's proceed with state specific processing Aug 26 13:10:27.194560: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:10:27.194562: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:10:27.194569: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Aug 26 13:10:27.194571: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:10:27.194573: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:10:27.194576: | libevent_free: release ptr-libevent@0x55ad88ade200 Aug 26 13:10:27.194578: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55ad88ade1c0 Aug 26 13:10:27.194580: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ad88ade1c0 Aug 26 13:10:27.194582: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:10:27.194584: | libevent_malloc: new ptr-libevent@0x55ad88ade200 size 128 Aug 26 13:10:27.194592: | #1 spent 0.0291 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:10:27.194596: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:27.194598: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:10:27.194600: | suspending state #1 and saving MD Aug 26 13:10:27.194602: | #1 is busy; has a suspended MD Aug 26 13:10:27.194605: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:27.194607: | "north-eastnets/0x2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:27.194610: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.194612: | #1 spent 0.175 milliseconds in ikev2_process_packet() Aug 26 13:10:27.194615: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.194617: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.194619: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.194621: | spent 0.183 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.194630: | crypto helper 1 resuming Aug 26 13:10:27.194639: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:10:27.194642: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:10:27.194644: | crypto helper is pausing for 2 seconds Aug 26 13:10:27.244718: | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.244746: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.244750: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.244752: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.244754: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.244755: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.244757: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.244758: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.244760: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.244761: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.244763: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.244765: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.244768: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.244771: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.244775: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.244778: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.244780: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.244783: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.244785: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.244786: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.244790: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.244791: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.244793: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.244794: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.244796: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.244797: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.244799: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.244800: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.244802: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.244803: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.244805: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.244810: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.244815: | **parse ISAKMP Message: Aug 26 13:10:27.244819: | initiator cookie: Aug 26 13:10:27.244821: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.244823: | responder cookie: Aug 26 13:10:27.244825: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.244827: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.244829: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.244830: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.244832: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.244834: | Message ID: 1 (0x1) Aug 26 13:10:27.244835: | length: 464 (0x1d0) Aug 26 13:10:27.244837: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.244840: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.244843: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.244850: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.244857: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:27.244861: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.244864: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:27.244866: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.244870: | #1 spent 0.137 milliseconds in ikev2_process_packet() Aug 26 13:10:27.244873: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.244875: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.244877: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.244880: | spent 0.148 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.296052: | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.296071: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.296074: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.296075: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.296077: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.296078: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.296080: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.296081: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.296083: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.296084: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.296085: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.296087: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.296088: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.296092: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.296093: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.296095: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.296096: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.296098: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.296099: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.296101: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.296102: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.296104: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.296105: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.296107: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.296108: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.296109: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.296111: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.296112: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.296114: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.296115: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.296117: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.296120: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.296124: | **parse ISAKMP Message: Aug 26 13:10:27.296126: | initiator cookie: Aug 26 13:10:27.296127: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.296129: | responder cookie: Aug 26 13:10:27.296130: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.296132: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.296134: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.296136: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.296138: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.296139: | Message ID: 1 (0x1) Aug 26 13:10:27.296141: | length: 464 (0x1d0) Aug 26 13:10:27.296143: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.296145: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.296148: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.296153: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.296156: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:27.296158: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.296160: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:27.296163: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.296166: | #1 spent 0.102 milliseconds in ikev2_process_packet() Aug 26 13:10:27.296169: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.296171: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.296173: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.296176: | spent 0.112 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.397455: | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.397473: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.397476: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.397478: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.397479: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.397481: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.397485: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.397486: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.397488: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.397489: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.397491: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.397492: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.397494: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.397495: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.397497: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.397498: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.397500: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.397501: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.397503: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.397504: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.397506: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.397507: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.397509: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.397510: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.397512: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.397513: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.397515: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.397516: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.397518: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.397519: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.397521: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.397524: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.397527: | **parse ISAKMP Message: Aug 26 13:10:27.397529: | initiator cookie: Aug 26 13:10:27.397531: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.397532: | responder cookie: Aug 26 13:10:27.397534: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.397536: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.397538: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.397539: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.397542: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.397543: | Message ID: 1 (0x1) Aug 26 13:10:27.397545: | length: 464 (0x1d0) Aug 26 13:10:27.397547: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.397549: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.397552: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.397557: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.397560: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:27.397562: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.397564: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:27.397567: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.397571: | #1 spent 0.105 milliseconds in ikev2_process_packet() Aug 26 13:10:27.397573: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.397576: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.397578: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.397580: | spent 0.115 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.598127: | spent 0.00309 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.598150: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.598155: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.598157: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.598160: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.598162: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.598164: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.598166: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.598169: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.598171: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.598174: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.598176: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.598179: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.598181: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.598184: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.598186: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.598189: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.598191: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.598193: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.598196: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.598198: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.598200: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.598203: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.598205: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.598208: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.598211: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.598213: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.598216: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.598218: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.598221: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.598223: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.598228: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.598233: | **parse ISAKMP Message: Aug 26 13:10:27.598236: | initiator cookie: Aug 26 13:10:27.598239: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.598241: | responder cookie: Aug 26 13:10:27.598244: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.598247: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.598250: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.598253: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.598256: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.598259: | Message ID: 1 (0x1) Aug 26 13:10:27.598262: | length: 464 (0x1d0) Aug 26 13:10:27.598265: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.598268: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.598273: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.598280: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.598286: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:27.598304: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.598308: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:27.598314: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.598322: | #1 spent 0.168 milliseconds in ikev2_process_packet() Aug 26 13:10:27.598327: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.598331: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.598335: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.598339: | spent 0.186 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:27.998477: | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:27.998928: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:27.998936: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.998939: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:27.998942: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:27.998945: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:27.998947: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:27.998950: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:27.998952: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:27.998954: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:27.998956: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:27.998959: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:27.998961: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:27.998963: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:27.998966: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:27.998968: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:27.998971: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:27.998973: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:27.998975: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:27.998978: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:27.998980: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:27.998983: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:27.998985: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:27.998988: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:27.998990: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:27.998992: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:27.998995: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:27.998997: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:27.998999: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:27.999002: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:27.999004: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:27.999010: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:27.999014: | **parse ISAKMP Message: Aug 26 13:10:27.999017: | initiator cookie: Aug 26 13:10:27.999020: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:27.999023: | responder cookie: Aug 26 13:10:27.999025: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:27.999028: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:27.999031: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:27.999034: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:27.999050: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:27.999052: | Message ID: 1 (0x1) Aug 26 13:10:27.999055: | length: 464 (0x1d0) Aug 26 13:10:27.999057: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:27.999061: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:27.999065: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:27.999072: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:27.999080: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:27.999084: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:27.999087: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:27.999091: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:27.999096: | #1 spent 0.604 milliseconds in ikev2_process_packet() Aug 26 13:10:27.999100: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:27.999103: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:27.999106: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:27.999110: | spent 0.618 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:28.799868: | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:28.800119: | *received 464 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:28.800123: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:28.800125: | 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:28.800127: | 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:28.800128: | 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:28.800130: | 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:28.800131: | 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:28.800133: | 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:28.800134: | c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:28.800136: | 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:28.800137: | dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:28.800139: | 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:28.800140: | b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:28.800142: | 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:28.800143: | 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:28.800145: | 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:28.800146: | be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:28.800148: | aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:28.800149: | 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:28.800151: | 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:28.800152: | 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:28.800154: | fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:28.800155: | ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:28.800157: | ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:28.800158: | 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:28.800160: | 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:28.800161: | 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:28.800163: | 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:28.800164: | 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:28.800166: | 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:28.800169: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:28.800172: | **parse ISAKMP Message: Aug 26 13:10:28.800174: | initiator cookie: Aug 26 13:10:28.800176: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:28.800177: | responder cookie: Aug 26 13:10:28.800179: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:28.800181: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:28.800183: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:28.800186: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:28.800188: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:28.800190: | Message ID: 1 (0x1) Aug 26 13:10:28.800192: | length: 464 (0x1d0) Aug 26 13:10:28.800194: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:10:28.800196: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:10:28.800199: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:10:28.800204: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:28.800207: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:28.800209: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:10:28.800211: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Aug 26 13:10:28.800214: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:28.800217: | #1 spent 0.336 milliseconds in ikev2_process_packet() Aug 26 13:10:28.800220: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:28.800222: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:28.800224: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:28.800227: | spent 0.346 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:29.195233: | calculating skeyseed using prf=sha2_256 integ=sha2_256 cipherkey-size=32 salt-size=0 Aug 26 13:10:29.195603: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 2.000959 seconds Aug 26 13:10:29.195613: | (#1) spent 0.909 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:10:29.195616: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:10:29.195618: | scheduling resume sending helper answer for #1 Aug 26 13:10:29.195621: | libevent_malloc: new ptr-libevent@0x7f3934003060 size 128 Aug 26 13:10:29.195629: | crypto helper 1 waiting (nothing to do) Aug 26 13:10:29.195665: | processing resume sending helper answer for #1 Aug 26 13:10:29.195676: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Aug 26 13:10:29.195680: | crypto helper 1 replies to request ID 2 Aug 26 13:10:29.195681: | calling continuation function 0x55ad87b83b50 Aug 26 13:10:29.195683: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:10:29.195686: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:10:29.195703: | data for hmac: 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.195706: | data for hmac: 2e 20 23 08 00 00 00 01 00 00 01 d0 23 00 01 b4 Aug 26 13:10:29.195707: | data for hmac: 66 f4 89 12 1b 52 ab 97 78 a5 e4 83 35 7b 8c ba Aug 26 13:10:29.195709: | data for hmac: 91 4a 3c 78 bf 27 ba 51 59 78 2f 4b 59 79 14 30 Aug 26 13:10:29.195710: | data for hmac: 63 3f 42 23 99 e4 5e a0 72 d6 5a 6c 54 4a f0 2a Aug 26 13:10:29.195712: | data for hmac: 6f 45 53 98 4b 85 96 ce eb 85 ce fa 0a b1 76 0b Aug 26 13:10:29.195713: | data for hmac: 92 5a 4e 0c 3c a0 4d cc 8f f6 a2 4e e0 94 a7 1c Aug 26 13:10:29.195715: | data for hmac: c4 2f fa 97 1d 27 87 8f 60 e4 6b 8b 47 5a da c3 Aug 26 13:10:29.195716: | data for hmac: 0d 27 b0 31 67 e2 43 76 e0 79 c2 ad 7a cc 1f 41 Aug 26 13:10:29.195718: | data for hmac: dd 45 55 c1 76 f5 b8 17 ac 0b 75 d8 6d 1c f6 6f Aug 26 13:10:29.195719: | data for hmac: 94 ff b6 69 46 5f 91 d6 0d 51 a3 11 44 bd d8 83 Aug 26 13:10:29.195721: | data for hmac: b3 0d 06 7b b2 d8 57 36 da ca 19 7a 91 59 e2 ab Aug 26 13:10:29.195722: | data for hmac: 43 04 de b7 41 f9 27 e2 ec 66 5f 39 28 24 d1 6a Aug 26 13:10:29.195724: | data for hmac: 77 28 86 d4 cf d6 5f 19 8d 18 dd 0a 7e af 23 84 Aug 26 13:10:29.195730: | data for hmac: 72 d0 d4 0e 3b 80 cd 82 90 1d 76 69 9b 63 e6 be Aug 26 13:10:29.195732: | data for hmac: be e0 e2 e9 71 f6 4c bf 00 d6 28 bf a1 21 8a 7f Aug 26 13:10:29.195734: | data for hmac: aa 7a 44 25 4f 21 85 6e 27 5d 4e 05 45 14 d7 e9 Aug 26 13:10:29.195735: | data for hmac: 0e 19 d5 29 e9 6a d1 bd 3f b0 0b 9e 11 6a d8 a1 Aug 26 13:10:29.195737: | data for hmac: 1f 36 e2 08 f8 dc 75 bb ce ac 16 40 92 b6 a6 65 Aug 26 13:10:29.195738: | data for hmac: 7b 8b 3f 55 2b 2c ed d3 d8 0a fe 6b 71 f1 0e 08 Aug 26 13:10:29.195740: | data for hmac: fe 0d a8 5f c1 26 e9 5f ba 7f db 63 40 b2 74 20 Aug 26 13:10:29.195741: | data for hmac: ec 06 74 f7 e2 ea 58 83 fe 90 0b eb 53 e6 63 21 Aug 26 13:10:29.195743: | data for hmac: ff da 69 9a 2d 2b 23 ee 6b f2 50 69 54 d9 bd 4f Aug 26 13:10:29.195744: | data for hmac: 0b 5b e1 3e ab f7 5b 9e 7c 6e 55 29 70 5e f3 dc Aug 26 13:10:29.195746: | data for hmac: 42 8e 12 b6 3f a3 74 c8 bd 22 f5 cc 17 16 56 c9 Aug 26 13:10:29.195747: | data for hmac: 3f dc 2b 88 11 e2 e0 da 28 fe 17 d0 84 3f 98 3e Aug 26 13:10:29.195749: | data for hmac: 90 cc 76 04 05 a9 81 58 36 1d da d1 27 0b 67 0d Aug 26 13:10:29.195750: | data for hmac: 4c 2f 5e f4 38 ce 13 7d b3 4f 76 6c 27 8a 4a 84 Aug 26 13:10:29.195752: | calculated auth: 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:29.195753: | provided auth: 4d 75 fa 68 62 a2 f4 0f db 61 c5 3a 44 18 d9 d5 Aug 26 13:10:29.195755: | authenticator matched Aug 26 13:10:29.195761: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:10:29.195764: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:10:29.195766: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:10:29.195768: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:10:29.195770: | flags: none (0x0) Aug 26 13:10:29.195772: | length: 12 (0xc) Aug 26 13:10:29.195774: | ID type: ID_FQDN (0x2) Aug 26 13:10:29.195776: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Aug 26 13:10:29.195777: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:10:29.195779: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:10:29.195780: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:10:29.195782: | flags: none (0x0) Aug 26 13:10:29.195784: | length: 13 (0xd) Aug 26 13:10:29.195785: | ID type: ID_FQDN (0x2) Aug 26 13:10:29.195787: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Aug 26 13:10:29.195788: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:10:29.195790: | **parse IKEv2 Authentication Payload: Aug 26 13:10:29.195792: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:29.195793: | flags: none (0x0) Aug 26 13:10:29.195795: | length: 282 (0x11a) Aug 26 13:10:29.195797: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:29.195798: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Aug 26 13:10:29.195800: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:29.195801: | **parse IKEv2 Security Association Payload: Aug 26 13:10:29.195803: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:10:29.195805: | flags: none (0x0) Aug 26 13:10:29.195806: | length: 44 (0x2c) Aug 26 13:10:29.195808: | processing payload: ISAKMP_NEXT_v2SA (len=40) Aug 26 13:10:29.195809: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:10:29.195811: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:29.195813: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:10:29.195814: | flags: none (0x0) Aug 26 13:10:29.195816: | length: 24 (0x18) Aug 26 13:10:29.195818: | number of TS: 1 (0x1) Aug 26 13:10:29.195819: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:10:29.195821: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:10:29.195822: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:29.195824: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.195826: | flags: none (0x0) Aug 26 13:10:29.195828: | length: 24 (0x18) Aug 26 13:10:29.195830: | number of TS: 1 (0x1) Aug 26 13:10:29.195831: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:10:29.195833: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:10:29.195835: | Now let's proceed with state specific processing Aug 26 13:10:29.195836: | calling processor Responder: process IKE_AUTH request Aug 26 13:10:29.195841: "north-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Aug 26 13:10:29.195845: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:10:29.195847: | received IDr payload - extracting our alleged ID Aug 26 13:10:29.195850: | refine_host_connection for IKEv2: starting with "north-eastnets/0x2" Aug 26 13:10:29.195853: | match_id a=@east Aug 26 13:10:29.195855: | b=@east Aug 26 13:10:29.195857: | results matched Aug 26 13:10:29.195860: | refine_host_connection: checking "north-eastnets/0x2" against "north-eastnets/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Aug 26 13:10:29.195861: | Warning: not switching back to template of current instance Aug 26 13:10:29.195863: | Peer expects us to be @north (ID_FQDN) according to its IDr payload Aug 26 13:10:29.195865: | This connection's local id is @north (ID_FQDN) Aug 26 13:10:29.195867: | refine_host_connection: checked north-eastnets/0x2 against north-eastnets/0x2, now for see if best Aug 26 13:10:29.195869: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:29.195871: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:29.195874: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 13:10:29.195876: | 1: compared key (none) to @north / @east -> 002 Aug 26 13:10:29.195878: | 2: compared key (none) to @north / @east -> 002 Aug 26 13:10:29.195880: | line 1: match=002 Aug 26 13:10:29.195881: | match 002 beats previous best_match 000 match=0x55ad88ace1b0 (line=1) Aug 26 13:10:29.195883: | concluding with best_match=002 best=0x55ad88ace1b0 (lineno=1) Aug 26 13:10:29.195885: | returning because exact peer id match Aug 26 13:10:29.195887: | offered CA: '%none' Aug 26 13:10:29.195889: "north-eastnets/0x2" #1: IKEv2 mode peer ID is ID_FQDN: '@east' Aug 26 13:10:29.195900: | verifying AUTH payload Aug 26 13:10:29.195909: | required RSA CA is '%any' Aug 26 13:10:29.195911: | checking RSA keyid '@east' for match with '@east' Aug 26 13:10:29.195914: | key issuer CA is '%any' Aug 26 13:10:29.195973: | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] Aug 26 13:10:29.195981: | #1 spent 0.0612 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:10:29.195984: "north-eastnets/0x2" #1: Authenticated using RSA Aug 26 13:10:29.195988: | #1 spent 0.084 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:10:29.195991: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:10:29.195995: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:10:29.195998: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:10:29.196002: | libevent_free: release ptr-libevent@0x55ad88ade200 Aug 26 13:10:29.196004: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ad88ade1c0 Aug 26 13:10:29.196007: | event_schedule: new EVENT_SA_REKEY-pe@0x55ad88ade1c0 Aug 26 13:10:29.196011: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:10:29.196013: | libevent_malloc: new ptr-libevent@0x55ad88ade200 size 128 Aug 26 13:10:29.196102: | pstats #1 ikev2.ike established Aug 26 13:10:29.196110: | **emit ISAKMP Message: Aug 26 13:10:29.196113: | initiator cookie: Aug 26 13:10:29.196116: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:29.196118: | responder cookie: Aug 26 13:10:29.196120: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.196123: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:10:29.196126: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:29.196130: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:10:29.196133: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:10:29.196136: | Message ID: 1 (0x1) Aug 26 13:10:29.196139: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:10:29.196142: | IKEv2 CERT: send a certificate? Aug 26 13:10:29.196144: | IKEv2 CERT: no certificate to send Aug 26 13:10:29.196147: | ***emit IKEv2 Encryption Payload: Aug 26 13:10:29.196149: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.196152: | flags: none (0x0) Aug 26 13:10:29.196178: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:10:29.196182: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.196186: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:10:29.196193: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:29.196207: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:10:29.196211: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.196213: | flags: none (0x0) Aug 26 13:10:29.196216: | ID type: ID_FQDN (0x2) Aug 26 13:10:29.196219: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:10:29.196223: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.196226: | emitting 5 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:10:29.196229: | my identity 6e 6f 72 74 68 Aug 26 13:10:29.196232: | emitting length of IKEv2 Identification - Responder - Payload: 13 Aug 26 13:10:29.196240: | assembled IDr payload Aug 26 13:10:29.196243: | CHILD SA proposals received Aug 26 13:10:29.196245: | going to assemble AUTH payload Aug 26 13:10:29.196248: | ****emit IKEv2 Authentication Payload: Aug 26 13:10:29.196251: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:29.196253: | flags: none (0x0) Aug 26 13:10:29.196256: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:10:29.196260: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:10:29.196263: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:10:29.196266: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.196271: | started looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:29.196275: | actually looking for secret for @north->@east of kind PKK_RSA Aug 26 13:10:29.196278: | line 1: key type PKK_RSA(@north) to type PKK_RSA Aug 26 13:10:29.196282: | 1: compared key (none) to @north / @east -> 002 Aug 26 13:10:29.196285: | 2: compared key (none) to @north / @east -> 002 Aug 26 13:10:29.196287: | line 1: match=002 Aug 26 13:10:29.196299: | match 002 beats previous best_match 000 match=0x55ad88ace1b0 (line=1) Aug 26 13:10:29.196302: | concluding with best_match=002 best=0x55ad88ace1b0 (lineno=1) Aug 26 13:10:29.199663: | #1 spent 3.33 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:10:29.199672: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:10:29.199675: | rsa signature 04 17 da 74 fd dc 49 1f c4 a8 6a 8f c1 f1 28 ec Aug 26 13:10:29.199677: | rsa signature 92 b3 14 13 c5 1f 54 4a 22 13 6d 60 ed c9 0e e2 Aug 26 13:10:29.199678: | rsa signature 3e b5 a2 e2 9e 1f e9 52 f8 6c 96 f6 32 00 de 4c Aug 26 13:10:29.199680: | rsa signature 79 91 e2 c8 bf 55 d4 7b eb b0 26 44 32 91 ff 52 Aug 26 13:10:29.199681: | rsa signature 8b 34 09 b1 b3 b1 1d 70 eb f4 03 22 bb 86 34 20 Aug 26 13:10:29.199685: | rsa signature 82 18 7a 64 a7 a7 f9 6c e3 95 6d 5f 47 ab bb b9 Aug 26 13:10:29.199687: | rsa signature e1 4a 9f da 5d ac 75 0e 7d 8b c0 84 5a dc a5 40 Aug 26 13:10:29.199688: | rsa signature a8 24 1e a0 ef ec 8e 8f eb 79 ad 2e b0 02 63 c8 Aug 26 13:10:29.199690: | rsa signature 5d 74 1d a4 41 2e f5 47 2a 5b 99 5e bc 22 00 c3 Aug 26 13:10:29.199691: | rsa signature 3c 65 66 20 68 da 43 b6 cb b9 de a7 1c c1 14 f4 Aug 26 13:10:29.199693: | rsa signature f3 dd f2 6b a6 37 32 ab 9d 49 f9 09 f1 fa 26 d2 Aug 26 13:10:29.199694: | rsa signature 1f 88 97 6c 1a 84 64 90 33 36 fc fd 94 e7 03 db Aug 26 13:10:29.199696: | rsa signature 5a 58 9e 9a 01 71 56 a5 f2 44 a5 35 9e f8 37 86 Aug 26 13:10:29.199697: | rsa signature a2 92 83 32 35 57 fc 78 cf 29 cc a8 c6 6a 35 12 Aug 26 13:10:29.199699: | rsa signature 6e 42 ba 18 a3 43 3a 4c 72 e3 4d c8 ff 8a cf df Aug 26 13:10:29.199700: | rsa signature 0b 48 e0 13 fe 18 8d 74 4b 5e b7 bf 03 61 80 10 Aug 26 13:10:29.199702: | rsa signature 80 8b 2e ae f4 bf 32 86 d4 15 67 ea 22 ad 19 df Aug 26 13:10:29.199703: | rsa signature 85 d2 Aug 26 13:10:29.199706: | #1 spent 3.42 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:10:29.199708: | emitting length of IKEv2 Authentication Payload: 282 Aug 26 13:10:29.199712: | creating state object #2 at 0x55ad88ae75c0 Aug 26 13:10:29.199714: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:10:29.199717: | pstats #2 ikev2.child started Aug 26 13:10:29.199720: | duplicating state object #1 "north-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:10:29.199724: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:29.199729: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:29.199732: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:10:29.199735: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:10:29.199737: | Child SA TS Request has ike->sa == md->st; so using parent connection Aug 26 13:10:29.199739: | TSi: parsing 1 traffic selectors Aug 26 13:10:29.199741: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:29.199743: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.199745: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.199746: | length: 16 (0x10) Aug 26 13:10:29.199748: | start port: 0 (0x0) Aug 26 13:10:29.199750: | end port: 65535 (0xffff) Aug 26 13:10:29.199752: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:29.199753: | TS low c0 00 02 00 Aug 26 13:10:29.199755: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:29.199757: | TS high c0 00 02 ff Aug 26 13:10:29.199758: | TSi: parsed 1 traffic selectors Aug 26 13:10:29.199760: | TSr: parsing 1 traffic selectors Aug 26 13:10:29.199762: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:29.199763: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.199765: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.199766: | length: 16 (0x10) Aug 26 13:10:29.199768: | start port: 0 (0x0) Aug 26 13:10:29.199770: | end port: 65535 (0xffff) Aug 26 13:10:29.199784: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:29.199786: | TS low c0 00 03 00 Aug 26 13:10:29.199787: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:29.199789: | TS high c0 00 03 ff Aug 26 13:10:29.199790: | TSr: parsed 1 traffic selectors Aug 26 13:10:29.199792: | looking for best SPD in current connection Aug 26 13:10:29.199795: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.199799: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.199803: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:10:29.199805: | looking for better host pair Aug 26 13:10:29.199809: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:10:29.199812: | checking hostpair 192.0.3.0/24 -> 192.0.22.0/24 is found Aug 26 13:10:29.199813: | investigating connection "north-eastnets/0x2" as a better match Aug 26 13:10:29.199816: | match_id a=@east Aug 26 13:10:29.199817: | b=@east Aug 26 13:10:29.199819: | results matched Aug 26 13:10:29.199822: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.199824: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.199829: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Aug 26 13:10:29.199832: | investigating connection "north-eastnets/0x1" as a better match Aug 26 13:10:29.199835: | match_id a=@east Aug 26 13:10:29.199837: | b=@east Aug 26 13:10:29.199839: | results matched Aug 26 13:10:29.199843: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.199848: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.199853: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Aug 26 13:10:29.199856: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:29.199859: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:29.199862: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:29.199865: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.199869: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.199874: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:10:29.199877: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:29.199879: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:29.199882: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:29.199884: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.199887: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:29.199890: | protocol fitness found better match d north-eastnets/0x1, TSi[0],TSr[0] Aug 26 13:10:29.199894: | in connection_discard for connection north-eastnets/0x2 Aug 26 13:10:29.199897: | printing contents struct traffic_selector Aug 26 13:10:29.199899: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:29.199901: | ipprotoid: 0 Aug 26 13:10:29.199904: | port range: 0-65535 Aug 26 13:10:29.199907: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:10:29.199909: | printing contents struct traffic_selector Aug 26 13:10:29.199911: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:29.199913: | ipprotoid: 0 Aug 26 13:10:29.199915: | port range: 0-65535 Aug 26 13:10:29.199919: | ip range: 192.0.2.0-192.0.2.255 Aug 26 13:10:29.199923: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:10:29.199927: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:10:29.199933: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:10:29.199938: "north-eastnets/0x1": constructed local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED Aug 26 13:10:29.199941: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Aug 26 13:10:29.199944: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:29.199947: | local proposal 1 type PRF has 0 transforms Aug 26 13:10:29.199949: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:29.199953: | local proposal 1 type DH has 1 transforms Aug 26 13:10:29.199956: | local proposal 1 type ESN has 1 transforms Aug 26 13:10:29.199959: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:10:29.199962: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:29.199965: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:29.199967: | length: 40 (0x28) Aug 26 13:10:29.199970: | prop #: 1 (0x1) Aug 26 13:10:29.199972: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:29.199974: | spi size: 4 (0x4) Aug 26 13:10:29.199977: | # transforms: 3 (0x3) Aug 26 13:10:29.199980: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:29.199982: | remote SPI f3 b8 af f7 Aug 26 13:10:29.199985: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:10:29.199988: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.199990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.199993: | length: 12 (0xc) Aug 26 13:10:29.199995: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:29.199997: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:29.200000: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:29.200003: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:29.200005: | length/value: 128 (0x80) Aug 26 13:10:29.200009: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:29.200013: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.200015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.200018: | length: 8 (0x8) Aug 26 13:10:29.200020: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:29.200023: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:29.200026: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:10:29.200029: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.200032: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:29.200034: | length: 8 (0x8) Aug 26 13:10:29.200037: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:29.200039: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:29.200042: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:10:29.200046: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Aug 26 13:10:29.200050: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Aug 26 13:10:29.200053: | remote proposal 1 matches local proposal 1 Aug 26 13:10:29.200058: "north-eastnets/0x2" #1: proposal 1:ESP:SPI=f3b8aff7;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Aug 26 13:10:29.200063: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=f3b8aff7;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED Aug 26 13:10:29.200066: | converting proposal to internal trans attrs Aug 26 13:10:29.200085: | netlink_get_spi: allocated 0x94e23567 for esp.0@192.1.3.33 Aug 26 13:10:29.200101: | Emitting ikev2_proposal ... Aug 26 13:10:29.200105: | ****emit IKEv2 Security Association Payload: Aug 26 13:10:29.200107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.200110: | flags: none (0x0) Aug 26 13:10:29.200114: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:10:29.200117: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.200120: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:10:29.200123: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:29.200128: | prop #: 1 (0x1) Aug 26 13:10:29.200130: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:29.200133: | spi size: 4 (0x4) Aug 26 13:10:29.200135: | # transforms: 3 (0x3) Aug 26 13:10:29.200139: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:10:29.200142: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:10:29.200145: | our spi 94 e2 35 67 Aug 26 13:10:29.200148: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:29.200151: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.200154: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:29.200157: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:29.200160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:29.200163: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:10:29.200166: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:29.200168: | length/value: 128 (0x80) Aug 26 13:10:29.200171: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:10:29.200174: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:29.200177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.200179: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:29.200182: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:29.200186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.200189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:29.200192: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:29.200195: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:10:29.200197: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:29.200200: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:29.200203: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:29.200206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.200209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:10:29.200212: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:10:29.200215: | emitting length of IKEv2 Proposal Substructure Payload: 40 Aug 26 13:10:29.200218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:10:29.200220: | emitting length of IKEv2 Security Association Payload: 44 Aug 26 13:10:29.200223: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:10:29.200226: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:29.200229: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.200231: | flags: none (0x0) Aug 26 13:10:29.200234: | number of TS: 1 (0x1) Aug 26 13:10:29.200237: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:10:29.200240: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.200243: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:29.200246: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.200248: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.200251: | start port: 0 (0x0) Aug 26 13:10:29.200253: | end port: 65535 (0xffff) Aug 26 13:10:29.200257: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:29.200261: | ipv4 start c0 00 02 00 Aug 26 13:10:29.200264: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:29.200266: | ipv4 end c0 00 02 ff Aug 26 13:10:29.200269: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:29.200272: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:10:29.200274: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:29.200276: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.200279: | flags: none (0x0) Aug 26 13:10:29.200281: | number of TS: 1 (0x1) Aug 26 13:10:29.200285: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:10:29.200292: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:10:29.200297: | *****emit IKEv2 Traffic Selector: Aug 26 13:10:29.200300: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.200302: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.200305: | start port: 0 (0x0) Aug 26 13:10:29.200307: | end port: 65535 (0xffff) Aug 26 13:10:29.200310: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:10:29.200325: | ipv4 start c0 00 03 00 Aug 26 13:10:29.200328: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:10:29.200330: | ipv4 end c0 00 03 ff Aug 26 13:10:29.200332: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:10:29.200335: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:10:29.200338: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:10:29.200341: | integ=sha2_512: .key_size=64 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=80 Aug 26 13:10:29.200652: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:10:29.200660: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:10:29.200663: | could_route called for north-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:10:29.200666: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:29.200669: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:10:29.200671: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:10:29.200673: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:10:29.200675: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:10:29.200678: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:10:29.200681: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:10:29.200683: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:10:29.200685: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:10:29.200688: | setting IPsec SA replay-window to 32 Aug 26 13:10:29.200690: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:10:29.200692: | netlink: enabling tunnel mode Aug 26 13:10:29.200694: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:29.200696: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:29.200809: | netlink response for Add SA esp.f3b8aff7@192.1.2.23 included non-error error Aug 26 13:10:29.200812: | set up outgoing SA, ref=0/0 Aug 26 13:10:29.200815: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Aug 26 13:10:29.200816: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:10:29.200818: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Aug 26 13:10:29.200820: | setting IPsec SA replay-window to 32 Aug 26 13:10:29.200822: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Aug 26 13:10:29.200824: | netlink: enabling tunnel mode Aug 26 13:10:29.200826: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:10:29.200827: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:10:29.200869: | netlink response for Add SA esp.94e23567@192.1.3.33 included non-error error Aug 26 13:10:29.200872: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:29.200877: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:10:29.200879: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:29.200918: | raw_eroute result=success Aug 26 13:10:29.200920: | set up incoming SA, ref=0/0 Aug 26 13:10:29.200922: | sr for #2: unrouted Aug 26 13:10:29.200924: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:10:29.200925: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:10:29.200927: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:10:29.200929: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:10:29.200931: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:10:29.200932: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:10:29.200935: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:10:29.200937: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:10:29.200940: | priority calculation of connection "north-eastnets/0x1" is 0xfe7e7 Aug 26 13:10:29.200944: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:10:29.200946: | IPsec Sa SPD priority set to 1042407 Aug 26 13:10:29.200990: | raw_eroute result=success Aug 26 13:10:29.200993: | running updown command "ipsec _updown" for verb up Aug 26 13:10:29.200994: | command executing up-client Aug 26 13:10:29.201011: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf3b8 Aug 26 13:10:29.201014: | popen cmd is 1038 chars long Aug 26 13:10:29.201016: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Aug 26 13:10:29.201017: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Aug 26 13:10:29.201019: | cmd( 160):MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PL: Aug 26 13:10:29.201021: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Aug 26 13:10:29.201022: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Aug 26 13:10:29.201024: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Aug 26 13:10:29.201026: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Aug 26 13:10:29.201027: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCR: Aug 26 13:10:29.201029: | cmd( 640):YPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='C: Aug 26 13:10:29.201031: | cmd( 720):K_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0': Aug 26 13:10:29.201032: | cmd( 800): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Aug 26 13:10:29.201036: | cmd( 880):_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Aug 26 13:10:29.201038: | cmd( 960):G='no' VTI_SHARED='no' SPI_IN=0xf3b8aff7 SPI_OUT=0x94e23567 ipsec _updown 2>&1: Aug 26 13:10:29.208393: | route_and_eroute: firewall_notified: true Aug 26 13:10:29.208405: | running updown command "ipsec _updown" for verb prepare Aug 26 13:10:29.208408: | command executing prepare-client Aug 26 13:10:29.208430: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI Aug 26 13:10:29.208433: | popen cmd is 1043 chars long Aug 26 13:10:29.208435: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Aug 26 13:10:29.208437: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Aug 26 13:10:29.208438: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Aug 26 13:10:29.208440: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Aug 26 13:10:29.208441: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Aug 26 13:10:29.208443: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Aug 26 13:10:29.208445: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 13:10:29.208446: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Aug 26 13:10:29.208448: | cmd( 640):+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Aug 26 13:10:29.208449: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Aug 26 13:10:29.208451: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Aug 26 13:10:29.208453: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Aug 26 13:10:29.208454: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0xf3b8aff7 SPI_OUT=0x94e23567 ipsec _updown 2: Aug 26 13:10:29.208456: | cmd(1040):>&1: Aug 26 13:10:29.215137: | running updown command "ipsec _updown" for verb route Aug 26 13:10:29.215147: | command executing route-client Aug 26 13:10:29.215167: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN= Aug 26 13:10:29.215173: | popen cmd is 1041 chars long Aug 26 13:10:29.215175: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Aug 26 13:10:29.215176: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Aug 26 13:10:29.215178: | cmd( 160):TO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Aug 26 13:10:29.215180: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Aug 26 13:10:29.215181: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Aug 26 13:10:29.215183: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_: Aug 26 13:10:29.215185: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Aug 26 13:10:29.215186: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E: Aug 26 13:10:29.215188: | cmd( 640):NCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND: Aug 26 13:10:29.215189: | cmd( 720):='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=: Aug 26 13:10:29.215191: | cmd( 800):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Aug 26 13:10:29.215193: | cmd( 880):CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Aug 26 13:10:29.215194: | cmd( 960):TING='no' VTI_SHARED='no' SPI_IN=0xf3b8aff7 SPI_OUT=0x94e23567 ipsec _updown 2>&: Aug 26 13:10:29.215196: | cmd(1040):1: Aug 26 13:10:29.225174: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x55ad88ad9af0,sr=0x55ad88ad9af0} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:10:29.225251: | #1 spent 1.49 milliseconds in install_ipsec_sa() Aug 26 13:10:29.225257: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:10:29.225260: | adding 13 bytes of padding (including 1 byte padding-length) Aug 26 13:10:29.225263: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225266: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225268: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225269: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225271: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225273: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225274: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225276: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225278: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225280: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225281: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225283: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225285: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:10:29.225287: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:10:29.225311: | emitting length of IKEv2 Encryption Payload: 436 Aug 26 13:10:29.225314: | emitting length of ISAKMP Message: 464 Aug 26 13:10:29.225387: | data being hmac: 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.225392: | data being hmac: 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:10:29.225394: | data being hmac: d5 c9 98 85 fb c1 5d de 0a 87 45 67 58 93 83 c2 Aug 26 13:10:29.225395: | data being hmac: 87 a0 ea 17 f0 fb 24 be d8 e6 39 d6 3f 13 8a 02 Aug 26 13:10:29.225397: | data being hmac: 79 2a 6f a0 30 12 71 ba 0e 7c 9a 28 2a 5e 54 e1 Aug 26 13:10:29.225398: | data being hmac: fa 4a 0f 96 78 c9 24 da 04 23 b2 f7 96 9a 80 af Aug 26 13:10:29.225400: | data being hmac: 5b 04 3e 55 fb 00 1b e8 ae 05 87 dc 66 8b 77 d8 Aug 26 13:10:29.225401: | data being hmac: 51 13 4f c4 82 d3 01 11 94 77 54 8d 42 47 d4 3d Aug 26 13:10:29.225403: | data being hmac: 73 db 68 1a bf 8b 9a 19 14 59 08 ce 6b 0d 5f 06 Aug 26 13:10:29.225404: | data being hmac: fe d5 eb 58 6a 7e 9c d4 d0 4f e3 f3 0a 67 49 a7 Aug 26 13:10:29.225406: | data being hmac: 76 b1 bb a5 cc 5d 35 36 d9 6b 37 76 1e 42 75 24 Aug 26 13:10:29.225407: | data being hmac: 5e ed 2d 3e 7c bd f0 73 aa 78 fb c5 4a b7 b3 45 Aug 26 13:10:29.225409: | data being hmac: c7 2d 96 96 b0 38 ec 25 3a 79 c6 60 ca f8 77 83 Aug 26 13:10:29.225410: | data being hmac: c5 4a 28 4b 98 c4 ae 48 09 9f 58 b2 96 b4 3a 60 Aug 26 13:10:29.225412: | data being hmac: 46 91 ff 4c 49 21 58 aa 69 a5 1b 36 95 26 cc 09 Aug 26 13:10:29.225413: | data being hmac: 76 48 ff f5 3c 1f 80 8b ab 94 f5 27 0c db ef 73 Aug 26 13:10:29.225415: | data being hmac: c5 23 ec 1a eb 73 3e d1 70 eb f4 1d 38 1c 0f 20 Aug 26 13:10:29.225416: | data being hmac: 5f 46 f7 00 17 31 20 46 26 c8 4c 6e ae 8f 8a 76 Aug 26 13:10:29.225418: | data being hmac: 5a 7f 21 ad 15 5f bf 65 e1 0b 05 fd d2 d5 24 d2 Aug 26 13:10:29.225419: | data being hmac: 9c 93 e4 3a 09 13 75 ef 76 4f e1 41 ef b0 02 80 Aug 26 13:10:29.225421: | data being hmac: 69 b1 e3 3b 86 c0 7e 5d 33 17 ef 25 00 a6 22 dc Aug 26 13:10:29.225422: | data being hmac: f5 6f 9f b6 45 4a 16 d5 1e 2a fa 59 e9 67 e9 96 Aug 26 13:10:29.225424: | data being hmac: c4 34 54 99 a0 56 94 23 bd 28 7a ae df d0 46 a6 Aug 26 13:10:29.225425: | data being hmac: 4a 28 ef df b4 2e 57 be 23 3a 8b 55 a0 e7 64 a5 Aug 26 13:10:29.225427: | data being hmac: 0a 30 24 d4 de bc 96 c2 54 16 22 b5 28 45 e4 a7 Aug 26 13:10:29.225428: | data being hmac: 75 a0 f7 b4 5d 91 e6 47 77 3c 50 81 01 e6 be e9 Aug 26 13:10:29.225430: | data being hmac: 49 d3 2b da f3 be 8c 21 16 4d 86 98 a3 36 c8 d7 Aug 26 13:10:29.225431: | data being hmac: da 94 22 9b cd 49 78 cb 19 0a d0 83 e0 34 32 4e Aug 26 13:10:29.225433: | out calculated auth: Aug 26 13:10:29.225434: | c3 82 70 74 d3 15 98 d5 23 90 ad 3f db da d3 e6 Aug 26 13:10:29.225438: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:10:29.225444: | #1 spent 6.47 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:10:29.225450: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:29.225453: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:29.225456: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:10:29.225458: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:10:29.225461: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:10:29.225463: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:10:29.225467: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:10:29.225470: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:10:29.225472: | pstats #2 ikev2.child established Aug 26 13:10:29.225479: "north-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Aug 26 13:10:29.225482: | NAT-T: encaps is 'auto' Aug 26 13:10:29.225485: "north-eastnets/0x1" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xf3b8aff7 <0x94e23567 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Aug 26 13:10:29.225488: | sending V2 new request packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:10:29.225494: | sending 464 bytes for STATE_PARENT_R1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:10:29.225496: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.225498: | 2e 20 23 20 00 00 00 01 00 00 01 d0 24 00 01 b4 Aug 26 13:10:29.225499: | d5 c9 98 85 fb c1 5d de 0a 87 45 67 58 93 83 c2 Aug 26 13:10:29.225501: | 87 a0 ea 17 f0 fb 24 be d8 e6 39 d6 3f 13 8a 02 Aug 26 13:10:29.225502: | 79 2a 6f a0 30 12 71 ba 0e 7c 9a 28 2a 5e 54 e1 Aug 26 13:10:29.225504: | fa 4a 0f 96 78 c9 24 da 04 23 b2 f7 96 9a 80 af Aug 26 13:10:29.225505: | 5b 04 3e 55 fb 00 1b e8 ae 05 87 dc 66 8b 77 d8 Aug 26 13:10:29.225506: | 51 13 4f c4 82 d3 01 11 94 77 54 8d 42 47 d4 3d Aug 26 13:10:29.225508: | 73 db 68 1a bf 8b 9a 19 14 59 08 ce 6b 0d 5f 06 Aug 26 13:10:29.225509: | fe d5 eb 58 6a 7e 9c d4 d0 4f e3 f3 0a 67 49 a7 Aug 26 13:10:29.225511: | 76 b1 bb a5 cc 5d 35 36 d9 6b 37 76 1e 42 75 24 Aug 26 13:10:29.225512: | 5e ed 2d 3e 7c bd f0 73 aa 78 fb c5 4a b7 b3 45 Aug 26 13:10:29.225514: | c7 2d 96 96 b0 38 ec 25 3a 79 c6 60 ca f8 77 83 Aug 26 13:10:29.225515: | c5 4a 28 4b 98 c4 ae 48 09 9f 58 b2 96 b4 3a 60 Aug 26 13:10:29.225517: | 46 91 ff 4c 49 21 58 aa 69 a5 1b 36 95 26 cc 09 Aug 26 13:10:29.225518: | 76 48 ff f5 3c 1f 80 8b ab 94 f5 27 0c db ef 73 Aug 26 13:10:29.225520: | c5 23 ec 1a eb 73 3e d1 70 eb f4 1d 38 1c 0f 20 Aug 26 13:10:29.225521: | 5f 46 f7 00 17 31 20 46 26 c8 4c 6e ae 8f 8a 76 Aug 26 13:10:29.225522: | 5a 7f 21 ad 15 5f bf 65 e1 0b 05 fd d2 d5 24 d2 Aug 26 13:10:29.225524: | 9c 93 e4 3a 09 13 75 ef 76 4f e1 41 ef b0 02 80 Aug 26 13:10:29.225525: | 69 b1 e3 3b 86 c0 7e 5d 33 17 ef 25 00 a6 22 dc Aug 26 13:10:29.225527: | f5 6f 9f b6 45 4a 16 d5 1e 2a fa 59 e9 67 e9 96 Aug 26 13:10:29.225528: | c4 34 54 99 a0 56 94 23 bd 28 7a ae df d0 46 a6 Aug 26 13:10:29.225530: | 4a 28 ef df b4 2e 57 be 23 3a 8b 55 a0 e7 64 a5 Aug 26 13:10:29.225531: | 0a 30 24 d4 de bc 96 c2 54 16 22 b5 28 45 e4 a7 Aug 26 13:10:29.225533: | 75 a0 f7 b4 5d 91 e6 47 77 3c 50 81 01 e6 be e9 Aug 26 13:10:29.225534: | 49 d3 2b da f3 be 8c 21 16 4d 86 98 a3 36 c8 d7 Aug 26 13:10:29.225536: | da 94 22 9b cd 49 78 cb 19 0a d0 83 e0 34 32 4e Aug 26 13:10:29.225537: | c3 82 70 74 d3 15 98 d5 23 90 ad 3f db da d3 e6 Aug 26 13:10:29.225573: | releasing whack for #2 (sock=fd@-1) Aug 26 13:10:29.225576: | releasing whack and unpending for parent #1 Aug 26 13:10:29.225578: | unpending state #1 connection "north-eastnets/0x1" Aug 26 13:10:29.225581: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:10:29.225583: | event_schedule: new EVENT_SA_REKEY-pe@0x55ad88a60980 Aug 26 13:10:29.225586: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:10:29.225589: | libevent_malloc: new ptr-libevent@0x55ad88ae6670 size 128 Aug 26 13:10:29.225596: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:10:29.225600: | #1 spent 6.76 milliseconds in resume sending helper answer Aug 26 13:10:29.225603: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Aug 26 13:10:29.225607: | libevent_free: release ptr-libevent@0x7f3934003060 Aug 26 13:10:29.225617: | processing signal PLUTO_SIGCHLD Aug 26 13:10:29.225621: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:29.225624: | spent 0.00367 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:29.225627: | processing signal PLUTO_SIGCHLD Aug 26 13:10:29.225630: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:29.225632: | spent 0.00243 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:29.225634: | processing signal PLUTO_SIGCHLD Aug 26 13:10:29.225636: | waitpid returned ECHILD (no child processes left) Aug 26 13:10:29.225638: | spent 0.00235 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:10:29.256463: | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:29.256486: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:29.256489: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.256490: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:10:29.256492: | 55 f1 3f bd 0e 8f 43 e3 a0 3d 85 75 24 df 4f 7b Aug 26 13:10:29.256493: | 97 f7 30 f0 32 7f eb 35 7d 79 b0 e8 c6 38 1d 31 Aug 26 13:10:29.256495: | a4 e7 58 fc 50 ae 3c ef 9c 97 61 b4 33 8a ee 5c Aug 26 13:10:29.256496: | 74 71 7a 77 49 0a 51 22 03 8a 87 0e 17 6a 35 fb Aug 26 13:10:29.256498: | 84 e8 18 3f 7e 1e ae 76 01 59 cd 45 ff 49 0b 26 Aug 26 13:10:29.256499: | ac 5d 14 de c0 24 b9 02 7d 74 4f 33 4b 14 f2 0b Aug 26 13:10:29.256501: | 24 f6 b7 98 57 e9 c8 d4 c9 2c bb 96 98 1e 37 d5 Aug 26 13:10:29.256502: | 19 ed 37 ac 04 27 63 fe e5 c9 df 2c d3 7b f2 25 Aug 26 13:10:29.256504: | 80 8e 5c 28 8e 1c 00 62 f4 54 51 53 55 1c 8f 7b Aug 26 13:10:29.256505: | 59 d8 4c 8b 0b 2f 5b 18 48 3c 23 4e 99 05 59 ab Aug 26 13:10:29.256507: | 82 58 d1 25 f0 de df 0e ac 18 d7 4c 7a 02 e6 98 Aug 26 13:10:29.256508: | ae b0 2e b2 0d 86 f0 50 85 21 21 a0 fd 64 bf 42 Aug 26 13:10:29.256510: | c1 2a ff a0 22 bb 58 c6 86 6e 92 2f ac da 3b e4 Aug 26 13:10:29.256511: | 3a eb a9 9e 21 3a 42 82 96 76 b8 bd 1b 22 e6 f3 Aug 26 13:10:29.256513: | 45 d2 61 37 79 38 37 6a e2 8b 7e 6d 05 2c 45 ad Aug 26 13:10:29.256514: | ec 82 48 0a 74 e8 f8 14 30 36 2d 99 39 6c 0d 6e Aug 26 13:10:29.256516: | a0 0a 35 ef 66 4a 59 06 50 a2 62 3c b6 d5 3c 4c Aug 26 13:10:29.256517: | 7d 14 28 6c 7e 8b da 8d ab 38 50 94 11 7a e5 c9 Aug 26 13:10:29.256519: | b1 2a 9f 44 8d 7e ab de b8 e0 5b 6e 77 1d 2b 47 Aug 26 13:10:29.256520: | 43 14 b1 d9 a6 e5 e7 73 85 a4 48 27 f3 fe fa b3 Aug 26 13:10:29.256522: | 68 3e 47 95 e5 a0 ab bb fc 82 9a 34 75 e5 63 92 Aug 26 13:10:29.256523: | 04 73 77 0f 19 89 80 ac 43 e7 7e 70 a1 51 b9 47 Aug 26 13:10:29.256525: | f6 d9 ae 23 9a 92 d9 f4 c8 fb 9a f4 e1 93 b9 07 Aug 26 13:10:29.256526: | d0 ea f4 bb dd af 3e a8 c4 ad a7 7a e8 45 67 7d Aug 26 13:10:29.256528: | 6e bc 74 8e 75 fd 7f aa 48 54 21 fe 26 83 ef cc Aug 26 13:10:29.256529: | 56 d2 e7 07 6f 45 05 98 74 50 48 56 d2 a5 61 a3 Aug 26 13:10:29.256531: | ef 6f fe 18 c0 6c cd c8 42 3e 85 8b 34 30 9d 2b Aug 26 13:10:29.256532: | d2 b6 f4 52 3f 45 42 31 d7 5e 86 c1 b1 5c eb da Aug 26 13:10:29.256534: | 32 30 77 44 45 b3 2d d4 be ed 85 1c b5 b8 2d b0 Aug 26 13:10:29.256535: | d4 60 6b 3c c8 58 cc 61 45 94 27 98 80 27 22 0c Aug 26 13:10:29.256537: | 37 8f f7 eb 68 b8 2b 82 52 0b 96 98 58 88 96 b6 Aug 26 13:10:29.256538: | 05 8c 1e ab 2f ee 65 ba a5 0e ea 30 6d 21 42 d7 Aug 26 13:10:29.256540: | 10 78 76 a6 ab 08 50 4b 66 bf bf 37 2c 39 a6 d9 Aug 26 13:10:29.256541: | 22 91 67 4a 7d 67 e0 43 7d 53 07 ec 61 8b bb d7 Aug 26 13:10:29.256543: | 5c 4d 07 be 61 13 85 93 32 2d 9b a2 19 54 d1 92 Aug 26 13:10:29.256544: | 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.256547: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:29.256550: | **parse ISAKMP Message: Aug 26 13:10:29.256552: | initiator cookie: Aug 26 13:10:29.256553: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:29.256555: | responder cookie: Aug 26 13:10:29.256556: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.256558: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:29.256562: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:29.256564: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:10:29.256568: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:29.256570: | Message ID: 2 (0x2) Aug 26 13:10:29.256571: | length: 608 (0x260) Aug 26 13:10:29.256573: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:10:29.256576: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:10:29.256579: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:10:29.256583: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:29.256585: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:10:29.256588: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:10:29.256590: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:10:29.256593: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 Aug 26 13:10:29.256595: | unpacking clear payload Aug 26 13:10:29.256597: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Aug 26 13:10:29.256599: | ***parse IKEv2 Encryption Payload: Aug 26 13:10:29.256601: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:10:29.256602: | flags: none (0x0) Aug 26 13:10:29.256604: | length: 580 (0x244) Aug 26 13:10:29.256606: | processing payload: ISAKMP_NEXT_v2SK (len=576) Aug 26 13:10:29.256609: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Aug 26 13:10:29.256611: | #1 in state PARENT_R2: received v2I2, PARENT SA established Aug 26 13:10:29.256636: | data for hmac: 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.256639: | data for hmac: 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:10:29.256640: | data for hmac: 55 f1 3f bd 0e 8f 43 e3 a0 3d 85 75 24 df 4f 7b Aug 26 13:10:29.256642: | data for hmac: 97 f7 30 f0 32 7f eb 35 7d 79 b0 e8 c6 38 1d 31 Aug 26 13:10:29.256643: | data for hmac: a4 e7 58 fc 50 ae 3c ef 9c 97 61 b4 33 8a ee 5c Aug 26 13:10:29.256645: | data for hmac: 74 71 7a 77 49 0a 51 22 03 8a 87 0e 17 6a 35 fb Aug 26 13:10:29.256646: | data for hmac: 84 e8 18 3f 7e 1e ae 76 01 59 cd 45 ff 49 0b 26 Aug 26 13:10:29.256648: | data for hmac: ac 5d 14 de c0 24 b9 02 7d 74 4f 33 4b 14 f2 0b Aug 26 13:10:29.256649: | data for hmac: 24 f6 b7 98 57 e9 c8 d4 c9 2c bb 96 98 1e 37 d5 Aug 26 13:10:29.256651: | data for hmac: 19 ed 37 ac 04 27 63 fe e5 c9 df 2c d3 7b f2 25 Aug 26 13:10:29.256653: | data for hmac: 80 8e 5c 28 8e 1c 00 62 f4 54 51 53 55 1c 8f 7b Aug 26 13:10:29.256654: | data for hmac: 59 d8 4c 8b 0b 2f 5b 18 48 3c 23 4e 99 05 59 ab Aug 26 13:10:29.256656: | data for hmac: 82 58 d1 25 f0 de df 0e ac 18 d7 4c 7a 02 e6 98 Aug 26 13:10:29.256657: | data for hmac: ae b0 2e b2 0d 86 f0 50 85 21 21 a0 fd 64 bf 42 Aug 26 13:10:29.256659: | data for hmac: c1 2a ff a0 22 bb 58 c6 86 6e 92 2f ac da 3b e4 Aug 26 13:10:29.256660: | data for hmac: 3a eb a9 9e 21 3a 42 82 96 76 b8 bd 1b 22 e6 f3 Aug 26 13:10:29.256662: | data for hmac: 45 d2 61 37 79 38 37 6a e2 8b 7e 6d 05 2c 45 ad Aug 26 13:10:29.256663: | data for hmac: ec 82 48 0a 74 e8 f8 14 30 36 2d 99 39 6c 0d 6e Aug 26 13:10:29.256665: | data for hmac: a0 0a 35 ef 66 4a 59 06 50 a2 62 3c b6 d5 3c 4c Aug 26 13:10:29.256666: | data for hmac: 7d 14 28 6c 7e 8b da 8d ab 38 50 94 11 7a e5 c9 Aug 26 13:10:29.256668: | data for hmac: b1 2a 9f 44 8d 7e ab de b8 e0 5b 6e 77 1d 2b 47 Aug 26 13:10:29.256669: | data for hmac: 43 14 b1 d9 a6 e5 e7 73 85 a4 48 27 f3 fe fa b3 Aug 26 13:10:29.256671: | data for hmac: 68 3e 47 95 e5 a0 ab bb fc 82 9a 34 75 e5 63 92 Aug 26 13:10:29.256674: | data for hmac: 04 73 77 0f 19 89 80 ac 43 e7 7e 70 a1 51 b9 47 Aug 26 13:10:29.256675: | data for hmac: f6 d9 ae 23 9a 92 d9 f4 c8 fb 9a f4 e1 93 b9 07 Aug 26 13:10:29.256677: | data for hmac: d0 ea f4 bb dd af 3e a8 c4 ad a7 7a e8 45 67 7d Aug 26 13:10:29.256679: | data for hmac: 6e bc 74 8e 75 fd 7f aa 48 54 21 fe 26 83 ef cc Aug 26 13:10:29.256680: | data for hmac: 56 d2 e7 07 6f 45 05 98 74 50 48 56 d2 a5 61 a3 Aug 26 13:10:29.256682: | data for hmac: ef 6f fe 18 c0 6c cd c8 42 3e 85 8b 34 30 9d 2b Aug 26 13:10:29.256683: | data for hmac: d2 b6 f4 52 3f 45 42 31 d7 5e 86 c1 b1 5c eb da Aug 26 13:10:29.256685: | data for hmac: 32 30 77 44 45 b3 2d d4 be ed 85 1c b5 b8 2d b0 Aug 26 13:10:29.256686: | data for hmac: d4 60 6b 3c c8 58 cc 61 45 94 27 98 80 27 22 0c Aug 26 13:10:29.256688: | data for hmac: 37 8f f7 eb 68 b8 2b 82 52 0b 96 98 58 88 96 b6 Aug 26 13:10:29.256689: | data for hmac: 05 8c 1e ab 2f ee 65 ba a5 0e ea 30 6d 21 42 d7 Aug 26 13:10:29.256691: | data for hmac: 10 78 76 a6 ab 08 50 4b 66 bf bf 37 2c 39 a6 d9 Aug 26 13:10:29.256692: | data for hmac: 22 91 67 4a 7d 67 e0 43 7d 53 07 ec 61 8b bb d7 Aug 26 13:10:29.256694: | data for hmac: 5c 4d 07 be 61 13 85 93 32 2d 9b a2 19 54 d1 92 Aug 26 13:10:29.256696: | calculated auth: 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.256697: | provided auth: 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.256699: | authenticator matched Aug 26 13:10:29.256708: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Aug 26 13:10:29.256710: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:10:29.256712: | **parse IKEv2 Security Association Payload: Aug 26 13:10:29.256714: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:10:29.256716: | flags: none (0x0) Aug 26 13:10:29.256717: | length: 52 (0x34) Aug 26 13:10:29.256719: | processing payload: ISAKMP_NEXT_v2SA (len=48) Aug 26 13:10:29.256721: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:10:29.256722: | **parse IKEv2 Nonce Payload: Aug 26 13:10:29.256724: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:10:29.256725: | flags: none (0x0) Aug 26 13:10:29.256727: | length: 36 (0x24) Aug 26 13:10:29.256728: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:10:29.256730: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:10:29.256732: | **parse IKEv2 Key Exchange Payload: Aug 26 13:10:29.256734: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:10:29.256735: | flags: none (0x0) Aug 26 13:10:29.256737: | length: 392 (0x188) Aug 26 13:10:29.256738: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:29.256740: | processing payload: ISAKMP_NEXT_v2KE (len=384) Aug 26 13:10:29.256742: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:10:29.256743: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:10:29.256745: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:10:29.256747: | flags: none (0x0) Aug 26 13:10:29.256748: | length: 24 (0x18) Aug 26 13:10:29.256750: | number of TS: 1 (0x1) Aug 26 13:10:29.256751: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:10:29.256753: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:10:29.256755: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:10:29.256756: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:10:29.256758: | flags: none (0x0) Aug 26 13:10:29.256759: | length: 24 (0x18) Aug 26 13:10:29.256761: | number of TS: 1 (0x1) Aug 26 13:10:29.256763: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:10:29.256765: | state #1 forced to match CREATE_CHILD_SA from V2_CREATE_R->V2_IPSEC_R by ignoring from state Aug 26 13:10:29.256767: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:10:29.256771: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:10:29.256774: | creating state object #3 at 0x55ad88ade950 Aug 26 13:10:29.256777: | State DB: adding IKEv2 state #3 in UNDEFINED Aug 26 13:10:29.256784: | pstats #3 ikev2.child started Aug 26 13:10:29.256786: | duplicating state object #1 "north-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:10:29.256790: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:10:29.256797: | Message ID: init_child #1.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:10:29.256800: | child state #3: UNDEFINED(ignore) => V2_CREATE_R(established IKE SA) Aug 26 13:10:29.256803: | "north-eastnets/0x2" #1 received Child SA Request CREATE_CHILD_SA from 192.1.2.23:500 Child "north-eastnets/0x2" #3 in STATE_V2_CREATE_R will process it further Aug 26 13:10:29.256806: | Message ID: switch-from #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2->-1 Aug 26 13:10:29.256809: | Message ID: switch-to #1.#3 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1->2 Aug 26 13:10:29.256810: | forcing ST #1 to CHILD #1.#3 in FSM processor Aug 26 13:10:29.256812: | Now let's proceed with state specific processing Aug 26 13:10:29.256814: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Aug 26 13:10:29.256817: | create child proposal's DH changed from no-PFS to MODP2048, flushing Aug 26 13:10:29.256819: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Aug 26 13:10:29.256823: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Aug 26 13:10:29.256827: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:10:29.256830: "north-eastnets/0x2": constructed local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:10:29.256832: | Comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Aug 26 13:10:29.256835: | local proposal 1 type ENCR has 1 transforms Aug 26 13:10:29.256837: | local proposal 1 type PRF has 0 transforms Aug 26 13:10:29.256838: | local proposal 1 type INTEG has 1 transforms Aug 26 13:10:29.256840: | local proposal 1 type DH has 1 transforms Aug 26 13:10:29.256841: | local proposal 1 type ESN has 1 transforms Aug 26 13:10:29.256844: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Aug 26 13:10:29.256847: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:10:29.256850: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:10:29.256853: | length: 48 (0x30) Aug 26 13:10:29.256856: | prop #: 1 (0x1) Aug 26 13:10:29.256858: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:10:29.256873: | spi size: 4 (0x4) Aug 26 13:10:29.256876: | # transforms: 4 (0x4) Aug 26 13:10:29.256879: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:10:29.256882: | remote SPI e5 ad 0a 34 Aug 26 13:10:29.256885: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Aug 26 13:10:29.256888: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.256891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.256893: | length: 12 (0xc) Aug 26 13:10:29.256896: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:10:29.256898: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:10:29.256901: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:10:29.256904: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:10:29.256906: | length/value: 128 (0x80) Aug 26 13:10:29.256911: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:10:29.256913: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.256918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.256920: | length: 8 (0x8) Aug 26 13:10:29.256923: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:10:29.256925: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:10:29.256929: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Aug 26 13:10:29.256932: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.256934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:10:29.256936: | length: 8 (0x8) Aug 26 13:10:29.256939: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:10:29.256941: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:10:29.256945: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:10:29.256948: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:10:29.256950: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:10:29.256953: | length: 8 (0x8) Aug 26 13:10:29.256955: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:10:29.256958: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:10:29.256961: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:10:29.256965: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Aug 26 13:10:29.256970: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Aug 26 13:10:29.256973: | remote proposal 1 matches local proposal 1 Aug 26 13:10:29.256978: "north-eastnets/0x2" #1: proposal 1:ESP:SPI=e5ad0a34;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Aug 26 13:10:29.256984: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e5ad0a34;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED Aug 26 13:10:29.257001: | converting proposal to internal trans attrs Aug 26 13:10:29.257006: | updating #3's .st_oakley with preserved PRF, but why update? Aug 26 13:10:29.257010: | Child SA TS Request has child->sa == md->st; so using child connection Aug 26 13:10:29.257012: | TSi: parsing 1 traffic selectors Aug 26 13:10:29.257014: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:29.257016: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.257018: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.257019: | length: 16 (0x10) Aug 26 13:10:29.257021: | start port: 0 (0x0) Aug 26 13:10:29.257022: | end port: 65535 (0xffff) Aug 26 13:10:29.257024: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:29.257026: | TS low c0 00 16 00 Aug 26 13:10:29.257027: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:29.257029: | TS high c0 00 16 ff Aug 26 13:10:29.257031: | TSi: parsed 1 traffic selectors Aug 26 13:10:29.257032: | TSr: parsing 1 traffic selectors Aug 26 13:10:29.257034: | ***parse IKEv2 Traffic Selector: Aug 26 13:10:29.257035: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:10:29.257037: | IP Protocol ID: 0 (0x0) Aug 26 13:10:29.257038: | length: 16 (0x10) Aug 26 13:10:29.257040: | start port: 0 (0x0) Aug 26 13:10:29.257041: | end port: 65535 (0xffff) Aug 26 13:10:29.257043: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Aug 26 13:10:29.257045: | TS low c0 00 03 00 Aug 26 13:10:29.257046: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Aug 26 13:10:29.257048: | TS high c0 00 03 ff Aug 26 13:10:29.257049: | TSr: parsed 1 traffic selectors Aug 26 13:10:29.257051: | looking for best SPD in current connection Aug 26 13:10:29.257055: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.257058: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.257065: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:10:29.257067: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:29.257069: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:29.257071: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:29.257073: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.257076: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.257079: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:10:29.257081: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:29.257082: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:29.257084: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:29.257086: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.257088: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:29.257090: | found better spd route for TSi[0],TSr[0] Aug 26 13:10:29.257091: | looking for better host pair Aug 26 13:10:29.257094: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:10:29.257097: | checking hostpair 192.0.3.0/24 -> 192.0.22.0/24 is found Aug 26 13:10:29.257099: | investigating connection "north-eastnets/0x2" as a better match Aug 26 13:10:29.257102: | match_id a=@east Aug 26 13:10:29.257103: | b=@east Aug 26 13:10:29.257105: | results matched Aug 26 13:10:29.257108: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.257110: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.257113: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Aug 26 13:10:29.257115: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Aug 26 13:10:29.257117: | TSi[0] port match: YES fitness 65536 Aug 26 13:10:29.257119: | narrow protocol end=*0 == TSi[0]=*0: 0 Aug 26 13:10:29.257120: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.257123: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.257126: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Aug 26 13:10:29.257128: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Aug 26 13:10:29.257129: | TSr[0] port match: YES fitness 65536 Aug 26 13:10:29.257131: | narrow protocol end=*0 == TSr[0]=*0: 0 Aug 26 13:10:29.257133: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Aug 26 13:10:29.257134: | best fit so far: TSi[0] TSr[0] Aug 26 13:10:29.257136: | investigating connection "north-eastnets/0x1" as a better match Aug 26 13:10:29.257138: | match_id a=@east Aug 26 13:10:29.257139: | b=@east Aug 26 13:10:29.257141: | results matched Aug 26 13:10:29.257144: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0/0 R=192.0.3.0/24:0/0 to their: Aug 26 13:10:29.257146: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Aug 26 13:10:29.257149: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: NO Aug 26 13:10:29.257151: | did not find a better connection using host pair Aug 26 13:10:29.257153: | printing contents struct traffic_selector Aug 26 13:10:29.257154: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:29.257156: | ipprotoid: 0 Aug 26 13:10:29.257157: | port range: 0-65535 Aug 26 13:10:29.257160: | ip range: 192.0.3.0-192.0.3.255 Aug 26 13:10:29.257161: | printing contents struct traffic_selector Aug 26 13:10:29.257163: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Aug 26 13:10:29.257164: | ipprotoid: 0 Aug 26 13:10:29.257166: | port range: 0-65535 Aug 26 13:10:29.257170: | ip range: 192.0.22.0-192.0.22.255 Aug 26 13:10:29.257173: | adding Child Responder KE and nonce nr work-order 3 for state #3 Aug 26 13:10:29.257177: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ad88ae5c40 Aug 26 13:10:29.257181: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:10:29.257184: | libevent_malloc: new ptr-libevent@0x7f3934003060 size 128 Aug 26 13:10:29.257195: | #3 spent 0.377 milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in ikev2_process_state_packet() Aug 26 13:10:29.257200: | crypto helper 2 resuming Aug 26 13:10:29.257202: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:29.257213: | crypto helper 2 starting work-order 3 for state #3 Aug 26 13:10:29.257220: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:10:29.257222: | crypto helper 2 doing build KE and nonce (Child Responder KE and nonce nr); request ID 3 Aug 26 13:10:29.257227: | #3 complete_v2_state_transition() V2_CREATE_R->V2_IPSEC_R with status STF_SUSPEND Aug 26 13:10:29.257228: | crypto helper is pausing for 2 seconds Aug 26 13:10:29.257231: | suspending state #3 and saving MD Aug 26 13:10:29.257239: | #3 is busy; has a suspended MD Aug 26 13:10:29.257243: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:10:29.257247: | "north-eastnets/0x2" #3 complete v2 state STATE_V2_CREATE_R transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:10:29.257252: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:29.257257: | #1 spent 0.776 milliseconds in ikev2_process_packet() Aug 26 13:10:29.257261: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:29.257264: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:29.257267: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:29.257271: | spent 0.791 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:29.306726: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:29.306750: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:29.306754: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.306756: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:10:29.306757: | 55 f1 3f bd 0e 8f 43 e3 a0 3d 85 75 24 df 4f 7b Aug 26 13:10:29.306759: | 97 f7 30 f0 32 7f eb 35 7d 79 b0 e8 c6 38 1d 31 Aug 26 13:10:29.306760: | a4 e7 58 fc 50 ae 3c ef 9c 97 61 b4 33 8a ee 5c Aug 26 13:10:29.306762: | 74 71 7a 77 49 0a 51 22 03 8a 87 0e 17 6a 35 fb Aug 26 13:10:29.306763: | 84 e8 18 3f 7e 1e ae 76 01 59 cd 45 ff 49 0b 26 Aug 26 13:10:29.306764: | ac 5d 14 de c0 24 b9 02 7d 74 4f 33 4b 14 f2 0b Aug 26 13:10:29.306766: | 24 f6 b7 98 57 e9 c8 d4 c9 2c bb 96 98 1e 37 d5 Aug 26 13:10:29.306767: | 19 ed 37 ac 04 27 63 fe e5 c9 df 2c d3 7b f2 25 Aug 26 13:10:29.306769: | 80 8e 5c 28 8e 1c 00 62 f4 54 51 53 55 1c 8f 7b Aug 26 13:10:29.306770: | 59 d8 4c 8b 0b 2f 5b 18 48 3c 23 4e 99 05 59 ab Aug 26 13:10:29.306772: | 82 58 d1 25 f0 de df 0e ac 18 d7 4c 7a 02 e6 98 Aug 26 13:10:29.306773: | ae b0 2e b2 0d 86 f0 50 85 21 21 a0 fd 64 bf 42 Aug 26 13:10:29.306775: | c1 2a ff a0 22 bb 58 c6 86 6e 92 2f ac da 3b e4 Aug 26 13:10:29.306776: | 3a eb a9 9e 21 3a 42 82 96 76 b8 bd 1b 22 e6 f3 Aug 26 13:10:29.306777: | 45 d2 61 37 79 38 37 6a e2 8b 7e 6d 05 2c 45 ad Aug 26 13:10:29.306779: | ec 82 48 0a 74 e8 f8 14 30 36 2d 99 39 6c 0d 6e Aug 26 13:10:29.306780: | a0 0a 35 ef 66 4a 59 06 50 a2 62 3c b6 d5 3c 4c Aug 26 13:10:29.306782: | 7d 14 28 6c 7e 8b da 8d ab 38 50 94 11 7a e5 c9 Aug 26 13:10:29.306786: | b1 2a 9f 44 8d 7e ab de b8 e0 5b 6e 77 1d 2b 47 Aug 26 13:10:29.306787: | 43 14 b1 d9 a6 e5 e7 73 85 a4 48 27 f3 fe fa b3 Aug 26 13:10:29.306789: | 68 3e 47 95 e5 a0 ab bb fc 82 9a 34 75 e5 63 92 Aug 26 13:10:29.306790: | 04 73 77 0f 19 89 80 ac 43 e7 7e 70 a1 51 b9 47 Aug 26 13:10:29.306792: | f6 d9 ae 23 9a 92 d9 f4 c8 fb 9a f4 e1 93 b9 07 Aug 26 13:10:29.306793: | d0 ea f4 bb dd af 3e a8 c4 ad a7 7a e8 45 67 7d Aug 26 13:10:29.306794: | 6e bc 74 8e 75 fd 7f aa 48 54 21 fe 26 83 ef cc Aug 26 13:10:29.306796: | 56 d2 e7 07 6f 45 05 98 74 50 48 56 d2 a5 61 a3 Aug 26 13:10:29.306799: | ef 6f fe 18 c0 6c cd c8 42 3e 85 8b 34 30 9d 2b Aug 26 13:10:29.306801: | d2 b6 f4 52 3f 45 42 31 d7 5e 86 c1 b1 5c eb da Aug 26 13:10:29.306803: | 32 30 77 44 45 b3 2d d4 be ed 85 1c b5 b8 2d b0 Aug 26 13:10:29.306806: | d4 60 6b 3c c8 58 cc 61 45 94 27 98 80 27 22 0c Aug 26 13:10:29.306808: | 37 8f f7 eb 68 b8 2b 82 52 0b 96 98 58 88 96 b6 Aug 26 13:10:29.306810: | 05 8c 1e ab 2f ee 65 ba a5 0e ea 30 6d 21 42 d7 Aug 26 13:10:29.306813: | 10 78 76 a6 ab 08 50 4b 66 bf bf 37 2c 39 a6 d9 Aug 26 13:10:29.306815: | 22 91 67 4a 7d 67 e0 43 7d 53 07 ec 61 8b bb d7 Aug 26 13:10:29.306817: | 5c 4d 07 be 61 13 85 93 32 2d 9b a2 19 54 d1 92 Aug 26 13:10:29.306820: | 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.306825: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:29.306829: | **parse ISAKMP Message: Aug 26 13:10:29.306832: | initiator cookie: Aug 26 13:10:29.306835: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:29.306837: | responder cookie: Aug 26 13:10:29.306839: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.306842: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:29.306846: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:29.306848: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:10:29.306851: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:29.306854: | Message ID: 2 (0x2) Aug 26 13:10:29.306857: | length: 608 (0x260) Aug 26 13:10:29.306860: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:10:29.306864: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:10:29.306868: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:10:29.306875: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:29.306879: | State DB: found IKEv2 state #3 in V2_CREATE_R (find_v2_sa_by_responder_wip) Aug 26 13:10:29.306884: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.306889: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.306892: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:10:29.306896: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_CREATE_R Aug 26 13:10:29.306901: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:29.306907: | #1 spent 0.166 milliseconds in ikev2_process_packet() Aug 26 13:10:29.306911: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:29.306915: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:29.306918: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:29.306923: | spent 0.183 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:29.358257: | spent 0.00546 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:29.358301: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:29.358309: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.358317: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:10:29.358323: | 55 f1 3f bd 0e 8f 43 e3 a0 3d 85 75 24 df 4f 7b Aug 26 13:10:29.358326: | 97 f7 30 f0 32 7f eb 35 7d 79 b0 e8 c6 38 1d 31 Aug 26 13:10:29.358329: | a4 e7 58 fc 50 ae 3c ef 9c 97 61 b4 33 8a ee 5c Aug 26 13:10:29.358332: | 74 71 7a 77 49 0a 51 22 03 8a 87 0e 17 6a 35 fb Aug 26 13:10:29.358335: | 84 e8 18 3f 7e 1e ae 76 01 59 cd 45 ff 49 0b 26 Aug 26 13:10:29.358339: | ac 5d 14 de c0 24 b9 02 7d 74 4f 33 4b 14 f2 0b Aug 26 13:10:29.358342: | 24 f6 b7 98 57 e9 c8 d4 c9 2c bb 96 98 1e 37 d5 Aug 26 13:10:29.358345: | 19 ed 37 ac 04 27 63 fe e5 c9 df 2c d3 7b f2 25 Aug 26 13:10:29.358348: | 80 8e 5c 28 8e 1c 00 62 f4 54 51 53 55 1c 8f 7b Aug 26 13:10:29.358351: | 59 d8 4c 8b 0b 2f 5b 18 48 3c 23 4e 99 05 59 ab Aug 26 13:10:29.358354: | 82 58 d1 25 f0 de df 0e ac 18 d7 4c 7a 02 e6 98 Aug 26 13:10:29.358357: | ae b0 2e b2 0d 86 f0 50 85 21 21 a0 fd 64 bf 42 Aug 26 13:10:29.358360: | c1 2a ff a0 22 bb 58 c6 86 6e 92 2f ac da 3b e4 Aug 26 13:10:29.358363: | 3a eb a9 9e 21 3a 42 82 96 76 b8 bd 1b 22 e6 f3 Aug 26 13:10:29.358366: | 45 d2 61 37 79 38 37 6a e2 8b 7e 6d 05 2c 45 ad Aug 26 13:10:29.358369: | ec 82 48 0a 74 e8 f8 14 30 36 2d 99 39 6c 0d 6e Aug 26 13:10:29.358372: | a0 0a 35 ef 66 4a 59 06 50 a2 62 3c b6 d5 3c 4c Aug 26 13:10:29.358375: | 7d 14 28 6c 7e 8b da 8d ab 38 50 94 11 7a e5 c9 Aug 26 13:10:29.358378: | b1 2a 9f 44 8d 7e ab de b8 e0 5b 6e 77 1d 2b 47 Aug 26 13:10:29.358381: | 43 14 b1 d9 a6 e5 e7 73 85 a4 48 27 f3 fe fa b3 Aug 26 13:10:29.358385: | 68 3e 47 95 e5 a0 ab bb fc 82 9a 34 75 e5 63 92 Aug 26 13:10:29.358388: | 04 73 77 0f 19 89 80 ac 43 e7 7e 70 a1 51 b9 47 Aug 26 13:10:29.358391: | f6 d9 ae 23 9a 92 d9 f4 c8 fb 9a f4 e1 93 b9 07 Aug 26 13:10:29.358394: | d0 ea f4 bb dd af 3e a8 c4 ad a7 7a e8 45 67 7d Aug 26 13:10:29.358397: | 6e bc 74 8e 75 fd 7f aa 48 54 21 fe 26 83 ef cc Aug 26 13:10:29.358400: | 56 d2 e7 07 6f 45 05 98 74 50 48 56 d2 a5 61 a3 Aug 26 13:10:29.358403: | ef 6f fe 18 c0 6c cd c8 42 3e 85 8b 34 30 9d 2b Aug 26 13:10:29.358406: | d2 b6 f4 52 3f 45 42 31 d7 5e 86 c1 b1 5c eb da Aug 26 13:10:29.358409: | 32 30 77 44 45 b3 2d d4 be ed 85 1c b5 b8 2d b0 Aug 26 13:10:29.358412: | d4 60 6b 3c c8 58 cc 61 45 94 27 98 80 27 22 0c Aug 26 13:10:29.358415: | 37 8f f7 eb 68 b8 2b 82 52 0b 96 98 58 88 96 b6 Aug 26 13:10:29.358418: | 05 8c 1e ab 2f ee 65 ba a5 0e ea 30 6d 21 42 d7 Aug 26 13:10:29.358421: | 10 78 76 a6 ab 08 50 4b 66 bf bf 37 2c 39 a6 d9 Aug 26 13:10:29.358424: | 22 91 67 4a 7d 67 e0 43 7d 53 07 ec 61 8b bb d7 Aug 26 13:10:29.358427: | 5c 4d 07 be 61 13 85 93 32 2d 9b a2 19 54 d1 92 Aug 26 13:10:29.358431: | 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.358437: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:29.358442: | **parse ISAKMP Message: Aug 26 13:10:29.358446: | initiator cookie: Aug 26 13:10:29.358449: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:29.358453: | responder cookie: Aug 26 13:10:29.358456: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.358460: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:29.358463: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:29.358467: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:10:29.358471: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:29.358474: | Message ID: 2 (0x2) Aug 26 13:10:29.358477: | length: 608 (0x260) Aug 26 13:10:29.358482: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:10:29.358486: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:10:29.358492: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:10:29.358501: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:29.358508: | State DB: found IKEv2 state #3 in V2_CREATE_R (find_v2_sa_by_responder_wip) Aug 26 13:10:29.358514: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.358520: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.358524: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:10:29.358528: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_CREATE_R Aug 26 13:10:29.358534: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:29.358541: | #1 spent 0.257 milliseconds in ikev2_process_packet() Aug 26 13:10:29.358546: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:29.358551: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:29.358555: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:29.358560: | spent 0.277 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:10:29.459511: | spent 0.0106 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:10:29.459602: | *received 608 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:10:29.459621: | 8b 87 d7 26 c3 30 6b 14 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.459635: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Aug 26 13:10:29.459649: | 55 f1 3f bd 0e 8f 43 e3 a0 3d 85 75 24 df 4f 7b Aug 26 13:10:29.459657: | 97 f7 30 f0 32 7f eb 35 7d 79 b0 e8 c6 38 1d 31 Aug 26 13:10:29.459665: | a4 e7 58 fc 50 ae 3c ef 9c 97 61 b4 33 8a ee 5c Aug 26 13:10:29.459672: | 74 71 7a 77 49 0a 51 22 03 8a 87 0e 17 6a 35 fb Aug 26 13:10:29.459679: | 84 e8 18 3f 7e 1e ae 76 01 59 cd 45 ff 49 0b 26 Aug 26 13:10:29.459687: | ac 5d 14 de c0 24 b9 02 7d 74 4f 33 4b 14 f2 0b Aug 26 13:10:29.459695: | 24 f6 b7 98 57 e9 c8 d4 c9 2c bb 96 98 1e 37 d5 Aug 26 13:10:29.459703: | 19 ed 37 ac 04 27 63 fe e5 c9 df 2c d3 7b f2 25 Aug 26 13:10:29.459710: | 80 8e 5c 28 8e 1c 00 62 f4 54 51 53 55 1c 8f 7b Aug 26 13:10:29.459718: | 59 d8 4c 8b 0b 2f 5b 18 48 3c 23 4e 99 05 59 ab Aug 26 13:10:29.459726: | 82 58 d1 25 f0 de df 0e ac 18 d7 4c 7a 02 e6 98 Aug 26 13:10:29.459733: | ae b0 2e b2 0d 86 f0 50 85 21 21 a0 fd 64 bf 42 Aug 26 13:10:29.459741: | c1 2a ff a0 22 bb 58 c6 86 6e 92 2f ac da 3b e4 Aug 26 13:10:29.459749: | 3a eb a9 9e 21 3a 42 82 96 76 b8 bd 1b 22 e6 f3 Aug 26 13:10:29.459757: | 45 d2 61 37 79 38 37 6a e2 8b 7e 6d 05 2c 45 ad Aug 26 13:10:29.459765: | ec 82 48 0a 74 e8 f8 14 30 36 2d 99 39 6c 0d 6e Aug 26 13:10:29.459772: | a0 0a 35 ef 66 4a 59 06 50 a2 62 3c b6 d5 3c 4c Aug 26 13:10:29.459779: | 7d 14 28 6c 7e 8b da 8d ab 38 50 94 11 7a e5 c9 Aug 26 13:10:29.459786: | b1 2a 9f 44 8d 7e ab de b8 e0 5b 6e 77 1d 2b 47 Aug 26 13:10:29.459794: | 43 14 b1 d9 a6 e5 e7 73 85 a4 48 27 f3 fe fa b3 Aug 26 13:10:29.459801: | 68 3e 47 95 e5 a0 ab bb fc 82 9a 34 75 e5 63 92 Aug 26 13:10:29.459808: | 04 73 77 0f 19 89 80 ac 43 e7 7e 70 a1 51 b9 47 Aug 26 13:10:29.459815: | f6 d9 ae 23 9a 92 d9 f4 c8 fb 9a f4 e1 93 b9 07 Aug 26 13:10:29.459823: | d0 ea f4 bb dd af 3e a8 c4 ad a7 7a e8 45 67 7d Aug 26 13:10:29.459830: | 6e bc 74 8e 75 fd 7f aa 48 54 21 fe 26 83 ef cc Aug 26 13:10:29.459837: | 56 d2 e7 07 6f 45 05 98 74 50 48 56 d2 a5 61 a3 Aug 26 13:10:29.459844: | ef 6f fe 18 c0 6c cd c8 42 3e 85 8b 34 30 9d 2b Aug 26 13:10:29.459852: | d2 b6 f4 52 3f 45 42 31 d7 5e 86 c1 b1 5c eb da Aug 26 13:10:29.459859: | 32 30 77 44 45 b3 2d d4 be ed 85 1c b5 b8 2d b0 Aug 26 13:10:29.459866: | d4 60 6b 3c c8 58 cc 61 45 94 27 98 80 27 22 0c Aug 26 13:10:29.459873: | 37 8f f7 eb 68 b8 2b 82 52 0b 96 98 58 88 96 b6 Aug 26 13:10:29.459881: | 05 8c 1e ab 2f ee 65 ba a5 0e ea 30 6d 21 42 d7 Aug 26 13:10:29.459899: | 10 78 76 a6 ab 08 50 4b 66 bf bf 37 2c 39 a6 d9 Aug 26 13:10:29.459907: | 22 91 67 4a 7d 67 e0 43 7d 53 07 ec 61 8b bb d7 Aug 26 13:10:29.459914: | 5c 4d 07 be 61 13 85 93 32 2d 9b a2 19 54 d1 92 Aug 26 13:10:29.459921: | 52 95 e0 a9 ef dd 2f df 7b 20 d2 78 d8 4a e6 ef Aug 26 13:10:29.459936: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:10:29.459948: | **parse ISAKMP Message: Aug 26 13:10:29.459958: | initiator cookie: Aug 26 13:10:29.459965: | 8b 87 d7 26 c3 30 6b 14 Aug 26 13:10:29.459973: | responder cookie: Aug 26 13:10:29.459980: | 26 f7 28 5a f4 b9 c7 d8 Aug 26 13:10:29.459989: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:10:29.459998: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:10:29.460006: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Aug 26 13:10:29.460015: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:10:29.460023: | Message ID: 2 (0x2) Aug 26 13:10:29.460031: | length: 608 (0x260) Aug 26 13:10:29.460041: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Aug 26 13:10:29.460051: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Aug 26 13:10:29.460064: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) Aug 26 13:10:29.460085: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:10:29.460096: | State DB: found IKEv2 state #3 in V2_CREATE_R (find_v2_sa_by_responder_wip) Aug 26 13:10:29.460109: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.460122: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:10:29.460133: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Aug 26 13:10:29.460143: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_CREATE_R Aug 26 13:10:29.460157: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:10:29.460174: | #1 spent 0.612 milliseconds in ikev2_process_packet() Aug 26 13:10:29.460186: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:10:29.460197: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:10:29.460206: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:10:29.460219: | spent 0.66 milliseconds in comm_handle_cb() reading and processing packet